Update a pack
Update a query pack using the pack ID.
You cannot update a prebuilt pack.
Body Required
-
description string | null
-
enabled boolean | null
-
id string | null
-
policy_ids array[string] | null
-
queries object
-
shards object
PUT /api/osquery/packs/{id}
curl \
-X PUT https://localhost:5601/api/osquery/packs/{id} \
-H "Content-Type: application/json; Elastic-Api-Version=2023-10-31"
Request examples
{
"description": "string",
"enabled": true,
"id": "string",
"policy_ids": [
"string"
],
"queries": {
"additionalProperty1": {
"ecs_mapping": {
"additionalProperty1": {
"field": "string",
"value": "string"
},
"additionalProperty2": {
"field": "string",
"value": "string"
}
},
"id": "string",
"platform": "string",
"query": "string",
"removed": true,
"saved_query_id": "string",
"snapshot": true,
"version": "string"
},
"additionalProperty2": {
"ecs_mapping": {
"additionalProperty1": {
"field": "string",
"value": "string"
},
"additionalProperty2": {
"field": "string",
"value": "string"
}
},
"id": "string",
"platform": "string",
"query": "string",
"removed": true,
"saved_query_id": "string",
"snapshot": true,
"version": "string"
}
},
"shards": {
"additionalProperty1": 42.0,
"additionalProperty2": 42.0
}
}
Response examples (200)
{}