Description
This is an Kibana dashboard example visualizing performance metrics of osquery. The example has been created as part of this blog article. In order to get the right data for the dashboard you need to follow the guide in that article.
The recommended way to get osquery data into Elasticsearch is using the Filebeat module
What is osquery?
osquery is a SQL powered operating system instrumentation, monitoring, and analytics framework.
osquery exposes the operating system as a high-performance relational database. This allows you to write SQL-based queries to browse operating system data. With osquery, SQL tables represent abstract concepts such as running processes, loaded kernel modules, open network connections, browser plug-ins, hardware events, or file hashing. SQL tables are implemented through simple plug-ins and extension APIs. Various tables already exist, and more are being written: https://osquery.io/schema.
Source
Originally found at https://medium.com/fleetdm/build-an-osquery-performance-dashboard-1b1762ee3880
| Tested versions | 7.13 |
| ECS compliant | No |
You must log in to submit a review.
