Using Osquery with Graylog

(Jake Smith) #1

Hi All,

I was just wondering if this was possible.

  1. We install osquery on endpoints
  2. We use Filebeat to monitor the osquery results file. Each time an automated query is undertaken then file beat ships the results in JSON form to Graylog.
  3. On the Graylog side, we use the ‘Elastic Beats Input Plugin’ to provide inputs for filebeat data from Osquery?

Am I missing something?



(Jan Doberstein) #2

@Magneton you could add a json extractor to create single fields out of the message to be able to search more efficient.

(Jake Smith) #3

Ok cool, thanks for the information.

I will check it out soon.



(system) closed #4

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.