I’m new to osquery (using Kolide Fleet + Launcher) and setup the query packs from the osquery GitHub repo. I also setup Elasticsearch/Filebeat/Kibana to make sense of the data. But I’m new to that too. Are there any premade Dashboards for monitoring results from the provided query packs? Or any good tutorials for creating visuals/dashboards in Kibana from osquery results?

I know you are using ELK but Splunk has a dashboard for Kolide (https://splunkbase.splunk.com/app/4518/). You could look into the elements of the Splunk dashboard to create your own ELK equivalent.

I didn’t know about Security Onion before, so I’ll look into it. Thanks for the leads.