diff --git a/changes/add-osquery-in-a-box-branch-flag-to-fleetctl b/changes/add-osquery-in-a-box-branch-flag-to-fleetctl
new file mode 100644
index 0000000000..60f77d9d2f
--- /dev/null
+++ b/changes/add-osquery-in-a-box-branch-flag-to-fleetctl
@@ -0,0 +1 @@
+* Add the `preview-config` flag to `fleetctl preview`, default to the `production` branch.
diff --git a/cmd/fleetctl/preview.go b/cmd/fleetctl/preview.go
index 88aba243cb..a19490318d 100644
--- a/cmd/fleetctl/preview.go
+++ b/cmd/fleetctl/preview.go
@@ -21,10 +21,11 @@ import (
 )
 
 const (
-	downloadUrl             = "https://github.com/fleetdm/osquery-in-a-box/archive/master.zip"
+	downloadUrl             = "https://github.com/fleetdm/osquery-in-a-box/archive/%s.zip"
 	standardQueryLibraryUrl = "https://raw.githubusercontent.com/fleetdm/fleet/main/docs/01-Using-Fleet/standard-query-library/standard-query-library.yml"
 	licenseKeyFlagName      = "license-key"
 	tagFlagName             = "tag"
+	previewConfigFlagName   = "preview-config"
 )
 
 func previewCommand() *cli.Command {
@@ -51,6 +52,11 @@ Use the stop and reset subcommands to manage the server and dependencies once st
 				Usage: "Run a specific version of Fleet",
 				Value: "latest",
 			},
+			&cli.StringFlag{
+				Name:  previewConfigFlagName,
+				Usage: "Run a specific branch of the preview repository",
+				Value: "production",
+			},
 		},
 		Action: func(c *cli.Context) error {
 			if err := checkDocker(); err != nil {
@@ -59,8 +65,9 @@ Use the stop and reset subcommands to manage the server and dependencies once st
 
 			// Download files every time to ensure the user gets the most up to date versions
 			previewDir := previewDirectory()
-			fmt.Printf("Downloading dependencies into %s...\n", previewDir)
-			if err := downloadFiles(); err != nil {
+			osqueryBranch := c.String(previewConfigFlagName)
+			fmt.Printf("Downloading dependencies from %s into %s...\n", osqueryBranch, previewDir)
+			if err := downloadFiles(osqueryBranch); err != nil {
 				return errors.Wrap(err, "Error downloading dependencies")
 			}
 
@@ -77,6 +84,9 @@ Use the stop and reset subcommands to manage the server and dependencies once st
 			if err := os.Chmod(filepath.Join(previewDir, "logs"), 0777); err != nil {
 				return errors.Wrap(err, "make logs writable")
 			}
+			if err := os.Chmod(filepath.Join(previewDir, "vulndb"), 0777); err != nil {
+				return errors.Wrap(err, "make vulndb writable")
+			}
 
 			if err := os.Setenv("FLEET_VERSION", c.String(tagFlagName)); err != nil {
 				return errors.Wrap(err, "failed to set Fleet version")
@@ -198,10 +208,12 @@ Use the stop and reset subcommands to manage the server and dependencies once st
 				return errors.Wrap(err, "failed to apply standard query library")
 			}
 
+			// disable anonymous analytics collection and enable software inventory for preview
 			if err := client.ApplyAppConfig(map[string]map[string]bool{
-				"host_settings": {"enable_software_inventory": true},
+				"host_settings":   {"enable_software_inventory": true},
+				"server_settings": {"enable_analytics": false},
 			}); err != nil {
-				return errors.Wrap(err, "failed to enable software inventory app config")
+				return errors.Wrap(err, "failed to apply updated app config")
 			}
 
 			secrets, err := client.GetEnrollSecretSpec()
@@ -213,13 +225,6 @@ Use the stop and reset subcommands to manage the server and dependencies once st
 				return errors.New("Expected 1 active enroll secret")
 			}
 
-			// disable anonymous analytics collection for preview
-			if err := client.ApplyAppConfig(map[string]map[string]bool{
-				"server_settings": {"enable_analytics": false}},
-			); err != nil {
-				return errors.Wrap(err, "Error disabling anonymous analytics collection in app config")
-			}
-
 			fmt.Println("Starting simulated hosts...")
 			cmd = exec.Command("docker-compose", "up", "-d", "--remove-orphans")
 			cmd.Dir = filepath.Join(previewDir, "osquery")
@@ -254,8 +259,8 @@ func previewDirectory() string {
 	return filepath.Join(homeDir, ".fleet", "preview")
 }
 
-func downloadFiles() error {
-	resp, err := http.Get(downloadUrl)
+func downloadFiles(branch string) error {
+	resp, err := http.Get(fmt.Sprintf(downloadUrl, branch))
 	if err != nil {
 		return err
 	}
@@ -276,7 +281,7 @@ func downloadFiles() error {
 	}
 	// zip.NewReader does not need to be closed (and cannot be)
 
-	if err := unzip(zipReader); err != nil {
+	if err := unzip(zipReader, branch); err != nil {
 		return errors.Wrap(err, "unzip download contents")
 	}
 
@@ -299,11 +304,12 @@ func downloadStandardQueryLibrary() ([]byte, error) {
 }
 
 // Adapted from https://stackoverflow.com/a/24792688/491710
-func unzip(r *zip.Reader) error {
+func unzip(r *zip.Reader, branch string) error {
 	previewDir := previewDirectory()
 
 	// Closure to address file descriptors issue with all the deferred .Close()
 	// methods
+	replacePath := fmt.Sprintf("osquery-in-a-box-%s", branch)
 	extractAndWriteFile := func(f *zip.File) error {
 		rc, err := f.Open()
 		if err != nil {
@@ -312,7 +318,7 @@ func unzip(r *zip.Reader) error {
 		defer rc.Close()
 
 		path := f.Name
-		path = strings.Replace(path, "osquery-in-a-box-master", previewDir, 1)
+		path = strings.Replace(path, replacePath, previewDir, 1)
 
 		// We don't need to check for directory traversal as we are already
 		// trusting the validity of this ZIP file.