Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fleet should show queries as denylisted on the host details page #24208

Open
lucasmrod opened this issue Nov 27, 2024 · 0 comments
Open

Fleet should show queries as denylisted on the host details page #24208

lucasmrod opened this issue Nov 27, 2024 · 0 comments
Labels
#g-endpoint-ops Endpoint ops product group :product Product Design department (shows up on 🦢 Drafting board)

Comments

@lucasmrod
Copy link
Member

Problem

A prospect wasn't getting results for scheduled queries and we didn't know why (#23465).
We found out during troubleshooting (on the device) that one of the scheduled queries was denylisted and was causing osquery to crash and not send results (watchdog was also turned off).

Potential solutions

Fleet currently has a denylisted field in its DB and we are currently not using it.

Fleet should surface on the host details page when a scheduled query is denylisted, something like this:
Screenshot 2024-11-27 at 10 42 40 AM

PS: So we just need a few code changes on backend and frontend, but no migration is needed.
@lucasmrod lucasmrod added :product Product Design department (shows up on 🦢 Drafting board) #g-endpoint-ops Endpoint ops product group labels Nov 27, 2024
@lucasmrod lucasmrod mentioned this issue Nov 27, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
#g-endpoint-ops Endpoint ops product group :product Product Design department (shows up on 🦢 Drafting board)
Milestone
No milestone
Development

No branches or pull requests
1 participant
@lucasmrod