Hello, why is it that my online query on Fleet UI ...
# fleetd
demonbhao
02/04/2021, 2:09 AMHello, why is it that my online query on Fleet UI is not the same as my differential query?I ran a query on Fleet UI every half an hour and found no change, while using a differential query generated logs every half an hour
z
zwass
02/04/2021, 2:19 AM
Is it definitely a differential query? If you are getting the same log every time the query runs maybe it is set for
snapshot: trued
demonbhao
02/04/2021, 2:22 AMHello, I set the difference query
demonbhao
02/04/2021, 2:23 AMAll the query statements are differential queries, because I want to use osquery for intrusion detection.So it is every half an hour to check the host for abnormal processes and ports and so on
z
zwass
02/04/2021, 2:25 AM
This is the
General indicatorsd
demonbhao
02/04/2021, 3:53 AMYes, that's the overall metric we're looking at
z
zwass
02/04/2021, 5:11 PM
Can you run
--verbose --tls_dump"snapshot": trued
demonbhao
02/05/2021, 3:30 AMOK, I will save the result and reply to you
demonbhao
02/05/2021, 12:09 PMHello, this is my result
3 Views