mirror of
https://github.com/empayre/fleet.git
synced 2024-11-06 08:55:24 +00:00
51 lines
1.8 KiB
Plaintext
51 lines
1.8 KiB
Plaintext
{
|
|
"options": {
|
|
"disable_distributed": "false",
|
|
"distributed_plugin": "tls",
|
|
"distributed_interval": 10,
|
|
"distributed_tls_max_attempts": 3,
|
|
"distributed_tls_read_endpoint": "/api/v1/osquery/distributed/read",
|
|
"distributed_tls_write_endpoint": "/api/v1/osquery/distributed/write",
|
|
"logger_plugin": "tls",
|
|
"logger_tls_endpoint": "/api/v1/osquery/log",
|
|
"logger_tls_period": 60
|
|
},
|
|
|
|
"schedule": {
|
|
// This is a simple example query that outputs basic system information.
|
|
"system_info": {
|
|
// The exact query to run.
|
|
"query": "SELECT hostname, cpu_brand, physical_memory FROM system_info;",
|
|
// The interval in seconds to run this query, not an exact interval.
|
|
"interval": 60
|
|
}
|
|
},
|
|
|
|
// Decorators are normal queries that append data to every query.
|
|
"decorators": {
|
|
"load": [
|
|
"SELECT uuid AS host_uuid FROM system_info;",
|
|
"SELECT user AS username FROM logged_in_users ORDER BY time DESC LIMIT 1;"
|
|
]
|
|
},
|
|
|
|
// Add default osquery packs or install your own.
|
|
//
|
|
// There are several 'default' packs installed with 'make install' or via
|
|
// packages and/or Homebrew.
|
|
//
|
|
// Linux: /usr/share/osquery/packs
|
|
// OS X: /var/osquery/packs
|
|
// Homebrew: /usr/local/share/osquery/packs
|
|
// make install: {PREFIX}/share/osquery/packs
|
|
//
|
|
"packs": {
|
|
// "osquery-monitoring": "/usr/share/osquery/packs/osquery-monitoring.conf",
|
|
// "incident-response": "/usr/share/osquery/packs/incident-response.conf",
|
|
// "it-compliance": "/usr/share/osquery/packs/it-compliance.conf",
|
|
// "osx-attacks": "/usr/share/osquery/packs/osx-attacks.conf",
|
|
// "vuln-management": "/usr/share/osquery/packs/vuln-management.conf",
|
|
// "hardware-monitoring": "/usr/share/osquery/packs/hardware-monitoring.conf"
|
|
}
|
|
}
|