https://github.com/osquery/osquery logo
Powered by
c

clong

07/28/2021, 5:50 PM
also, if it has already logged it once, you may need to add 
snapshot: true
under description
r

rdrdrdrd

07/29/2021, 2:33 PM
Hi @clong Like this:
Copy code
"listening_ports": {
        "query": "select * from listening_ports where port=3389;",
        "interval": 1,
        "description": "Check whether RDP is enabled or not on port 3389."
		"snapshot": "true"
     }
What does snapshot:true does?
Will it add new entry every second? btw 1 is only for testing, I will keep 1800 in future.
c

clong

07/29/2021, 4:01 PM
4 Views
Powered by