Channels
android_tests
apple-silicon
arm-architecture
auditing-warroom
aws
carving
code-review
community-feeds
core
darkbytes
doorman
ebpf
eclecticiq-polylogyx-extension
extensions
file-carving
fim
fleet
fleet-dev
fleetosquery
foundation
fuzzing
general
golang
goquery
infrastructure
jobs
kolide
linen-dev
linux
macos
officehours
osctrl
plugins
process-auditing
querycon
queryhub
random
selfgroup
sql
tls
uptycs
vendor-feeds
website
windows
zeek
zentral
zercurity
Title
c
clong
07/28/2021, 5:50 PMalso, if it has already logged it once, you may need to add
snapshot: truer
rdrdrdrd
07/29/2021, 2:33 PMHi @clong
Like this:
"listening_ports": {
"query": "select * from listening_ports where port=3389;",
"interval": 1,
"description": "Check whether RDP is enabled or not on port 3389."
"snapshot": "true"
}Will it add new entry every second? btw 1 is only for testing, I will keep 1800 in future.
c
clong
07/29/2021, 4:01 PM