- Original path:
profiles/composite/full-scan.toml
# Full Scan Profile
# Complete security scan combining all base profiles
includes = [
"../base/credentials.toml",
"../base/malware.toml",
"../base/web.toml",
"../base/compliance.toml",
"../base/crypto.toml",
"../base/network.toml"
]
# Maximum file size for comprehensive scanning (100MB)
max-file-size = 104857600
[[signatures]]
name = "High Risk Files"
query = "SELECT DISTINCT sha256 FROM pattern_matches WHERE pattern_name IN ('AWS Access Key', 'Private Key Header', 'Reverse Shell Command', 'SQL Injection Pattern', 'Command Injection') OR pattern_name LIKE 'PowerShell%'"
[[signatures]]
name = "Files Requiring Manual Review"
query = "SELECT sha256, COUNT(DISTINCT pattern_name) as total_matches FROM pattern_matches GROUP BY sha256 HAVING total_matches > 10"