I’m having some trouble trying to determine the best path forward for client collection. We are trying to find the right settings to allow us to:
• Update end user computers with new ad hoc queries and new scheduled query packs
• Reduce network overhead for remote clients connecting to our TLS logging endpoint (Kolide)
• Allow for on-the-fly configuration changes such as to auto_table_construction
Can I get a little help understanding when things like pack_refresh_interval apply (and are ad hoc queries considered a “pack”?), distributed_interval, and config_refresh apply to the above goals?