Merge pull request #8778 from Security-Onion-Solutions/2.4/elastic-fleet

Hunt Query - Elastic Agent Live Osquery Logs

salt/soc/defaults.yaml

@@ -797,9 +797,6 @@ soc:
           - name: NTLM
             description: NTLM grouped by computer name
             query: 'event.dataset:ntlm | groupby ntlm.server.dns.name'
-          - name: Osquery Live Queries
-            description: Osquery Live Query results grouped by computer name
-            query: 'event.dataset:live_query | groupby host.hostname'
           - name: PE
             description: PE files list
             query: 'event.dataset:pe | groupby file.machine file.os file.subsystem'
@@ -1457,9 +1454,6 @@ soc:
           - name: NTLM
             description: NTLM logs
             query: 'event.dataset:ntlm | groupby ntlm.server.dns.name | groupby ntlm.server.nb.name | groupby ntlm.server.tree.name | groupby ntlm.success | groupby source.ip | groupby destination.ip | groupby destination.port'
-          - name: Osquery Live Queries
-            description: Osquery Live Query results
-            query: 'event.dataset:live_query | groupby host.hostname'
           - name: PE
             description: PE files list
             query: 'event.dataset:pe | groupby file.machine | groupby file.os | groupby file.subsystem | groupby file.section_names | groupby file.is_exe | groupby file.is_64bit'