Create a pack

POST /api/osquery/packs

Create a query pack.

application/json; Elastic-Api-Version=2023-10-31

Body Required

description string | null
enabled boolean | null
name string
policy_ids array[string] | null
queries object
Hide queries attribute Show queries attribute object
- * object Additional properties
  Hide * attributes Show * attributes object
  
  ecs_mapping object | null
  
  Hide ecs_mapping attribute Show ecs_mapping attribute object | null
  
  * object | null Additional properties
  
  Hide * attributes Show * attributes object | null
  
  field string
  
  value string | array[string]
  
  One of:
  string-1 string array-2 array[string]
  
  id string
  
  platform string | null
  
  query string
  
  removed boolean | null
  
  saved_query_id string | null
  
  snapshot boolean | null
  
  version string | null
shards object
Hide shards attributes Show shards attributes object
- Additional properties
- key number
- * number Additional properties

Responses

200 application/json; Elastic-Api-Version=2023-10-31

OK

POST /api/osquery/packs

curl \
 -X POST http://api.example.com/api/osquery/packs \
 -H "Content-Type: application/json; Elastic-Api-Version=2023-10-31"

Request examples

{
  "description": "string",
  "enabled": true,
  "name": "string",
  "policy_ids": [
    "string"
  ],
  "queries": {
    "additionalProperty1": {
      "ecs_mapping": {
        "additionalProperty1": {
          "field": "string",
          "value": "string"
        },
        "additionalProperty2": {
          "field": "string",
          "value": "string"
        }
      },
      "id": "string",
      "platform": "string",
      "query": "string",
      "removed": true,
      "saved_query_id": "string",
      "snapshot": true,
      "version": "string"
    },
    "additionalProperty2": {
      "ecs_mapping": {
        "additionalProperty1": {
          "field": "string",
          "value": "string"
        },
        "additionalProperty2": {
          "field": "string",
          "value": "string"
        }
      },
      "id": "string",
      "platform": "string",
      "query": "string",
      "removed": true,
      "saved_query_id": "string",
      "snapshot": true,
      "version": "string"
    }
  },
  "shards": {
    "key": 42.0,
    "additionalProperty1": 42.0,
    "additionalProperty2": 42.0
  }
}

Response examples (200)

{}

Create a pack

Body Required

value string | array[string]

Responses