Get pack details

GET /api/osquery/packs/{id}

Api key auth Basic auth

Get the details of a query pack using the pack ID.

Path parameters

id string | null Required

The ID of the pack you want to run, retrieve, update, or delete.

Responses

200 application/json; Elastic-Api-Version=2023-10-31

OK

Additional properties are allowed.

GET /api/osquery/packs/{id}

curl \
 --request GET https://localhost:5601/api/osquery/packs/3c42c847-eb30-4452-80e0-728584042334 \
 --header "Authorization: $API_KEY"

Response examples (200)

{
  "data": {
    "id": "3c42c847-eb30-4452-80e0-728584042334",
    "name": "test_pack",
    "type": "osquery-pack",
    "enabled": true,
    "queries": {
      "uptime": {
        "query": "select * from uptime",
        "interval": 3600,
        "ecs_mapping": {
          "message": {
            "field": "days"
          }
        }
      }
    },
    "read_only": false,
    "created_at": "2022-07-25T19:41:10.263Z",
    "created_by": "elastic",
    "namespaces": [
      "default"
    ],
    "policy_ids": [],
    "updated_at": "2022-07-25T20:12:01.455Z",
    "updated_by": "elastic",
    "description": ""
  }
}