Body Required
-
agent_all boolean
-
agent_ids array[string]
-
agent_platforms array[string]
-
agent_policy_ids array[string]
-
alert_ids array[string]
-
case_ids array[string]
-
ecs_mapping object | null
-
event_ids array[string]
-
metadata object | null
Additional properties are allowed.
-
pack_id string | null
-
queries array[object]
-
query string
-
saved_query_id string | null
POST
/api/osquery/live_queries
curl \
--request POST https://localhost:5601/api/osquery/live_queries \
--header "Content-Type: application/json" \
--data '{"agent_all":true,"agent_ids":["string"],"agent_platforms":["string"],"agent_policy_ids":["string"],"alert_ids":["string"],"case_ids":["string"],"ecs_mapping":{"additionalProperty1":{"field":"string","value":"string"},"additionalProperty2":{"field":"string","value":"string"}},"event_ids":["string"],"metadata":{},"pack_id":"string","queries":[{"ecs_mapping":{"additionalProperty1":{"field":"string","value":"string"},"additionalProperty2":{"field":"string","value":"string"}},"id":"string","platform":"string","query":"string","removed":true,"snapshot":true,"version":"string"}],"query":"string","saved_query_id":"string"}'
Request examples
{
"agent_all": true,
"agent_ids": [
"string"
],
"agent_platforms": [
"string"
],
"agent_policy_ids": [
"string"
],
"alert_ids": [
"string"
],
"case_ids": [
"string"
],
"ecs_mapping": {
"additionalProperty1": {
"field": "string",
"value": "string"
},
"additionalProperty2": {
"field": "string",
"value": "string"
}
},
"event_ids": [
"string"
],
"metadata": {},
"pack_id": "string",
"queries": [
{
"ecs_mapping": {
"additionalProperty1": {
"field": "string",
"value": "string"
},
"additionalProperty2": {
"field": "string",
"value": "string"
}
},
"id": "string",
"platform": "string",
"query": "string",
"removed": true,
"snapshot": true,
"version": "string"
}
],
"query": "string",
"saved_query_id": "string"
}
Response examples (200)
{}