search

fleetdm / fleet

Open-source platform for IT, security, and infrastructure teams. (Linux, macOS, Chrome, Windows, cloud, data center)
https://fleetdm.com
Other
2.92k stars 409 forks source link

Detect issue with osquery by comparing timestamps #3470

Open chiiph opened 2 years ago

chiiph commented 2 years ago

By comparing seen time with detail updated at we can detect when an osquery's watcher might be killing the label/policy queries or other issues.

If a host is online, and the detail updated at < seen time - 2hrs, then there's an issue with the host and we should show a warning.

This came up in the backend meeting based on issues we've seen with some customers.

lukeheath commented 2 years ago

@noahtalerman What should the warning look like that we display? Where should it be displayed?

noahtalerman commented 2 years ago

I'd like to draft the UI changes before bringing this issue to engineering estimation.

Thus, I'm brining this issue into the product board on GitHub.