Skip to content
Merged
Show file tree
Hide file tree
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
{
"attributes": {
"created_at": "2022-04-05T06:24:21.145Z",
"created_by": "elastic",
"description": "A list of all current network connections.",
"id": "Network",
"interval": "3600",
"query": "select * from listening_ports;",
"updated_at": "2022-04-05T06:24:21.145Z",
"updated_by": "elastic"
},
"coreMigrationVersion": "8.3.0",
"id": "0796f890-b4a9-11ec-8f39-bf9c07530bbb",
"references": [],
"type": "osquery-saved-query",
"updated_at": "2022-04-05T06:24:21.147Z",
"version": "Wzc0OSwxXQ=="
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
{
"attributes": {
"created_at": "2022-04-05T06:03:11.035Z",
"created_by": "elastic",
"description": "A list of all directories and file names within the specified path.",
"id": "File_System_Windows",
"interval": "3600",
"platform": "windows",
"query": "SELECT * FROM file WHERE path LIKE \"/%%\"",
"updated_at": "2022-04-05T06:03:11.035Z",
"updated_by": "elastic"
},
"coreMigrationVersion": "8.3.0",
"id": "128b90b0-b4a6-11ec-8f39-bf9c07530bbb",
"references": [],
"type": "osquery-saved-query",
"updated_at": "2022-04-05T06:03:11.036Z",
"version": "WzczNiwxXQ=="
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
{
"attributes": {
"created_at": "2022-04-05T06:25:08.166Z",
"created_by": "elastic",
"description": "A list of applications configured to launch when a system reboots.",
"id": "Persistence_Windows",
"interval": "3600",
"platform": "windows",
"query": "select * from autoexec, startup_items;",
"updated_at": "2022-04-05T06:25:08.166Z",
"updated_by": "elastic"
},
"coreMigrationVersion": "8.3.0",
"id": "239dce60-b4a9-11ec-8f39-bf9c07530bbb",
"references": [],
"type": "osquery-saved-query",
"updated_at": "2022-04-05T06:25:08.167Z",
"version": "Wzc1MCwxXQ=="
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
{
"attributes": {
"created_at": "2022-04-05T06:25:25.392Z",
"created_by": "elastic",
"description": "A list of applications configured to launch when a system reboots.",
"id": "Persistence",
"interval": "3600",
"query": "select * from startup_items;",
"updated_at": "2022-04-05T06:25:25.392Z",
"updated_by": "elastic"
},
"coreMigrationVersion": "8.3.0",
"id": "2de24900-b4a9-11ec-8f39-bf9c07530bbb",
"references": [],
"type": "osquery-saved-query",
"updated_at": "2022-04-05T06:25:25.395Z",
"version": "Wzc1MSwxXQ=="
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
{
"attributes": {
"created_at": "2022-04-05T06:25:39.411Z",
"created_by": "elastic",
"description": "A list of running parent and child processes.",
"id": "Process",
"interval": "3600",
"query": "select * from processes;",
"updated_at": "2022-04-05T06:25:39.411Z",
"updated_by": "elastic"
},
"coreMigrationVersion": "8.3.0",
"id": "363d6a30-b4a9-11ec-8f39-bf9c07530bbb",
"references": [],
"type": "osquery-saved-query",
"updated_at": "2022-04-05T06:25:39.412Z",
"version": "Wzc1MiwxXQ=="
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
{
"attributes": {
"created_at": "2022-04-05T05:58:04.908Z",
"created_by": "elastic",
"description": "A list of all installed applications.",
"ecs_mapping": [],
"id": "Applications_Apple",
"interval": 3600,
"platform": "darwin",
"query": "select * from apps;",
"updated_at": "2022-04-05T05:59:52.293Z",
"updated_by": "elastic"
},
"coreMigrationVersion": "8.3.0",
"id": "5c144ac0-b4a5-11ec-8f39-bf9c07530bbb",
"references": [],
"type": "osquery-saved-query",
"updated_at": "2022-04-05T05:59:52.297Z",
"version": "WzcyMiwxXQ=="
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
{
"attributes": {
"created_at": "2022-04-05T07:46:00.361Z",
"created_by": "elastic",
"description": "Windows information from the specified registry hives.",
"id": "Registry",
"interval": "3600",
"platform": "windows",
"query": "select path from registry where key like 'HKEY_USERS\\\\.Default\\\\Software\\\\%%;",
"updated_at": "2022-04-05T07:46:00.361Z",
"updated_by": "elastic"
},
"coreMigrationVersion": "8.3.0",
"id": "6fc00190-b4b4-11ec-8f39-bf9c07530bbb",
"references": [],
"type": "osquery-saved-query",
"updated_at": "2022-04-05T07:46:00.362Z",
"version": "Wzc1OSwxXQ=="
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
{
"attributes": {
"created_at": "2022-04-05T07:46:25.783Z",
"created_by": "elastic",
"description": "A list of devices plugged into a USB port (e.g., flash drives, portable hard drives, etc.) ",
"id": "Removable_Media",
"interval": "3600",
"platform": "windows",
"query": "SELECT * FROM usb_devices;",
"updated_at": "2022-04-05T07:46:25.783Z",
"updated_by": "elastic"
},
"coreMigrationVersion": "8.3.0",
"id": "7ee71870-b4b4-11ec-8f39-bf9c07530bbb",
"references": [],
"type": "osquery-saved-query",
"updated_at": "2022-04-05T07:46:25.784Z",
"version": "Wzc2MCwxXQ=="
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
{
"attributes": {
"created_at": "2021-12-21T08:54:07.802Z",
"created_by": "elastic",
"description": "Test saved query description",
"ecs_mapping": [
{
"key": "labels",
"value": {
"field": "hours"
}
}
],
"id": "Saved-Query-Id",
"interval": "3600",
"query": "select * from uptime;",
"updated_at": "2021-12-21T08:54:38.648Z",
"updated_by": "elastic",
"version": 1
},
"id": "osquery_manager-8eae68b0-623b-11ec-8b00-d5db3ac3cda1",
"references": [],
"type": "osquery-saved-query"
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
{
"attributes": {
"created_at": "2022-04-05T07:47:13.940Z",
"created_by": "elastic",
"description": "Operating system and configuration information, such as hostnames, system architecture, and memory usage.",
"ecs_mapping": [],
"id": "System_Configuration",
"interval": 3600,
"query": "select * from os_version, system_info;",
"updated_at": "2022-04-05T07:48:21.638Z",
"updated_by": "elastic"
},
"coreMigrationVersion": "8.3.0",
"id": "9b9b4540-b4b4-11ec-8f39-bf9c07530bbb",
"references": [],
"type": "osquery-saved-query",
"updated_at": "2022-04-05T07:48:21.642Z",
"version": "Wzc2OSwxXQ=="
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
{
"attributes": {
"created_at": "2022-04-05T06:00:13.167Z",
"created_by": "elastic",
"description": "A list of all installed applications.",
"id": "Applications_Windows",
"interval": "3600",
"platform": "windows",
"query": "select * from programs",
"updated_at": "2022-04-05T06:00:13.167Z",
"updated_by": "elastic"
},
"coreMigrationVersion": "8.3.0",
"id": "a8870ff0-b4a5-11ec-8f39-bf9c07530bbb",
"references": [],
"type": "osquery-saved-query",
"updated_at": "2022-04-05T06:00:13.170Z",
"version": "WzcyMywxXQ=="
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
{
"attributes": {
"created_at": "2022-04-05T06:01:14.069Z",
"created_by": "elastic",
"description": "A list of all directories and file names within the specified path.",
"id": "File_System_Apple",
"interval": "3600",
"platform": "darwin",
"query": "select * from file where path like '/path/to/%'",
"updated_at": "2022-04-05T06:01:14.069Z",
"updated_by": "elastic"
},
"coreMigrationVersion": "8.3.0",
"id": "ccd3f850-b4a5-11ec-8f39-bf9c07530bbb",
"references": [],
"type": "osquery-saved-query",
"updated_at": "2022-04-05T06:01:14.071Z",
"version": "WzcyNywxXQ=="
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
{
"attributes": {
"created_at": "2022-04-05T07:48:39.728Z",
"created_by": "elastic",
"description": "A list of all users who are currently logged in.",
"id": "Users",
"interval": "3600",
"query": "SELECT * FROM users;",
"updated_at": "2022-04-05T07:48:39.728Z",
"updated_by": "elastic"
},
"coreMigrationVersion": "8.3.0",
"id": "cebd7b00-b4b4-11ec-8f39-bf9c07530bbb",
"references": [],
"type": "osquery-saved-query",
"updated_at": "2022-04-05T07:48:39.729Z",
"version": "Wzc3MCwxXQ=="
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
{
"attributes": {
"created_at": "2022-04-05T06:23:25.216Z",
"created_by": "elastic",
"description": "A list of all Windows firewall rules that also indicates if they are enabled or disabled.",
"id": "Firewall_Rules",
"interval": "3600",
"platform": "windows",
"query": "select * from windows_filewall_rules;",
"updated_at": "2022-04-05T06:23:25.216Z",
"updated_by": "elastic"
},
"coreMigrationVersion": "8.3.0",
"id": "e640e200-b4a8-11ec-8f39-bf9c07530bbb",
"references": [],
"type": "osquery-saved-query",
"updated_at": "2022-04-05T06:23:25.217Z",
"version": "Wzc0NywxXQ=="
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
{
"attributes": {
"created_at": "2022-04-05T06:23:55.649Z",
"created_by": "elastic",
"description": "A list of all installed drivers on the system.",
"id": "Loaded_Drivers",
"interval": "3600",
"platform": "windows",
"query": "select * from drivers;",
"updated_at": "2022-04-05T06:23:55.649Z",
"updated_by": "elastic"
},
"coreMigrationVersion": "8.3.0",
"id": "f8649710-b4a8-11ec-8f39-bf9c07530bbb",
"references": [],
"type": "osquery-saved-query",
"updated_at": "2022-04-05T06:23:55.651Z",
"version": "Wzc0OCwxXQ=="
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
{
"attributes": {
"created_at": "2022-04-05T06:02:33.723Z",
"created_by": "elastic",
"description": "A list of all directories and file names within the specified path.",
"id": "File_System_Linux",
"interval": "3600",
"platform": "linux",
"query": "SELECT * FROM file WHERE path LIKE \"/%%\" and type = 'directory'",
"updated_at": "2022-04-05T06:02:33.723Z",
"updated_by": "elastic"
},
"coreMigrationVersion": "8.3.0",
"id": "fc4e34b0-b4a5-11ec-8f39-bf9c07530bbb",
"references": [],
"type": "osquery-saved-query",
"updated_at": "2022-04-05T06:02:33.724Z",
"version": "WzczNCwxXQ=="
}
2 changes: 1 addition & 1 deletion packages/osquery_manager/manifest.yml
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
format_version: 1.0.0
name: osquery_manager
title: Osquery Manager
version: 1.2.0
version: 1.3.0
license: basic
description: Deploy osquery with Elastic Agent, then run and schedule queries in Kibana
type: integration
Expand Down