github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-04-24 17:59:23 -04:00
Code Issues Projects Releases Packages Wiki Activity

[EDR Workflows] Osquery OpenApi Spec (#162955)

Browse source
This commit is contained in:
Tomasz Ciecierski 2023-08-31 18:17:35 +02:00 committed by GitHub
parent 6ee0210d84
commit 186a202b05
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
30 changed files with 1192 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

29
x-pack/plugins/osquery/common/api/asset/assets.schema.yaml Normal file
View file

@ -0,0 +1,29 @@
openapi: 3.0.0
info:
title: Assets Schema
version: '1'
paths:
/internal/osquery/assets:
get:
summary: Get assets
parameters:
- $ref: './assets_status.schema.yaml#/components/parameters/AssetsStatusRequestQueryParameter'
responses:
'200':
description: OK
content:
application/json:
schema:
$ref: './assets_status.schema.yaml#/components/schemas/SuccessResponse'
/internal/osquery/assets/update:
post:
summary: Update assets
parameters:
- $ref: './assets_status.schema.yaml#/components/parameters/AssetsStatusRequestQueryParameter'
responses:
'200':
description: OK
content:
application/json:
schema:
$ref: './assets_status.schema.yaml#/components/schemas/SuccessResponse'

20
x-pack/plugins/osquery/common/api/asset/assets_status.schema.yaml Normal file
View file

@ -0,0 +1,20 @@
openapi: 3.0.0
info:
title: Assets Status Schema
version: '1'
paths: { }
components:
parameters:
AssetsStatusRequestQueryParameter:
name: query
in: path
required: true
schema:
$ref: '#/components/schemas/AssetsRequestQuery'
schemas:
AssetsRequestQuery:
type: object
SuccessResponse:
type: object
properties: {}
# Define properties for the success response if needed

70
x-pack/plugins/osquery/common/api/fleet_wrapper/fleet_wrapper.schema.yaml Normal file
View file

@ -0,0 +1,70 @@
openapi: 3.0.0
info:
title: Fleet wrapper schema
version: '1'
paths:
/internal/osquery/fleet_wrapper/agents:
get:
summary: Get agents
parameters:
- $ref: './get_agents.schema.yaml#/components/parameters/GetAgentsRequestQueryParameter'
responses:
'200':
description: OK
content:
application/json:
schema:
$ref: './get_agents.schema.yaml#/components/schemas/SuccessResponse'
/internal/osquery/fleet_wrapper/agents/{id}:
get:
summary: Get Agent details
parameters:
- $ref: './get_agent_details.schema.yaml#/components/parameters/GetAgentDetailsRequestQueryParameter'
responses:
'200':
description: OK
content:
application/json:
schema:
$ref: './get_agent_details.schema.yaml#/components/schemas/SuccessResponse'
/internal/osquery/fleet_wrapper/agent_policies:
get:
summary: Get Agent policies
parameters:
- $ref: './get_agent_policies.schema.yaml#/components/parameters/GetAgentPoliciesRequestParameter'
- $ref: './get_agent_policies.schema.yaml#/components/parameters/GetAgentPoliciesRequestQueryParameter'
responses:
'200':
description: OK
content:
application/json:
schema:
$ref: './get_agent_policies.schema.yaml#/components/schemas/SuccessResponse'
/internal/osquery/fleet_wrapper/agent_policies/{id}:
get:
summary: Get Agent policy
parameters:
- $ref: './get_agent_policy.schema.yaml#/components/parameters/GetAgentPolicyRequestParameter'
responses:
'200':
description: OK
content:
application/json:
schema:
$ref: './get_agent_policy.schema.yaml#/components/schemas/SuccessResponse'
/internal/osquery/fleet_wrapper/package_policies:
get:
summary: Get Agent policy
parameters:
- $ref: './get_package_policies.schema.yaml#/components/parameters/GetPackagePoliciesRequestQueryParameter'
responses:
'200':
description: OK
content:
application/json:
schema:
$ref: './get_package_policies.schema.yaml#/components/schemas/SuccessResponse'

20
x-pack/plugins/osquery/common/api/fleet_wrapper/get_agent_details.schema.yaml Normal file
View file

@ -0,0 +1,20 @@
openapi: 3.0.0
info:
title: Get agent details schema
version: '1'
paths: { }
components:
parameters:
GetAgentDetailsRequestQueryParameter:
name: query
in: path
required: true
schema:
$ref: '#/components/schemas/GetAgentDetailsRequestParams'
schemas:
GetAgentDetailsRequestParams:
type: object
SuccessResponse:
type: object
properties: {}
# Define properties for the success response if needed

26
x-pack/plugins/osquery/common/api/fleet_wrapper/get_agent_policies.schema.yaml Normal file
View file

@ -0,0 +1,26 @@
openapi: 3.0.0
info:
title: Get agent policies schema
version: '1'
paths: { }
components:
parameters:
GetAgentPoliciesRequestQueryParameter:
name: query
in: query
required: true
schema:
$ref: '#/components/schemas/GetAgentPoliciesRequestParams'
GetAgentPoliciesRequestParameter:
name: query
in: path
required: true
schema:
$ref: '#/components/schemas/GetAgentPoliciesRequestParams'
schemas:
GetAgentPoliciesRequestParams:
type: object
SuccessResponse:
type: object
properties: {}
# Define properties for the success response if needed

23
x-pack/plugins/osquery/common/api/fleet_wrapper/get_agent_policy.schema.yaml Normal file
View file

@ -0,0 +1,23 @@
openapi: 3.0.0
info:
title: Get agent policy schema
version: '1'
paths: { }
components:
parameters:
GetAgentPolicyRequestParameter:
name: query
in: path
required: true
schema:
$ref: '#/components/schemas/GetAgentPolicyRequestParams'
schemas:
GetAgentPolicyRequestParams:
type: object
properties:
id:
$ref: '../model/schema/common_attributes.schema.yaml#/components/schemas/Id'
SuccessResponse:
type: object
properties: {}
# Define properties for the success response if needed

33
x-pack/plugins/osquery/common/api/fleet_wrapper/get_agent_status.schema.yaml Normal file
View file

@ -0,0 +1,33 @@
openapi: 3.0.0
info:
title: Get agent status schema
version: '1'
paths: { }
components:
parameters:
GetAgentStatusRequestQueryParameter:
name: query
in: query
required: true
schema:
$ref: '#/components/schemas/GetAgentStatusRequestQueryParams'
GetAgentStatusRequestParameter:
name: query
in: path
required: true
schema:
$ref: '#/components/schemas/GetAgentStatusRequestParams'
schemas:
GetAgentStatusRequestParams:
type: object
GetAgentStatusRequestQueryParams:
type: object
properties:
kuery:
$ref: '../model/schema/common_attributes.schema.yaml#/components/schemas/KueryOrUndefined'
policyId:
$ref: '../model/schema/common_attributes.schema.yaml#/components/schemas/Id'
SuccessResponse:
type: object
properties: {}
# Define properties for the success response if needed

20
x-pack/plugins/osquery/common/api/fleet_wrapper/get_agents.schema.yaml Normal file
View file

@ -0,0 +1,20 @@
openapi: 3.0.0
info:
title: Get agents schema
version: '1'
paths: { }
components:
parameters:
GetAgentsRequestQueryParameter:
name: query
in: path
required: true
schema:
$ref: '#/components/schemas/GetAgentsRequestParams'
schemas:
GetAgentsRequestParams:
type: object
SuccessResponse:
type: object
properties: {}
# Define properties for the success response if needed

20
x-pack/plugins/osquery/common/api/fleet_wrapper/get_package_policies.schema.yaml Normal file
View file

@ -0,0 +1,20 @@
openapi: 3.0.0
info:
title: Get package policies schema
version: '1'
paths: { }
components:
parameters:
GetPackagePoliciesRequestQueryParameter:
name: query
in: path
required: true
schema:
$ref: '#/components/schemas/GetPackagePoliciesRequestParams'
schemas:
GetPackagePoliciesRequestParams:
type: object
SuccessResponse:
type: object
properties: {}
# Define properties for the success response if needed

53
x-pack/plugins/osquery/common/api/live_query/create_live_query.schema.yaml Normal file
View file

@ -0,0 +1,53 @@
openapi: 3.0.0
info:
title: Create Live Query Schema
version: '2023-10-31'
paths: { }
components:
schemas:
CreateLiveQueryRequestBody:
type: object
properties:
agent_ids:
type: array
items:
type: string
agent_all:
type: boolean
agent_platforms:
type: array
items:
type: string
agent_policy_ids:
type: array
items:
type: string
query:
$ref: '../model/schema/common_attributes.schema.yaml#/components/schemas/QueryOrUndefined'
queries:
$ref: '../model/schema/common_attributes.schema.yaml#/components/schemas/ArrayQueries'
saved_query_id:
$ref: '../model/schema/common_attributes.schema.yaml#/components/schemas/SavedQueryIdOrUndefined'
ecs_mapping:
$ref: '../model/schema/common_attributes.schema.yaml#/components/schemas/ECSMappingOrUndefined'
pack_id:
$ref: '../model/schema/common_attributes.schema.yaml#/components/schemas/PackIdOrUndefined'
alert_ids:
type: array
items:
type: string
case_ids:
type: array
items:
type: string
event_ids:
type: array
items:
type: string
metadata:
type: object
nullable: true
SuccessResponse:
type: object
properties: {}
# Define properties for the success response if needed

31
x-pack/plugins/osquery/common/api/live_query/find_live_query.schema.yaml Normal file
View file

@ -0,0 +1,31 @@
openapi: 3.0.0
info:
title: Find Live Queries Schema
version: '2023-10-31'
paths: { }
components:
parameters:
FindLiveQueryRequestQueryParameter:
name: query
in: query
required: true
schema:
$ref: '#/components/schemas/FindLiveQueryRequestQuery'
schemas:
FindLiveQueryRequestQuery:
type: object
properties:
kuery:
$ref: '../model/schema/common_attributes.schema.yaml#/components/schemas/KueryOrUndefined'
page:
$ref: '../model/schema/common_attributes.schema.yaml#/components/schemas/PageOrUndefined'
pageSize:
$ref: '../model/schema/common_attributes.schema.yaml#/components/schemas/PageSizeOrUndefined'
sort:
$ref: '../model/schema/common_attributes.schema.yaml#/components/schemas/SortOrUndefined'
sortOrder:
$ref: '../model/schema/common_attributes.schema.yaml#/components/schemas/SortOrderOrUndefined'
SuccessResponse:
type: object
properties: {}
# Define properties for the success response if needed

24
x-pack/plugins/osquery/common/api/live_query/get_live_query_details.schema.yaml Normal file
View file

@ -0,0 +1,24 @@
openapi: 3.0.0
info:
title: Get Live Query Details Schema
version: '2023-10-31'
paths: { }
components:
parameters:
GetLiveQueryDetailsRequestParameter:
name: id
in: path
required: true
schema:
$ref: '../model/schema/common_attributes.schema.yaml#/components/schemas/Id'
GetLiveQueryDetailsRequestQueryParameter:
name: query
in: query
schema:
type: object
additionalProperties: true
schemas:
SuccessResponse:
type: object
properties: {}
# Define properties for the success response if needed

45
x-pack/plugins/osquery/common/api/live_query/get_live_query_results.schema.yaml Normal file
View file

@ -0,0 +1,45 @@
openapi: 3.0.0
info:
title: Get Live Query Results Schema
version: '2023-10-31'
paths: { }
components:
parameters:
GetLiveQueryRequestResultsQueryParameter:
name: query
in: query
required: true
schema:
$ref: '#/components/schemas/GetLiveQueryResultsRequestQuery'
GetLiveQueryRequestResultsParameter:
name: query
in: path
required: true
schema:
$ref: '#/components/schemas/GetLiveQueryResultsRequestParams'
schemas:
GetLiveQueryResultsRequestQuery:
type: object
properties:
kuery:
$ref: '../model/schema/common_attributes.schema.yaml#/components/schemas/KueryOrUndefined'
page:
$ref: '../model/schema/common_attributes.schema.yaml#/components/schemas/PageOrUndefined'
pageSize:
$ref: '../model/schema/common_attributes.schema.yaml#/components/schemas/PageSizeOrUndefined'
sort:
$ref: '../model/schema/common_attributes.schema.yaml#/components/schemas/SortOrUndefined'
sortOrder:
$ref: '../model/schema/common_attributes.schema.yaml#/components/schemas/SortOrderOrUndefined'
GetLiveQueryResultsRequestParams:
type: object
properties:
id:
$ref: '../model/schema/common_attributes.schema.yaml#/components/schemas/Id'
actionId:
$ref: '../model/schema/common_attributes.schema.yaml#/components/schemas/Id'
SuccessResponse:
type: object
properties: {}
# Define properties for the success response if needed

58
x-pack/plugins/osquery/common/api/live_query/live_queries.schema.yaml Normal file
View file

@ -0,0 +1,58 @@
openapi: 3.0.0
info:
title: Live Queries Schema
version: '2023-10-31'
paths:
/api/osquery/live_queries:
get:
summary: Find live queries
parameters:
- $ref: './find_live_query.schema.yaml#/components/parameters/FindLiveQueryRequestQueryParameter'
responses:
'200':
description: OK
content:
application/json:
schema:
$ref: './find_live_query.schema.yaml#/components/schemas/SuccessResponse'
post:
summary: Create a live query
requestBody:
required: true
content:
application/json:
schema:
$ref: './create_live_query.schema.yaml#/components/schemas/CreateLiveQueryRequestBody'
responses:
'200':
description: OK
content:
application/json:
schema:
$ref: './create_live_query.schema.yaml#/components/schemas/SuccessResponse'
/api/osquery/live_queries/{id}:
get:
summary: Get live query details
parameters:
- $ref: './get_live_query_details.schema.yaml#/components/parameters/GetLiveQueryDetailsRequestQueryParameter'
- $ref: './get_live_query_details.schema.yaml#/components/parameters/GetLiveQueryDetailsRequestParameter'
responses:
'200':
description: OK
content:
application/json:
schema:
$ref: './get_live_query_details.schema.yaml#/components/schemas/SuccessResponse'
/api/osquery/live_queries/{id}/results/{actionId}:
get:
summary: Get live query results
parameters:
- $ref: './get_live_query_results.schema.yaml#/components/parameters/GetLiveQueryRequestResultsQueryParameter'
- $ref: './get_live_query_results.schema.yaml#/components/parameters/GetLiveQueryRequestResultsParameter'
responses:
'200':
description: OK
content:
application/json:
schema:
$ref: './get_live_query_results.schema.yaml#/components/schemas/SuccessResponse'

251
x-pack/plugins/osquery/common/api/model/schema/common_attributes.schema.yaml Normal file
View file

@ -0,0 +1,251 @@
openapi: 3.0.0
info:
title: Common Osquery Attributes
version: '2023-10-31
paths: { }
components:
schemas:
Id:
type: string
IdOrUndefined:
$ref: '#/components/schemas/Id'
nullable: true
AgentSelection:
type: object
properties:
agents:
type: array
items:
type: string
allAgentsSelected:
type: boolean
platformsSelected:
type: array
items:
type: string
policiesSelected:
type: array
items:
type: string
AgentSelectionOrUndefined:
$ref: '#/components/schemas/AgentSelection'
nullable: true
Description:
type: string
DescriptionOrUndefined:
$ref: '#/components/schemas/Description'
nullable: true
Platform:
type: string
PlatformOrUndefined:
$ref: '#/components/schemas/Platform'
nullable: true
Query:
type: string
QueryOrUndefined:
$ref: '#/components/schemas/Query'
nullable: true
Version:
type: string
VersionOrUndefined:
$ref: '#/components/schemas/Version'
nullable: true
Interval:
type: string
IntervalOrUndefined:
$ref: '#/components/schemas/Interval'
nullable: true
Snapshot:
type: boolean
SnapshotOrUndefined:
$ref: '#/components/schemas/Snapshot'
nullable: true
Removed:
type: boolean
RemovedOrUndefined:
$ref: '#/components/schemas/Removed'
nullable: true
PackName:
type: string
SavedQueryId:
type: string
SavedQueryIdOrUndefined:
$ref: '#/components/schemas/SavedQueryId'
nullable: true
PackId:
type: string
PackIdOrUndefined:
$ref: '#/components/schemas/PackId'
nullable: true
Enabled:
type: boolean
EnabledOrUndefined:
$ref: '#/components/schemas/Enabled'
nullable: true
PolicyIds:
type: array
items:
type: string
PolicyIdsOrUndefined:
$ref: '#/components/schemas/PolicyIds'
nullable: true
ExecutionContext:
type: object
properties:
name:
type: string
nullable: true
url:
type: string
nullable: true
ExecutionContextOrUndefined:
$ref: '#/components/schemas/ExecutionContext'
nullable: true
ECSMappingItem:
type: object
properties:
field:
type: string
value:
oneOf:
- type: string
- type: array
items:
type: string
ECSMapping:
type: object
additionalProperties:
$ref: '#/components/schemas/ECSMappingItem'
ECSMappingOrUndefined:
$ref: '#/components/schemas/ECSMapping'
nullable: true
StringArrayOrUndefined:
type: array
items:
type: string
nullable: true
ArrayQueriesItem:
type: object
properties:
id:
$ref: '#/components/schemas/Id'
query:
$ref: '#/components/schemas/Query'
ecs_mapping:
$ref: '#/components/schemas/ECSMappingOrUndefined'
version:
$ref: '#/components/schemas/VersionOrUndefined'
platform:
$ref: '#/components/schemas/PlatformOrUndefined'
removed:
$ref: '#/components/schemas/RemovedOrUndefined'
snapshot:
$ref: '#/components/schemas/SnapshotOrUndefined'
ArrayQueries:
type: array
items:
$ref: '#/components/schemas/ArrayQueriesItem'
ObjectQueriesItem:
type: object
properties:
query:
$ref: '#/components/schemas/Query'
id:
$ref: '#/components/schemas/Id'
ecs_mapping:
$ref: '#/components/schemas/ECSMappingOrUndefined'
version:
$ref: '#/components/schemas/VersionOrUndefined'
platform:
$ref: '#/components/schemas/PlatformOrUndefined'
saved_query_id:
$ref: '#/components/schemas/SavedQueryIdOrUndefined'
removed:
$ref: '#/components/schemas/RemovedOrUndefined'
snapshot:
$ref: '#/components/schemas/SnapshotOrUndefined'
ObjectQueries:
type: object
additionalProperties:
$ref: '#/components/schemas/ObjectQueriesItem'
Queries:
oneOf:
- $ref: '#/components/schemas/ArrayQueries'
- $ref: '#/components/schemas/ObjectQueries'
QueriesOrUndefined:
$ref: '#/components/schemas/Queries'
nullable: true
KueryOrUndefined:
type: string
nullable: true
PageOrUndefined:
type: integer
nullable: true
PageSizeOrUndefined:
type: integer
nullable: true
SortOrUndefined:
type: string
nullable: true
SortOrderOrUndefined:
oneOf:
- type: string
nullable: true
- enum: [ asc, desc ]
Shards:
type: object
additionalProperties:
type: number

26
x-pack/plugins/osquery/common/api/packs/create_pack.schema.yaml Normal file
View file

@ -0,0 +1,26 @@
openapi: 3.0.0
info:
title: Create Pack Schema
version: '2023-10-31
paths: { }
components:
schemas:
CreatePacksRequestBody:
type: object
properties:
name:
$ref: '../model/schema/common_attributes.schema.yaml#/components/schemas/PackName'
description:
$ref: '../model/schema/common_attributes.schema.yaml#/components/schemas/DescriptionOrUndefined'
enabled:
$ref: '../model/schema/common_attributes.schema.yaml#/components/schemas/EnabledOrUndefined'
policy_ids:
$ref: '../model/schema/common_attributes.schema.yaml#/components/schemas/PolicyIdsOrUndefined'
shards:
$ref: '../model/schema/common_attributes.schema.yaml#/components/schemas/Shards'
queries:
$ref: '../model/schema/common_attributes.schema.yaml#/components/schemas/ObjectQueries'
SuccessResponse:
type: object
properties: {}
# Define properties for the success response if needed

23
x-pack/plugins/osquery/common/api/packs/delete_packs.schema.yaml Normal file
View file

@ -0,0 +1,23 @@
openapi: 3.0.0
info:
title: Delete Saved Queries Schema
version: '2023-10-31
paths: { }
components:
parameters:
DeletePacksRequestQueryParameter:
name: query
in: path
required: true
schema:
$ref: '#/components/schemas/DeletePacksRequestQuery'
schemas:
DeletePacksRequestQuery:
type: object
properties:
id:
$ref: '../model/schema/common_attributes.schema.yaml#/components/schemas/PackId'
SuccessResponse:
type: object
properties: {}
# Define properties for the success response if needed

29
x-pack/plugins/osquery/common/api/packs/find_packs.schema.yaml Normal file
View file

@ -0,0 +1,29 @@
openapi: 3.0.0
info:
title: Find Saved Queries Schema
version: '2023-10-31
paths: { }
components:
parameters:
FindPacksRequestQueryParameter:
name: query
in: query
required: true
schema:
$ref: '#/components/schemas/FindPacksRequestQuery'
schemas:
FindPacksRequestQuery:
type: object
properties:
page:
$ref: '../model/schema/common_attributes.schema.yaml#/components/schemas/PageOrUndefined'
pageSize:
$ref: '../model/schema/common_attributes.schema.yaml#/components/schemas/PageSizeOrUndefined'
sort:
$ref: '../model/schema/common_attributes.schema.yaml#/components/schemas/SortOrUndefined'
sortOrder:
$ref: '../model/schema/common_attributes.schema.yaml#/components/schemas/SortOrderOrUndefined'
SuccessResponse:
type: object
properties: {}
# Define properties for the success response if needed

67
x-pack/plugins/osquery/common/api/packs/packs.schema.yaml Normal file
View file

@ -0,0 +1,67 @@
openapi: 3.0.0
info:
title: Packs Schema
version: '2023-10-31
paths:
/api/osquery/packs:
get:
summary: Find packs
parameters:
- $ref: './find_packs.schema.yaml#/components/parameters/FindPacksRequestQueryParameter'
responses:
'200':
description: OK
content:
application/json:
schema:
$ref: './find_packs.schema.yaml#/components/schemas/SuccessResponse'
post:
summary: Create a packs
requestBody:
required: true
content:
application/json:
schema:
$ref: './create_pack.schema.yaml#/components/schemas/CreatePacksRequestBody'
responses:
'200':
description: OK
content:
application/json:
schema:
$ref: './create_pack.schema.yaml#/components/schemas/SuccessResponse'
/api/osquery/packs/{id}:
get:
summary: Get packs details
parameters:
- $ref: './read_packs.schema.yaml#/components/parameters/ReadPacksRequestQueryParameter'
responses:
'200':
description: OK
content:
application/json:
schema:
$ref: './read_packs.schema.yaml#/components/schemas/SuccessResponse'
delete:
summary: Delete packs
parameters:
- $ref: './delete_packs.schema.yaml#/components/parameters/DeletePacksRequestQueryParameter'
responses:
'200':
description: OK
content:
application/json:
schema:
$ref: './find_packs.schema.yaml#/components/schemas/SuccessResponse'
put:
summary: Update packs
parameters:
- $ref: './update_packs.schema.yaml#/components/parameters/UpdatePacksRequestQueryBody'
- $ref: './update_packs.schema.yaml#/components/parameters/UpdatePacksRequestQueryParameter'
responses:
'200':
description: OK
content:
application/json:
schema:
$ref: './update_packs.schema.yaml#/components/schemas/SuccessResponse'

23
x-pack/plugins/osquery/common/api/packs/read_packs.schema.yaml Normal file
View file

@ -0,0 +1,23 @@
openapi: 3.0.0
info:
title: Read Saved Queries Schema
version: '2023-10-31
paths: { }
components:
parameters:
ReadPacksRequestQueryParameter:
name: query
in: path
required: true
schema:
$ref: '#/components/schemas/ReadPacksRequestQuery'
schemas:
ReadPacksRequestQuery:
type: object
properties:
id:
$ref: '../model/schema/common_attributes.schema.yaml#/components/schemas/PackId'
SuccessResponse:
type: object
properties: {}
# Define properties for the success response if needed

44
x-pack/plugins/osquery/common/api/packs/update_packs.schema.yaml Normal file
View file

@ -0,0 +1,44 @@
openapi: 3.0.0
info:
title: Update Saved Query Schema
version: '2023-10-31
paths: { }
components:
parameters:
UpdatePacksRequestQueryParameter:
name: query
in: path
required: true
schema:
$ref: '#/components/schemas/UpdatePacksRequestParams'
UpdatePacksRequestQueryBody:
name: query
in: path
required: true
schema:
$ref: '#/components/schemas/UpdatePacksRequestBody'
schemas:
UpdatePacksRequestParams:
type: object
properties:
id:
$ref: '../model/schema/common_attributes.schema.yaml#/components/schemas/PackId'
UpdatePacksRequestBody:
type: object
properties:
id:
$ref: '../model/schema/common_attributes.schema.yaml#/components/schemas/PackId'
description:
$ref: '../model/schema/common_attributes.schema.yaml#/components/schemas/DescriptionOrUndefined'
enabled:
$ref: '../model/schema/common_attributes.schema.yaml#/components/schemas/EnabledOrUndefined'
policy_ids:
$ref: '../model/schema/common_attributes.schema.yaml#/components/schemas/PolicyIdsOrUndefined'
shards:
$ref: '../model/schema/common_attributes.schema.yaml#/components/schemas/Shards'
queries:
$ref: '../model/schema/common_attributes.schema.yaml#/components/schemas/ObjectQueries'
SuccessResponse:
type: object
properties: {}
# Define properties for the success response if needed

32
x-pack/plugins/osquery/common/api/saved_query/create_saved_query.schema.yaml Normal file
View file

@ -0,0 +1,32 @@
openapi: 3.0.0
info:
title: Create Saved Query Schema
version: '2023-10-31
paths: { }
components:
schemas:
CreateSavedQueryRequestBody:
type: object
properties:
id:
$ref: '../model/schema/common_attributes.schema.yaml#/components/schemas/SavedQueryId'
description:
$ref: '../model/schema/common_attributes.schema.yaml#/components/schemas/DescriptionOrUndefined'
query:
$ref: '../model/schema/common_attributes.schema.yaml#/components/schemas/QueryOrUndefined'
ecs_mapping:
$ref: '../model/schema/common_attributes.schema.yaml#/components/schemas/ECSMappingOrUndefined'
version:
$ref: '../model/schema/common_attributes.schema.yaml#/components/schemas/VersionOrUndefined'
platform:
$ref: '../model/schema/common_attributes.schema.yaml#/components/schemas/DescriptionOrUndefined'
interval:
$ref: '../model/schema/common_attributes.schema.yaml#/components/schemas/Interval'
snapshot:
$ref: '../model/schema/common_attributes.schema.yaml#/components/schemas/SnapshotOrUndefined'
removed:
$ref: '../model/schema/common_attributes.schema.yaml#/components/schemas/RemovedOrUndefined'
SuccessResponse:
type: object
properties: {}
# Define properties for the success response if needed

23
x-pack/plugins/osquery/common/api/saved_query/delete_saved_query.schema.yaml Normal file
View file

@ -0,0 +1,23 @@
openapi: 3.0.0
info:
title: Delete Saved Queries Schema
version: '2023-10-31
paths: { }
components:
parameters:
DeleteSavedQueryRequestQueryParameter:
name: query
in: path
required: true
schema:
$ref: '#/components/schemas/DeleteSavedQueryRequestQuery'
schemas:
DeleteSavedQueryRequestQuery:
type: object
properties:
id:
$ref: '../model/schema/common_attributes.schema.yaml#/components/schemas/SavedQueryId'
SuccessResponse:
type: object
properties: {}
# Define properties for the success response if needed

29
x-pack/plugins/osquery/common/api/saved_query/find_saved_query.schema.yaml Normal file
View file

@ -0,0 +1,29 @@
openapi: 3.0.0
info:
title: Find Saved Queries Schema
version: '2023-10-31
paths: { }
components:
parameters:
FindSavedQueryRequestQueryParameter:
name: query
in: query
required: true
schema:
$ref: '#/components/schemas/FindSavedQueryRequestQuery'
schemas:
FindSavedQueryRequestQuery:
type: object
properties:
page:
$ref: '../model/schema/common_attributes.schema.yaml#/components/schemas/PageOrUndefined'
pageSize:
$ref: '../model/schema/common_attributes.schema.yaml#/components/schemas/PageSizeOrUndefined'
sort:
$ref: '../model/schema/common_attributes.schema.yaml#/components/schemas/SortOrUndefined'
sortOrder:
$ref: '../model/schema/common_attributes.schema.yaml#/components/schemas/SortOrderOrUndefined'
SuccessResponse:
type: object
properties: {}
# Define properties for the success response if needed

23
x-pack/plugins/osquery/common/api/saved_query/read_saved_query.schema.yaml Normal file
View file

@ -0,0 +1,23 @@
openapi: 3.0.0
info:
title: Read Saved Queries Schema
version: '2023-10-31
paths: { }
components:
parameters:
ReadSavedQueryRequestQueryParameter:
name: query
in: path
required: true
schema:
$ref: '#/components/schemas/ReadSavedQueryRequestQuery'
schemas:
ReadSavedQueryRequestQuery:
type: object
properties:
id:
$ref: '../model/schema/common_attributes.schema.yaml#/components/schemas/SavedQueryId'
SuccessResponse:
type: object
properties: {}
# Define properties for the success response if needed

67
x-pack/plugins/osquery/common/api/saved_query/saved_query.schema.yaml Normal file
View file

@ -0,0 +1,67 @@
openapi: 3.0.0
info:
title: Saved Queries Schema
version: '2023-10-31
paths:
/api/osquery/saved_queries:
get:
summary: Find saved queries
parameters:
- $ref: './find_saved_query.schema.yaml#/components/parameters/FindSavedQueryRequestQueryParameter'
responses:
'200':
description: OK
content:
application/json:
schema:
$ref: './find_saved_query.schema.yaml#/components/schemas/SuccessResponse'
post:
summary: Create a saved query
requestBody:
required: true
content:
application/json:
schema:
$ref: './create_saved_query.schema.yaml#/components/schemas/CreateSavedQueryRequestBody'
responses:
'200':
description: OK
content:
application/json:
schema:
$ref: './create_saved_query.schema.yaml#/components/schemas/SuccessResponse'
/api/osquery/saved_queries/{id}:
get:
summary: Get saved query details
parameters:
- $ref: './read_saved_query.schema.yaml#/components/parameters/ReadSavedQueryRequestQueryParameter'
responses:
'200':
description: OK
content:
application/json:
schema:
$ref: './read_saved_query.schema.yaml#/components/schemas/SuccessResponse'
delete:
summary: Delete saved query
parameters:
- $ref: './delete_saved_query.schema.yaml#/components/parameters/DeleteSavedQueryRequestQueryParameter'
responses:
'200':
description: OK
content:
application/json:
schema:
$ref: './find_saved_query.schema.yaml#/components/schemas/SuccessResponse'
put:
summary: Update saved query
parameters:
- $ref: './update_saved_query.schema.yaml#/components/parameters/UpdateSavedQueryRequestQueryBody'
- $ref: './update_saved_query.schema.yaml#/components/parameters/UpdateSavedQueryRequestQueryParameter'
responses:
'200':
description: OK
content:
application/json:
schema:
$ref: './update_saved_query.schema.yaml#/components/schemas/SuccessResponse'

50
x-pack/plugins/osquery/common/api/saved_query/update_saved_query.schema.yaml Normal file
View file

@ -0,0 +1,50 @@
openapi: 3.0.0
info:
title: Update Saved Query Schema
version: '2023-10-31
paths: { }
components:
parameters:
UpdateSavedQueryRequestQueryParameter:
name: query
in: path
required: true
schema:
$ref: '#/components/schemas/UpdateSavedQueryRequestParams'
UpdateSavedQueryRequestQueryBody:
name: query
in: path
required: true
schema:
$ref: '#/components/schemas/UpdateSavedQueryRequestBody'
schemas:
UpdateSavedQueryRequestParams:
type: object
properties:
id:
$ref: '../model/schema/common_attributes.schema.yaml#/components/schemas/SavedQueryId'
UpdateSavedQueryRequestBody:
type: object
properties:
id:
$ref: '../model/schema/common_attributes.schema.yaml#/components/schemas/SavedQueryId'
description:
$ref: '../model/schema/common_attributes.schema.yaml#/components/schemas/DescriptionOrUndefined'
query:
$ref: '../model/schema/common_attributes.schema.yaml#/components/schemas/QueryOrUndefined'
ecs_mapping:
$ref: '../model/schema/common_attributes.schema.yaml#/components/schemas/ECSMappingOrUndefined'
version:
$ref: '../model/schema/common_attributes.schema.yaml#/components/schemas/VersionOrUndefined'
platform:
$ref: '../model/schema/common_attributes.schema.yaml#/components/schemas/DescriptionOrUndefined'
interval:
$ref: '../model/schema/common_attributes.schema.yaml#/components/schemas/IntervalOrUndefined'
snapshot:
$ref: '../model/schema/common_attributes.schema.yaml#/components/schemas/SnapshotOrUndefined'
removed:
$ref: '../model/schema/common_attributes.schema.yaml#/components/schemas/RemovedOrUndefined'
SuccessResponse:
type: object
properties: {}
# Define properties for the success response if needed

16
x-pack/plugins/osquery/common/api/status/privileges_check.schema.yaml Normal file
View file

@ -0,0 +1,16 @@
openapi: 3.0.0
info:
title: Osquery privileges Schema
version: '1'
paths:
/internal/osquery/privileges_check:
get:
summary: Get Osquery privileges check
responses:
'200':
description: OK
content:
application/json:
schema:
type: object
properties: { }

16
x-pack/plugins/osquery/common/api/status/status.schema.yaml Normal file
View file

@ -0,0 +1,16 @@
openapi: 3.0.0
info:
title: Osquery Status Schema
version: '1'
paths:
/internal/osquery/status:
get:
summary: Get Osquery installation status
responses:
'200':
description: OK
content:
application/json:
schema:
type: object
properties: { }

2
x-pack/plugins/osquery/server/routes/live_query/find_live_query_route.ts
View file

@ -29,7 +29,7 @@ export const findLiveQueryRoute = (router: IRouter<DataRequestHandlerContext>) =
.get({
access: 'public',
path: '/api/osquery/live_queries',
options: { tags: [`access:${PLUGIN_ID}-read`] },
options: { tags: ['api', `access:${PLUGIN_ID}-read`] },
})
.addVersion(
{