Hi All I m exploring the API and have it running in Postman osquery #fleet

Hi All, I’m exploring the API and have it running ...

Adam Connor

07/07/2022, 1:39 AM

Hi All, I’m exploring the API and have it running in Postman. All of the queries report exactly as described in the docs, except ‘List Queries’ ie.

GET /api/v1/fleet/queries

I’m actually receiving this response-

Copy code

{
  "queries": []
}

I’m not sure how to troubleshoot this, any hints please?

Benjamin Edwards

07/07/2022, 1:55 AM

Hey Adam, are you using our postman collection? Or building your own? Do you have any queries?

Adam Connor

07/07/2022, 1:56 AM

using the imported collection from Fleet

💯 1

Adam Connor

07/07/2022, 1:57 AM

ah good question - I thought I did have queries!

😅 1

Adam Connor

07/07/2022, 1:58 AM

yes I do have the standard query pack and I’ve made a few new ones- so I should be able to ‘find by query ID’ let me try that

Adam Connor

07/07/2022, 2:01 AM

that does work. Perhaps I’ve just misunderstood the intent here, I’ll re-read the docs

Benjamin Edwards

07/07/2022, 3:17 AM

Hmm let me try

Benjamin Edwards

07/07/2022, 3:20 AM

Copy code

curl --location --request GET 'https://<host>/api/v1/fleet/queries' \
--header 'Authorization: Bearer <token>'

this is definitely returning queries for me

Benjamin Edwards

07/07/2022, 3:21 AM

ah is your user's role observer?

Adam Connor

07/07/2022, 3:22 AM

yes, observer

Benjamin Edwards

07/07/2022, 3:22 AM

queries that are ✅ Observers can run are returned

Adam Connor

07/07/2022, 3:22 AM

ah, got it- thanks so much for your help!

Benjamin Edwards

07/07/2022, 3:23 AM

no problem

👍 1

Benjamin Edwards

07/07/2022, 3:23 AM

if you hit that API as an admin you'd get back the full list

Adam Connor

07/07/2022, 3:24 AM

fantastic, that was the only odd thing I found, permissions issue makes sense. Now I’m off to figure out how to give my analytics software access to the DB safely!

6 Views

Open in Slack

Previous Next