Hello, I am a newbie here and playing with the free version of fleet. I need to add a ‘compliance pack’ that has few queries and run them continuously. I tried to find a how-to guide on how to do this but didn’t find one. Can anyone point me to any helpful document? Thank you.

Hi Abu! Does it matter what the queries are checking? If not, you can try these https://github.com/fleetdm/fleet/blob/72b5bfc6349402819cbdf70e82984b6ff5951d0f/tools/osquery-testing/queries.txt as example queries.

@Mason Buettner Thanks for responding. I've created few queries that I wanted to run. My questions are: (1) Should I add them via 'Add Policy' on the Fleet UI ? (2) How do I run them continuously? (3) How can I see them listed under Policies for each Host?

@Abu Sadeq policies and queries aren't designed to do the same thing. Policies need to be true/false, queries can return any data from the table they target. Please see these articles for further information about policies and some examples of how they're written: https://fleetdm.com/policies https://fleetdm.com/policies. If you'd like your queries to run on a schedule, you can go to Queries > Add query > Save in your Fleet dashboard. You can then set the query to run on a schedule, and you can view the results for previous runs of the query in that Queries page.

Thank you @Mason Buettner! When these queries run, do the data get saved in the Fleet database or on the server as logs?

That depends on how you've got things set up. By default, current versions of Fleet do cache the most recent results of scheduled queries in the database. You can also forward the logs to the configured logging plugin using query automations

Thank you @Kathy Satterlee