{
  "name": "osquery_manager",
  "title": "Osquery Manager",
  "version": "1.28.0",
  "release": "ga",
  "description": "Deploy Osquery with Elastic Agent, then run and schedule queries in Kibana",
  "type": "integration",
  "download": "/epr/osquery_manager/osquery_manager-1.28.0.zip",
  "path": "/package/osquery_manager/1.28.0",
  "icons": [
    {
      "src": "/img/logo_osquery.svg",
      "path": "/package/osquery_manager/1.28.0/img/logo_osquery.svg",
      "title": "logo osquery",
      "size": "32x32",
      "type": "image/svg+xml"
    }
  ],
  "conditions": {
    "kibana": {
      "version": "^9.4.0"
    },
    "elastic": {
      "subscription": "",
      "capabilities": [
        "security"
      ]
    }
  },
  "owner": {
    "type": "elastic",
    "github": "elastic/security-defend-workflows"
  },
  "categories": [
    "security"
  ],
  "signature_path": "/epr/osquery_manager/osquery_manager-1.28.0.zip.sig",
  "format_version": "3.5.8",
  "readme": "/package/osquery_manager/1.28.0/docs/README.md",
  "license": "basic",
  "assets": [
    "/package/osquery_manager/1.28.0/LICENSE.txt",
    "/package/osquery_manager/1.28.0/artifacts_matrix.md",
    "/package/osquery_manager/1.28.0/changelog.yml",
    "/package/osquery_manager/1.28.0/manifest.yml",
    "/package/osquery_manager/1.28.0/validation.yml",
    "/package/osquery_manager/1.28.0/docs/README.md",
    "/package/osquery_manager/1.28.0/img/logo_osquery.svg",
    "/package/osquery_manager/1.28.0/schemas/ecs.json",
    "/package/osquery_manager/1.28.0/schemas/metadata.json",
    "/package/osquery_manager/1.28.0/schemas/osquery.json",
    "/package/osquery_manager/1.28.0/data_stream/action_responses/manifest.yml",
    "/package/osquery_manager/1.28.0/data_stream/result/manifest.yml",
    "/package/osquery_manager/1.28.0/kibana/dashboard/osquery_manager-69f5ae20-eb02-11e7-8f04-51231daa5b05.json",
    "/package/osquery_manager/1.28.0/kibana/dashboard/osquery_manager-c0a7ce90-f4aa-11e7-8647-534bb4c21040.json",
    "/package/osquery_manager/1.28.0/kibana/osquery_pack_asset/osquery_manager-03e88290-a6df-11ec-b2f9-c732a3845c54.json",
    "/package/osquery_manager/1.28.0/kibana/osquery_pack_asset/osquery_manager-07fe8000-a6df-11ec-b2f9-c732a3845c54.json",
    "/package/osquery_manager/1.28.0/kibana/osquery_pack_asset/osquery_manager-0c09a800-a6df-11ec-b2f9-c732a3845c54.json",
    "/package/osquery_manager/1.28.0/kibana/osquery_pack_asset/osquery_manager-0f652f10-a6df-11ec-b2f9-c732a3845c54.json",
    "/package/osquery_manager/1.28.0/kibana/osquery_pack_asset/osquery_manager-135ccf10-a6df-11ec-b2f9-c732a3845c54.json",
    "/package/osquery_manager/1.28.0/kibana/osquery_pack_asset/osquery_manager-190860a0-a6df-11ec-b2f9-c732a3845c54.json",
    "/package/osquery_manager/1.28.0/kibana/osquery_pack_asset/osquery_manager-1fc03210-a6df-11ec-b2f9-c732a3845c54.json",
    "/package/osquery_manager/1.28.0/kibana/osquery_pack_asset/osquery_manager-35f10af0-a6df-11ec-b2f9-c732a3845c54.json",
    "/package/osquery_manager/1.28.0/kibana/osquery_pack_asset/osquery_manager-3b28cc10-a6df-11ec-b2f9-c732a3845c54.json",
    "/package/osquery_manager/1.28.0/kibana/osquery_pack_asset/osquery_manager-3f96fba0-a6df-11ec-b2f9-c732a3845c54.json",
    "/package/osquery_manager/1.28.0/kibana/osquery_pack_asset/osquery_manager-a2e5f6b7-c8d9-4e0f-2a1b-3c4d5e6f7a8b.json",
    "/package/osquery_manager/1.28.0/kibana/osquery_pack_asset/osquery_manager-b3f6a7c8-d9e0-4f1a-3b2c-4d5e6f7a8b9c.json",
    "/package/osquery_manager/1.28.0/kibana/osquery_pack_asset/osquery_manager-c4a7b8d9-e0f1-4a2b-4c3d-5e6f7a8b9c0d.json",
    "/package/osquery_manager/1.28.0/kibana/osquery_pack_asset/osquery_manager-c8a1b2d3-e4f5-4a6b-8c7d-9e0f1a2b3c4d.json",
    "/package/osquery_manager/1.28.0/kibana/osquery_pack_asset/osquery_manager-d5b8c9e0-f1a2-4b3c-5d4e-6f7a8b9c0d1e.json",
    "/package/osquery_manager/1.28.0/kibana/osquery_pack_asset/osquery_manager-d9b2c3e4-f5a6-4b7c-9d8e-0f1a2b3c4d5e.json",
    "/package/osquery_manager/1.28.0/kibana/osquery_pack_asset/osquery_manager-e0c3d4f5-a6b7-4c8d-0e9f-1a2b3c4d5e6f.json",
    "/package/osquery_manager/1.28.0/kibana/osquery_pack_asset/osquery_manager-f1d4e5a6-b7c8-4d9e-1f0a-2b3c4d5e6f7a.json",
    "/package/osquery_manager/1.28.0/kibana/osquery_saved_query/osquery_manager-0796f890-b4a9-11ec-8f39-bf9c07530bbb.json",
    "/package/osquery_manager/1.28.0/kibana/osquery_saved_query/osquery_manager-0f61edf0-17e1-11ed-89c6-331eb0db6d01.json",
    "/package/osquery_manager/1.28.0/kibana/osquery_saved_query/osquery_manager-128b90b0-b4a6-11ec-8f39-bf9c07530bbb.json",
    "/package/osquery_manager/1.28.0/kibana/osquery_saved_query/osquery_manager-157d5550-fd27-11ec-8645-83a23bc513b5.json",
    "/package/osquery_manager/1.28.0/kibana/osquery_saved_query/osquery_manager-239dce60-b4a9-11ec-8f39-bf9c07530bbb.json",
    "/package/osquery_manager/1.28.0/kibana/osquery_saved_query/osquery_manager-23af51c0-d75f-11ec-879b-83915b27217e.json",
    "/package/osquery_manager/1.28.0/kibana/osquery_saved_query/osquery_manager-265051dd-bc20-491a-a998-98ebc2f00af7.json",
    "/package/osquery_manager/1.28.0/kibana/osquery_saved_query/osquery_manager-2a5c0d4a-21b8-4a37-8d71-2d5d2c8a0f45.json",
    "/package/osquery_manager/1.28.0/kibana/osquery_saved_query/osquery_manager-2b1b604c-e355-4e23-b8b4-d014a0aa3197.json",
    "/package/osquery_manager/1.28.0/kibana/osquery_saved_query/osquery_manager-2de24900-b4a9-11ec-8f39-bf9c07530bbb.json",
    "/package/osquery_manager/1.28.0/kibana/osquery_saved_query/osquery_manager-315bfda0-d75f-11ec-879b-83915b27217e.json",
    "/package/osquery_manager/1.28.0/kibana/osquery_saved_query/osquery_manager-363d6a30-b4a9-11ec-8f39-bf9c07530bbb.json",
    "/package/osquery_manager/1.28.0/kibana/osquery_saved_query/osquery_manager-3e553650-17fd-11ed-89c6-331eb0db6d01.json",
    "/package/osquery_manager/1.28.0/kibana/osquery_saved_query/osquery_manager-3e7155d0-0db5-11ed-a49c-6b13b058b135.json",
    "/package/osquery_manager/1.28.0/kibana/osquery_saved_query/osquery_manager-40033716-3580-48fe-a17d-441a838acd8a.json",
    "/package/osquery_manager/1.28.0/kibana/osquery_saved_query/osquery_manager-45375d5b-c4a6-4cea-8f1b-eb1cbd3c6e9d.json",
    "/package/osquery_manager/1.28.0/kibana/osquery_saved_query/osquery_manager-47d96fe0-d75f-11ec-879b-83915b27217e.json",
    "/package/osquery_manager/1.28.0/kibana/osquery_saved_query/osquery_manager-4a7c3e8f-9d5b-4c2a-b1e4-7f8a6d3c9e2b.json",
    "/package/osquery_manager/1.28.0/kibana/osquery_saved_query/osquery_manager-4b2e8f3a-9d5c-4e2a-b8f1-7c6d3e9a2b1f.json",
    "/package/osquery_manager/1.28.0/kibana/osquery_saved_query/osquery_manager-4da83919-be77-48df-ad50-4f5b464c2bab.json",
    "/package/osquery_manager/1.28.0/kibana/osquery_saved_query/osquery_manager-521f7c0d-7ef4-4ff4-9510-e899bbc1b285.json",
    "/package/osquery_manager/1.28.0/kibana/osquery_saved_query/osquery_manager-55955db0-0c07-11ed-a49c-6b13b058b135.json",
    "/package/osquery_manager/1.28.0/kibana/osquery_saved_query/osquery_manager-5823a22e-5add-416d-a142-de323400edb0.json",
    "/package/osquery_manager/1.28.0/kibana/osquery_saved_query/osquery_manager-5b2e3867-a277-4269-b3eb-9158d10965df.json",
    "/package/osquery_manager/1.28.0/kibana/osquery_saved_query/osquery_manager-5bc9de27-6ae5-4148-b087-97d2669f6f27.json",
    "/package/osquery_manager/1.28.0/kibana/osquery_saved_query/osquery_manager-5c144ac0-b4a5-11ec-8f39-bf9c07530bbb.json",
    "/package/osquery_manager/1.28.0/kibana/osquery_saved_query/osquery_manager-5dd4e2a9-eea7-4740-a1ec-1b1b7d120d77.json",
    "/package/osquery_manager/1.28.0/kibana/osquery_saved_query/osquery_manager-63c1fe20-176f-11ed-89c6-331eb0db6d01.json",
    "/package/osquery_manager/1.28.0/kibana/osquery_saved_query/osquery_manager-66ee8c5f-7030-4641-a14b-f4a45d1edd6a.json",
    "/package/osquery_manager/1.28.0/kibana/osquery_saved_query/osquery_manager-6954690d-32c3-4c50-a973-3fae66114349.json",
    "/package/osquery_manager/1.28.0/kibana/osquery_saved_query/osquery_manager-6fc00190-b4b4-11ec-8f39-bf9c07530bbb.json",
    "/package/osquery_manager/1.28.0/kibana/osquery_saved_query/osquery_manager-743c6727-2a18-46cc-9e23-215ca38b3373.json",
    "/package/osquery_manager/1.28.0/kibana/osquery_saved_query/osquery_manager-7ee71870-b4b4-11ec-8f39-bf9c07530bbb.json",
    "/package/osquery_manager/1.28.0/kibana/osquery_saved_query/osquery_manager-83869f40-0dab-11ed-a49c-6b13b058b135.json",
    "/package/osquery_manager/1.28.0/kibana/osquery_saved_query/osquery_manager-8476c6fe-9c0b-447b-a334-c5ecc0779d9d.json",
    "/package/osquery_manager/1.28.0/kibana/osquery_saved_query/osquery_manager-888ac365-4095-4de8-9990-41d96a792356.json",
    "/package/osquery_manager/1.28.0/kibana/osquery_saved_query/osquery_manager-892ee425-60e7-4eb6-ba25-6e97dc3e2ea0.json",
    "/package/osquery_manager/1.28.0/kibana/osquery_saved_query/osquery_manager-8be8f7d8-270c-4bf3-bba4-4b99e4c56485.json",
    "/package/osquery_manager/1.28.0/kibana/osquery_saved_query/osquery_manager-9307c448-d8e2-49a3-aeca-469881183087.json",
    "/package/osquery_manager/1.28.0/kibana/osquery_saved_query/osquery_manager-94a743fd-5f84-44f3-b38a-2732d8b6f51b.json",
    "/package/osquery_manager/1.28.0/kibana/osquery_saved_query/osquery_manager-a08d7320-1823-11ed-89c6-331eb0db6d01.json",
    "/package/osquery_manager/1.28.0/kibana/osquery_saved_query/osquery_manager-a0c7b358-f7eb-4bb8-9e08-52bd1afe8987.json",
    "/package/osquery_manager/1.28.0/kibana/osquery_saved_query/osquery_manager-a1b2c3d4-e5f6-11ed-8f39-bf9c07530bbb.json",
    "/package/osquery_manager/1.28.0/kibana/osquery_saved_query/osquery_manager-a1b2c3d4-lnk1-11ef-8f39-bf9c07530bbb.json",
    "/package/osquery_manager/1.28.0/kibana/osquery_saved_query/osquery_manager-a1b2c3d4-mem1-11f0-8f39-bf9c07530bbb.json",
    "/package/osquery_manager/1.28.0/kibana/osquery_saved_query/osquery_manager-a3c52b40-b622-11ef-9c4a-8b2c7c5a1d3f.json",
    "/package/osquery_manager/1.28.0/kibana/osquery_saved_query/osquery_manager-a4b2c8d0-8876-11f0-b4d1-4f9e8c3a1b2e.json",
    "/package/osquery_manager/1.28.0/kibana/osquery_saved_query/osquery_manager-a4b2c8d0-jmpl-11f0-b4d1-4f9e8c3a1b2e.json",
    "/package/osquery_manager/1.28.0/kibana/osquery_saved_query/osquery_manager-a8870ff0-b4a5-11ec-8f39-bf9c07530bbb.json",
    "/package/osquery_manager/1.28.0/kibana/osquery_saved_query/osquery_manager-a8f3c5e7-d9b4-4a21-8f6c-2e9d1b3a5c7e.json",
    "/package/osquery_manager/1.28.0/kibana/osquery_saved_query/osquery_manager-abed45b1-6b61-4398-b607-a7a6b09e6dc6.json",
    "/package/osquery_manager/1.28.0/kibana/osquery_saved_query/osquery_manager-ae619588-47a8-4ba8-a378-375244fbef23.json",
    "/package/osquery_manager/1.28.0/kibana/osquery_saved_query/osquery_manager-b0683c20-0dbb-11ed-a49c-6b13b058b135.json",
    "/package/osquery_manager/1.28.0/kibana/osquery_saved_query/osquery_manager-b2c3d4e5-f6a7-11ef-89c6-331eb0db6d02.json",
    "/package/osquery_manager/1.28.0/kibana/osquery_saved_query/osquery_manager-b2c3d4e5-f6a7-8901-bcde-f12345678901.json",
    "/package/osquery_manager/1.28.0/kibana/osquery_saved_query/osquery_manager-b352f3c9-c630-47ec-83bb-5887fe0bb874.json",
    "/package/osquery_manager/1.28.0/kibana/osquery_saved_query/osquery_manager-b7d63c50-b623-11ef-9c4a-8b2c7c5a1d40.json",
    "/package/osquery_manager/1.28.0/kibana/osquery_saved_query/osquery_manager-bcef7e6e-31df-4d72-a296-2e7657f49d64.json",
    "/package/osquery_manager/1.28.0/kibana/osquery_saved_query/osquery_manager-c1382246-e840-4270-b095-677b6c6be796.json",
    "/package/osquery_manager/1.28.0/kibana/osquery_saved_query/osquery_manager-c251aeb1-698f-44a4-9526-cdd349b9ccbe.json",
    "/package/osquery_manager/1.28.0/kibana/osquery_saved_query/osquery_manager-c3d4e5f6-a7b8-9012-cdef-012345678902.json",
    "/package/osquery_manager/1.28.0/kibana/osquery_saved_query/osquery_manager-c9f4e1a0-a7e4-11ef-9b3d-94b24cd614c6.json",
    "/package/osquery_manager/1.28.0/kibana/osquery_saved_query/osquery_manager-ccd3f850-b4a5-11ec-8f39-bf9c07530bbb.json",
    "/package/osquery_manager/1.28.0/kibana/osquery_saved_query/osquery_manager-cebd7b00-b4b4-11ec-8f39-bf9c07530bbb.json",
    "/package/osquery_manager/1.28.0/kibana/osquery_saved_query/osquery_manager-d4e5f6a7-b8c9-12de-f345-678901234567.json",
    "/package/osquery_manager/1.28.0/kibana/osquery_saved_query/osquery_manager-d55fb469-b20d-43aa-902a-f0e71cf036a6.json",
    "/package/osquery_manager/1.28.0/kibana/osquery_saved_query/osquery_manager-d8a1b2c3-d4e5-11ef-a6b7-12c3d4e5f678.json",
    "/package/osquery_manager/1.28.0/kibana/osquery_saved_query/osquery_manager-d8d79510-6f58-44e1-b7fc-63a073158096.json",
    "/package/osquery_manager/1.28.0/kibana/osquery_saved_query/osquery_manager-e4ebcc53-fbb9-420a-9418-b8edc1f8f2df.json",
    "/package/osquery_manager/1.28.0/kibana/osquery_saved_query/osquery_manager-e5f6a7b8-c9d0-23ef-4567-890123456789.json",
    "/package/osquery_manager/1.28.0/kibana/osquery_saved_query/osquery_manager-e640e200-b4a8-11ec-8f39-bf9c07530bbb.json",
    "/package/osquery_manager/1.28.0/kibana/osquery_saved_query/osquery_manager-e9e51a33-b2a2-47b4-a00e-7de8a205d55b.json",
    "/package/osquery_manager/1.28.0/kibana/osquery_saved_query/osquery_manager-e9f2c3d4-e5f6-11ef-b8c9-23d4e5f6a789.json",
    "/package/osquery_manager/1.28.0/kibana/osquery_saved_query/osquery_manager-ee586dc0-1801-11ed-89c6-331eb0db6d01.json",
    "/package/osquery_manager/1.28.0/kibana/osquery_saved_query/osquery_manager-f2a9c7d5-e3b1-4f8a-9c2e-6d4b8a1e3f5c.json",
    "/package/osquery_manager/1.28.0/kibana/osquery_saved_query/osquery_manager-f6a7b8c9-d0e1-34f0-5678-901234567890.json",
    "/package/osquery_manager/1.28.0/kibana/osquery_saved_query/osquery_manager-f8649710-b4a8-11ec-8f39-bf9c07530bbb.json",
    "/package/osquery_manager/1.28.0/kibana/osquery_saved_query/osquery_manager-f8b0894b-772d-4242-8e19-dbc5d7ae2e06.json",
    "/package/osquery_manager/1.28.0/kibana/osquery_saved_query/osquery_manager-f8e71a30-b621-11ef-9c4a-8b2c7c5a1d3e.json",
    "/package/osquery_manager/1.28.0/kibana/osquery_saved_query/osquery_manager-fc4e34b0-b4a5-11ec-8f39-bf9c07530bbb.json",
    "/package/osquery_manager/1.28.0/kibana/search/osquery_manager-0fe5dc00-f49b-11e7-8647-534bb4c21040.json",
    "/package/osquery_manager/1.28.0/kibana/search/osquery_manager-3824b080-eb02-11e7-8f04-51231daa5b05.json",
    "/package/osquery_manager/1.28.0/kibana/search/osquery_manager-7a9482d0-eb00-11e7-8f04-51231daa5b05.json",
    "/package/osquery_manager/1.28.0/kibana/search/osquery_manager-b5d6baa0-eb02-11e7-8f04-51231daa5b05.json",
    "/package/osquery_manager/1.28.0/kibana/search/osquery_manager-f59e21e0-eb03-11e7-8f04-51231daa5b05.json",
    "/package/osquery_manager/1.28.0/data_stream/action_responses/fields/action-responses.yml",
    "/package/osquery_manager/1.28.0/data_stream/action_responses/fields/base-fields.yml",
    "/package/osquery_manager/1.28.0/data_stream/action_responses/fields/ecs.yml",
    "/package/osquery_manager/1.28.0/data_stream/action_responses/fields/elastic_agent.yml",
    "/package/osquery_manager/1.28.0/data_stream/result/fields/base-fields.yml",
    "/package/osquery_manager/1.28.0/data_stream/result/fields/ecs.yml",
    "/package/osquery_manager/1.28.0/data_stream/result/fields/osquery.yml",
    "/package/osquery_manager/1.28.0/data_stream/result/fields/primary-fields.yml",
    "/package/osquery_manager/1.28.0/data_stream/action_responses/agent/stream/stream.yml.hbs",
    "/package/osquery_manager/1.28.0/data_stream/action_responses/elasticsearch/ingest_pipeline/default.yml",
    "/package/osquery_manager/1.28.0/data_stream/result/agent/stream/stream.yml.hbs",
    "/package/osquery_manager/1.28.0/data_stream/result/elasticsearch/ingest_pipeline/default.yml"
  ],
  "policy_templates": [
    {
      "name": "osquery_manager",
      "title": "Osquery Manager",
      "description": "Send interactive or scheduled queries to the osquery instances executed by the elastic-agent.",
      "inputs": [
        {
          "type": "osquery",
          "title": "Send queries to osquery instances",
          "description": "Send interactive or scheduled queries to the osquery instances executed by the elastic-agent."
        }
      ],
      "multiple": false
    }
  ],
  "data_streams": [
    {
      "type": "logs",
      "dataset": "osquery_manager.action.responses",
      "title": "Osquery Manager queries",
      "release": "experimental",
      "ingest_pipeline": "default",
      "streams": [
        {
          "input": "osquery",
          "vars": [
            {
              "name": "query",
              "type": "text",
              "title": "The query to be executed.",
              "multi": false,
              "required": false,
              "show_user": false
            }
          ],
          "template_path": "stream.yml.hbs",
          "title": "Osquery Manager configuration",
          "description": "Osquery Manager configuration",
          "enabled": true
        }
      ],
      "package": "osquery_manager",
      "path": "action_responses"
    },
    {
      "type": "logs",
      "dataset": "osquery_manager.result",
      "title": "Osquery Manager queries",
      "release": "experimental",
      "ingest_pipeline": "default",
      "streams": [
        {
          "input": "osquery",
          "vars": [
            {
              "name": "query",
              "type": "text",
              "title": "The query to be executed.",
              "multi": false,
              "required": false,
              "show_user": false
            }
          ],
          "template_path": "stream.yml.hbs",
          "title": "Osquery Manager configuration",
          "description": "Osquery Manager configuration",
          "enabled": true
        }
      ],
      "package": "osquery_manager",
      "path": "result"
    }
  ],
  "agent": {
    "privileges": {
      "root": true
    }
  }
}