The following screenshot demonstrates how these elements are made accessible:
Navitagation Navigation as well as available options are very similar to the ones offered in the queries section:
The creation interface for packs is as follows:
Pack definition, description fields and targets (1): Allows you to assign a name and description to new packs, as well as define the sets of endpoints to configure the pack execution for. Clicking on the Select pack targets button shows the different targetting options available for the pack, which are the same as for individual query executions, as explained in the using queries section of this manual.
Information about query packs (2): This section provides some useful information on the operation of the packages.
The Editing interface for packs is as follows:
Pack definition, description fields and targets (1): Like creating packs, this section allows you to assign a name and description to edited packs, as well as the define the sets of endpoints.
Use the icon to add the definition of the target to the list of targets specified for the pack. Targets can be defined based on individual host names or IP addresses, or by creating and applying custom tags. Click on the Save button to apply the changes, or the Cancel button to disregard them.
Query name: Textual identifier of the query.
FrecuencyFrequency(s): Number of seconds between consecutive executions of the query (execution cadence).
Edit: The above settings can be edited in the window shown by clicking on the Actions button, in addition to Minimum ossuary version, which defines the specific version of the targeted Osquery agent and Shard (percentage), that defines the percentage (1-100) of target endpoints addressed per execution.
Remove: It is possible to remove a query from the current pack by clicking on this button. This will not delete the query itself, as it will continue to be available under the Queries section of the application.
Add query and filtering bar (3): It is possible to introduce values in the field to filter out the results of a query included in the pack to those registries that match the introduced text. By clicking in Add query you can add a new query to this pack.
Column names / sorting buttons (4): The first row in the table displays the name for each column in the table. It is possible to sort the results by name.