Hi everyone, I'm looking for help regarding the Schedule feature of the latest (v4.23.0) FleetDM server. Using "Schedule -> Advanced", I can navigate to a list of packs, all of which (I installed some) are currently enabled. Does this mean that they are already executed regularly? But on which hosts, and how often? If I use the basic "Schedule" feature, I can only pick single queries for scheduling, but not whole packs. How can I execute a pack anyway? Thank you for any help that you can provide.

Hi Jörg! So advanced features under schedules is our old "Packs" which you need to select pack targets and schedule the queries individually. If a pack is enabled, the pack will run for all selected pack targets but each query in that pack can be run automatically on its own interval. Feel free to click into an enabled pack and customize as such. We built schedules and made that the primary feature over packs to make everything more turn key since most users want to schedule queries for all hosts or a particular teams instead of on specific hosts and other detailed customization ☀️

Hi Rachel, thank you for your elaborate answer. Just a follow-up question: does that mean that packs are (for loss of a better word) deprecated? If so, will there be a way to manage Schedules via fleetctl and version controlled plaintext (JSON/YAML/...) files?

Hi Jörg, there are no plans to eliminate packs. However, as you might be sensing, packs are not a priority for us and we think scheduled queries is more intuitive and user-friendly.

Hi @Mo Zhu, thank you, that's plenty of material to dig through.

Shoot, sorry. So it cannot be done via Fleet right now. This is tracked in https://github.com/fleetdm/fleet/issues/6024. So I think you would need to deploy the scheduled query settings directly to osquery rather than through fleet.