2024-02-09 19:34:57 +00:00
|
|
|
- name: Scheduled query stats
|
|
|
|
|
description: Collect osquery performance stats directly from osquery
|
|
|
|
|
query: SELECT *,
|
|
|
|
|
(SELECT value from osquery_flags where name = 'pack_delimiter') AS delimiter
|
|
|
|
|
FROM osquery_schedule;
|
|
|
|
|
interval: 0
|
|
|
|
|
platform: darwin,linux,windows
|
|
|
|
|
min_osquery_version: all
|
|
|
|
|
observer_can_run: false
|
|
|
|
|
automations_enabled: false
|
|
|
|
|
logging: snapshot
|
|
|
|
|
- name: orbit_info
|
|
|
|
|
query: SELECT * from orbit_info;
|
|
|
|
|
interval: 0
|
2024-05-28 16:44:43 +00:00
|
|
|
platform: darwin,$LINUX_OS,windows
|
2024-02-09 19:34:57 +00:00
|
|
|
min_osquery_version: all
|
|
|
|
|
observer_can_run: false
|
|
|
|
|
automations_enabled: true
|
|
|
|
|
logging: snapshot
|
