Skip to content

Feature Request: Ability to enable/disable features in osctrl and osquery #703

New issue
New issue
Open
Feature
Open
Feature Request: Ability to enable/disable features in osctrl and osquery#703
Feature
Assignees
javuto
Labels
🙏 feature requestRequest for new featureosctrl-adminosctrl-admin related changesosctrl-apiosctrl-api related changesosctrl-tlsosctrl-tls related changes⚙️ configurationConfiguration related issues✨ enhancementNew feature or request
@javuto

Description

@javuto
javuto
opened on Sep 4, 2025

Current state

Right now osctrl is expected to be used to manage osquery for logging, configuration, on-demand queries and file carves. Those endpoints are exposed in osctrl-tls and the osquery flags for the one-liners and installation packages are created by default with all of them enabled.

Proposed change

If the osctrl functionality can be enabled or disabled on demand, which leads to more functionality being enabled or disabled in osquery, less infrastructure is exposed, the operational complexity of osctrl is reduced and it will be a more configurable solution. In osquery terms they are called plugins and running osqueryi --help has some information.

Impact

  • Adding configuration parameters for osctrl-tls so endpoints can be ran based on those parameters.
  • Adding configuration parameters for osctrl-admin so functionality can be disabled.

Metadata

Metadata

Assignees

Labels

🙏 feature requestRequest for new featureosctrl-adminosctrl-admin related changesosctrl-apiosctrl-api related changesosctrl-tlsosctrl-tls related changes⚙️ configurationConfiguration related issues✨ enhancementNew feature or request

Type

Feature

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions