OSQuery data in Kibana- how to view? #9693
-
|
Hi All, I can see that osquery is sending data to Kibana, because I can click on 'Event Category: Host' and a bunch of stuff appears in How do I browse or access this data? If I click on any of the pack names it opens a new window and the hyperlink goes to (roughly) https://my.so-install.com/kibana/app/pack_mac-pack_firefox_addons and gives the error 'application not found' Similarly, when using the panel 'Security Onion- Modules' and clicking on 'OSQuery' I get an error 'Add OSQuery Manager' but I had assumed this wouldn't work because of the SO customisation... My SO instance is set up as a 'Manager Search' node
|
Beta Was this translation helpful? Give feedback.
Replies: 2 comments
-
|
Unfortunately, this is an issue with field formatters not working properly in Elastic 8.5 -- it will be fixed with the move to 8.6.1, as tracked in this issue: #9594 I would suggest using Hunt for now to access those OSQuery results until 2.3.210 is available with the new Elastic. |
Beta Was this translation helpful? Give feedback.
-
|
Thanks so much @InfosecGoon, Cheers |
Beta Was this translation helpful? Give feedback.
Unfortunately, this is an issue with field formatters not working properly in Elastic 8.5 -- it will be fixed with the move to 8.6.1, as tracked in this issue: #9594
I would suggest using Hunt for now to access those OSQuery results until 2.3.210 is available with the new Elastic.