Remove Windows OS osquery queries that Fleet no longer uses for host vitals

mostlikelee commented 8 months ago

Goal

User story
As a Fleet contributor working on vulnerability processing features,
I want to remove osquery queries we used to run but no longer use
so that Fleet isn't running unnecessary queries on Windows hosts.

Context

Requestor(s): @mostlikelee
The original implementation of Windows OS Vulnerability scanning (~2yrs ago) included a detail query on Windows hosts to gather installed patches (aka KBs) which was used to query against the MSRC data to see if a patch was installed that remediated a vulnerability. Microsoft has negated the need for this in recent releases, so that mechanism is no longer needed.
Microsoft has negated the need for this in recent releases, so that mechanism is no longer needed.
This work will reduce load on Fleet server and the database because we no longer need to write this data (possibly 100s of entries per windows host).

Changes

Product

None.

Engineering

[ ] Database changes:
- Remove datastore methods used to write to the windows_updates table
- Drop the windows_updates tabled to query against the MSRC data to see if a patch was installed that remediated a vulnerability.
[ ] Detail query changes: Remove the detail query and ingestion function for windowsUpdateHistory

ℹ️ Please read this issue carefully and understand it. Pay special attention to UI wireframes, especially "dev notes".

QA

Risk assessment

Requires load testing: TODO
Risk level: Low / High TODO
Risk description: TODO

Manual testing steps

Step 1
Step 2
Step 3

Testing notes

Confirmation

[ ] Engineer (@____): Added comment to user story confirming successful completion of QA.
[ ] QA (@____): Added comment to user story confirming successful completion of QA.

noahtalerman commented 7 months ago

Hey @sharon-fdm and @mostlikelee heads up, looks this subtask made it onto the drafting board by accident.

I removed the product label to take it off the board.

noahtalerman commented 6 months ago

Hey @mostlikelee and @sharon-fdm heads up, I updated this issue to use the user story format.

Tim, I moved your original issue description to the "Context" and "Changes" section.

noahtalerman commented 5 months ago

Looks like there are no product changes associated w/ this story.

Pulling this one off feature fest and adding the ~engineering-initiated label so that the architecture DRI (@lukeheath) reviews the story and decided whether to prioritize.

lukeheath commented 5 months ago

@sharon-fdm I am prioritizing this story for estimation.

sharon-fdm commented 5 months ago

After looking at this, we think it's a bug. We should not waste resources for unused queries.

fleetdm / fleet