Is there an API for updating osquery packs in the ...
# kolidet
Thomas Stromberg
09/12/2023, 3:01 PMIs there an API for updating osquery packs in the Log Pipeline?
Thomas Stromberg
09/12/2023, 3:05 PMWe update our packs ~4 times a month and it's a toilsome & error-prone process.
It's particular burdensome as you have to first delete the old pack, cut & paste a new pack in, and then remember to enable it once it's completed saving. Then you have to repeat the same set of steps for the next pack ...
Thomas Stromberg
09/12/2023, 4:15 PMI suppose worst case I can just emulate what the browser is doing with the POST to
/log_pipeline/packse
Emily Hill
09/20/2023, 7:05 PMHi Thomas! No, as you found, there is not an API to update packs to the Log Pipeline.
Apologies on the delayed response, I've been out of the office. I look forward to hearing if your workaround worked!
2 Views