diff --git a/packages/osquery/kibana/visualization/osquery-2d6e0760-f4ab-11e7-8647-534bb4c21040.json b/packages/osquery/kibana/visualization/osquery-2d6e0760-f4ab-11e7-8647-534bb4c21040.json index 2290861736e..83aafe6b8ae 100644 --- a/packages/osquery/kibana/visualization/osquery-2d6e0760-f4ab-11e7-8647-534bb4c21040.json +++ b/packages/osquery/kibana/visualization/osquery-2d6e0760-f4ab-11e7-8647-534bb4c21040.json @@ -11,7 +11,7 @@ "aggs": [], "params": { "fontSize": 10, - "markdown": "[Compilance](#/dashboard/osquery-69f5ae20-eb02-11e7-8f04-51231daa5b05) | [OSSEC Rootkit](#/dashboard/osquery-c0a7ce90-f4aa-11e7-8647-534bb4c21040)" + "markdown": "[Compliance](#/dashboard/osquery-69f5ae20-eb02-11e7-8f04-51231daa5b05) | [OSSEC Rootkit](#/dashboard/osquery-c0a7ce90-f4aa-11e7-8647-534bb4c21040)" }, "title": "Navigation [Logs Osquery]", "type": "markdown" diff --git a/packages/osquery_manager/changelog.yml b/packages/osquery_manager/changelog.yml index 952eea523a9..4a4a03547fa 100644 --- a/packages/osquery_manager/changelog.yml +++ b/packages/osquery_manager/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.3.0" + changes: + - description: Add prebuilt saved queries + type: enhancement + link: https://github.com/elastic/integrations/pull/2998 - version: "1.2.1" changes: - description: Update readme to remove exported fields diff --git a/packages/osquery_manager/kibana/osquery_saved_query/osquery_manager-0796f890-b4a9-11ec-8f39-bf9c07530bbb.json b/packages/osquery_manager/kibana/osquery_saved_query/osquery_manager-0796f890-b4a9-11ec-8f39-bf9c07530bbb.json new file mode 100644 index 00000000000..0c476e56eb9 --- /dev/null +++ b/packages/osquery_manager/kibana/osquery_saved_query/osquery_manager-0796f890-b4a9-11ec-8f39-bf9c07530bbb.json @@ -0,0 +1,45 @@ +{ + "attributes": { + "created_at": "2022-04-05T06:24:21.145Z", + "created_by": "elastic", + "description": "Get all current network connections.", + "ecs_mapping": [ + { + "key": "client.port", + "value": { + "field": "port" + } + }, + { + "key": "network.iana_number", + "value": { + "field": "protocol" + } + }, + { + "key": "network.type", + "value": { + "field": "family" + } + }, + { + "key": "client.address", + "value": { + "field": "address" + } + } + ], + "id": "listening_ports", + "interval": "3600", + "query": "SELECT * FROM listening_ports;", + "updated_at": "2022-04-05T06:24:21.145Z", + "updated_by": "elastic", + "version": "1" + }, + "coreMigrationVersion": "8.3.0", + "id": "osquery_manager-0796f890-b4a9-11ec-8f39-bf9c07530bbb", + "references": [], + "type": "osquery-saved-query", + "updated_at": "2022-04-05T06:24:21.147Z", + "version": "Wzc0OSwxXQ==" +} \ No newline at end of file diff --git a/packages/osquery_manager/kibana/osquery_saved_query/osquery_manager-128b90b0-b4a6-11ec-8f39-bf9c07530bbb.json b/packages/osquery_manager/kibana/osquery_saved_query/osquery_manager-128b90b0-b4a6-11ec-8f39-bf9c07530bbb.json new file mode 100644 index 00000000000..08e84c38fa4 --- /dev/null +++ b/packages/osquery_manager/kibana/osquery_saved_query/osquery_manager-128b90b0-b4a6-11ec-8f39-bf9c07530bbb.json @@ -0,0 +1,70 @@ +{ + "attributes": { + "created_at": "2022-04-05T06:03:11.035Z", + "created_by": "elastic", + "description": "Recursively get info about all files within the specified path. Edit the path to narrow down the search.", + "ecs_mapping": [ + { + "key": "file.directory", + "value": { + "field": "directory" + } + }, + { + "key": "file.name", + "value": { + "field": "filename" + } + }, + { + "key": "file.inode", + "value": { + "field": "inode" + } + }, + { + "key": "file.uid", + "value": { + "field": "uid" + } + }, + { + "key": "file.gid", + "value": { + "field": "gid" + } + }, + { + "key": "file.mode", + "value": { + "field": "mode" + } + }, + { + "key": "file.size", + "value": { + "field": "size" + } + }, + { + "key": "file.type", + "value": { + "field": "type" + } + } + ], + "id": "file_info", + "interval": "3600", + "platform": "windows", + "query": "SELECT * FROM file WHERE path LIKE \"/%%\"", + "updated_at": "2022-04-05T06:03:11.035Z", + "updated_by": "elastic", + "version": "1" + }, + "coreMigrationVersion": "8.3.0", + "id": "osquery_manager-128b90b0-b4a6-11ec-8f39-bf9c07530bbb", + "references": [], + "type": "osquery-saved-query", + "updated_at": "2022-04-05T06:03:11.036Z", + "version": "WzczNiwxXQ==" +} \ No newline at end of file diff --git a/packages/osquery_manager/kibana/osquery_saved_query/osquery_manager-239dce60-b4a9-11ec-8f39-bf9c07530bbb.json b/packages/osquery_manager/kibana/osquery_saved_query/osquery_manager-239dce60-b4a9-11ec-8f39-bf9c07530bbb.json new file mode 100644 index 00000000000..baca194a97e --- /dev/null +++ b/packages/osquery_manager/kibana/osquery_saved_query/osquery_manager-239dce60-b4a9-11ec-8f39-bf9c07530bbb.json @@ -0,0 +1,34 @@ +{ + "attributes": { + "created_at": "2022-04-05T06:25:08.166Z", + "created_by": "elastic", + "description": "Get applications and executables configured to launch when a system reboots on Windows.", + "ecs_mapping": [ + { + "key": "file.path", + "value": { + "field": "path" + } + }, + { + "key": "file.name", + "value": { + "field": "name" + } + } + ], + "id": "persisted_apps_executables_windows", + "interval": "3600", + "platform": "windows", + "query": "SELECT * FROM autoexec, startup_items;", + "updated_at": "2022-04-05T06:25:08.166Z", + "updated_by": "elastic", + "version": "1" + }, + "coreMigrationVersion": "8.3.0", + "id": "osquery_manager-239dce60-b4a9-11ec-8f39-bf9c07530bbb", + "references": [], + "type": "osquery-saved-query", + "updated_at": "2022-04-05T06:25:08.167Z", + "version": "Wzc1MCwxXQ==" +} \ No newline at end of file diff --git a/packages/osquery_manager/kibana/osquery_saved_query/osquery_manager-2de24900-b4a9-11ec-8f39-bf9c07530bbb.json b/packages/osquery_manager/kibana/osquery_saved_query/osquery_manager-2de24900-b4a9-11ec-8f39-bf9c07530bbb.json new file mode 100644 index 00000000000..b7680107ac3 --- /dev/null +++ b/packages/osquery_manager/kibana/osquery_saved_query/osquery_manager-2de24900-b4a9-11ec-8f39-bf9c07530bbb.json @@ -0,0 +1,51 @@ +{ + "attributes": { + "created_at": "2022-04-05T06:25:25.392Z", + "created_by": "elastic", + "description": "Get applications configured to launch when a system reboots.", + "ecs_mapping": [ + { + "key": "file.name", + "value": { + "field": "name" + } + }, + { + "key": "file.path", + "value": { + "field": "path" + } + }, + { + "key": "process.args", + "value": { + "field": "args" + } + }, + { + "key": "file.directory", + "value": { + "field": "source" + } + }, + { + "key": "user.name", + "value": { + "field": "username" + } + } + ], + "id": "persisted_apps", + "interval": "3600", + "query": "SELECT * FROM startup_items;", + "updated_at": "2022-04-05T06:25:25.392Z", + "updated_by": "elastic", + "version": "1" + }, + "coreMigrationVersion": "8.3.0", + "id": "osquery_manager-2de24900-b4a9-11ec-8f39-bf9c07530bbb", + "references": [], + "type": "osquery-saved-query", + "updated_at": "2022-04-05T06:25:25.395Z", + "version": "Wzc1MSwxXQ==" +} \ No newline at end of file diff --git a/packages/osquery_manager/kibana/osquery_saved_query/osquery_manager-363d6a30-b4a9-11ec-8f39-bf9c07530bbb.json b/packages/osquery_manager/kibana/osquery_saved_query/osquery_manager-363d6a30-b4a9-11ec-8f39-bf9c07530bbb.json new file mode 100644 index 00000000000..3be19ec6898 --- /dev/null +++ b/packages/osquery_manager/kibana/osquery_saved_query/osquery_manager-363d6a30-b4a9-11ec-8f39-bf9c07530bbb.json @@ -0,0 +1,87 @@ +{ + "attributes": { + "created_at": "2022-04-05T06:25:39.411Z", + "created_by": "elastic", + "description": "Get all running processes.", + "ecs_mapping": [ + { + "key": "process.pid", + "value": { + "field": "pid" + } + }, + { + "key": "process.name", + "value": { + "field": "name" + } + }, + { + "key": "process.executable", + "value": { + "field": "path" + } + }, + { + "key": "process.args", + "value": { + "field": "cmdline" + } + }, + { + "key": "process.working_directory", + "value": { + "field": "cwd" + } + }, + { + "key": "user.id", + "value": { + "field": "uid" + } + }, + { + "key": "group.id", + "value": { + "field": "gid" + } + }, + { + "key": "process.start", + "value": { + "field": "start_time" + } + }, + { + "key": "process.parent.pid", + "value": { + "field": "parent" + } + }, + { + "key": "process.pgid", + "value": { + "field": "pgroup" + } + }, + { + "key": "process.uptime", + "value": { + "field": "elapsed_time" + } + } + ], + "id": "processes", + "interval": "3600", + "query": "SELECT * FROM processes;", + "updated_at": "2022-04-05T06:25:39.411Z", + "updated_by": "elastic", + "version": "1" + }, + "coreMigrationVersion": "8.3.0", + "id": "osquery_manager-363d6a30-b4a9-11ec-8f39-bf9c07530bbb", + "references": [], + "type": "osquery-saved-query", + "updated_at": "2022-04-05T06:25:39.412Z", + "version": "Wzc1MiwxXQ==" +} \ No newline at end of file diff --git a/packages/osquery_manager/kibana/osquery_saved_query/osquery_manager-5c144ac0-b4a5-11ec-8f39-bf9c07530bbb.json b/packages/osquery_manager/kibana/osquery_saved_query/osquery_manager-5c144ac0-b4a5-11ec-8f39-bf9c07530bbb.json new file mode 100644 index 00000000000..41c392f8156 --- /dev/null +++ b/packages/osquery_manager/kibana/osquery_saved_query/osquery_manager-5c144ac0-b4a5-11ec-8f39-bf9c07530bbb.json @@ -0,0 +1,40 @@ +{ + "attributes": { + "created_at": "2022-04-05T05:58:04.908Z", + "created_by": "elastic", + "description": "Get all installed applications on MacOS.", + "ecs_mapping": [ + { + "key": "package.name", + "value": { + "field": "name" + } + }, + { + "key": "package.path", + "value": { + "field": "path" + } + }, + { + "key": "file.accessed", + "value": { + "field": "last_opened_time" + } + } + ], + "id": "applications_mac", + "interval": 3600, + "platform": "darwin", + "query": "SELECT * FROM apps;", + "updated_at": "2022-04-05T05:59:52.293Z", + "updated_by": "elastic", + "version": "1" + }, + "coreMigrationVersion": "8.3.0", + "id": "osquery_manager-5c144ac0-b4a5-11ec-8f39-bf9c07530bbb", + "references": [], + "type": "osquery-saved-query", + "updated_at": "2022-04-05T05:59:52.297Z", + "version": "WzcyMiwxXQ==" +} \ No newline at end of file diff --git a/packages/osquery_manager/kibana/osquery_saved_query/osquery_manager-6fc00190-b4b4-11ec-8f39-bf9c07530bbb.json b/packages/osquery_manager/kibana/osquery_saved_query/osquery_manager-6fc00190-b4b4-11ec-8f39-bf9c07530bbb.json new file mode 100644 index 00000000000..5b7b5bd846e --- /dev/null +++ b/packages/osquery_manager/kibana/osquery_saved_query/osquery_manager-6fc00190-b4b4-11ec-8f39-bf9c07530bbb.json @@ -0,0 +1,52 @@ +{ + "attributes": { + "created_at": "2022-04-05T07:46:00.361Z", + "created_by": "elastic", + "description": "Recursively get the full paths to Windows registry hives for the specified keys. Edit the key pattern to adjust your search.", + "ecs_mapping": [ + { + "key": "registry.key", + "value": { + "field": "key" + } + }, + { + "key": "registry.path", + "value": { + "field": "path" + } + }, + { + "key": "registry.hive", + "value": { + "field": "name" + } + }, + { + "key": "registry.data.type", + "value": { + "field": "type" + } + }, + { + "key": "registry.value", + "value": { + "field": "data" + } + } + ], + "id": "registry_windows", + "interval": "3600", + "platform": "windows", + "query": "SELECT path FROM registry where key like 'HKEY_USERS\\\\.Default\\\\Software\\\\%%;'", + "updated_at": "2022-04-05T07:46:00.361Z", + "updated_by": "elastic", + "version": "1" + }, + "coreMigrationVersion": "8.3.0", + "id": "osquery_manager-6fc00190-b4b4-11ec-8f39-bf9c07530bbb", + "references": [], + "type": "osquery-saved-query", + "updated_at": "2022-04-05T07:46:00.362Z", + "version": "Wzc1OSwxXQ==" +} \ No newline at end of file diff --git a/packages/osquery_manager/kibana/osquery_saved_query/osquery_manager-7ee71870-b4b4-11ec-8f39-bf9c07530bbb.json b/packages/osquery_manager/kibana/osquery_saved_query/osquery_manager-7ee71870-b4b4-11ec-8f39-bf9c07530bbb.json new file mode 100644 index 00000000000..1c698acf17b --- /dev/null +++ b/packages/osquery_manager/kibana/osquery_saved_query/osquery_manager-7ee71870-b4b4-11ec-8f39-bf9c07530bbb.json @@ -0,0 +1,21 @@ +{ + "attributes": { + "created_at": "2022-04-05T07:46:25.783Z", + "created_by": "elastic", + "description": "Get a list of devices plugged into a USB port (e.g., flash drives, portable hard drives, etc.) on MacOS or Linux systems.", + "ecs_mapping": [], + "id": "usb_devices_mac_or_linux", + "interval": "3600", + "platform": "windows", + "query": "SELECT * FROM usb_devices;", + "updated_at": "2022-04-05T07:46:25.783Z", + "updated_by": "elastic", + "version": "1" + }, + "coreMigrationVersion": "8.3.0", + "id": "osquery_manager-7ee71870-b4b4-11ec-8f39-bf9c07530bbb", + "references": [], + "type": "osquery-saved-query", + "updated_at": "2022-04-05T07:46:25.784Z", + "version": "Wzc2MCwxXQ==" +} \ No newline at end of file diff --git a/packages/osquery_manager/kibana/osquery_saved_query/osquery_manager-9b9b4540-b4b4-11ec-8f39-bf9c07530bbb.json b/packages/osquery_manager/kibana/osquery_saved_query/osquery_manager-9b9b4540-b4b4-11ec-8f39-bf9c07530bbb.json new file mode 100644 index 00000000000..cd22f5a37bd --- /dev/null +++ b/packages/osquery_manager/kibana/osquery_saved_query/osquery_manager-9b9b4540-b4b4-11ec-8f39-bf9c07530bbb.json @@ -0,0 +1,27 @@ +{ + "attributes": { + "created_at": "2022-04-05T07:47:13.940Z", + "created_by": "elastic", + "description": "Get operating system and configuration information, such as hostnames, system architecture, and memory usage.", + "ecs_mapping": [ + { + "key": "host.name", + "value": { + "field": "computer_name" + } + } + ], + "id": "system_configuration", + "interval": 3600, + "query": "SELECT * FROM os_version, system_info;", + "updated_at": "2022-04-05T07:48:21.638Z", + "updated_by": "elastic", + "version": "1" + }, + "coreMigrationVersion": "8.3.0", + "id": "osquery_manager-9b9b4540-b4b4-11ec-8f39-bf9c07530bbb", + "references": [], + "type": "osquery-saved-query", + "updated_at": "2022-04-05T07:48:21.642Z", + "version": "Wzc2OSwxXQ==" +} \ No newline at end of file diff --git a/packages/osquery_manager/kibana/osquery_saved_query/osquery_manager-a8870ff0-b4a5-11ec-8f39-bf9c07530bbb.json b/packages/osquery_manager/kibana/osquery_saved_query/osquery_manager-a8870ff0-b4a5-11ec-8f39-bf9c07530bbb.json new file mode 100644 index 00000000000..26fddc0a411 --- /dev/null +++ b/packages/osquery_manager/kibana/osquery_saved_query/osquery_manager-a8870ff0-b4a5-11ec-8f39-bf9c07530bbb.json @@ -0,0 +1,40 @@ +{ + "attributes": { + "created_at": "2022-04-05T06:00:13.167Z", + "created_by": "elastic", + "description": "Get all installed applications on Windows.", + "ecs_mapping": [ + { + "key": "package.name", + "value": { + "field": "name" + } + }, + { + "key": "package.version", + "value": { + "field": "version" + } + }, + { + "key": "package.path", + "value": { + "field": "install_location" + } + } + ], + "id": "applications_windows", + "interval": "3600", + "platform": "windows", + "query": "SELECT * FROM programs", + "updated_at": "2022-04-05T06:00:13.167Z", + "updated_by": "elastic", + "version": "1" + }, + "coreMigrationVersion": "8.3.0", + "id": "osquery_manager-a8870ff0-b4a5-11ec-8f39-bf9c07530bbb", + "references": [], + "type": "osquery-saved-query", + "updated_at": "2022-04-05T06:00:13.170Z", + "version": "WzcyMywxXQ==" +} \ No newline at end of file diff --git a/packages/osquery_manager/kibana/osquery_saved_query/osquery_manager-ccd3f850-b4a5-11ec-8f39-bf9c07530bbb.json b/packages/osquery_manager/kibana/osquery_saved_query/osquery_manager-ccd3f850-b4a5-11ec-8f39-bf9c07530bbb.json new file mode 100644 index 00000000000..0f195402c68 --- /dev/null +++ b/packages/osquery_manager/kibana/osquery_saved_query/osquery_manager-ccd3f850-b4a5-11ec-8f39-bf9c07530bbb.json @@ -0,0 +1,40 @@ +{ + "attributes": { + "created_at": "2022-04-05T06:01:14.069Z", + "created_by": "elastic", + "description": "Get all users who are currently logged in.", + "ecs_mapping": [ + { + "key": "user.id", + "value": { + "field": "uid" + } + }, + { + "key": "user.group.id", + "value": { + "field": "gid" + } + }, + { + "key": "user.name", + "value": { + "field": "username" + } + } + ], + "id": "logged_in_users", + "query": "SELECT * FROM users;", + "interval": "3600", + "platform": "darwin", + "updated_at": "2022-04-05T06:01:14.069Z", + "updated_by": "elastic", + "version": "1" + }, + "coreMigrationVersion": "8.3.0", + "id": "osquery_manager-ccd3f850-b4a5-11ec-8f39-bf9c07530bbb", + "references": [], + "type": "osquery-saved-query", + "updated_at": "2022-04-05T06:01:14.071Z", + "version": "WzcyNywxXQ==" +} \ No newline at end of file diff --git a/packages/osquery_manager/kibana/osquery_saved_query/osquery_manager-cebd7b00-b4b4-11ec-8f39-bf9c07530bbb.json b/packages/osquery_manager/kibana/osquery_saved_query/osquery_manager-cebd7b00-b4b4-11ec-8f39-bf9c07530bbb.json new file mode 100644 index 00000000000..e8fe8c7a64e --- /dev/null +++ b/packages/osquery_manager/kibana/osquery_saved_query/osquery_manager-cebd7b00-b4b4-11ec-8f39-bf9c07530bbb.json @@ -0,0 +1,39 @@ +{ + "attributes": { + "created_at": "2022-04-05T07:48:39.728Z", + "created_by": "elastic", + "description": "Get all local user accounts.", + "ecs_mapping": [ + { + "key": "user.id", + "value": { + "field": "uid" + } + }, + { + "key": "user.group.id", + "value": { + "field": "gid" + } + }, + { + "key": "user.name", + "value": { + "field": "username" + } + } + ], + "id": "users", + "interval": "3600", + "query": "SELECT * FROM users;", + "updated_at": "2022-04-05T07:48:39.728Z", + "updated_by": "elastic", + "version": "1" + }, + "coreMigrationVersion": "8.3.0", + "id": "osquery_manager-cebd7b00-b4b4-11ec-8f39-bf9c07530bbb", + "references": [], + "type": "osquery-saved-query", + "updated_at": "2022-04-05T07:48:39.729Z", + "version": "Wzc3MCwxXQ==" +} \ No newline at end of file diff --git a/packages/osquery_manager/kibana/osquery_saved_query/osquery_manager-e640e200-b4a8-11ec-8f39-bf9c07530bbb.json b/packages/osquery_manager/kibana/osquery_saved_query/osquery_manager-e640e200-b4a8-11ec-8f39-bf9c07530bbb.json new file mode 100644 index 00000000000..02ff666cc04 --- /dev/null +++ b/packages/osquery_manager/kibana/osquery_saved_query/osquery_manager-e640e200-b4a8-11ec-8f39-bf9c07530bbb.json @@ -0,0 +1,21 @@ +{ + "attributes": { + "created_at": "2022-04-05T06:23:25.216Z", + "created_by": "elastic", + "description": "Get all Windows firewall rules. The results also indicate if they are enabled or disabled.", + "ecs_mapping": [], + "id": "firewall_rules_windows", + "interval": "3600", + "platform": "windows", + "query": "SELECT * FROM windows_filewall_rules;", + "updated_at": "2022-04-05T06:23:25.216Z", + "updated_by": "elastic", + "version": "1" + }, + "coreMigrationVersion": "8.3.0", + "id": "osquery_manager-e640e200-b4a8-11ec-8f39-bf9c07530bbb", + "references": [], + "type": "osquery-saved-query", + "updated_at": "2022-04-05T06:23:25.217Z", + "version": "Wzc0NywxXQ==" +} \ No newline at end of file diff --git a/packages/osquery_manager/kibana/osquery_saved_query/osquery_manager-f8649710-b4a8-11ec-8f39-bf9c07530bbb.json b/packages/osquery_manager/kibana/osquery_saved_query/osquery_manager-f8649710-b4a8-11ec-8f39-bf9c07530bbb.json new file mode 100644 index 00000000000..e6cbdc6ff0b --- /dev/null +++ b/packages/osquery_manager/kibana/osquery_saved_query/osquery_manager-f8649710-b4a8-11ec-8f39-bf9c07530bbb.json @@ -0,0 +1,28 @@ +{ + "attributes": { + "created_at": "2022-04-05T06:23:55.649Z", + "created_by": "elastic", + "description": "Get all installed drivers on a Windows system.", + "ecs_mapping": [ + { + "key": "package.name", + "value": { + "field": "name" + } + } + ], + "id": "loaded_drivers_windows", + "interval": "3600", + "platform": "windows", + "query": "SELECT * FROM drivers;", + "updated_at": "2022-04-05T06:23:55.649Z", + "updated_by": "elastic", + "version": "1" + }, + "coreMigrationVersion": "8.3.0", + "id": "osquery_manager-f8649710-b4a8-11ec-8f39-bf9c07530bbb", + "references": [], + "type": "osquery-saved-query", + "updated_at": "2022-04-05T06:23:55.651Z", + "version": "Wzc0OCwxXQ==" +} \ No newline at end of file diff --git a/packages/osquery_manager/kibana/osquery_saved_query/osquery_manager-fc4e34b0-b4a5-11ec-8f39-bf9c07530bbb.json b/packages/osquery_manager/kibana/osquery_saved_query/osquery_manager-fc4e34b0-b4a5-11ec-8f39-bf9c07530bbb.json new file mode 100644 index 00000000000..03f5b116ba8 --- /dev/null +++ b/packages/osquery_manager/kibana/osquery_saved_query/osquery_manager-fc4e34b0-b4a5-11ec-8f39-bf9c07530bbb.json @@ -0,0 +1,69 @@ +{ + "attributes": { + "created_at": "2022-04-05T06:02:33.723Z", + "created_by": "elastic", + "description": "Recursively get all directories and file names within the specified path that are directories. Edit the path and type to adjust the search. ", + "ecs_mapping": [ + { + "key": "file.directory", + "value": { + "field": "directory" + } + }, + { + "key": "file.name", + "value": { + "field": "filename" + } + }, + { + "key": "file.inode", + "value": { + "field": "inode" + } + }, + { + "key": "file.uid", + "value": { + "field": "uid" + } + }, + { + "key": "file.gid", + "value": { + "field": "gid" + } + }, + { + "key": "file.mode", + "value": { + "field": "mode" + } + }, + { + "key": "file.size", + "value": { + "field": "size" + } + }, + { + "key": "file.type", + "value": { + "field": "type" + } + } + ], + "id": "file_info_by_type", + "interval": "3600", + "query": "SELECT * FROM file WHERE path LIKE \"/%%\" and type = 'directory'", + "updated_at": "2022-04-05T06:02:33.723Z", + "updated_by": "elastic", + "version": "1" + }, + "coreMigrationVersion": "8.3.0", + "id": "osquery_manager-fc4e34b0-b4a5-11ec-8f39-bf9c07530bbb", + "references": [], + "type": "osquery-saved-query", + "updated_at": "2022-04-05T06:02:33.724Z", + "version": "WzczNCwxXQ==" +} \ No newline at end of file diff --git a/packages/osquery_manager/kibana/visualization/osquery_manager-2d6e0760-f4ab-11e7-8647-534bb4c21040.json b/packages/osquery_manager/kibana/visualization/osquery_manager-2d6e0760-f4ab-11e7-8647-534bb4c21040.json index b05af44b654..caf9eb1fa2f 100644 --- a/packages/osquery_manager/kibana/visualization/osquery_manager-2d6e0760-f4ab-11e7-8647-534bb4c21040.json +++ b/packages/osquery_manager/kibana/visualization/osquery_manager-2d6e0760-f4ab-11e7-8647-534bb4c21040.json @@ -7,7 +7,7 @@ "title": "Navigation [Osquery Manager]", "uiStateJSON": "{}", "version": 1, - "visState": "{\"title\":\"Navigation [Osquery Manager]\",\"type\":\"markdown\",\"aggs\":[],\"params\":{\"fontSize\":10,\"markdown\":\"[Compilance](#/dashboard/osquery_manager-69f5ae20-eb02-11e7-8f04-51231daa5b05) | [OSSEC Rootkit](#/dashboard/osquery_manager-c0a7ce90-f4aa-11e7-8647-534bb4c21040)\",\"openLinksInNewTab\":false}}" + "visState": "{\"title\":\"Navigation [Osquery Manager]\",\"type\":\"markdown\",\"aggs\":[],\"params\":{\"fontSize\":10,\"markdown\":\"[Compliance](#/dashboard/osquery_manager-69f5ae20-eb02-11e7-8f04-51231daa5b05) | [OSSEC Rootkit](#/dashboard/osquery_manager-c0a7ce90-f4aa-11e7-8647-534bb4c21040)\",\"openLinksInNewTab\":false}}" }, "coreMigrationVersion": "8.2.0", "id": "osquery_manager-2d6e0760-f4ab-11e7-8647-534bb4c21040", diff --git a/packages/osquery_manager/manifest.yml b/packages/osquery_manager/manifest.yml index c8c99eddd68..15de1fe6807 100755 --- a/packages/osquery_manager/manifest.yml +++ b/packages/osquery_manager/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: osquery_manager title: Osquery Manager -version: 1.2.1 +version: 1.3.0 license: basic description: Deploy osquery with Elastic Agent, then run and schedule queries in Kibana type: integration @@ -11,7 +11,7 @@ categories: - os_system - config_management conditions: - kibana.version: ^8.2.0 + kibana.version: ^8.3.0 icons: - src: /img/logo_osquery.svg title: logo osquery