elasticmachine
commented
6 months ago Pinging @elastic/sec-deployment-and-devices (Team:Security-Deployment and Devices)
Open jvalente-salemstate opened 6 months ago
elasticmachine
commented
6 months ago Pinging @elastic/sec-deployment-and-devices (Team:Security-Deployment and Devices)
taylor-swanson
commented
6 months ago Looks like OSQuery Manager is owned by @elastic/security-asset-management, redirecting to that team.
tomsonpl
commented
6 months ago cc: @dasansol92
Perhaps this isn't currently possible since I don't see where tags are used outside of one page in the Fleet UI. If they're not available outside of this, I'll post a FR for that too.
Currently OSQuery Manager can target by platform and agent policy. It would be very helpful to also target agents by tag and avoid splitting into different policies to accomplish the same.
For example, our agent policies for PeopleSoft servers are the same as the logging and configurations are nearly identical. We could schedule different queries for one environment and a different schedule or query based off what the tag is. With two of three (production, not even counting test or dev) PS servers that may be Database, Web, and so forth already possibly in different policies, tag based queries would allow for a high level of granularity without an excessive number of granular policies.