Kibana · Capability
Kibana APIs — Security Osquery API
Kibana APIs — Security Osquery API. 19 operations. Lead operation: Get unified query history. Self-contained Naftiko capability covering one Kibana business surface.
What You Can Do
GET
Osquerygetunifiedhistory
— Get unified query history
/v1/api/osquery/history
GET
Osqueryfindlivequeries
— Get live queries
/v1/api/osquery/live-queries
POST
Osquerycreatelivequery
— Create a live query
/v1/api/osquery/live-queries
GET
Osquerygetlivequerydetails
— Get live query details
/v1/api/osquery/live-queries/{id}
GET
Osquerygetlivequeryresults
— Get live query results
/v1/api/osquery/live-queries/{id}/results/{actionid}
GET
Osqueryfindpacks
— Get packs
/v1/api/osquery/packs
POST
Osquerycreatepacks
— Create a pack
/v1/api/osquery/packs
DELETE
Osquerydeletepacks
— Delete a pack
/v1/api/osquery/packs/{id}
GET
Osquerygetpacksdetails
— Get pack details
/v1/api/osquery/packs/{id}
PUT
Osqueryupdatepacks
— Update a pack
/v1/api/osquery/packs/{id}
POST
Osquerycopypacks
— Copy a pack
/v1/api/osquery/packs/{id}/copy
GET
Osqueryfindsavedqueries
— Get saved queries
/v1/api/osquery/saved-queries
POST
Osquerycreatesavedquery
— Create a saved query
/v1/api/osquery/saved-queries
DELETE
Osquerydeletesavedquery
— Delete a saved query
/v1/api/osquery/saved-queries/{id}
GET
Osquerygetsavedquerydetails
— Get saved query details
/v1/api/osquery/saved-queries/{id}
PUT
Osqueryupdatesavedquery
— Update a saved query
/v1/api/osquery/saved-queries/{id}
POST
Osquerycopysavedquery
— Copy a saved query
/v1/api/osquery/saved-queries/{id}/copy
GET
Osquerygetscheduledactionresults
— Get scheduled action results
/v1/api/osquery/scheduled-results/{scheduleid}/{executioncount}
GET
Osquerygetscheduledqueryresults
— Get scheduled query results
/v1/api/osquery/scheduled-results/{scheduleid}/{executioncount}/results
MCP Tools
get-unified-query-history
Get unified query history
read-only
idempotent
get-live-queries
Get live queries
read-only
idempotent
create-live-query
Create a live query
read-only
get-live-query-details
Get live query details
read-only
idempotent
get-live-query-results
Get live query results
read-only
idempotent
get-packs
Get packs
read-only
idempotent
create-pack
Create a pack
delete-pack
Delete a pack
idempotent
get-pack-details
Get pack details
read-only
idempotent
update-pack
Update a pack
idempotent
copy-pack
Copy a pack
get-saved-queries
Get saved queries
read-only
idempotent
create-saved-query
Create a saved query
read-only
delete-saved-query
Delete a saved query
idempotent
get-saved-query-details
Get saved query details
read-only
idempotent
update-saved-query
Update a saved query
idempotent
copy-saved-query
Copy a saved query
read-only
get-scheduled-action-results
Get scheduled action results
read-only
idempotent
get-scheduled-query-results
Get scheduled query results
read-only
idempotent
Capability Spec
naftiko: 1.0.0-alpha2
info:
label: Kibana APIs — Security Osquery API
description: 'Kibana APIs — Security Osquery API. 19 operations. Lead operation: Get unified query history. Self-contained
Naftiko capability covering one Kibana business surface.'
tags:
- Kibana
- Security Osquery API
created: '2026-05-19'
modified: '2026-05-19'
binds:
- namespace: env
keys:
KIBANA_API_KEY: KIBANA_API_KEY
capability:
consumes:
- type: http
namespace: kibana-security-osquery-api
baseUri: https://{kibana_url}
description: Kibana APIs — Security Osquery API business capability. Self-contained, no shared references.
resources:
- name: api-osquery-history
path: /api/osquery/history
operations:
- name: osquerygetunifiedhistory
method: GET
description: Get unified query history
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: pageSize
in: query
type: integer
description: The number of results to return per page.
- name: nextPage
in: query
type: string
description: A base64-encoded cursor for pagination. Use the value from the previous response to fetch the next
page.
- name: kuery
in: query
type: string
description: A search string to filter history entries by pack name, query text, or query ID.
- name: userIds
in: query
type: string
description: Comma-separated list of user IDs to filter live query history.
- name: sourceFilters
in: query
type: string
description: Comma-separated list of source types to include. Valid values are `live`, `rule`, and `scheduled`.
- name: startDate
in: query
type: string
description: The start of the time range filter (ISO 8601).
- name: endDate
in: query
type: string
description: The end of the time range filter (ISO 8601).
- name: api-osquery-live_queries
path: /api/osquery/live_queries
operations:
- name: osqueryfindlivequeries
method: GET
description: Get live queries
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: kuery
in: query
type: string
description: A KQL search string to filter live queries.
- name: page
in: query
type: string
description: The page number to return.
- name: pageSize
in: query
type: string
description: The number of results to return per page.
- name: sort
in: query
type: string
description: The field to sort results by.
- name: sortOrder
in: query
type: string
description: The sort order.
- name: osquerycreatelivequery
method: POST
description: Create a live query
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: body
in: body
type: object
description: Request body (JSON).
required: true
- name: api-osquery-live_queries-id
path: /api/osquery/live_queries/{id}
operations:
- name: osquerygetlivequerydetails
method: GET
description: Get live query details
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: id
in: path
type: string
description: The ID of the live query.
required: true
- name: api-osquery-live_queries-id-results-actionId
path: /api/osquery/live_queries/{id}/results/{actionId}
operations:
- name: osquerygetlivequeryresults
method: GET
description: Get live query results
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: id
in: path
type: string
description: The ID of the live query.
required: true
- name: actionId
in: path
type: string
description: The ID of the query action.
required: true
- name: kuery
in: query
type: string
description: A KQL search string to filter results.
- name: page
in: query
type: string
description: The page number to return.
- name: pageSize
in: query
type: string
description: The number of results to return per page.
- name: sort
in: query
type: string
description: The field to sort results by.
- name: sortOrder
in: query
type: string
description: The sort order.
- name: api-osquery-packs
path: /api/osquery/packs
operations:
- name: osqueryfindpacks
method: GET
description: Get packs
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: page
in: query
type: string
description: The page number to return.
- name: pageSize
in: query
type: string
description: The number of results to return per page.
- name: sort
in: query
type: string
description: The field to sort results by.
- name: sortOrder
in: query
type: string
description: The sort order.
- name: osquerycreatepacks
method: POST
description: Create a pack
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: body
in: body
type: object
description: Request body (JSON).
required: true
- name: api-osquery-packs-id
path: /api/osquery/packs/{id}
operations:
- name: osquerydeletepacks
method: DELETE
description: Delete a pack
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: id
in: path
type: string
description: The pack ID.
required: true
- name: osquerygetpacksdetails
method: GET
description: Get pack details
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: id
in: path
type: string
description: The pack ID.
required: true
- name: osqueryupdatepacks
method: PUT
description: Update a pack
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: id
in: path
type: string
description: The pack ID.
required: true
- name: body
in: body
type: object
description: Request body (JSON).
required: true
- name: api-osquery-packs-id-copy
path: /api/osquery/packs/{id}/copy
operations:
- name: osquerycopypacks
method: POST
description: Copy a pack
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: id
in: path
type: string
description: The ID of the pack to copy.
required: true
- name: api-osquery-saved_queries
path: /api/osquery/saved_queries
operations:
- name: osqueryfindsavedqueries
method: GET
description: Get saved queries
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: page
in: query
type: string
description: The page number to return.
- name: pageSize
in: query
type: string
description: The number of results to return per page.
- name: sort
in: query
type: string
description: The field to sort results by.
- name: sortOrder
in: query
type: string
description: The sort order.
- name: osquerycreatesavedquery
method: POST
description: Create a saved query
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: body
in: body
type: object
description: Request body (JSON).
required: true
- name: api-osquery-saved_queries-id
path: /api/osquery/saved_queries/{id}
operations:
- name: osquerydeletesavedquery
method: DELETE
description: Delete a saved query
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: id
in: path
type: string
description: The saved query ID.
required: true
- name: osquerygetsavedquerydetails
method: GET
description: Get saved query details
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: id
in: path
type: string
description: The saved query ID.
required: true
- name: osqueryupdatesavedquery
method: PUT
description: Update a saved query
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: id
in: path
type: string
description: The saved query ID.
required: true
- name: body
in: body
type: object
description: Request body (JSON).
required: true
- name: api-osquery-saved_queries-id-copy
path: /api/osquery/saved_queries/{id}/copy
operations:
- name: osquerycopysavedquery
method: POST
description: Copy a saved query
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: id
in: path
type: string
description: The ID of the saved query to copy.
required: true
- name: api-osquery-scheduled_results-scheduleId-executionCount
path: /api/osquery/scheduled_results/{scheduleId}/{executionCount}
operations:
- name: osquerygetscheduledactionresults
method: GET
description: Get scheduled action results
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: scheduleId
in: path
type: string
description: The schedule ID of the scheduled query.
required: true
- name: executionCount
in: path
type: integer
description: The execution count for this scheduled query run.
required: true
- name: kuery
in: query
type: string
description: The kuery to filter the results by.
- name: page
in: query
type: string
description: The page number to return. The default is 1.
- name: pageSize
in: query
type: string
description: The number of results to return per page. The default is 20.
- name: sort
in: query
type: string
description: The field that is used to sort the results.
- name: sortOrder
in: query
type: string
description: Specifies the sort order.
- name: api-osquery-scheduled_results-scheduleId-executionCount-results
path: /api/osquery/scheduled_results/{scheduleId}/{executionCount}/results
operations:
- name: osquerygetscheduledqueryresults
method: GET
description: Get scheduled query results
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: scheduleId
in: path
type: string
description: The schedule ID of the scheduled query.
required: true
- name: executionCount
in: path
type: integer
description: The execution count for this scheduled query run.
required: true
- name: kuery
in: query
type: string
description: The kuery to filter the results by.
- name: page
in: query
type: string
description: The page number to return. The default is 1.
- name: pageSize
in: query
type: string
description: The number of results to return per page. The default is 20.
- name: sort
in: query
type: string
description: The field that is used to sort the results.
- name: sortOrder
in: query
type: string
description: Specifies the sort order.
- name: startDate
in: query
type: string
description: The start date filter (ISO 8601) to narrow down results.
authentication:
type: apikey
key: Authorization
value: '{{env.KIBANA_API_KEY}}'
placement: header
exposes:
- type: rest
namespace: kibana-security-osquery-api-rest
port: 8080
description: REST adapter for Kibana APIs — Security Osquery API. One Spectral-compliant resource per consumed operation,
prefixed with /v1.
resources:
- path: /v1/api/osquery/history
name: api-osquery-history
description: REST surface for api-osquery-history.
operations:
- method: GET
name: osquerygetunifiedhistory
description: Get unified query history
call: kibana-security-osquery-api.osquerygetunifiedhistory
with:
pageSize: rest.pageSize
nextPage: rest.nextPage
kuery: rest.kuery
userIds: rest.userIds
sourceFilters: rest.sourceFilters
startDate: rest.startDate
endDate: rest.endDate
outputParameters:
- type: object
mapping: $.
- path: /v1/api/osquery/live-queries
name: api-osquery-live-queries
description: REST surface for api-osquery-live_queries.
operations:
- method: GET
name: osqueryfindlivequeries
description: Get live queries
call: kibana-security-osquery-api.osqueryfindlivequeries
with:
kuery: rest.kuery
page: rest.page
pageSize: rest.pageSize
sort: rest.sort
sortOrder: rest.sortOrder
outputParameters:
- type: object
mapping: $.
- method: POST
name: osquerycreatelivequery
description: Create a live query
call: kibana-security-osquery-api.osquerycreatelivequery
with:
body: rest.body
outputParameters:
- type: object
mapping: $.
- path: /v1/api/osquery/live-queries/{id}
name: api-osquery-live-queries-id
description: REST surface for api-osquery-live_queries-id.
operations:
- method: GET
name: osquerygetlivequerydetails
description: Get live query details
call: kibana-security-osquery-api.osquerygetlivequerydetails
with:
id: rest.id
outputParameters:
- type: object
mapping: $.
- path: /v1/api/osquery/live-queries/{id}/results/{actionid}
name: api-osquery-live-queries-id-results-actionid
description: REST surface for api-osquery-live_queries-id-results-actionId.
operations:
- method: GET
name: osquerygetlivequeryresults
description: Get live query results
call: kibana-security-osquery-api.osquerygetlivequeryresults
with:
id: rest.id
actionId: rest.actionId
kuery: rest.kuery
page: rest.page
pageSize: rest.pageSize
sort: rest.sort
sortOrder: rest.sortOrder
outputParameters:
- type: object
mapping: $.
- path: /v1/api/osquery/packs
name: api-osquery-packs
description: REST surface for api-osquery-packs.
operations:
- method: GET
name: osqueryfindpacks
description: Get packs
call: kibana-security-osquery-api.osqueryfindpacks
with:
page: rest.page
pageSize: rest.pageSize
sort: rest.sort
sortOrder: rest.sortOrder
outputParameters:
- type: object
mapping: $.
- method: POST
name: osquerycreatepacks
description: Create a pack
call: kibana-security-osquery-api.osquerycreatepacks
with:
body: rest.body
outputParameters:
- type: object
mapping: $.
- path: /v1/api/osquery/packs/{id}
name: api-osquery-packs-id
description: REST surface for api-osquery-packs-id.
operations:
- method: DELETE
name: osquerydeletepacks
description: Delete a pack
call: kibana-security-osquery-api.osquerydeletepacks
with:
id: rest.id
outputParameters:
- type: object
mapping: $.
- method: GET
name: osquerygetpacksdetails
description: Get pack details
call: kibana-security-osquery-api.osquerygetpacksdetails
with:
id: rest.id
outputParameters:
- type: object
mapping: $.
- method: PUT
name: osqueryupdatepacks
description: Update a pack
call: kibana-security-osquery-api.osqueryupdatepacks
with:
id: rest.id
body: rest.body
outputParameters:
- type: object
mapping: $.
- path: /v1/api/osquery/packs/{id}/copy
name: api-osquery-packs-id-copy
description: REST surface for api-osquery-packs-id-copy.
operations:
- method: POST
name: osquerycopypacks
description: Copy a pack
call: kibana-security-osquery-api.osquerycopypacks
with:
id: rest.id
outputParameters:
- type: object
mapping: $.
- path: /v1/api/osquery/saved-queries
name: api-osquery-saved-queries
description: REST surface for api-osquery-saved_queries.
operations:
- method: GET
name: osqueryfindsavedqueries
description: Get saved queries
call: kibana-security-osquery-api.osqueryfindsavedqueries
with:
page: rest.page
pageSize: rest.pageSize
sort: rest.sort
sortOrder: rest.sortOrder
outputParameters:
- type: object
mapping: $.
- method: POST
name: osquerycreatesavedquery
description: Create a saved query
call: kibana-security-osquery-api.osquerycreatesavedquery
with:
body: rest.body
outputParameters:
- type: object
mapping: $.
- path: /v1/api/osquery/saved-queries/{id}
name: api-osquery-saved-queries-id
description: REST surface for api-osquery-saved_queries-id.
operations:
- method: DELETE
name: osquerydeletesavedquery
description: Delete a saved query
call: kibana-security-osquery-api.osquerydeletesavedquery
with:
id: rest.id
outputParameters:
- type: object
mapping: $.
- method: GET
name: osquerygetsavedquerydetails
description: Get saved query details
call: kibana-security-osquery-api.osquerygetsavedquerydetails
with:
id: rest.id
outputParameters:
- type: object
mapping: $.
- method: PUT
name: osqueryupdatesavedquery
description: Update a saved query
call: kibana-security-osquery-api.osqueryupdatesavedquery
with:
id: rest.id
body: rest.body
outputParameters:
- type: object
mapping: $.
- path: /v1/api/osquery/saved-queries/{id}/copy
name: api-osquery-saved-queries-id-copy
description: REST surface for api-osquery-saved_queries-id-copy.
operations:
- method: POST
name: osquerycopysavedquery
description: Copy a saved query
call: kibana-security-osquery-api.osquerycopysavedquery
with:
id: rest.id
outputParameters:
- type: object
mapping: $.
- path: /v1/api/osquery/scheduled-results/{scheduleid}/{executioncount}
name: api-osquery-scheduled-results-scheduleid-executioncount
description: REST surface for api-osquery-scheduled_results-scheduleId-executionCount.
operations:
- method: GET
name: osquerygetscheduledactionresults
description: Get scheduled action results
call: kibana-security-osquery-api.osquerygetscheduledactionresults
with:
scheduleId: rest.scheduleId
executionCount: rest.executionCount
kuery: rest.kuery
page: rest.page
pageSize: rest.pageSize
sort: rest.sort
sortOrder: rest.sortOrder
outputParameters:
- type: object
mapping: $.
- path: /v1/api/osquery/scheduled-results/{scheduleid}/{executioncount}/results
name: api-osquery-scheduled-results-scheduleid-executioncount-results
description: REST surface for api-osquery-scheduled_results-scheduleId-executionCount-results.
operations:
- method: GET
name: osquerygetscheduledqueryresults
description: Get scheduled query results
call: kibana-security-osquery-api.osquerygetscheduledqueryresults
with:
scheduleId: rest.scheduleId
executionCount: rest.executionCount
kuery: rest.kuery
page: rest.page
pageSize: rest.pageSize
sort: rest.sort
sortOrder: rest.sortOrder
startDate: rest.startDate
outputParameters:
- type: object
mapping: $.
- type: mcp
namespace: kibana-security-osquery-api-mcp
port: 9090
transport: http
description: MCP adapter for Kibana APIs — Security Osquery API. One tool per consumed operation, routed inline through
this capability's consumes block.
tools:
- name: get-unified-query-history
description: Get unified query history
hints:
readOnly: true
destructive: false
idempotent: true
call: kibana-security-osquery-api.osquerygetunifiedhistory
with:
pageSize: tools.pageSize
nextPage: tools.nextPage
kuery: tools.kuery
userIds: tools.userIds
sourceFilters: tools.sourceFilters
startDate: tools.startDate
endDate: tools.endDate
outputParameters:
- type: object
mapping: $.
- name: get-live-queries
description: Get live queries
hints:
readOnly: true
destructive: false
idempotent: true
call: kibana-security-osquery-api.osqueryfindlivequeries
with:
kuery: tools.kuery
page: tools.page
pageSize: tools.pageSize
sort: tools.sort
sortOrder: tools.sortOrder
outputParameters:
- type: object
mapping: $.
- name: create-live-query
description: Create a live query
hints:
readOnly: true
destructive: false
idempotent: false
call: kibana-security-osquery-api.osquerycreatelivequery
with:
body: tools.body
outputParameters:
- type: object
mapping: $.
- name: get-live-query-details
description: Get live query details
hints:
readOnly: true
destructive: false
idempotent: true
call: kibana-security-osquery-api.osquerygetlivequerydetails
with:
id: tools.id
outputParameters:
- type: object
mapping: $.
- name: get-live-query-results
description: Get live query results
hints:
readOnly: true
destructive: false
idempotent: true
call: kibana-security-osquery-api.osquerygetlivequeryresults
with:
id: tools.id
actionId: tools.actionId
kuery: tools.kuery
page: tools.page
pageSize: tools.pageSize
sort: tools.sort
sortOrder: tools.sortOrder
outputParameters:
- type: object
mapping: $.
- name: get-packs
description: Get packs
hints:
readOnly: true
destructive: false
idempotent: true
call: kibana-security-osquery-api.osqueryfindpacks
with:
page: tools.page
pageSize: tools.pageSize
sort: tools.sort
sortOrder: tools.sortOrder
outputParameters:
- type: object
mapping: $.
- name: create-pack
description: Create a pack
hints:
readOnly: false
destructive: false
idempotent: false
call: kibana-security-osquery-api.osquerycreatepacks
with:
body: tools.body
outputParameters:
- type: object
mapping: $.
- name: delete-pack
description: Delete a pack
hints:
readOnly: false
destructive: true
idempotent: true
call: kibana-security-osquery-api.osquerydeletepacks
with:
id: tools.id
outputParameters:
- type: object
mapping: $.
- name: get-pack-details
description: Get pack details
hints:
readOnly: true
destructive: false
idempotent: true
call: kibana-security-osquery-api.osquerygetpacksdetails
with:
id: tools.id
outputParameters:
- type: object
mapping: $.
- name: update-pack
description: Update a pack
hints:
readOnly: false
destructive: false
idempotent: true
call: kibana-security-osquery-api.osqueryupdatepacks
with:
id: tools.id
body: tools.body
outputParameters:
- type: object
mapping: $.
- name: copy-pack
description: Copy a pack
hints:
readOnly: false
destructive: false
idempotent: false
call: kibana-security-osquery-api.osquerycopypacks
with:
id: tools.id
outputParameters:
- type: object
mapping: $.
- name: get-saved-queries
description: Get saved queries
hints:
readOnly: true
destructive: false
idempotent: true
call: kibana-security-osquery-api.osqueryfindsavedqueries
with:
page: tools.page
pageSize: tools.pageSize
sort: tools.sort
sortOrder: tools.sortOrder
outputParameters:
- type: object
mapping: $.
- name: create-saved-query
description: Create a saved query
hints:
readOnly: true
destructive: false
idempotent: false
call: kibana-security-osquery-api.osquerycreatesavedquery
with:
body: tools.body
outputParameters:
- type: object
mapping: $.
- name: delete-saved-query
description: Delete a saved query
hints:
readOnly: false
destructive: true
idempotent: true
call: kibana-security-osquery-api.osquerydeletesavedquery
with:
id: tools.id
outputParameters:
- type: object
mapping: $.
- name: get-saved-query-details
description: Get saved query details
hints:
readOnly: true
destructive: false
idempotent: true
call: kibana-security-osquery-api.osquerygetsavedquerydetails
with:
id: tools.id
outputParameters:
- type: object
mapping: $.
- name: update-saved-query
description: Update a saved query
hints:
readOnly: false
destructive: false
idempotent: true
call: kibana-security-osquery-api.osqueryupdatesavedquery
with:
id: tools.id
body: tools.body
outputParameters:
- type: object
mapping: $.
- name: copy-saved-query
description: Copy a saved query
hints:
readOnly: true
destructive: false
idempotent: false
call: kibana-security-osquery-api.osquerycopysavedquery
with:
id: tools.id
outputParameters:
- type: object
mapping: $.
- name: get-scheduled-action-results
description: Get scheduled action results
hints:
readOnly: true
destructive: false
idempotent: true
call: kibana-security-osquery-api.osquerygetscheduledactionresults
with:
scheduleId: tools.scheduleId
executionCount: tools.executionCount
kuery: tools.kuery
page: tools.page
pageSize: tools.pageSize
sort: tools.sort
sortOrder: tools.sortOrder
outputParameters:
- type: object
mapping: $.
- name: get-scheduled-query-results
description: Get scheduled query results
hints:
readOnly: true
destructive: false
idempotent: true
call: kibana-security-osquery-api.osquerygetscheduledqueryresults
with:
scheduleId: tools.scheduleId
executionCount: tools.executionCount
kuery: tools.kuery
page: tools.page
pageSize: tools.pageSize
sort: tools.sort
sortOrder: tools.sortOrder
startDate: tools.startDate
outputParameters:
- type: object
mapping: $.