Hey. I'm running FleetDM self-hosted. From what I understand in the documentation, it says

POST /api/v1/fleet/automations/reset

does the following: > Resets automation status for all hosts failing the specified policies. On the next automation run, any failing host will be considered newly failing. However, my policy automation (webhook to a custom endpoint) is rarely triggered. Additionally, I set

policy_update_interval

(to 5m) and

detail_update_interval

(to 4m) via

fleet serve -c server.yml

. The hosts do seem to update within that specified time and if I click on the failed hosts count I see the new host (although the fail count still shows the old value in the dashboard). However, despite all of this, there is still no policy automation triggered (it's seemingly random and not consistent).

Hi @elijah (osquery)! Which automation are you using?

It's a webhook to a custom endpoint.

How long has it been since you reset the automation status? The webhook automations trigger once every 24 hours, so you won't see an instant run as soon as a host is failing the automation. You can trigger them manually to test with fleetctl:fleetctl trigger --name automations

*As soon as a host is failing the policy

Is that 24 hour period documented somewhere? Is it configurable?

It is documented here. While the interval isn't configurable, you could set up a cron job to trigger the automation using that

fleetctl

command on whatever cadence would work best for you. If you'd like to submit a Feature Request to make that interval controllable in Fleet and share it with me, I'd be happy to help get it in front of the team for you!

Thank you!