https://github.com/osquery/osquery logo
Powered by
#fleet
Title
# fleet
k

Kathy Satterlee

05/23/2023, 7:20 PM
I noticed a similar error when I had an extra ‘/’ in the request URL. Can you view the request url and body as they are being sent from your platform?
r

Rajesh Kumar

05/23/2023, 7:22 PM
Screenshot 2023-05-23 at 3.21.14 PM.png
Has anyone tried doing live query over rest API? I would be curious to see any tested version request - response.
k

Kathy Satterlee

05/23/2023, 7:38 PM
image.png
Response:
Copy code
{
  "summary": {
    "targeted_host_count": 1,
    "responded_host_count": 1
  },
  "live_query_results": [
    {
      "query_id": 778,
      "results": [
        {
          "host_id": 78,
          "rows": [
            {
              "action": "add",
              "datetime": "2023-05-19 03:45:36",
              "path": "",
              "vendor": "Apple"
            },
            {
              "action": "add",
              "datetime": "2023-05-19 03:45:36",
              "path": "",
              "vendor": "Apple"
            },
            {
              "action": "add",
              "datetime": "2023-05-19 03:45:36",
              "path": "",
              "vendor": "Apple"
            },
            {
              "action": "remove",
              "datetime": "2023-05-19 03:45:46",
              "path": "",
              "vendor": "Apple"
            },
            {
              "action": "remove",
              "datetime": "2023-05-19 03:45:46",
              "path": "",
              "vendor": "Apple"
            },
            {
              "action": "remove",
              "datetime": "2023-05-19 03:45:46",
              "path": "",
              "vendor": "Apple"
            }
          ],
          "error": null
        }
      ]
    }
  ]
}
What version of Fleet are you running?
r

Rajesh Kumar

05/23/2023, 7:41 PM
Fleet 4.31.0
k

Kathy Satterlee

05/23/2023, 9:04 PM
Perfect. Just wanted to make sure. It sounds like something is going awry with the request body. Is anything showing up in the Fleet logs?
r

Rajesh Kumar

05/23/2023, 9:04 PM
Yes, I tried postman, and even in CLI using curl and it works on postman and terminal but something is going on the request body that it is not accepting and still failing from SOAR. I am still troubleshooting.
k

Kathy Satterlee

05/23/2023, 9:06 PM
How would you feel about hopping on Zoom to see if anything stands out to me?
r

Rajesh Kumar

05/23/2023, 9:07 PM
Sure. I am available.
k

Kathy Satterlee

05/23/2023, 9:07 PM
Give me 2 minutes.
r

Rajesh Kumar

05/23/2023, 10:04 PM
So I resolved the issue. It needed entire request to go in GET request including body parameters. Thanks @Kathy Satterlee for all your help.
k

Kathy Satterlee

05/23/2023, 10:05 PM
I was wondering if Tines was being weird about the request body because it was a GET
r

Rajesh Kumar

05/24/2023, 2:20 PM
Yes it was and what was needed to be done is this -
Powered by