Create a check definition

  • Versão de lançamento: Australia
  • Atualizado 12 de mar. de 2026
  • 1 min. de leitura

    • Create a check definition to execute the osquery command on the Agent.

    Antes de Iniciar

    Role required: agent_client_collector_integration or agent_client_collector_admin

    Procedimento

    1. In an Event Management instance, navigate to Agent Client Collector > Check Definitions.
    2. Click New.
    3. In the Name field, enter util.osquery.
    4. In the Check type field, enter osquery.
    5. In the Command field, enter the following script: 
      osqueryi  --logger_min_status 1 --json "{{.labels.params_query}} "
    6. In the Plugins field, enter the osquery plugin.
    7. In the Parameters section, enter the following values for a check parameter definition.
      ColumnValue
      Name query
      Default value select * from logged_in_users
      Mandatory true
    8. Click Test check and select one of the available agents.
      The test result appears, indicating its success or failure.