Loading

Osquery Manager integration

Version 1.21.1 (View all)
Subscription level
What's this?
Basic
Developed by
What's this?
Elastic
Required permissions Root privileges
Minimum Kibana version(s) 9.3.0

With this integration, you can centrally manage Osquery deployments to Elastic Agents in your Fleet and query host data through distributed SQL.

This integration adds an Osquery UI in Kibana where you can:

  • Run live queries for one or more agents
  • View a history of past queries and their results
  • Schedule queries to capture OS state changes over time
  • Save queries and build a library of queries for specific use cases

Osquery results are stored in Elasticsearch, so that you can use the power of the stack to search, analyze, and visualize Osquery data.

For information about using Osquery, refer to the Osquery Kibana documentation. This includes information about required privileges; how to run, schedule, and save queries; how to map osquery fields to ECS; and other useful information about managing Osquery with this integration.

For information about Osquery tables, refer to the Osquery schema documentation and Osquery Extension for Elastic.