search

fleetdm / fleet

Open-source platform for IT, security, and infrastructure teams. (Linux, macOS, Chrome, Windows, cloud, data center)
https://fleetdm.com
Other
3.12k stars 431 forks source link

Ability to set the policy update interval per policy #16768

Open dherder opened 9 months ago

dherder commented 9 months ago

The FLEET_OSQUERY_POLICY_UPDATE_INTERVAL server config is too rigid and we want to be able to set the policy update interval on a per policy basis. This should be application config controllable.

Problem

In a device health use case, as an IT admin, I want to set certain policies to be evaluated on a frequent basis (every minute) while the majority of policies I may want to check daily or even weekly. The current FLEET_OSQUERY_POLICY_UPDATE_INTERVAL does not allow me to do this and if I'm in a Fleet hosted environment, I can't do it at all.

Potential solutions

noahtalerman commented 9 months ago

Hey @dherder when's the next call w/ customer-pingali?

I want to better understand how this request in the context of their device health flow before we do any design work on this.

dherder commented 9 months ago

@noahtalerman sounds good, I will bring to product office hours

noahtalerman commented 8 months ago

From Product Office hours:

The customer wants to build an application usage checker for workstations: if an app is using above a certain memory or CPU threshold

Are policies the right feature for this? Maybe we can address this w/ scheduled queries + webhooks?