Osquery uses basic SQL commands to leverage a relational data-model to describe a device.

osquery

I think there was a bug when vuln processing isn't configured. Try setting <https://fleetdm.com/docs/deploying/configuration#databases-path|https://fleetdm.com/docs/deploying/configuration#databases-path>

<@U028H7VT5P0> thank you! i will give that a try and let you know if that worked

<@U028H7VT5P0> I think you are right about the bug. i used fleetctl to pull the config and the vuln DB path is an empty string. in the terraform script (we borrowed the dogfood terraform from github to test fleet) the path is set

<@U028H7VT5P0> so we upgraded and still had the path set and nothing showed up for software. for the databases_path like you mentioned above, is that a path to just any directory in the filesystem? or is that a path to the actual DB? we are using AWS RDS for our DB and fleet is containerized in fargate

If you set `FLEET_VULNERABILITIES_DATABASES_PATH` that is the path in which fleet will use to download the CVE database we end up using for vuln processsing.

I would make sure you are seeing in the logs "vuln processing" which confirms that things are configured correctly, and that the background CRON job is actually running on the server.

The only other time I have seen vuln data not show up when everything was configured properly is when the fleet backend was running out of resources during the processing window. We recommend dedicating 2GB to the fleet backend responsible for cron processing (which by default is random, i.e fleet elects an instance at random).