Skip to content

[DOCS] Osquery features in 8.5 #2561

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 61 commits into from
Oct 27, 2022
Merged

[DOCS] Osquery features in 8.5 #2561

merged 61 commits into from
Oct 27, 2022

Conversation

@nastasha-solomon
Copy link
Contributor

@nastasha-solomon nastasha-solomon commented Oct 11, 2022
edited
Loading

Addresses #2522, #2513, and #2512.

Previews:

@nastasha-solomon nastasha-solomon self-assigned this Oct 11, 2022
@github-actions
Copy link

github-actions bot commented Oct 11, 2022

Documentation previews:

@nastasha-solomon nastasha-solomon marked this pull request as ready for review October 12, 2022 03:20
joepeeples
joepeeples reviewed Oct 12, 2022
View reviewed changes
Copy link
Contributor

@joepeeples joepeeples left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Lots of great stuff here, and a massive effort, thank you!

One general, big-picture question: Does this new "Use Osquery" section still belong inside the "Detections and alerts" parent section? With these new features (and more on the way I assume), It seems like Osquery cuts across several functions, not just detections & response but also investigation, threat hunting, etc. Maybe this should be a top-level section of its own?

nastasha-solomon and others added 3 commits October 12, 2022 17:41
@nastasha-solomon @joepeeples
Update docs/detections/view-osquery-results.asciidoc
7148518 
Co-authored-by: Joe Peeples <joe.peeples@elastic.co>
@nastasha-solomon @joepeeples
Update docs/detections/view-osquery-results.asciidoc
eeebf5b 
Co-authored-by: Joe Peeples <joe.peeples@elastic.co>
@nastasha-solomon @joepeeples
Update docs/detections/osquery-response-action.asciidoc
a8c904e 
Co-authored-by: Joe Peeples <joe.peeples@elastic.co>
jmikell821
jmikell821 reviewed Oct 18, 2022
View reviewed changes
Copy link
Contributor

@jmikell821 jmikell821 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Lots of good changes here! One tiny tiny nit, then Joe had a question here. Other than that, I won't nit pick at this one further because I know it was a big PR. Thanks for pulling this together. 🌟

nastasha-solomon and others added 2 commits October 18, 2022 16:26
@nastasha-solomon @jmikell821
Update docs/detections/view-osquery-results.asciidoc
15eca97 
Co-authored-by: Janeen Mikell-Straughn <57149392+jmikell821@users.noreply.github.com>
@nastasha-solomon
Merge branch 'main' into osquery-8.5-features
125692e
@mergify
Copy link
Contributor

mergify bot commented Oct 18, 2022

This pull request is now in conflicts. Could you fix it @nastasha-solomon? 🙏
To fixup this pull request, you can check out it locally. See documentation: https://help.github.com/articles/checking-out-pull-requests-locally/

git fetch upstream
git checkout -b osquery-8.5-features upstream/osquery-8.5-features
git merge upstream/main
git push upstream osquery-8.5-features

joepeeples
joepeeples reviewed Oct 18, 2022
View reviewed changes
This was referenced Oct 19, 2022
Closed
Closed
Closed
@nastasha-solomon nastasha-solomon merged commit b04b47f into main Oct 27, 2022
@nastasha-solomon nastasha-solomon deleted the osquery-8.5-features branch October 27, 2022 17:32
mergify bot pushed a commit that referenced this pull request Oct 27, 2022
@nastasha-solomon @joepeeples
@benironside @jmikell821 @mergify
[DOCS] Osquery features in 8.5 (#2561)
f17533d 
Co-authored-by: Joe Peeples <joe.peeples@elastic.co>
Co-authored-by: Benjamin Ironside Goldstein <91905639+benironside@users.noreply.github.com>
Co-authored-by: Janeen Mikell-Straughn <57149392+jmikell821@users.noreply.github.com>
(cherry picked from commit b04b47f)
@mergify mergify bot mentioned this pull request Oct 27, 2022
Merged
nastasha-solomon added a commit that referenced this pull request Oct 27, 2022
@mergify @joepeeples
@benironside @jmikell821 @nastasha-solomon
[8.5] [DOCS] Osquery features in 8.5 (backport #2561) (#2639)
56dc7ee 
Co-authored-by: Joe Peeples <joe.peeples@elastic.co>
Co-authored-by: Benjamin Ironside Goldstein <91905639+benironside@users.noreply.github.com>
Co-authored-by: Janeen Mikell-Straughn <57149392+jmikell821@users.noreply.github.com>
Co-authored-by: nastasha-solomon <79124755+nastasha-solomon@users.noreply.github.com>
@joepeeples joepeeples mentioned this pull request Nov 9, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jmikell821 jmikell821 jmikell821 left review comments

@benironside benironside benironside left review comments

@patrykkopycinski patrykkopycinski patrykkopycinski approved these changes

@tomsonpl tomsonpl tomsonpl approved these changes

@james-elastic james-elastic james-elastic approved these changes

+1 more reviewer

@joepeeples joepeeples joepeeples left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@nastasha-solomon nastasha-solomon

Labels

Feature: Osquery readyforQA PRs that are ready for QA review. Team: Docs v8.5.0

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[DOCS] Users can set up Osquery to run from a rule's investigation guide [DOCS] Osquery response action [DOCS] Osquery results can be added to case

8 participants

@nastasha-solomon @patrykkopycinski @tomsonpl @james-elastic @jmikell821 @joepeeples @benironside