From 120fdef17353e9a549585c1e67523dd21a279016 Mon Sep 17 00:00:00 2001
From: Josh Brower <Josh@Defensivedepth.com>
Date: Tue, 20 Sep 2022 08:27:47 -0400
Subject: [PATCH] Hunt Query - Elastic Agent Live Osquery Logs

---
 salt/soc/defaults.yaml | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/salt/soc/defaults.yaml b/salt/soc/defaults.yaml
index 7ba352e34..44e75feca 100644
--- a/salt/soc/defaults.yaml
+++ b/salt/soc/defaults.yaml
@@ -797,9 +797,6 @@ soc:
           - name: NTLM
             description: NTLM grouped by computer name
             query: 'event.dataset:ntlm | groupby ntlm.server.dns.name'
-          - name: Osquery Live Queries
-            description: Osquery Live Query results grouped by computer name
-            query: 'event.dataset:live_query | groupby host.hostname'
           - name: PE
             description: PE files list
             query: 'event.dataset:pe | groupby file.machine file.os file.subsystem'
@@ -1457,9 +1454,6 @@ soc:
           - name: NTLM
             description: NTLM logs
             query: 'event.dataset:ntlm | groupby ntlm.server.dns.name | groupby ntlm.server.nb.name | groupby ntlm.server.tree.name | groupby ntlm.success | groupby source.ip | groupby destination.ip | groupby destination.port'
-          - name: Osquery Live Queries
-            description: Osquery Live Query results
-            query: 'event.dataset:live_query | groupby host.hostname'
           - name: PE
             description: PE files list
             query: 'event.dataset:pe | groupby file.machine | groupby file.os | groupby file.subsystem | groupby file.section_names | groupby file.is_exe | groupby file.is_64bit'