Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] Outdated information mentioned in the step 5 for Osquery. #4626

Closed
sukhwindersingh-qasource opened this issue Jan 18, 2024 · 4 comments
Closed

[BUG] Outdated information mentioned in the step 5 for Osquery. #4626

sukhwindersingh-qasource opened this issue Jan 18, 2024 · 4 comments
Assignees
@nastasha-solomon
Labels
bug Something isn't working Effort: Small Issues that can be resolved quickly Feature: Osquery Priority: Low Issues that need attention, but are not urgent Team: EDR Workflows Formerly Defend Workflows, Onboarding and Lifecycle Management v8.12.0

Comments

@sukhwindersingh-qasource
Copy link

sukhwindersingh-qasource commented Jan 18, 2024
edited
Loading

Documentation links

https://www.elastic.co/guide/en/security/current/alerts-run-osquery.html

Description

  • Outdated information mentioned in the step 5 for Osquery timeout field, As for now it got timed out as per the value we fill in the timeout field.

Screen
image (1)
shot

Which documentation set(s) does this bug apply to?

ESS only

Release version

This bug applies to the stack version 8.12.0
@sukhwindersingh-qasource sukhwindersingh-qasource added bug Something isn't working Team: EDR Workflows Formerly Defend Workflows, Onboarding and Lifecycle Management v8.12.0 labels Jan 18, 2024
@muskangulati-qasource
Copy link

Reviewed and assigned to @jmikell821

@nastasha-solomon
Copy link
Contributor

nastasha-solomon commented Jan 23, 2024
edited
Loading

@szwarckonrad the following question will likely spawn a separate doc update if needed:
Do you happen to know if the 5-minute timeout period was the default setting for live Osquery queries before 8.12? I checked the Kibana docs, and in versions 8.4-8.11, we tell users that queries will automatically timeout if there have been no responses after 5 minutes. For reference, see the second sentence in step 6 here.

cc: @natasha-moore-elastic

@nastasha-solomon nastasha-solomon mentioned this issue Jan 23, 2024
Merged
@nastasha-solomon nastasha-solomon added Feature: Osquery Effort: Small Issues that can be resolved quickly Priority: Low Issues that need attention, but are not urgent labels Jan 23, 2024
@nastasha-solomon
Copy link
Contributor

Thanks for the review, @sukhwindersingh-qasource! The docs are ready for review at #4658 when you have a chance.

@nastasha-solomon
Copy link
Contributor

Docs updated so closing this issue. Will follow up on this separately.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@nastasha-solomon nastasha-solomon

Labels
bug Something isn't working Effort: Small Issues that can be resolved quickly Feature: Osquery Priority: Low Issues that need attention, but are not urgent Team: EDR Workflows Formerly Defend Workflows, Onboarding and Lifecycle Management v8.12.0
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@jmikell821 @muskangulati-qasource @nastasha-solomon @sukhwindersingh-qasource