Feature Request: Import/export queries/packs via UI

[H2Cyber]

A feature request to implement the ability to import (and/or export) queries (and/or packs) via the UI.

I know this is feasible otherwise, but the ease (and consistency) of importing/exporting via the UI would be a great advantage for fleet.

Note that this feature has worked very well for other projects. Take GrayLog for example, after they have implemented Content Packs (which is a fancy name for "export configuration"), alot of their users started exporting and sharing configurations with the community. Heck, they now have an entire marketplace for it! :)

[noahtalerman]

Thank you for introducing me to GrayLog's marketplace.

Making it easier to import/export and share packs is something that we've discussed at Fleet. Off the top of my head, a couple of the goals this feature could help achieve are:

• Allowing users with multiple Fleet deployments to more easily share queries/packs across Fleet instances
• Easily grab useful packs and queries for use cases that are shared by multiple orgs (ex. compliance)

Why do you believe importing/exporting packs and queries via the UI would be advantageous for Fleet?

[H2Cyber]

Here are the reasons I can think about :

• Easily export dev environment setup (queries and packs) to prod environment, and vice versa
• Easily "backup" all existing queries and packs (just in case)
• Easily share and/or import queries/packs with the community

[mikermcneil]

From @kp3nguinz:

+1 to graylog

[EchoGangster]

I have also recently tried to see if this was possible with using Security Onion 2. Tried to add packs to the SO-Manager and haven't made any progress. Also manually created a pack and do not see where it resides in the file structure.