Create a check type

  • Release version: Australia
  • Updated March 12, 2026
  • 1 minute to read

    • Create a check type to execute the osquery command on the Agent.

    Before you begin

    Role required: agent_client_collector_integration or agent_client_collector_admin

    Procedure

    1. In an Event Management instance, enter sn_agent_check_type.list into the navigation bar.
      The Check Types page appears.
    2. Click New.
      The Check Type - New Record page appears.
    3. In the Name field, enter osquery.
    4. In the Instance Script field, enter the following script: 
      for (var index = 0; index < checkResults.length; index++) { 
var check = checkResults[index].check; 
gs.info('result ' +  
index + ': requestId: ' +  
check.requestId + ' agent_name: ' +  
checkResults[index].agent_id +  
' ci_id: ' + check.ci_id +  
' status: ' + check.status +  
' output: ' + check.output); 

}
      You can modify this script, as needed, but this initial script helps you to verify that your setup was successful.
    5. Click Submit.