wennan.he
09/30/2022, 5:48 PMKathy Satterlee
09/30/2022, 6:00 PMwennan.he
09/30/2022, 6:29 PMKathy Satterlee
09/30/2022, 6:34 PMwennan.he
09/30/2022, 6:36 PMKathy Satterlee
09/30/2022, 6:36 PMwennan.he
09/30/2022, 11:10 PMKathy Satterlee
10/01/2022, 12:20 AMwennan.he
10/01/2022, 12:26 AMKathy Satterlee
10/01/2022, 12:30 AMwennan.he
10/01/2022, 12:30 AMSarah Gillespie
10/03/2022, 2:36 PMhosts
list returned by /targets
API that may not be readily apparent:
• hosts
list is truncated at 10 hosts; in order to target other individual hosts, the search can be narrowed hostname, uuid, hardware serial, or primary ip (similar to the search box on the /hosts
page) or it may be more efficient to create a label that encompasses the hosts you wish to target.
• hosts
list returned excludes host ids that are already selected according to the request payload (labels
or teams
or hosts
)so the targets api didn’t return all the hosts in scope. but only ones with packs running. why?I’m not clear from the details provided so far on what exactly you are expecting to see in terms of hosts in scope vs. what you are actually seeing so if you could elaborate on that it might help me to better understand the issue your grappling with. In this case (based on my current understanding), I would expect that the list of hosts in the response includes no more than 10 individual hosts. I’m not sure what you mean by “ones with packs running”. The list should not be dependent on whether a pack is running but there are other limitations that apply (as noted above) that could explain what you are seeing.
wennan.he
10/03/2022, 8:40 PMhttps://osquery.slack.com/files/U042N4N1F8S/F044GKNKUKY/image.pngâ–ľ
Sarah Gillespie
10/03/2022, 8:43 PMwennan.he
10/03/2022, 8:44 PMSarah Gillespie
10/03/2022, 8:45 PMwennan.he
10/03/2022, 8:46 PMSarah Gillespie
10/03/2022, 8:47 PMwennan.he
10/03/2022, 8:59 PMSarah Gillespie
10/03/2022, 9:01 PMwennan.he
10/03/2022, 9:09 PMSarah Gillespie
10/03/2022, 9:11 PMwennan.he
10/03/2022, 9:12 PMSarah Gillespie
10/03/2022, 9:18 PMwennan.he
10/03/2022, 9:21 PMSarah Gillespie
10/03/2022, 9:25 PMtargets
request in the console and share the headers, payload, and preview.wennan.he
10/03/2022, 9:48 PMSarah Gillespie
10/03/2022, 9:49 PMwennan.he
10/03/2022, 10:05 PMSarah Gillespie
10/03/2022, 10:06 PMwennan.he
10/03/2022, 10:09 PMRachel Perkins
10/05/2022, 3:32 PM