Disregard Document Position in File

[mthbrown]

Hi,

Is there any option to tell it to treat the same document in two different files as identical, even if it is positioned differently in the two files? For example, I have rules.yaml that looks like this:

# cat /tmp/rules.yaml
- macro: never_true
  condition: (evt.num=0)

- macro: always_true
  condition: (evt.num>=0)

- macro: spawned_process
  condition: evt.type in (execve, execveat) and evt.dir=<

- rule: ls run
  desc: ls run
  condition: spawned_process and proc.name=ls
  output: ls run
  priority: INFO
  tags: [process]

while also having rules2.yaml that is the same but one of the documents is located in a different location:

# cat /tmp/rules2.yaml
- macro: never_true
  condition: (evt.num=0)

- macro: always_true
  condition: (evt.num>=0)

- rule: ls run
  desc: ls run
  condition: spawned_process and proc.name=ls
  output: ls run
  priority: INFO
  tags: [process]

- macro: spawned_process
  condition: evt.type in (execve, execveat) and evt.dir=<

When running graphtage, it shows the following:

$ graphtage /tmp/rules.yaml /tmp/rules2.yaml

- condition: (evt.num=0)
  macro: never_true
- condition: (evt.num>=0)
  macro: always_true
- c̶o̶n̶d̶i̶t̶i̶o̶n̶:̶ ̶e̶v̶t̶.̶t̶y̶p̶e̶ ̶i̶n̶ ̶(̶e̶x̶e̶c̶v̶e̶,̶ ̶e̶x̶e̶c̶v̶e̶a̶t̶)̶ ̶a̶n̶d̶ ̶e̶v̶t̶.̶d̶i̶r̶=̶<̶
  m̶a̶c̶r̶o̶:̶ ̶s̶p̶a̶w̶n̶e̶d̶_̶p̶r̶o̶c̶e̶s̶s̶
- condition: spawned_process and proc.name=ls
  desc: ls run
  output: ls run
  priority: INFO
  rule: ls run
  tags:
  - process
- c̟o̟n̟d̟i̟t̟i̟o̟n̟:̟ ̟e̟v̟t̟.̟t̟y̟p̟e̟ ̟i̟n̟ ̟(̟e̟x̟e̟c̟v̟e̟,̟ ̟e̟x̟e̟c̟v̟e̟a̟t̟)̟ ̟a̟n̟d̟ ̟e̟v̟t̟.̟d̟i̟r̟=̟<̟
  m̟a̟c̟r̟o̟:̟ ̟s̟p̟a̟w̟n̟e̟d̟_̟p̟r̟o̟c̟e̟s̟s̟

which tells me that they are different. Is there a way to tell it to ignore these types of differences (in this case, it would tell me the two files are identical)? Thanks