zentral icon indicating copy to clipboard operation
zentral copied to clipboard

Published 20 hours ago verified publisher icon zentralopensource

Import/Export pack configuration?

Open juju4 opened this issue 8 years ago • 4 comments

Hello,

Any way to import an existing pack configuration file either through gui or cli? More generally, would want to import/export queries, pack or osqueryd standalone config.

Thanks

juju4 avatar Mar 31 '17 20:03 juju4

Did you check out the probe feeds ? You add an osquery pack to probe feeds, then import to a new probe. Updates in the original pack will be indicated, you see a diff and decide to update your probe case by case.

Probes can be saved as a gist, i.e. you can share this with others or just store.

headmin avatar Apr 01 '17 14:04 headmin

No, I don't think so. But can I import through command line? where are the corresponding files?

File/Templates are easier to integrate in an orchestrated deployment.

juju4 avatar Apr 01 '17 15:04 juju4

There is a django management command to add a probe feed:

python server/manage.py add_probe_feed

There is actually no way to export and import the full zentral configuration via files, but we are currently trying to find a solution.

np5 avatar Apr 01 '17 20:04 np5

There is an API endpoint now to import Osquery packs.

np5 avatar Feb 01 '22 22:02 np5