when defining query packs do you have to define a query sepa

Question

when defining query packs do you have to define a query separately and then reference by name or can you just define the query itself

zwass · Answer

Yes queries must be defined separately and referenced by name It could be interesting to allow them to be defined inline

jacknagz · Answer

It just makes the config file simpler IMO

jacknagz · Answer

there s also no support for the bulit in query packs right

jacknagz · Answer

that are dropped on the host when osquery is installed

zwass · Answer

Many folks convert those query packs with `fleetctl convert` and use them

seph · Answer

The osquery distributed packs are highly unmaintained Caution is recommended