Osquery uses basic SQL commands to leverage a relational data-model to describe a device.

osquery

is there a why we can pull only new detected vulns from fleet API ?

in UI it shows detected 1 day/2 days before but in API i dont see any options to see if the vulns were dected in last 24 or 48 hours or exact timeline of detection

Hey <@U02MSR4801Y>!
Believe _some_ of what you're looking for is behind a Fleet Premium additional "add-on".
There is a <https://github.com/fleetdm/fleet/issues/17925|Feature Request >that will give a _history_ of vulnerabilities.
I might not completely understand the ask but, I might make a script or automation that hits the <https://fleetdm.com/docs/rest-api/rest-api#list-vulnerabilities|List Vulnerabilities> endpoint on a given cadence. Then we could log those results to get a history of data/vulns.