Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Osquery_manager: Update integration manifest to allow free-form osquery configuration, limit to one integration #1715

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Sep 22, 2021
Merged

Osquery_manager: Update integration manifest to allow free-form osquery configuration, limit to one integration #1715

merged 1 commit into from
Sep 22, 2021

Conversation

aleksmaus
Copy link
Contributor

What does this PR do?

Update integration manifest to allow free-form osquery configuration, limit to one integration.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • If I'm introducing a new feature, I have modified the Kibana version constraint in my package's manifest.yml file to point to the latest Elastic stack release (e.g. ^7.13.0).

How to test this PR locally

Example of the new configuration payload, specifically the streams array is empty and the osquery configuration is under config osquery value property on updating the configuration:

{
    "name": "osquery_manager-1",
    "description": "",
    "policy_id": "dc5c1ad0-0b47-11ec-9743-91c25b5c7a9b",
    "namespace": "default",
    "inputs": [
        {
            "type": "osquery",
            "enabled": true,
            "streams": [],
            "policy_template": "osquery_manager",
            "config": {
                "osquery": {
                    "value": {
                        "schedule": {
                            "macos_uptime": {
                                "query": "SELECT * FROM uptime",
                                "interval": 60
                            }
                        },
                        "options": {
                            "disable_tables": "users"
                        },
                        "packs": {
                            "internal_stuff": {
                                "queries": {
                                    "users": {
                                        "query": "SELECT * FROM users limit 5",
                                        "interval": 90
                                    }
                                }
                            }
                        }
                    }
                }
            }
        }
    ],
    "enabled": true,
    "output_id": "",
    "package": {
        "name": "osquery_manager",
        "title": "Osquery Manager",
        "version": "0.5.2"
    }
}

Related issues

The osquerybeat change PR in order to support the new configuration format

@aleksmaus aleksmaus added enhancement New feature or request v7.16.0 Team:Asset Mgt Security Assets Management team [elastic/security-asset-management] 7.16 candidate 7.16-candidate labels Sep 13, 2021
@aleksmaus aleksmaus mentioned this pull request Sep 13, 2021
Merged
2 tasks
@elasticmachine
Copy link

elasticmachine commented Sep 13, 2021
edited
Loading

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS
Pipeline View Test View Changes Artifacts preview preview

Expand to view the summary

Build stats

  • Start Time: 2021-09-22T13:19:49.689+0000

  • Duration: 13 min 9 sec

  • Commit: d5bbd3b

Test stats 🧪

Test Results
Failed 0
Passed 1
Skipped 0
Total 1

@aleksmaus aleksmaus merged commit 9e68fc1 into elastic:master Sep 22, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@james-elastic james-elastic james-elastic approved these changes

@patrykkopycinski patrykkopycinski Awaiting requested review from patrykkopycinski

Assignees
No one assigned
Labels
7.16-candidate 7.16 candidate enhancement New feature or request Team:Asset Mgt Security Assets Management team [elastic/security-asset-management] v7.16.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@aleksmaus @elasticmachine @james-elastic