mirror of
https://github.com/elastic/kibana.git
synced 2025-04-23 17:28:26 -04:00
Osquery pack attribution (#131462)
* add new reference page for prebuilt packs * add link to new prebuilt pack ref page * convert list to table * add table close * Apply suggestions from code review Co-authored-by: gchaps <33642766+gchaps@users.noreply.github.com> Co-authored-by: gchaps <33642766+gchaps@users.noreply.github.com>
This commit is contained in:
Melissa Burpo
GitHub
parent
860261c864
commit
fb453aca45
2 changed files with 67 additions and 0 deletions
|
|
@ -127,6 +127,8 @@ The Osquery Manager integration includes a set of prebuilt Osquery packs that yo
|
|||
|
||||
You can modify the scheduled agent policies for a prebuilt pack, but you cannot edit queries in the pack. To edit the queries, you must first create a copy of the pack.
|
||||
|
||||
For information about the prebuilt packs that are available, refer to <<prebuilt-packs>>.
|
||||
|
||||
[float]
|
||||
[[load-prebuilt-packs]]
|
||||
=== Load and activate prebuilt Elastic packs
|
||||
|
|
@ -310,3 +312,5 @@ https://osquery.readthedocs.io/en/stable/deployment/logging/#differential-logs[d
|
|||
include::manage-integration.asciidoc[]
|
||||
|
||||
include::exported-fields-reference.asciidoc[]
|
||||
|
||||
include::prebuilt-packs.asciidoc[]
|
||||
|
|
|
|||
63
docs/osquery/prebuilt-packs.asciidoc
Normal file
63
docs/osquery/prebuilt-packs.asciidoc
Normal file
|
|
@ -0,0 +1,63 @@
|
|||
[[prebuilt-packs]]
|
||||
== Prebuilt packs reference
|
||||
|
||||
This section lists all prebuilt packs available for Osquery Manager.
|
||||
Each pack is also available as a saved object, with the name `Pack: <pack-name>`.
|
||||
|
||||
For more information, refer to <<osquery-prebuilt-packs>>.
|
||||
|
||||
|
||||
|===
|
||||
|Name |Description |Source |Added
|
||||
|
||||
|`hardware-monitoring`
|
||||
|Monitor for hardware changes.
|
||||
|https://github.com/osquery/osquery/tree/master/packs[Osquery]
|
||||
|8.2
|
||||
|
||||
|`incident-response`
|
||||
|Detect and respond to breaches.
|
||||
|https://github.com/osquery/osquery/tree/master/packs[Osquery]
|
||||
|8.2
|
||||
|
||||
|`it-compliance`
|
||||
a|Identify outdated and vulnerable software.
|
||||
|
||||
Dashboard: `[Osquery Manager] Compliance pack`
|
||||
|
||||
|https://github.com/osquery/osquery/tree/master/packs[Osquery]
|
||||
|8.2
|
||||
|
||||
|`osquery-monitoring`
|
||||
|Monitor Osquery info and performance.
|
||||
|https://github.com/osquery/osquery/tree/master/packs[Osquery]
|
||||
|8.2
|
||||
|
||||
|`ossec-rootkit`
|
||||
a|Run rootkit detection queries to monitor for compromise.
|
||||
|
||||
Dashboard: `[Osquery Manager] OSSEC rootkit pack`
|
||||
|
||||
|https://github.com/osquery/osquery/tree/master/packs[Osquery]
|
||||
|8.2
|
||||
|
||||
|`osx-attacks`
|
||||
|Identify compromised macOS systems.
|
||||
|https://github.com/osquery/osquery/tree/master/packs[Osquery]
|
||||
|8.2
|
||||
|
||||
|`unwanted-chrome-extensions`
|
||||
|Monitor for malicious Chrome extensions.
|
||||
|https://github.com/osquery/osquery/tree/master/packs[Osquery]
|
||||
|8.2
|
||||
|
||||
|`vuln-management`
|
||||
|Identify system vulnerabilities.
|
||||
|https://github.com/osquery/osquery/tree/master/packs[Osquery]
|
||||
|8.2
|
||||
|
||||
|`windows-attacks`
|
||||
|Monitor for evidence of Windows attacks.
|
||||
|https://github.com/osquery/osquery/tree/master/packs[Osquery]
|
||||
|8.2
|
||||
|===
|
||||
Loading…
Add table
Add a link
Reference in a new issue