Hi, @jimmy! I see you've been chatting with @seph about this a little over in general. I'll see if I can get you some more clarification. Are you also using Fleet?
It looks like there isn't a way to load all of those rules dynamically, we'd recommend using an automation tool like Puppet to deploy the updated configuration to your osquery agents.
08/01/2022, 5:39 PM
Hey Jimmy we're going through something similar at the moment. What we've found is that you can set the config_plugin to tls and have configure Fleet to host the configs and just update the sig urls there
08/01/2022, 5:50 PM
Thanks for including that! I didn't want to assume Fleet was involved 🙂
08/01/2022, 8:46 PM
Hey @Keith Swagler I'm a bit curious about your solution, are you using the
Global agent options
config on Fleet to do this?
08/02/2022, 3:12 PM
I'm using fleet 3.5.1, does it possible also at that version?
08/02/2022, 7:04 PM
Hey @Saulo Guilhermino yea we are. though you probably will have to use overrides for each platform
@jimmy that's a pretty old version, and updating is pretty painless.
08/02/2022, 7:09 PM
Interesting, thanks @Keith Swagler! If it's not too much to ask, could you post part of your config so we can have a reference?