Upgrading Osquery Agent Using API

Osquery Upgrade via API

Introduction
Uptycs provides an Osquery upgrade API call (assets/upgradeOsquery) to assist you with upgrading the Osquery agent on your assets along with the GUI functionality.

Different Ways To Update Assets:
1.) Updating assets manually:
- You can update the Uptycs osquery agent individually on the asset or on a list of asset using the "assetIds" parameter. The call would look like this.
  1. {
        "assetIds": [
            "12c8900f-beb3-1140-9c09-bcae9aaba69c"
        ],
        "osqVersion": "5.10.2.16-Uptycs-Protect",
        "upgradeState": true
    }


2.) Using Asset Group tags:
- Using the above method can be useful for testing or if you want to upgrade a one-off agent. However, the above method is not scalable. To upgrade a wider set of fleet, we can make use of asset group tags or asset tags in the API calls using the "tags" parameter. In this section, we will look at the asset group tags. When an asset group gets created, a corresponding asset group tag also gets created which could be leveraged in this API call. An example call is shown below.
  1. {
        "tags":[{"key":"asset-group"}, {"value":"enrolling"}],
        "osqVersion": "5.10.2.16-Uptycs-Protect",
        "upgradeState": true
    }


3.) Asset Tags:
- Similar to asset group tags, asset tags can also be leveraged to update the Uptycs osquery agent on the assets associated with those tags. Asset tags could be created to associate various set of assets having a common characteristic. For example:- assets sharing common naming convention like assets whose hostname starts with the word "DESKTOP",  assets running a particular process like "nginx", etc. An example screenshot of an asset tag rule tagging assets having "DESKTOP" in their hostname is shown below.


Now, you can use the asset tag to upgrade the Uptycs osquery agent on the assets associated with this tag as shown below.
  1. {
        "tags":[{"key":"DESKTOP-ASSETS"}],
        "osqVersion": "5.10.2.16-Uptycs-Protect",
        "upgradeState": true
    }



4.) All assets:
- If you want to upgrade the Uptycs osquery agent on all the assets using this API, you can do the same by leveraging the "all" tag.  A sample call for the same is shown below.
  1. {
        "tags":[{"key":"all"}],
        "osqVersion": "5.10.2.16-Uptycs-Protect",
        "upgradeState": true
    }


Example Scenario: You have different kind of assets like lab assets, developer laptops, production servers, etc. in which you want to upgrade the osquery agent in phased manner like initially upgrading lab assets then upgrading developer machines and at last upgrading the production servers. You can achieve this using this API call as well. A sample call is shown below.
  1. {
        "tags":[{"key":"lab-assets"}],
        "osqVersion":"5.10.2.16-Uptycs-Protect",
        "upgradeAfterTime":"2024-03-24T14:15:22z",
        "tags":[{"key":"developer-laptops"}],
        "osqVersion":"5.10.2.16-Uptycs-Protect",
        "upgradeAfterTime":"2024-03-31T14:15:22z",
        "tags":[{"key":"developer-laptops"}],
        "osqVersion":"5.10.2.16-Uptycs-Protect",
        "upgradeAfterTime":"2024-04-07T14:15:22z"
    }


Please specify the Osquery version to which you want the Uptycs agent to be upgraded to, else it will be upgraded to the latest version which may not be the desired version by you.


    • Related Articles

    • Installing OSQuery using Jamf Pro

      Overview This document outlines the procedure on how to install the Uptycs osquery agent on macOS using Jamf. If you are already familiar with Jamf, please use the attached UptycsOsquery.plist and UptycsOsquery.mobileconfig files to setup Uptycs ...

    • Osquery Flag configuration to use HTTP Proxy in Windows assets

      Per default configuration,osquery in a windows asset checks, if it can reach to uptycs cloud; before doing an Enrollment request. If it is able to connect, it will continue without using any proxy. If above connection attempt fails, 1) Then osquery ...

    • Installing Uptycs osquery on Kubernetes

      Copy the your YAML manifest file (uptycs_osq_daemonset_<customer>.yaml) to the kubernetes client machine (a machine with the command: kubectl).   1. Create the daemon set using following command:    kubectl create -f ...

    • Steps to manually install / uninstall osquery on an Ubuntu system

      Overview This document outlines the procedure on how to install / uninstall osquery on an Ubuntu system Procedure Installation sudo dpkg -i osquery-<version>-Uptycs.deb Uninstall sudo service  osqueryd stop sudo apt-get remove osquery # Cleanup ...

    • Osquery and other Antimalware and AV products

      As a general recommendation, it is a best practice to follow the below exclusions from monitoring by AV and antimalware products : Windows - Exclude osquery folder : " C:\Program Files\Uptycs\osquery " Linux - Exclude osqueryd path : " ...