Skip to content

feat(osquery_manager): add config-driven osquery schema generator under _dev/scripts#17781

Open
marc-gr wants to merge 3 commits intoelastic:mainfrom
marc-gr:feat/osquery-schemas-in-package
Open

feat(osquery_manager): add config-driven osquery schema generator under _dev/scripts#17781
marc-gr wants to merge 3 commits intoelastic:mainfrom
marc-gr:feat/osquery-schemas-in-package

Conversation

@marc-gr
Copy link
Contributor

@marc-gr marc-gr commented Mar 12, 2026

Proposed commit message

Enhancement: migrate osquery_manager schema generation to a standalone, config-driven tool under _dev/scripts

This PR consolidates osquery schema generation into a single standalone tool at packages/osquery_manager/_dev/scripts/osquery-gen.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.
  • I have verified that any added dashboard complies with Kibana's Dashboard good practices

How to test this PR locally

  1. From integrations repo: 
    cd packages/osquery_manager/_dev/scripts/osquery-gen
  2. Create local config: 
    cp config.example.yml config.yml
# edit explicit versions as needed
  3. Run generation (default includes package check): 
    go run . -config ./config.yml
  4. For iterative dev runs (skip package check): 
    go run . -config ./config.yml -skip-package-check
  5. Verify outputs:
    • packages/osquery_manager/data_stream/result/fields/osquery.yml
    • packages/osquery_manager/data_stream/result/fields/ecs.yml
    • packages/osquery_manager/schemas/osquery.json
    • packages/osquery_manager/schemas/ecs.json
  6. Run package validation explicitly (if skipped during dev): 
    elastic-package -C packages/osquery_manager check

@marc-gr marc-gr requested a review from tomsonpl March 12, 2026 11:50
@marc-gr marc-gr added the enhancement New feature or request label Mar 12, 2026
@marc-gr marc-gr requested a review from a team as a code owner March 12, 2026 11:50
@marc-gr marc-gr added Integration:osquery_manager Osquery Manager Team:Security-Windows Platform Security Windows Platform team [elastic/sec-windows-platform] labels Mar 12, 2026
@marc-gr marc-gr requested a review from paul-tavares March 12, 2026 11:50
@elasticmachine
Copy link

elasticmachine commented Mar 12, 2026

Pinging @elastic/sec-windows-platform (Team:Security-Windows Platform)

@github-actions
Copy link
Contributor

github-actions bot commented Mar 12, 2026
edited
Loading

✅ Vale Linting Results

No issues found on modified lines!

The Vale linter checks documentation changes against the Elastic Docs style guide.

To use Vale locally or report issues, refer to Elastic style guide for Vale.

@marc-gr
Copy link
Contributor Author

marc-gr commented Mar 12, 2026

/ai

@elasticmachine
Copy link

elasticmachine commented Mar 12, 2026
edited
Loading

💔 Build Failed

Failed CI Steps

History

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tomsonpl tomsonpl Awaiting requested review from tomsonpl

@paul-tavares paul-tavares Awaiting requested review from paul-tavares paul-tavares is a code owner automatically assigned from elastic/security-defend-workflows

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

enhancement New feature or request Integration:osquery_manager Osquery Manager Team:Security-Windows Platform Security Windows Platform team [elastic/sec-windows-platform]

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@marc-gr @elasticmachine