Updated query logging (#30077)

- Updated query logging by reducing the amount of data being sent to the webhook destination temporarily.
2026-05-22 16:39:01 +00:00 · 2025-06-16 22:05:38 -05:00 · 2025-06-16 22:05:38 -05:00 · f53aeab322
commit f53aeab322
parent 3ca1f66350
5 changed files with 6 additions and 6 deletions
--- a/it-and-security/lib/all/queries/collect-known-vulnerable-chrome-extensions.yml
+++ b/it-and-security/lib/all/queries/collect-known-vulnerable-chrome-extensions.yml
@ -10,6 +10,6 @@
      ("nnpnnpemnckcfdebeekibpiijlicmpom", "kkodiihpgodmdankclfibbiphjkfdenh", "oaikpkmjciadfpddlpjjdapglcihgdle", "dpggmcodlahmljkhlmpgpdcffdaoccni", "acmfnomgphggonodopogfbmkneepfgnh", "mnhffkhmpnefgklngfmlndmkimimbphc", "cedgndijpacnfbdggppddacngjfdkaca", "bbdnohkpnbkdkmnkddobeafboooinpla", "egmennebgadmncfjafcemlecimkepcle", "bibjgkidgpfbblifamdlkdlhgihmfohh", "befflofjcniongenjmbkgkoljhgliihe", "pkgciiiancapdlpcbppfkmeaieppikkk", "llimhhconnjiflfimocjggfjdlmlhblm", "oeiomhmbaapihbilkfkhmlajkeegnjhe", "pajkjnmeojmbapicmbpliphjmcekeaac", "ndlbedplllcgconngcnfmkadhokfaaln", "epdjhgbipjpbbhoccdeipghoihibnfja", "cplhlgabfijoiabgkigdafklbhhdkahj", "jiofmdifioeejeilfkpegipdjiopiekl", "hihblcmlaaademjlakdpicchbjnnnkbo", "ekpkdmohpdnebfedjjfklhpefgpgaaji", "epikoohpebngmakjinphfiagogjcnddm", "miglaibdlgminlepgeifekifakochlka", "eanofdhdfbcalhflpbdipkjjkoimeeod", "ogbhbgkiojdollpjbhbamafmedkeockb", "bgejafhieobnfpjlpcjjggoboebonfcg", "igbodamhgjohafcenbcljfegbipdfjpk", "mbindhfolmpijhodmgkloeeppmkhpmhc", "hodiladlefdpcbemnbbcpclbmknkiaem", "lbneaaedflankmgmfbmaplggbmjjmbae", "eaijffijbobmnonfhilihbejadplhddo", "hmiaoahjllhfgebflooeeefeiafpkfde");
  interval: 3600 # Every 1 hour
  observer_can_run: true
-  automations_enabled: true
+  automations_enabled: false
  logging: differential
  platform: darwin,linux,windows
--- a/it-and-security/lib/all/queries/collect-operating-system-information.yml
+++ b/it-and-security/lib/all/queries/collect-operating-system-information.yml
@ -1,8 +1,8 @@
 - name: Collect operating system information
  description: "Collects operating system information from all devices enrolled in Fleet"
  query: SELECT * FROM os_version;
-  interval: 3600 # Every 1 hour
+  interval: 86400 # Every 1 day
  observer_can_run: true
  automations_enabled: true
-  logging: snapshot
+  logging: differential
  platform: darwin,linux,windows
--- a/it-and-security/lib/macos/queries/collect-santa-denied-logs.yml
+++ b/it-and-security/lib/macos/queries/collect-santa-denied-logs.yml
@ -3,7 +3,7 @@
  description: Collects all Santa denied logs from macOS hosts.
  discard_data: false
  interval: 300
-  logging: snapshot
+  logging: differential
  observer_can_run: true
  platform: "darwin"
  query: SELECT * FROM santa_denied;
--- a/it-and-security/lib/macos/queries/detect-apns-certificate.yml
+++ b/it-and-security/lib/macos/queries/detect-apns-certificate.yml
@ -1,5 +1,5 @@
 - name: Detect APNs certificate by topic
-  automations_enabled: true
+  automations_enabled: false
  description: Detects macOS devices that are enrolled using an invalid APNs certificate.
  discard_data: false
  interval: 300
--- a/it-and-security/lib/macos/queries/detect-apple-intelligence.yml
+++ b/it-and-security/lib/macos/queries/detect-apple-intelligence.yml
@ -1,5 +1,5 @@
 - name: Detect if Apple Intelligence is enabled
-  automations_enabled: true
+  automations_enabled: false
  description: Detects if Apple Intelligence has been enabled.
  discard_data: false
  interval: 300