Hello why is it that my online query on Fleet UI is not the

Question

Hello why is it that my online query on Fleet UI is not the same as my differential query I ran a query on Fleet UI every half an hour and found no change while using a differential query generated logs every half an hour

zwass · Answer

Is it definitely a differential query If you are getting the same log every time the query runs maybe it is set for `snapshot true`

demonbhao · Answer

Hello I set the difference query

demonbhao · Answer

All the query statements are differential queries because I want to use osquery for intrusion detection So it is every half an hour to check the host for abnormal processes and ports and so on

zwass · Answer

This is the `General indicators` pack we are looking at

demonbhao · Answer

Yes that s the overall metric we re looking at

zwass · Answer

Can you run ` verbose tls dump` on the host and double check that Fleet is not sending ` snapshot true` for that query

demonbhao · Answer

OK I will save the result and reply to you

demonbhao · Answer

Hello this is my result