Osquery doc fixes (#135848)

* add fim link * resolve doc issues
2025-06-28 03:01:21 -04:00 · 2022-07-06 16:42:21 -05:00 · 2022-07-06 16:42:21 -05:00 · 6f3c03abab
commit 6f3c03abab
parent a3b2757e4e
2 changed files with 4 additions and 4 deletions
--- a/docs/osquery/osquery-faq.asciidoc
+++ b/docs/osquery/osquery-faq.asciidoc
@ -57,7 +57,7 @@ https://osquery.readthedocs.io/en/stable/deployment/extensions/[Osquery extensio
 Yes, you can set up 
 https://osquery.readthedocs.io/en/stable/deployment/file-integrity-monitoring/[Osquery FIM] using 
 the Advanced configuration option for Osquery Manager (see <<osquery-custom-config>>).
-However, Elastic also provides a File Integrity Monitoring integration for Elastic Agent, which might prove
+However, Elastic also provides a https://docs.elastic.co/en/integrations/fim[File Integrity Monitoring] integration for Elastic Agent, which might prove
 to be easier to configure than the current options available for Osquery Manager.
 [float]
--- a/docs/osquery/osquery.asciidoc
+++ b/docs/osquery/osquery.asciidoc
@ -134,13 +134,13 @@ Once you save a query, you can only edit it from the *Saved queries* tab:
 . Go to *Saved queries*, and then click **Add saved query** or the edit icon.
 . Provide the following fields:
-* The unique identifier.
+* The unique identifier (required).
 * A brief description.
-* The SQL query.
+* The SQL query (required). Osquery supports multi-line queries.
-* The <<osquery-map-fields,ECS fields>> to populate when the query is run. These fields are also copied in when you add this query to a pack.
+* The <<osquery-map-fields,ECS fields>> to populate when the query is run (optional). These fields are also copied in when you add this query to a pack.
 * The defaults to set when you add the query to a pack.