osquery DSM specifications
When you configure osquery, understanding the specifications for the osquery DSM can help ensure a successful integration. For example, knowing what the supported version of osquery is before you begin can help reduce frustration during the configuration process.
The following table describes the specifications for the osquery DSM
| Specification | Value |
|---|---|
| DSM name | osquery |
| RPM file name | DSM-osquery-QRadar_version-build_number.noarch.rpm |
| Supported versions | 3.3.2 |
| Protocol |
Syslog TCP Multiline Syslog |
| Event format | JSON |
| Recorded event types | Access Audit Authentication System |
| Automatically discovered? | No |
| Includes identity? | No |
| Includes custom properties? | Yes |
| More information | osquery website (https://osquery.io) |