mirror of
https://github.com/elastic/kibana.git
synced 2025-04-23 17:28:26 -04:00
* add fim link
* resolve doc issues
(cherry picked from commit 6f3c03abab)
Co-authored-by: Melissa Burpo <melissa.burpo@elastic.co>
This commit is contained in:
Kibana Machine
GitHub
parent
1c10a8aff4
commit
5e2323ecf2
2 changed files with 4 additions and 4 deletions
|
|
@ -57,7 +57,7 @@ https://osquery.readthedocs.io/en/stable/deployment/extensions/[Osquery extensio
|
|||
Yes, you can set up
|
||||
https://osquery.readthedocs.io/en/stable/deployment/file-integrity-monitoring/[Osquery FIM] using
|
||||
the Advanced configuration option for Osquery Manager (see <<osquery-custom-config>>).
|
||||
However, Elastic also provides a File Integrity Monitoring integration for Elastic Agent, which might prove
|
||||
However, Elastic also provides a https://docs.elastic.co/en/integrations/fim[File Integrity Monitoring] integration for Elastic Agent, which might prove
|
||||
to be easier to configure than the current options available for Osquery Manager.
|
||||
|
||||
[float]
|
||||
|
|
|
|||
|
|
@ -134,13 +134,13 @@ Once you save a query, you can only edit it from the *Saved queries* tab:
|
|||
. Go to *Saved queries*, and then click **Add saved query** or the edit icon.
|
||||
. Provide the following fields:
|
||||
|
||||
* The unique identifier.
|
||||
* The unique identifier (required).
|
||||
|
||||
* A brief description.
|
||||
|
||||
* The SQL query.
|
||||
* The SQL query (required). Osquery supports multi-line queries.
|
||||
|
||||
* The <<osquery-map-fields,ECS fields>> to populate when the query is run. These fields are also copied in when you add this query to a pack.
|
||||
* The <<osquery-map-fields,ECS fields>> to populate when the query is run (optional). These fields are also copied in when you add this query to a pack.
|
||||
|
||||
* The defaults to set when you add the query to a pack.
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue