Elastic announces new updates across the Elastic Security solution in its 7.13 release to broaden support for osquery, the open source host instrumentation framework, with a new host management integration for Elastic Agent and unified analysis of osquery host data.
The osquery host management integration, now in beta, enables security teams to use osquery results to address cyber threats without the complexity or cost of a separate management layer. With one click, users can install and orchestrate osquery across their Windows, macOS, and Linux hosts.
Osquery data is ingested in Elasticsearch and shown in Kibana where users can run live queries with one or more agents, and define scheduled queries to capture changes to an organization’s security state.
From a single pane of glass, users can centralize security analytics and contextualize osquery results against other event data, anomalies, and threats, and leverage that context to improve host visibility, analytical power, and monitoring.
Enhanced capabilities also include prebuilt and custom SQL queries, as well as Kibana query guidance to support users with code completion, code hinting, and content assistance.