IMPORTANT: No additional bug fixes or documentation updates
will be released for this version. For the latest information, see the
current release documentation.
Osquery manager API
editOsquery manager API
edit[preview] This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features. Run live queries, manage packs and saved queries
Use the osquery manager APIs for managing packs and saved queries instead of lower-level saved objects API.
The following osquery manager APIs are available:
-
Live queries
- Get all live queries API to retrieve a list of live queries
- Get live query API to retrieve a single live query
- Create live query API to create a live query
- Get live query results API to retrieve the results of a single live query
-
Packs
- Get all packs API to retrieve a list of packs
- Get pack API to retrieve a pack
- Create pack API to create a pack
- Update pack API to partially update an existing pack
- Delete pack API to delete a pack
-
Saved queries
- Get all saved queries API to retrieve a list of saved queries
- Get saved query API to retrieve a saved query
- Create saved query API to create a saved query
- Update saved query API to partially update an existing saved query
- Delete saved query API to delete a saved query