Osquery scheduled queries¶
Create scheduled query¶
New scheduled queries can be created using the Create Scheduled Query button. Which will display the following popup dialogue.
Note
That the interval time in seconds is how many seconds the daemon itself has been running before the scheduled query will be executed. If the system is suspended or put to sleep the progression of time “freezes” and resumes when the system comes back online. For example a scheduled query with an interval of 84600, or 24 hours, running on a laptop system could take a few days before the query executes if the system is suspended at night
The scheduled query shown below will return a list of all the running process on each asset every 5 minutes or 300 seconds.
