Skip to content

osquery_manager 1.26.0: osquery 5.22.1, Kibana ^9.4.0, osquery-gen beats tag/branch#18305

Merged
marc-gr merged 2 commits intoelastic:mainfrom
marc-gr:feat/upgrade-osquery
Apr 9, 2026
Merged

osquery_manager 1.26.0: osquery 5.22.1, Kibana ^9.4.0, osquery-gen beats tag/branch#18305
marc-gr merged 2 commits intoelastic:mainfrom
marc-gr:feat/upgrade-osquery

Conversation

@marc-gr
Copy link
Copy Markdown
Contributor

@marc-gr marc-gr commented Apr 9, 2026

Proposed commit message

osquery_manager 1.26.0: upgrade osquery schema to 5.22.1, Kibana ^9.4.0, osquery-gen beats ref options

  • WHAT: Bumped the integration to 1.26.0, regenerated osquery.yml / osquery.json and metadata.json from osquery-gen for osquery 5.22.1, and raised the Kibana condition to ^9.4.0. Extended osquery-gen config.yml so beats can be pinned with optional tag or branch (precedence: tag > branch > semver version), with the same GitHub API probe used before to ensure extension specs exist at that ref. Documented behavior in the generator README and config comments.
  • WHY: Ship current osquery table metadata for the package and align Kibana with the stack line in use. Explicit tag/branch support makes it easier to regenerate against a release tag or a beats branch without relying only on semver tag resolution.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.
  • I have verified that any added dashboard complies with Kibana's Dashboard good practices (no dashboard changes in this PR).

Author's Checklist

  • [ ]

How to test this PR locally

From the repo root (or the generator directory):

cd packages/osquery_manager/_dev/scripts/osquery-gen
go run . -config ./config.yml -skip-package-check

With elastic-package on PATH, omit -skip-package-check to run the package check. Confirm packages/osquery_manager/schemas/metadata.json reflects the expected osquery_version and that optional beats.tag / beats.branch in config.yml resolve when set.

Related issues

Screenshots

@marc-gr marc-gr requested a review from a team as a code owner April 9, 2026 09:09
@marc-gr marc-gr requested review from paul-tavares and tomsonpl April 9, 2026 09:09
@marc-gr
osquery_manager 1.26.0: osquery 5.22.1, Kibana ^9.4.0, osquery-gen be…
f522455 
…ats tag/branch

- Regenerate schemas and fields for osquery 5.22.1; bump package and Kibana constraint.
- Add optional beats.tag and beats.branch in osquery-gen (tag > branch > version).
@marc-gr marc-gr force-pushed the feat/upgrade-osquery branch from 19e63bc to f522455 Compare April 9, 2026 09:10
@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Apr 9, 2026
edited
Loading

Vale Linting Results

Summary: 1 warning found

⚠️ Warnings (1)
File Line Rule Message
packages/osquery_manager/_dev/scripts/osquery-gen/README.md 7 Elastic.Latinisms Latin terms and abbreviations are a common source of confusion. Use 'for example' instead of 'e.g'.

The Vale linter checks documentation changes against the Elastic Docs style guide.

To use Vale locally or report issues, refer to Elastic style guide for Vale.

@marc-gr marc-gr added enhancement New feature or request Integration:osquery_manager Osquery Manager Team:Security-Windows Platform Security Windows Platform team [elastic/sec-windows-platform] labels Apr 9, 2026
@elasticmachine
Copy link
Copy Markdown

elasticmachine commented Apr 9, 2026

Pinging @elastic/sec-windows-platform (Team:Security-Windows Platform)

@marc-gr marc-gr added the Team:Defend Workflows Security team for Endpoint and OSQuery workflows [elastic/security-defend-workflows] label Apr 9, 2026
tomsonpl
tomsonpl approved these changes Apr 9, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@tomsonpl tomsonpl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks!

@elasticmachine
Copy link
Copy Markdown

elasticmachine commented Apr 9, 2026

💚 Build Succeeded

@andrewkroh andrewkroh added the documentation Improvements or additions to documentation. Applied to PRs that modify *.md files. label Apr 9, 2026
@marc-gr marc-gr merged commit c466d6c into elastic:main Apr 9, 2026
9 checks passed
@marc-gr marc-gr deleted the feat/upgrade-osquery branch April 9, 2026 12:43
@elastic-vault-github-plugin-prod
Copy link
Copy Markdown

elastic-vault-github-plugin-prod bot commented Apr 9, 2026

Package osquery_manager - 1.26.0 containing this change is available at https://epr.elastic.co/package/osquery_manager/1.26.0/

@github-actions github-actions bot mentioned this pull request Apr 17, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tomsonpl tomsonpl tomsonpl approved these changes

@brian-mckinney brian-mckinney brian-mckinney approved these changes

@paul-tavares paul-tavares Awaiting requested review from paul-tavares paul-tavares is a code owner automatically assigned from elastic/security-defend-workflows

Assignees

No one assigned

Labels

documentation Improvements or additions to documentation. Applied to PRs that modify *.md files. enhancement New feature or request Integration:osquery_manager Osquery Manager Team:Defend Workflows Security team for Endpoint and OSQuery workflows [elastic/security-defend-workflows] Team:Security-Windows Platform Security Windows Platform team [elastic/sec-windows-platform]

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@marc-gr @elasticmachine @tomsonpl @brian-mckinney @andrewkroh