---
- "documentation":
  - "./**/*.md"
- "schema":
  - "detection_rules/beats.py"
  - "detection_rules/etc/beats_schemas/**/*"
  - "detection_rules/ecs.py"
  - "detection_rules/etc/ecs_schemas/**/*"
  - "detection_rules/etc/api_schemas/**/*"
  - "detection_rules/schemas/**/*"
- "python":
  - "detection_rules/**/*.py"
  - "kibana/**/*.py"
  - "kql/**/*.py"
- "Hunting":
  - "hunting/**/*"

# rules
- "bbr":
  - "rules_building_block/*.toml"
- "Domain: Cloud":
  - "rules/integrations/aws/**/*.toml"
  - "rules/integrations/azure/**/*.toml"
  - "rules/integrations/cyberarkpas/**/*.toml"
  - "rules/integrations/gcp/**/*.toml"
  - "rules/integrations/google_workspace/**/*.toml"
  - "rules/integrations/o365/**/*.toml"
  - "rules/integrations/okta/**/*.toml"
- "Domain: Endpoint":
  - "rules/windows/**/*.toml"
  - "rules/linux/**/*.toml"
  - "rules/macos/**/*.toml"
- "ML":
  - "rules/ml/**/*.toml"
  - "rules/**/ml_*.toml"
- "OS: Linux":
  - "rules/linux/**/*.toml"
- "OS: macOS":
  - "rules/macos/**/*.toml"
- "OS: Windows":
  - "rules/windows/**/*.toml"
- "Integration: AWS":
  - "rules/integrations/aws/**/*.toml"
- "Integration: Azure":
  - "rules/integrations/azure/**/*.toml"
- "Integration: Crowdstrike":
  - "rules/integrations/crowdstrike/**/*.toml"
- "Integration: CyberArkPas":
  - "rules/integrations/cyberarkpas/**/*.toml"
- "Integration: Endpoint":
  - "rules/integrations/endpoint/**/*.toml"
- "Integration: GCP":
  - "rules/integrations/gcp/**/*.toml"
- "Integration: Google Workspace":
  - "rules/integrations/google_workspace/**/*.toml"
- "Integration: Microsoft 365":
  - "rules/integrations/o365/**/*.toml"
- "Integration: Okta":
  - "rules/integrations/okta/**/*.toml"
- "Rule: Deprecation":
  - "rules/_deprecated/**/*"