Does anyone know offhand when using osquery in tls...
# tlsc
cdown512
02/25/2021, 6:04 PMDoes anyone know offhand when using osquery in tls refresh mode for the config profile, if there is a valid profile downloaded and a schedule of queries handed off to the scheduler, then comms to the tls config endpoint serving the profile are interupted for subsequent refreshes, does the Scheduler continue running the last successfully refreshed schedule of queries?
z
zwass
02/25/2021, 6:16 PM
Yes it does.
c
cdown512
02/25/2021, 6:22 PMThanks.
cdown512
02/25/2021, 10:37 PMwhat if communication is in place, but the endpoint serving the configuration profile returns a 500?
z
zwass
02/25/2021, 10:44 PM
I would expect it to continue using the old config. If it doesn't that's a bug IMO.
c
cdown512
02/25/2021, 11:01 PMagreed. gonna do some more digging and try to reproduce, but seeing some odd behavior. I severed comms to the tls endpoint completely but osquery is continuing to run the previously downloaded schedule just fine. so it seems like something with getting a connection but unexpected response. old version of osquery I’m using, so also possible if it is a bug, it’s been addressed. thanks @zwass
z
zwass
02/25/2021, 11:41 PM
Yeah trying it on osquery stable makes sense.
4 Views