Skip to content

Commit

Permalink
Osquery pack attribution (elastic#131462)
Browse files Browse the repository at this point in the history 
* add new reference page for prebuilt packs

* add link to new prebuilt pack ref page

* convert list to table

* add table close

* Apply suggestions from code review

Co-authored-by: gchaps <[email protected]>

Co-authored-by: gchaps <[email protected]>
  • Loading branch information
@melissaburpo @gchaps @kertal
2 people authored and kertal committed May 24, 2022
1 parent 4579796 commit ba5015f
Show file tree
Hide file tree
Showing 2 changed files with 67 additions and 0 deletions.
4 changes: 4 additions & 0 deletions docs/osquery/osquery.asciidoc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -127,6 +127,8 @@ The Osquery Manager integration includes a set of prebuilt Osquery packs that yo

You can modify the scheduled agent policies for a prebuilt pack, but you cannot edit queries in the pack. To edit the queries, you must first create a copy of the pack.

For information about the prebuilt packs that are available, refer to <<prebuilt-packs>>.

[float]
[[load-prebuilt-packs]]
=== Load and activate prebuilt Elastic packs
Expand Down Expand Up @@ -310,3 +312,5 @@ https://osquery.readthedocs.io/en/stable/deployment/logging/#differential-logs[d
include::manage-integration.asciidoc[]

include::exported-fields-reference.asciidoc[]

include::prebuilt-packs.asciidoc[]
63 changes: 63 additions & 0 deletions docs/osquery/prebuilt-packs.asciidoc
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,63 @@
[[prebuilt-packs]]
== Prebuilt packs reference

This section lists all prebuilt packs available for Osquery Manager.
Each pack is also available as a saved object, with the name `Pack: <pack-name>`.

For more information, refer to <<osquery-prebuilt-packs>>.


|===
|Name |Description |Source |Added

|`hardware-monitoring`
|Monitor for hardware changes.
|https://github.com/osquery/osquery/tree/master/packs[Osquery]
|8.2

|`incident-response`
|Detect and respond to breaches.
|https://github.com/osquery/osquery/tree/master/packs[Osquery]
|8.2

|`it-compliance`
a|Identify outdated and vulnerable software.

Dashboard: `[Osquery Manager] Compliance pack`

|https://github.com/osquery/osquery/tree/master/packs[Osquery]
|8.2

|`osquery-monitoring`
|Monitor Osquery info and performance.
|https://github.com/osquery/osquery/tree/master/packs[Osquery]
|8.2

|`ossec-rootkit`
a|Run rootkit detection queries to monitor for compromise.

Dashboard: `[Osquery Manager] OSSEC rootkit pack`

|https://github.com/osquery/osquery/tree/master/packs[Osquery]
|8.2

|`osx-attacks`
|Identify compromised macOS systems.
|https://github.com/osquery/osquery/tree/master/packs[Osquery]
|8.2

|`unwanted-chrome-extensions`
|Monitor for malicious Chrome extensions.
|https://github.com/osquery/osquery/tree/master/packs[Osquery]
|8.2

|`vuln-management`
|Identify system vulnerabilities.
|https://github.com/osquery/osquery/tree/master/packs[Osquery]
|8.2

|`windows-attacks`
|Monitor for evidence of Windows attacks.
|https://github.com/osquery/osquery/tree/master/packs[Osquery]
|8.2
|===

0 comments on commit ba5015f

Please sign in to comment.