Skip to content

[DOCS] [Osquery] New option for users to run a single query or run a pack #2231

New issue
New issue
Closed
Closed
[DOCS] [Osquery] New option for users to run a single query or run a pack#2231
Assignees
nastasha-solomon
Labels
Feature: OsqueryTeam: DocsdocumentationImprovements or additions to documentationv8.4.0
@melissaburpo

Description

@melissaburpo
melissaburpo
opened on Jul 28, 2022

Description

When running osquery from an Alert, users now have an option to either run a single query or to run a pack of queries. This impacts all instances of the Live Query UI, including when running osquery from an Alert in the Security app.

Related PR

Contacts

For any questions about this feature, reach out to @patrykkopycinski or @james-elastic

Acceptance Test Criteria

  • The Run Osquery page is updated as needed. This likely includes:
    • Update screenshots in steps 3 and 7
    • Revise steps to indicate this new choice. Users first need to choose whether they want to run a single query or a pack of queries.
      • If they choose to run a single query, they would then do step 3 as written "Enter a new query or select a new saved query."
      • If they choose to run a pack of queries, they would then select which pack to run. When you select a pack, all queries that will be run are shown. When you hit Submit, a status is shown for each query in the pack.

Screenshots

Running a single query

image

Running a query pack

image

Metadata

Metadata

Assignees

Labels

Feature: OsqueryTeam: DocsdocumentationImprovements or additions to documentationv8.4.0

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions