Osquery uses basic SQL commands to leverage a relational data-model to describe a device.

osquery

also, if it has already logged it once, you may need to add `snapshot: true` under description

Hi <@U0JA5UETV>
Like this:
```	 "listening_ports": {
        "query": "select * from listening_ports where port=3389;",
        "interval": 1,
        "description": "Check whether RDP is enabled or not on port 3389."
		"snapshot": "true"
     }```
What does snapshot:true does?

Will it add new entry every second? btw 1 is only for testing, I will keep 1800 in future.

<https://osquery.readthedocs.io/en/stable/deployment/logging/>