Description

This is an Kibana dashboard example visualizing performance metrics of osquery. The example has been created as part of this blog article. In order to get the right data for the dashboard you need to follow the guide in that article.

The recommended way to get osquery data into Elasticsearch is using the Filebeat module

What is osquery?

osquery is a SQL powered operating system instrumentation, monitoring, and analytics framework.

osquery exposes the operating system as a high-performance relational database. This allows you to write SQL-based queries to browse operating system data. With osquery, SQL tables represent abstract concepts such as running processes, loaded kernel modules, open network connections, browser plug-ins, hardware events, or file hashing. SQL tables are implemented through simple plug-ins and extension APIs. Various tables already exist, and more are being written: https://osquery.io/schema.

Source

Originally found at https://medium.com/fleetdm/build-an-osquery-performance-dashboard-1b1762ee3880

Tested versions	7.13
ECS compliant	No

You must log in to submit a review.

Related downloads

Log analysis and analytics dashboard

fero

Dashboard to observe your logs

Sigma Windows Process Creation detection rules

by content share admin

A collection of rules based on the Sigma rules for Windows (process creation folder) based on Winlogbeat data .

Threat detection Kibana dashboard

by content share admin

Kibana dashboard example visualizing the results of the Elastic SIEM detection engine

Google Cloud monitoring dashboard

by content share admin

Dashboard to monitor GCP resources using different metrics and logs.

Vega Clock UTC

by content share admin

This is a working clock visualization in UTC time.

Elastic Cloud Billing data collection and Kibana dashboard

by content share admin

Pulls Elastic Cloud Billing information from the Billing API then sends it to an Elasticsearch cluster and visualizes the results in Kibana dashboards.