Policy: Turbot > Workspace > osquery

The osquery policy in your workspace plays a crucial role in controlling access and functionality related to the osquery integration. This policy directly influences the generation of JWT tokens and the availability of specific osquery-related APIs.

If the policy is set to Disabled, the APIs will not be operational, and the system will not generate JWT tokens. This means that you won't be able to enroll new agents, alter configurations, or log data via osquery until the policy is re-enabled.

Ensure that this policy is enabled if you need to use osquery features within your workspace.

Resource Types

This policy targets the following resource types:

Turbot

Primary Policy

This policy is used with the following primary policy:

Turbot > Workspace

Controls

Turbot > Workspace > osquery

Policy Specification

Schema Type	`string`
Default	`Enabled`
Valid Values [YAML]	`Enabled` `Disabled`

In Your Workspace

Policy Settings by Type report

Developers

Category URI

tmod:@turbot/turbot#/control/categories/turbot

Policy Type URI

tmod:@turbot/osquery#/policy/types/workspaceOsquery

GraphQL

query policyType(id: "tmod:@turbot/osquery#/policy/types/workspaceOsquery") { … }

query policySettings(filter: "policyTypeId:'tmod:@turbot/osquery#/policy/types/workspaceOsquery'") { … }

query policyValues(filter: "policyTypeId:'tmod:@turbot/osquery#/policy/types/workspaceOsquery'") { … }

CLI

Get Policy Type

turbot graphql policy-type --id "tmod:@turbot/osquery#/policy/types/workspaceOsquery"

Get Policy Settings

turbot graphql policy-settings --filter "policyTypeId:tmod:@turbot/osquery#/policy/types/workspaceOsquery"