diff --git a/it-and-security/lib/all/queries/collect-known-vulnerable-chrome-extensions.yml b/it-and-security/lib/all/queries/collect-known-vulnerable-chrome-extensions.yml index c501d9bb82..4e6020c59c 100644 --- a/it-and-security/lib/all/queries/collect-known-vulnerable-chrome-extensions.yml +++ b/it-and-security/lib/all/queries/collect-known-vulnerable-chrome-extensions.yml @@ -10,6 +10,6 @@ ("nnpnnpemnckcfdebeekibpiijlicmpom", "kkodiihpgodmdankclfibbiphjkfdenh", "oaikpkmjciadfpddlpjjdapglcihgdle", "dpggmcodlahmljkhlmpgpdcffdaoccni", "acmfnomgphggonodopogfbmkneepfgnh", "mnhffkhmpnefgklngfmlndmkimimbphc", "cedgndijpacnfbdggppddacngjfdkaca", "bbdnohkpnbkdkmnkddobeafboooinpla", "egmennebgadmncfjafcemlecimkepcle", "bibjgkidgpfbblifamdlkdlhgihmfohh", "befflofjcniongenjmbkgkoljhgliihe", "pkgciiiancapdlpcbppfkmeaieppikkk", "llimhhconnjiflfimocjggfjdlmlhblm", "oeiomhmbaapihbilkfkhmlajkeegnjhe", "pajkjnmeojmbapicmbpliphjmcekeaac", "ndlbedplllcgconngcnfmkadhokfaaln", "epdjhgbipjpbbhoccdeipghoihibnfja", "cplhlgabfijoiabgkigdafklbhhdkahj", "jiofmdifioeejeilfkpegipdjiopiekl", "hihblcmlaaademjlakdpicchbjnnnkbo", "ekpkdmohpdnebfedjjfklhpefgpgaaji", "epikoohpebngmakjinphfiagogjcnddm", "miglaibdlgminlepgeifekifakochlka", "eanofdhdfbcalhflpbdipkjjkoimeeod", "ogbhbgkiojdollpjbhbamafmedkeockb", "bgejafhieobnfpjlpcjjggoboebonfcg", "igbodamhgjohafcenbcljfegbipdfjpk", "mbindhfolmpijhodmgkloeeppmkhpmhc", "hodiladlefdpcbemnbbcpclbmknkiaem", "lbneaaedflankmgmfbmaplggbmjjmbae", "eaijffijbobmnonfhilihbejadplhddo", "hmiaoahjllhfgebflooeeefeiafpkfde"); interval: 3600 # Every 1 hour observer_can_run: true - automations_enabled: true + automations_enabled: false logging: differential platform: darwin,linux,windows diff --git a/it-and-security/lib/all/queries/collect-operating-system-information.yml b/it-and-security/lib/all/queries/collect-operating-system-information.yml index e1ca0952d6..c490f8e00d 100644 --- a/it-and-security/lib/all/queries/collect-operating-system-information.yml +++ b/it-and-security/lib/all/queries/collect-operating-system-information.yml @@ -1,8 +1,8 @@ - name: Collect operating system information description: "Collects operating system information from all devices enrolled in Fleet" query: SELECT * FROM os_version; - interval: 3600 # Every 1 hour + interval: 86400 # Every 1 day observer_can_run: true automations_enabled: true - logging: snapshot + logging: differential platform: darwin,linux,windows diff --git a/it-and-security/lib/macos/queries/collect-santa-denied-logs.yml b/it-and-security/lib/macos/queries/collect-santa-denied-logs.yml index dcefc61559..00c5c356a5 100644 --- a/it-and-security/lib/macos/queries/collect-santa-denied-logs.yml +++ b/it-and-security/lib/macos/queries/collect-santa-denied-logs.yml @@ -3,7 +3,7 @@ description: Collects all Santa denied logs from macOS hosts. discard_data: false interval: 300 - logging: snapshot + logging: differential observer_can_run: true platform: "darwin" query: SELECT * FROM santa_denied; diff --git a/it-and-security/lib/macos/queries/detect-apns-certificate.yml b/it-and-security/lib/macos/queries/detect-apns-certificate.yml index 50ad55f909..9f5cfcd960 100644 --- a/it-and-security/lib/macos/queries/detect-apns-certificate.yml +++ b/it-and-security/lib/macos/queries/detect-apns-certificate.yml @@ -1,5 +1,5 @@ - name: Detect APNs certificate by topic - automations_enabled: true + automations_enabled: false description: Detects macOS devices that are enrolled using an invalid APNs certificate. discard_data: false interval: 300 diff --git a/it-and-security/lib/macos/queries/detect-apple-intelligence.yml b/it-and-security/lib/macos/queries/detect-apple-intelligence.yml index 4c86ace1d0..0375ab0222 100644 --- a/it-and-security/lib/macos/queries/detect-apple-intelligence.yml +++ b/it-and-security/lib/macos/queries/detect-apple-intelligence.yml @@ -1,5 +1,5 @@ - name: Detect if Apple Intelligence is enabled - automations_enabled: true + automations_enabled: false description: Detects if Apple Intelligence has been enabled. discard_data: false interval: 300