Hey team - new to fleet 👋 we are seeing data sent from osqueryd process to fleet server even though no packs have been scheduled. we turned off policies, vuln etc. what would be the best way to look at what / why data is being transferred? we are on fleet 4.22.1

Hey @Lalith! Host details also update periodically. What kind of traffic are you seeing?

can we adjust those settings? Im just running a

nettop -p osqueryd

command and monitoring the bytes out which is in Mib.

There are a few different intervals that affect how often hosts check in: https://fleetdm.com/docs/deploying/configuration#osquery-detail-update-interval That’s how often Fleet queues up detail queries Then there’s the label update interval: https://fleetdm.com/docs/deploying/configuration#osquery-label-update-interval The largest traffic you’ll see is for the distributed interval in osquery… that’s how often hosts check in for new queries (and likely the majority of the traffic you’re seeing): https://fleetdm.com/docs/using-fleet/configuration-files#agent-options-config