+To migrate hosts, we will do the following steps:
-## Migrate automatically enrolled (ADE) hosts
+1. Enroll hosts to Fleet
+2. Assign hosts in Apple Business Manager (ABM) to Fleet
+3. Choose migration workflow and migrate hosts
-> Automatic enrollment is available in Fleet Premium or Ultimate
+### Step 1: enroll hosts to Fleet
-To migrate automatically enrolled hosts, we will do the following steps:
+1. First, enroll your hosts to Fleet by installing Fleet's agent (fleetd). Learn how [here](https://fleetdm.com/guides/enroll-hosts).
+2. Ensure your end users have access to an admin account on their Mac. End users won't be able to migrate on their own if they have a standard account.
-1. Prepare to migrate hosts
-2. Choose migration workflow and migrate hosts
+### Step 2: assign hosts in Apple Business Manager (ABM) to Fleet
-### Step 1: prepare to migrate hosts
+1. In ABM, unassign your hosts from your current MDM solution by selecting **Devices** and then selecting **All Devices**. Then, select **Edit** next to **Edit MDM Server**, select **Unassign from the current MDM**, and select **Continue**.
-1. Connect Fleet to Apple Business Manager (ABM). Learn how [here](https://fleetdm.com/guides/macos-mdm-setup#apple-business-manager-abm).
-2. [Enroll](https://fleetdm.com/guides/enroll-hosts) your hosts to Fleet with [Fleetd and Fleet Desktop](https://fleetdm.com/guides/enroll-hosts#fleet-desktop)
-3. Ensure your end users have access to an admin account on their Mac. End users won't be able to migrate on their own if they have a standard account.
-4. Migrate your hosts to Fleet in ABM:
- 1. In ABM, unassign the existing hosts' MDM server from the old MDM solution: In ABM, select **Devices** and then select **All Devices**. Then, select **Edit** next to **Edit MDM Server**, select **Unassign from the current MDM**, and select **Continue**.
- 2. In ABM, assign these hosts' MDM server to Fleet: In ABM, select **Devices** and then select **All Devices**. Then, select **Edit** next to **Edit MDM Server**, select **Assign to the following MDM:**, select your Fleet server in the dropdown, and select **Continue**.
+2. Assign these hosts to Fleet: select **Devices** and then select **All Devices**. Then, select **Edit** next to **Edit MDM Server**, select **Assign to the following MDM:**, select your Fleet server in the dropdown, and select **Continue**.
-### Step 2: choose migration workflow and migrate hosts
+### Step 3: choose migration workflow and migrate hosts
There are two migration workflows in Fleet: default and end user.
The default migration workflow requires that the IT admin unenrolls hosts from the old MDM solution before the end user can complete migration. This will result in a gap in MDM coverage until the end user completes migration.
-The end user migration workflow allows the end user to kick-off migration by unenrolling from the old MDM solution on their own. Once the user is unenrolled, they're prompted to turn on MDM features in Fleet. This reduces the gap in MDM coverage.
-
-Configuring the end user migration workflow requires a few additional steps.
+The end user migration workflow allows the user to kick off migration by unenrolling from the old MDM solution on their own. Once the user is unenrolled, they're prompted to turn on MDM features in Fleet, reducing the gap in MDM coverage.
#### Default workflow
-1. In your old MDM solution, unenroll the hosts to be migrated. MacOS does not allow multiple MDMs to be installed at once.
-
-2. Send [these guided instructions](#how-to-turn-on-mdm-default) to your end users to complete the final few steps via Fleet Desktop.
- * Note that there will be a gap in MDM coverage between when the host is unenrolled from the old MDM and when the host turns on MDM in Fleet.
+End user experience:
-##### End user experience
-
-1. The end user will receive a "Device Enrollment: <organization> can automatically configure your Mac." system notification within the macOS Notifications Center.
-
-2. After the end user clicks on the system notification, macOS will open the **System Setting > Profiles** and ask the user to "Allow Device Enrollment: <organization> can automatically configure your Mac based on settings provided by your System Administrator."
-
-3. If the end user does not install the profile, the system notification will continue to prompt the end user until the setting has been allowed.
-
-4. Once this setting has been approved, the MDM enrollment profile cannot be removed by the end user.
-
-##### How to turn on MDM (default)
-
-1. Select the Fleet icon in your menu bar and select **My device**.
-
-
+- After a host is unenrolled from your current MDM solution, the end user will be prompted with Apple's **Remote Management** full-screen popup if the host is assigned to Fleet in ABM.
+
+
## Activation Lock
@@ -194,21 +111,9 @@ In 2024, Apple added the ability to manage activation lock in Apple Business Man
If a device is not available in ABM and has Activation Lock enabled, we recommend asking the end user to follow these instructions to disable Activation Lock before migrating the device to Fleet: https://support.apple.com/en-us/HT208987.
-This is because if the Activation Lock is enabled, you will need the Activation Lock bypass code to successfully wipe and reuse the Mac.
+If the Activation Lock is enabled, you will need the Activation Lock bypass code to wipe and reuse the Mac successfully.
However, Activation Lock bypass codes can only be retrieved from the Mac up to 30 days after the device is enrolled. This means that when migrating from your old MDM solution, it’s likely that you’ll be unable to retrieve the Activation Lock bypass code.
-
-### How to turn on disk encryption
-
-1. Select the Fleet icon in your menu bar and select **My device**.
-
-
-
-2. On your **My device** page, follow the disk encryption instructions in the yellow banner.
- - If you don’t see the yellow banner, select the purple **Refetch** button at the top of the page.
- - If you still don't see the yellow banner after a couple minutes or if the **My device** page presents you with an error, please contact your IT administrator.
-
-##### mdm.macos_setup @@ -1811,7 +1831,6 @@ _Available in Fleet Premium._ ```json { "mdm": { - "apple_bm_default_team": "", "windows_enabled_and_configured": false, "enable_disk_encryption": true, "macos_updates": { @@ -4249,7 +4268,7 @@ Resends a configuration profile for the specified host. "last_install": { "install_uuid": "8bbb8ac2-b254-4387-8cba-4d8a0407368b", "installed_at": "2024-05-15T15:23:57Z" - }, + } }, "app_store_app": null "source": "apps", @@ -4270,10 +4289,16 @@ Resends a configuration profile for the specified host. "name": "FalconSensor-6.44.pkg" "self_service": false, "last_install": null + "last_install": null, + "last_uninstall": { + "script_execution_id": "ed579e73-0f41-46c8-aaf4-3c1e5880ed27", + "uninstalled_at": "2024-05-15T15:23:57Z" + } }, "app_store_app": null "source": "", "status": null, + "status": "pending_uninstall", "installed_versions": [], }, { @@ -4554,6 +4579,38 @@ To wipe a macOS, iOS, iPadOS, or Windows host, the host must have MDM turned on. ```json { "activities": [ + { + "created_at": "2023-07-27T14:35:08Z", + "actor_id": 1, + "actor_full_name": "Anna Chao", + "id": 4, + "actor_gravatar": "", + "actor_email": "", + "type": "uninstalled_software", + "details": { + "host_id": 1, + "host_display_name": "Marko’s MacBook Pro", + "software_title": "Adobe Acrobat.app", + "script_execution_id": "ecf22dba-07dc-40a9-b122-5480e948b756", + "status": "failed" + } + }, + { + "created_at": "2023-07-27T14:35:08Z", + "actor_id": 1, + "actor_full_name": "Anna Chao", + "id": 3, + "actor_gravatar": "", + "actor_email": "", + "type": "uninstalled_software", + "details": { + "host_id": 1, + "host_display_name": "Marko’s MacBook Pro", + "software_title": "Adobe Acrobat.app", + "script_execution_id": "ecf22dba-07dc-40a9-b122-5480e948b756", + "status": "uninstalled" + } + }, { "created_at": "2023-07-27T14:35:08Z", "id": 2, @@ -4618,6 +4675,23 @@ To wipe a macOS, iOS, iPadOS, or Windows host, the host must have MDM turned on. { "count": 3, "activities": [ + { + "created_at": "2023-07-27T14:35:08Z", + "actor_id": 1, + "actor_full_name": "Anna Chao", + "uuid": "cc081637-fdf9-4d44-929f-96dfaec00f67", + "actor_gravatar": "", + "actor_email": "", + "type": "uninstalled_software", + "fleet_initiated_activity": false, + "details": { + "host_id": 1, + "host_display_name": "Marko's MacBook Pro", + "software_title": "Adobe Acrobat.app", + "script_execution_id": "ecf22dba-07dc-40a9-b122-5480e948b756", + "status": "pending_uninstall", + } + }, { "created_at": "2023-07-27T14:35:08Z", "uuid": "d6cffa75-b5b5-41ef-9230-15073c8a88cf", @@ -6261,8 +6335,8 @@ This endpoint returns the list of custom MDM commands that have been executed. ## Integrations - [Get Apple Push Notification service (APNs)](#get-apple-push-notification-service-apns) -- [Get Apple Business Manager (ABM)](#get-apple-business-manager-abm) -- [Get Volume Purchasing Program (VPP)](#get-volume-purchasing-program-vpp) +- [List Apple Business Manager (ABM) tokens](#list-apple-business-manager-abm-tokens) +- [List Volume Purchasing Program (VPP) tokens](#list-volume-purchasing-program-vpp-tokens) ### Get Apple Push Notification service (APNs) @@ -6289,11 +6363,11 @@ None. } ``` -### Get Apple Business Manager (ABM) +### List Apple Business Manager (ABM) tokens _Available in Fleet Premium_ -`GET /api/v1/fleet/abm` +`GET /api/v1/fleet/abm_tokens` #### Parameters @@ -6301,20 +6375,82 @@ None. #### Example -`GET /api/v1/fleet/abm` +`GET /api/v1/fleet/abm_tokens` ##### Default response `Status: 200` ```json -{ - "apple_id": "apple@example.com", - "org_name": "Fleet Device Management", - "mdm_server_url": "https://example.com/mdm/apple/mdm", - "renew_date": "2023-11-29T00:00:00Z", - "default_team": "" -} +"abm_tokens": [ + { + "id": 1, + "apple_id": "apple@example.com", + "org_name": "Fleet Device Management Inc.", + "mdm_server_url": "https://example.com/mdm/apple/mdm", + "renew_date": "2023-11-29T00:00:00Z", + "terms_expired": false, + "macos_team": { + "name": "💻 Workstations", + "id" 1 + }, + "ios_team": { + "name": "📱🏢 Company-owned iPhones", + "id": 2 + }, + "ipados_team": { + "name": "🔳🏢 Company-owned iPads", + "id": 3 + } + } +] +``` + +### List Volume Purchasing Program (VPP) tokens + +_Available in Fleet Premium_ + +`GET /api/v1/fleet/vpp_tokens` + +#### Parameters + +None. + +#### Example + +`GET /api/v1/fleet/vpp_tokens` + +##### Default response + +`Status: 200` + +```json +"vpp_tokens": [ + { + "id": 1, + "org_name": "Fleet Device Management Inc.", + "location": "https://example.com/mdm/apple/mdm", + "renew_date": "2023-11-29T00:00:00Z", + "teams": [ + { + "name": "💻 Workstations", + "id": 1 + }, + { + "name": "💻🐣 Workstations (canary)", + "id": 2 + }, + { + "name": "📱🏢 Company-owned iPhones", + "id": 3 + }, + { + "name": "🔳🏢 Company-owned iPads", + "id" 4 + } + ], + } +] ``` Get Volume Purchasing Program (VPP) @@ -6758,6 +6894,29 @@ Team policies work the same as policies, but at the team level. "failing_host_count": 0, "host_count_updated_at": "2023-12-20T15:23:57Z", "calendar_events_enabled": false + }, + { + "id": 3, + "name": "macOS - install/update Adobe Acrobat", + "query": "SELECT 1 FROM apps WHERE name = \"Adobe Acrobat.app\" AND bundle_short_version != \"24.002.21005\";", + "description": "Checks if the hard disk is encrypted on Windows devices", + "critical": false, + "author_id": 43, + "author_name": "Alice", + "author_email": "alice@example.com", + "team_id": 1, + "resolution": "Resolution steps", + "platform": "darwin", + "created_at": "2021-12-16T14:37:37Z", + "updated_at": "2021-12-16T16:39:00Z", + "passing_host_count": 2300, + "failing_host_count": 3, + "host_count_updated_at": "2023-12-20T15:23:57Z", + "calendar_events_enabled": false, + "install_software": { + "name": "Adobe Acrobat.app", + "software_title_id": 1234 + } } ], "inherited_policies": [ @@ -6939,6 +7098,7 @@ The semantics for creating a team policy are the same as for global policies, se | resolution | string | body | The resolution steps for the policy. | | platform | string | body | Comma-separated target platforms, currently supported values are "windows", "linux", "darwin". The default, an empty string means target all platforms. | | critical | boolean | body | _Available in Fleet Premium_. Mark policy as critical/high impact. | +| software_title_id | integer | body | _Available in Fleet Premium_. ID of software title to install if the policy fails. | Either `query` or `query_id` must be provided. @@ -6982,7 +7142,11 @@ Either `query` or `query_id` must be provided. "passing_host_count": 0, "failing_host_count": 0, "host_count_updated_at": null, - "calendar_events_enabled": false + "calendar_events_enabled": false, + "install_software": { + "name": "Adobe Acrobat.app", + "software_title_id": 1234 + } } } ``` @@ -7037,6 +7201,7 @@ Either `query` or `query_id` must be provided. | platform | string | body | Comma-separated target platforms, currently supported values are "windows", "linux", "darwin". The default, an empty string means target all platforms. | | critical | boolean | body | _Available in Fleet Premium_. Mark policy as critical/high impact. | | calendar_events_enabled | boolean | body | _Available in Fleet Premium_. Whether to trigger calendar events when policy is failing. | +| software_title_id | integer | body | _Available in Fleet Premium_. ID of software title to install if the policy fails. | #### Example @@ -7078,7 +7243,11 @@ Either `query` or `query_id` must be provided. "passing_host_count": 0, "failing_host_count": 0, "host_count_updated_at": null, - "calendar_events_enabled": true + "calendar_events_enabled": true, + "install_software": { + "name": "Adobe Acrobat.app", + "software_title_id": 1234 + } } } ``` @@ -8246,12 +8415,15 @@ Gets the result of a script that was executed. "host_timeout": false, "host_id": 1, "execution_id": "e797d6c6-3aae-11ee-be56-0242ac120002", - "runtime": 20 + "runtime": 20, + "created_at": "2024-09-11T20:30:24Z" } ``` > Note: `exit_code` can be `null` if Fleet hasn't heard back from the host yet. +> Note: `created_at` is the creation timestamp of the script execution request. + ### Add script Uploads a script, making it available to run on hosts assigned to the specified team (or no team). @@ -8485,10 +8657,15 @@ Deletes the session specified by ID. When the user associated with the session n - [Add package](#add-package) - [List App Store apps](#list-app-store-apps) - [Add App Store app](#add-app-store-app) +- [Add Fleet library app](#add-fleet-library-app) - [Install package or App Store app](#install-package-or-app-store-app) - [Get package install result](#get-package-install-result) - [Download package](#download-package) - [Delete package or App Store app](#delete-package-or-app-store-app) +- [Batch-apply software](#batch-apply-software) +- [Batch-apply app store apps](#batch-apply-app-store-apps) +- [Get token to download package](#get-token-to-download-package) +- [Download package using a token](#download-package-using-a-token) ### List software @@ -8800,14 +8977,17 @@ Returns information about the specified software. By default, `versions` are sor "installer_id": 23, "team_id": 3, "uploaded_at": "2024-04-01T14:22:58Z", - "install_script": "sudo installer -pkg /temp/FalconSensor-6.44.pkg -target /", + "install_script": "sudo installer -pkg '$INSTALLER_PATH' -target /", "pre_install_query": "SELECT 1 FROM macos_profiles WHERE uuid='c9f4f0d5-8426-4eb8-b61b-27c543c9d3db';", "post_install_script": "sudo /Applications/Falcon.app/Contents/Resources/falconctl license 0123456789ABCDEFGHIJKLMNOPQRSTUV-WX", + "uninstall_script": "/Library/CS/falconctl uninstall", "self_service": true, "status": { "installed": 3, - "pending": 1, - "failed": 2, + "pending_install": 1, + "failed_install": 0, + "pending_uninstall": 2, + "failed_uninstall": 1 } }, "app_store_app": null, @@ -9013,7 +9193,7 @@ Add a package (.pkg, .msi, .exe, .deb) to install on macOS, Windows, or Linux (U | ---- | ------- | ---- | -------------------------------------------- | | software | file | form | **Required**. Installer package file. Supported packages are PKG, MSI, EXE, and DEB. | | team_id | integer | form | **Required**. The team ID. Adds a software package to the specified team. | -| install_script | string | form | Command that Fleet runs to install software. If not specified Fleet runs [default install command](https://github.com/fleetdm/fleet/tree/f71a1f183cc6736205510580c8366153ea083a8d/pkg/file/scripts) for each package type. | +| install_script | string | form | Script that Fleet runs to install software. If not specified Fleet runs [default install script](https://github.com/fleetdm/fleet/tree/f71a1f183cc6736205510580c8366153ea083a8d/pkg/file/scripts) for each package type. | | pre_install_query | string | form | Query that is pre-install condition. If the query doesn't return any result, Fleet won't proceed to install. | | post_install_script | string | form | The contents of the script to run after install. If the specified script fails (exit code non-zero) software install will be marked as failed and rolled back. | | self_service | boolean | form | Self-service software is optional and can be installed by the end user. | @@ -9058,6 +9238,87 @@ Content-Type: application/octet-stream `Status: 200` +### Modify package + +_Available in Fleet Premium._ + +Update a package to install on macOS, Windows, or Linux (Ubuntu) hosts. + +`PATCH /api/v1/fleet/software/titles/:title_id/package` + +#### Parameters + +| Name | Type | In | Description | +| ---- | ------- | ---- | -------------------------------------------- | +| software | file | form | Installer package file. Supported packages are PKG, MSI, EXE, and DEB. | +| team_id | integer | form | **Required**. The team ID. Updates a software package in the specified team. | +| install_script | string | form | Command that Fleet runs to install software. If not specified Fleet runs the [default install command](https://github.com/fleetdm/fleet/tree/f71a1f183cc6736205510580c8366153ea083a8d/pkg/file/scripts) for each package type. | +| pre_install_query | string | form | Query that is pre-install condition. If the query doesn't return any result, the package will not be installed. | +| post_install_script | string | form | The contents of the script to run after install. If the specified script fails (exit code non-zero) software install will be marked as failed and rolled back. | +| self_service | boolean | form | Whether this is optional self-service software that can be installed by the end user. | + +> Changes to the installer package will reset installation counts. Changes to any field other than `self_service` will cancel pending installs for the old package. +#### Example + +`PATCH /api/v1/fleet/software/titles/1/package` + +##### Request header + +```http +Content-Length: 8500 +Content-Type: multipart/form-data; boundary=------------------------d8c247122f594ba0 +``` + +##### Request body + +```http +--------------------------d8c247122f594ba0 +Content-Disposition: form-data; name="team_id" +1 +--------------------------d8c247122f594ba0 +Content-Disposition: form-data; name="self_service" +true +--------------------------d8c247122f594ba0 +Content-Disposition: form-data; name="install_script" +sudo installer -pkg /temp/FalconSensor-6.44.pkg -target / +--------------------------d8c247122f594ba0 +Content-Disposition: form-data; name="pre_install_query" +SELECT 1 FROM macos_profiles WHERE uuid='c9f4f0d5-8426-4eb8-b61b-27c543c9d3db'; +--------------------------d8c247122f594ba0 +Content-Disposition: form-data; name="post_install_script" +sudo /Applications/Falcon.app/Contents/Resources/falconctl license 0123456789ABCDEFGHIJKLMNOPQRSTUV-WX +--------------------------d8c247122f594ba0 +Content-Disposition: form-data; name="software"; filename="FalconSensor-6.44.pkg" +Content-Type: application/octet-stream +
-
- );
- }
-
if (errorLabels || errorTeams) {
return (
Select targets
-
-
-
diff --git a/frontend/components/LiveQuery/TargetsInput/TargetsInput.tsx b/frontend/components/LiveQuery/TargetsInput/TargetsInput.tsx
index dcfc2074d8b6..e54830081ed1 100644
--- a/frontend/components/LiveQuery/TargetsInput/TargetsInput.tsx
+++ b/frontend/components/LiveQuery/TargetsInput/TargetsInput.tsx
@@ -1,4 +1,4 @@
-import React from "react";
+import React, { useRef, useEffect, useState } from "react";
import { Row } from "react-table";
import { isEmpty, pullAllBy } from "lodash";
@@ -9,7 +9,6 @@ import DataError from "components/DataError";
// @ts-ignore
import InputFieldWithIcon from "components/forms/fields/InputFieldWithIcon/InputFieldWithIcon";
import TableContainer from "components/TableContainer";
-import Spinner from "components/Spinner";
import { ITargestInputHostTableConfig } from "./TargetsInputHostsTableConfig";
interface ITargetsInputProps {
@@ -51,12 +50,39 @@ const TargetsInput = ({
handleRowSelect,
setSearchText,
}: ITargetsInputProps): JSX.Element => {
+ const dropdownRef = useRef(null);
const dropdownHosts =
searchResults && pullAllBy(searchResults, targetedHosts, "display_name");
- const isActiveSearch =
- !isEmpty(searchText) && (!hasFetchError || isTargetsLoading);
+
+ const [isActiveSearch, setIsActiveSearch] = useState(false);
+
const isSearchError = !isEmpty(searchText) && hasFetchError;
+ // Closes target search results when clicking outside of results
+ // But not during API loading state as it will reopen on API return
+ useEffect(() => {
+ if (!isTargetsLoading) {
+ const handleClickOutside = (event: MouseEvent) => {
+ if (
+ dropdownRef.current &&
+ !dropdownRef.current.contains(event.target as Node)
+ ) {
+ setIsActiveSearch(false);
+ }
+ };
+
+ document.addEventListener("mousedown", handleClickOutside);
+ return () => {
+ document.removeEventListener("mousedown", handleClickOutside);
+ };
+ }
+ }, [isTargetsLoading]);
+
+ useEffect(() => {
+ setIsActiveSearch(
+ !isEmpty(searchText) && (!hasFetchError || isTargetsLoading)
+ );
+ }, [searchText, hasFetchError, isTargetsLoading]);
return (
@@ -71,35 +97,35 @@ const TargetsInput = ({
placeholder={placeholder}
onChange={setSearchText}
/>
- {isActiveSearch &&
- (isTargetsLoading ? (
- ;
+ }
+
return (
<>
{
+ const tooltipAction: Record = {
+ runScript: "run scripts on",
+ wipe: "wipe",
+ lock: "lock",
+ unlock: "unlock",
+ installSoftware: "install software on", // Host software dropdown option
+ uninstallSoftware: "uninstall software on", // Host software dropdown option
+ };
+ if (tooltipAction[value]) {
+ return (
+ <>
+ To {tooltipAction[value]} this host, deploy the
+
+ fleetd agent with --enable-scripts and +
+ refetch host vitals + + ); + } + if (!isHostOnline && value === "query") { + return <>You can't query an offline host.; + } + return undefined; +}; + const modifyOptions = ( options: IDropdownOption[], { @@ -291,34 +321,13 @@ const modifyOptions = ( hostPlatform, }: IHostActionConfigOptions ) => { - // Available tooltips for disabled options - const getDropdownOptionTooltipContent = (value: string | number) => { - const tooltipAction: Record = {
- runScript: "run scripts on",
- wipe: "wipe",
- lock: "lock",
- unlock: "unlock",
- };
- if (tooltipAction[value]) {
- return (
- <>
- To {tooltipAction[value]} this host, deploy the
-
- fleetd agent with --enable-scripts and -
- refetch host vitals - - ); - } - if (!isHostOnline && value === "query") { - return <>You can't query an offline host.; - } - }; - const disableOptions = (optionsToDisable: IDropdownOption[]) => { optionsToDisable.forEach((option) => { option.disabled = true; - option.tooltipContent = getDropdownOptionTooltipContent(option.value); + option.tooltipContent = getDropdownOptionTooltipContent( + option.value, + isHostOnline + ); }); }; diff --git a/frontend/pages/hosts/details/HostDetailsPage/HostDetailsPage.tsx b/frontend/pages/hosts/details/HostDetailsPage/HostDetailsPage.tsx index 5c627edb9a62..0c56d7c6ca4d 100644 --- a/frontend/pages/hosts/details/HostDetailsPage/HostDetailsPage.tsx +++ b/frontend/pages/hosts/details/HostDetailsPage/HostDetailsPage.tsx @@ -946,6 +946,7 @@ const HostDetailsPage = ({ platform={host.platform} softwareUpdatedAt={host.software_updated_at} hostCanWriteSoftware={!!host.orbit_version || isIosOrIpadosHost} + hostScriptsEnabled={host.scripts_enabled || false} isSoftwareEnabled={featuresConfig?.enable_software_inventory} router={router} queryParams={parseHostSoftwareQueryParams(location.query)} diff --git a/frontend/pages/hosts/details/HostDetailsPage/_styles.scss b/frontend/pages/hosts/details/HostDetailsPage/_styles.scss index 3809916a6b4a..25f6e705f60d 100644 --- a/frontend/pages/hosts/details/HostDetailsPage/_styles.scss +++ b/frontend/pages/hosts/details/HostDetailsPage/_styles.scss @@ -63,11 +63,6 @@ flex-direction: row; } } - &__block { - display: flex; - flex-direction: column; - margin-right: $pad-xxlarge; - } &__data { margin-bottom: $pad-medium; diff --git a/frontend/pages/hosts/details/_styles.scss b/frontend/pages/hosts/details/_styles.scss index e3f17951b7fc..f2ef26fe9d9a 100644 --- a/frontend/pages/hosts/details/_styles.scss +++ b/frontend/pages/hosts/details/_styles.scss @@ -21,41 +21,6 @@ margin: 0 0 $pad-medium 0; } - .info-grid { - display: grid; - grid-auto-flow: column; - grid-template-columns: repeat( - 3, - max-content - ); // Prevents overflow off screen - grid-template-rows: repeat(4, 1fr); - column-gap: $pad-xxlarge; - row-gap: $pad-medium; - - @media (min-width: $break-md) { - grid-template-columns: repeat(4, max-content); - grid-template-rows: repeat(3, 1fr); - } - - &__block { - font-size: $x-small; - display: flex; - flex-direction: column; - white-space: nowrap; - } - - &__data { - .device-mapping { - &__source { - color: $ui-fleet-black-75; - } - &__more { - color: $ui-fleet-black-50; - } - } - } - } - .list { list-style: none; padding: 0; diff --git a/frontend/pages/hosts/details/cards/About/About.tsx b/frontend/pages/hosts/details/cards/About/About.tsx index 94d1bdf36f66..f1667f890059 100644 --- a/frontend/pages/hosts/details/cards/About/About.tsx +++ b/frontend/pages/hosts/details/cards/About/About.tsx @@ -189,11 +189,11 @@ const About = ({
- >
- columnConfigs={searchResultsTableConfig}
- data={dropdownHosts}
- isLoading={false}
- emptyComponent={() => (
-
the host is updated to exactly the minimum version if it's +
available from Apple. +
+
If a new or wiped host is below the minimum version and +
automatically enrolls (ADE), the host is updated to Apple's +
lastest version during Setup Assistant. + + ); }; const getDeadlineTooltip = (platform: ApplePlatform) => { @@ -206,9 +197,17 @@ const AppleOSTargetForm = ({
- setIsSelfService(newVal)}
- className={`${baseClass}__self-service-checkbox`}
- tooltipContent={
- <>
- End users can install from Fleet Desktop {">"}{" "}
- Self-service.
-
- }
- >
- Self-service
-
+ {renderSelfServiceContent(
+ (selectedApp && selectedApp.platform) || ""
+ )}
);
}
diff --git a/frontend/pages/SoftwarePage/components/AppStoreVpp/helpers.tsx b/frontend/pages/SoftwarePage/components/AppStoreVpp/helpers.tsx
index 76c131769fa1..8d8c5a171d89 100644
--- a/frontend/pages/SoftwarePage/components/AppStoreVpp/helpers.tsx
+++ b/frontend/pages/SoftwarePage/components/AppStoreVpp/helpers.tsx
@@ -35,13 +35,15 @@ const generateAlreadyAvailableMessage = (msg: string) => {
// eslint-disable-next-line import/prefer-default-export
export const getErrorMessage = (e: unknown) => {
- const reason = getErrorReason(e);
-
+ let reason = getErrorReason(e);
// software is already available for install
if (reason.toLowerCase().includes("already")) {
return generateAlreadyAvailableMessage(reason);
}
- return DEFAULT_ERROR_MESSAGE;
+ if (reason && !reason.endsWith(".")) {
+ reason += ".";
+ }
+ return reason || DEFAULT_ERROR_MESSAGE;
};
export const getUniqueAppId = (app: IVppApp) =>
diff --git a/frontend/pages/SoftwarePage/components/icons/index.ts b/frontend/pages/SoftwarePage/components/icons/index.ts
index 59e618700949..2c8d355f7e98 100644
--- a/frontend/pages/SoftwarePage/components/icons/index.ts
+++ b/frontend/pages/SoftwarePage/components/icons/index.ts
@@ -45,6 +45,7 @@ const SOFTWARE_NAME_TO_ICON_MAP = {
"microsoft teams": Teams,
"visual studio code": VisualStudioCode,
"microsoft word": Word,
+ "google chrome": ChromeApp,
darwin: MacOS,
windows: WindowsOS,
chrome: ChromeOS,
@@ -113,8 +114,6 @@ const matchStrictNameSourceToIcon = ({
return Zoom;
case name === "zoom":
return Zoom;
- case name === "google chrome":
- return ChromeApp;
default:
return null;
}
diff --git a/frontend/pages/hosts/ManageHostsPage/ManageHostsPage.tsx b/frontend/pages/hosts/ManageHostsPage/ManageHostsPage.tsx
index 6464f4d59bf4..7c95b74cfcab 100644
--- a/frontend/pages/hosts/ManageHostsPage/ManageHostsPage.tsx
+++ b/frontend/pages/hosts/ManageHostsPage/ManageHostsPage.tsx
@@ -1430,16 +1430,11 @@ const ManageHostsPage = ({
? selectedLabel
: undefined;
- const statusDropdownClassnames = classNames(
- `${baseClass}__status_dropdown`,
- { [`${baseClass}__status-dropdown-sandbox`]: isSandboxMode }
- );
-
return (
-
+ )}
{isSearchError && (
-
+ {isActiveSearch && (
+ No hosts match the current search criteria.
-- Expecting to see hosts? Try again in a few seconds as - the system catches up. -
-
+ >
+ columnConfigs={searchResultsTableConfig}
+ data={dropdownHosts}
+ isLoading={isTargetsLoading}
+ emptyComponent={() => (
+
+ )}
+ showMarkAllPages={false}
+ isAllPagesSelected={false}
+ disableCount
+ disablePagination
+ disableMultiRowSelect
+ onClickRow={handleRowSelect}
+ />
+
+
- ))}
+
+
- )}
- showMarkAllPages={false}
- isAllPagesSelected={false}
- disableCount
- disablePagination
- disableMultiRowSelect
- onClickRow={handleRowSelect}
- />
- No hosts match the current search criteria.
++ Expecting to see hosts? Try again in a few seconds as the + system catches up. +
the host is updated to exactly the minimum version if it's +
available from Apple. +
+
If a new or wiped host is below the minimum version and +
automatically enrolls (ADE), the host is updated to Apple's +
lastest version during Setup Assistant. + + ); }; const getDeadlineTooltip = (platform: ApplePlatform) => { @@ -206,9 +197,17 @@ const AppleOSTargetForm = ({
+ fleetd agent with --enable-scripts and +
+ refetch host vitals + + ); + } + if (!isHostOnline && value === "query") { + return <>You can't query an offline host.; + } + return undefined; +}; + const modifyOptions = ( options: IDropdownOption[], { @@ -291,34 +321,13 @@ const modifyOptions = ( hostPlatform, }: IHostActionConfigOptions ) => { - // Available tooltips for disabled options - const getDropdownOptionTooltipContent = (value: string | number) => { - const tooltipAction: Record
- fleetd agent with --enable-scripts and -
- refetch host vitals - - ); - } - if (!isHostOnline && value === "query") { - return <>You can't query an offline host.; - } - }; - const disableOptions = (optionsToDisable: IDropdownOption[]) => { optionsToDisable.forEach((option) => { option.disabled = true; - option.tooltipContent = getDropdownOptionTooltipContent(option.value); + option.tooltipContent = getDropdownOptionTooltipContent( + option.value, + isHostOnline + ); }); }; diff --git a/frontend/pages/hosts/details/HostDetailsPage/HostDetailsPage.tsx b/frontend/pages/hosts/details/HostDetailsPage/HostDetailsPage.tsx index 5c627edb9a62..0c56d7c6ca4d 100644 --- a/frontend/pages/hosts/details/HostDetailsPage/HostDetailsPage.tsx +++ b/frontend/pages/hosts/details/HostDetailsPage/HostDetailsPage.tsx @@ -946,6 +946,7 @@ const HostDetailsPage = ({ platform={host.platform} softwareUpdatedAt={host.software_updated_at} hostCanWriteSoftware={!!host.orbit_version || isIosOrIpadosHost} + hostScriptsEnabled={host.scripts_enabled || false} isSoftwareEnabled={featuresConfig?.enable_software_inventory} router={router} queryParams={parseHostSoftwareQueryParams(location.query)} diff --git a/frontend/pages/hosts/details/HostDetailsPage/_styles.scss b/frontend/pages/hosts/details/HostDetailsPage/_styles.scss index 3809916a6b4a..25f6e705f60d 100644 --- a/frontend/pages/hosts/details/HostDetailsPage/_styles.scss +++ b/frontend/pages/hosts/details/HostDetailsPage/_styles.scss @@ -63,11 +63,6 @@ flex-direction: row; } } - &__block { - display: flex; - flex-direction: column; - margin-right: $pad-xxlarge; - } &__data { margin-bottom: $pad-medium; diff --git a/frontend/pages/hosts/details/_styles.scss b/frontend/pages/hosts/details/_styles.scss index e3f17951b7fc..f2ef26fe9d9a 100644 --- a/frontend/pages/hosts/details/_styles.scss +++ b/frontend/pages/hosts/details/_styles.scss @@ -21,41 +21,6 @@ margin: 0 0 $pad-medium 0; } - .info-grid { - display: grid; - grid-auto-flow: column; - grid-template-columns: repeat( - 3, - max-content - ); // Prevents overflow off screen - grid-template-rows: repeat(4, 1fr); - column-gap: $pad-xxlarge; - row-gap: $pad-medium; - - @media (min-width: $break-md) { - grid-template-columns: repeat(4, max-content); - grid-template-rows: repeat(3, 1fr); - } - - &__block { - font-size: $x-small; - display: flex; - flex-direction: column; - white-space: nowrap; - } - - &__data { - .device-mapping { - &__source { - color: $ui-fleet-black-75; - } - &__more { - color: $ui-fleet-black-50; - } - } - } - } - .list { list-style: none; padding: 0; diff --git a/frontend/pages/hosts/details/cards/About/About.tsx b/frontend/pages/hosts/details/cards/About/About.tsx index 94d1bdf36f66..f1667f890059 100644 --- a/frontend/pages/hosts/details/cards/About/About.tsx +++ b/frontend/pages/hosts/details/cards/About/About.tsx @@ -189,11 +189,11 @@ const About = ({
About
-
+
void;
isSoftwareEnabled?: boolean;
+ hostScriptsEnabled?: boolean;
isMyDevicePage?: boolean;
}
@@ -87,6 +88,7 @@ const HostSoftware = ({
platform,
softwareUpdatedAt,
hostCanWriteSoftware,
+ hostScriptsEnabled,
router,
queryParams,
pathname,
@@ -190,7 +192,7 @@ const HostSoftware = ({
"Software is installing or will install when the host comes online."
);
} catch (e) {
- renderFlash("error", getErrorMessage(e));
+ renderFlash("error", getInstallErrorMessage(e));
}
setSoftwareIdActionPending(null);
refetchSoftware();
@@ -211,7 +213,7 @@ const HostSoftware = ({
);
} catch (e) {
- renderFlash("error", "Couldn't uninstall. Please try again.");
+ renderFlash("error", getUninstallErrorMessage(e));
}
setSoftwareIdActionPending(null);
refetchSoftware();
@@ -249,6 +251,7 @@ const HostSoftware = ({
router,
softwareIdActionPending,
userHasSWWritePermission,
+ hostScriptsEnabled,
onSelectAction,
teamId: hostTeamId,
hostCanWriteSoftware,
@@ -258,6 +261,7 @@ const HostSoftware = ({
router,
softwareIdActionPending,
userHasSWWritePermission,
+ hostScriptsEnabled,
onSelectAction,
hostTeamId,
hostCanWriteSoftware,
diff --git a/frontend/pages/hosts/details/cards/Software/HostSoftwareTableConfig.tests.tsx b/frontend/pages/hosts/details/cards/Software/HostSoftwareTableConfig.tests.tsx
new file mode 100644
index 000000000000..68c7a854d960
--- /dev/null
+++ b/frontend/pages/hosts/details/cards/Software/HostSoftwareTableConfig.tests.tsx
@@ -0,0 +1,100 @@
+import {
+ generateActions,
+ DEFAULT_ACTION_OPTIONS,
+ generateActionsProps,
+} from "./HostSoftwareTableConfig";
+
+describe("generateActions", () => {
+ const defaultProps: generateActionsProps = {
+ userHasSWWritePermission: true,
+ hostScriptsEnabled: true,
+ hostCanWriteSoftware: true,
+ softwareIdActionPending: null,
+ softwareId: 1,
+ status: null,
+ software_package: null,
+ app_store_app: null,
+ };
+
+ it("returns default actions when user has write permission and scripts are enabled", () => {
+ const actions = generateActions(defaultProps);
+ expect(actions).toEqual(DEFAULT_ACTION_OPTIONS);
+ });
+
+ it("removes install and uninstall actions when user has no write permission", () => {
+ const props = { ...defaultProps, userHasSWWritePermission: false };
+ const actions = generateActions(props);
+ expect(actions.find((a) => a.value === "install")).toBeUndefined();
+ expect(actions.find((a) => a.value === "uninstall")).toBeUndefined();
+ });
+
+ it("disables install and uninstall actions when host scripts are disabled", () => {
+ const props = { ...defaultProps, hostScriptsEnabled: false };
+ const actions = generateActions(props);
+ expect(actions.find((a) => a.value === "install")?.disabled).toBe(true);
+ expect(actions.find((a) => a.value === "uninstall")?.disabled).toBe(true);
+ });
+
+ it("disables install and uninstall actions when locally pending (waiting for API response)", () => {
+ const props = {
+ ...defaultProps,
+ softwareIdActionPending: 1,
+ softwareId: 1,
+ };
+ const actions = generateActions(props);
+ expect(actions.find((a) => a.value === "install")?.disabled).toBe(true);
+ expect(actions.find((a) => a.value === "uninstall")?.disabled).toBe(true);
+ });
+
+ it("disables install and uninstall actions when pending install status", () => {
+ const props: generateActionsProps = {
+ ...defaultProps,
+ status: "pending_install",
+ };
+ const actions = generateActions(props);
+ expect(actions.find((a) => a.value === "install")?.disabled).toBe(true);
+ expect(actions.find((a) => a.value === "uninstall")?.disabled).toBe(true);
+ });
+
+ it("disables install and uninstall actions when pending uninstall status", () => {
+ const props: generateActionsProps = {
+ ...defaultProps,
+ status: "pending_uninstall",
+ };
+ const actions = generateActions(props);
+ expect(actions.find((a) => a.value === "install")?.disabled).toBe(true);
+ expect(actions.find((a) => a.value === "uninstall")?.disabled).toBe(true);
+ });
+
+ it("removes uninstall action for VPP apps", () => {
+ const props: generateActionsProps = {
+ ...defaultProps,
+ app_store_app: {
+ app_store_id: "1",
+ self_service: false,
+ icon_url: "",
+ version: "",
+ last_install: { command_uuid: "", installed_at: "" },
+ },
+ };
+ const actions = generateActions(props);
+ expect(actions.find((a) => a.value === "uninstall")).toBeUndefined();
+ });
+
+ it("allows to install VPP apps even if scripts are disabled", () => {
+ const props: generateActionsProps = {
+ ...defaultProps,
+ hostScriptsEnabled: false,
+ app_store_app: {
+ app_store_id: "1",
+ self_service: false,
+ icon_url: "",
+ version: "",
+ last_install: { command_uuid: "", installed_at: "" },
+ },
+ };
+ const actions = generateActions(props);
+ expect(actions.find((a) => a.value === "install")?.disabled).toBe(false);
+ expect(actions.find((a) => a.value === "uninstall")).toBeUndefined();
+ });
+});
diff --git a/frontend/pages/hosts/details/cards/Software/HostSoftwareTableConfig.tsx b/frontend/pages/hosts/details/cards/Software/HostSoftwareTableConfig.tsx
index dd4aef833e74..c6a07ce7fa18 100644
--- a/frontend/pages/hosts/details/cards/Software/HostSoftwareTableConfig.tsx
+++ b/frontend/pages/hosts/details/cards/Software/HostSoftwareTableConfig.tsx
@@ -29,8 +29,9 @@ import VersionCell from "pages/SoftwarePage/components/VersionCell";
import { getVulnerabilities } from "pages/SoftwarePage/SoftwareTitles/SoftwareTable/SoftwareTitlesTableConfig";
import InstallStatusCell from "./InstallStatusCell";
+import { getDropdownOptionTooltipContent } from "../../HostDetailsPage/HostActionsDropdown/helpers";
-const DEFAULT_ACTION_OPTIONS: IDropdownOption[] = [
+export const DEFAULT_ACTION_OPTIONS: IDropdownOption[] = [
{ value: "showDetails", label: "Show details", disabled: false },
{ value: "install", label: "Install", disabled: false },
{ value: "uninstall", label: "Uninstall", disabled: false },
@@ -50,24 +51,25 @@ type IInstalledVersionsCellProps = CellProps<
>;
type IVulnerabilitiesCellProps = IInstalledVersionsCellProps;
-const generateActions = ({
- userHasSWWritePermission,
- // Commenting below in case there is a quick decision to use these conditions after all
- // hostCanWriteSoftware,
- // software_package,
- softwareIdActionPending,
- softwareId,
- status,
- app_store_app,
-}: {
+export interface generateActionsProps {
userHasSWWritePermission: boolean;
+ hostScriptsEnabled: boolean;
hostCanWriteSoftware: boolean;
softwareIdActionPending: number | null;
softwareId: number;
status: SoftwareInstallStatus | null;
software_package: IHostSoftwarePackage | null;
app_store_app: IHostAppStoreApp | null;
-}) => {
+}
+
+export const generateActions = ({
+ userHasSWWritePermission,
+ hostScriptsEnabled,
+ softwareIdActionPending,
+ softwareId,
+ status,
+ app_store_app,
+}: generateActionsProps) => {
// this gives us a clean slate of the default actions so we can modify
// the options.
const actions = cloneDeep(DEFAULT_ACTION_OPTIONS);
@@ -88,15 +90,30 @@ const generateActions = ({
}
if (!userHasSWWritePermission) {
- actions.splice(indexInstallAction, 1);
+ // Reverse order to not change index of subsequent array element before removal
actions.splice(indexUninstallAction, 1);
+ actions.splice(indexInstallAction, 1);
} else {
+ // if host's scripts are disabled, and this isn't a VPP app, disable
+ // install/uninstall with tooltip
+ if (!hostScriptsEnabled && !app_store_app) {
+ actions[indexInstallAction].disabled = true;
+ actions[indexUninstallAction].disabled = true;
+
+ actions[
+ indexInstallAction
+ ].tooltipContent = getDropdownOptionTooltipContent("installSoftware");
+ actions[
+ indexUninstallAction
+ ].tooltipContent = getDropdownOptionTooltipContent("uninstallSoftware");
+ }
+
// user has software write permission for host
const pendingStatuses = ["pending_install", "pending_uninstall"];
+ // if locally pending (waiting for API response) or pending install/uninstall,
+ // disable both install and uninstall
if (
- // if locally pending (waiting for API response) or pending install/uninstall, disable both
- // install and uninstall
softwareId === softwareIdActionPending ||
pendingStatuses.includes(status || "")
) {
@@ -114,6 +131,7 @@ const generateActions = ({
interface ISoftwareTableHeadersProps {
userHasSWWritePermission: boolean;
+ hostScriptsEnabled?: boolean;
hostCanWriteSoftware: boolean;
softwareIdActionPending: number | null;
router: InjectedRouter;
@@ -125,6 +143,7 @@ interface ISoftwareTableHeadersProps {
// more info here https://react-table.tanstack.com/docs/api/useTable#cell-properties
export const generateSoftwareTableHeaders = ({
userHasSWWritePermission,
+ hostScriptsEnabled = false,
hostCanWriteSoftware,
softwareIdActionPending,
router,
@@ -217,6 +236,7 @@ export const generateSoftwareTableHeaders = ({
placeholder="Actions"
options={generateActions({
userHasSWWritePermission,
+ hostScriptsEnabled,
hostCanWriteSoftware,
softwareIdActionPending,
softwareId,
diff --git a/frontend/pages/hosts/details/cards/Software/SelfService/SelfServiceItem/_styles.scss b/frontend/pages/hosts/details/cards/Software/SelfService/SelfServiceItem/_styles.scss
index eb21c7d118a8..9b4ae26e5ec3 100644
--- a/frontend/pages/hosts/details/cards/Software/SelfService/SelfServiceItem/_styles.scss
+++ b/frontend/pages/hosts/details/cards/Software/SelfService/SelfServiceItem/_styles.scss
@@ -13,7 +13,7 @@
&__item-topline {
display: flex;
flex-direction: row;
- height: 64px;
+ height: 66px;
align-items: center;
gap: 16px;
overflow: hidden;
diff --git a/frontend/pages/hosts/details/cards/Software/_styles.scss b/frontend/pages/hosts/details/cards/Software/_styles.scss
index a87305760ad1..331c9861e943 100644
--- a/frontend/pages/hosts/details/cards/Software/_styles.scss
+++ b/frontend/pages/hosts/details/cards/Software/_styles.scss
@@ -9,7 +9,7 @@
.Select {
.Select-menu-outer {
width: 364px;
- max-height: 310px;
+ max-height: min-content;
.Select-menu {
max-height: none;
diff --git a/frontend/pages/hosts/details/cards/Software/helpers.tsx b/frontend/pages/hosts/details/cards/Software/helpers.tsx
index 2020a1487090..2c12ca9e101d 100644
--- a/frontend/pages/hosts/details/cards/Software/helpers.tsx
+++ b/frontend/pages/hosts/details/cards/Software/helpers.tsx
@@ -3,7 +3,10 @@ import { getErrorReason } from "interfaces/errors";
import { trimEnd, upperFirst } from "lodash";
const INSTALL_SOFTWARE_ERROR_PREFIX = "Couldn't install.";
-const DEFAULT_ERROR_MESSAGE = `${INSTALL_SOFTWARE_ERROR_PREFIX} Please try again.`;
+const DEFAULT_INSTALL_ERROR_MESSAGE = `${INSTALL_SOFTWARE_ERROR_PREFIX} Please try again.`;
+
+const UNINSTALL_SOFTWARE_ERROR_PREFIX = "Couldn't uninstall.";
+const DEFAULT_UNINSTALL_ERROR_MESSAGE = `${UNINSTALL_SOFTWARE_ERROR_PREFIX} Please try again.`;
const createOnlyInstallableOnMacOSMessage = (reason: string) =>
`Couldn't install. ${reason.replace("darwin", "macOS")}.`;
@@ -28,7 +31,7 @@ const showAPIMessage = (message: string) => {
};
// eslint-disable-next-line import/prefer-default-export
-export const getErrorMessage = (e: unknown) => {
+export const getInstallErrorMessage = (e: unknown) => {
const reason = upperFirst(trimEnd(getErrorReason(e), "."));
if (reason.includes("fleetd installed")) {
@@ -41,5 +44,28 @@ export const getErrorMessage = (e: unknown) => {
return reason;
}
- return DEFAULT_ERROR_MESSAGE;
+ return DEFAULT_INSTALL_ERROR_MESSAGE;
+};
+
+// eslint-disable-next-line import/prefer-default-export
+export const getUninstallErrorMessage = (e: unknown) => {
+ const reason = upperFirst(trimEnd(getErrorReason(e), "."));
+
+ if (
+ reason.includes("run script") ||
+ reason.includes("running script") ||
+ reason.includes("have fleetd") ||
+ reason.includes("only on")
+ ) {
+ return `${UNINSTALL_SOFTWARE_ERROR_PREFIX} ${reason}.`;
+ } else if (reason.startsWith("Couldn't uninstall software.")) {
+ return reason.replace(
+ "Couldn't uninstall software.",
+ "Couldn't uninstall."
+ );
+ } else if (reason.startsWith("No uninstall script exists")) {
+ return `${UNINSTALL_SOFTWARE_ERROR_PREFIX}. An uninstall script does not exist for this package.`;
+ }
+
+ return DEFAULT_UNINSTALL_ERROR_MESSAGE;
};
diff --git a/frontend/pages/labels/NewLabelPage/DynamicLabel/DynamicLabel.tsx b/frontend/pages/labels/NewLabelPage/DynamicLabel/DynamicLabel.tsx
index 8f3237d27820..b11deb64e5de 100644
--- a/frontend/pages/labels/NewLabelPage/DynamicLabel/DynamicLabel.tsx
+++ b/frontend/pages/labels/NewLabelPage/DynamicLabel/DynamicLabel.tsx
@@ -1,12 +1,14 @@
-import React, { useContext } from "react";
+import React, { useContext, useCallback } from "react";
import { RouteComponentProps } from "react-router";
import PATHS from "router/paths";
import labelsAPI from "services/entities/labels";
import { NotificationContext } from "context/notification";
+import { IApiError } from "interfaces/errors";
import DynamicLabelForm from "pages/labels/components/DynamicLabelForm";
import { IDynamicLabelFormData } from "pages/labels/components/DynamicLabelForm/DynamicLabelForm";
+import { DUPLICATE_ENTRY_ERROR } from "../ManualLabel/ManualLabel";
const baseClass = "dynamic-label";
@@ -26,15 +28,22 @@ const DynamicLabel = ({
}: IDynamicLabelProps) => {
const { renderFlash } = useContext(NotificationContext);
- const onSaveNewLabel = async (formData: IDynamicLabelFormData) => {
- try {
- const res = await labelsAPI.create(formData);
- router.push(PATHS.MANAGE_HOSTS_LABEL(res.label.id));
- renderFlash("success", "Label added successfully.");
- } catch {
- renderFlash("error", "Couldn't add label. Please try again.");
- }
- };
+ const onSaveNewLabel = useCallback(
+ (formData: IDynamicLabelFormData) => {
+ labelsAPI
+ .create(formData)
+ .then((res) => {
+ router.push(PATHS.MANAGE_HOSTS_LABEL(res.label.id));
+ renderFlash("success", "Label added successfully.");
+ })
+ .catch((error: { data: IApiError }) => {
+ if (error.data.errors[0].reason.includes("Duplicate entry")) {
+ renderFlash("error", DUPLICATE_ENTRY_ERROR);
+ } else renderFlash("error", "Couldn't add label. Please try again.");
+ });
+ },
+ [renderFlash, router]
+ );
const onCancelLabel = () => {
router.goBack();
diff --git a/frontend/pages/labels/NewLabelPage/ManualLabel/ManualLabel.tsx b/frontend/pages/labels/NewLabelPage/ManualLabel/ManualLabel.tsx
index 1dd4553f7abe..a1ed3ac2b964 100644
--- a/frontend/pages/labels/NewLabelPage/ManualLabel/ManualLabel.tsx
+++ b/frontend/pages/labels/NewLabelPage/ManualLabel/ManualLabel.tsx
@@ -1,29 +1,40 @@
-import React, { useContext } from "react";
+import React, { useCallback, useContext } from "react";
import { RouteComponentProps } from "react-router";
import PATHS from "router/paths";
import labelsAPI from "services/entities/labels";
import { NotificationContext } from "context/notification";
+import { IApiError } from "interfaces/errors";
import ManualLabelForm from "pages/labels/components/ManualLabelForm";
import { IManualLabelFormData } from "pages/labels/components/ManualLabelForm/ManualLabelForm";
const baseClass = "manual-label";
+export const DUPLICATE_ENTRY_ERROR =
+ "Couldn't add. A label with this name already exists.";
+
type IManualLabelProps = RouteComponentProps;
const ManualLabel = ({ router }: IManualLabelProps) => {
const { renderFlash } = useContext(NotificationContext);
- const onSaveNewLabel = async (formData: IManualLabelFormData) => {
- try {
- const res = await labelsAPI.create(formData);
- router.push(PATHS.MANAGE_HOSTS_LABEL(res.label.id));
- renderFlash("success", "Label added successfully.");
- } catch {
- renderFlash("error", "Couldn't add label. Please try again.");
- }
- };
+ const onSaveNewLabel = useCallback(
+ (formData: IManualLabelFormData) => {
+ labelsAPI
+ .create(formData)
+ .then((res) => {
+ router.push(PATHS.MANAGE_HOSTS_LABEL(res.label.id));
+ renderFlash("success", "Label added successfully.");
+ })
+ .catch((error: { data: IApiError }) => {
+ if (error.data.errors[0].reason.includes("Duplicate entry")) {
+ renderFlash("error", DUPLICATE_ENTRY_ERROR);
+ } else renderFlash("error", "Couldn't add label. Please try again.");
+ });
+ },
+ [renderFlash, router]
+ );
const onCancelLabel = () => {
router.goBack();
diff --git a/frontend/pages/policies/PolicyPage/screens/QueryEditor.tsx b/frontend/pages/policies/PolicyPage/screens/QueryEditor.tsx
index 9da71beb8b11..553209818efd 100644
--- a/frontend/pages/policies/PolicyPage/screens/QueryEditor.tsx
+++ b/frontend/pages/policies/PolicyPage/screens/QueryEditor.tsx
@@ -198,7 +198,7 @@ const QueryEditor = ({
const updateAPIRequest = () => {
// storedPolicy.team_id is used for existing policies because selectedTeamId is subject to change
- const team_id = storedPolicy?.team_id;
+ const team_id = storedPolicy?.team_id ?? undefined;
return team_id !== undefined
? teamPoliciesAPI.update(policyIdForEdit, {
diff --git a/frontend/pages/queries/ManageQueriesPage/_styles.scss b/frontend/pages/queries/ManageQueriesPage/_styles.scss
index 3f7cd2515089..ea724a00c250 100644
--- a/frontend/pages/queries/ManageQueriesPage/_styles.scss
+++ b/frontend/pages/queries/ManageQueriesPage/_styles.scss
@@ -63,7 +63,7 @@
&__platform-dropdown {
.Select-menu-outer {
width: 364px;
- max-height: 380px;
+ max-height: min-content;
.Select-menu {
max-height: none;
diff --git a/frontend/pages/queries/details/QueryDetailsPage/QueryDetailsPage.tsx b/frontend/pages/queries/details/QueryDetailsPage/QueryDetailsPage.tsx
index 42a2413c99d0..cdaec1aebd69 100644
--- a/frontend/pages/queries/details/QueryDetailsPage/QueryDetailsPage.tsx
+++ b/frontend/pages/queries/details/QueryDetailsPage/QueryDetailsPage.tsx
@@ -49,7 +49,12 @@ interface IQueryDetailsPageProps {
params: Params;
location: {
pathname: string;
- query: { team_id?: string; order_key?: string; order_direction?: string };
+ query: {
+ team_id?: string;
+ order_key?: string;
+ order_direction?: string;
+ host_id?: string;
+ };
search: string;
};
}
@@ -67,6 +72,12 @@ const QueryDetailsPage = ({
}
const queryParams = location.query;
+ // Present when observer is redirected from host details > query
+ // since observer does not have access to edit page
+ const hostId = queryParams?.host_id
+ ? parseInt(queryParams.host_id, 10)
+ : undefined;
+
const { currentTeamId } = useTeamIdParam({
location,
router,
@@ -295,7 +306,7 @@ const QueryDetailsPage = ({
onClick={() => {
queryId &&
router.push(
- PATHS.LIVE_QUERY(queryId, currentTeamId)
+ PATHS.LIVE_QUERY(queryId, currentTeamId, hostId)
);
}}
disabled={isLiveQueryDisabled}
diff --git a/frontend/pages/queries/edit/EditQueryPage.tsx b/frontend/pages/queries/edit/EditQueryPage.tsx
index addfd6b06175..d2bc087b60c8 100644
--- a/frontend/pages/queries/edit/EditQueryPage.tsx
+++ b/frontend/pages/queries/edit/EditQueryPage.tsx
@@ -208,7 +208,14 @@ const EditQueryPage = ({
queryId > 0 &&
!canEditExistingQuery
) {
- router.push(PATHS.QUERY_DETAILS(queryId));
+ // Reroute to query report page still maintains query params for live query purposes
+ const baseUrl = PATHS.QUERY_DETAILS(queryId);
+ const queryParams = buildQueryStringFromParams({
+ host_id: location.query.host_id,
+ team_id: location.query.team_id,
+ });
+
+ router.push(queryParams ? `${baseUrl}?${queryParams}` : baseUrl);
}
}, [queryId, isTeamMaintainerOrTeamAdmin, isStoredQueryLoading]);
diff --git a/frontend/router/paths.ts b/frontend/router/paths.ts
index faaa9f35b7a0..1db857b43231 100644
--- a/frontend/router/paths.ts
+++ b/frontend/router/paths.ts
@@ -1,3 +1,5 @@
+import { buildQueryStringFromParams } from "utilities/url";
+
import { IPolicy } from "../interfaces/policy";
import URL_PREFIX from "./url_prefix";
@@ -95,10 +97,17 @@ export default {
teamId ? `?team_id=${teamId}` : ""
}`;
},
- LIVE_QUERY: (queryId: number | null, teamId?: number): string => {
- return `${URL_PREFIX}/queries/${queryId || "new"}/live${
- teamId ? `?team_id=${teamId}` : ""
- }`;
+ LIVE_QUERY: (
+ queryId: number | null,
+ teamId?: number,
+ hostId?: number
+ ): string => {
+ const baseUrl = `${URL_PREFIX}/queries/${queryId || "new"}/live`;
+ const queryParams = buildQueryStringFromParams({
+ team_id: teamId,
+ host_id: hostId,
+ });
+ return queryParams ? `${baseUrl}?${queryParams}` : baseUrl;
},
QUERY_DETAILS: (queryId: number, teamId?: number): string => {
return `${URL_PREFIX}/queries/${queryId}${
diff --git a/handbook/company/communications.md b/handbook/company/communications.md
index 271c2e3f19ae..c83524ee6693 100644
--- a/handbook/company/communications.md
+++ b/handbook/company/communications.md
@@ -1359,10 +1359,10 @@ Each heading needs two lines of empty space separating it from the previous sect
```
...previous content.
-
-
+
+
### New heading
-
+
Related content...
```
diff --git a/handbook/company/leadership.md b/handbook/company/leadership.md
index 3b5448f58078..1cad2e84de28 100644
--- a/handbook/company/leadership.md
+++ b/handbook/company/leadership.md
@@ -360,44 +360,16 @@ After receiving the interview packet, the Head of Digital Experience uses the fo
4. **Send offer:** 🐈⬛ CEO reviews and sends the offer to the candidate:
- _Grant the candidate "edit" access_ to their "exit scenarios" spreadsheet.
- _Send_ the email.
+5. **Process the offer response** The Head of Digital Experience will process the offer response by either creating a new ["Teammate pre-onboarding" issue](https://github.com/fleetdm/confidential/issues/new?assignees=&labels=%23g-digital-experience&projects=&template=pre-onboarding.md&title=Pre-onboarding%3A+______________________) and following the steps if the offer is accepted or notifying the stakeholders that the offer was not accepted and we should continue the search.
-#### Steps after an offer is accepted
-Once the new team member replies and accepts their offer in writing, 🌐 Head of Digital Experience follows these steps:
-1. **Verify, track, and reply:** Reply to the candidate:
- - _Verify the candidate replied with their physical address… or else keep asking._ If they did not reply with their physical address, then we are not done. No offer is "accepted" until we've received a physical address.
- - _Review and update the team database_ to be sure everything is accurate, **one last time**. Remember to read the column headers and precisely follow the instructions about how to format the data:
- - The new team member's role in ["🧑🚀 Fleeties"](https://docs.google.com/spreadsheets/d/1OSLn-ZCbGSjPusHPiR5dwQhheH1K8-xqyZdsOe9y7qc/edit#gid=0) now includes:
- - **Start date** _(The new fleetie's first day, YYYY-MM-DD)_
- - **Location** _(Derive this from the physical address)_
- - **GitHub username** _(Username of 2FA-enabled GitHub account)_
- - **@fleetdm.com email** _(Set this to whatever email you think this person should have)_
- - The new team member's row in ["🥧 Equity plan"](https://docs.google.com/spreadsheets/d/1_GJlqnWWIQBiZFOoyl9YbTr72bg5qdSSp4O3kuKm1Jc/edit#gid=0) now includes:
- - **OTE** _("On-target earnings", i.e. anticipated total annual cash compensation)_
- - **Equity** _(Stock options)_
- - **"Notes"** _(Track base salary here, as well as a very short explanation of commission or bonus structure.)_
- - **Physical address** _(The full street address of the location where work will typically be performed.)_
- - **Personal email** _(Use the personal email they're replying from, e.g. `@gmail.com`)_
- - **"Offer accepted?"** _(Set this to `TRUE`)_
- - _[Create a "Hiring" issue](https://github.com/fleetdm/confidential/issues/new/choose)_ for the new team member. (This issue will keep track of the hiring tasks for the new team member.)
- - _Send a reply_ welcoming the team member to Fleet and letting them know to expect a separate email with next steps for getting the team member's laptop, Yubikeys, and agreement going ASAP so they can start on time. For example:
- ```
- \o/ It's official!
-
- Be on the lookout for an email in a separate thread with next steps for quickly signing the paperwork and getting your company laptop and hardware 2FA keys (Yubikeys), which we recommend setting up ASAP.
-
- Thanks, and welcome to the team!
-
- -Sam
- ```
-2. **Ask hiring manager to send rejections:** Post to the `hiring-xxxxx-yyyy` Slack channel to let folks know the offer was accepted, and at-mention the _hiring manager_ to ask them to communicate with [all other interviewees](https://fleetdm.com/handbook/company#empathy) who are still in the running and [let them know that we chose a different person](https://fleetdm.com/handbook/company/leadership#candidate-correspondence-email-templates).
- >_**Note:** Send rejection emails quickly, within 1 business day. It only gets harder if you wait._
-3. **Remove open position:** Ensure the hiring manager removes the newly-filled position from the fleetdm.com website by [making a pull request](https://fleetdm.com/handbook/company/communications#making-a-pull-request) to delete it from the [open-positions.yml](https://github.com/fleetdm/fleet/blob/main/handbook/company/open-positions.yml) file.
-4. **Create 30-60-90 day plan:** 🧑🚀 Hiring manager creates a 30-60-90 day plan outlining key role objectives. The plan is reviewed weekly in 1:1 meetings during the first three months of employment, ensuring continuous support and alignment with company goals. To create the 30-60-90 day plan, hiring manager will:
- - Create a copy of the [30-60-90 day plan template](https://docs.google.com/document/d/1EztmPBuMFXbVoy4ZToXcxasNO38ooOh8Gh5hPXFvJhI/copy) and rename the copied file using the naming convention `[start date] - 30-60-90 day plan - [teammate full name]` and move it to the [30-60-90 day plan folder](https://drive.google.com/drive/u/0/folders/1QWiAbgBFuuofT_3M8oIoBsbEBmubQAj7) in Google Drive.
- - Follow the prompts in the template to fill out the 30-60-90 day plan for the new teammate before they start.
-5. **Close Slack channel:** Then archive and close the channel.
+#### After an offer is accepted
+
+The Head of Digital Experience will then follow the steps in the ["Teammate pre-onboarding"](https://github.com/fleetdm/confidential/issues/new?assignees=&labels=%23g-digital-experience&projects=&template=pre-onboarding.md&title=Pre-onboarding%3A+______________________) issue, which includes reaching out to the new team member within 1 business day from a separate email thread to get additional information as needed, prepare their agreement, add them to the company's payroll system, and get their new laptop and hardware security keys ordered so that everything is ready for them to start on their first day.
+
+
+## Create a 30-60-90 day plan
-Now what happens? 🌐 Head of Digital Experience will then follow the steps in the "Hiring" issue, which includes reaching out to the new team member within 1 business day from a separate email thread to get additional information as needed, prepare their agreement, add them to the company's payroll system, and get their new laptop and hardware security keys ordered so that everything is ready for them to start on their first day.
+The hiring manager creates a 30-60-90 day plan outlining key role objectives to be reviewed in 1:1 meetings during the first three months of employment. To create the 30-60-90 day plan, use the prompts in the "Vision" section of the new teammates [1:1 meeting doc (TEMPLATE)](https://docs.google.com/document/d/1IkGQJ4PPU0MyW35Xo8BuvoUPKpStsmcw_nHWt71W2yE/edit#heading=h.uzxntzlyyaou) to ensure continuous support and alignment with company goals.
## CEO shadow program
@@ -442,7 +414,6 @@ Although it's sad to see someone go, Fleet understands that not everything is me
4. **CEO**: The CEO will make an announcement during the "🌈 Weekly Update" post on Friday in the `#general` channel on Slack.
-<<<<<<< HEAD
## Changing someone's position
From time to time, someone's job title changes. To do this, reach out to [Digital Experience](https://fleetdm.com/handbook/digital-experience).
diff --git a/handbook/company/open-positions.yml b/handbook/company/open-positions.yml
index 36eb7e05dfb1..71bcb2af6b3d 100644
--- a/handbook/company/open-positions.yml
+++ b/handbook/company/open-positions.yml
@@ -9,6 +9,30 @@
# experience: |
# Add markdown content to this field.
################################################
+- jobTitle: 🦢 Product Designer
+ department: Product Design
+ hiringManagerName: Noah Talerman
+ hiringManagerLinkedInUrl: https://www.linkedin.com/in/noah-talerman/
+ hiringManagerGithubUsername: noahtalerman
+ responsibilities: |
+ - ⏫ Engage with product management, engineering, business stakeholders, and customers to understand initiatives.
+ - 📣 Design consistent interactions across the Fleet user experience, including API and CLI.
+ - 🌡️ Drive the refinement process from concept to high-fidelity prototypes.
+ experience: |
+ - 💭 3 - 5 years of experience as a Product Designer.
+ - 💖 Proficient in visual design and wireframing tools (we use Figma).
+ - 🦉 Articulate the problem to be solved and create a compelling narrative around proposed solutions.
+ - 📖 Maintain a design system that enables speed for designers, PMs, and engineers.
+ - 🧑🔬 Develop an understanding of developer-first automation workflows, including API and CLI experiences.
+ - 🧪 Translate user insights into digital experiences that are well-crafted and easy to use.
+ - 🤝 Collaboration: You work best in a participatory, team-based environment.
+ - 🚀 Prototype-first: You embrace speed and failure as we iterate towards the right solution. You have hands-on experience in creating low and high-fidelity prototypes. You’re comfortable accepting suboptimal designs in favor of iteration.
+ - 🧬 Simplicity: You love complex questions and use your work to simplify that complexity for users.
+ - 🟣 Openness: You are flexible and open to new ideas and ways of working.
+ - ✍️ Experience designing CLI experiences for developers or willingness to learn.
+ - ➕ Bonus: YB2B SaaS background
+ - ➕ Bonus: cybersecurity or IT background
+
- jobTitle: 🚀 Software Engineer
department: Engineering
hiringManagerName: Luke Heath
@@ -22,7 +46,7 @@
- 🚀 Actively participate in all engineering scrum meetings, including sprint planning, daily standups, sprint demos, sprint retrospectives, and estimation sessions.
- 🌟 Contribute to the overall success of the [MDM](https://fleetdm.com/handbook/company/product-groups#mdm-group) product group by ensuring users receive valuable new features.
experience: |
- - 💭 3-5 years' of experience in backend/SaaS development.
+ - 💭 3-5 years of experience in backend/SaaS development.
- 🦉 Proficient in backend development. You practice OOP design and are comfortable in a lean software development environment.
- 🦉 Translate requirements into well-designed and functional software.
- 🤝 Communicate regularly with stakeholders, project managers, quality assurance teams, and other developers regarding progress on long-term technology roadmap.
@@ -36,35 +60,4 @@
- 🛠️ Technical: You understand the software development processes. You understand that software quality matters.
- 🟣 Openness: You are flexible and open to new ideas and ways of working.
- ➕ Bonus: Cybersecurity or IT background.
-
-- jobTitle: 🐋 Account Executive
- department: Customers
- hiringManagerName: Alex Mitchell
- hiringManagerLinkedInUrl: https://www.linkedin.com/in/alexandercmitchell/
- hiringManagerGithubUsername: alexmitchelliii
- responsibilities: |
- - 🎯 Direct and participate in prospecting target companies, identifying key decision makers and influencers, leading when assigned/necessary/appropriate.
- - 📈 Use available data to identify opportunities and trends with individual prospects.
- - 📣 Actively promote FleetDM product and services on social media.
- - 🖥️ Actively present and demonstrate the value of FleetDM products and services and upgrades targeting customer expansion opportunities.
- - ❔ Appropriately use and follow MEDDPPICC process to qualify and progress opportunities to best help prospects solve problems.
- - 🤔 Anticipate market trends and identify new opportunities for growth.
- - 🕴️ Utilize systems and tools such as salesforce to analyze pipeline and opportunity data and keep all information up to date for leadership reporting.
- - 🚀 Work collaboratively with the product management, customer support, and engineering teams to facilitate feature development based on customer asks.
- - 🧑💻 Collaborate with the marketing team to plan, execute and track impactful marketing campaigns, in order to meet and/or exceed quarterly pipeline and revenue targets.
- - 🤝 Work with prospects to find win-win commercial agreements.
- experience: |
- - 🦉 5+ years experience selling to enterprise customers.
- - 📣 Have excellent communication and interpersonal skills.
- - 🧑💻 Love technology and can explain how things work in detail.
- - 🧪 Extensive experience with Slack, Salesforce, Google Suite, and GitHub.
- - ⏩ Thrive in a complex, fast-paced, results driven environment with the ability to pivot to organizational changes easily.
- - 🤝 Decisive with the ability to shift gears between thinking and doing.
- - 📈 Ability to partner with various teams and stakeholders to drive sales.
- - 👀 Strong understanding of the enterprise procurement process.
- - ➕ Bonus: Direct experience with Fleet, MDM, osquery or SQL query writing, and working with Client Platform Engineering, SRE, or Security Engineering teams.
- - 💭 You know how to manage complex sales, difficult escalations, and challenging procurement processes with the utmost care and organization.
- - 💖 You know how to manage your time and priorities between leads, opportunities other day-to-day responsibilities.
- - ✍ You have the ability to effectively influence key stakeholders, from senior executives to day-to-day engineering contacts, and discuss Fleet's value with them.
- - 🧬 You care about delivering an outstanding customer experience and advocating for the customer's needs within Fleet.
- - ➕ Bonus: You are comfortable with concepts like DevOps/GitOps, APIs, and security.
+
diff --git a/handbook/company/pricing-features-table.yml b/handbook/company/pricing-features-table.yml
index c8b17d8ce36d..13e19b938880 100644
--- a/handbook/company/pricing-features-table.yml
+++ b/handbook/company/pricing-features-table.yml
@@ -214,8 +214,8 @@
# ║ ╠╦╝║ ║╚═╗╚═╗───╠═╝║ ╠═╣ ║ ╠╣ ║ ║╠╦╝║║║ ║║║ ║║║║║ ╚═╗║ ║╠═╝╠═╝║ ║╠╦╝ ║
# ╚═╝╩╚═╚═╝╚═╝╚═╝ ╩ ╩═╝╩ ╩ ╩ ╚ ╚═╝╩╚═╩ ╩ ╩ ╩═╩╝╩ ╩ ╚═╝╚═╝╩ ╩ ╚═╝╩╚═ ╩
- industryName: Cross-platform MDM support
- description: macOS, Windows, and Linux.
- documentationUrl: https://fleetdm.com/announcements/fleet-introduces-windows-mdm
+ description: Apple, Windows, and Linux.
+ documentationUrl: https://fleetdm.com/announcements/debunk-the-cross-platform-myth
tier: Premium
jamfProHasFeature: appleOnly
jamfProtectHasFeature: no
@@ -269,7 +269,7 @@
productCategories: [Device management]
pricingTableCategories: [Devices]
waysToUse:
- - description: Support ACME as a protocol for MDM certificate generation. Coming soon (2024-12-31) #customer-rosner
+ - description: Support ACME as a protocol for MDM certificate generation. Coming soon (2025-03-31) #customer-rosner
moreInfoUrl: https://github.com/fleetdm/fleet/issues/15611
#
# ╦ ╦╔═╗╔═╗╦═╗ ╔═╗╔═╗╔═╗╔═╗╦ ╦╔╗╔╔╦╗ ╔═╗╦ ╦╔╗╔╔═╗
diff --git a/handbook/digital-experience/README.md b/handbook/digital-experience/README.md
index 1fec6328ca71..34f77f2b9fe3 100644
--- a/handbook/digital-experience/README.md
+++ b/handbook/digital-experience/README.md
@@ -450,7 +450,11 @@ Here are the steps we take to grant appropriate Salesforce licenses to a new hir
- Sign DocuSign sent to the email.
- The order will be processed in ~30m.
- Once the basic license has been added, you can create a new user using the new team member's `@fleetdm.com` email and assign a license to it.
-- To also assign a user an "Inbox license", go to the ["Setup" page](https://fleetdm.lightning.force.com/lightning/setup/SetupOneHome/home) and select "User > Permission sets". Find the [inbox permission set](https://fleetdm.lightning.force.com/lightning/setup/PermSets/page?address=%2F005%3Fid%3D0PS4x000002uUn2%26isUserEntityOverride%3D1%26SetupNode%3DPermSets%26sfdcIFrameOrigin%3Dhttps%253A%252F%252Ffleetdm.lightning.force.com%26clc%3D1) and assign it to the new team member.
+ - To enable email sync for a user:
+ - Navigate to the [user’s record](https://fleetdm.lightning.force.com/lightning/setup/ManageUsers/home) and scroll to the bottom of the permission set section.
+ - Add the “Inbox with Einstein Activity Capture” permission set and save.
+ - Navigate to the ["Einstein Activity Capture Settings"](https://fleetdm.lightning.force.com/lightning/setup/ActivitySyncEngineSettingsMain/home) and click the "Configurations" tab.
+ - Select "Edit", under "User and Profile Assignments" move the new user's name from "Available" to "Selected", scroll all the way down and click save.
### Change the "Integrations admin" Salesforce account password
diff --git a/handbook/engineering/README.md b/handbook/engineering/README.md
index 13f3d21c15c9..388a5c87243b 100644
--- a/handbook/engineering/README.md
+++ b/handbook/engineering/README.md
@@ -538,13 +538,25 @@ Upon receiving any device, follow these steps to process incoming equipment.
Once the Digital Experience department approves inventory to be shipped from Fleet IT, follow these step to ship the equipment.
1. Compare the equipment request issue with the ["Company equipment" spreadsheet](https://docs.google.com/spreadsheets/d/1hFlymLlRWIaWeVh14IRz03yE-ytBLfUaqVz0VVmmoGI/edit#gid=0) and verify physical inventory.
2. Plug in the device and ensure inventory has been correctly processed and all components are present (e.g. charger cord, power converter).
-3. package equipment for shipment and include Yubikeys (if requested).
+3. Package equipment for shipment and include Yubikeys (if requested).
4. Change the "Company equipment" spreadsheet to reflect the new user.
- If you encounter any issues, repeat the [process incoming equipment steps](https://fleetdm.com/handbook/engineering#process-incoming-equipment). If problems persist, create a ["💻 IT support issue](https://github.com/fleetdm/confidential/issues/new?assignees=%40spokanemac&labels=%3Ahelp-it&projects=&template=request-it-support.md&title=%F0%9F%92%BB+Request+IT+support) for IT to troubleshoot the device.
6. Ship via FedEx to the address listed in the equipment request.
7. Add a comment to the equipment request issue, at-mentioning the requestor with the FedEx tracking info and close the issue.
+### Provide 0-day support for major version macOS releases
+
+Beginning with macOS 16, Fleet will offer 0-day support for all major version macOS releases.
+
+1. Install major version macOS beta release on test devices.
+2. Create a new [QA release issue](https://github.com/fleetdm/fleet/issues/new?assignees=xpkoala%2Cpezhub&labels=%23g-mdm%2C%23g-endpoint-ops%2C%3Arelease&projects=&template=release-qa.md&title=Release+QA%3A+macOS+16) with the new major version in the issue title.
+3. Complete all manual smoke tests in the issue and confirm they are passing.
+4. Confirm all automated tests are passing.
+5. [File bugs](https://github.com/fleetdm/fleet/issues/new?assignees=&labels=P1%2Cbug%2C%3Areproduce%2C%3Aincoming&projects=&template=bug-report.md&title=) with a `P1` label and assign to the appropriate [product group](https://fleetdm.com/handbook/company/product-groups#current-product-groups).
+6. When all bugs are fixed, follow the [writing a feature guide](https://fleetdm.com/handbook/engineering#write-a-feature-guide) process to publish an article announcing Fleet 0-day support for the new major release.
+
+
## Rituals
[Zach Wasserman](https://www.linkedin.com/in/zacharywasserman/) _([@zwass](https://github.com/zwass))_
[Allen Houchins](https://www.linkedin.com/in/allenhouchins/) _([@allenhouchins](https://github.com/allenhouchins))_
[Harrison Ravazzolo](https://www.linkedin.com/in/harrison-ravazzolo/) _([@harrisonravazzolo](https://github.com/harrisonravazzolo))_ | Channel Sales | [Tom Ostertag](https://www.linkedin.com/in/tom-ostertag-77212791/) _([@tomostertag](https://github.com/TomOstertag))_ -| Account Executive (AE) | [Patricia Ambrus](https://www.linkedin.com/in/pambrus/) _([@ambrusps](https://github.com/ambrusps))_
[Anthony Snyder](https://www.linkedin.com/in/anthonysnyder8/) _([@anthonysnyder8](https://github.com/AnthonySnyder8))_
[Paul Tardif](https://www.linkedin.com/in/paul-t-750833/) _([@phtardif1](https://github.com/phtardif1))_ +| Account Executive (AE) | [Patricia Ambrus](https://www.linkedin.com/in/pambrus/) _([@ambrusps](https://github.com/ambrusps))_
[Anthony Snyder](https://www.linkedin.com/in/anthonysnyder8/) _([@anthonysnyder8](https://github.com/AnthonySnyder8))_
[Paul Tardif](https://www.linkedin.com/in/paul-t-750833/) _([@phtardif1](https://github.com/phtardif1))_
[Kendra McKeever](https://www.linkedin.com/in/kendramckeever/) _([@KendraAtFleet](https://github.com/KendraAtFleet))_ ## Contact us diff --git a/infrastructure/dogfood/terraform/aws/variables.tf b/infrastructure/dogfood/terraform/aws/variables.tf index db7a79e5e140..2020de2f8306 100644 --- a/infrastructure/dogfood/terraform/aws/variables.tf +++ b/infrastructure/dogfood/terraform/aws/variables.tf @@ -56,7 +56,7 @@ variable "database_name" { variable "fleet_image" { description = "the name of the container image to run" - default = "fleetdm/fleet:v4.56.0" + default = "fleetdm/fleet:v4.57.0" } variable "software_inventory" { diff --git a/infrastructure/dogfood/terraform/gcp/variables.tf b/infrastructure/dogfood/terraform/gcp/variables.tf index ba81f4af537b..906a58c153f8 100644 --- a/infrastructure/dogfood/terraform/gcp/variables.tf +++ b/infrastructure/dogfood/terraform/gcp/variables.tf @@ -68,7 +68,7 @@ variable "redis_mem" { } variable "image" { - default = "fleetdm/fleet:v4.56.0" + default = "fleetdm/fleet:v4.57.0" } variable "software_installers_bucket_name" { diff --git a/infrastructure/loadtesting/terraform/ecs.tf b/infrastructure/loadtesting/terraform/ecs.tf index cce392657a78..2327c2787b78 100644 --- a/infrastructure/loadtesting/terraform/ecs.tf +++ b/infrastructure/loadtesting/terraform/ecs.tf @@ -203,7 +203,11 @@ resource "aws_ecs_task_definition" "backend" { { name = "FLEET_OSQUERY_ASYNC_HOST_REDIS_SCAN_KEYS_COUNT" value = "10000" - } + }, + { + name = "FLEET_S3_SOFTWARE_INSTALLERS_BUCKET" + value = aws_s3_bucket.software_installers.bucket + }, ], local.additional_env_vars) } ]) @@ -329,18 +333,18 @@ resource "aws_appautoscaling_policy" "ecs_policy_cpu" { resource "random_password" "fleet_server_private_key" { length = 32 special = true -} - -resource "aws_secretsmanager_secret" "fleet_server_private_key" { +} + +resource "aws_secretsmanager_secret" "fleet_server_private_key" { name = "${terraform.workspace}-fleet-server-private-key" recovery_window_in_days = "0" lifecycle { create_before_destroy = true } -} - +} + resource "aws_secretsmanager_secret_version" "fleet_server_private_key" { secret_id = aws_secretsmanager_secret.fleet_server_private_key.id secret_string = random_password.fleet_server_private_key.result -} +} diff --git a/infrastructure/loadtesting/terraform/rds.tf b/infrastructure/loadtesting/terraform/rds.tf index 87dea8134898..b70d4de1cfca 100644 --- a/infrastructure/loadtesting/terraform/rds.tf +++ b/infrastructure/loadtesting/terraform/rds.tf @@ -26,10 +26,10 @@ module "aurora_mysql" { #tfsec:ignore:aws-rds-enable-performance-insights-encryp source = "terraform-aws-modules/rds-aurora/aws" version = "7.7.1" - name = "${local.name}-mysql" - engine = "aurora-mysql" - engine_version = "8.0.mysql_aurora.3.05.2" - instance_class = var.db_instance_type + name = "${local.name}-mysql" + engine = "aurora-mysql" + engine_version = "8.0.mysql_aurora.3.05.2" + instance_class = var.db_instance_type instances = { one = {} diff --git a/infrastructure/loadtesting/terraform/s3.tf b/infrastructure/loadtesting/terraform/s3.tf new file mode 100644 index 000000000000..ca15b37dba49 --- /dev/null +++ b/infrastructure/loadtesting/terraform/s3.tf @@ -0,0 +1,46 @@ +data "aws_iam_policy_document" "software_installers" { + statement { + actions = [ + "s3:GetObject*", + "s3:PutObject*", + "s3:ListBucket*", + "s3:ListMultipartUploadParts*", + "s3:DeleteObject", + "s3:CreateMultipartUpload", + "s3:AbortMultipartUpload", + "s3:ListMultipartUploadParts", + "s3:GetBucketLocation" + ] + resources = [aws_s3_bucket.software_installers.arn, "${aws_s3_bucket.software_installers.arn}/*"] + } +} + +resource "aws_iam_policy" "software_installers" { + policy = data.aws_iam_policy_document.software_installers.json +} + +resource "aws_iam_role_policy_attachment" "software_installers" { + policy_arn = aws_iam_policy.software_installers.arn + role = aws_iam_role.main.name +} + +resource "aws_s3_bucket" "software_installers" { #tfsec:ignore:aws-s3-encryption-customer-key:exp:2022-07-01 #tfsec:ignore:aws-s3-enable-versioning #tfsec:ignore:aws-s3-enable-bucket-logging:exp:2022-06-15 + bucket_prefix = terraform.workspace +} + +resource "aws_s3_bucket_server_side_encryption_configuration" "software_installers" { + bucket = aws_s3_bucket.software_installers.bucket + rule { + apply_server_side_encryption_by_default { + sse_algorithm = "aws:kms" + } + } +} + +resource "aws_s3_bucket_public_access_block" "software_installers" { + bucket = aws_s3_bucket.software_installers.id + block_public_acls = true + block_public_policy = true + ignore_public_acls = true + restrict_public_buckets = true +} diff --git a/it-and-security/default.yml b/it-and-security/default.yml index 52baadb564d1..9b60ffb92cd7 100644 --- a/it-and-security/default.yml +++ b/it-and-security/default.yml @@ -1,27 +1,5 @@ agent_options: path: ./lib/agent-options.yml -controls: - enable_disk_encryption: true - macos_migration: - enable: true - mode: voluntary - webhook_url: $DOGFOOD_MACOS_MIGRATION_WEBHOOK_URL - macos_settings: - custom_settings: null - macos_setup: - bootstrap_package: "" - enable_end_user_authentication: false - macos_setup_assistant: null - macos_updates: - deadline: "2023-06-13" - minimum_version: 13.4.1 - windows_enabled_and_configured: true - windows_settings: - custom_settings: [] - windows_updates: - deadline_days: 3 - grace_period_days: 2 - scripts: [] org_settings: features: enable_host_users: true @@ -90,4 +68,3 @@ org_settings: policies: queries: - path: ./lib/collect-fleetd-update-channels.queries.yml -software: diff --git a/it-and-security/lib/configuration-profiles/macos-ensure-show-status-bar-is-enabled.mobileconfig b/it-and-security/lib/configuration-profiles/macos-ensure-show-status-bar-is-enabled.mobileconfig new file mode 100644 index 000000000000..393f4ffbb544 --- /dev/null +++ b/it-and-security/lib/configuration-profiles/macos-ensure-show-status-bar-is-enabled.mobileconfig @@ -0,0 +1,37 @@ + + +
+
+ PayloadContent
+
+
+ PayloadDisplayName
+ Ensure Show Status Bar Is Enabled
+ PayloadType
+ com.apple.Safari
+ PayloadIdentifier
+ com.fleetdm.cis-ensure-show-status-bar-is-enabled
+ PayloadUUID
+ 708B39DB-E2B7-405C-A523-88F3DDC8DFFC
+ ShowOverlayStatusBar
+
+
+ PayloadDescription
+ Ensure Show Status Bar Is Enabled
+ PayloadDisplayName
+ Ensure Show Status Bar Is Enabled
+ PayloadIdentifier
+ com.fleetdm.cis-ensure-show-status-bar-is-enabled
+ PayloadRemovalDisallowed
+ PayloadScope
+ System
+ PayloadType
+ Configuration
+ PayloadUUID
+ 00FB5D02-8044-4E6F-884C-D73E7A32A2E7
+ PayloadVersion
+ 1
+
+
diff --git a/it-and-security/lib/explore-data.queries.yml b/it-and-security/lib/explore-data.queries.yml
deleted file mode 100644
index deb070644dc7..000000000000
--- a/it-and-security/lib/explore-data.queries.yml
+++ /dev/null
@@ -1,3210 +0,0 @@
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - account_policy_data'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM account_policy_data;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - ad_config'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM ad_config;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - alf'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM alf;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - alf_exceptions'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM alf_exceptions;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - alf_explicit_auths'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM alf_explicit_auths;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - apfs_physical_stores'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM apfs_physical_stores;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - apfs_volumes'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM apfs_volumes;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - app_icons'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM app_icons;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - app_schemes'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM app_schemes;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - apparmor_events'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM apparmor_events;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - apparmor_profiles'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM apparmor_profiles;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - appcompat_shims'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM appcompat_shims;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - apps'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM apps;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - apt_sources'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM apt_sources;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - arp_cache'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM arp_cache;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - asl'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM asl;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - atom_packages'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM atom_packages;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - augeas'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM augeas;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - authdb'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM authdb;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - authenticode'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM authenticode;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - authorization_mechanisms'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM authorization_mechanisms;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - authorizations'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM authorizations;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - authorized_keys'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM authorized_keys;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - autoexec'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM autoexec;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - azure_instance_metadata'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM azure_instance_metadata;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - azure_instance_tags'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM azure_instance_tags;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - background_activities_moderator'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM background_activities_moderator;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - battery'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM battery;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - bitlocker_info'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM bitlocker_info;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - block_devices'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM block_devices;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - bpf_process_events'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM bpf_process_events;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - bpf_socket_events'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM bpf_socket_events;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - carbon_black_info'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM carbon_black_info;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - carves'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM carves;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - certificates'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM certificates;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - chassis_info'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM chassis_info;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - chocolatey_packages'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM chocolatey_packages;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - chrome_extension_content_scripts'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM chrome_extension_content_scripts;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - chrome_extensions'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM chrome_extensions;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - cis_audit'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM cis_audit;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - connected_displays'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM connected_displays;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - connectivity'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM connectivity;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - corestorage_logical_volume_families'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM corestorage_logical_volume_families;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - corestorage_logical_volumes'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM corestorage_logical_volumes;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - cpu_info'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM cpu_info;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - cpu_time'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM cpu_time;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - cpuid'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM cpuid;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - crashes'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM crashes;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - crontab'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM crontab;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - cryptoinfo'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM cryptoinfo;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - cryptsetup_status'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM cryptsetup_status;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - csrutil_info'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM csrutil_info;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - cups_destinations'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM cups_destinations;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - cups_jobs'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM cups_jobs;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - curl'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM curl;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - curl_certificate'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM curl_certificate;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - deb_packages'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM deb_packages;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - default_environment'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM default_environment;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - device_file'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM device_file;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - device_firmware'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM device_firmware;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - device_hash'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM device_hash;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - device_partitions'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM device_partitions;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - disk_encryption'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM disk_encryption;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - disk_events'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM disk_events;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - disk_info'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM disk_info;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - dns_cache'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM dns_cache;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - dns_resolvers'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM dns_resolvers;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - docker_container_envs'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM docker_container_envs;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - docker_container_fs_changes'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM docker_container_fs_changes;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - docker_container_labels'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM docker_container_labels;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - docker_container_mounts'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM docker_container_mounts;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - docker_container_networks'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM docker_container_networks;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - docker_container_ports'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM docker_container_ports;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - docker_container_processes'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM docker_container_processes;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - docker_container_stats'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM docker_container_stats;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - docker_containers'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM docker_containers;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - docker_image_history'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM docker_image_history;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - docker_image_labels'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM docker_image_labels;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - docker_image_layers'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM docker_image_layers;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - docker_images'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM docker_images;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - docker_info'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM docker_info;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - docker_network_labels'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM docker_network_labels;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - docker_networks'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM docker_networks;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - docker_version'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM docker_version;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - docker_volume_labels'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM docker_volume_labels;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - docker_volumes'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM docker_volumes;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - drivers'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM drivers;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - dscl'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM dscl;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - ec2_instance_metadata'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM ec2_instance_metadata;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - ec2_instance_tags'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM ec2_instance_tags;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - es_process_events'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM es_process_events;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - es_process_file_events'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM es_process_file_events;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - etc_hosts'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM etc_hosts;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - etc_protocols'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM etc_protocols;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - etc_services'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM etc_services;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - event_taps'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM event_taps;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - extended_attributes'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM extended_attributes;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - falcon_kernel_check'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM falcon_kernel_check;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - falconctl_options'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM falconctl_options;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - fan_speed_sensors'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM fan_speed_sensors;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - file'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM file;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - file_events'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM file_events;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - file_lines'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM file_lines;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - filevault_prk'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM filevault_prk;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - filevault_status'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM filevault_status;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - filevault_users'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM filevault_users;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - find_cmd'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM find_cmd;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - firefox_addons'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM firefox_addons;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - firefox_preferences'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM firefox_preferences;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - firmware_eficheck_integrity_check'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM firmware_eficheck_integrity_check;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - firmwarepasswd'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM firmwarepasswd;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - gatekeeper'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM gatekeeper;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - gatekeeper_approved_apps'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM gatekeeper_approved_apps;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - geolocation'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM geolocation;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - google_chrome_profiles'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM google_chrome_profiles;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - groups'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM groups;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - hardware_events'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM hardware_events;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - hash'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM hash;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - homebrew_packages'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM homebrew_packages;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - hvci_status'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM hvci_status;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - ibridge_info'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM ibridge_info;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - icloud_private_relay'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM icloud_private_relay;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - ie_extensions'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM ie_extensions;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - intel_me_info'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM intel_me_info;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - interface_addresses'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM interface_addresses;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - interface_details'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM interface_details;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - interface_ipv6'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM interface_ipv6;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - iokit_devicetree'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM iokit_devicetree;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - iokit_registry'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM iokit_registry;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - ioreg'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM ioreg;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - kernel_extensions'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM kernel_extensions;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - kernel_info'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM kernel_info;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - kernel_keys'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM kernel_keys;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - kernel_modules'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM kernel_modules;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - kernel_panics'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM kernel_panics;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - keychain_acls'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM keychain_acls;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - keychain_items'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM keychain_items;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - known_hosts'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM known_hosts;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - kva_speculative_info'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM kva_speculative_info;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - last'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM last;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - launchd'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM launchd;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - launchd_overrides'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM launchd_overrides;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - listening_ports'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM listening_ports;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - load_average'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM load_average;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - location_services'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM location_services;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - logged_in_users'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM logged_in_users;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - logical_drives'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM logical_drives;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - logon_sessions'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM logon_sessions;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - lxd_certificates'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM lxd_certificates;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - lxd_cluster'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM lxd_cluster;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - lxd_cluster_members'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM lxd_cluster_members;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - lxd_images'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM lxd_images;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - lxd_instance_config'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM lxd_instance_config;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - lxd_instance_devices'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM lxd_instance_devices;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - lxd_instances'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM lxd_instances;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - lxd_networks'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM lxd_networks;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - lxd_storage_pools'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM lxd_storage_pools;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - macadmins_unified_log'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM macadmins_unified_log;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - macos_profiles'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM macos_profiles;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - macos_rsr'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM macos_rsr;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - magic'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM magic;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - managed_policies'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM managed_policies;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - md_devices'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM md_devices;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - md_drives'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM md_drives;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - md_personalities'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM md_personalities;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - mdfind'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM mdfind;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - mdls'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM mdls;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - mdm'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM mdm;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - mdm_bridge'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM mdm_bridge;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - memory_array_mapped_addresses'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM memory_array_mapped_addresses;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - memory_arrays'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM memory_arrays;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - memory_device_mapped_addresses'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM memory_device_mapped_addresses;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - memory_devices'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM memory_devices;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - memory_error_info'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM memory_error_info;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - memory_info'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM memory_info;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - memory_map'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM memory_map;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - mounts'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM mounts;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - msr'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM msr;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - munki_info'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM munki_info;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - munki_installs'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM munki_installs;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - network_interfaces'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM network_interfaces;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - nfs_shares'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM nfs_shares;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - npm_packages'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM npm_packages;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - ntdomains'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM ntdomains;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - ntfs_acl_permissions'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM ntfs_acl_permissions;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - ntfs_journal_events'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM ntfs_journal_events;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - nvram'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM nvram;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - nvram_info'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM nvram_info;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - oem_strings'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM oem_strings;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - office_mru'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM office_mru;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - orbit_info'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM orbit_info;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - os_version'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM os_version;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - osquery_events'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM osquery_events;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - osquery_extensions'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM osquery_extensions;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - osquery_flags'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM osquery_flags;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - osquery_info'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM osquery_info;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - osquery_packs'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM osquery_packs;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - osquery_registry'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM osquery_registry;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - osquery_schedule'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM osquery_schedule;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - package_bom'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM package_bom;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - package_install_history'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM package_install_history;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - package_receipts'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM package_receipts;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - password_policy'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM password_policy;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - patches'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM patches;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - pci_devices'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM pci_devices;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - physical_disk_performance'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM physical_disk_performance;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - pipes'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM pipes;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - platform_info'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM platform_info;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - plist'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM plist;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - pmset'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM pmset;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - portage_keywords'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM portage_keywords;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - portage_packages'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM portage_packages;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - portage_use'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM portage_use;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - power_sensors'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM power_sensors;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - powershell_events'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM powershell_events;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - preferences'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM preferences;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - prefetch'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM prefetch;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - privacy_preferences'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM privacy_preferences;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - process_envs'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM process_envs;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - process_etw_events'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM process_etw_events;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - process_events'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM process_events;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - process_file_events'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM process_file_events;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - process_memory_map'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM process_memory_map;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - process_namespaces'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM process_namespaces;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - process_open_files'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM process_open_files;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - process_open_pipes'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM process_open_pipes;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - process_open_sockets'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM process_open_sockets;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - processes'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM processes;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - programs'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM programs;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - prometheus_metrics'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM prometheus_metrics;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - puppet_info'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM puppet_info;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - puppet_logs'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM puppet_logs;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - puppet_state'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM puppet_state;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - pwd_policy'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM pwd_policy;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - python_packages'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM python_packages;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - quicklook_cache'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM quicklook_cache;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - registry'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM registry;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - routes'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM routes;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - rpm_package_files'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM rpm_package_files;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - rpm_packages'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM rpm_packages;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - running_apps'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM running_apps;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - safari_extensions'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM safari_extensions;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - sandboxes'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM sandboxes;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - scheduled_tasks'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM scheduled_tasks;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - screenlock'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM screenlock;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - seccomp_events'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM seccomp_events;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - secureboot'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM secureboot;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - security_profile_info'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM security_profile_info;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - selinux_events'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM selinux_events;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - selinux_settings'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM selinux_settings;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - services'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM services;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - shadow'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM shadow;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - shared_folders'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM shared_folders;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - shared_memory'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM shared_memory;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - shared_resources'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM shared_resources;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - sharing_preferences'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM sharing_preferences;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - shell_history'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM shell_history;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - shellbags'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM shellbags;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - shimcache'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM shimcache;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - signature'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM signature;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - sip_config'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM sip_config;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - smbios_tables'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM smbios_tables;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - smc_keys'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM smc_keys;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - sntp_request'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM sntp_request;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - socket_events'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM socket_events;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - software_update'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM software_update;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - ssh_configs'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM ssh_configs;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - startup_items'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM startup_items;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - sudo_info'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM sudo_info;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - sudoers'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM sudoers;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - suid_bin'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM suid_bin;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - syslog_events'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM syslog_events;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - system_controls'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM system_controls;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - system_extensions'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM system_extensions;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - system_info'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM system_info;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - system_state'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM system_state;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - systemd_units'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM systemd_units;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - temperature_sensors'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM temperature_sensors;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - time'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM time;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - time_machine_backups'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM time_machine_backups;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - time_machine_destinations'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM time_machine_destinations;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - tpm_info'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM tpm_info;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - ulimit_info'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM ulimit_info;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - unified_log'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM unified_log;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - uptime'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM uptime;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - usb_devices'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM usb_devices;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - user_events'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM user_events;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - user_groups'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM user_groups;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - user_interaction_events'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM user_interaction_events;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - user_login_settings'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM user_login_settings;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - user_ssh_keys'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM user_ssh_keys;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - userassist'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM userassist;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - users'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM users;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - video_info'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM video_info;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - virtual_memory_info'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM virtual_memory_info;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - wifi_networks'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM wifi_networks;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - wifi_status'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM wifi_status;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - wifi_survey'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM wifi_survey;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - winbaseobj'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM winbaseobj;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - windows_crashes'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM windows_crashes;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - windows_eventlog'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM windows_eventlog;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - windows_events'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM windows_events;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - windows_firewall_rules'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM windows_firewall_rules;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - windows_optional_features'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM windows_optional_features;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - windows_search'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM windows_search;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - windows_security_center'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM windows_security_center;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - windows_security_products'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM windows_security_products;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - windows_update_history'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM windows_update_history;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - windows_updates'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM windows_updates;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - wmi_bios_info'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM wmi_bios_info;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - wmi_cli_event_consumers'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM wmi_cli_event_consumers;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - wmi_event_filters'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM wmi_event_filters;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - wmi_filter_consumer_binding'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM wmi_filter_consumer_binding;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - wmi_script_event_consumers'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM wmi_script_event_consumers;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - xprotect_entries'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM xprotect_entries;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - xprotect_meta'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM xprotect_meta;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - xprotect_reports'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM xprotect_reports;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - yara'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM yara;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - yara_events'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM yara_events;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - ycloud_instance_metadata'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM ycloud_instance_metadata;
-- automations_enabled: true
- description: ""
- discard_data: false
- interval: 3600
- logging: snapshot
- min_osquery_version: ""
- name: '[Explore data] - yum_sources'
- observer_can_run: false
- platform: ""
- query: SELECT * FROM yum_sources;
diff --git a/it-and-security/teams/explore-data.yml b/it-and-security/teams/explore-data.yml
deleted file mode 100644
index eecc64965d06..000000000000
--- a/it-and-security/teams/explore-data.yml
+++ /dev/null
@@ -1,44 +0,0 @@
-name: "Explore data (fleetdm.com)"
-team_settings:
- features:
- enable_host_users: true
- enable_software_inventory: true
- host_expiry_settings:
- host_expiry_enabled: false
- host_expiry_window: 0
- secrets:
- - secret: $DOGFOOD_EXPLORE_DATA_ENROLL_SECRET
-agent_options:
- config:
- decorators:
- load:
- - SELECT uuid AS host_uuid FROM system_info;
- - SELECT hostname AS hostname FROM system_info;
- options:
- disable_distributed: false
- distributed_interval: 5
- distributed_plugin: tls
- distributed_tls_max_attempts: 3
- logger_tls_endpoint: /api/v1/osquery/log
- pack_delimiter: /
-controls:
- enable_disk_encryption: false
- macos_settings:
- custom_settings:
- macos_setup:
- bootstrap_package: null
- enable_end_user_authentication: false
- macos_setup_assistant: null
- macos_updates:
- deadline: null
- minimum_version: null
- windows_settings:
- custom_settings: null
- windows_updates:
- deadline_days: null
- grace_period_days: null
- scripts:
-policies:
-queries:
- - path: ../lib/explore-data.queries.yml
-software:
diff --git a/it-and-security/teams/no-team.yml b/it-and-security/teams/no-team.yml
new file mode 100644
index 000000000000..ef6baf9e40fb
--- /dev/null
+++ b/it-and-security/teams/no-team.yml
@@ -0,0 +1,25 @@
+name: No team
+policies:
+controls:
+ enable_disk_encryption: true
+ macos_migration:
+ enable: true
+ mode: voluntary
+ webhook_url: $DOGFOOD_MACOS_MIGRATION_WEBHOOK_URL
+ macos_settings:
+ custom_settings: null
+ macos_setup:
+ bootstrap_package: ""
+ enable_end_user_authentication: false
+ macos_setup_assistant: null
+ macos_updates:
+ deadline: "2023-06-13"
+ minimum_version: 13.4.1
+ windows_enabled_and_configured: true
+ windows_settings:
+ custom_settings: []
+ windows_updates:
+ deadline_days: 3
+ grace_period_days: 2
+ scripts: []
+software:
diff --git a/it-and-security/teams/workstations-canary.yml b/it-and-security/teams/workstations-canary.yml
index 80ce1ee02ba1..1d7ea397107c 100644
--- a/it-and-security/teams/workstations-canary.yml
+++ b/it-and-security/teams/workstations-canary.yml
@@ -87,6 +87,7 @@ controls:
- path: ../lib/configuration-profiles/macos-secure-terminal-keyboard.mobileconfig
- path: ../lib/configuration-profiles/macos-disable-update-notifications.mobileconfig
- path: ../lib/configuration-profiles/passcode-settings-ddm.json
+ - path: ../lib/configuration-profiles/macos-ensure-show-status-bar-is-enabled.mobileconfig
macos_setup:
bootstrap_package: ""
enable_end_user_authentication: true
@@ -137,6 +138,20 @@ policies:
resolution: We will perform system maintenance on your device.
platform: darwin
calendar_events_enabled: true
+ - name: macOS - Upgrade Firefox
+ query: SELECT 1 FROM apps WHERE name = 'Firefox.app' AND version_compare(bundle_short_version, '130.0.1') >= 0;
+ critical: false
+ description: The host may have an outdated or non-existent version of Firefox, potentially risking security vulnerabilities or compatibility issues.
+ resolution: During maintenance, the Firefox app could be updated to the correct version or installed if it's missing.
+ platform: darwin
+ calendar_events_enabled: false
+ - name: macOS - Upgrade Slack
+ query: SELECT 1 FROM apps WHERE name = 'Slack.app' AND version_compare(bundle_short_version, '4.40.126') >= 0;
+ critical: false
+ description: The host may be running an outdated version of Slack, which could pose security vulnerabilities or compatibility issues.
+ resolution: The host's Slack application will likely be updated to a version that is greater than or equal to '4.40.126'.
+ platform: darwin
+ calendar_events_enabled: false
queries:
- path: ../lib/collect-failed-login-attempts.queries.yml
- path: ../lib/collect-fleetd-information.yml
diff --git a/orbit/CHANGELOG.md b/orbit/CHANGELOG.md
index 1d11365182eb..fa9efe36efeb 100644
--- a/orbit/CHANGELOG.md
+++ b/orbit/CHANGELOG.md
@@ -1,3 +1,9 @@
+## Orbit 1.33.0 (Sep 20, 2024)
+
+* Added support to run the configured uninstall script when installer's post-install script fails.
+
+* Updated Go to go1.23.1
+
## Orbit 1.32.0 (Aug 29, 2024)
* Bumped macadmins extension to use SOFA feed sofafeed.macadmins.io
diff --git a/orbit/TUF.md b/orbit/TUF.md
index 727e5f34b60d..c022aa4a6527 100644
--- a/orbit/TUF.md
+++ b/orbit/TUF.md
@@ -7,8 +7,8 @@ Following are the currently deployed versions of fleetd components on the `stabl
| Component\OS | macOS | Linux | Windows | Linux (arm64) |
|--------------|--------------|--------|---------|---------------|
-| orbit | 1.32.0 | 1.32.0 | 1.32.0 | 1.32.0 |
-| desktop | 1.32.0 | 1.32.0 | 1.32.0 | 1.32.0 |
+| orbit | 1.33.0 | 1.33.0 | 1.33.0 | 1.33.0 |
+| desktop | 1.33.0 | 1.33.0 | 1.33.0 | 1.33.0 |
| osqueryd | 5.13.1 | 5.13.1 | 5.13.1 | 5.13.1 |
| nudge | 1.1.10.81462 | - | - | - |
| swiftDialog | 2.1.0 | - | - | - |
@@ -18,8 +18,8 @@ Following are the currently deployed versions of fleetd components on the `stabl
| Component\OS | macOS | Linux | Windows | Linux (arm64) |
|--------------|--------|--------|---------|---------------|
-| orbit | 1.32.0 | 1.32.0 | 1.32.0 | 1.32.0 |
-| desktop | 1.32.0 | 1.32.0 | 1.32.0 | 1.32.0 |
+| orbit | 1.33.0 | 1.33.0 | 1.33.0 | 1.33.0 |
+| desktop | 1.33.0 | 1.33.0 | 1.33.0 | 1.33.0 |
| osqueryd | 5.13.1 | 5.13.1 | 5.13.1 | 5.13.1 |
| nudge | - | - | - | - |
| swiftDialog | - | - | - | - |
diff --git a/orbit/changes/20320-uninstall-after-failed-post-install b/orbit/changes/20320-uninstall-after-failed-post-install
deleted file mode 100644
index 5dd4d969729e..000000000000
--- a/orbit/changes/20320-uninstall-after-failed-post-install
+++ /dev/null
@@ -1 +0,0 @@
-During software install flow, if installer's post-install script fails, run the uninstall script to attempt to roll back.
diff --git a/orbit/changes/update-go1.23.1 b/orbit/changes/update-go1.23.1
deleted file mode 100644
index d9a689e4e905..000000000000
--- a/orbit/changes/update-go1.23.1
+++ /dev/null
@@ -1,2 +0,0 @@
-* Updated Go to go1.23.1
-
diff --git a/orbit/pkg/update/escrow_buddy.go b/orbit/pkg/update/escrow_buddy.go
index e1f6fdf1160d..b226da9a24ce 100644
--- a/orbit/pkg/update/escrow_buddy.go
+++ b/orbit/pkg/update/escrow_buddy.go
@@ -5,8 +5,9 @@ import (
"sync"
"time"
- "github.com/fleetdm/fleet/v4/server/fleet"
"github.com/rs/zerolog/log"
+
+ "github.com/fleetdm/fleet/v4/server/fleet"
)
// EscrowBuddyRunner sets up [Escrow Buddy][1] to rotate FileVault keys on
@@ -86,6 +87,13 @@ func (e *EscrowBuddyRunner) Run(cfg *fleet.OrbitConfig) error {
}
}
+ // Some macOS updates and upgrades reset the authorization database to its default state
+ // which will deactivate Escrow Buddy and prevent FileVault key generation upon next login.
+ log.Debug().Msg("EscrowBuddyRunner: re-enable Escrow Buddy in the authorization database")
+ if err := e.setAuthDBSetup(); err != nil {
+ return fmt.Errorf("failed to re-enable Escrow Buddy in the authorization database, err: %w", err)
+ }
+
log.Debug().Msg("EscrowBuddyRunner: enabling disk encryption rotation")
if err := e.setGenerateNewKeyTo(true); err != nil {
return fmt.Errorf("enabling disk encryption rotation: %w", err)
@@ -118,3 +126,13 @@ func (e *EscrowBuddyRunner) setGenerateNewKeyTo(enabled bool) error {
}
return fn("sh", "-c", cmd)
}
+
+func (e *EscrowBuddyRunner) setAuthDBSetup() error {
+ log.Debug().Msg("ready to re-enable Escrow Buddy in the authorization database")
+ cmd := "/Library/Security/SecurityAgentPlugins/Escrow\\ Buddy.bundle/Contents/Resources/AuthDBSetup.sh"
+ fn := e.runCmdFunc
+ if fn == nil {
+ fn = runCmdCollectErr
+ }
+ return fn("sh", "-c", cmd)
+}
diff --git a/orbit/pkg/update/escrow_buddy_test.go b/orbit/pkg/update/escrow_buddy_test.go
index 0ed61883b03f..ccd30938341d 100644
--- a/orbit/pkg/update/escrow_buddy_test.go
+++ b/orbit/pkg/update/escrow_buddy_test.go
@@ -65,9 +65,11 @@ func (s *escrowBuddyTestSuite) TestEscrowBuddyRotatesKey() {
err = r.Run(cfg)
require.NoError(t, err)
- require.Len(t, cmdCalls, 1)
+ require.Len(t, cmdCalls, 2)
require.Equal(t, cmdCalls[0]["cmd"], "sh")
- require.Equal(t, cmdCalls[0]["args"], []string{"-c", "defaults write /Library/Preferences/com.netflix.Escrow-Buddy.plist GenerateNewKey -bool true"})
+ require.Equal(t, cmdCalls[0]["args"], []string{"-c", "/Library/Security/SecurityAgentPlugins/Escrow\\ Buddy.bundle/Contents/Resources/AuthDBSetup.sh"})
+ require.Equal(t, cmdCalls[1]["cmd"], "sh")
+ require.Equal(t, cmdCalls[1]["args"], []string{"-c", "defaults write /Library/Preferences/com.netflix.Escrow-Buddy.plist GenerateNewKey -bool true"})
targets = runner.updater.opt.Targets
require.Len(t, targets, 1)
@@ -77,10 +79,12 @@ func (s *escrowBuddyTestSuite) TestEscrowBuddyRotatesKey() {
time.Sleep(3 * time.Millisecond)
cfg.Notifications.RotateDiskEncryptionKey = false
+ cmdCalls = []map[string]any{}
err = r.Run(cfg)
require.NoError(t, err)
- require.Len(t, cmdCalls, 2)
- require.Equal(t, cmdCalls[1]["cmd"], "sh")
- require.Equal(t, cmdCalls[1]["args"], []string{"-c", "defaults write /Library/Preferences/com.netflix.Escrow-Buddy.plist GenerateNewKey -bool false"})
+ // only one call to set the GenerateNewKey to false
+ require.Len(t, cmdCalls, 1)
+ require.Equal(t, cmdCalls[0]["cmd"], "sh")
+ require.Equal(t, cmdCalls[0]["args"], []string{"-c", "defaults write /Library/Preferences/com.netflix.Escrow-Buddy.plist GenerateNewKey -bool false"})
}
diff --git a/pkg/file/scripts/install_exe.ps1 b/pkg/file/scripts/install_exe.ps1
index bdf858461df2..f4e83b4de3fd 100644
--- a/pkg/file/scripts/install_exe.ps1
+++ b/pkg/file/scripts/install_exe.ps1
@@ -3,6 +3,8 @@
$exeFilePath = "${env:INSTALLER_PATH}"
+try {
+
# Add argument to install silently
# Argument to make install silent depends on installer,
# each installer might use different argument (usually it's "/S" or "/s")
@@ -20,3 +22,8 @@ $exitCode = $process.ExitCode
# Prints the exit code
Write-Host "Install exit code: $exitCode"
Exit $exitCode
+
+} catch {
+ Write-Host "Error: $_"
+ Exit 1
+}
diff --git a/pkg/file/scripts/install_msi.ps1 b/pkg/file/scripts/install_msi.ps1
index 838c431c1df1..fbd89aa10bc5 100644
--- a/pkg/file/scripts/install_msi.ps1
+++ b/pkg/file/scripts/install_msi.ps1
@@ -1,9 +1,16 @@
$logFile = "${env:TEMP}/fleet-install-software.log"
+try {
+
$installProcess = Start-Process msiexec.exe `
-ArgumentList "/quiet /norestart /lv ${logFile} /i `"${env:INSTALLER_PATH}`"" `
-PassThru -Verb RunAs -Wait
Get-Content $logFile -Tail 500
-exit $installProcess.ExitCode
+Exit $installProcess.ExitCode
+
+} catch {
+ Write-Host "Error: $_"
+ Exit 1
+}
diff --git a/pkg/file/scripts/uninstall_exe.ps1 b/pkg/file/scripts/uninstall_exe.ps1
index 31b53ea58097..bc6ea1421422 100644
--- a/pkg/file/scripts/uninstall_exe.ps1
+++ b/pkg/file/scripts/uninstall_exe.ps1
@@ -14,6 +14,11 @@ $machineKey = `
'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\*'
$machineKey32on64 = `
'HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\*'
+
+$exitCode = 0
+
+try {
+
[array]$uninstallKeys = Get-ChildItem `
-Path @($machineKey, $machineKey32on64) `
-ErrorAction SilentlyContinue |
@@ -33,6 +38,24 @@ foreach ($key in $uninstallKeys) {
$key.UninstallString
}
+ # The uninstall command may contain command and args, like:
+ # "C:\Program Files\Software\uninstall.exe" --uninstall --silent
+ # Split the command and args
+ $splitArgs = $uninstallCommand.Split('"')
+ if ($splitArgs.Length -gt 1) {
+ if ($splitArgs.Length -eq 3) {
+ $uninstallArgs = "$( $splitArgs[2] ) $uninstallArgs".Trim()
+ } elseif ($splitArgs.Length -gt 3) {
+ Throw `
+ "Uninstall command contains multiple quoted strings. " +
+ "Please update the uninstall script.`n" +
+ "Uninstall command: $uninstallCommand"
+ }
+ $uninstallCommand = $splitArgs[1]
+ }
+ Write-Host "Uninstall command: $uninstallCommand"
+ Write-Host "Uninstall args: $uninstallArgs"
+
$processOptions = @{
FilePath = $uninstallCommand
PassThru = $true
@@ -55,6 +78,14 @@ foreach ($key in $uninstallKeys) {
if (-not $foundUninstaller) {
Write-Host "Uninstaller for '$softwareName' not found."
+ # Change exit code to 0 if you don't want to fail if uninstaller is not
+ # found. This could happen if program was already uninstalled.
$exitCode = 1
}
+
+} catch {
+ Write-Host "Error: $_"
+ $exitCode = 1
+}
+
Exit $exitCode
diff --git a/pkg/file/testdata/scripts/install_exe.ps1.golden b/pkg/file/testdata/scripts/install_exe.ps1.golden
index bdf858461df2..f4e83b4de3fd 100644
--- a/pkg/file/testdata/scripts/install_exe.ps1.golden
+++ b/pkg/file/testdata/scripts/install_exe.ps1.golden
@@ -3,6 +3,8 @@
$exeFilePath = "${env:INSTALLER_PATH}"
+try {
+
# Add argument to install silently
# Argument to make install silent depends on installer,
# each installer might use different argument (usually it's "/S" or "/s")
@@ -20,3 +22,8 @@ $exitCode = $process.ExitCode
# Prints the exit code
Write-Host "Install exit code: $exitCode"
Exit $exitCode
+
+} catch {
+ Write-Host "Error: $_"
+ Exit 1
+}
diff --git a/pkg/file/testdata/scripts/install_msi.ps1.golden b/pkg/file/testdata/scripts/install_msi.ps1.golden
index 838c431c1df1..fbd89aa10bc5 100644
--- a/pkg/file/testdata/scripts/install_msi.ps1.golden
+++ b/pkg/file/testdata/scripts/install_msi.ps1.golden
@@ -1,9 +1,16 @@
$logFile = "${env:TEMP}/fleet-install-software.log"
+try {
+
$installProcess = Start-Process msiexec.exe `
-ArgumentList "/quiet /norestart /lv ${logFile} /i `"${env:INSTALLER_PATH}`"" `
-PassThru -Verb RunAs -Wait
Get-Content $logFile -Tail 500
-exit $installProcess.ExitCode
+Exit $installProcess.ExitCode
+
+} catch {
+ Write-Host "Error: $_"
+ Exit 1
+}
diff --git a/pkg/file/testdata/scripts/uninstall_exe.ps1.golden b/pkg/file/testdata/scripts/uninstall_exe.ps1.golden
index 31b53ea58097..bc6ea1421422 100644
--- a/pkg/file/testdata/scripts/uninstall_exe.ps1.golden
+++ b/pkg/file/testdata/scripts/uninstall_exe.ps1.golden
@@ -14,6 +14,11 @@ $machineKey = `
'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\*'
$machineKey32on64 = `
'HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\*'
+
+$exitCode = 0
+
+try {
+
[array]$uninstallKeys = Get-ChildItem `
-Path @($machineKey, $machineKey32on64) `
-ErrorAction SilentlyContinue |
@@ -33,6 +38,24 @@ foreach ($key in $uninstallKeys) {
$key.UninstallString
}
+ # The uninstall command may contain command and args, like:
+ # "C:\Program Files\Software\uninstall.exe" --uninstall --silent
+ # Split the command and args
+ $splitArgs = $uninstallCommand.Split('"')
+ if ($splitArgs.Length -gt 1) {
+ if ($splitArgs.Length -eq 3) {
+ $uninstallArgs = "$( $splitArgs[2] ) $uninstallArgs".Trim()
+ } elseif ($splitArgs.Length -gt 3) {
+ Throw `
+ "Uninstall command contains multiple quoted strings. " +
+ "Please update the uninstall script.`n" +
+ "Uninstall command: $uninstallCommand"
+ }
+ $uninstallCommand = $splitArgs[1]
+ }
+ Write-Host "Uninstall command: $uninstallCommand"
+ Write-Host "Uninstall args: $uninstallArgs"
+
$processOptions = @{
FilePath = $uninstallCommand
PassThru = $true
@@ -55,6 +78,14 @@ foreach ($key in $uninstallKeys) {
if (-not $foundUninstaller) {
Write-Host "Uninstaller for '$softwareName' not found."
+ # Change exit code to 0 if you don't want to fail if uninstaller is not
+ # found. This could happen if program was already uninstalled.
$exitCode = 1
}
+
+} catch {
+ Write-Host "Error: $_"
+ $exitCode = 1
+}
+
Exit $exitCode
diff --git a/pkg/spec/gitops.go b/pkg/spec/gitops.go
index a5938e2b9eef..9e4adc22687e 100644
--- a/pkg/spec/gitops.go
+++ b/pkg/spec/gitops.go
@@ -358,7 +358,7 @@ func parseAgentOptions(top map[string]json.RawMessage, result *GitOps, baseDir s
agentOptionsRaw, ok := top["agent_options"]
if result.IsNoTeam() {
if ok {
- logFn("[!] 'agent_options' is not supported for \"No team\". This key will be ignored.")
+ logFn("[!] 'agent_options' is not supported for \"No team\". This key will be ignored.\n")
}
return multiError
} else if !ok {
@@ -570,7 +570,7 @@ func parseQueries(top map[string]json.RawMessage, result *GitOps, baseDir string
queriesRaw, ok := top["queries"]
if result.IsNoTeam() {
if ok {
- logFn("[!] 'queries' is not supported for \"No team\". This key will be ignored.")
+ logFn("[!] 'queries' is not supported for \"No team\". This key will be ignored.\n")
}
return multiError
} else if !ok {
@@ -660,7 +660,12 @@ func parseSoftware(top map[string]json.RawMessage, result *GitOps, baseDir strin
if err := json.Unmarshal(softwareRaw, &software); err != nil {
var typeErr *json.UnmarshalTypeError
if errors.As(err, &typeErr) {
- return multierror.Append(multiError, fmt.Errorf("Couldn't edit software. %q must be a %s, found %s", typeErr.Field, typeErr.Type.String(), typeErr.Value))
+ typeErrField := typeErr.Field
+ if typeErrField == "" {
+ // UnmarshalTypeError.Field is empty when trying to set an invalid type on the root node.
+ typeErrField = "software"
+ }
+ return multierror.Append(multiError, fmt.Errorf("Couldn't edit software. %q must be a %s, found %s", typeErrField, typeErr.Type.String(), typeErr.Value))
}
return multierror.Append(multiError, fmt.Errorf("failed to unmarshall softwarespec: %v", err))
}
diff --git a/server/datastore/mysql/apple_mdm.go b/server/datastore/mysql/apple_mdm.go
index c545c898cc74..610a25db52fa 100644
--- a/server/datastore/mysql/apple_mdm.go
+++ b/server/datastore/mysql/apple_mdm.go
@@ -2087,11 +2087,11 @@ func (ds *Datastore) bulkSetPendingMDMAppleHostProfilesDB(
if _, ok := profileIntersection.GetMatchingProfileInDesiredState(p); ok {
continue
}
- // If the installation failed, then we do not want to change the operation to "Remove".
+ // If the profile wasn't installed, then we do not want to change the operation to "Remove".
// Doing so will result in Fleet attempting to remove a profile that doesn't exist on the
// host (since the installation failed). Skipping it here will lead to it being removed from
// the host in Fleet during profile reconciliation, which is what we want.
- if p.FailedToInstallOnHost() {
+ if p.DidNotInstallOnHost() {
continue
}
profilesToInsert[fmt.Sprintf("%s\n%s", p.HostUUID, p.ProfileUUID)] = &fleet.MDMAppleProfilePayload{
@@ -2535,377 +2535,150 @@ func (ds *Datastore) UpdateOrDeleteHostMDMAppleProfile(ctx context.Context, prof
return err
}
-const (
- appleMDMFailedProfilesStmt = `
- h.uuid = hmap.host_uuid AND
- hmap.status = :failed`
-
- appleMDMPendingProfilesStmt = `
- h.uuid = hmap.host_uuid AND
- (
- hmap.status IS NULL OR
- hmap.status = :pending OR
+// sqlCaseMDMAppleStatus returns a SQL snippet that can be used to determine the status of a host
+// based on the status of its profiles and declarations and filevault status. It should be used in
+// conjunction with sqlJoinMDMAppleProfilesStatus and sqlJoinMDMAppleDeclarationsStatus. It assumes the
+// hosts table to be aliased as 'h' and the host_disk_encryption_keys table to be aliased as 'hdek'.
+func sqlCaseMDMAppleStatus() string {
+ // NOTE: To make this snippet reusable, we're not using sqlx.Named here because it would
+ // complicate usage in other queries (e.g., list hosts).
+ var (
+ failed = fmt.Sprintf("'%s'", string(fleet.MDMDeliveryFailed))
+ pending = fmt.Sprintf("'%s'", string(fleet.MDMDeliveryPending))
+ verifying = fmt.Sprintf("'%s'", string(fleet.MDMDeliveryVerifying))
+ verified = fmt.Sprintf("'%s'", string(fleet.MDMDeliveryVerified))
+ )
+ return `
+ CASE WHEN (prof_failed
+ OR decl_failed
+ OR fv_failed) THEN
+ ` + failed + `
+ WHEN (prof_pending
+ OR decl_pending
-- special case for filevault, it's pending if the profile is
-- pending OR the profile is verified or verifying but we still
-- don't have an encryption key.
- (
- hmap.profile_identifier = :filevault AND
- hmap.status IN (:verifying, :verified) AND
- hmap.operation_type = :install AND
- NOT EXISTS (
- SELECT 1
- FROM host_disk_encryption_keys hdek
- WHERE h.id = hdek.host_id AND
- (hdek.decryptable = 1 OR hdek.decryptable IS NULL)
- )
- )
- )`
-
- appleMDMVerifyingProfilesStmt = `
- h.uuid = hmap.host_uuid AND
- hmap.operation_type = :install AND
- (
- -- all profiles except filevault that are 'verifying'
- (
- hmap.profile_identifier != :filevault AND
- hmap.status = :verifying
- )
- OR
- -- special cases for filevault
- (
- hmap.profile_identifier = :filevault AND
- (
- -- filevault profile is verified, but we didn't verify the encryption key
- (
- hmap.status = :verified AND
- EXISTS (
- SELECT 1
- FROM host_disk_encryption_keys AS hdek
- WHERE h.id = hdek.host_id AND
- hdek.decryptable IS NULL
- )
- )
- OR
- -- filevault profile is verifying, and we already have an encryption key, in any state
- (
- hmap.status = :verifying AND
- EXISTS (
- SELECT 1
- FROM host_disk_encryption_keys AS hdek
- WHERE h.id = hdek.host_id AND
- hdek.decryptable = 1 OR hdek.decryptable IS NULL
- )
- )
- )
- )
- )`
-
- appleVerifiedProfilesStmt = `
- h.uuid = hmap.host_uuid AND
- hmap.operation_type = :install AND
- hmap.status = :verified AND
- (
- hmap.profile_identifier != :filevault OR
- EXISTS (
- SELECT 1
- FROM host_disk_encryption_keys hdek
- WHERE h.id = hdek.host_id AND
- hdek.decryptable = 1
- )
- )`
-)
-
-// subqueryAppleProfileStatus builds the right subquery that can be used to
-// filter hosts based on their profile status.
-//
-// The subquery mechanism works by finding profiles for hosts that:
-// - match with the provided status
-// - match any status that supercedes the provided status (eg: failed supercedes verifying)
-//
-// Hosts will be considered to be in the given status only if the profiles
-// match the given status and zero profiles match any superceding status.
-func subqueryAppleProfileStatus(status fleet.MDMDeliveryStatus) (string, []any, error) {
- var condition string
- var excludeConditions string
- switch status {
- case fleet.MDMDeliveryFailed:
- condition = appleMDMFailedProfilesStmt
- excludeConditions = "FALSE"
- case fleet.MDMDeliveryPending:
- condition = appleMDMPendingProfilesStmt
- excludeConditions = appleMDMFailedProfilesStmt
- case fleet.MDMDeliveryVerifying:
- condition = appleMDMVerifyingProfilesStmt
- excludeConditions = fmt.Sprintf("(%s) OR (%s)", appleMDMPendingProfilesStmt, appleMDMFailedProfilesStmt)
- case fleet.MDMDeliveryVerified:
- condition = appleVerifiedProfilesStmt
- excludeConditions = fmt.Sprintf("(%s) OR (%s) OR (%s)", appleMDMPendingProfilesStmt, appleMDMFailedProfilesStmt, appleMDMVerifyingProfilesStmt)
- default:
- return "", nil, fmt.Errorf("invalid status: %s", status)
- }
-
- sql := fmt.Sprintf(`
- SELECT 1
- FROM host_mdm_apple_profiles hmap
- WHERE %s AND
- NOT EXISTS (
- SELECT 1
- FROM host_mdm_apple_profiles hmap
- WHERE %s
- )`, condition, excludeConditions)
-
- arg := map[string]any{
- "install": fleet.MDMOperationTypeInstall,
- "verifying": fleet.MDMDeliveryVerifying,
- "failed": fleet.MDMDeliveryFailed,
- "verified": fleet.MDMDeliveryVerified,
- "pending": fleet.MDMDeliveryPending,
- "filevault": mobileconfig.FleetFileVaultPayloadIdentifier,
- }
- query, args, err := sqlx.Named(sql, arg)
- if err != nil {
- return "", nil, fmt.Errorf("subqueryAppleProfileStatus %s: %w", status, err)
- }
-
- return query, args, nil
+ OR(fv_pending
+ OR((fv_verifying
+ OR fv_verified)
+ AND (hdek.base64_encrypted IS NULL OR (hdek.decryptable IS NOT NULL AND hdek.decryptable != 1))))) THEN
+ ` + pending + `
+ WHEN (prof_verifying
+ OR decl_verifying
+ -- special case when fv profile is verifying, and we already have an encryption key, in any state, we treat as verifying
+ OR(fv_verifying
+ AND hdek.base64_encrypted IS NOT NULL AND (hdek.decryptable IS NULL OR hdek.decryptable = 1))
+ -- special case when fv profile is verified, but we didn't verify the encryption key, we treat as verifying
+ OR(fv_verified
+ AND hdek.base64_encrypted IS NOT NULL AND hdek.decryptable IS NULL)) THEN
+ ` + verifying + `
+ WHEN (prof_verified
+ OR decl_verified
+ OR(fv_verified
+ AND hdek.base64_encrypted IS NOT NULL AND hdek.decryptable = 1)) THEN
+ ` + verified + `
+ END
+`
}
-// subqueryAppleDeclarationStatus builds out the subquery for declaration status
-func subqueryAppleDeclarationStatus() (string, []any, error) {
- const declNamedStmt = `
- CASE WHEN EXISTS (
- SELECT
- 1
- FROM
- host_mdm_apple_declarations d1
- WHERE
- h.uuid = d1.host_uuid
- AND d1.operation_type = :install
- AND d1.status = :failed
- AND d1.declaration_name NOT IN (:reserved_names)) THEN
- 'declarations_failed'
- WHEN EXISTS (
- SELECT
- 1
- FROM
- host_mdm_apple_declarations d2
- WHERE
- h.uuid = d2.host_uuid
- AND d2.operation_type = :install
- AND(d2.status IS NULL
- OR d2.status = :pending)
- AND d2.declaration_name NOT IN (:reserved_names)
- AND NOT EXISTS (
- SELECT
- 1
- FROM
- host_mdm_apple_declarations d3
- WHERE
- h.uuid = d3.host_uuid
- AND d3.operation_type = :install
- AND d3.status = :failed
- AND d3.declaration_name NOT IN (:reserved_names))) THEN
- 'declarations_pending'
- WHEN EXISTS (
- SELECT
- 1
- FROM
- host_mdm_apple_declarations d4
- WHERE
- h.uuid = d4.host_uuid
- AND d4.operation_type = :install
- AND d4.status = :verifying
- AND d4.declaration_name NOT IN (:reserved_names)
- AND NOT EXISTS (
- SELECT
- 1
- FROM
- host_mdm_apple_declarations d5
- WHERE (h.uuid = d5.host_uuid
- AND d5.operation_type = :install
- AND d5.declaration_name NOT IN (:reserved_names)
- AND(d5.status IS NULL
- OR d5.status IN(:pending, :failed))))) THEN
- 'declarations_verifying'
- WHEN EXISTS (
- SELECT
- 1
- FROM
- host_mdm_apple_declarations d6
- WHERE
- h.uuid = d6.host_uuid
- AND d6.operation_type = :install
- AND d6.status = :verified
- AND d6.declaration_name NOT IN (:reserved_names)
- AND NOT EXISTS (
- SELECT
- 1
- FROM
- host_mdm_apple_declarations d7
- WHERE (h.uuid = d7.host_uuid
- AND d7.operation_type = :install
- AND d7.declaration_name NOT IN (:reserved_names)
- AND(d7.status IS NULL
- OR d7.status IN(:pending, :failed, :verifying))))) THEN
- 'declarations_verified'
- ELSE
- ''
- END`
-
- arg := map[string]any{
- "install": fleet.MDMOperationTypeInstall,
- "verifying": fleet.MDMDeliveryVerifying,
- "failed": fleet.MDMDeliveryFailed,
- "verified": fleet.MDMDeliveryVerified,
- "pending": fleet.MDMDeliveryPending,
- "reserved_names": fleetmdm.ListFleetReservedMacOSDeclarationNames(),
- }
- query, args, err := sqlx.Named(declNamedStmt, arg)
- if err != nil {
- return "", nil, fmt.Errorf("subqueryAppleDeclarationStatus: %w", err)
- }
- query, args, err = sqlx.In(query, args...)
- if err != nil {
- return "", nil, fmt.Errorf("subqueryAppleDeclarationStatus resolve IN: %w", err)
- }
-
- return query, args, nil
+// sqlJoinMDMAppleProfilesStatus returns a SQL snippet that can be used to join a table derived from
+// host_mdm_apple_profiles (grouped by host_uuid and status) and the hosts table. For each host_uuid,
+// it derives a boolean value for each status category. The value will be 1 if the host has any
+// profile in the given status category. Separate columns are used for status of the filevault profile
+// vs. all other profiles. The snippet assumes the hosts table to be aliased as 'h'.
+func sqlJoinMDMAppleProfilesStatus() string {
+ // NOTE: To make this snippet reusable, we're not using sqlx.Named here because it would
+ // complicate usage in other queries (e.g., list hosts).
+ var (
+ failed = fmt.Sprintf("'%s'", string(fleet.MDMDeliveryFailed))
+ pending = fmt.Sprintf("'%s'", string(fleet.MDMDeliveryPending))
+ verifying = fmt.Sprintf("'%s'", string(fleet.MDMDeliveryVerifying))
+ verified = fmt.Sprintf("'%s'", string(fleet.MDMDeliveryVerified))
+ install = fmt.Sprintf("'%s'", string(fleet.MDMOperationTypeInstall))
+ filevault = fmt.Sprintf("'%s'", mobileconfig.FleetFileVaultPayloadIdentifier)
+ )
+ return `
+ LEFT JOIN (
+ -- profile statuses grouped by host uuid, boolean value will be 1 if host has any profile with the given status
+ -- filevault profiles are treated separately
+ SELECT
+ host_uuid,
+ MAX( IF((status IS NULL OR status = ` + pending + `) AND profile_identifier != ` + filevault + `, 1, 0)) AS prof_pending,
+ MAX( IF(status = ` + failed + ` AND profile_identifier != ` + filevault + `, 1, 0)) AS prof_failed,
+ MAX( IF(status = ` + verifying + ` AND profile_identifier != ` + filevault + ` AND operation_type = ` + install + `, 1, 0)) AS prof_verifying,
+ MAX( IF(status = ` + verified + ` AND profile_identifier != ` + filevault + ` AND operation_type = ` + install + `, 1, 0)) AS prof_verified,
+ MAX( IF((status IS NULL OR status = ` + pending + `) AND profile_identifier = ` + filevault + `, 1, 0)) AS fv_pending,
+ MAX( IF(status = ` + failed + ` AND profile_identifier = ` + filevault + `, 1, 0)) AS fv_failed,
+ MAX( IF(status = ` + verifying + ` AND profile_identifier = ` + filevault + ` AND operation_type = ` + install + `, 1, 0)) AS fv_verifying,
+ MAX( IF(status = ` + verified + ` AND profile_identifier = ` + filevault + ` AND operation_type = ` + install + `, 1, 0)) AS fv_verified
+ FROM
+ host_mdm_apple_profiles
+ GROUP BY
+ host_uuid) hmap ON h.uuid = hmap.host_uuid
+`
}
-func subqueryOSSettingsStatusMac() (string, []any, error) {
- var profArgs []any
- profFailed, profFailedArgs, err := subqueryAppleProfileStatus(fleet.MDMDeliveryFailed)
- if err != nil {
- return "", nil, err
- }
- profArgs = append(profArgs, profFailedArgs...)
-
- profPending, profPendingArgs, err := subqueryAppleProfileStatus(fleet.MDMDeliveryPending)
- if err != nil {
- return "", nil, err
- }
- profArgs = append(profArgs, profPendingArgs...)
-
- profVerifying, profVerifyingArgs, err := subqueryAppleProfileStatus(fleet.MDMDeliveryVerifying)
- if err != nil {
- return "", nil, err
- }
- profArgs = append(profArgs, profVerifyingArgs...)
-
- profVerified, profVerifiedArgs, err := subqueryAppleProfileStatus(fleet.MDMDeliveryVerified)
- if err != nil {
- return "", nil, err
- }
- profArgs = append(profArgs, profVerifiedArgs...)
-
- profStmt := fmt.Sprintf(`
- CASE WHEN EXISTS (%s) THEN
- 'profiles_failed'
- WHEN EXISTS (%s) THEN
- 'profiles_pending'
- WHEN EXISTS (%s) THEN
- 'profiles_verifying'
- WHEN EXISTS (%s) THEN
- 'profiles_verified'
- ELSE
- ''
- END`,
- profFailed,
- profPending,
- profVerifying,
- profVerified,
+// sqlJoinMDMAppleDeclarationsStatus returns a SQL snippet that can be used to join a table derived from
+// host_mdm_apple_declarations (grouped by host_uuid and status) and the hosts table. For each host_uuid,
+// it derives a boolean value for each status category. The value will be 1 if the host has any
+// declaration in the given status category. The snippet assumes the hosts table to be aliased as 'h'.
+func sqlJoinMDMAppleDeclarationsStatus() string {
+ // NOTE: To make this snippet reusable, we're not using sqlx.Named here because it would
+ // complicate usage in other queries (e.g., list hosts).
+ var (
+ failed = fmt.Sprintf("'%s'", string(fleet.MDMDeliveryFailed))
+ pending = fmt.Sprintf("'%s'", string(fleet.MDMDeliveryPending))
+ verifying = fmt.Sprintf("'%s'", string(fleet.MDMDeliveryVerifying))
+ verified = fmt.Sprintf("'%s'", string(fleet.MDMDeliveryVerified))
+ install = fmt.Sprintf("'%s'", string(fleet.MDMOperationTypeInstall))
+ reservedDeclNames = fmt.Sprintf("'%s', '%s', '%s'", fleetmdm.FleetMacOSUpdatesProfileName, fleetmdm.FleetIOSUpdatesProfileName, fleetmdm.FleetIPadOSUpdatesProfileName)
)
-
- declStmt, declArgs, err := subqueryAppleDeclarationStatus()
- if err != nil {
- return "", nil, err
- }
-
- stmt := fmt.Sprintf(`
- CASE (%s)
- WHEN 'profiles_failed' THEN
- 'failed'
- WHEN 'profiles_pending' THEN (
- CASE (%s)
- WHEN 'declarations_failed' THEN
- 'failed'
- ELSE
- 'pending'
- END)
- WHEN 'profiles_verifying' THEN (
- CASE (%s)
- WHEN 'declarations_failed' THEN
- 'failed'
- WHEN 'declarations_pending' THEN
- 'pending'
- ELSE
- 'verifying'
- END)
- WHEN 'profiles_verified' THEN (
- CASE (%s)
- WHEN 'declarations_failed' THEN
- 'failed'
- WHEN 'declarations_pending' THEN
- 'pending'
- WHEN 'declarations_verifying' THEN
- 'verifying'
- ELSE
- 'verified'
- END)
- ELSE
- REPLACE((%s), 'declarations_', '')
- END`, profStmt, declStmt, declStmt, declStmt, declStmt)
-
- args := append(profArgs, declArgs...)
- args = append(args, declArgs...)
- args = append(args, declArgs...)
- args = append(args, declArgs...)
-
- // FIXME(roberto): we found issues in MySQL 5.7.17 (only that version,
- // which we must support for now) with prepared statements on this
- // query. The results returned by the DB were always different what
- // expected unless the arguments are inlined in the query.
- //
- // We decided to do this given:
- //
- // - The time constraints we were given to develop DDM
- // - The fact that all the variables in this query are really strings managed by us
- // - The imminent deprecation of MySQL 5.7
- return fmt.Sprintf(strings.Replace(stmt, "?", "'%s'", -1), args...), []any{}, nil
+ return `
+ LEFT JOIN (
+ -- declaration statuses grouped by host uuid, boolean value will be 1 if host has any declaration with the given status
+ SELECT
+ host_uuid,
+ MAX( IF((status IS NULL OR status = ` + pending + `), 1, 0)) AS decl_pending,
+ MAX( IF(status = ` + failed + `, 1, 0)) AS decl_failed,
+ MAX( IF(status = ` + verifying + ` , 1, 0)) AS decl_verifying,
+ MAX( IF(status = ` + verified + ` , 1, 0)) AS decl_verified
+ FROM
+ host_mdm_apple_declarations
+ WHERE
+ operation_type = ` + install + ` AND declaration_name NOT IN(` + reservedDeclNames + `)
+ GROUP BY
+ host_uuid) hmad ON h.uuid = hmad.host_uuid
+`
}
func (ds *Datastore) GetMDMAppleProfilesSummary(ctx context.Context, teamID *uint) (*fleet.MDMProfilesSummary, error) {
- subquery, args, err := subqueryOSSettingsStatusMac()
- if err != nil {
- return nil, ctxerr.Wrap(ctx, err, "building os settings subquery")
- }
-
- sqlFmt := `
+ stmt := `
SELECT
- %s as status,
- COUNT(id) as count
+ COUNT(id) AS count,
+ %s AS status
FROM
- hosts h
-WHERE platform = 'darwin' OR platform = 'ios' OR platform = 'ipados'
-GROUP BY status, team_id HAVING status IN (?, ?, ?, ?) AND %s`
-
- args = append(args, fleet.MDMDeliveryFailed, fleet.MDMDeliveryPending, fleet.MDMDeliveryVerifying, fleet.MDMDeliveryVerified)
+ hosts h
+ %s
+ %s
+ LEFT JOIN host_disk_encryption_keys hdek ON h.id = hdek.host_id
+WHERE
+ platform IN('darwin', 'ios', 'ipad_os') AND %s
+GROUP BY
+ status HAVING status IS NOT NULL`
teamFilter := "team_id IS NULL"
if teamID != nil && *teamID > 0 {
- teamFilter = "team_id = ?"
- args = append(args, *teamID)
+ teamFilter = fmt.Sprintf("team_id = %d", *teamID)
}
- stmt := fmt.Sprintf(sqlFmt, subquery, teamFilter)
+ stmt = fmt.Sprintf(stmt, sqlCaseMDMAppleStatus(), sqlJoinMDMAppleProfilesStatus(), sqlJoinMDMAppleDeclarationsStatus(), teamFilter)
var dest []struct {
Count uint `db:"count"`
Status string `db:"status"`
}
- err = sqlx.SelectContext(ctx, ds.reader(ctx), &dest, stmt, args...)
- if err != nil {
+ if err := sqlx.SelectContext(ctx, ds.reader(ctx), &dest, stmt); err != nil {
return nil, err
}
@@ -4410,7 +4183,8 @@ func (ds *Datastore) insertOrUpsertMDMAppleDeclaration(ctx context.Context, insO
}
func batchSetDeclarationLabelAssociationsDB(ctx context.Context, tx sqlx.ExtContext,
- declarationLabels []fleet.ConfigurationProfileLabel) (updatedDB bool, err error) {
+ declarationLabels []fleet.ConfigurationProfileLabel,
+) (updatedDB bool, err error) {
if len(declarationLabels) == 0 {
return false, nil
}
@@ -4618,7 +4392,8 @@ func (ds *Datastore) MDMAppleBatchSetHostDeclarationState(ctx context.Context) (
}
func mdmAppleBatchSetHostDeclarationStateDB(ctx context.Context, tx sqlx.ExtContext, batchSize int,
- status *fleet.MDMDeliveryStatus) ([]string, bool, error) {
+ status *fleet.MDMDeliveryStatus,
+) ([]string, bool, error) {
// once all the declarations are in place, compute the desired state
// and find which hosts need a DDM sync.
changedDeclarations, err := mdmAppleGetHostsWithChangedDeclarationsDB(ctx, tx)
diff --git a/server/datastore/mysql/hosts.go b/server/datastore/mysql/hosts.go
index 0b3a0e498362..ee23749de80a 100644
--- a/server/datastore/mysql/hosts.go
+++ b/server/datastore/mysql/hosts.go
@@ -1114,6 +1114,14 @@ func (ds *Datastore) applyHostFilters(
whereParams = append(whereParams, microsoft_mdm.MDMDeviceStateEnrolled)
}
+ mdmAppleProfilesStatusJoin := ""
+ mdmAppleDeclarationsStatusJoin := ""
+ if opt.OSSettingsFilter.IsValid() ||
+ opt.MacOSSettingsFilter.IsValid() {
+ mdmAppleProfilesStatusJoin = sqlJoinMDMAppleProfilesStatus()
+ mdmAppleDeclarationsStatusJoin = sqlJoinMDMAppleDeclarationsStatus()
+ }
+
sqlStmt += fmt.Sprintf(
`FROM hosts h
LEFT JOIN host_seen_times hst ON (h.id = hst.host_id)
@@ -1128,6 +1136,8 @@ func (ds *Datastore) applyHostFilters(
%s
%s
%s
+ %s
+ %s
%s
WHERE TRUE AND %s AND %s AND %s AND %s
`,
@@ -1142,6 +1152,8 @@ func (ds *Datastore) applyHostFilters(
munkiJoin,
displayNameJoin,
connectedToFleetJoin,
+ mdmAppleProfilesStatusJoin,
+ mdmAppleDeclarationsStatusJoin,
// Conditions
ds.whereFilterHostsByTeams(filter, "h"),
@@ -1304,15 +1316,9 @@ func filterHostsByMacOSSettingsStatus(sql string, opt fleet.HostListOptions, par
whereStatus += ` AND h.team_id IS NULL`
}
- subqueryStatus, paramsStatus, err := subqueryOSSettingsStatusMac()
- if err != nil {
- return "", nil, err
- }
-
- whereStatus += fmt.Sprintf(` AND %s = ?`, subqueryStatus)
- paramsStatus = append(paramsStatus, opt.MacOSSettingsFilter)
+ whereStatus += fmt.Sprintf(` AND %s = ?`, sqlCaseMDMAppleStatus())
- return sql + whereStatus, append(params, paramsStatus...), nil
+ return sql + whereStatus, append(params, opt.MacOSSettingsFilter), nil
}
func filterHostsByMacOSDiskEncryptionStatus(sql string, opt fleet.HostListOptions, params []interface{}) (string, []interface{}) {
@@ -1364,13 +1370,9 @@ func (ds *Datastore) filterHostsByOSSettingsStatus(sql string, opt fleet.HostLis
AND ((h.platform = 'windows' AND (%s))
OR ((h.platform = 'darwin' OR h.platform = 'ios' OR h.platform = 'ipados') AND (%s)))`
- whereMacOS, paramsMacOS, err := subqueryOSSettingsStatusMac()
- if err != nil {
- return "", nil, err
- }
- whereMacOS += ` = ?`
- // ensure the host has MDM turned on
- paramsMacOS = append(paramsMacOS, opt.OSSettingsFilter)
+ // construct the WHERE for macOS
+ whereMacOS = fmt.Sprintf(`(%s) = ?`, sqlCaseMDMAppleStatus())
+ paramsMacOS := []any{opt.OSSettingsFilter}
// construct the WHERE for windows
whereWindows = `hmdm.is_server = 0`
diff --git a/server/datastore/mysql/labels.go b/server/datastore/mysql/labels.go
index d604b286a4aa..5ac777be3939 100644
--- a/server/datastore/mysql/labels.go
+++ b/server/datastore/mysql/labels.go
@@ -638,6 +638,12 @@ func (ds *Datastore) applyHostLabelFilters(ctx context.Context, filter fleet.Tea
joinParams = append(joinParams, microsoft_mdm.MDMDeviceStateEnrolled)
}
+ if opt.OSSettingsFilter.IsValid() ||
+ opt.MacOSSettingsFilter.IsValid() {
+ query += sqlJoinMDMAppleProfilesStatus()
+ query += sqlJoinMDMAppleDeclarationsStatus()
+ }
+
query += fmt.Sprintf(` WHERE lm.label_id = ? AND %s `, ds.whereFilterHostsByTeams(filter, "h"))
whereParams = append(whereParams, lid)
diff --git a/server/datastore/mysql/software_installers.go b/server/datastore/mysql/software_installers.go
index 5aa7a2f11d51..7d7f0169e3ad 100644
--- a/server/datastore/mysql/software_installers.go
+++ b/server/datastore/mysql/software_installers.go
@@ -768,7 +768,7 @@ func (ds *Datastore) CleanupUnusedSoftwareInstallers(ctx context.Context, softwa
return ctxerr.Wrap(ctx, err, "cleanup unused software installers")
}
-func (ds *Datastore) BatchSetSoftwareInstallers(ctx context.Context, tmID *uint, installers []*fleet.UploadSoftwareInstallerPayload) ([]fleet.SoftwarePackageResponse, error) {
+func (ds *Datastore) BatchSetSoftwareInstallers(ctx context.Context, tmID *uint, installers []*fleet.UploadSoftwareInstallerPayload) error {
const upsertSoftwareTitles = `
INSERT INTO software_titles
(name, source, browser)
@@ -878,23 +878,12 @@ ON DUPLICATE KEY UPDATE
url = VALUES(url)
`
- const loadInsertedSoftwareInstallers = `
-SELECT
- team_id,
- title_id,
- url
-FROM
- software_installers
-WHERE global_or_team_id = ?
-`
-
// use a team id of 0 if no-team
var globalOrTeamID uint
if tmID != nil {
globalOrTeamID = *tmID
}
- var insertedSoftwareInstallers []fleet.SoftwarePackageResponse
if err := ds.withRetryTxx(ctx, func(tx sqlx.ExtContext) error {
// if no installers are provided, just delete whatever was in
// the table
@@ -1040,15 +1029,11 @@ WHERE global_or_team_id = ?
}
}
- if err := sqlx.SelectContext(ctx, tx, &insertedSoftwareInstallers, loadInsertedSoftwareInstallers, globalOrTeamID); err != nil {
- return ctxerr.Wrap(ctx, err, "load inserted software installers")
- }
-
return nil
}); err != nil {
- return nil, err
+ return err
}
- return insertedSoftwareInstallers, nil
+ return nil
}
func (ds *Datastore) HasSelfServiceSoftwareInstallers(ctx context.Context, hostPlatform string, hostTeamID *uint) (bool, error) {
@@ -1135,3 +1120,21 @@ func (ds *Datastore) UpdateSoftwareInstallerWithoutPackageIDs(ctx context.Contex
}
return nil
}
+
+func (ds *Datastore) GetSoftwareInstallers(ctx context.Context, teamID uint) ([]fleet.SoftwarePackageResponse, error) {
+ const loadInsertedSoftwareInstallers = `
+SELECT
+ team_id,
+ title_id,
+ url
+FROM
+ software_installers
+WHERE global_or_team_id = ?
+`
+ var softwarePackages []fleet.SoftwarePackageResponse
+ // Using ds.writer(ctx) on purpose because this method is to be called after applying software.
+ if err := sqlx.SelectContext(ctx, ds.writer(ctx), &softwarePackages, loadInsertedSoftwareInstallers, teamID); err != nil {
+ return nil, ctxerr.Wrap(ctx, err, "get software installers")
+ }
+ return softwarePackages, nil
+}
diff --git a/server/datastore/mysql/software_installers_test.go b/server/datastore/mysql/software_installers_test.go
index 862d70063a07..178b85807148 100644
--- a/server/datastore/mysql/software_installers_test.go
+++ b/server/datastore/mysql/software_installers_test.go
@@ -630,11 +630,15 @@ func testBatchSetSoftwareInstallers(t *testing.T, ds *Datastore) {
}
// batch set with everything empty
- softwareInstallers, err := ds.BatchSetSoftwareInstallers(ctx, &team.ID, nil)
+ err = ds.BatchSetSoftwareInstallers(ctx, &team.ID, nil)
+ require.NoError(t, err)
+ softwareInstallers, err := ds.GetSoftwareInstallers(ctx, team.ID)
require.NoError(t, err)
require.Empty(t, softwareInstallers)
assertSoftware(nil)
- softwareInstallers, err = ds.BatchSetSoftwareInstallers(ctx, &team.ID, []*fleet.UploadSoftwareInstallerPayload{})
+ err = ds.BatchSetSoftwareInstallers(ctx, &team.ID, []*fleet.UploadSoftwareInstallerPayload{})
+ require.NoError(t, err)
+ softwareInstallers, err = ds.GetSoftwareInstallers(ctx, team.ID)
require.NoError(t, err)
require.Empty(t, softwareInstallers)
assertSoftware(nil)
@@ -642,7 +646,7 @@ func testBatchSetSoftwareInstallers(t *testing.T, ds *Datastore) {
// add a single installer
ins0 := "installer0"
ins0File := bytes.NewReader([]byte("installer0"))
- softwareInstallers, err = ds.BatchSetSoftwareInstallers(ctx, &team.ID, []*fleet.UploadSoftwareInstallerPayload{{
+ err = ds.BatchSetSoftwareInstallers(ctx, &team.ID, []*fleet.UploadSoftwareInstallerPayload{{
InstallScript: "install",
InstallerFile: ins0File,
StorageID: ins0,
@@ -656,6 +660,8 @@ func testBatchSetSoftwareInstallers(t *testing.T, ds *Datastore) {
URL: "https://example.com",
}})
require.NoError(t, err)
+ softwareInstallers, err = ds.GetSoftwareInstallers(ctx, team.ID)
+ require.NoError(t, err)
require.Len(t, softwareInstallers, 1)
require.NotNil(t, softwareInstallers[0].TeamID)
require.Equal(t, team.ID, *softwareInstallers[0].TeamID)
@@ -668,7 +674,7 @@ func testBatchSetSoftwareInstallers(t *testing.T, ds *Datastore) {
// add a new installer + ins0 installer
ins1 := "installer1"
ins1File := bytes.NewReader([]byte("installer1"))
- softwareInstallers, err = ds.BatchSetSoftwareInstallers(ctx, &team.ID, []*fleet.UploadSoftwareInstallerPayload{
+ err = ds.BatchSetSoftwareInstallers(ctx, &team.ID, []*fleet.UploadSoftwareInstallerPayload{
{
InstallScript: "install",
InstallerFile: ins0File,
@@ -698,6 +704,8 @@ func testBatchSetSoftwareInstallers(t *testing.T, ds *Datastore) {
},
})
require.NoError(t, err)
+ softwareInstallers, err = ds.GetSoftwareInstallers(ctx, team.ID)
+ require.NoError(t, err)
require.Len(t, softwareInstallers, 2)
require.NotNil(t, softwareInstallers[0].TitleID)
require.NotNil(t, softwareInstallers[0].TeamID)
@@ -713,7 +721,7 @@ func testBatchSetSoftwareInstallers(t *testing.T, ds *Datastore) {
})
// remove ins0
- softwareInstallers, err = ds.BatchSetSoftwareInstallers(ctx, &team.ID, []*fleet.UploadSoftwareInstallerPayload{
+ err = ds.BatchSetSoftwareInstallers(ctx, &team.ID, []*fleet.UploadSoftwareInstallerPayload{
{
InstallScript: "install",
PostInstallScript: "post-install",
@@ -728,6 +736,8 @@ func testBatchSetSoftwareInstallers(t *testing.T, ds *Datastore) {
},
})
require.NoError(t, err)
+ softwareInstallers, err = ds.GetSoftwareInstallers(ctx, team.ID)
+ require.NoError(t, err)
require.Len(t, softwareInstallers, 1)
require.NotNil(t, softwareInstallers[0].TitleID)
require.NotNil(t, softwareInstallers[0].TeamID)
@@ -737,7 +747,9 @@ func testBatchSetSoftwareInstallers(t *testing.T, ds *Datastore) {
})
// remove everything
- softwareInstallers, err = ds.BatchSetSoftwareInstallers(ctx, &team.ID, []*fleet.UploadSoftwareInstallerPayload{})
+ err = ds.BatchSetSoftwareInstallers(ctx, &team.ID, []*fleet.UploadSoftwareInstallerPayload{})
+ require.NoError(t, err)
+ softwareInstallers, err = ds.GetSoftwareInstallers(ctx, team.ID)
require.NoError(t, err)
require.Empty(t, softwareInstallers)
assertSoftware([]fleet.SoftwareTitle{})
diff --git a/server/fleet/activities.go b/server/fleet/activities.go
index a0702955b9ba..373aa5b720a8 100644
--- a/server/fleet/activities.go
+++ b/server/fleet/activities.go
@@ -1597,7 +1597,7 @@ func (a ActivityTypeEditedSoftware) ActivityName() string {
func (a ActivityTypeEditedSoftware) Documentation() (string, string, string) {
return `Generated when a software installer is updated in Fleet.`, `This activity contains the following fields:
- "software_title": Name of the software.
-- "software_package": Filename of the installer.` + " `null` " + `if the installer package was not modified.
+- "software_package": Filename of the installer as of this update (including if unchanged).
- "team_name": Name of the team on which this software was updated.` + " `null` " + `if it was updated on no team.
- "team_id": The ID of the team on which this software was updated.` + " `null` " + `if it was updated on no team.
- "self_service": Whether the software is available for installation by the end user.`, `{
diff --git a/server/fleet/apple_mdm.go b/server/fleet/apple_mdm.go
index 9a3bb005f8d3..832ee5d237a1 100644
--- a/server/fleet/apple_mdm.go
+++ b/server/fleet/apple_mdm.go
@@ -311,10 +311,10 @@ type MDMAppleProfilePayload struct {
CommandUUID string `db:"command_uuid"`
}
-// FailedToInstallOnHost indicates whether this profile failed to be installed on the host (and
+// DidNotInstallOnHost indicates whether this profile was not installed on the host (and
// therefore is not, as far as Fleet knows, currently on the host).
-func (p *MDMAppleProfilePayload) FailedToInstallOnHost() bool {
- return p.Status != nil && *p.Status == MDMDeliveryFailed && p.OperationType == MDMOperationTypeInstall
+func (p *MDMAppleProfilePayload) DidNotInstallOnHost() bool {
+ return p.Status != nil && (*p.Status == MDMDeliveryFailed || *p.Status == MDMDeliveryPending) && p.OperationType == MDMOperationTypeInstall
}
func (p MDMAppleProfilePayload) Equal(other MDMAppleProfilePayload) bool {
diff --git a/server/fleet/datastore.go b/server/fleet/datastore.go
index 9f9a9de50479..99b2cdb7d27c 100644
--- a/server/fleet/datastore.go
+++ b/server/fleet/datastore.go
@@ -1711,7 +1711,8 @@ type Datastore interface {
CleanupUnusedSoftwareInstallers(ctx context.Context, softwareInstallStore SoftwareInstallerStore, removeCreatedBefore time.Time) error
// BatchSetSoftwareInstallers sets the software installers for the given team or no team.
- BatchSetSoftwareInstallers(ctx context.Context, tmID *uint, installers []*UploadSoftwareInstallerPayload) ([]SoftwarePackageResponse, error)
+ BatchSetSoftwareInstallers(ctx context.Context, tmID *uint, installers []*UploadSoftwareInstallerPayload) error
+ GetSoftwareInstallers(ctx context.Context, tmID uint) ([]SoftwarePackageResponse, error)
// HasSelfServiceSoftwareInstallers returns true if self-service software installers are available for the team or globally.
HasSelfServiceSoftwareInstallers(ctx context.Context, platform string, teamID *uint) (bool, error)
diff --git a/server/fleet/service.go b/server/fleet/service.go
index 8599e464e1b5..24756ebb6d80 100644
--- a/server/fleet/service.go
+++ b/server/fleet/service.go
@@ -643,9 +643,15 @@ type Service interface {
// GetSoftwareInstallResults gets the results for a particular software install attempt.
GetSoftwareInstallResults(ctx context.Context, installUUID string) (*HostSoftwareInstallerResult, error)
- // BatchSetSoftwareInstallers replaces the software installers for a specified team.
- // Returns the metadata of inserted software installers.
- BatchSetSoftwareInstallers(ctx context.Context, tmName string, payloads []SoftwareInstallerPayload, dryRun bool) ([]SoftwarePackageResponse, error)
+ // BatchSetSoftwareInstallers asynchronously replaces the software installers for a specified team.
+ // Returns a request UUID that can be used to track an ongoing batch request (with GetBatchSetSoftwareInstallersResult).
+ BatchSetSoftwareInstallers(ctx context.Context, tmName string, payloads []SoftwareInstallerPayload, dryRun bool) (string, error)
+ // GetBatchSetSoftwareInstallersResult polls for the status of a batch-apply started by BatchSetSoftwareInstallers.
+ // Return values:
+ // - 'status': status of the batch-apply which can be "processing", "completed" or "failed".
+ // - 'message': which contains error information when the status is "failed".
+ // - 'packages': Contains the list of the applied software packages (when status is "completed"). This is always empty for a dry run.
+ GetBatchSetSoftwareInstallersResult(ctx context.Context, tmName string, requestUUID string, dryRun bool) (status string, message string, packages []SoftwarePackageResponse, err error)
// SelfServiceInstallSoftwareTitle installs a software title
// initiated by the user
@@ -1120,3 +1126,17 @@ type Service interface {
// CalendarWebhook handles incoming calendar callback requests.
CalendarWebhook(ctx context.Context, eventUUID string, channelID string, resourceState string) error
}
+
+type KeyValueStore interface {
+ Set(ctx context.Context, key string, value string, expireTime time.Duration) error
+ Get(ctx context.Context, key string) (*string, error)
+}
+
+const (
+ // BatchSetSoftwareInstallerStatusProcessing is the value returned for an ongoing BatchSetSoftwareInstallers operation.
+ BatchSetSoftwareInstallersStatusProcessing = "processing"
+ // BatchSetSoftwareInstallerStatusCompleted is the value returned for a completed BatchSetSoftwareInstallers operation.
+ BatchSetSoftwareInstallersStatusCompleted = "completed"
+ // BatchSetSoftwareInstallerStatusFailed is the value returned for a failed BatchSetSoftwareInstallers operation.
+ BatchSetSoftwareInstallersStatusFailed = "failed"
+)
diff --git a/server/mdm/crypto/scep.go b/server/mdm/crypto/scep.go
index 1367030bf4bf..2ba39d37d608 100644
--- a/server/mdm/crypto/scep.go
+++ b/server/mdm/crypto/scep.go
@@ -7,6 +7,7 @@ import (
"fmt"
"github.com/fleetdm/fleet/v4/server/fleet"
+ "github.com/fleetdm/fleet/v4/server/mdm/assets"
"github.com/fleetdm/fleet/v4/server/mdm/nanomdm/http/mdm"
)
@@ -33,15 +34,21 @@ func (s *SCEPVerifier) Verify(cert *x509.Certificate) error {
}
// TODO(roberto): nano interfaces don't allow to pass a context to this function
- assets, err := s.ds.GetAllMDMConfigAssetsByName(context.Background(), []fleet.MDMAssetName{
- fleet.MDMAssetCACert,
- })
+ rootCert, err := assets.X509Cert(context.Background(), s.ds, fleet.MDMAssetCACert)
if err != nil {
return fmt.Errorf("loading existing assets from the database: %w", err)
}
+ opts.Roots.AddCert(rootCert)
- if ok := opts.Roots.AppendCertsFromPEM(assets[fleet.MDMAssetCACert].Value); !ok {
- return errors.New("unable to append cerver SCEP cert to pool verifier")
+ // the default SCEP cert issued by fleet doesn't have any extra key
+ // usages, however, customers might configure the server with any
+ // certificate they want (generally for touchless MDM migrations)
+ //
+ // given that go verifies ext key usages on the whole chain, we relax
+ // the constraints when the provided certificate has any ext key usage
+ // that would cause a failure.
+ if hasOtherKeyUsages(rootCert, x509.ExtKeyUsageClientAuth) {
+ opts.KeyUsages = []x509.ExtKeyUsage{x509.ExtKeyUsageAny}
}
if _, err := cert.Verify(opts); err != nil {
@@ -50,3 +57,12 @@ func (s *SCEPVerifier) Verify(cert *x509.Certificate) error {
return nil
}
+
+func hasOtherKeyUsages(cert *x509.Certificate, usage x509.ExtKeyUsage) bool {
+ for _, u := range cert.ExtKeyUsage {
+ if u != usage {
+ return true
+ }
+ }
+ return false
+}
diff --git a/server/mdm/crypto/scep_test.go b/server/mdm/crypto/scep_test.go
index a8865b58f9ad..179864b9d3ff 100644
--- a/server/mdm/crypto/scep_test.go
+++ b/server/mdm/crypto/scep_test.go
@@ -1,8 +1,20 @@
package mdmcrypto
import (
+ "context"
+ "crypto/ecdsa"
+ "crypto/elliptic"
+ "crypto/rand"
+ "crypto/x509"
+ "crypto/x509/pkix"
+ "encoding/pem"
+ "errors"
+ "math/big"
"testing"
+ "time"
+ "github.com/fleetdm/fleet/v4/server/fleet"
+ "github.com/fleetdm/fleet/v4/server/mock"
"github.com/stretchr/testify/require"
)
@@ -11,3 +23,130 @@ func TestSCEPVerifierVerifyEmptyCerts(t *testing.T) {
err := v.Verify(nil)
require.ErrorContains(t, err, "no certificate provided")
}
+
+func TestVerify(t *testing.T) {
+ ds := new(mock.Store)
+ verifier := NewSCEPVerifier(ds)
+
+ // generate a valid root certificate with ExtKeyUsageClientAuth
+ validRootCertBytes, validRootCert, rootKey := generateRootCertificate(t, []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth})
+ _, validClientCert := generateClientCertificate(t, validRootCert, rootKey)
+
+ // generate a root certificate with an unrelated ExtKeyUsage
+ rootWithOtherUsagesBytes, rootWithOtherUsageCert, rootWithOtherUsageKey := generateRootCertificate(t, []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth})
+ _, validClientCertFromMultipleUsageRoot := generateClientCertificate(t, rootWithOtherUsageCert, rootWithOtherUsageKey)
+
+ cases := []struct {
+ name string
+ rootCert []byte
+ certToVerify *x509.Certificate
+ wantErr string
+ }{
+ {
+ name: "no certificate provided",
+ rootCert: nil,
+ certToVerify: nil,
+ wantErr: "no certificate provided",
+ },
+ {
+ name: "error loading root cert from database",
+ rootCert: nil,
+ certToVerify: validClientCert,
+ wantErr: "loading existing assets from the database",
+ },
+ {
+ name: "valid certificate verification succeeds",
+ rootCert: validRootCertBytes,
+ certToVerify: validClientCert,
+ wantErr: "",
+ },
+ {
+ name: "valid certificate with unrelated key usage in root cert",
+ rootCert: rootWithOtherUsagesBytes,
+ certToVerify: validClientCertFromMultipleUsageRoot,
+ wantErr: "",
+ },
+ {
+ name: "mismatched certificate presented",
+ rootCert: rootWithOtherUsagesBytes,
+ certToVerify: validClientCert,
+ wantErr: "certificate signed by unknown authority",
+ },
+ }
+
+ for _, tt := range cases {
+ t.Run(tt.name, func(t *testing.T) {
+ ds.GetAllMDMConfigAssetsByNameFunc = func(ctx context.Context, assetNames []fleet.MDMAssetName) (map[fleet.MDMAssetName]fleet.MDMConfigAsset, error) {
+ if tt.rootCert == nil {
+ return nil, errors.New("test error")
+ }
+
+ return map[fleet.MDMAssetName]fleet.MDMConfigAsset{
+ fleet.MDMAssetCACert: {Value: tt.rootCert},
+ }, nil
+ }
+
+ err := verifier.Verify(tt.certToVerify)
+ if tt.wantErr == "" {
+ require.NoError(t, err)
+ } else {
+ require.ErrorContains(t, err, tt.wantErr)
+ }
+ })
+ }
+}
+
+func generateRootCertificate(t *testing.T, extKeyUsages []x509.ExtKeyUsage) ([]byte, *x509.Certificate, *ecdsa.PrivateKey) {
+ priv, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
+ require.NoError(t, err)
+
+ rootCertTemplate := &x509.Certificate{
+ SerialNumber: big.NewInt(1),
+ Subject: pkix.Name{
+ Organization: []string{"Test Root CA"},
+ },
+ NotBefore: time.Now(),
+ NotAfter: time.Now().Add(10 * 365 * 24 * time.Hour),
+ IsCA: true,
+ KeyUsage: x509.KeyUsageCertSign | x509.KeyUsageDigitalSignature,
+ ExtKeyUsage: extKeyUsages,
+ BasicConstraintsValid: true,
+ }
+
+ rootCertDER, err := x509.CreateCertificate(rand.Reader, rootCertTemplate, rootCertTemplate, &priv.PublicKey, priv)
+ require.NoError(t, err)
+
+ rootCertPEM := pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: rootCertDER})
+
+ rootCert, err := x509.ParseCertificate(rootCertDER)
+ require.NoError(t, err)
+
+ return rootCertPEM, rootCert, priv
+}
+
+func generateClientCertificate(t *testing.T, rootCert *x509.Certificate, rootKey *ecdsa.PrivateKey) ([]byte, *x509.Certificate) {
+ clientPriv, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
+ require.NoError(t, err)
+
+ clientCertTemplate := &x509.Certificate{
+ SerialNumber: big.NewInt(2),
+ Subject: pkix.Name{
+ Organization: []string{"Test Client"},
+ },
+ NotBefore: time.Now(),
+ NotAfter: time.Now().Add(1 * 365 * 24 * time.Hour),
+ KeyUsage: x509.KeyUsageDigitalSignature,
+ ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth},
+ BasicConstraintsValid: true,
+ }
+
+ clientCertDER, err := x509.CreateCertificate(rand.Reader, clientCertTemplate, rootCert, &clientPriv.PublicKey, rootKey)
+ require.NoError(t, err)
+
+ clientCertPEM := pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: clientCertDER})
+
+ clientCert, err := x509.ParseCertificate(clientCertDER)
+ require.NoError(t, err)
+
+ return clientCertPEM, clientCert
+}
diff --git a/server/mock/datastore_mock.go b/server/mock/datastore_mock.go
index bc009c4ea30d..a592559bdf5a 100644
--- a/server/mock/datastore_mock.go
+++ b/server/mock/datastore_mock.go
@@ -1070,7 +1070,9 @@ type GetSoftwareInstallResultsFunc func(ctx context.Context, resultsUUID string)
type CleanupUnusedSoftwareInstallersFunc func(ctx context.Context, softwareInstallStore fleet.SoftwareInstallerStore, removeCreatedBefore time.Time) error
-type BatchSetSoftwareInstallersFunc func(ctx context.Context, tmID *uint, installers []*fleet.UploadSoftwareInstallerPayload) ([]fleet.SoftwarePackageResponse, error)
+type BatchSetSoftwareInstallersFunc func(ctx context.Context, tmID *uint, installers []*fleet.UploadSoftwareInstallerPayload) error
+
+type GetSoftwareInstallersFunc func(ctx context.Context, tmID uint) ([]fleet.SoftwarePackageResponse, error)
type HasSelfServiceSoftwareInstallersFunc func(ctx context.Context, platform string, teamID *uint) (bool, error)
@@ -2667,6 +2669,9 @@ type DataStore struct {
BatchSetSoftwareInstallersFunc BatchSetSoftwareInstallersFunc
BatchSetSoftwareInstallersFuncInvoked bool
+ GetSoftwareInstallersFunc GetSoftwareInstallersFunc
+ GetSoftwareInstallersFuncInvoked bool
+
HasSelfServiceSoftwareInstallersFunc HasSelfServiceSoftwareInstallersFunc
HasSelfServiceSoftwareInstallersFuncInvoked bool
@@ -6369,13 +6374,20 @@ func (s *DataStore) CleanupUnusedSoftwareInstallers(ctx context.Context, softwar
return s.CleanupUnusedSoftwareInstallersFunc(ctx, softwareInstallStore, removeCreatedBefore)
}
-func (s *DataStore) BatchSetSoftwareInstallers(ctx context.Context, tmID *uint, installers []*fleet.UploadSoftwareInstallerPayload) ([]fleet.SoftwarePackageResponse, error) {
+func (s *DataStore) BatchSetSoftwareInstallers(ctx context.Context, tmID *uint, installers []*fleet.UploadSoftwareInstallerPayload) error {
s.mu.Lock()
s.BatchSetSoftwareInstallersFuncInvoked = true
s.mu.Unlock()
return s.BatchSetSoftwareInstallersFunc(ctx, tmID, installers)
}
+func (s *DataStore) GetSoftwareInstallers(ctx context.Context, tmID uint) ([]fleet.SoftwarePackageResponse, error) {
+ s.mu.Lock()
+ s.GetSoftwareInstallersFuncInvoked = true
+ s.mu.Unlock()
+ return s.GetSoftwareInstallersFunc(ctx, tmID)
+}
+
func (s *DataStore) HasSelfServiceSoftwareInstallers(ctx context.Context, platform string, teamID *uint) (bool, error) {
s.mu.Lock()
s.HasSelfServiceSoftwareInstallersFuncInvoked = true
diff --git a/server/service/apple_mdm.go b/server/service/apple_mdm.go
index 99bfa2195dfd..4387367ef017 100644
--- a/server/service/apple_mdm.go
+++ b/server/service/apple_mdm.go
@@ -3298,8 +3298,8 @@ func ReconcileAppleProfiles(
continue
}
- if p.FailedToInstallOnHost() {
- // then we shouldn't send an additional remove command since it failed to install on the
+ if p.DidNotInstallOnHost() {
+ // then we shouldn't send an additional remove command since it wasn't installed on the
// host.
hostProfilesToCleanup = append(hostProfilesToCleanup, p)
continue
diff --git a/server/service/client.go b/server/service/client.go
index 6be25f00834a..8924707784f1 100644
--- a/server/service/client.go
+++ b/server/service/client.go
@@ -1502,9 +1502,13 @@ func (c *Client) DoGitOps(
return nil, err
}
- err = c.doGitOpsQueries(config, logFn, dryRun)
- if err != nil {
- return nil, err
+ // We currently don't support queries for "No team" thus
+ // we just do GitOps for queries for global and team files.
+ if !config.IsNoTeam() {
+ err = c.doGitOpsQueries(config, logFn, dryRun)
+ if err != nil {
+ return nil, err
+ }
}
return teamAssumptions, nil
diff --git a/server/service/client_policies.go b/server/service/client_policies.go
index a8425bebf573..089e6a2d477d 100644
--- a/server/service/client_policies.go
+++ b/server/service/client_policies.go
@@ -2,6 +2,7 @@ package service
import (
"fmt"
+
"github.com/fleetdm/fleet/v4/server/fleet"
)
diff --git a/server/service/client_software.go b/server/service/client_software.go
index 413e6dc7e9d8..60a0911093f4 100644
--- a/server/service/client_software.go
+++ b/server/service/client_software.go
@@ -1,7 +1,10 @@
package service
import (
+ "errors"
+ "fmt"
"net/url"
+ "time"
"github.com/fleetdm/fleet/v4/server/fleet"
)
@@ -29,14 +32,38 @@ func (c *Client) ListSoftwareTitles(query string) ([]fleet.SoftwareTitleListResu
}
func (c *Client) ApplyNoTeamSoftwareInstallers(softwareInstallers []fleet.SoftwareInstallerPayload, opts fleet.ApplySpecOptions) ([]fleet.SoftwarePackageResponse, error) {
- verb, path := "POST", "/api/latest/fleet/software/batch"
query, err := url.ParseQuery(opts.RawQuery())
if err != nil {
return nil, err
}
+ return c.applySoftwareInstallers(softwareInstallers, query, opts.DryRun)
+}
+
+func (c *Client) applySoftwareInstallers(softwareInstallers []fleet.SoftwareInstallerPayload, query url.Values, dryRun bool) ([]fleet.SoftwarePackageResponse, error) {
+ path := "/api/latest/fleet/software/batch"
var resp batchSetSoftwareInstallersResponse
- if err := c.authenticatedRequestWithQuery(map[string]interface{}{"software": softwareInstallers}, verb, path, &resp, query.Encode()); err != nil {
+ if err := c.authenticatedRequestWithQuery(map[string]interface{}{"software": softwareInstallers}, "POST", path, &resp, query.Encode()); err != nil {
return nil, err
}
- return resp.Packages, nil
+ if dryRun && resp.RequestUUID == "" {
+ return nil, nil
+ }
+
+ requestUUID := resp.RequestUUID
+ for {
+ var resp batchSetSoftwareInstallersResultResponse
+ if err := c.authenticatedRequestWithQuery(nil, "GET", path+"/"+requestUUID, &resp, query.Encode()); err != nil {
+ return nil, err
+ }
+ switch {
+ case resp.Status == fleet.BatchSetSoftwareInstallersStatusProcessing:
+ time.Sleep(5 * time.Second)
+ case resp.Status == fleet.BatchSetSoftwareInstallersStatusFailed:
+ return nil, errors.New(resp.Message)
+ case resp.Status == fleet.BatchSetSoftwareInstallersStatusCompleted:
+ return resp.Packages, nil
+ default:
+ return nil, fmt.Errorf("unknown status: %q", resp.Status)
+ }
+ }
}
diff --git a/server/service/client_teams.go b/server/service/client_teams.go
index 5c5180a6b700..5d541e903c9b 100644
--- a/server/service/client_teams.go
+++ b/server/service/client_teams.go
@@ -94,17 +94,12 @@ func (c *Client) ApplyTeamScripts(tmName string, scripts []fleet.ScriptPayload,
}
func (c *Client) ApplyTeamSoftwareInstallers(tmName string, softwareInstallers []fleet.SoftwareInstallerPayload, opts fleet.ApplySpecOptions) ([]fleet.SoftwarePackageResponse, error) {
- verb, path := "POST", "/api/latest/fleet/software/batch"
query, err := url.ParseQuery(opts.RawQuery())
if err != nil {
return nil, err
}
query.Add("team_name", tmName)
- var resp batchSetSoftwareInstallersResponse
- if err := c.authenticatedRequestWithQuery(map[string]interface{}{"software": softwareInstallers}, verb, path, &resp, query.Encode()); err != nil {
- return nil, err
- }
- return resp.Packages, nil
+ return c.applySoftwareInstallers(softwareInstallers, query, opts.DryRun)
}
func (c *Client) ApplyTeamAppStoreAppsAssociation(tmName string, vppBatchPayload []fleet.VPPBatchPayload, opts fleet.ApplySpecOptions) error {
diff --git a/server/service/handler.go b/server/service/handler.go
index 21bdd2f7ed57..7012393952bc 100644
--- a/server/service/handler.go
+++ b/server/service/handler.go
@@ -381,7 +381,10 @@ func attachFleetAPIRoutes(r *mux.Router, svc fleet.Service, config config.FleetC
ue.DELETE("/api/_version_/fleet/software/titles/{title_id:[0-9]+}/available_for_install", deleteSoftwareInstallerEndpoint, deleteSoftwareInstallerRequest{})
ue.GET("/api/_version_/fleet/software/install/{install_uuid}/results", getSoftwareInstallResultsEndpoint,
getSoftwareInstallResultsRequest{})
+ // POST /api/_version_/fleet/software/batch is asynchronous, meaning it will start the process of software download+upload in the background
+ // and will return a request UUID to be used in GET /api/_version_/fleet/software/batch/{request_uuid} to query for the status of the operation.
ue.POST("/api/_version_/fleet/software/batch", batchSetSoftwareInstallersEndpoint, batchSetSoftwareInstallersRequest{})
+ ue.GET("/api/_version_/fleet/software/batch/{request_uuid}", batchSetSoftwareInstallersResultEndpoint, batchSetSoftwareInstallersResultRequest{})
// App store software
ue.GET("/api/_version_/fleet/software/app_store_apps", getAppStoreAppsEndpoint, getAppStoreAppsRequest{})
diff --git a/server/service/integration_enterprise_test.go b/server/service/integration_enterprise_test.go
index 9255e95beff0..cb2a97966846 100644
--- a/server/service/integration_enterprise_test.go
+++ b/server/service/integration_enterprise_test.go
@@ -10903,6 +10903,10 @@ func (s *integrationEnterpriseTestSuite) TestBatchSetSoftwareInstallers() {
// create an HTTP server to host the software installer
handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+ if r.URL.Path != "/ruby.deb" {
+ w.WriteHeader(http.StatusNotFound)
+ return
+ }
file, err := os.Open(filepath.Join("testdata", "software-installers", "ruby.deb"))
require.NoError(t, err)
defer file.Close()
@@ -10914,11 +10918,28 @@ func (s *integrationEnterpriseTestSuite) TestBatchSetSoftwareInstallers() {
srv := httptest.NewServer(handler)
t.Cleanup(srv.Close)
+ // do a request with a URL that returns a 404.
+ softwareToInstall = []fleet.SoftwareInstallerPayload{
+ {URL: srv.URL + "/not_found.pkg"},
+ }
+ var batchResponse batchSetSoftwareInstallersResponse
+ s.DoJSON("POST", "/api/latest/fleet/software/batch", batchSetSoftwareInstallersRequest{Software: softwareToInstall}, http.StatusOK, &batchResponse, "team_name", tm.Name)
+ message := waitBatchSetSoftwareInstallersFailed(t, s, tm.Name, batchResponse.RequestUUID)
+ require.NotEmpty(t, message)
+ require.Contains(t, message, fmt.Sprintf("validation failed: software.url Couldn't edit software. URL (\"%s/not_found.pkg\") returned \"Not Found\". Please make sure that URLs are reachable from your Fleet server.", srv.URL))
+
// do a request with a valid URL
+ rubyURL := srv.URL + "/ruby.deb"
softwareToInstall = []fleet.SoftwareInstallerPayload{
- {URL: srv.URL},
+ {URL: rubyURL},
}
- s.Do("POST", "/api/latest/fleet/software/batch", batchSetSoftwareInstallersRequest{Software: softwareToInstall}, http.StatusOK, "team_name", tm.Name)
+ s.DoJSON("POST", "/api/latest/fleet/software/batch", batchSetSoftwareInstallersRequest{Software: softwareToInstall}, http.StatusOK, &batchResponse, "team_name", tm.Name)
+ packages := waitBatchSetSoftwareInstallersCompleted(t, s, tm.Name, batchResponse.RequestUUID)
+ require.Len(t, packages, 1)
+ require.NotNil(t, packages[0].TitleID)
+ require.Equal(t, rubyURL, packages[0].URL)
+ require.NotNil(t, packages[0].TeamID)
+ require.Equal(t, tm.ID, *packages[0].TeamID)
// TODO(roberto): test with a variety of response codes
@@ -10929,7 +10950,7 @@ func (s *integrationEnterpriseTestSuite) TestBatchSetSoftwareInstallers() {
require.Len(t, titlesResp.SoftwareTitles, 1)
// Check that the URL is set to software installers uploaded via batch.
require.NotNil(t, titlesResp.SoftwareTitles[0].SoftwarePackage.PackageURL)
- require.Equal(t, srv.URL, *titlesResp.SoftwareTitles[0].SoftwarePackage.PackageURL)
+ require.Equal(t, rubyURL, *titlesResp.SoftwareTitles[0].SoftwarePackage.PackageURL)
// check that platform is set when the installer is created
mysql.ExecAdhocSQL(t, s.ds, func(q sqlx.ExtContext) error {
@@ -10942,14 +10963,26 @@ func (s *integrationEnterpriseTestSuite) TestBatchSetSoftwareInstallers() {
})
// same payload doesn't modify anything
- s.Do("POST", "/api/latest/fleet/software/batch", batchSetSoftwareInstallersRequest{Software: softwareToInstall}, http.StatusOK, "team_name", tm.Name)
+ s.DoJSON("POST", "/api/latest/fleet/software/batch", batchSetSoftwareInstallersRequest{Software: softwareToInstall}, http.StatusOK, &batchResponse, "team_name", tm.Name)
+ packages = waitBatchSetSoftwareInstallersCompleted(t, s, tm.Name, batchResponse.RequestUUID)
+ require.Len(t, packages, 1)
+ require.NotNil(t, packages[0].TitleID)
+ require.Equal(t, rubyURL, packages[0].URL)
+ require.NotNil(t, packages[0].TeamID)
+ require.Equal(t, tm.ID, *packages[0].TeamID)
newTitlesResp := listSoftwareTitlesResponse{}
s.DoJSON("GET", "/api/v1/fleet/software/titles", nil, http.StatusOK, &newTitlesResp, "available_for_install", "true", "team_id", strconv.Itoa(int(tm.ID)))
require.Equal(t, titlesResp, newTitlesResp)
// setting self-service to true updates the software title metadata
softwareToInstall[0].SelfService = true
- s.Do("POST", "/api/latest/fleet/software/batch", batchSetSoftwareInstallersRequest{Software: softwareToInstall}, http.StatusOK, "team_name", tm.Name)
+ s.DoJSON("POST", "/api/latest/fleet/software/batch", batchSetSoftwareInstallersRequest{Software: softwareToInstall}, http.StatusOK, &batchResponse, "team_name", tm.Name)
+ packages = waitBatchSetSoftwareInstallersCompleted(t, s, tm.Name, batchResponse.RequestUUID)
+ require.Len(t, packages, 1)
+ require.NotNil(t, packages[0].TitleID)
+ require.Equal(t, rubyURL, packages[0].URL)
+ require.NotNil(t, packages[0].TeamID)
+ require.Equal(t, tm.ID, *packages[0].TeamID)
newTitlesResp = listSoftwareTitlesResponse{}
s.DoJSON("GET", "/api/v1/fleet/software/titles", nil, http.StatusOK, &newTitlesResp, "available_for_install", "true", "team_id", strconv.Itoa(int(tm.ID)))
titlesResp.SoftwareTitles[0].SoftwarePackage.SelfService = ptr.Bool(true)
@@ -10957,7 +10990,9 @@ func (s *integrationEnterpriseTestSuite) TestBatchSetSoftwareInstallers() {
// empty payload cleans the software items
softwareToInstall = []fleet.SoftwareInstallerPayload{}
- s.Do("POST", "/api/latest/fleet/software/batch", batchSetSoftwareInstallersRequest{Software: softwareToInstall}, http.StatusOK, "team_name", tm.Name)
+ s.DoJSON("POST", "/api/latest/fleet/software/batch", batchSetSoftwareInstallersRequest{Software: softwareToInstall}, http.StatusOK, &batchResponse, "team_name", tm.Name)
+ packages = waitBatchSetSoftwareInstallersCompleted(t, s, tm.Name, batchResponse.RequestUUID)
+ require.Empty(t, packages)
titlesResp = listSoftwareTitlesResponse{}
s.DoJSON("GET", "/api/v1/fleet/software/titles", nil, http.StatusOK, &titlesResp, "available_for_install", "true", "team_id", strconv.Itoa(int(tm.ID)))
require.Equal(t, 0, titlesResp.Count)
@@ -10967,9 +11002,14 @@ func (s *integrationEnterpriseTestSuite) TestBatchSetSoftwareInstallers() {
// Do a request with a valid URL with no team
//////////////////////////
softwareToInstall = []fleet.SoftwareInstallerPayload{
- {URL: srv.URL},
+ {URL: rubyURL},
}
- s.Do("POST", "/api/latest/fleet/software/batch", batchSetSoftwareInstallersRequest{Software: softwareToInstall}, http.StatusOK)
+ s.DoJSON("POST", "/api/latest/fleet/software/batch", batchSetSoftwareInstallersRequest{Software: softwareToInstall}, http.StatusOK, &batchResponse)
+ packages = waitBatchSetSoftwareInstallersCompleted(t, s, "", batchResponse.RequestUUID)
+ require.Len(t, packages, 1)
+ require.NotNil(t, packages[0].TitleID)
+ require.Equal(t, rubyURL, packages[0].URL)
+ require.Nil(t, packages[0].TeamID)
// check the application status on team 0
titlesResp = listSoftwareTitlesResponse{}
@@ -10978,14 +11018,24 @@ func (s *integrationEnterpriseTestSuite) TestBatchSetSoftwareInstallers() {
require.Len(t, titlesResp.SoftwareTitles, 1)
// same payload doesn't modify anything
- s.Do("POST", "/api/latest/fleet/software/batch", batchSetSoftwareInstallersRequest{Software: softwareToInstall}, http.StatusOK)
+ s.DoJSON("POST", "/api/latest/fleet/software/batch", batchSetSoftwareInstallersRequest{Software: softwareToInstall}, http.StatusOK, &batchResponse)
+ packages = waitBatchSetSoftwareInstallersCompleted(t, s, "", batchResponse.RequestUUID)
+ require.Len(t, packages, 1)
+ require.NotNil(t, packages[0].TitleID)
+ require.Equal(t, rubyURL, packages[0].URL)
+ require.Nil(t, packages[0].TeamID)
newTitlesResp = listSoftwareTitlesResponse{}
s.DoJSON("GET", "/api/v1/fleet/software/titles", nil, http.StatusOK, &newTitlesResp, "available_for_install", "true", "team_id", strconv.Itoa(int(0)))
require.Equal(t, titlesResp, newTitlesResp)
// setting self-service to true updates the software title metadata
softwareToInstall[0].SelfService = true
- s.Do("POST", "/api/latest/fleet/software/batch", batchSetSoftwareInstallersRequest{Software: softwareToInstall}, http.StatusOK)
+ s.DoJSON("POST", "/api/latest/fleet/software/batch", batchSetSoftwareInstallersRequest{Software: softwareToInstall}, http.StatusOK, &batchResponse)
+ packages = waitBatchSetSoftwareInstallersCompleted(t, s, "", batchResponse.RequestUUID)
+ require.Len(t, packages, 1)
+ require.NotNil(t, packages[0].TitleID)
+ require.Equal(t, rubyURL, packages[0].URL)
+ require.Nil(t, packages[0].TeamID)
newTitlesResp = listSoftwareTitlesResponse{}
s.DoJSON("GET", "/api/v1/fleet/software/titles", nil, http.StatusOK, &newTitlesResp, "available_for_install", "true", "team_id", strconv.Itoa(int(0)))
titlesResp.SoftwareTitles[0].SoftwarePackage.SelfService = ptr.Bool(true)
@@ -10993,13 +11043,50 @@ func (s *integrationEnterpriseTestSuite) TestBatchSetSoftwareInstallers() {
// empty payload cleans the software items
softwareToInstall = []fleet.SoftwareInstallerPayload{}
- s.Do("POST", "/api/latest/fleet/software/batch", batchSetSoftwareInstallersRequest{Software: softwareToInstall}, http.StatusOK)
+ s.DoJSON("POST", "/api/latest/fleet/software/batch", batchSetSoftwareInstallersRequest{Software: softwareToInstall}, http.StatusOK, &batchResponse)
+ packages = waitBatchSetSoftwareInstallersCompleted(t, s, "", batchResponse.RequestUUID)
+ require.Empty(t, packages)
titlesResp = listSoftwareTitlesResponse{}
s.DoJSON("GET", "/api/v1/fleet/software/titles", nil, http.StatusOK, &titlesResp, "available_for_install", "true", "team_id", strconv.Itoa(int(0)))
require.Equal(t, 0, titlesResp.Count)
require.Len(t, titlesResp.SoftwareTitles, 0)
}
+func waitBatchSetSoftwareInstallersCompleted(t *testing.T, s *integrationEnterpriseTestSuite, teamName string, requestUUID string) []fleet.SoftwarePackageResponse {
+ timeout := time.After(1 * time.Minute)
+ for {
+ var batchResultResponse batchSetSoftwareInstallersResultResponse
+ s.DoJSON("GET", "/api/latest/fleet/software/batch/"+requestUUID, nil, http.StatusOK, &batchResultResponse, "team_name", teamName)
+ if batchResultResponse.Status == fleet.BatchSetSoftwareInstallersStatusCompleted {
+ return batchResultResponse.Packages
+ }
+ select {
+ case <-timeout:
+ t.Fatalf("timeout: %s, %s", teamName, requestUUID)
+ case <-time.After(500 * time.Millisecond):
+ // OK, continue
+ }
+ }
+}
+
+func waitBatchSetSoftwareInstallersFailed(t *testing.T, s *integrationEnterpriseTestSuite, teamName string, requestUUID string) string {
+ timeout := time.After(1 * time.Minute)
+ for {
+ var batchResultResponse batchSetSoftwareInstallersResultResponse
+ s.DoJSON("GET", "/api/latest/fleet/software/batch/"+requestUUID, nil, http.StatusOK, &batchResultResponse, "team_name", teamName)
+ if batchResultResponse.Status == fleet.BatchSetSoftwareInstallersStatusFailed {
+ require.Empty(t, batchResultResponse.Packages)
+ return batchResultResponse.Message
+ }
+ select {
+ case <-timeout:
+ t.Fatalf("timeout: %s, %s", teamName, requestUUID)
+ case <-time.After(500 * time.Millisecond):
+ // OK, continue
+ }
+ }
+}
+
func (s *integrationEnterpriseTestSuite) TestBatchSetSoftwareInstallersSideEffects() {
t := s.T()
@@ -11030,7 +11117,14 @@ func (s *integrationEnterpriseTestSuite) TestBatchSetSoftwareInstallersSideEffec
softwareToInstall := []fleet.SoftwareInstallerPayload{
{URL: srv.URL},
}
- s.Do("POST", "/api/latest/fleet/software/batch", batchSetSoftwareInstallersRequest{Software: softwareToInstall}, http.StatusOK, "team_name", tm.Name)
+ var batchResponse batchSetSoftwareInstallersResponse
+ s.DoJSON("POST", "/api/latest/fleet/software/batch", batchSetSoftwareInstallersRequest{Software: softwareToInstall}, http.StatusOK, &batchResponse, "team_name", tm.Name)
+ packages := waitBatchSetSoftwareInstallersCompleted(t, s, tm.Name, batchResponse.RequestUUID)
+ require.Len(t, packages, 1)
+ require.NotNil(t, packages[0].TitleID)
+ require.NotNil(t, packages[0].TeamID)
+ require.Equal(t, tm.ID, *packages[0].TeamID)
+ require.Equal(t, srv.URL, packages[0].URL)
titlesResp := listSoftwareTitlesResponse{}
s.DoJSON("GET", "/api/v1/fleet/software/titles", nil, http.StatusOK, &titlesResp, "available_for_install", "true", "team_id", strconv.Itoa(int(tm.ID)))
titleResponse := getSoftwareTitleResponse{}
@@ -11068,7 +11162,13 @@ func (s *integrationEnterpriseTestSuite) TestBatchSetSoftwareInstallersSideEffec
// Switch self-service flag
softwareToInstall[0].SelfService = true
- s.Do("POST", "/api/latest/fleet/software/batch", batchSetSoftwareInstallersRequest{Software: softwareToInstall}, http.StatusOK, "team_name", tm.Name)
+ s.DoJSON("POST", "/api/latest/fleet/software/batch", batchSetSoftwareInstallersRequest{Software: softwareToInstall}, http.StatusOK, &batchResponse, "team_name", tm.Name)
+ packages = waitBatchSetSoftwareInstallersCompleted(t, s, tm.Name, batchResponse.RequestUUID)
+ require.Len(t, packages, 1)
+ require.NotNil(t, packages[0].TitleID)
+ require.NotNil(t, packages[0].TeamID)
+ require.Equal(t, tm.ID, *packages[0].TeamID)
+ require.Equal(t, srv.URL, packages[0].URL)
newTitlesResp := listSoftwareTitlesResponse{}
s.DoJSON("GET", "/api/v1/fleet/software/titles", nil, http.StatusOK, &newTitlesResp, "available_for_install", "true", "team_id", strconv.Itoa(int(tm.ID)))
require.Equal(t, true, *newTitlesResp.SoftwareTitles[0].SoftwarePackage.SelfService)
@@ -11082,7 +11182,13 @@ func (s *integrationEnterpriseTestSuite) TestBatchSetSoftwareInstallersSideEffec
withUpdatedPreinstallQuery := []fleet.SoftwareInstallerPayload{
{URL: srv.URL, PreInstallQuery: "SELECT * FROM os_version"},
}
- s.Do("POST", "/api/latest/fleet/software/batch", batchSetSoftwareInstallersRequest{Software: withUpdatedPreinstallQuery}, http.StatusOK, "team_name", tm.Name)
+ s.DoJSON("POST", "/api/latest/fleet/software/batch", batchSetSoftwareInstallersRequest{Software: withUpdatedPreinstallQuery}, http.StatusOK, &batchResponse, "team_name", tm.Name)
+ packages = waitBatchSetSoftwareInstallersCompleted(t, s, tm.Name, batchResponse.RequestUUID)
+ require.Len(t, packages, 1)
+ require.NotNil(t, packages[0].TitleID)
+ require.NotNil(t, packages[0].TeamID)
+ require.Equal(t, tm.ID, *packages[0].TeamID)
+ require.Equal(t, srv.URL, packages[0].URL)
titleResponse = getSoftwareTitleResponse{}
s.DoJSON("GET", fmt.Sprintf("/api/v1/fleet/software/titles/%d", newTitlesResp.SoftwareTitles[0].ID), nil, http.StatusOK, &titleResponse, "team_id", strconv.Itoa(int(tm.ID)))
require.Equal(t, "SELECT * FROM os_version", titleResponse.SoftwareTitle.SoftwarePackage.PreInstallQuery)
@@ -11119,7 +11225,13 @@ func (s *integrationEnterpriseTestSuite) TestBatchSetSoftwareInstallersSideEffec
withUpdatedInstallScript := []fleet.SoftwareInstallerPayload{
{URL: srv.URL, InstallScript: "apt install ruby"},
}
- s.Do("POST", "/api/latest/fleet/software/batch", batchSetSoftwareInstallersRequest{Software: withUpdatedInstallScript}, http.StatusOK, "team_name", tm.Name)
+ s.DoJSON("POST", "/api/latest/fleet/software/batch", batchSetSoftwareInstallersRequest{Software: withUpdatedInstallScript}, http.StatusOK, &batchResponse, "team_name", tm.Name)
+ packages = waitBatchSetSoftwareInstallersCompleted(t, s, tm.Name, batchResponse.RequestUUID)
+ require.Len(t, packages, 1)
+ require.NotNil(t, packages[0].TitleID)
+ require.NotNil(t, packages[0].TeamID)
+ require.Equal(t, tm.ID, *packages[0].TeamID)
+ require.Equal(t, srv.URL, packages[0].URL)
// ensure install count is the same, and uploaded_at hasn't changed
s.DoJSON("GET", fmt.Sprintf("/api/v1/fleet/software/titles/%d", newTitlesResp.SoftwareTitles[0].ID), nil, http.StatusOK, &titleResponse, "team_id", strconv.Itoa(int(tm.ID)))
@@ -11134,7 +11246,13 @@ func (s *integrationEnterpriseTestSuite) TestBatchSetSoftwareInstallersSideEffec
trailer = " " // add a character to the response for the installer HTTP call to ensure the file hashes differently
// update package
- s.Do("POST", "/api/latest/fleet/software/batch", batchSetSoftwareInstallersRequest{Software: withUpdatedInstallScript}, http.StatusOK, "team_name", tm.Name)
+ s.DoJSON("POST", "/api/latest/fleet/software/batch", batchSetSoftwareInstallersRequest{Software: withUpdatedInstallScript}, http.StatusOK, &batchResponse, "team_name", tm.Name)
+ packages = waitBatchSetSoftwareInstallersCompleted(t, s, tm.Name, batchResponse.RequestUUID)
+ require.Len(t, packages, 1)
+ require.NotNil(t, packages[0].TitleID)
+ require.NotNil(t, packages[0].TeamID)
+ require.Equal(t, tm.ID, *packages[0].TeamID)
+ require.Equal(t, srv.URL, packages[0].URL)
// ensure install count is zeroed and uploaded_at HAS changed
s.DoJSON("GET", fmt.Sprintf("/api/v1/fleet/software/titles/%d", newTitlesResp.SoftwareTitles[0].ID), nil, http.StatusOK, &titleResponse, "team_id", strconv.Itoa(int(tm.ID)))
@@ -11198,7 +11316,15 @@ func (s *integrationEnterpriseTestSuite) TestBatchSetSoftwareInstallersWithPolic
URL: srv.URL + "/ruby.deb",
},
}
- s.Do("POST", "/api/latest/fleet/software/batch", batchSetSoftwareInstallersRequest{Software: softwareToInstall}, http.StatusOK, "team_name", team1.Name)
+ var batchResponse batchSetSoftwareInstallersResponse
+ s.DoJSON("POST", "/api/latest/fleet/software/batch", batchSetSoftwareInstallersRequest{Software: softwareToInstall}, http.StatusOK, &batchResponse, "team_name", team1.Name)
+ packages := waitBatchSetSoftwareInstallersCompleted(t, s, team1.Name, batchResponse.RequestUUID)
+ require.Len(t, packages, 1)
+ require.NotNil(t, packages[0].TitleID)
+ require.NotNil(t, packages[0].TeamID)
+ require.Equal(t, team1.ID, *packages[0].TeamID)
+ require.Equal(t, srv.URL+"/ruby.deb", packages[0].URL)
+
// team2 has dummy_installer.pkg and ruby.deb.
softwareToInstall = []fleet.SoftwareInstallerPayload{
{
@@ -11208,7 +11334,20 @@ func (s *integrationEnterpriseTestSuite) TestBatchSetSoftwareInstallersWithPolic
URL: srv.URL + "/ruby.deb",
},
}
- s.Do("POST", "/api/latest/fleet/software/batch", batchSetSoftwareInstallersRequest{Software: softwareToInstall}, http.StatusOK, "team_name", team2.Name)
+ s.DoJSON("POST", "/api/latest/fleet/software/batch", batchSetSoftwareInstallersRequest{Software: softwareToInstall}, http.StatusOK, &batchResponse, "team_name", team2.Name)
+ packages = waitBatchSetSoftwareInstallersCompleted(t, s, team2.Name, batchResponse.RequestUUID)
+ sort.Slice(packages, func(i, j int) bool {
+ return packages[i].URL < packages[j].URL
+ })
+ require.Len(t, packages, 2)
+ require.NotNil(t, packages[0].TitleID)
+ require.NotNil(t, packages[0].TeamID)
+ require.Equal(t, team2.ID, *packages[0].TeamID)
+ require.Equal(t, srv.URL+"/dummy_installer.pkg", packages[0].URL)
+ require.NotNil(t, packages[1].TitleID)
+ require.NotNil(t, packages[1].TeamID)
+ require.Equal(t, team2.ID, *packages[1].TeamID)
+ require.Equal(t, srv.URL+"/ruby.deb", packages[1].URL)
// Associate ruby.deb to policy1Team1.
resp := listSoftwareTitlesResponse{}
@@ -11238,7 +11377,9 @@ func (s *integrationEnterpriseTestSuite) TestBatchSetSoftwareInstallersWithPolic
// Get rid of all installers in team1.
softwareToInstall = []fleet.SoftwareInstallerPayload{}
- s.Do("POST", "/api/latest/fleet/software/batch", batchSetSoftwareInstallersRequest{Software: softwareToInstall}, http.StatusOK, "team_name", team1.Name)
+ s.DoJSON("POST", "/api/latest/fleet/software/batch", batchSetSoftwareInstallersRequest{Software: softwareToInstall}, http.StatusOK, &batchResponse, "team_name", team1.Name)
+ packages = waitBatchSetSoftwareInstallersCompleted(t, s, team1.Name, batchResponse.RequestUUID)
+ require.Len(t, packages, 0)
// policy1Team1 should not be associated to any installer.
policy1Team1, err = s.ds.Policy(ctx, policy1Team1.ID)
diff --git a/server/service/integration_mdm_profiles_test.go b/server/service/integration_mdm_profiles_test.go
index f7fc2e2373f4..49a1f6eab0cf 100644
--- a/server/service/integration_mdm_profiles_test.go
+++ b/server/service/integration_mdm_profiles_test.go
@@ -1159,18 +1159,16 @@ func (s *integrationMDMTestSuite) TestPuppetMatchPreassignProfiles() {
s.awaitTriggerProfileSchedule(t)
// useful for debugging
- //mysql.ExecAdhocSQL(t, s.ds, func(q sqlx.ExtContext) error {
- // mysql.DumpTable(t, q, "host_mdm_apple_profiles")
- // return nil
- //})
+ // mysql.ExecAdhocSQL(t, s.ds, func(q sqlx.ExtContext) error {
+ // mysql.DumpTable(t, q, "host_mdm_apple_profiles")
+ // return nil
+ // })
s.assertHostAppleConfigProfiles(map[*fleet.Host][]fleet.HostMDMAppleProfile{
mdmHost: {
{Identifier: "i1", OperationType: fleet.MDMOperationTypeInstall, Status: &fleet.MDMDeliveryPending},
- {Identifier: "i2", OperationType: fleet.MDMOperationTypeRemove, Status: &fleet.MDMDeliveryPending},
{Identifier: "i4", OperationType: fleet.MDMOperationTypeInstall, Status: &fleet.MDMDeliveryPending},
{Identifier: mobileconfig.FleetdConfigPayloadIdentifier, OperationType: fleet.MDMOperationTypeInstall, Status: &fleet.MDMDeliveryPending},
{Identifier: mobileconfig.FleetCARootConfigPayloadIdentifier, OperationType: fleet.MDMOperationTypeInstall, Status: &fleet.MDMDeliveryPending},
- {Identifier: mobileconfig.FleetFileVaultPayloadIdentifier, OperationType: fleet.MDMOperationTypeRemove, Status: &fleet.MDMDeliveryPending},
},
})
diff --git a/server/service/integration_mdm_test.go b/server/service/integration_mdm_test.go
index 2e7ef1f152ca..ce134a2bd5fe 100644
--- a/server/service/integration_mdm_test.go
+++ b/server/service/integration_mdm_test.go
@@ -9383,32 +9383,34 @@ func (s *integrationMDMTestSuite) TestRemoveFailedProfiles() {
ident := uuid.NewString()
+ mdmDeviceRespond := func(device *mdmtest.TestAppleMDMClient) {
+ cmd, err := device.Idle()
+ require.NoError(t, err)
+ for cmd != nil {
+ if cmd.Command.RequestType == "InstallProfile" {
+ var fullCmd micromdm.CommandPayload
+ require.NoError(t, plist.Unmarshal(cmd.Raw, &fullCmd))
+
+ if strings.Contains(string(fullCmd.Command.InstallProfile.Payload), ident) {
+ var errChain []mdm.ErrorChain
+ errChain = append(errChain, mdm.ErrorChain{ErrorCode: -102, ErrorDomain: "CPProfile", USEnglishDescription: "The profile is either missing some required information, or contains information in an invalid format."})
+ cmd, err = device.Err(cmd.CommandUUID, errChain)
+ require.NoError(t, err)
+ continue
+ }
+ }
+ cmd, err = device.Acknowledge(cmd.CommandUUID)
+ require.NoError(t, err)
+ }
+ }
+
globalProfiles := [][]byte{
mobileconfigForTest("N1", ident),
mobileconfigForTest("N2", "I2"),
}
s.Do("POST", "/api/v1/fleet/mdm/apple/profiles/batch", batchSetMDMAppleProfilesRequest{Profiles: globalProfiles}, http.StatusNoContent)
s.awaitTriggerProfileSchedule(t)
-
- cmd, err := mdmDevice.Idle()
- require.NoError(t, err)
- for cmd != nil {
- if cmd.Command.RequestType == "InstallProfile" {
- var fullCmd micromdm.CommandPayload
- require.NoError(t, plist.Unmarshal(cmd.Raw, &fullCmd))
-
- if strings.Contains(string(fullCmd.Command.InstallProfile.Payload), ident) {
- var errChain []mdm.ErrorChain
- errChain = append(errChain, mdm.ErrorChain{ErrorCode: -102, ErrorDomain: "CPProfile", USEnglishDescription: "The profile is either missing some required information, or contains information in an invalid format."})
- cmd, err = mdmDevice.Err(cmd.CommandUUID, errChain)
- require.NoError(t, err)
- continue
- }
- }
- cmd, err = mdmDevice.Acknowledge(cmd.CommandUUID)
- require.NoError(t, err)
- }
-
+ mdmDeviceRespond(mdmDevice)
require.NoError(t, apple_mdm.VerifyHostMDMProfiles(context.Background(), s.ds, host, map[string]*fleet.HostMacOSProfile{
"I2": {Identifier: "I2", DisplayName: "I2", InstallDate: time.Now()},
"I1": {Identifier: "I1", DisplayName: "I1", InstallDate: time.Now()},
@@ -9416,24 +9418,7 @@ func (s *integrationMDMTestSuite) TestRemoveFailedProfiles() {
// Do another trigger + command fetching cycle, since we retry when a profile fails on install.
s.awaitTriggerProfileSchedule(t)
- cmd, err = mdmDevice.Idle()
- require.NoError(t, err)
- for cmd != nil {
- if cmd.Command.RequestType == "InstallProfile" {
- var fullCmd micromdm.CommandPayload
- require.NoError(t, plist.Unmarshal(cmd.Raw, &fullCmd))
-
- if strings.Contains(string(fullCmd.Command.InstallProfile.Payload), ident) {
- var errChain []mdm.ErrorChain
- errChain = append(errChain, mdm.ErrorChain{ErrorCode: -102, ErrorDomain: "CPProfile", USEnglishDescription: "The profile is either missing some required information, or contains information in an invalid format."})
- cmd, err = mdmDevice.Err(cmd.CommandUUID, errChain)
- require.NoError(t, err)
- continue
- }
- }
- cmd, err = mdmDevice.Acknowledge(cmd.CommandUUID)
- require.NoError(t, err)
- }
+ mdmDeviceRespond(mdmDevice)
require.NoError(t, apple_mdm.VerifyHostMDMProfiles(context.Background(), s.ds, host, map[string]*fleet.HostMacOSProfile{
"I1": {Identifier: "I1", DisplayName: "I1", InstallDate: time.Now()},
@@ -9468,6 +9453,40 @@ func (s *integrationMDMTestSuite) TestRemoveFailedProfiles() {
for _, hm := range *getHostResp.Host.MDM.Profiles {
require.NotEqual(t, "N1", hm.Name)
}
+
+ // Test case where the profile never makes it to the host at all
+ host, _ = createHostThenEnrollMDM(s.ds, s.server.URL, t)
+ ident = uuid.NewString()
+
+ globalProfiles = [][]byte{
+ mobileconfigForTest("N3", ident),
+ }
+ s.Do("POST", "/api/v1/fleet/mdm/apple/profiles/batch", batchSetMDMAppleProfilesRequest{Profiles: globalProfiles}, http.StatusNoContent)
+ s.awaitTriggerProfileSchedule(t)
+
+ getHostResp = getHostResponse{}
+ s.DoJSON("GET", fmt.Sprintf("/api/latest/fleet/hosts/%d", host.ID), nil, http.StatusOK, &getHostResp)
+ require.NotNil(t, getHostResp.Host.MDM.Profiles)
+ require.Len(t, *getHostResp.Host.MDM.Profiles, 3)
+ var profUUID string
+ for _, hm := range *getHostResp.Host.MDM.Profiles {
+ require.Equal(t, fleet.MDMDeliveryPending, *hm.Status)
+ if hm.Name == "N3" {
+ profUUID = hm.ProfileUUID
+ }
+ }
+
+ // delete the custom profile
+ s.Do("DELETE", fmt.Sprintf("/api/latest/fleet/mdm/profiles/%s", profUUID), &deleteMDMAppleConfigProfileRequest{}, http.StatusOK)
+ s.awaitTriggerProfileSchedule(t)
+
+ getHostResp = getHostResponse{}
+ s.DoJSON("GET", fmt.Sprintf("/api/latest/fleet/hosts/%d", host.ID), nil, http.StatusOK, &getHostResp)
+ require.NotNil(t, getHostResp.Host.MDM.Profiles)
+ require.Len(t, *getHostResp.Host.MDM.Profiles, 2)
+ for _, hm := range *getHostResp.Host.MDM.Profiles {
+ require.Equal(t, fleet.MDMDeliveryPending, *hm.Status)
+ }
}
func (s *integrationMDMTestSuite) TestABMAssetManagement() {
diff --git a/server/service/redis_key_value/redis_key_value.go b/server/service/redis_key_value/redis_key_value.go
new file mode 100644
index 000000000000..010c24c19cc0
--- /dev/null
+++ b/server/service/redis_key_value/redis_key_value.go
@@ -0,0 +1,58 @@
+// Package redis_key_value implements a most basic SET & GET key/value store
+// where both the key and the value are strings.
+package redis_key_value
+
+import (
+ "context"
+ "errors"
+ "time"
+
+ "github.com/fleetdm/fleet/v4/server/contexts/ctxerr"
+ "github.com/fleetdm/fleet/v4/server/datastore/redis"
+ "github.com/fleetdm/fleet/v4/server/fleet"
+ redigo "github.com/gomodule/redigo/redis"
+)
+
+// RedisKeyValue is a basic key/value store with SET and GET operations
+// Items are removed via expiration (defined in the SET operation).
+type RedisKeyValue struct {
+ pool fleet.RedisPool
+ testPrefix string // for tests, the key prefix to use to avoid conflicts
+}
+
+// New creates a new RedisKeyValue store.
+func New(pool fleet.RedisPool) *RedisKeyValue {
+ return &RedisKeyValue{pool: pool}
+}
+
+// prefix is used to not collide with other key domains (like live queries or calendar locks).
+const prefix = "key_value_"
+
+// Set creates or overrides the given key with the given value.
+// Argument expireTime is used to set the expiration of the item
+// (when updating, the expiration of the item is updated).
+func (r *RedisKeyValue) Set(ctx context.Context, key string, value string, expireTime time.Duration) error {
+ conn := redis.ConfigureDoer(r.pool, r.pool.Get())
+ defer conn.Close()
+
+ if _, err := redigo.String(conn.Do("SET", r.testPrefix+prefix+key, value, "PX", expireTime.Milliseconds())); err != nil {
+ return ctxerr.Wrap(ctx, err, "redis failed to set")
+ }
+ return nil
+}
+
+// Get returns the value for a given key.
+// It returns (nil, nil) if the key doesn't exist.
+func (r *RedisKeyValue) Get(ctx context.Context, key string) (*string, error) {
+ conn := redis.ConfigureDoer(r.pool, r.pool.Get())
+ defer conn.Close()
+
+ res, err := redigo.String(conn.Do("GET", r.testPrefix+prefix+key))
+ if errors.Is(err, redigo.ErrNil) {
+ return nil, nil
+ }
+ if err != nil {
+ return nil, ctxerr.Wrap(ctx, err, "redis failed to get")
+ }
+ return &res, nil
+}
diff --git a/server/service/redis_key_value/redis_key_value_test.go b/server/service/redis_key_value/redis_key_value_test.go
new file mode 100644
index 000000000000..5f410e4a4918
--- /dev/null
+++ b/server/service/redis_key_value/redis_key_value_test.go
@@ -0,0 +1,92 @@
+package redis_key_value
+
+import (
+ "context"
+ "testing"
+ "time"
+
+ "github.com/fleetdm/fleet/v4/server/datastore/redis/redistest"
+ "github.com/fleetdm/fleet/v4/server/fleet"
+ "github.com/fleetdm/fleet/v4/server/test"
+ "github.com/stretchr/testify/require"
+)
+
+func TestRedisKeyValue(t *testing.T) {
+ for _, f := range []func(*testing.T, *RedisKeyValue){
+ testSetGet,
+ } {
+ t.Run(test.FunctionName(f), func(t *testing.T) {
+ t.Run("standalone", func(t *testing.T) {
+ kv := setupRedis(t, false, false)
+ f(t, kv)
+ })
+ t.Run("cluster", func(t *testing.T) {
+ kv := setupRedis(t, true, true)
+ f(t, kv)
+ })
+ })
+ }
+}
+
+func setupRedis(t testing.TB, cluster, redir bool) *RedisKeyValue {
+ pool := redistest.SetupRedis(t, t.Name(), cluster, redir, true)
+ return newRedisKeyValueForTest(t, pool)
+}
+
+type testName interface {
+ Name() string
+}
+
+func newRedisKeyValueForTest(t testName, pool fleet.RedisPool) *RedisKeyValue {
+ return &RedisKeyValue{
+ pool: pool,
+ testPrefix: t.Name() + ":",
+ }
+}
+
+func testSetGet(t *testing.T, kv *RedisKeyValue) {
+ ctx := context.Background()
+
+ result, err := kv.Get(ctx, "foo")
+ require.NoError(t, err)
+ require.Nil(t, result)
+
+ err = kv.Set(ctx, "foo", "bar", 5*time.Second)
+ require.NoError(t, err)
+
+ result, err = kv.Get(ctx, "foo")
+ require.NoError(t, err)
+ require.NotNil(t, result)
+ require.Equal(t, "bar", *result)
+
+ err = kv.Set(ctx, "foo", "zoo", 5*time.Second)
+ require.NoError(t, err)
+
+ result, err = kv.Get(ctx, "foo")
+ require.NoError(t, err)
+ require.NotNil(t, result)
+ require.Equal(t, "zoo", *result)
+
+ err = kv.Set(ctx, "boo", "bar", 2*time.Second)
+ require.NoError(t, err)
+ result, err = kv.Get(ctx, "boo")
+ require.NoError(t, err)
+ require.NotNil(t, result)
+ require.Equal(t, "bar", *result)
+
+ time.Sleep(3 * time.Second)
+ result, err = kv.Get(ctx, "boo")
+ require.NoError(t, err)
+ require.Nil(t, result)
+
+ // Updating an item, updates the expiration time.
+ err = kv.Set(ctx, "test", "foo", 2*time.Second)
+ require.NoError(t, err)
+ err = kv.Set(ctx, "test", "foo", 10*time.Second)
+ require.NoError(t, err)
+ time.Sleep(5 * time.Second)
+ result, err = kv.Get(ctx, "test")
+ require.NoError(t, err)
+ require.NotNil(t, result)
+ require.Equal(t, "foo", *result)
+}
diff --git a/server/service/software_installers.go b/server/service/software_installers.go
index 0542d769c805..b10b6a6f4c7f 100644
--- a/server/service/software_installers.go
+++ b/server/service/software_installers.go
@@ -546,27 +546,64 @@ type batchSetSoftwareInstallersRequest struct {
}
type batchSetSoftwareInstallersResponse struct {
- Packages []fleet.SoftwarePackageResponse `json:"packages"`
- Err error `json:"error,omitempty"`
+ RequestUUID string `json:"request_uuid"`
+ Err error `json:"error,omitempty"`
}
func (r batchSetSoftwareInstallersResponse) error() error { return r.Err }
func batchSetSoftwareInstallersEndpoint(ctx context.Context, request interface{}, svc fleet.Service) (errorer, error) {
req := request.(*batchSetSoftwareInstallersRequest)
- packages, err := svc.BatchSetSoftwareInstallers(ctx, req.TeamName, req.Software, req.DryRun)
+ requestUUID, err := svc.BatchSetSoftwareInstallers(ctx, req.TeamName, req.Software, req.DryRun)
if err != nil {
return batchSetSoftwareInstallersResponse{Err: err}, nil
}
- return batchSetSoftwareInstallersResponse{Packages: packages}, nil
+ return batchSetSoftwareInstallersResponse{RequestUUID: requestUUID}, nil
}
-func (svc *Service) BatchSetSoftwareInstallers(ctx context.Context, tmName string, payloads []fleet.SoftwareInstallerPayload, dryRun bool) ([]fleet.SoftwarePackageResponse, error) {
+func (svc *Service) BatchSetSoftwareInstallers(ctx context.Context, tmName string, payloads []fleet.SoftwareInstallerPayload, dryRun bool) (string, error) {
// skipauth: No authorization check needed due to implementation returning
// only license error.
svc.authz.SkipAuthorization(ctx)
- return nil, fleet.ErrMissingLicense
+ return "", fleet.ErrMissingLicense
+}
+
+type batchSetSoftwareInstallersResultRequest struct {
+ RequestUUID string `url:"request_uuid"`
+ TeamName string `query:"team_name,optional"`
+ DryRun bool `query:"dry_run,optional"` // if true, apply validation but do not save changes
+}
+
+type batchSetSoftwareInstallersResultResponse struct {
+ Status string `json:"status"`
+ Message string `json:"message"`
+ Packages []fleet.SoftwarePackageResponse `json:"packages"`
+
+ Err error `json:"error,omitempty"`
+}
+
+func (r batchSetSoftwareInstallersResultResponse) error() error { return r.Err }
+
+func batchSetSoftwareInstallersResultEndpoint(ctx context.Context, request interface{}, svc fleet.Service) (errorer, error) {
+ req := request.(*batchSetSoftwareInstallersResultRequest)
+ status, message, packages, err := svc.GetBatchSetSoftwareInstallersResult(ctx, req.TeamName, req.RequestUUID, req.DryRun)
+ if err != nil {
+ return batchSetSoftwareInstallersResultResponse{Err: err}, nil
+ }
+ return batchSetSoftwareInstallersResultResponse{
+ Status: status,
+ Message: message,
+ Packages: packages,
+ }, nil
+}
+
+func (svc *Service) GetBatchSetSoftwareInstallersResult(ctx context.Context, tmName string, requestUUID string, dryRun bool) (string, string, []fleet.SoftwarePackageResponse, error) {
+ // skipauth: No authorization check needed due to implementation returning
+ // only license error.
+ svc.authz.SkipAuthorization(ctx)
+
+ return "", "", nil, fleet.ErrMissingLicense
}
//////////////////////////////////////////////////////////////////////////////
diff --git a/server/service/testing_utils.go b/server/service/testing_utils.go
index 674f6c4441a7..7e5937c56c1e 100644
--- a/server/service/testing_utils.go
+++ b/server/service/testing_utils.go
@@ -34,6 +34,7 @@ import (
"github.com/fleetdm/fleet/v4/server/ptr"
"github.com/fleetdm/fleet/v4/server/service/async"
"github.com/fleetdm/fleet/v4/server/service/mock"
+ "github.com/fleetdm/fleet/v4/server/service/redis_key_value"
"github.com/fleetdm/fleet/v4/server/service/redis_lock"
"github.com/fleetdm/fleet/v4/server/sso"
"github.com/fleetdm/fleet/v4/server/test"
@@ -72,6 +73,7 @@ func newTestServiceWithConfig(t *testing.T, ds fleet.Datastore, fleetConfig conf
softwareInstallStore fleet.SoftwareInstallerStore
bootstrapPackageStore fleet.MDMBootstrapPackageStore
distributedLock fleet.Lock
+ keyValueStore fleet.KeyValueStore
)
if len(opts) > 0 {
if opts[0].Clock != nil {
@@ -79,6 +81,10 @@ func newTestServiceWithConfig(t *testing.T, ds fleet.Datastore, fleetConfig conf
}
}
+ if len(opts) > 0 && opts[0].KeyValueStore != nil {
+ keyValueStore = opts[0].KeyValueStore
+ }
+
task := async.NewTask(ds, nil, c, config.OsqueryConfig{})
if len(opts) > 0 {
if opts[0].Task != nil {
@@ -99,6 +105,7 @@ func newTestServiceWithConfig(t *testing.T, ds fleet.Datastore, fleetConfig conf
ssoStore = sso.NewSessionStore(opts[0].Pool)
profMatcher = apple_mdm.NewProfileMatcher(opts[0].Pool)
distributedLock = redis_lock.NewLock(opts[0].Pool)
+ keyValueStore = redis_key_value.New(opts[0].Pool)
}
if opts[0].ProfileMatcher != nil {
profMatcher = opts[0].ProfileMatcher
@@ -203,6 +210,7 @@ func newTestServiceWithConfig(t *testing.T, ds fleet.Datastore, fleetConfig conf
softwareInstallStore,
bootstrapPackageStore,
distributedLock,
+ keyValueStore,
)
if err != nil {
panic(err)
@@ -317,6 +325,7 @@ type TestServerOpts struct {
NoCacheDatastore bool
SoftwareInstallStore fleet.SoftwareInstallerStore
BootstrapPackageStore fleet.MDMBootstrapPackageStore
+ KeyValueStore fleet.KeyValueStore
}
func RunServerForTestsWithDS(t *testing.T, ds fleet.Datastore, opts ...*TestServerOpts) (map[string]fleet.User, *httptest.Server) {
diff --git a/server/vulnerabilities/nvd/cve_test.go b/server/vulnerabilities/nvd/cve_test.go
index 691f3e321a7d..f9f8b12562ab 100644
--- a/server/vulnerabilities/nvd/cve_test.go
+++ b/server/vulnerabilities/nvd/cve_test.go
@@ -343,7 +343,7 @@ func TestTranslateCPEToCVE(t *testing.T) {
},
"cpe:2.3:a:python:python:3.9.6:*:*:*:*:windows:*:*": {
includedCVEs: []cve{
- {ID: "CVE-2024-4030", resolvedInVersion: "3.12.4"},
+ {ID: "CVE-2024-4030", resolvedInVersion: "3.9.20"},
},
continuesToUpdate: true,
},
diff --git a/terraform/addons/vuln-processing/variables.tf b/terraform/addons/vuln-processing/variables.tf
index feb850667dcc..8d296903fdc4 100644
--- a/terraform/addons/vuln-processing/variables.tf
+++ b/terraform/addons/vuln-processing/variables.tf
@@ -24,7 +24,7 @@ variable "fleet_config" {
vuln_processing_cpu = optional(number, 2048)
vuln_data_stream_mem = optional(number, 1024)
vuln_data_stream_cpu = optional(number, 512)
- image = optional(string, "fleetdm/fleet:v4.56.0")
+ image = optional(string, "fleetdm/fleet:v4.57.0")
family = optional(string, "fleet-vuln-processing")
sidecars = optional(list(any), [])
extra_environment_variables = optional(map(string), {})
@@ -82,7 +82,7 @@ variable "fleet_config" {
vuln_processing_cpu = 2048
vuln_data_stream_mem = 1024
vuln_data_stream_cpu = 512
- image = "fleetdm/fleet:v4.56.0"
+ image = "fleetdm/fleet:v4.57.0"
family = "fleet-vuln-processing"
sidecars = []
extra_environment_variables = {}
diff --git a/terraform/byo-vpc/byo-db/byo-ecs/variables.tf b/terraform/byo-vpc/byo-db/byo-ecs/variables.tf
index 0270c8fb5219..27565cb90fa8 100644
--- a/terraform/byo-vpc/byo-db/byo-ecs/variables.tf
+++ b/terraform/byo-vpc/byo-db/byo-ecs/variables.tf
@@ -16,7 +16,7 @@ variable "fleet_config" {
mem = optional(number, 4096)
cpu = optional(number, 512)
pid_mode = optional(string, null)
- image = optional(string, "fleetdm/fleet:v4.56.0")
+ image = optional(string, "fleetdm/fleet:v4.57.0")
family = optional(string, "fleet")
sidecars = optional(list(any), [])
depends_on = optional(list(any), [])
@@ -119,7 +119,7 @@ variable "fleet_config" {
mem = 512
cpu = 256
pid_mode = null
- image = "fleetdm/fleet:v4.56.0"
+ image = "fleetdm/fleet:v4.57.0"
family = "fleet"
sidecars = []
depends_on = []
diff --git a/terraform/byo-vpc/byo-db/variables.tf b/terraform/byo-vpc/byo-db/variables.tf
index 0044e48e5c8c..041ff9d0f861 100644
--- a/terraform/byo-vpc/byo-db/variables.tf
+++ b/terraform/byo-vpc/byo-db/variables.tf
@@ -77,7 +77,7 @@ variable "fleet_config" {
mem = optional(number, 4096)
cpu = optional(number, 512)
pid_mode = optional(string, null)
- image = optional(string, "fleetdm/fleet:v4.56.0")
+ image = optional(string, "fleetdm/fleet:v4.57.0")
family = optional(string, "fleet")
sidecars = optional(list(any), [])
depends_on = optional(list(any), [])
@@ -205,7 +205,7 @@ variable "fleet_config" {
mem = 512
cpu = 256
pid_mode = null
- image = "fleetdm/fleet:v4.56.0"
+ image = "fleetdm/fleet:v4.57.0"
family = "fleet"
sidecars = []
depends_on = []
diff --git a/terraform/byo-vpc/example/main.tf b/terraform/byo-vpc/example/main.tf
index 887b907b303a..3176d07def1f 100644
--- a/terraform/byo-vpc/example/main.tf
+++ b/terraform/byo-vpc/example/main.tf
@@ -17,7 +17,7 @@ provider "aws" {
}
locals {
- fleet_image = "fleetdm/fleet:v4.56.0"
+ fleet_image = "fleetdm/fleet:v4.57.0"
domain_name = "example.com"
}
diff --git a/terraform/byo-vpc/variables.tf b/terraform/byo-vpc/variables.tf
index cba22bf845ca..ce2a81f88c41 100644
--- a/terraform/byo-vpc/variables.tf
+++ b/terraform/byo-vpc/variables.tf
@@ -170,7 +170,7 @@ variable "fleet_config" {
mem = optional(number, 4096)
cpu = optional(number, 512)
pid_mode = optional(string, null)
- image = optional(string, "fleetdm/fleet:v4.56.0")
+ image = optional(string, "fleetdm/fleet:v4.57.0")
family = optional(string, "fleet")
sidecars = optional(list(any), [])
depends_on = optional(list(any), [])
@@ -298,7 +298,7 @@ variable "fleet_config" {
mem = 512
cpu = 256
pid_mode = null
- image = "fleetdm/fleet:v4.56.0"
+ image = "fleetdm/fleet:v4.57.0"
family = "fleet"
sidecars = []
depends_on = []
diff --git a/terraform/example/main.tf b/terraform/example/main.tf
index 33b6f5221ea3..2b2112517925 100644
--- a/terraform/example/main.tf
+++ b/terraform/example/main.tf
@@ -63,8 +63,8 @@ module "fleet" {
fleet_config = {
# To avoid pull-rate limiting from dockerhub, consider using our quay.io mirror
- # for the Fleet image. e.g. "quay.io/fleetdm/fleet:v4.56.0"
- image = "fleetdm/fleet:v4.56.0" # override default to deploy the image you desire
+ # for the Fleet image. e.g. "quay.io/fleetdm/fleet:v4.57.0"
+ image = "fleetdm/fleet:v4.57.0" # override default to deploy the image you desire
# See https://fleetdm.com/docs/deploy/reference-architectures#aws for appropriate scaling
# memory and cpu.
autoscaling = {
diff --git a/terraform/variables.tf b/terraform/variables.tf
index 5933307f11f5..7dc798cf63d8 100644
--- a/terraform/variables.tf
+++ b/terraform/variables.tf
@@ -218,7 +218,7 @@ variable "fleet_config" {
mem = optional(number, 4096)
cpu = optional(number, 512)
pid_mode = optional(string, null)
- image = optional(string, "fleetdm/fleet:v4.56.0")
+ image = optional(string, "fleetdm/fleet:v4.57.0")
family = optional(string, "fleet")
sidecars = optional(list(any), [])
depends_on = optional(list(any), [])
@@ -346,7 +346,7 @@ variable "fleet_config" {
mem = 512
cpu = 256
pid_mode = null
- image = "fleetdm/fleet:v4.56.0"
+ image = "fleetdm/fleet:v4.57.0"
family = "fleet"
sidecars = []
depends_on = []
diff --git a/tools/fleetctl-npm/package.json b/tools/fleetctl-npm/package.json
index 0db37e98d5d1..96a4dcd08170 100644
--- a/tools/fleetctl-npm/package.json
+++ b/tools/fleetctl-npm/package.json
@@ -1,6 +1,6 @@
{
"name": "fleetctl",
- "version": "v4.56.0",
+ "version": "v4.57.0",
"description": "Installer for the fleetctl CLI tool",
"bin": {
"fleetctl": "./run.js"
diff --git a/website/.sailsrc b/website/.sailsrc
index 391fdf869cce..0cd59c071452 100644
--- a/website/.sailsrc
+++ b/website/.sailsrc
@@ -7,5 +7,17400 @@
"_generatedWith": {
"sails": "1.2.5",
"sails-generate": "2.0.0"
+ },
+ "builtStaticContent": {
+ "queries": [
+ {
+ "name": "Get OpenSSL versions",
+ "platform": "linux",
+ "description": "Retrieves the OpenSSL version.",
+ "query": "SELECT name AS name, version AS version, 'deb_packages' AS source FROM deb_packages WHERE name LIKE 'openssl%' UNION SELECT name AS name, version AS version, 'apt_sources' AS source FROM apt_sources WHERE name LIKE 'openssl%' UNION SELECT name AS name, version AS version, 'rpm_packages' AS source FROM rpm_packages WHERE name LIKE 'openssl%';",
+ "purpose": "Informational",
+ "tags": [
+ "inventory"
+ ],
+ "contributors": [
+ {
+ "name": "zwass",
+ "handle": "zwass",
+ "avatarUrl": "https://placekitten.com/200/200",
+ "htmlUrl": "https://github.com/zwass"
+ }
+ ],
+ "kind": "query",
+ "slug": "get-open-ssl-versions",
+ "resolution": "N/A",
+ "requiresMdm": false
+ },
+ {
+ "name": "Get authorized SSH keys",
+ "platform": "darwin, linux",
+ "description": "Presence of authorized SSH keys may be unusual on laptops. Could be completely normal on servers, but may be worth auditing for unusual keys and/or changes.",
+ "query": "SELECT username, authorized_keys. * FROM users CROSS JOIN authorized_keys USING (uid);",
+ "purpose": "Informational",
+ "remediation": "Check out the linked table (https://github.com/fleetdm/fleet/blob/32b4d53e7f1428ce43b0f9fa52838cbe7b413eed/handbook/queries/detect-hosts-with-high-severity-vulnerable-versions-of-openssl.md#table-of-vulnerable-openssl-versions) to determine if the installed version is a high severity vulnerability and view the corresponding CVE(s)",
+ "tags": [
+ "built-in",
+ "ssh"
+ ],
+ "contributors": [
+ {
+ "name": "mike-j-thomas",
+ "handle": "mike-j-thomas",
+ "avatarUrl": "https://placekitten.com/200/200",
+ "htmlUrl": "https://github.com/mike-j-thomas"
+ }
+ ],
+ "kind": "query",
+ "slug": "get-authorized-ssh-keys",
+ "resolution": "N/A",
+ "requiresMdm": false
+ },
+ {
+ "name": "Get authorized keys for Domain Joined Accounts",
+ "platform": "darwin, linux",
+ "description": "List authorized_keys for each user on the system.",
+ "query": "SELECT * FROM users CROSS JOIN authorized_keys USING(uid) WHERE username IN (SELECT distinct(username) FROM last);",
+ "purpose": "Informational",
+ "tags": [
+ "active directory",
+ "ssh"
+ ],
+ "contributors": [
+ {
+ "name": "anelshaer",
+ "handle": "anelshaer",
+ "avatarUrl": "https://placekitten.com/200/200",
+ "htmlUrl": "https://github.com/anelshaer"
+ }
+ ],
+ "kind": "query",
+ "slug": "get-authorized-keys-for-domain-joined-accounts",
+ "resolution": "N/A",
+ "requiresMdm": false
+ },
+ {
+ "name": "Get crashes",
+ "platform": "darwin",
+ "description": "Retrieve application, system, and mobile app crash logs.",
+ "query": "SELECT uid, datetime, responsible, exception_type, identifier, version, crash_path FROM users CROSS JOIN crashes USING (uid);",
+ "purpose": "Informational",
+ "tags": [
+ "troubleshooting"
+ ],
+ "contributors": [
+ {
+ "name": "zwass",
+ "handle": "zwass",
+ "avatarUrl": "https://placekitten.com/200/200",
+ "htmlUrl": "https://github.com/zwass"
+ }
+ ],
+ "kind": "query",
+ "slug": "get-crashes",
+ "resolution": "N/A",
+ "requiresMdm": false
+ },
+ {
+ "name": "Get installed Chrome Extensions",
+ "platform": "darwin, linux, windows",
+ "description": "List installed Chrome Extensions for all users.",
+ "query": "SELECT * FROM users CROSS JOIN chrome_extensions USING (uid);",
+ "purpose": "Informational",
+ "tags": [
+ "browser",
+ "built-in",
+ "inventory"
+ ],
+ "contributors": [
+ {
+ "name": "zwass",
+ "handle": "zwass",
+ "avatarUrl": "https://placekitten.com/200/200",
+ "htmlUrl": "https://github.com/zwass"
+ }
+ ],
+ "kind": "query",
+ "slug": "get-installed-chrome-extensions",
+ "resolution": "N/A",
+ "requiresMdm": false
+ },
+ {
+ "name": "Get installed Linux software",
+ "platform": "linux",
+ "description": "Get all software installed on a Linux computer, including browser plugins and installed packages. Note that this does not include other running processes in the processes table.",
+ "query": "SELECT name AS name, version AS version, 'Package (APT)' AS type, 'apt_sources' AS source FROM apt_sources UNION SELECT name AS name, version AS version, 'Package (deb)' AS type, 'deb_packages' AS source FROM deb_packages UNION SELECT package AS name, version AS version, 'Package (Portage)' AS type, 'portage_packages' AS source FROM portage_packages UNION SELECT name AS name, version AS version, 'Package (RPM)' AS type, 'rpm_packages' AS source FROM rpm_packages UNION SELECT name AS name, '' AS version, 'Package (YUM)' AS type, 'yum_sources' AS source FROM yum_sources UNION SELECT name AS name, version AS version, 'Package (NPM)' AS type, 'npm_packages' AS source FROM npm_packages UNION SELECT name AS name, version AS version, 'Package (Python)' AS type, 'python_packages' AS source FROM python_packages;",
+ "purpose": "Informational",
+ "tags": [
+ "inventory",
+ "built-in"
+ ],
+ "contributors": [
+ {
+ "name": "zwass",
+ "handle": "zwass",
+ "avatarUrl": "https://placekitten.com/200/200",
+ "htmlUrl": "https://github.com/zwass"
+ }
+ ],
+ "kind": "query",
+ "slug": "get-installed-linux-software",
+ "resolution": "N/A",
+ "requiresMdm": false
+ },
+ {
+ "name": "Get installed macOS software",
+ "platform": "darwin",
+ "description": "Get all software installed on a macOS computer, including apps, browser plugins, and installed packages. Note that this does not include other running processes in the processes table.",
+ "query": "SELECT name AS name, bundle_short_version AS version, 'Application (macOS)' AS type, 'apps' AS source FROM apps UNION SELECT name AS name, version AS version, 'Package (Python)' AS type, 'python_packages' AS source FROM python_packages UNION SELECT name AS name, version AS version, 'Browser plugin (Chrome)' AS type, 'chrome_extensions' AS source FROM chrome_extensions UNION SELECT name AS name, version AS version, 'Browser plugin (Firefox)' AS type, 'firefox_addons' AS source FROM firefox_addons UNION SELECT name As name, version AS version, 'Browser plugin (Safari)' AS type, 'safari_extensions' AS source FROM safari_extensions UNION SELECT name AS name, version AS version, 'Package (Homebrew)' AS type, 'homebrew_packages' AS source FROM homebrew_packages;",
+ "purpose": "Informational",
+ "tags": [
+ "inventory",
+ "built-in"
+ ],
+ "contributors": [
+ {
+ "name": "zwass",
+ "handle": "zwass",
+ "avatarUrl": "https://placekitten.com/200/200",
+ "htmlUrl": "https://github.com/zwass"
+ }
+ ],
+ "kind": "query",
+ "slug": "get-installed-mac-os-software",
+ "resolution": "N/A",
+ "requiresMdm": false
+ },
+ {
+ "name": "Get installed Safari extensions",
+ "platform": "darwin",
+ "description": "Retrieves the list of installed Safari Extensions for all users in the target system.",
+ "query": "SELECT safari_extensions.* FROM users join safari_extensions USING (uid);",
+ "purpose": "Informational",
+ "tags": [
+ "browser",
+ "built-in",
+ "inventory"
+ ],
+ "contributors": [
+ {
+ "name": "zwass",
+ "handle": "zwass",
+ "avatarUrl": "https://placekitten.com/200/200",
+ "htmlUrl": "https://github.com/zwass"
+ }
+ ],
+ "kind": "query",
+ "slug": "get-installed-safari-extensions",
+ "resolution": "N/A",
+ "requiresMdm": false
+ },
+ {
+ "name": "Get installed Windows software",
+ "platform": "windows",
+ "description": "Get all software installed on a Windows computer, including programs, browser plugins, and installed packages. Note that this does not include other running processes in the processes table.",
+ "query": "SELECT name AS name, version AS version, 'Program (Windows)' AS type, 'programs' AS source FROM programs UNION SELECT name AS name, version AS version, 'Package (Python)' AS type, 'python_packages' AS source FROM python_packages UNION SELECT name AS name, version AS version, 'Browser plugin (IE)' AS type, 'ie_extensions' AS source FROM ie_extensions UNION SELECT name AS name, version AS version, 'Browser plugin (Chrome)' AS type, 'chrome_extensions' AS source FROM chrome_extensions UNION SELECT name AS name, version AS version, 'Browser plugin (Firefox)' AS type, 'firefox_addons' AS source FROM firefox_addons UNION SELECT name AS name, version AS version, 'Package (Chocolatey)' AS type, 'chocolatey_packages' AS source FROM chocolatey_packages;",
+ "purpose": "Informational",
+ "tags": [
+ "inventory",
+ "built-in"
+ ],
+ "contributors": [
+ {
+ "name": "zwass",
+ "handle": "zwass",
+ "avatarUrl": "https://placekitten.com/200/200",
+ "htmlUrl": "https://github.com/zwass"
+ }
+ ],
+ "kind": "query",
+ "slug": "get-installed-windows-software",
+ "resolution": "N/A",
+ "requiresMdm": false
+ },
+ {
+ "name": "Get laptops with failing batteries",
+ "platform": "darwin",
+ "description": "Lists all laptops with under-performing or failing batteries.",
+ "query": "SELECT * FROM battery WHERE health != 'Good' AND condition NOT IN ('', 'Normal');",
+ "purpose": "Informational",
+ "tags": [
+ "troubleshooting",
+ "hardware",
+ "inventory"
+ ],
+ "contributors": [
+ {
+ "name": "zwass",
+ "handle": "zwass",
+ "avatarUrl": "https://placekitten.com/200/200",
+ "htmlUrl": "https://github.com/zwass"
+ }
+ ],
+ "kind": "query",
+ "slug": "get-laptops-with-failing-batteries",
+ "resolution": "N/A",
+ "requiresMdm": false
+ },
+ {
+ "name": "Get current users with active shell/console on the system",
+ "platform": "darwin, linux, windows",
+ "description": "Get current users with active shell/console on the system and associated process",
+ "query": "SELECT user,host,time, p.name, p.cmdline, p.cwd, p.root FROM logged_in_users liu, processes p WHERE liu.pid = p.pid and liu.type='user' and liu.user <> '' ORDER BY time;",
+ "purpose": "Informational",
+ "tags": [
+ "hunting",
+ "built-in"
+ ],
+ "contributors": [
+ {
+ "name": "anelshaer",
+ "handle": "anelshaer",
+ "avatarUrl": "https://placekitten.com/200/200",
+ "htmlUrl": "https://github.com/anelshaer"
+ }
+ ],
+ "kind": "query",
+ "slug": "get-current-users-with-active-shell-console-on-the-system",
+ "resolution": "N/A",
+ "requiresMdm": false
+ },
+ {
+ "name": "Get unencrypted SSH keys for local accounts",
+ "platform": "darwin, linux, windows",
+ "description": "Identify SSH keys created without a passphrase which can be used in Lateral Movement (MITRE. TA0008)",
+ "query": "SELECT uid, username, description, path, encrypted FROM users CROSS JOIN user_ssh_keys using (uid) WHERE encrypted=0;",
+ "purpose": "Informational",
+ "tags": [
+ "inventory",
+ "compliance",
+ "ssh",
+ "built-in"
+ ],
+ "remediation": "First, make the user aware about the impact of SSH keys. Then rotate the unencrypted keys detected.",
+ "contributors": [
+ {
+ "name": "anelshaer",
+ "handle": "anelshaer",
+ "avatarUrl": "https://placekitten.com/200/200",
+ "htmlUrl": "https://github.com/anelshaer"
+ }
+ ],
+ "kind": "query",
+ "slug": "get-unencrypted-ssh-keys-for-local-accounts",
+ "resolution": "N/A",
+ "requiresMdm": false
+ },
+ {
+ "name": "Get unencrypted SSH keys for domain-joined accounts",
+ "platform": "darwin, linux, windows",
+ "description": "Identify SSH keys created without a passphrase which can be used in Lateral Movement (MITRE. TA0008)",
+ "query": "SELECT uid, username, description, path, encrypted FROM users CROSS JOIN user_ssh_keys using (uid) WHERE encrypted=0 and username in (SELECT distinct(username) FROM last);",
+ "purpose": "Informational",
+ "tags": [
+ "inventory",
+ "compliance",
+ "ssh",
+ "active directory"
+ ],
+ "remediation": "First, make the user aware about the impact of SSH keys. Then rotate the unencrypted keys detected.",
+ "contributors": [
+ {
+ "name": "anelshaer",
+ "handle": "anelshaer",
+ "avatarUrl": "https://placekitten.com/200/200",
+ "htmlUrl": "https://github.com/anelshaer"
+ }
+ ],
+ "kind": "query",
+ "slug": "get-unencrypted-ssh-keys-for-domain-joined-accounts",
+ "resolution": "N/A",
+ "requiresMdm": false
+ },
+ {
+ "name": "Get dynamic linker hijacking on Linux (MITRE. T1574.006)",
+ "platform": "linux",
+ "description": "Detect any processes that run with LD_PRELOAD environment variable",
+ "query": "SELECT env.pid, env.key, env.value, p.name,p.path, p.cmdline, p.cwd FROM process_envs env join processes p USING (pid) WHERE key='LD_PRELOAD';",
+ "purpose": "Informational",
+ "tags": [
+ "hunting",
+ "attack",
+ "t1574"
+ ],
+ "remediation": "Identify the process/binary detected and confirm with the system's owner.",
+ "contributors": [
+ {
+ "name": "anelshaer",
+ "handle": "anelshaer",
+ "avatarUrl": "https://placekitten.com/200/200",
+ "htmlUrl": "https://github.com/anelshaer"
+ }
+ ],
+ "kind": "query",
+ "slug": "get-dynamic-linker-hijacking-on-linux-mitre-t-1574-006",
+ "resolution": "N/A",
+ "requiresMdm": false
+ },
+ {
+ "name": "Get dynamic linker hijacking on macOS (MITRE. T1574.006)",
+ "platform": "darwin",
+ "description": "Detect any processes that run with DYLD_INSERT_LIBRARIES environment variable",
+ "query": "SELECT env.pid, env.key, env.value, p.name,p.path, p.cmdline, p.cwd FROM process_envs env join processes p USING (pid) WHERE key='DYLD_INSERT_LIBRARIES';",
+ "purpose": "Informational",
+ "tags": [
+ "hunting",
+ "attack",
+ "t1574"
+ ],
+ "remediation": "Identify the process/binary detected and confirm with the system's owner.",
+ "contributors": [
+ {
+ "name": "anelshaer",
+ "handle": "anelshaer",
+ "avatarUrl": "https://placekitten.com/200/200",
+ "htmlUrl": "https://github.com/anelshaer"
+ }
+ ],
+ "kind": "query",
+ "slug": "get-dynamic-linker-hijacking-on-mac-os-mitre-t-1574-006",
+ "resolution": "N/A",
+ "requiresMdm": false
+ },
+ {
+ "name": "Get etc hosts entries",
+ "platform": "darwin, linux",
+ "description": "Line-parsed /etc/hosts",
+ "query": "SELECT * FROM etc_hosts WHERE address not in ('127.0.0.1', '::1');",
+ "purpose": "informational",
+ "tags": [
+ "hunting",
+ "inventory"
+ ],
+ "contributors": [
+ {
+ "name": "anelshaer",
+ "handle": "anelshaer",
+ "avatarUrl": "https://placekitten.com/200/200",
+ "htmlUrl": "https://github.com/anelshaer"
+ }
+ ],
+ "kind": "query",
+ "slug": "get-etc-hosts-entries",
+ "resolution": "N/A",
+ "requiresMdm": false
+ },
+ {
+ "name": "Get network interfaces",
+ "platform": "darwin, linux, windows",
+ "description": "Network interfaces MAC address",
+ "query": "SELECT a.interface, a.address, d.mac FROM interface_addresses a JOIN interface_details d USING (interface) WHERE address not in ('127.0.0.1', '::1');",
+ "purpose": "informational",
+ "tags": [
+ "hunting",
+ "inventory"
+ ],
+ "contributors": [
+ {
+ "name": "anelshaer",
+ "handle": "anelshaer",
+ "avatarUrl": "https://placekitten.com/200/200",
+ "htmlUrl": "https://github.com/anelshaer"
+ }
+ ],
+ "kind": "query",
+ "slug": "get-network-interfaces",
+ "resolution": "N/A",
+ "requiresMdm": false
+ },
+ {
+ "name": "Get local user accounts",
+ "platform": "darwin, linux, windows",
+ "description": "Local user accounts (including domain accounts that have logged on locally (Windows)).",
+ "query": "SELECT uid, gid, username, description, directory, shell FROM users;",
+ "purpose": "informational",
+ "tags": [
+ "hunting",
+ "inventory"
+ ],
+ "contributors": [
+ {
+ "name": "anelshaer",
+ "handle": "anelshaer",
+ "avatarUrl": "https://placekitten.com/200/200",
+ "htmlUrl": "https://github.com/anelshaer"
+ }
+ ],
+ "kind": "query",
+ "slug": "get-local-user-accounts",
+ "resolution": "N/A",
+ "requiresMdm": false
+ },
+ {
+ "name": "Get active user accounts on servers",
+ "platform": "linux",
+ "description": "Domain Joined environments normally have root or other service only accounts and users are SSH-ing using their Domain Accounts.",
+ "query": "SELECT * FROM shadow WHERE password_status='active' and username!='root';",
+ "purpose": "informational",
+ "tags": [
+ "hunting",
+ "inventory",
+ "active directory"
+ ],
+ "contributors": [
+ {
+ "name": "anelshaer",
+ "handle": "anelshaer",
+ "avatarUrl": "https://placekitten.com/200/200",
+ "htmlUrl": "https://github.com/anelshaer"
+ }
+ ],
+ "kind": "query",
+ "slug": "get-active-user-accounts-on-servers",
+ "resolution": "N/A",
+ "requiresMdm": false
+ },
+ {
+ "name": "Get Nmap scanner",
+ "platform": "darwin, linux, windows",
+ "description": "Get Nmap scanner process, as well as its user, parent, and process details.",
+ "query": "SELECT p.pid, name, p.path, cmdline, cwd, start_time, parent, (SELECT name FROM processes WHERE pid=p.parent) AS parent_name, (SELECT username FROM users WHERE uid=p.uid) AS username FROM processes as p WHERE cmdline like 'nmap%';",
+ "purpose": "Informational",
+ "tags": [
+ "hunting",
+ "attack",
+ "t1046"
+ ],
+ "contributors": [
+ {
+ "name": "anelshaer",
+ "handle": "anelshaer",
+ "avatarUrl": "https://placekitten.com/200/200",
+ "htmlUrl": "https://github.com/anelshaer"
+ }
+ ],
+ "kind": "query",
+ "slug": "get-nmap-scanner",
+ "resolution": "N/A",
+ "requiresMdm": false
+ },
+ {
+ "name": "Get Docker contained processes on a system",
+ "platform": "darwin, linux",
+ "description": "Docker containers Processes, can be used on normal systems or a kubenode.",
+ "query": "SELECT c.id, c.name, c.image, c.image_id, c.command, c.created, c.state, c.status, p.cmdline FROM docker_containers c CROSS JOIN docker_container_processes p using(id);",
+ "purpose": "Informational",
+ "tags": [
+ "built-in",
+ "containers",
+ "inventory"
+ ],
+ "contributors": [
+ {
+ "name": "anelshaer",
+ "handle": "anelshaer",
+ "avatarUrl": "https://placekitten.com/200/200",
+ "htmlUrl": "https://github.com/anelshaer"
+ }
+ ],
+ "kind": "query",
+ "slug": "get-docker-contained-processes-on-a-system",
+ "resolution": "N/A",
+ "requiresMdm": false
+ },
+ {
+ "name": "Get Windows print spooler remote code execution vulnerability",
+ "platform": "windows",
+ "description": "Detects devices that are potentially vulnerable to CVE-2021-1675 because the print spooler service is not disabled.",
+ "query": "SELECT CASE cnt WHEN 2 THEN \"TRUE\" ELSE \"FALSE\" END \"Vulnerable\" FROM (SELECT name start_type, COUNT(name) AS cnt FROM services WHERE name = 'NTDS' or (name = 'Spooler' and start_type <> 'DISABLED')) WHERE cnt = 2;",
+ "purpose": "Informational",
+ "tags": [
+ "vulnerability"
+ ],
+ "contributors": [
+ {
+ "name": "maravedi",
+ "handle": "maravedi",
+ "avatarUrl": "https://placekitten.com/200/200",
+ "htmlUrl": "https://github.com/maravedi"
+ }
+ ],
+ "kind": "query",
+ "slug": "get-windows-print-spooler-remote-code-execution-vulnerability",
+ "resolution": "N/A",
+ "requiresMdm": false
+ },
+ {
+ "name": "Get local users and their privileges",
+ "platform": "darwin, linux, windows",
+ "description": "Collects the local user accounts and their respective user group.",
+ "query": "SELECT uid, username, type, groupname FROM users u JOIN groups g ON g.gid = u.gid;",
+ "purpose": "informational",
+ "tags": [
+ "inventory"
+ ],
+ "contributors": [
+ {
+ "name": "noahtalerman",
+ "handle": "noahtalerman",
+ "avatarUrl": "https://placekitten.com/200/200",
+ "htmlUrl": "https://github.com/noahtalerman"
+ }
+ ],
+ "kind": "query",
+ "slug": "get-local-users-and-their-privileges",
+ "resolution": "N/A",
+ "requiresMdm": false
+ },
+ {
+ "name": "Get processes that no longer exist on disk",
+ "platform": "linux, darwin, windows",
+ "description": "Lists all processes of which the binary which launched them no longer exists on disk. Attackers often delete files from disk after launching a process to mask presence.",
+ "query": "SELECT name, path, pid FROM processes WHERE on_disk = 0;",
+ "purpose": "Incident response",
+ "tags": [
+ "hunting",
+ "built-in"
+ ],
+ "contributors": [
+ {
+ "name": "alphabrevity",
+ "handle": "alphabrevity",
+ "avatarUrl": "https://placekitten.com/200/200",
+ "htmlUrl": "https://github.com/alphabrevity"
+ }
+ ],
+ "kind": "query",
+ "slug": "get-processes-that-no-longer-exist-on-disk",
+ "resolution": "N/A",
+ "requiresMdm": false
+ },
+ {
+ "name": "Get user files matching a specific hash",
+ "platform": "darwin, linux",
+ "description": "Looks for specific hash in the Users/ directories for files that are less than 50MB (osquery file size limitation.)",
+ "query": "SELECT path, sha256 FROM hash WHERE path IN (SELECT path FROM file WHERE size < 50000000 AND path LIKE '/Users/%/Documents/%%') AND sha256 = '16d28cd1d78b823c4f961a6da78d67a8975d66cde68581798778ed1f98a56d75';",
+ "purpose": "Informational",
+ "tags": [
+ "hunting",
+ "built-in"
+ ],
+ "contributors": [
+ {
+ "name": "alphabrevity",
+ "handle": "alphabrevity",
+ "avatarUrl": "https://placekitten.com/200/200",
+ "htmlUrl": "https://github.com/alphabrevity"
+ }
+ ],
+ "kind": "query",
+ "slug": "get-user-files-matching-a-specific-hash",
+ "resolution": "N/A",
+ "requiresMdm": false
+ },
+ {
+ "name": "Get local administrator accounts on macOS",
+ "platform": "darwin",
+ "description": "The query allows you to check macOS systems for local administrator accounts.",
+ "query": "SELECT uid, username, type FROM users u JOIN groups g ON g.gid = u.gid;",
+ "purpose": "Informational",
+ "tags": [
+ "hunting",
+ "inventory"
+ ],
+ "contributors": [
+ {
+ "name": "alphabrevity",
+ "handle": "alphabrevity",
+ "avatarUrl": "https://placekitten.com/200/200",
+ "htmlUrl": "https://github.com/alphabrevity"
+ }
+ ],
+ "kind": "query",
+ "slug": "get-local-administrator-accounts-on-mac-os",
+ "resolution": "N/A",
+ "requiresMdm": false
+ },
+ {
+ "name": "Get all listening ports, by process",
+ "platform": "linux, darwin, windows",
+ "description": "List ports that are listening on all interfaces, along with the process to which they are attached.",
+ "query": "SELECT lp.address, lp.pid, lp.port, lp.protocol, p.name, p.path, p.cmdline FROM listening_ports lp JOIN processes p ON lp.pid = p.pid WHERE lp.address = \"0.0.0.0\";",
+ "purpose": "Informational",
+ "tags": [
+ "hunting",
+ "network"
+ ],
+ "contributors": [
+ {
+ "name": "alphabrevity",
+ "handle": "alphabrevity",
+ "avatarUrl": "https://placekitten.com/200/200",
+ "htmlUrl": "https://github.com/alphabrevity"
+ }
+ ],
+ "kind": "query",
+ "slug": "get-all-listening-ports-by-process",
+ "resolution": "N/A",
+ "requiresMdm": false
+ },
+ {
+ "name": "Get whether TeamViewer is installed/running",
+ "platform": "windows",
+ "description": "Looks for the TeamViewer service running on machines. This is often used when attackers gain access to a machine, running TeamViewer to allow them to access a machine.",
+ "query": "SELECT display_name,status,s.pid,p.path FROM services AS s JOIN processes AS p USING(pid) WHERE s.name LIKE \"%teamviewer%\";",
+ "purpose": "Informational",
+ "tags": [
+ "hunting",
+ "inventory"
+ ],
+ "contributors": [
+ {
+ "name": "alphabrevity",
+ "handle": "alphabrevity",
+ "avatarUrl": "https://placekitten.com/200/200",
+ "htmlUrl": "https://github.com/alphabrevity"
+ }
+ ],
+ "kind": "query",
+ "slug": "get-whether-team-viewer-is-installed-running",
+ "resolution": "N/A",
+ "requiresMdm": false
+ },
+ {
+ "name": "Get malicious Python backdoors",
+ "platform": "darwin, linux, windows",
+ "description": "Watches for the backdoored Python packages installed on the system. See (http://www.nbu.gov.sk/skcsirt-sa-20170909-pypi/index.html)",
+ "query": "SELECT CASE cnt WHEN 0 THEN \"NONE_INSTALLED\" ELSE \"INSTALLED\" END AS \"Malicious Python Packages\", package_name, package_version FROM (SELECT COUNT(name) AS cnt, name AS package_name, version AS package_version, path AS package_path FROM python_packages WHERE package_name IN ('acquisition', 'apidev-coop', 'bzip', 'crypt', 'django-server', 'pwd', 'setup-tools', 'telnet', 'urlib3', 'urllib'));",
+ "purpose": "Informational",
+ "tags": [
+ "hunting",
+ "inventory",
+ "malware"
+ ],
+ "contributors": [
+ {
+ "name": "alphabrevity",
+ "handle": "alphabrevity",
+ "avatarUrl": "https://placekitten.com/200/200",
+ "htmlUrl": "https://github.com/alphabrevity"
+ }
+ ],
+ "kind": "query",
+ "slug": "get-malicious-python-backdoors",
+ "resolution": "N/A",
+ "requiresMdm": false
+ },
+ {
+ "name": "Check for artifacts of the Floxif trojan",
+ "platform": "windows",
+ "description": "Checks for artifacts from the Floxif trojan on Windows machines.",
+ "query": "SELECT * FROM registry WHERE path LIKE 'HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Piriform\\\\Agomo%';",
+ "purpose": "Informational",
+ "tags": [
+ "hunting",
+ "malware"
+ ],
+ "contributors": [
+ {
+ "name": "micheal-o",
+ "handle": "micheal-o",
+ "avatarUrl": "https://placekitten.com/200/200",
+ "htmlUrl": "https://github.com/micheal-o"
+ }
+ ],
+ "kind": "query",
+ "slug": "check-for-artifacts-of-the-floxif-trojan",
+ "resolution": "N/A",
+ "requiresMdm": false
+ },
+ {
+ "name": "Get Shimcache table",
+ "platform": "windows",
+ "description": "Returns forensic data showing evidence of likely file execution, in addition to the last modified timestamp of the file, order of execution, full file path order of execution, and the order in which files were executed.",
+ "query": "select * from Shimcache",
+ "purpose": "Informational",
+ "tags": [
+ "hunting"
+ ],
+ "contributors": [
+ {
+ "name": "puffyCid",
+ "handle": "puffyCid",
+ "avatarUrl": "https://placekitten.com/200/200",
+ "htmlUrl": "https://github.com/puffyCid"
+ }
+ ],
+ "kind": "query",
+ "slug": "get-shimcache-table",
+ "resolution": "N/A",
+ "requiresMdm": false
+ },
+ {
+ "name": "Get running docker containers",
+ "platform": "darwin, linux",
+ "description": "Returns the running Docker containers",
+ "query": "SELECT id, name, image, image_id, state, status FROM docker_containers WHERE state = \"running\";",
+ "purpose": "Informational",
+ "tags": [
+ "containers",
+ "inventory"
+ ],
+ "contributors": [
+ {
+ "name": "DominusKelvin",
+ "handle": "DominusKelvin",
+ "avatarUrl": "https://placekitten.com/200/200",
+ "htmlUrl": "https://github.com/DominusKelvin"
+ }
+ ],
+ "kind": "query",
+ "slug": "get-running-docker-containers",
+ "resolution": "N/A",
+ "requiresMdm": false
+ },
+ {
+ "name": "Get applications hogging memory",
+ "platform": "darwin, linux, windows",
+ "description": "Returns top 10 applications or processes hogging memory the most.",
+ "query": "SELECT pid, name, ROUND((total_size * '10e-7'), 2) AS memory_used FROM processes ORDER BY total_size DESC LIMIT 10;",
+ "purpose": "Informational",
+ "tags": [
+ "troubleshooting"
+ ],
+ "contributors": [
+ {
+ "name": "DominusKelvin",
+ "handle": "DominusKelvin",
+ "avatarUrl": "https://placekitten.com/200/200",
+ "htmlUrl": "https://github.com/DominusKelvin"
+ }
+ ],
+ "kind": "query",
+ "slug": "get-applications-hogging-memory",
+ "resolution": "N/A",
+ "requiresMdm": false
+ },
+ {
+ "name": "Get servers with root login in the last 24 hours",
+ "platform": "darwin, linux, windows",
+ "description": "Returns servers with root login in the last 24 hours and the time the users were logged in.",
+ "query": "SELECT * FROM last WHERE username = \"root\" AND time > (( SELECT unix_time FROM time ) - 86400 );",
+ "purpose": "Informational",
+ "tags": [
+ "hunting"
+ ],
+ "contributors": [
+ {
+ "name": "DominusKelvin",
+ "handle": "DominusKelvin",
+ "avatarUrl": "https://placekitten.com/200/200",
+ "htmlUrl": "https://github.com/DominusKelvin"
+ }
+ ],
+ "kind": "query",
+ "slug": "get-servers-with-root-login-in-the-last-24-hours",
+ "resolution": "N/A",
+ "requiresMdm": false
+ },
+ {
+ "name": "Detect active processes with Log4j running",
+ "platform": "darwin, linux",
+ "description": "Returns a list of active processes and the Jar paths which are using Log4j. Version numbers are usually within the Jar filename. Note: This query is resource intensive and has caused problems on systems with limited swap space. Test on some systems before running this widely.",
+ "query": "WITH target_jars AS (\n SELECT DISTINCT path\n FROM (\n WITH split(word, str) AS(\n SELECT '', cmdline || ' '\n FROM processes\n UNION ALL\n SELECT substr(str, 0, instr(str, ' ')), substr(str, instr(str, ' ') + 1)\n FROM split\n WHERE str != '')\n SELECT word AS path\n FROM split\n WHERE word LIKE '%.jar'\n UNION ALL\n SELECT path\n FROM process_open_files\n WHERE path LIKE '%.jar'\n )\n)\nSELECT path, matches\nFROM yara\nWHERE path IN (SELECT path FROM target_jars)\n AND count > 0\n AND sigrule IN (\n 'rule log4jJndiLookup {\n strings:\n $jndilookup = \"JndiLookup\"\n condition:\n $jndilookup\n }',\n 'rule log4jJavaClass {\n strings:\n $javaclass = \"org/apache/logging/log4j\"\n condition:\n $javaclass\n }'\n );\n",
+ "purpose": "Detection",
+ "tags": [
+ "vulnerability"
+ ],
+ "contributors": [
+ {
+ "name": "zwass",
+ "handle": "zwass",
+ "avatarUrl": "https://placekitten.com/200/200",
+ "htmlUrl": "https://github.com/zwass"
+ },
+ {
+ "name": "tgauda",
+ "handle": "tgauda",
+ "avatarUrl": "https://placekitten.com/200/200",
+ "htmlUrl": "https://github.com/tgauda"
+ }
+ ],
+ "kind": "query",
+ "slug": "detect-active-processes-with-log-4-j-running",
+ "resolution": "N/A",
+ "requiresMdm": false
+ },
+ {
+ "name": "Get applications that were opened within the last 24 hours",
+ "platform": "darwin",
+ "description": "Returns applications that were opened within the last 24 hours starting with the last opened application.",
+ "query": "SELECT * FROM apps WHERE last_opened_time > (( SELECT unix_time FROM time ) - 86400 ) ORDER BY last_opened_time DESC;",
+ "purpose": "Informational",
+ "tags": [
+ "inventory"
+ ],
+ "contributors": [
+ {
+ "name": "DominusKelvin",
+ "handle": "DominusKelvin",
+ "avatarUrl": "https://placekitten.com/200/200",
+ "htmlUrl": "https://github.com/DominusKelvin"
+ }
+ ],
+ "kind": "query",
+ "slug": "get-applications-that-were-opened-within-the-last-24-hours",
+ "resolution": "N/A",
+ "requiresMdm": false
+ },
+ {
+ "name": "Get applications that are not in the Applications directory",
+ "platform": "darwin",
+ "description": "Returns applications that are not in the `/Applications` directory",
+ "query": "SELECT * FROM apps WHERE path NOT LIKE '/Applications/%';",
+ "purpose": "Informational",
+ "tags": [
+ "hunting",
+ "inventory"
+ ],
+ "contributors": [
+ {
+ "name": "DominusKelvin",
+ "handle": "DominusKelvin",
+ "avatarUrl": "https://placekitten.com/200/200",
+ "htmlUrl": "https://github.com/DominusKelvin"
+ }
+ ],
+ "kind": "query",
+ "slug": "get-applications-that-are-not-in-the-applications-directory",
+ "resolution": "N/A",
+ "requiresMdm": false
+ },
+ {
+ "name": "Get subscription-based applications that have not been opened for the last 30 days",
+ "platform": "darwin",
+ "description": "Returns applications that are subscription-based and have not been opened for the last 30 days. You can replace the list of applications with those specific to your use case.",
+ "query": "SELECT * FROM apps WHERE path LIKE '/Applications/%' AND name IN (\"Photoshop.app\", \"Adobe XD.app\", \"Sketch.app\", \"Illustrator.app\") AND last_opened_time < (( SELECT unix_time FROM time ) - 2592000000000 );",
+ "purpose": "Informational",
+ "tags": [
+ "inventory"
+ ],
+ "contributors": [
+ {
+ "name": "DominusKelvin",
+ "handle": "DominusKelvin",
+ "avatarUrl": "https://placekitten.com/200/200",
+ "htmlUrl": "https://github.com/DominusKelvin"
+ }
+ ],
+ "kind": "query",
+ "slug": "get-subscription-based-applications-that-have-not-been-opened-for-the-last-30-days",
+ "resolution": "N/A",
+ "requiresMdm": false
+ },
+ {
+ "name": "Get operating system information",
+ "platform": "darwin, windows, linux",
+ "description": "Returns the operating system name and version on the device.",
+ "query": "SELECT name, version FROM os_version;",
+ "purpose": "Informational",
+ "tags": [
+ "inventory",
+ "built-in"
+ ],
+ "contributors": [
+ {
+ "name": "noahtalerman",
+ "handle": "noahtalerman",
+ "avatarUrl": "https://placekitten.com/200/200",
+ "htmlUrl": "https://github.com/noahtalerman"
+ }
+ ],
+ "kind": "query",
+ "slug": "get-operating-system-information",
+ "resolution": "N/A",
+ "requiresMdm": false
+ },
+ {
+ "name": "Gatekeeper enabled (macOS)",
+ "query": "SELECT 1 FROM gatekeeper WHERE assessments_enabled = 1;",
+ "description": "Checks to make sure that the Gatekeeper feature is enabled on macOS devices. Gatekeeper tries to ensure only trusted software is run on a mac machine.",
+ "resolution": "To enable Gatekeeper, on the failing device, run the following command in the Terminal app: /usr/sbin/spctl --master-enable.",
+ "tags": [
+ "compliance",
+ "hardening",
+ "built-in",
+ "cis",
+ "cis2.5.2.1"
+ ],
+ "platform": "darwin",
+ "contributors": [
+ {
+ "name": "groob",
+ "handle": "groob",
+ "avatarUrl": "https://placekitten.com/200/200",
+ "htmlUrl": "https://github.com/groob"
+ }
+ ],
+ "kind": "policy",
+ "slug": "gatekeeper-enabled-mac-os",
+ "requiresMdm": false,
+ "critical": true
+ },
+ {
+ "name": "Full disk encryption enabled (Windows)",
+ "query": "SELECT 1 FROM bitlocker_info WHERE drive_letter='C:' AND protection_status=1;",
+ "description": "Checks to make sure that full disk encryption is enabled on Windows devices.",
+ "resolution": "To get additional information, run the following osquery query on the failing device: SELECT * FROM bitlocker_info. In the query results, if protection_status is 2, then the status cannot be determined. If it is 0, it is considered unprotected. Use the additional results (percent_encrypted, conversion_status, etc.) to help narrow down the specific reason why Windows considers the volume unprotected.",
+ "platform": "windows",
+ "tags": [
+ "compliance",
+ "hardening",
+ "built-in"
+ ],
+ "contributors": [
+ {
+ "name": "defensivedepth",
+ "handle": "defensivedepth",
+ "avatarUrl": "https://placekitten.com/200/200",
+ "htmlUrl": "https://github.com/defensivedepth"
+ }
+ ],
+ "kind": "policy",
+ "slug": "full-disk-encryption-enabled-windows",
+ "requiresMdm": false,
+ "critical": true
+ },
+ {
+ "name": "Full disk encryption enabled (macOS)",
+ "query": "SELECT 1 FROM disk_encryption WHERE user_uuid IS NOT \"\" AND filevault_status = 'on' LIMIT 1;",
+ "description": "Checks to make sure that full disk encryption (FileVault) is enabled on macOS devices.",
+ "resolution": "To enable full disk encryption, on the failing device, select System Preferences > Security & Privacy > FileVault > Turn On FileVault.",
+ "tags": [
+ "compliance",
+ "hardening",
+ "built-in",
+ "cis",
+ "cis2.5.1.1"
+ ],
+ "platform": "darwin",
+ "contributors": [
+ {
+ "name": "groob",
+ "handle": "groob",
+ "avatarUrl": "https://placekitten.com/200/200",
+ "htmlUrl": "https://github.com/groob"
+ }
+ ],
+ "kind": "policy",
+ "slug": "full-disk-encryption-enabled-mac-os",
+ "requiresMdm": false,
+ "critical": true
+ },
+ {
+ "name": "Full disk encryption enabled (Linux)",
+ "query": "SELECT 1 FROM disk_encryption WHERE encrypted=1 AND name LIKE '/dev/dm-1';",
+ "description": "Checks if the root drive is encrypted. There are many ways to encrypt Linux systems. This is the default on distributions such as Ubuntu.",
+ "resolution": "Ensure the image deployed to your Linux workstation includes full disk encryption.",
+ "platform": "linux",
+ "tags": [
+ "compliance",
+ "hardening",
+ "built-in"
+ ],
+ "contributors": [
+ {
+ "name": "GuillaumeRoss",
+ "handle": "GuillaumeRoss",
+ "avatarUrl": "https://placekitten.com/200/200",
+ "htmlUrl": "https://github.com/GuillaumeRoss"
+ }
+ ],
+ "kind": "policy",
+ "slug": "full-disk-encryption-enabled-linux",
+ "requiresMdm": false,
+ "critical": true
+ },
+ {
+ "name": "System Integrity Protection enabled (macOS)",
+ "query": "SELECT 1 FROM sip_config WHERE config_flag = 'sip' AND enabled = 1;",
+ "description": "Checks to make sure that the System Integrity Protection feature is enabled.",
+ "resolution": "To enable System Integrity Protection, on the failing device, run the following command in the Terminal app: /usr/sbin/spctl --master-enable.",
+ "tags": [
+ "compliance",
+ "malware",
+ "hardening",
+ "built-in",
+ "cis",
+ "cis5.1.2"
+ ],
+ "platform": "darwin",
+ "contributors": [
+ {
+ "name": "groob",
+ "handle": "groob",
+ "avatarUrl": "https://placekitten.com/200/200",
+ "htmlUrl": "https://github.com/groob"
+ }
+ ],
+ "kind": "policy",
+ "slug": "system-integrity-protection-enabled-mac-os",
+ "requiresMdm": false
+ },
+ {
+ "name": "Automatic login disabled (macOS)",
+ "query": "SELECT 1 FROM managed_policies WHERE domain = 'com.apple.loginwindow' AND name = 'com.apple.login.mcx.DisableAutoLoginClient' AND value = 1 LIMIT 1;",
+ "description": "Checks that a mobile device management (MDM) solution configures the Mac to prevent login in without a password.",
+ "resolution": "Contact your IT administrator to ensure your Mac is receiving a profile that disables automatic login.",
+ "tags": [
+ "compliance",
+ "hardening",
+ "built-in"
+ ],
+ "platform": "darwin",
+ "contributors": [
+ {
+ "name": "groob",
+ "handle": "groob",
+ "avatarUrl": "https://placekitten.com/200/200",
+ "htmlUrl": "https://github.com/groob"
+ }
+ ],
+ "kind": "policy",
+ "slug": "automatic-login-disabled-mac-os",
+ "requiresMdm": true,
+ "critical": true
+ },
+ {
+ "name": "Secure keyboard entry for Terminal application enabled (macOS)",
+ "query": "SELECT 1 FROM managed_policies WHERE domain = 'com.apple.Terminal' AND name = 'SecureKeyboardEntry' AND value = 1 LIMIT 1;",
+ "description": "Checks that a mobile device management (MDM) solution configures the Mac to enabled secure keyboard entry for the Terminal application.",
+ "resolution": "Contact your IT administrator to ensure your Mac is receiving a profile that enables secure keyboard entry for the Terminal application.",
+ "tags": [
+ "compliance",
+ "hardening",
+ "built-in"
+ ],
+ "platform": "darwin",
+ "contributors": [
+ {
+ "name": "groob",
+ "handle": "groob",
+ "avatarUrl": "https://placekitten.com/200/200",
+ "htmlUrl": "https://github.com/groob"
+ }
+ ],
+ "kind": "policy",
+ "slug": "secure-keyboard-entry-for-terminal-application-enabled-mac-os",
+ "requiresMdm": true
+ },
+ {
+ "name": "Get built-in antivirus status on macOS",
+ "platform": "darwin",
+ "query": "SELECT path, value AS version FROM plist WHERE (key = 'CFBundleShortVersionString' AND path = '/Library/Apple/System/Library/CoreServices/MRT.app/Contents/Info.plist') OR (key = 'CFBundleShortVersionString' AND path = '/Library/Apple/System/Library/CoreServices/XProtect.bundle/Contents/Info.plist');",
+ "description": "Reads the version numbers from the Malware Removal Tool (MRT) and built-in antivirus (XProtect) plists",
+ "purpose": "Informational",
+ "tags": [
+ "compliance",
+ "malware",
+ "hardening",
+ "built-in"
+ ],
+ "contributors": [
+ {
+ "name": "GuillaumeRoss",
+ "handle": "GuillaumeRoss",
+ "avatarUrl": "https://placekitten.com/200/200",
+ "htmlUrl": "https://github.com/GuillaumeRoss"
+ }
+ ],
+ "kind": "query",
+ "slug": "get-built-in-antivirus-status-on-mac-os",
+ "resolution": "N/A",
+ "requiresMdm": false
+ },
+ {
+ "name": "Get antivirus status from the Windows Security Center",
+ "platform": "windows",
+ "query": "SELECT antivirus, signatures_up_to_date from windows_security_center CROSS JOIN windows_security_products WHERE type = 'Antivirus';",
+ "description": "Selects the antivirus and signatures status from Windows Security Center.",
+ "purpose": "Informational",
+ "tags": [
+ "compliance",
+ "malware",
+ "hardening",
+ "built-in"
+ ],
+ "contributors": [
+ {
+ "name": "GuillaumeRoss",
+ "handle": "GuillaumeRoss",
+ "avatarUrl": "https://placekitten.com/200/200",
+ "htmlUrl": "https://github.com/GuillaumeRoss"
+ }
+ ],
+ "kind": "query",
+ "slug": "get-antivirus-status-from-the-windows-security-center",
+ "resolution": "N/A",
+ "requiresMdm": false
+ },
+ {
+ "name": "Get antivirus (ClamAV/clamd) and updater (freshclam) process status",
+ "platform": "linux",
+ "query": "SELECT pid, state, cmdline, name FROM processes WHERE name='clamd' OR name='freshclam';",
+ "description": "Selects the clamd and freshclam processes to ensure AV and its updater are running",
+ "purpose": "Informational",
+ "tags": [
+ "compliance",
+ "malware",
+ "hardening",
+ "built-in"
+ ],
+ "contributors": [
+ {
+ "name": "GuillaumeRoss",
+ "handle": "GuillaumeRoss",
+ "avatarUrl": "https://placekitten.com/200/200",
+ "htmlUrl": "https://github.com/GuillaumeRoss"
+ }
+ ],
+ "kind": "query",
+ "slug": "get-antivirus-clam-av-clamd-and-updater-freshclam-process-status",
+ "resolution": "N/A",
+ "requiresMdm": false
+ },
+ {
+ "name": "Antivirus healthy (macOS)",
+ "query": "SELECT score FROM (SELECT case when COUNT(*) = 2 then 1 ELSE 0 END AS score FROM plist WHERE (key = 'CFBundleShortVersionString' AND path = '/Library/Apple/System/Library/CoreServices/XProtect.bundle/Contents/Info.plist' AND value>=2162) OR (key = 'CFBundleShortVersionString' AND path = '/Library/Apple/System/Library/CoreServices/MRT.app/Contents/Info.plist' and value>=1.93)) WHERE score == 1;",
+ "description": "Checks the version of Malware Removal Tool (MRT) and the built-in macOS AV (Xprotect). Replace version numbers with the latest version regularly.",
+ "resolution": "To enable automatic security definition updates, on the failing device, select System Preferences > Software Update > Advanced > Turn on Install system data files and security updates.",
+ "tags": [
+ "compliance",
+ "malware",
+ "hardening",
+ "built-in",
+ "template"
+ ],
+ "platform": "darwin",
+ "contributors": [
+ {
+ "name": "GuillaumeRoss",
+ "handle": "GuillaumeRoss",
+ "avatarUrl": "https://placekitten.com/200/200",
+ "htmlUrl": "https://github.com/GuillaumeRoss"
+ }
+ ],
+ "kind": "policy",
+ "slug": "antivirus-healthy-mac-os",
+ "requiresMdm": false
+ },
+ {
+ "name": "Antivirus healthy (Windows)",
+ "query": "SELECT 1 from windows_security_center wsc CROSS JOIN windows_security_products wsp WHERE antivirus = 'Good' AND type = 'Antivirus' AND signatures_up_to_date=1;",
+ "description": "Checks the status of antivirus and signature updates from the Windows Security Center.",
+ "resolution": "Ensure Windows Defender or your third-party antivirus is running, up to date, and visible in the Windows Security Center.",
+ "tags": [
+ "compliance",
+ "malware",
+ "hardening",
+ "built-in"
+ ],
+ "platform": "windows",
+ "contributors": [
+ {
+ "name": "GuillaumeRoss",
+ "handle": "GuillaumeRoss",
+ "avatarUrl": "https://placekitten.com/200/200",
+ "htmlUrl": "https://github.com/GuillaumeRoss"
+ }
+ ],
+ "kind": "policy",
+ "slug": "antivirus-healthy-windows",
+ "requiresMdm": false
+ },
+ {
+ "name": "Antivirus healthy (Linux)",
+ "query": "SELECT score FROM (SELECT case when COUNT(*) = 2 then 1 ELSE 0 END AS score FROM processes WHERE (name = 'clamd') OR (name = 'freshclam')) WHERE score == 1;",
+ "description": "Checks that both ClamAV's daemon and its updater service (freshclam) are running.",
+ "resolution": "Ensure ClamAV and Freshclam are installed and running.",
+ "tags": [
+ "compliance",
+ "malware",
+ "hardening",
+ "built-in"
+ ],
+ "platform": "linux",
+ "contributors": [
+ {
+ "name": "GuillaumeRoss",
+ "handle": "GuillaumeRoss",
+ "avatarUrl": "https://placekitten.com/200/200",
+ "htmlUrl": "https://github.com/GuillaumeRoss"
+ }
+ ],
+ "kind": "policy",
+ "slug": "antivirus-healthy-linux",
+ "requiresMdm": false
+ },
+ {
+ "name": "MDM enrolled (macOS)",
+ "query": "SELECT 1 from mdm WHERE enrolled='true';",
+ "description": "Required: osquery deployed with Orbit, or manual installation of macadmins/osquery-extension. Checks that a mac is enrolled to MDM. Add a AND on identity_certificate_uuid to check for a specific MDM.",
+ "resolution": "Enroll device to MDM",
+ "tags": [
+ "compliance",
+ "hardening",
+ "built-in"
+ ],
+ "platform": "darwin",
+ "contributors": [
+ {
+ "name": "GuillaumeRoss",
+ "handle": "GuillaumeRoss",
+ "avatarUrl": "https://placekitten.com/200/200",
+ "htmlUrl": "https://github.com/GuillaumeRoss"
+ }
+ ],
+ "kind": "policy",
+ "slug": "mdm-enrolled-mac-os",
+ "requiresMdm": false,
+ "critical": true
+ },
+ {
+ "name": "Docker application is up to date or not present (macOS)",
+ "query": "SELECT 1 WHERE EXISTS (SELECT 1 FROM apps a1 WHERE a1.bundle_identifier = 'com.electron.dockerdesktop' AND a1.bundle_short_version>='4.6.1') OR NOT EXISTS (SELECT 1 FROM apps a2 WHERE a2.bundle_identifier = 'com.electron.dockerdesktop');",
+ "description": "Checks if the application (Docker Desktop example) is installed and up to date, or not installed. Fails if the application is installed and on a lower version. You can copy this query and replace the bundle_identifier and bundle_version values to apply the same type of policy to other applications.",
+ "resolution": "Update Docker or remove it if not used.",
+ "tags": [
+ "inventory",
+ "vulnerability",
+ "built-in"
+ ],
+ "platform": "darwin",
+ "contributors": [
+ {
+ "name": "GuillaumeRoss",
+ "handle": "GuillaumeRoss",
+ "avatarUrl": "https://placekitten.com/200/200",
+ "htmlUrl": "https://github.com/GuillaumeRoss"
+ }
+ ],
+ "kind": "policy",
+ "slug": "docker-application-is-up-to-date-or-not-present-mac-os",
+ "requiresMdm": false
+ },
+ {
+ "name": "SSH keys encrypted",
+ "query": "SELECT 1 WHERE NOT EXISTS (SELECT 1 FROM users CROSS JOIN user_ssh_keys USING (uid) WHERE encrypted='0');",
+ "description": "Required: osquery must have Full Disk Access. Policy passes if all keys are encrypted, including if no keys are present.",
+ "resolution": "Use this command to encrypt existing SSH keys by providing the path to the file: ssh-keygen -o -p -f /path/to/file",
+ "tags": [
+ "compliance",
+ "ssh",
+ "built-in"
+ ],
+ "contributors": [
+ {
+ "name": "GuillaumeRoss",
+ "handle": "GuillaumeRoss",
+ "avatarUrl": "https://placekitten.com/200/200",
+ "htmlUrl": "https://github.com/GuillaumeRoss"
+ }
+ ],
+ "platform": "darwin,linux,windows",
+ "kind": "policy",
+ "slug": "ssh-keys-encrypted",
+ "requiresMdm": false
+ },
+ {
+ "name": "Suspicious autostart (Windows)",
+ "query": "SELECT 1 WHERE NOT EXISTS (SELECT 1 FROM startup_items WHERE path = \"regsvr32\" AND args LIKE \"%http%\");",
+ "description": "Checks for an autostart that is attempting to load a dynamic link library (DLL) from the internet.",
+ "resolution": "Remove the suspicious startup entry.",
+ "tags": [
+ "malware",
+ "hunting"
+ ],
+ "platform": "windows",
+ "contributors": [
+ {
+ "name": "kswagler-rh",
+ "handle": "kswagler-rh",
+ "avatarUrl": "https://placekitten.com/200/200",
+ "htmlUrl": "https://github.com/kswagler-rh"
+ }
+ ],
+ "kind": "policy",
+ "slug": "suspicious-autostart-windows",
+ "requiresMdm": false
+ },
+ {
+ "name": "Firewall enabled (macOS)",
+ "query": "SELECT 1 FROM alf WHERE global_state >= 1;",
+ "description": "Checks if the firewall is enabled.",
+ "resolution": "In System Preferences, open Security & Privacy, navigate to the Firewall tab and click Turn On Firewall.",
+ "tags": [
+ "hardening",
+ "compliance",
+ "built-in",
+ "cis",
+ "cis2.5.2.2"
+ ],
+ "platform": "darwin",
+ "contributors": [
+ {
+ "name": "GuillaumeRoss",
+ "handle": "GuillaumeRoss",
+ "avatarUrl": "https://placekitten.com/200/200",
+ "htmlUrl": "https://github.com/GuillaumeRoss"
+ }
+ ],
+ "kind": "policy",
+ "slug": "firewall-enabled-mac-os",
+ "requiresMdm": false
+ },
+ {
+ "name": "Screen lock enabled (macOS)",
+ "query": "SELECT 1 FROM managed_policies WHERE name='askForPassword' AND value='1';",
+ "description": "Checks that a mobile device management (MDM) solution configures the Mac to enable screen lock.",
+ "resolution": "Contact your IT administrator to ensure your Mac is receiving a profile that enables screen lock.",
+ "tags": [
+ "compliance",
+ "hardening",
+ "built-in"
+ ],
+ "platform": "darwin",
+ "contributors": [
+ {
+ "name": "GuillaumeRoss",
+ "handle": "GuillaumeRoss",
+ "avatarUrl": "https://placekitten.com/200/200",
+ "htmlUrl": "https://github.com/GuillaumeRoss"
+ }
+ ],
+ "kind": "policy",
+ "slug": "screen-lock-enabled-mac-os",
+ "requiresMdm": true
+ },
+ {
+ "name": "Screen lock enabled (Windows)",
+ "query": "SELECT 1 FROM registry WHERE path = 'HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\InactivityTimeoutSecs' AND CAST(data as INTEGER) <= 1800;",
+ "description": "Checks if the screen lock is enabled and configured to lock the system within 30 minutes or less.",
+ "resolution": "Contact your IT administrator to enable the Interactive Logon: Machine inactivity limit setting with a value of 1800 seconds or lower.",
+ "tags": [
+ "compliance",
+ "hardening",
+ "built-in"
+ ],
+ "platform": "windows",
+ "contributors": [
+ {
+ "name": "GuillaumeRoss",
+ "handle": "GuillaumeRoss",
+ "avatarUrl": "https://placekitten.com/200/200",
+ "htmlUrl": "https://github.com/GuillaumeRoss"
+ }
+ ],
+ "kind": "policy",
+ "slug": "screen-lock-enabled-windows",
+ "requiresMdm": false
+ },
+ {
+ "name": "Password requires 10 or more characters (macOS)",
+ "query": "SELECT 1 FROM (SELECT cast(lengthtxt as integer(2)) minlength FROM (SELECT SUBSTRING(length, 1, 2) AS lengthtxt FROM (SELECT policy_description, policy_identifier, split(policy_content, '{', 1) AS length FROM password_policy WHERE policy_identifier LIKE '%minLength')) WHERE minlength >= 10);",
+ "description": "Checks that the password policy requires at least 10 characters. Requires osquery 5.4.0 or newer.",
+ "resolution": "Contact your IT administrator to make sure your Mac is receiving configuration profiles for password length.",
+ "platform": "darwin",
+ "tags": [
+ "compliance",
+ "hardening",
+ "built-in",
+ "cis",
+ "cis5.2.2"
+ ],
+ "contributors": [
+ {
+ "name": "GuillaumeRoss",
+ "handle": "GuillaumeRoss",
+ "avatarUrl": "https://placekitten.com/200/200",
+ "htmlUrl": "https://github.com/GuillaumeRoss"
+ }
+ ],
+ "kind": "policy",
+ "slug": "password-requires-10-or-more-characters-mac-os",
+ "requiresMdm": false
+ },
+ {
+ "name": "Operating system up to date (macOS)",
+ "query": "SELECT 1 FROM os_version WHERE version >= '14.1.1';",
+ "description": "Checks that the operating system is up to date.",
+ "resolution": "From the Apple menu () in the corner of your screen choose System Preferences. Then select Software Update and select Upgrade Now. You might be asked to restart or enter your password.",
+ "tags": [
+ "compliance",
+ "cis",
+ "template",
+ "cis1.1"
+ ],
+ "platform": "darwin",
+ "contributors": [
+ {
+ "name": "GuillaumeRoss",
+ "handle": "GuillaumeRoss",
+ "avatarUrl": "https://placekitten.com/200/200",
+ "htmlUrl": "https://github.com/GuillaumeRoss"
+ }
+ ],
+ "kind": "policy",
+ "slug": "operating-system-up-to-date-mac-os",
+ "requiresMdm": false,
+ "critical": true
+ },
+ {
+ "name": "Automatic updates enabled (macOS)",
+ "query": "SELECT 1 FROM managed_policies WHERE domain='com.apple.SoftwareUpdate' AND name='AutomaticCheckEnabled' AND value=1 LIMIT 1;",
+ "description": "Checks that a mobile device management (MDM) solution configures the Mac to automatically check for updates.",
+ "resolution": "Contact your IT administrator to ensure your Mac is receiving a profile that enables automatic updates.",
+ "tags": [
+ "compliance",
+ "cis",
+ "cis1.2"
+ ],
+ "platform": "darwin",
+ "contributors": [
+ {
+ "name": "GuillaumeRoss",
+ "handle": "GuillaumeRoss",
+ "avatarUrl": "https://placekitten.com/200/200",
+ "htmlUrl": "https://github.com/GuillaumeRoss"
+ }
+ ],
+ "kind": "policy",
+ "slug": "automatic-updates-enabled-mac-os",
+ "requiresMdm": true
+ },
+ {
+ "name": "Automatic update downloads enabled (macOS)",
+ "query": "SELECT 1 FROM managed_policies WHERE domain='com.apple.SoftwareUpdate' AND name='AutomaticDownload' AND value=1 LIMIT 1;",
+ "description": "Checks that a mobile device management (MDM) solution configures the Mac to automatically download updates.",
+ "resolution": "Contact your IT administrator to ensure your Mac is receiving a profile that enables automatic update downloads.",
+ "tags": [
+ "compliance",
+ "cis",
+ "cis1.3"
+ ],
+ "platform": "darwin",
+ "contributors": [
+ {
+ "name": "GuillaumeRoss",
+ "handle": "GuillaumeRoss",
+ "avatarUrl": "https://placekitten.com/200/200",
+ "htmlUrl": "https://github.com/GuillaumeRoss"
+ }
+ ],
+ "kind": "policy",
+ "slug": "automatic-update-downloads-enabled-mac-os",
+ "requiresMdm": true
+ },
+ {
+ "name": "Automatic installation of application updates is enabled (macOS)",
+ "query": "SELECT 1 FROM managed_policies WHERE domain='com.apple.SoftwareUpdate' AND name='AutomaticallyInstallAppUpdates' AND value=1 LIMIT 1;",
+ "description": "Checks that a mobile device management (MDM) solution configures the Mac to automatically install updates to App Store applications.",
+ "resolution": "Contact your IT administrator to ensure your Mac is receiving a profile that enables automatic installation of application updates.",
+ "tags": [
+ "compliance",
+ "cis",
+ "cis1.4"
+ ],
+ "platform": "darwin",
+ "contributors": [
+ {
+ "name": "GuillaumeRoss",
+ "handle": "GuillaumeRoss",
+ "avatarUrl": "https://placekitten.com/200/200",
+ "htmlUrl": "https://github.com/GuillaumeRoss"
+ }
+ ],
+ "kind": "policy",
+ "slug": "automatic-installation-of-application-updates-is-enabled-mac-os",
+ "requiresMdm": true
+ },
+ {
+ "name": "Automatic security and data file updates is enabled (macOS)",
+ "query": "SELECT 1 FROM managed_policies WHERE domain='com.apple.SoftwareUpdate' AND name='CriticalUpdateInstall' AND value=1 LIMIT 1;",
+ "description": "Checks that a mobile device management (MDM) solution configures the Mac to automatically download updates to built-in macOS security tools such as malware removal tools.",
+ "resolution": "Contact your IT administrator to ensure your Mac is receiving a profile that enables automatic security and data update installation.",
+ "tags": [
+ "compliance",
+ "cis",
+ "cis1.5"
+ ],
+ "platform": "darwin",
+ "contributors": [
+ {
+ "name": "GuillaumeRoss",
+ "handle": "GuillaumeRoss",
+ "avatarUrl": "https://placekitten.com/200/200",
+ "htmlUrl": "https://github.com/GuillaumeRoss"
+ }
+ ],
+ "kind": "policy",
+ "slug": "automatic-security-and-data-file-updates-is-enabled-mac-os",
+ "requiresMdm": true
+ },
+ {
+ "name": "Automatic installation of operating system updates is enabled (macOS)",
+ "query": "SELECT 1 FROM managed_policies WHERE domain='com.apple.SoftwareUpdate' AND name='AutomaticallyInstallMacOSUpdates' AND value=1 LIMIT 1;",
+ "description": "Checks that a mobile device management (MDM) solution configures the Mac to automatically install operating system updates.",
+ "resolution": "Contact your IT administrator to ensure your Mac is receiving a profile that enables automatic installation of operating system updates.",
+ "tags": [
+ "compliance",
+ "cis",
+ "cis1.6"
+ ],
+ "platform": "darwin",
+ "contributors": [
+ {
+ "name": "GuillaumeRoss",
+ "handle": "GuillaumeRoss",
+ "avatarUrl": "https://placekitten.com/200/200",
+ "htmlUrl": "https://github.com/GuillaumeRoss"
+ }
+ ],
+ "kind": "policy",
+ "slug": "automatic-installation-of-operating-system-updates-is-enabled-mac-os",
+ "requiresMdm": true
+ },
+ {
+ "name": "Time and date are configured to be updated automatically (macOS)",
+ "query": "SELECT 1 FROM managed_policies WHERE domain='com.apple.applicationaccess' AND name='forceAutomaticDateAndTime' AND value=1 LIMIT 1;",
+ "description": "Checks that a mobile device management (MDM) solution configures the Mac to automatically update the time and date.",
+ "resolution": "Contact your IT administrator to ensure your Mac is receiving a profile that enables automatic time and date configuration.",
+ "tags": [
+ "compliance",
+ "cis",
+ "cis2.2.1"
+ ],
+ "platform": "darwin",
+ "contributors": [
+ {
+ "name": "GuillaumeRoss",
+ "handle": "GuillaumeRoss",
+ "avatarUrl": "https://placekitten.com/200/200",
+ "htmlUrl": "https://github.com/GuillaumeRoss"
+ }
+ ],
+ "kind": "policy",
+ "slug": "time-and-date-are-configured-to-be-updated-automatically-mac-os",
+ "requiresMdm": true
+ },
+ {
+ "name": "Lock screen after inactivity of 20 minutes or less (macOS)",
+ "query": "SELECT 1 WHERE EXISTS (SELECT CAST(value as integer(4)) valueint from managed_policies WHERE domain = 'com.apple.screensaver' AND name = 'askForPasswordDelay' AND valueint <= 60 LIMIT 1) AND EXISTS (SELECT CAST(value as integer(4)) valueint from managed_policies WHERE domain = 'com.apple.screensaver' AND name = 'idleTime' AND valueint <= 1140 LIMIT 1) AND EXISTS (SELECT 1 from managed_policies WHERE domain='com.apple.screensaver' AND name='askForPassword' AND value=1 LIMIT 1);",
+ "description": "Checks that a mobile device management (MDM) solution configures the Mac to lock the screen after 20 minutes or less.",
+ "resolution": "Contact your IT administrator to ensure your Mac is receiving a profile that enables the screen saver after inactivity of 20 minutes or less.",
+ "tags": [
+ "compliance",
+ "cis",
+ "cis2.3.1",
+ "cis5.8"
+ ],
+ "platform": "darwin",
+ "contributors": [
+ {
+ "name": "GuillaumeRoss",
+ "handle": "GuillaumeRoss",
+ "avatarUrl": "https://placekitten.com/200/200",
+ "htmlUrl": "https://github.com/GuillaumeRoss"
+ }
+ ],
+ "kind": "policy",
+ "slug": "lock-screen-after-inactivity-of-20-minutes-or-less-mac-os",
+ "requiresMdm": true
+ },
+ {
+ "name": "Internet sharing is blocked (macOS)",
+ "query": "SELECT 1 FROM managed_policies WHERE domain='com.apple.MCX' AND name='forceInternetSharingOff' AND value='1' LIMIT 1;",
+ "description": "Checks that a mobile device management (MDM) solution configures the Mac to prevent Internet sharing.",
+ "resolution": "Contact your IT administrator to ensure your Mac is receiving a profile that prevents Internet sharing.",
+ "tags": [
+ "compliance",
+ "cis",
+ "cis2.4.2"
+ ],
+ "platform": "darwin",
+ "contributors": [
+ {
+ "name": "GuillaumeRoss",
+ "handle": "GuillaumeRoss",
+ "avatarUrl": "https://placekitten.com/200/200",
+ "htmlUrl": "https://github.com/GuillaumeRoss"
+ }
+ ],
+ "kind": "policy",
+ "slug": "internet-sharing-is-blocked-mac-os",
+ "requiresMdm": true
+ },
+ {
+ "name": "Content caching is disabled (macOS)",
+ "query": "SELECT 1 FROM managed_policies WHERE domain='com.apple.applicationaccess' AND name='allowContentCaching' AND value='0' LIMIT 1;",
+ "description": "Checks that a mobile device management (MDM) solution configures the Mac to disable content caching.",
+ "resolution": "Contact your IT administrator to ensure your Mac is receiving a profile that disables content caching.",
+ "tags": [
+ "compliance",
+ "cis",
+ "cis2.4.10"
+ ],
+ "platform": "darwin",
+ "contributors": [
+ {
+ "name": "GuillaumeRoss",
+ "handle": "GuillaumeRoss",
+ "avatarUrl": "https://placekitten.com/200/200",
+ "htmlUrl": "https://github.com/GuillaumeRoss"
+ }
+ ],
+ "kind": "policy",
+ "slug": "content-caching-is-disabled-mac-os",
+ "requiresMdm": true
+ },
+ {
+ "name": "Ad tracking is limited (macOS)",
+ "query": "SELECT 1 FROM managed_policies WHERE domain='com.apple.AdLib' AND name='forceLimitAdTracking' AND value='1' LIMIT 1;",
+ "description": "Checks that a mobile device management (MDM) solution configures the Mac to limit advertisement tracking.",
+ "resolution": "Contact your IT administrator to ensure your Mac is receiving a profile that disables advertisement tracking.",
+ "tags": [
+ "compliance",
+ "cis",
+ "cis2.5.6"
+ ],
+ "platform": "darwin",
+ "contributors": [
+ {
+ "name": "GuillaumeRoss",
+ "handle": "GuillaumeRoss",
+ "avatarUrl": "https://placekitten.com/200/200",
+ "htmlUrl": "https://github.com/GuillaumeRoss"
+ }
+ ],
+ "kind": "policy",
+ "slug": "ad-tracking-is-limited-mac-os",
+ "requiresMdm": true
+ },
+ {
+ "name": "iCloud Desktop and Document sync is disabled (macOS)",
+ "query": "SELECT 1 FROM managed_policies WHERE domain='com.apple.icloud.managed' AND name='DisableCloudSync' AND value='1' LIMIT 1;",
+ "description": "Checks that a mobile device management (MDM) solution configures the Mac to prevent iCloud Desktop and Documents sync.",
+ "resolution": "Contact your IT administrator to ensure your Mac is receiving a profile to prevent iCloud Desktop and Documents sync.",
+ "tags": [
+ "compliance",
+ "cis",
+ "cis2.6.1.4"
+ ],
+ "platform": "darwin",
+ "contributors": [
+ {
+ "name": "GuillaumeRoss",
+ "handle": "GuillaumeRoss",
+ "avatarUrl": "https://placekitten.com/200/200",
+ "htmlUrl": "https://github.com/GuillaumeRoss"
+ }
+ ],
+ "kind": "policy",
+ "slug": "i-cloud-desktop-and-document-sync-is-disabled-mac-os",
+ "requiresMdm": true
+ },
+ {
+ "name": "Firewall logging is enabled (macOS)",
+ "query": "SELECT 1 FROM managed_policies WHERE domain='com.apple.security.firewall' AND name='EnableLogging' AND value='1' LIMIT 1;",
+ "description": "Checks that a mobile device management (MDM) solution configures the Mac to log firewall activity.",
+ "resolution": "Contact your IT administrator to ensure your Mac is receiving a profile that enables firewall logging.",
+ "tags": [
+ "compliance",
+ "cis",
+ "cis3.6"
+ ],
+ "platform": "darwin",
+ "contributors": [
+ {
+ "name": "GuillaumeRoss",
+ "handle": "GuillaumeRoss",
+ "avatarUrl": "https://placekitten.com/200/200",
+ "htmlUrl": "https://github.com/GuillaumeRoss"
+ }
+ ],
+ "kind": "policy",
+ "slug": "firewall-logging-is-enabled-mac-os",
+ "requiresMdm": true
+ },
+ {
+ "name": "Guest account disabled (macOS)",
+ "query": "SELECT 1 FROM managed_policies WHERE domain='com.apple.loginwindow' AND name='DisableGuestAccount' AND value='1' LIMIT 1;",
+ "description": "Checks that a mobile device management (MDM) solution configures the Mac to prevent the use of a guest account.",
+ "resolution": "Contact your IT administrator to ensure your Mac is receiving a profile that disables the guest account.",
+ "tags": [
+ "compliance",
+ "cis",
+ "cis6.1.3"
+ ],
+ "platform": "darwin",
+ "contributors": [
+ {
+ "name": "GuillaumeRoss",
+ "handle": "GuillaumeRoss",
+ "avatarUrl": "https://placekitten.com/200/200",
+ "htmlUrl": "https://github.com/GuillaumeRoss"
+ }
+ ],
+ "kind": "policy",
+ "slug": "guest-account-disabled-mac-os",
+ "requiresMdm": true
+ },
+ {
+ "name": "Guest access to shared folders is disabled (macOS)",
+ "query": "SELECT 1 FROM managed_policies WHERE domain='com.apple.AppleFileServer' AND name='guestAccess' AND value='0' LIMIT 1;",
+ "description": "Checks that a mobile device management (MDM) solution configures the Mac to prevent guest access to shared folders.",
+ "resolution": "Contact your IT administrator to ensure your Mac is receiving a profile that prevents guest access to shared folders.",
+ "tags": [
+ "compliance",
+ "cis",
+ "cis6.1.4"
+ ],
+ "platform": "darwin",
+ "contributors": [
+ {
+ "name": "GuillaumeRoss",
+ "handle": "GuillaumeRoss",
+ "avatarUrl": "https://placekitten.com/200/200",
+ "htmlUrl": "https://github.com/GuillaumeRoss"
+ }
+ ],
+ "kind": "policy",
+ "slug": "guest-access-to-shared-folders-is-disabled-mac-os",
+ "requiresMdm": true
+ },
+ {
+ "name": "No 1Password emergency kit stored in desktop, documents, or downloads folders (macOS)",
+ "query": "SELECT 1 WHERE NOT EXISTS (SELECT 1 FROM file WHERE filename LIKE '%Emergency Kit%.pdf' AND (path LIKE '/Users/%/Desktop/%' OR path LIKE '/Users/%/Documents/%' OR path LIKE '/Users/%/Downloads/%' OR path LIKE '/Users/Shared/%'));",
+ "description": "Looks for PDF files with file names typically used by 1Password for emergency recovery kits. To protect the performance of your devices, the search is one level deep and limited to the Desktop, Documents, Downloads, and Shared folders.",
+ "resolution": "Delete 1Password emergency kits from your computer, and empty the trash. 1Password emergency kits should only be printed and stored in a physically secure location.",
+ "platform": "darwin",
+ "tags": [
+ "compliance",
+ "built-in"
+ ],
+ "contributors": [
+ {
+ "name": "nonpunctual",
+ "handle": "nonpunctual",
+ "avatarUrl": "https://placekitten.com/200/200",
+ "htmlUrl": "https://github.com/nonpunctual"
+ }
+ ],
+ "kind": "policy",
+ "slug": "no-1-password-emergency-kit-stored-in-desktop-documents-or-downloads-folders-mac-os",
+ "requiresMdm": false
+ },
+ {
+ "name": "Discover TLS certificates",
+ "platform": "linux, windows, darwin",
+ "description": "Retrieves metadata about TLS certificates for servers listening on the local machine. Enables mTLS adoption analysis and cert expiration notifications.",
+ "query": "SELECT * FROM curl_certificate WHERE hostname IN (SELECT DISTINCT 'localhost:'||port FROM listening_ports WHERE protocol=6 AND address!='127.0.0.1' AND address!='::1');",
+ "purpose": "Informational",
+ "tags": [
+ "network",
+ "tls"
+ ],
+ "contributors": [
+ {
+ "name": "nabilschear",
+ "handle": "nabilschear",
+ "avatarUrl": "https://placekitten.com/200/200",
+ "htmlUrl": "https://github.com/nabilschear"
+ }
+ ],
+ "kind": "query",
+ "slug": "discover-tls-certificates",
+ "resolution": "N/A",
+ "requiresMdm": false
+ },
+ {
+ "name": "Discover Python Packages from Running Python Interpreters",
+ "platform": "linux, darwin",
+ "description": "Attempt to discover Python environments (in cwd, path to the python binary, and process command line) from running python interpreters and collect Python packages from those environments.",
+ "query": "SELECT * FROM python_packages WHERE directory IN (SELECT DISTINCT directory FROM (SELECT SUBSTR(path,0,INSTR(path,'/bin/'))||'/lib' AS directory FROM processes WHERE path LIKE '%/bin/%' AND path LIKE '%python%' UNION SELECT SUBSTR(cmdline,0,INSTR(cmdline,'/bin/'))||'/lib' AS directory FROM processes WHERE cmdline LIKE '%python%' AND cmdline LIKE '%/bin/%' AND path LIKE '%python%' UNION SELECT cwd||'/lib' AS directory FROM processes WHERE path LIKE '%python%'));",
+ "purpose": "Informational",
+ "tags": [
+ "compliance",
+ "hunting"
+ ],
+ "contributors": [
+ {
+ "name": "nabilschear",
+ "handle": "nabilschear",
+ "avatarUrl": "https://placekitten.com/200/200",
+ "htmlUrl": "https://github.com/nabilschear"
+ }
+ ],
+ "kind": "query",
+ "slug": "discover-python-packages-from-running-python-interpreters",
+ "resolution": "N/A",
+ "requiresMdm": false
+ },
+ {
+ "name": "Identify the default mail, http and ftp applications",
+ "platforms": "macOS",
+ "platform": "darwin",
+ "description": "Lists the currently enabled applications configured to handle mailto, http and ftp schemes.",
+ "query": "SELECT * FROM app_schemes WHERE (scheme='mailto' OR scheme='http' OR scheme='ftp') AND enabled='1';",
+ "purpose": "Informational",
+ "tags": [
+ "compliance",
+ "hunting"
+ ],
+ "contributors": [
+ {
+ "name": "brunerd",
+ "handle": "brunerd",
+ "avatarUrl": "https://placekitten.com/200/200",
+ "htmlUrl": "https://github.com/brunerd"
+ }
+ ],
+ "kind": "query",
+ "slug": "identify-the-default-mail-http-and-ftp-applications",
+ "resolution": "N/A",
+ "requiresMdm": false
+ },
+ {
+ "name": "Firewall enabled, domain profile (Windows)",
+ "query": "SELECT 1 FROM registry WHERE path LIKE 'HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\WindowsFirewall\\DomainProfile\\EnableFirewall' AND CAST(data as integer) = 1;",
+ "description": "Checks if a Group Policy configures the computer to enable the domain profile for Windows Firewall. The domain profile applies to networks where the host system can authenticate to a domain controller. Some auditors requires that this setting is configured by a Group Policy.",
+ "resolution": "Contact your IT administrator to ensure your computer is receiving a Group Policy that enables the domain profile for Windows Firewall.",
+ "platforms": "Windows",
+ "tags": [
+ "compliance",
+ "cis",
+ "cis9.1.1"
+ ],
+ "platform": "windows",
+ "contributors": [
+ {
+ "name": "defensivedepth",
+ "handle": "defensivedepth",
+ "avatarUrl": "https://placekitten.com/200/200",
+ "htmlUrl": "https://github.com/defensivedepth"
+ }
+ ],
+ "kind": "policy",
+ "slug": "firewall-enabled-domain-profile-windows",
+ "requiresMdm": false
+ },
+ {
+ "name": "Firewall enabled, private profile (Windows)",
+ "query": "SELECT 1 FROM registry WHERE path LIKE 'HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\WindowsFirewall\\PrivateProfile\\EnableFirewall' AND CAST(data as integer) = 1;",
+ "description": "Checks if a Group Policy configures the computer to enable the private profile for Windows Firewall. The private profile applies to networks where the host system is connected to a private or home network. Some auditors requires that this setting is configured by a Group Policy.",
+ "resolution": "Contact your IT administrator to ensure your computer is receiving a Group Policy that enables the private profile for Windows Firewall.",
+ "platforms": "Windows",
+ "tags": [
+ "compliance",
+ "cis",
+ "cis9.2.1"
+ ],
+ "platform": "windows",
+ "contributors": [
+ {
+ "name": "defensivedepth",
+ "handle": "defensivedepth",
+ "avatarUrl": "https://placekitten.com/200/200",
+ "htmlUrl": "https://github.com/defensivedepth"
+ }
+ ],
+ "kind": "policy",
+ "slug": "firewall-enabled-private-profile-windows",
+ "requiresMdm": false
+ },
+ {
+ "name": "Firewall enabled, public profile (Windows)",
+ "query": "SELECT 1 FROM registry WHERE path LIKE 'HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\WindowsFirewall\\PublicProfile\\EnableFirewall' AND CAST(data as integer) = 1;",
+ "description": "Checks if a Group Policy configures the computer to enable the public profile for Windows Firewall. The public profile applies to networks where the host system is connected to public networks such as Wi-Fi hotspots at coffee shops and airports. Some auditors requires that this setting is configured by a Group Policy.",
+ "resolution": "Contact your IT administrator to ensure your computer is receiving a Group Policy that enables the public profile for Windows Firewall.",
+ "platforms": "Windows",
+ "tags": [
+ "compliance",
+ "cis",
+ "cis9.3.1"
+ ],
+ "platform": "windows",
+ "contributors": [
+ {
+ "name": "defensivedepth",
+ "handle": "defensivedepth",
+ "avatarUrl": "https://placekitten.com/200/200",
+ "htmlUrl": "https://github.com/defensivedepth"
+ }
+ ],
+ "kind": "policy",
+ "slug": "firewall-enabled-public-profile-windows",
+ "requiresMdm": false
+ },
+ {
+ "name": "SMBv1 client driver disabled (Windows)",
+ "query": "SELECT 1 FROM windows_optional_features WHERE name = 'SMB1Protocol-Client' AND state != 1;",
+ "description": "Checks that the SMBv1 client is disabled.",
+ "resolution": "Contact your IT administrator to discuss disabling SMBv1 on your system.",
+ "platforms": "Windows",
+ "tags": [
+ "compliance",
+ "cis",
+ "cis18.3.2",
+ "built-in"
+ ],
+ "platform": "windows",
+ "contributors": [
+ {
+ "name": "defensivedepth",
+ "handle": "defensivedepth",
+ "avatarUrl": "https://placekitten.com/200/200",
+ "htmlUrl": "https://github.com/defensivedepth"
+ }
+ ],
+ "kind": "policy",
+ "slug": "sm-bv-1-client-driver-disabled-windows",
+ "requiresMdm": false
+ },
+ {
+ "name": "SMBv1 server disabled (Windows)",
+ "query": "SELECT 1 FROM windows_optional_features WHERE name = 'SMB1Protocol-Server' AND state != 1",
+ "description": "Checks that the SMBv1 server is disabled.",
+ "resolution": "Contact your IT administrator to discuss disabling SMBv1 on your system.",
+ "platforms": "Windows",
+ "tags": [
+ "compliance",
+ "cis",
+ "cis18.3.3",
+ "built-in"
+ ],
+ "platform": "windows",
+ "contributors": [
+ {
+ "name": "defensivedepth",
+ "handle": "defensivedepth",
+ "avatarUrl": "https://placekitten.com/200/200",
+ "htmlUrl": "https://github.com/defensivedepth"
+ }
+ ],
+ "kind": "policy",
+ "slug": "sm-bv-1-server-disabled-windows",
+ "requiresMdm": false
+ },
+ {
+ "name": "Link-Local Multicast Name Resolution (LLMNR) disabled (Windows)",
+ "query": "SELECT 1 FROM registry WHERE path LIKE 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\DNSClient\\EnableMulticast' AND CAST(data as integer) = 0;",
+ "description": "Checks if a Group Policy configures the computer to disable LLMNR. Disabling LLMNR can prevent malicious actors from gaining access to the computer's credentials. Some auditors require that this setting is configured by a Group Policy.",
+ "resolution": "Contact your IT administrator to ensure your computer is receiving a Group Policy that disables LLMNR on your system.",
+ "platforms": "Windows",
+ "tags": [
+ "compliance",
+ "cis",
+ "cis18.5.4.2"
+ ],
+ "platform": "windows",
+ "contributors": [
+ {
+ "name": "defensivedepth",
+ "handle": "defensivedepth",
+ "avatarUrl": "https://placekitten.com/200/200",
+ "htmlUrl": "https://github.com/defensivedepth"
+ }
+ ],
+ "kind": "policy",
+ "slug": "link-local-multicast-name-resolution-llmnr-disabled-windows",
+ "requiresMdm": false
+ },
+ {
+ "name": "Automatic updates enabled (Windows)",
+ "query": "SELECT 1 FROM registry WHERE path LIKE 'HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\WindowsUpdate\\AU\\NoAutoUpdate' AND CAST(data as integer) = 0;",
+ "description": "Checks if a Group Policy configures the computer to enable Automatic Updates. When enabled, the computer downloads and installs security and other important updates automatically. Some auditors require that this setting is configured by a Group Policy.",
+ "resolution": "Contact your IT administrator to ensure your computer is receiving a Group policy that enables Automatic Updates.",
+ "platforms": "Windows",
+ "tags": [
+ "compliance",
+ "cis",
+ "cis18.9.108.2.1"
+ ],
+ "platform": "windows",
+ "contributors": [
+ {
+ "name": "defensivedepth",
+ "handle": "defensivedepth",
+ "avatarUrl": "https://placekitten.com/200/200",
+ "htmlUrl": "https://github.com/defensivedepth"
+ }
+ ],
+ "kind": "policy",
+ "slug": "automatic-updates-enabled-windows",
+ "requiresMdm": false
+ },
+ {
+ "name": "Identify Apple development secrets (macOS)",
+ "query": "SELECT * FROM keychain_items WHERE label LIKE '%ABCDEFG%';",
+ "description": "Identifies certificates associated with Apple development signing and notarization. Replace ABCDEFG with your company's identifier.",
+ "resolution": "Ensure your official Apple builds, signing and notarization happen on a centralized system, and remove these certificates from workstations.",
+ "tags": [
+ "compliance",
+ "inventory",
+ "built-in"
+ ],
+ "platform": "darwin",
+ "contributors": [
+ {
+ "name": "GuillaumeRoss",
+ "handle": "GuillaumeRoss",
+ "avatarUrl": "https://placekitten.com/200/200",
+ "htmlUrl": "https://github.com/GuillaumeRoss"
+ }
+ ],
+ "kind": "policy",
+ "slug": "identify-apple-development-secrets-mac-os",
+ "requiresMdm": false
+ },
+ {
+ "name": "Geolocate via ipapi.co",
+ "platform": "darwin, linux, windows",
+ "description": "Geolocate a host using the [ipapi.co](https://ipapi.co) in an emergency. Requires the curl table. [Learn more](https://fleetdm.com/guides/locate-assets-with-osquery).",
+ "query": "SELECT JSON_EXTRACT(result, '$.ip') AS ip, JSON_EXTRACT(result, '$.city') AS city, JSON_EXTRACT(result, '$.region') AS region, JSON_EXTRACT(result, '$.country') AS country, JSON_EXTRACT(result, '$.latitude') AS latitude, JSON_EXTRACT(result, '$.longitude') AS longitude FROM curl WHERE url = 'http://ipapi.co/json';",
+ "purpose": "inventory",
+ "tags": [
+ "inventory"
+ ],
+ "contributors": [
+ {
+ "name": "zwass",
+ "handle": "zwass",
+ "avatarUrl": "https://placekitten.com/200/200",
+ "htmlUrl": "https://github.com/zwass"
+ }
+ ],
+ "kind": "query",
+ "slug": "geolocate-via-ipapi-co",
+ "resolution": "N/A",
+ "requiresMdm": false
+ },
+ {
+ "name": "Get Crowdstrike Falcon network content filter status",
+ "platform": "darwin",
+ "description": "Get the status of the Crowdstrike Falcon network content filter (as in \"System Settings\" > \"Network > \"Filters\").",
+ "query": "/* Load up the plist */ WITH extensions_plist AS (SELECT *, rowid FROM plist WHERE path = '/Library/Preferences/com.apple.networkextension.plist') /* Find the first \"Enabled\" key after the key indicating the crowdstrike app */ SELECT value AS enabled FROM extensions_plist WHERE subkey = 'Enabled' AND rowid > (SELECT rowid FROM extensions_plist WHERE value = 'com.crowdstrike.falcon.App') LIMIT 1;",
+ "purpose": "Informational",
+ "tags": [
+ "crowdstrike",
+ "plist",
+ "network",
+ "content filter"
+ ],
+ "contributors": [
+ {
+ "name": "zwass",
+ "handle": "zwass",
+ "avatarUrl": "https://placekitten.com/200/200",
+ "htmlUrl": "https://github.com/zwass"
+ }
+ ],
+ "kind": "query",
+ "slug": "get-crowdstrike-falcon-network-content-filter-status",
+ "resolution": "N/A",
+ "requiresMdm": false
+ },
+ {
+ "name": "Get a list of Visual Studio Code extensions",
+ "platform": "darwin, linux, windows",
+ "description": "Get a list of installed VS Code extensions (requires osquery > 5.11.0).",
+ "query": "SELECT u.username, vs.* FROM users u CROSS JOIN vscode_extensions vs USING (uid);\n",
+ "purpose": "Informational",
+ "tags": [
+ "inventory"
+ ],
+ "contributors": [
+ {
+ "name": "lucasmrod",
+ "handle": "lucasmrod",
+ "avatarUrl": "https://placekitten.com/200/200",
+ "htmlUrl": "https://github.com/lucasmrod"
+ },
+ {
+ "name": "sharon-fdm",
+ "handle": "sharon-fdm",
+ "avatarUrl": "https://placekitten.com/200/200",
+ "htmlUrl": "https://github.com/sharon-fdm"
+ },
+ {
+ "name": "zwass",
+ "handle": "zwass",
+ "avatarUrl": "https://placekitten.com/200/200",
+ "htmlUrl": "https://github.com/zwass"
+ }
+ ],
+ "kind": "query",
+ "slug": "get-a-list-of-visual-studio-code-extensions",
+ "resolution": "N/A",
+ "requiresMdm": false
+ },
+ {
+ "name": "List osquery table names",
+ "platform": "darwin, linux, windows",
+ "description": "List all table names in the schema of the currently installed version of osquery",
+ "query": "SELECT DISTINCT name FROM osquery_registry;",
+ "purpose": "Informational",
+ "tags": [
+ "fleet",
+ "osquery",
+ "table",
+ "schema"
+ ],
+ "contributors": [
+ {
+ "name": "nonpunctual",
+ "handle": "nonpunctual",
+ "avatarUrl": "https://placekitten.com/200/200",
+ "htmlUrl": "https://github.com/nonpunctual"
+ }
+ ],
+ "kind": "query",
+ "slug": "list-osquery-table-names",
+ "resolution": "N/A",
+ "requiresMdm": false
+ }
+ ],
+ "queryLibraryYmlRepoPath": "docs/01-Using-Fleet/standard-query-library/standard-query-library.yml",
+ "pricingTable": [
+ {
+ "industryName": "Managed cloud",
+ "description": "Have Fleet host it for you (currently only available for customers with 700+ hosts. PS. Wish we could host for you? We're working on it! Please let us know if you know of a good partner. In the meantime, join fleetdm.com/support and we're happy to help you deploy Fleet yourself.)",
+ "pricingTableCategories": [
+ "Deployment"
+ ],
+ "productCategories": [
+ "Endpoint operations",
+ "Device management",
+ "Vulnerability management"
+ ],
+ "tier": "Premium",
+ "jamfProHasFeature": "yes",
+ "jamfProtectHasFeature": "yes",
+ "name": "Managed cloud"
+ },
+ {
+ "industryName": "Self-hosted",
+ "friendlyName": "Host it yourself",
+ "description": "Deploy Fleet anywhere and host it yourself, even in air-gapped environments except where technologically impossible.",
+ "pricingTableCategories": [
+ "Deployment"
+ ],
+ "documentationUrl": "https://fleetdm.com/docs/deploy/introduction",
+ "productCategories": [
+ "Endpoint operations",
+ "Device management",
+ "Vulnerability management"
+ ],
+ "tier": "Free",
+ "jamfProHasFeature": "yes",
+ "jamfProtectHasFeature": "no",
+ "buzzwords": [
+ "Self-hosted"
+ ],
+ "name": "Self-hosted"
+ },
+ {
+ "industryName": "Multi-tenancy",
+ "description": "For managed service providers to use a single instance of Fleet for multiple customers.",
+ "documentationUrl": "https://github.com/fleetdm/fleet/issues/9956",
+ "productCategories": [
+ "Device management"
+ ],
+ "pricingTableCategories": [
+ "Deployment"
+ ],
+ "usualDepartment": "IT",
+ "buzzwords": [
+ "OEM",
+ "Private label",
+ "House brand",
+ "Clear label",
+ "Multi-tenancy"
+ ],
+ "tier": "Premium",
+ "name": "Multi-tenancy"
+ },
+ {
+ "industryName": "Deployment tools",
+ "description": "Pre-built Terraform modules and Helm charts to help you get up and running.",
+ "documentationUrl": "https://fleetdm.com/docs/deploy/introduction",
+ "usualDepartment": "IT",
+ "tier": "Free",
+ "jamfProHasFeature": "no",
+ "jamfProtectHasFeature": "no",
+ "productCategories": [
+ "Endpoint operations"
+ ],
+ "pricingTableCategories": [
+ "Deployment"
+ ],
+ "name": "Deployment tools"
+ },
+ {
+ "industryName": "Private update registry",
+ "friendlyName": "Update agents from a secret URL",
+ "description": "Load agent code from a secret URL that you manage.",
+ "documentationUrl": "https://fleetdm.com/docs/using-fleet/update-agents",
+ "tier": "Premium",
+ "jamfProHasFeature": "no",
+ "jamfProtectHasFeature": "no",
+ "productCategories": [
+ "Endpoint operations"
+ ],
+ "pricingTableCategories": [
+ "Configuration"
+ ],
+ "usualDepartment": "Security",
+ "name": "Private update registry"
+ },
+ {
+ "industryName": "Control agent versions",
+ "description": "Manage agents remotely by setting different versions per-baseline.",
+ "documentationUrl": "https://fleetdm.com/docs/configuration/agent-configuration#configure-fleetd-update-channels",
+ "tier": "Premium",
+ "jamfProHasFeature": "no",
+ "jamfProtectHasFeature": "no",
+ "productCategories": [
+ "Endpoint operations"
+ ],
+ "pricingTableCategories": [
+ "Configuration"
+ ],
+ "usualDepartment": "IT",
+ "waysToUse": [
+ {
+ "description": "Supply-chain Levels for Software Artifacts (SLSA) attestations for the fleetd binary artifacts and server container image to enable verification that the binaries are built and uploaded using GitHub Actions from the Fleet repository at a particular commit SHA coming soon (2024-12-31)."
+ },
+ {
+ "moreInfoUrl": "https://github.com/fleetdm/fleet/issues/20219"
+ }
+ ],
+ "name": "Control agent versions"
+ },
+ {
+ "industryName": "Command line tool (CLI)",
+ "friendlyName": "fleetctl",
+ "documentationUrl": "https://fleetdm.com/docs/using-fleet/fleetctl-cli",
+ "productCategories": [
+ "Endpoint operations",
+ "Device management"
+ ],
+ "pricingTableCategories": [
+ "Configuration"
+ ],
+ "usualDepartment": "IT",
+ "tier": "Free",
+ "jamfProHasFeature": "yes",
+ "jamfProtectHasFeature": "yes",
+ "name": "Command line tool (CLI)"
+ },
+ {
+ "industryName": "GitOps",
+ "friendlyName": "Manage endpoints in git",
+ "documentationUrl": "https://github.com/fleetdm/fleet-gitops",
+ "description": "Fork the best practices GitHub repo and use the included GitHub Actions to quickly automate Fleet console and configuration workflow management.",
+ "productCategories": [
+ "Endpoint operations",
+ "Device management",
+ "Vulnerability management"
+ ],
+ "pricingTableCategories": [
+ "Configuration"
+ ],
+ "usualDepartment": "IT",
+ "tier": "Free",
+ "jamfProHasFeature": "yes",
+ "jamfProtectHasFeature": "yes",
+ "demos": {
+ "description": "A top savings and investment company wanted workflows and automation so that one bad actor can't brick their fleet. This way, they have to make a pull request first.",
+ "quote": "I don't want one bad actor to brick my fleet. I want them to make a pull request first.",
+ "moreInfoUrl": "https://docs.google.com/document/d/1hAQL6P--Tt3syq1MTRONAxhQA_2Vjt3oOJJt_O4xbiE/edit?disco=AAABAVnYvns&usp_dm=true#heading=h.7en766pueek4"
+ },
+ "name": "GitOps"
+ },
+ {
+ "industryName": "Two-factor authentication",
+ "moreInfoUrl": "https://github.com/fleetdm/fleet/issues/5478",
+ "productCategories": [
+ "Endpoint operations",
+ "Device management",
+ "Vulnerability management"
+ ],
+ "pricingTableCategories": [
+ "Configuration"
+ ],
+ "usualDepartment": "IT",
+ "tier": "Free",
+ "jamfProHasFeature": "yes",
+ "jamfProtectHasFeature": "yes",
+ "waysToUse": [
+ {
+ "description": "Enforce two-factor authentication when logging in to Fleet for added security."
+ }
+ ],
+ "comingSoonOn": "2024-12-31",
+ "name": "Two-factor authentication",
+ "comingSoon": true
+ },
+ {
+ "industryName": "Role-based access control",
+ "documentationUrl": "https://fleetdm.com/docs/using-fleet/manage-access#manage-access",
+ "productCategories": [
+ "Endpoint operations",
+ "Device management",
+ "Vulnerability management"
+ ],
+ "pricingTableCategories": [
+ "Configuration"
+ ],
+ "usualDepartment": "IT",
+ "tier": "Premium",
+ "jamfProHasFeature": "yes",
+ "jamfProtectHasFeature": "yes",
+ "name": "Role-based access control"
+ },
+ {
+ "industryName": "Audit logging",
+ "description": "Log all activity, including queries, scripts, access, etc.",
+ "documentationUrl": "https://fleetdm.com/docs/rest-api/rest-api#list-activities",
+ "productCategories": [
+ "Endpoint operations",
+ "Device management"
+ ],
+ "pricingTableCategories": [
+ "Configuration"
+ ],
+ "tier": "Premium",
+ "jamfProHasFeature": "yes",
+ "jamfProtectHasFeature": "yes",
+ "usualDepartment": "Security",
+ "waysToUse": [
+ {
+ "description": "Export activity of Fleet admins to your SIEM or data lake"
+ }
+ ],
+ "name": "Audit logging"
+ },
+ {
+ "industryName": "Scope transparency",
+ "description": "Let end users see the source code for exactly how they are being monitored, and set clear expectations about what is and isn’t acceptable use of work computers.",
+ "tier": "Free",
+ "documentationUrl": "https://fleetdm.com/transparency",
+ "productCategories": [
+ "Endpoint operations"
+ ],
+ "pricingTableCategories": [
+ "Configuration"
+ ],
+ "name": "Scope transparency"
+ },
+ {
+ "industryName": "Cross-platform MDM support",
+ "description": "macOS, Windows, and Linux.",
+ "documentationUrl": "https://fleetdm.com/announcements/fleet-introduces-windows-mdm",
+ "tier": "Premium",
+ "jamfProHasFeature": "appleOnly",
+ "jamfProtectHasFeature": "no",
+ "usualDepartment": "IT",
+ "productCategories": [
+ "Device management"
+ ],
+ "pricingTableCategories": [
+ "Devices"
+ ],
+ "name": "Cross-platform MDM support"
+ },
+ {
+ "industryName": "MDM migration",
+ "description": "Easily move your devices from your current MDM solution to Fleet.",
+ "tier": "Premium",
+ "jamfProHasFeature": "yes",
+ "jamfProtectHasFeature": "no",
+ "documentationUrl": "https://fleetdm.com/docs/using-fleet/mdm-migration-guide",
+ "usualDepartment": "IT",
+ "productCategories": [
+ "Device management"
+ ],
+ "pricingTableCategories": [
+ "Devices"
+ ],
+ "name": "MDM migration"
+ },
+ {
+ "industryName": "Zero-touch setup",
+ "description": "Zero-touch setup for macOS, iOS/iPadOS, and Windows.",
+ "documentationUrl": "https://fleetdm.com/docs/using-fleet/mdm-macos-setup-experience",
+ "tier": "Premium",
+ "jamfProHasFeature": "appleOnly",
+ "jamfProtectHasFeature": "no",
+ "usualDepartment": "IT",
+ "productCategories": [
+ "Device management"
+ ],
+ "pricingTableCategories": [
+ "Devices"
+ ],
+ "waysToUse": [
+ {
+ "description": "Ship a macOS, iOS, or iPadOS device to the end user's home and have them automatically enroll to Fleet during out-of-the-box setup."
+ },
+ {
+ "description": "Ship a Windows workstation to the end user's home and have them automatically enroll to Fleet during out-of-the-box setup."
+ },
+ {
+ "description": "Customize the out-of-the-box setup experience for your end users."
+ },
+ {
+ "description": "Install a bootstrap package to run custom scripts during the setup experience. Store the bootstrap package outside the Fleet database coming soon (2024-09-15)",
+ "moreInfoUrl": "https://github.com/fleetdm/fleet/issues/19037"
+ },
+ {
+ "description": "Require end users to authenticate with your identity provider (IdP) and agree to an end user license agreement (EULA) before they can use their new workstation"
+ }
+ ],
+ "name": "Zero-touch setup"
+ },
+ {
+ "industryName": "Bring your own device (BYOD) enrollment",
+ "description": "BYOD enrollment for macOS, iOS/iPadOS (coming soon), Windows, and Android (coming soon) devices.",
+ "documentationUrl": "https://fleetdm.com/guides/sysadmin-diaries-device-enrollment#byod-enrollment",
+ "tier": "Free",
+ "jamfProHasFeature": "yes",
+ "jamfProtectHasFeature": "no",
+ "usualDepartment": "IT",
+ "productCategories": [
+ "Device management"
+ ],
+ "pricingTableCategories": [
+ "Devices"
+ ],
+ "waysToUse": [
+ {
+ "description": "Support ACME as a protocol for MDM certificate generation. Coming soon (2024-12-31)",
+ "moreInfoUrl": "https://github.com/fleetdm/fleet/issues/15611"
+ }
+ ],
+ "name": "Bring your own device (BYOD) enrollment"
+ },
+ {
+ "industryName": "User account sync",
+ "description": "Sync user accounts via Okta, AD, or any IDP.",
+ "documentationUrl": "https://fleetdm.com/docs/using-fleet/mdm-macos-setup-experience",
+ "productCategories": [
+ "Endpoint operations",
+ "Device management",
+ "Vulnerability management"
+ ],
+ "pricingTableCategories": [
+ "Devices"
+ ],
+ "usualDepartment": "IT",
+ "tier": "Premium",
+ "jamfProHasFeature": "yes",
+ "jamfProtectHasFeature": "yes",
+ "waysToUse": [
+ {
+ "description": "Automatically set admin access to Fleet based on your IDP"
+ }
+ ],
+ "name": "User account sync"
+ },
+ {
+ "industryName": "Human-endpoint mapping",
+ "friendlyName": "See who logs in on every computer",
+ "description": "Identify who logs in to any system, including login history and current sessions. Look up any host by the email address of the person using it.",
+ "documentationUrl": "https://fleetdm.com/docs/rest-api/rest-api#get-hosts-google-chrome-profiles",
+ "screenshotSrc": null,
+ "tier": "Free",
+ "jamfProHasFeature": "yes",
+ "jamfProtectHasFeature": "yes",
+ "productCategories": [
+ "Endpoint operations"
+ ],
+ "pricingTableCategories": [
+ "Devices"
+ ],
+ "usualDepartment": "IT",
+ "buzzwords": [
+ "Device users",
+ "human-to-device mapping"
+ ],
+ "dri": "mikermcneil",
+ "demos": [
+ {
+ "description": "Security engineers at a top gaming company wanted to get demographics off their macOS, Windows, and Linux machines about who the user is and who's logged in.",
+ "moreInfoUrl": "https://docs.google.com/document/d/1qFYtMoKh3zyERLhbErJOEOo2me6Bc7KOOkjKn482Sqc/edit"
+ },
+ {
+ "description": "Data engineers at a top biotech corporation needed to know who is logged into their devices.",
+ "quote": "So we don't know exactly what's going on after we deploy the device, we know that they are compliant with the security because we are running these stuff, but we don't know certainly who is running, who is logging in the device?",
+ "moreInfoUrl": "https://docs.google.com/document/d/17MNI5ykzlFjdVmQ8SPMrT1oR_hY_vkYAJx31F7l7Pv8/edit#heading=h.7en766pueek4"
+ }
+ ],
+ "waysToUse": [
+ {
+ "description": "Look up computer by ActiveDirectory account"
+ },
+ {
+ "description": "Find device by Google Chrome user"
+ },
+ {
+ "description": "Identify who logs in to any system, including login history and current sessions."
+ },
+ {
+ "description": "Look up any host by the email address of the person using it."
+ },
+ {
+ "description": "Check user login history",
+ "moreInfoUrl": "https://www.lepide.com/how-to/audit-who-logged-into-a-computer-and-when.html#:~:text=To%20find%20out%20the%20details,logs%20in%20%E2%80%9CWindows%20Logs%E2%80%9D."
+ },
+ {
+ "description": "See currently logged in users",
+ "moreInfoUrl": "https://www.top-password.com/blog/see-currently-logged-in-users-in-windows/"
+ },
+ {
+ "description": "Get demographics off of our machines about who the user is and who's logged in",
+ "moreInfoUrl": "https://docs.google.com/document/d/1qFYtMoKh3zyERLhbErJOEOo2me6Bc7KOOkjKn482Sqc/edit"
+ },
+ {
+ "description": "See what servers someone is logged-in on",
+ "moreInfoUrl": "https://community.spiceworks.com/topic/138171-is-there-a-way-to-see-what-servers-someone-is-logged-in-on"
+ }
+ ],
+ "name": "Human-endpoint mapping"
+ },
+ {
+ "industryName": "Device inventory",
+ "description": "Includes a list of all devices and all hardware and software attributes for each device.",
+ "documentationUrl": "https://fleetdm.com/docs/using-fleet/understanding-host-vitals",
+ "moreInfoUrl": "https://github.com/fleetdm/fleet/issues/14415",
+ "tier": "Free",
+ "jamfProHasFeature": "yes",
+ "jamfProtectHasFeature": "yes",
+ "usualDepartment": "IT",
+ "productCategories": [
+ "Endpoint operations",
+ "Device management",
+ "Vulnerability management"
+ ],
+ "pricingTableCategories": [
+ "Devices"
+ ],
+ "waysToUse": [
+ {
+ "description": "Implement software inventory recommendations from the SANS 20 / CIS 18.",
+ "moreInfoUrl": "https://docs.google.com/document/d/1E6EQMMqrsRc6Z3YsR6Q33OaF9eAa8zLNaz4K2YzFdyo/edit#heading=h.7en766pueek4"
+ },
+ {
+ "description": "View a list of all hardware attributes of a device.",
+ "moreInfoUrl": "https://fleetdm.com/tables/system_info"
+ },
+ {
+ "description": "View a list of all software and their versions installed on all your hosts.",
+ "moreInfoUrl": "https://fleetdm.com/docs/get-started/anatomy#software-library"
+ },
+ {
+ "description": "View a list of software rolled up by title.",
+ "moreInfoUrl": "https://github.com/fleetdm/fleet/issues/14674"
+ },
+ {
+ "description": "Implement hardware and infrastructure inventory recommendations from the SANS 20 / CIS 18.",
+ "moreInfoUrl": "https://docs.google.com/document/d/1E6EQMMqrsRc6Z3YsR6Q33OaF9eAa8zLNaz4K2YzFdyo/edit#heading=h.7en766pueek4"
+ }
+ ],
+ "name": "Device inventory"
+ },
+ {
+ "industryName": "Search inventory",
+ "description": "Search devices by IP, serial, hostname, and UUID.",
+ "documentationUrl": "https://fleetdm.com/docs/using-fleet/learn-how-to-use-fleet#how-to-ask-questions-about-your-device",
+ "productCategories": [
+ "Endpoint operations",
+ "Device management"
+ ],
+ "pricingTableCategories": [
+ "Devices"
+ ],
+ "usualDepartment": "IT",
+ "tier": "Free",
+ "jamfProHasFeature": "yes",
+ "jamfProtectHasFeature": "yes",
+ "name": "Search inventory"
+ },
+ {
+ "industryName": "Targeted device scoping",
+ "description": "Organize devices with Teams and Labels.",
+ "documentationUrl": "https://fleetdm.com/guides/managing-labels-in-fleet",
+ "tier": "Premium",
+ "jamfProHasFeature": "yes",
+ "jamfProtectHasFeature": "yes",
+ "usualDepartment": "IT",
+ "productCategories": [
+ "Device management"
+ ],
+ "pricingTableCategories": [
+ "Devices"
+ ],
+ "name": "Targeted device scoping"
+ },
+ {
+ "industryName": "Enforce disk encryption",
+ "description": "Encrypt system drives on macOS and Windows computers, manage escrowed encryption keys, and report on disk encryption status (FileVault, BitLocker).",
+ "documentationUrl": "https://fleetdm.com/docs/using-fleet/mdm-disk-encryption",
+ "friendlyName": "Ensure hard disks are encrypted",
+ "productCategories": [
+ "Device management"
+ ],
+ "pricingTableCategories": [
+ "Devices"
+ ],
+ "usualDepartment": "Security",
+ "tier": "Premium",
+ "jamfProHasFeature": "appleOnly",
+ "jamfProtectHasFeature": "no",
+ "waysToUse": [
+ {
+ "description": "Report on disk encryption status"
+ },
+ {
+ "description": "Encrypt hard disks on macOS with FileVault"
+ },
+ {
+ "description": "Escrow FileVault keys on macOS"
+ },
+ {
+ "description": "Encrypt hard disks on Windows with BitLocker."
+ }
+ ],
+ "name": "Enforce disk encryption"
+ },
+ {
+ "industryName": "Enforce operating system (OS) updates",
+ "description": "Keep operating systems up to date for macOS, iOS/iPadOS, Windows, and Android (coming soon) devices.",
+ "documentationUrl": "https://fleetdm.com/docs/using-fleet/mdm-macos-updates",
+ "tier": "Premium",
+ "jamfProHasFeature": "yes",
+ "jamfProtectHasFeature": "no",
+ "usualDepartment": "IT",
+ "productCategories": [
+ "Device management",
+ "Vulnerability management"
+ ],
+ "pricingTableCategories": [
+ "Devices"
+ ],
+ "waysToUse": [
+ {
+ "description": "Enforce macOS updates via Nudge."
+ },
+ {
+ "description": "Progressively enhance from Nudge to DDM-based OS updates.",
+ "moreInfoUrl": "https://github.com/fleetdm/fleet/issues/17295"
+ },
+ {
+ "description": "Automatically update Windows after the end user reaches a deadline."
+ }
+ ],
+ "name": "Enforce operating system (OS) updates"
+ },
+ {
+ "industryName": "Enforce OS settings",
+ "description": "MDM support for macOS, iOS/iPadOS, Windows, and Android (coming soon) devices. Management support for Linux.",
+ "documentationUrl": "https://fleetdm.com/docs/using-fleet/mdm-custom-os-settings",
+ "usualDepartment": "IT",
+ "tier": "Free",
+ "jamfProHasFeature": "yes",
+ "jamfProtectHasFeature": "no",
+ "waysToUse": [
+ {
+ "description": "Deploy configuration profiles on macOS and Windows and verify that they're installed.",
+ "moreInfoUrl": "https://github.com/fleetdm/fleet/issues/13281"
+ },
+ {
+ "description": "Deploy custom declaration (DDM) profiles on macOS.",
+ "moreInfoUrl": "https://github.com/fleetdm/fleet/issues/14550"
+ },
+ {
+ "description": "Target profiles to specific hosts using SQL.",
+ "moreInfoUrl": "https://github.com/fleetdm/fleet/issues/17315"
+ },
+ {
+ "description": "Automatically re-deploy configuration profiles when they're not installed."
+ },
+ {
+ "description": "Deploy configuration profiles on iOS/iPadOS."
+ },
+ {
+ "description": "See a list of the upcoming MDM commands and scripts in unified queue. Coming soon (2024-07-15)",
+ "moreInfoUrl": "https://github.com/fleetdm/fleet/issues/15920"
+ },
+ {
+ "description": "Send MDM commands to tell end users to update their OS.",
+ "moreInfoUrl": "https://developer.apple.com/documentation/devicemanagement/schedule_an_os_update"
+ },
+ {
+ "description": "Configure agent options remotely, over the air. (Includes osquery config, and osquery startup flags.).",
+ "moreInfoUrl": "https://fleetdm.com/docs/configuration/agent-configuration"
+ }
+ ],
+ "productCategories": [
+ "Device management"
+ ],
+ "pricingTableCategories": [
+ "Devices"
+ ],
+ "name": "Enforce OS settings"
+ },
+ {
+ "industryName": "Declarative Device Management (DDM) support for configuration profiles",
+ "description": "Full support for Apple DDM configuration profiles.",
+ "documentationUrl": "https://fleetdm.com/docs/using-fleet/mdm-os-updates#macos",
+ "tier": "Free",
+ "jamfProHasFeature": "cloudOnly",
+ "jamfProtectHasFeature": "cloudOnly",
+ "usualDepartment": "IT",
+ "productCategories": [
+ "Device management"
+ ],
+ "pricingTableCategories": [
+ "Devices"
+ ],
+ "name": "Declarative Device Management (DDM) support for configuration profiles"
+ },
+ {
+ "industryName": "Device health",
+ "friendlyName": "Automate device health",
+ "description": "Automatically report system health issues using webhooks or integrations, to notify or quarantine outdated or misconfigured systems that are at higher risk of vulnerabilities or theft.",
+ "documentationUrl": "https://fleetdm.com/docs/using-fleet/automations#automations",
+ "screenshotSrc": null,
+ "tier": "Free",
+ "jamfProHasFeature": "no",
+ "jamfProtectHasFeature": "yes",
+ "productCategories": [
+ "Device management",
+ "Endpoint operations"
+ ],
+ "pricingTableCategories": [
+ "Devices"
+ ],
+ "usualDepartment": "IT",
+ "dri": "mikermcneil",
+ "demos": [
+ {
+ "description": "A large tech company used the Fleet API to block access to corporate apps for outdated operating system versions with certain \"celebrity\" vulnerabilities.",
+ "quote": null,
+ "moreInfoUrl": "https://play.goconsensus.com/s4e490bb9"
+ }
+ ],
+ "buzzwords": [
+ "Device trust",
+ "Zero trust",
+ "Layer 7 device trust",
+ "Beyondcorp",
+ "Device attestation",
+ "Conditional access"
+ ],
+ "waysToUse": [
+ {
+ "description": "Automatically manage the behavior of endpoints that are at higher risk of vulnerabilities or data loss due to their configuration or patch level."
+ },
+ {
+ "description": "Block access to corporate apps for users whose devices with unexpected settings, like disabled screen lock, passwords that are too short, unencrypted hard disks, and more"
+ },
+ {
+ "description": "Quickly implement conditional access based on device health using osquery and a simple device health REST API.",
+ "moreInfoUrl": "https://github.com/fleetdm/fleet/issues/14920"
+ },
+ {
+ "description": "Control and restore access to applications by automatically restricting access when devices do not meet particular security requirements.",
+ "moreInfoUrl": "https://duo.com/docs/device-health"
+ },
+ {
+ "description": "Control which laptop and desktop devices can access corporate apps and websites based on what vulnerabilities it might be exposed to based on how the device is configured, whether it's up to date, its MDM enrollment status, and anything else you can build in a SQL query of Fleet's 300 data tables representing information about enrolled host systems. Coming soon (2024-09-30).",
+ "moreInfoUrl": "https://github.com/fleetdm/fleet/issues/16236"
+ },
+ {
+ "description": "Implement multivariate device trust",
+ "moreInfoUrl": "https://youtu.be/5sFOdpMLXQg?feature=shared&t=1445"
+ },
+ {
+ "description": "Implement your own version of Google's zero trust model (BeyondCorp)",
+ "moreInfoUrl": "https://cloud.google.com/beyondcorp"
+ },
+ {
+ "description": "Get endpoint data into ServiceNow and make your asset management teams happy",
+ "moreInfoUrl": "https://www.youtube.com/watch?v=aVbU6_9JoM0"
+ },
+ {
+ "description": "Monitor devices that don't meet your organization's custom security policies"
+ },
+ {
+ "description": "Quickly report your posture and vulnerabilities to auditors, showing remediation status and timing."
+ },
+ {
+ "description": "Keep your devices compliant with customizable baselines, or use common benchmarks like CIS."
+ },
+ {
+ "description": "Discover security misconfigurations that increase attack surface."
+ },
+ {
+ "description": "Detect suspcious services listening on open ports that should not be connected to the internet, such as Remote Desktop Protocol (RDP).",
+ "moreInfoUrl": "https://paraflare.com/articles/vulnerability-management-via-osquery/#:~:text=WHERE%20statename%20%3D%20%E2%80%9CEnabled%E2%80%9D-,OPEN%20SOCKETS,-Lastly%2C%20an%20examination"
+ },
+ {
+ "description": "Discover potentially unwanted programs that increase attack surface.",
+ "moreInfoUrl": "https://paraflare.com/articles/vulnerability-management-via-osquery/"
+ },
+ {
+ "description": "Detect self-signed certifcates"
+ },
+ {
+ "description": "Detect legacy protocols with safer versions",
+ "moreInfoUrl": "https://paraflare.com/articles/vulnerability-management-via-osquery/#:~:text=WHERE%20self_signed%20%3D%201%3B-,LEGACY%20PROTOCOLS,-This%20section%20will"
+ },
+ {
+ "description": "Detect exposed secrets on the command line",
+ "moreInfoUrl": "https://paraflare.com/articles/vulnerability-management-via-osquery/#:~:text=WDigest%20is%20disabled.-,EXPOSED%20SECRETS,-Often%2C%20to%20create"
+ },
+ {
+ "description": "Detect and surface issues with devices"
+ },
+ {
+ "description": "Share device health reports"
+ },
+ {
+ "description": "Align endpoints with your security policies",
+ "moreInfoUrl": "https://www.axonius.com/use-cases/cmdb-reconciliation"
+ },
+ {
+ "description": "Maximize security control coverage"
+ },
+ {
+ "description": "Uncover gaps in security policies, configurations, and hygiene",
+ "moreInfoUrl": "https://www.axonius.com/use-cases/coverage-gap-discovery"
+ },
+ {
+ "description": "Automatically apply security policies to protect endpoints against attack."
+ },
+ {
+ "description": "Surface security issues in all your deployed endpoints even data centers and factories."
+ },
+ {
+ "description": "Continually validate controls and policies"
+ },
+ {
+ "description": "Block access to corporate apps if your end users are failing a specific number of critical policies.",
+ "moreInfoUrl": "https://github.com/fleetdm/fleet/issues/16206"
+ }
+ ],
+ "name": "Device health"
+ },
+ {
+ "industryName": "Application deployment",
+ "description": "Deploy applications and security agents on macOS, iOS/iPadOS, Linux, Windows, and Android (coming soon) devices. Additionally, install macOS and iOS/iPadOS apps from the App Store (coming soon).",
+ "tier": "Premium",
+ "jamfProHasFeature": "appleOnly",
+ "jamfProtectHasFeature": "no",
+ "isExperimental": "yes",
+ "usualDepartment": "IT",
+ "productCategories": [
+ "Device management"
+ ],
+ "pricingTableCategories": [
+ "Devices"
+ ],
+ "moreInfoUrl": "https://github.com/fleetdm/fleet/issues/18867",
+ "waysToUse": [
+ {
+ "description": "Easily configure and install SentinelOne, Crowdstrike, and other security tools.",
+ "moreInfoUrl": "https://github.com/fleetdm/fleet/issues/14921"
+ },
+ {
+ "description": "Offer licenses for Photoshop and other App Sore apps for your end users."
+ },
+ {
+ "description": "iOS/iPadOS coming soon (2024-08-11).",
+ "moreInfoUrl": "https://github.com/fleetdm/fleet/issues/14899"
+ }
+ ],
+ "name": "Application deployment"
+ },
+ {
+ "industryName": "Self-service application installation",
+ "description": "Allow end users to install apps through Fleet Desktop for macOS, Linux, and Windows.",
+ "tier": "Premium",
+ "jamfProHasFeature": "yes",
+ "jamfProtectHasFeature": "no",
+ "isExperimental": "yes",
+ "usualDepartment": "IT",
+ "productCategories": [
+ "Device management"
+ ],
+ "pricingTableCategories": [
+ "Devices"
+ ],
+ "moreInfoUrl": "https://github.com/fleetdm/fleet/issues/17587",
+ "waysToUse": [
+ {
+ "description": "Build scripts for Ansible deployments",
+ "moreInfoUrl": "https://www.youtube.com/watch?v=qflUfLQCnwY&list=PL6-FgoWOoK2YUR4ADGsxTSL3onb-GzCnM&index=4"
+ },
+ {
+ "description": "Deploy osquery to macOS via Jamf",
+ "moreInfoUrl": "https://www.youtube.com/watch?v=qflUfLQCnwY&list=PL6-FgoWOoK2YUR4ADGsxTSL3onb-GzCnM&index=4"
+ },
+ {
+ "description": "Package osquery for Linux servers via Workspace One and Windows servers via group policies",
+ "moreInfoUrl": "https://www.youtube.com/watch?v=qflUfLQCnwY&list=PL6-FgoWOoK2YUR4ADGsxTSL3onb-GzCnM&index=4"
+ }
+ ],
+ "name": "Self-service application installation"
+ },
+ {
+ "industryName": "Application management",
+ "description": "Manage updates and patches for apps on macOS, Windows, and Linux computers.",
+ "tier": "Premium",
+ "jamfProHasFeature": "appleOnly",
+ "jamfProtectHasFeature": "no",
+ "comingSoonOn": "2024-08-25",
+ "usualDepartment": "IT",
+ "productCategories": [
+ "Device management"
+ ],
+ "pricingTableCategories": [
+ "Devices"
+ ],
+ "moreInfoUrl": "https://github.com/fleetdm/fleet/issues/18865",
+ "name": "Application management",
+ "comingSoon": true
+ },
+ {
+ "industryName": "Script execution",
+ "friendlyName": "Safely execute custom scripts (macOS, Windows, and Linux)",
+ "description": "Deploy and execute custom scripts using a REST API, and manage your library of scripts in the UI or a git repo.",
+ "documentationUrl": "https://fleetdm.com/docs/using-fleet/scripts",
+ "tier": "Free",
+ "jamfProHasFeature": "yes",
+ "jamfProtectHasFeature": "no",
+ "dri": "mikermcneil",
+ "usualDepartment": "IT",
+ "productCategories": [
+ "Endpoint operations",
+ "Device management"
+ ],
+ "pricingTableCategories": [
+ "Devices"
+ ],
+ "demos": [
+ {
+ "description": "A large tech company used scripts to fix issues with their security and compliance agents on workstations."
+ }
+ ],
+ "buzzwords": [
+ "Remote script execution",
+ "PowerShell scripts",
+ "Bash scripts"
+ ],
+ "waysToUse": [
+ {
+ "description": "Execute custom macOS scripts (client platform engineering)",
+ "moreInfoUrl": "https://www.hexnode.com/blogs/executing-custom-mac-scripts-via-mdm/"
+ },
+ {
+ "description": "Execute custom Windows scripts (client platform engineering)",
+ "moreInfoUrl": "https://www.hexnode.com/blogs/executing-custom-windows-scripts-via-mdm/"
+ },
+ {
+ "description": "Use PowerShell scripts on Windows devices",
+ "moreInfoUrl": "https://learn.microsoft.com/en-us/mem/intune/apps/intune-management-extension"
+ },
+ {
+ "description": "Run PowerShell scripts for remediations (security engineering)",
+ "moreInfoUrl": "https://learn.microsoft.com/en-us/mem/intune/fundamentals/powershell-scripts-remediation"
+ },
+ {
+ "description": "Download and run remediation scripts",
+ "moreInfoUrl": "https://help.zscaler.com/deception/downloading-and-running-remediation-script"
+ },
+ {
+ "description": "Deploy custom scripts",
+ "moreInfoUrl": "https://scalefusion.com/custom-scripting"
+ },
+ {
+ "description": "Run scripts on online/offline hosts",
+ "moreInfoUrl": "https://github.com/fleetdm/fleet/issues/15529"
+ },
+ {
+ "description": "Only maintainers and admins can run scripts.",
+ "moreInfoUrl": "https://github.com/fleetdm/fleet/issues/19055"
+ }
+ ],
+ "name": "Script execution"
+ },
+ {
+ "industryName": "Device remediation",
+ "description": "Use Fleet Policies to detect the device state. Automate remediations for issues or allow users to remediate problems in self-service.",
+ "documentationUrl": "https://fleetdm.com/securing/end-user-self-remediation",
+ "tier": "Premium",
+ "jamfProHasFeature": "yes",
+ "jamfProtectHasFeature": "no",
+ "usualDepartment": "IT",
+ "productCategories": [
+ "Device management",
+ "Vulnerability management"
+ ],
+ "pricingTableCategories": [
+ "Devices"
+ ],
+ "waysToUse": [
+ {
+ "description": "Send software vulnerability emails to end users to encourage self-remediation."
+ }
+ ],
+ "name": "Device remediation"
+ },
+ {
+ "industryName": "Maintenance windows",
+ "friendlyName": "Fleet in your calendar",
+ "description": "Create a calendar event to auto-remediate failing policies when your end users are free.",
+ "documentationUrl": "https://github.com/fleetdm/fleet/issues/17230",
+ "tier": "Premium",
+ "jamfProHasFeature": "no",
+ "jamfProtectHasFeature": "no",
+ "isExperimental": "yes",
+ "productCategories": [
+ "Device management",
+ "Endpoint operations"
+ ],
+ "pricingTableCategories": [
+ "Devices"
+ ],
+ "name": "Maintenance windows"
+ },
+ {
+ "industryName": "Send lock and wipe commands",
+ "description": "Secure your devices with remote lock and wipe commands if lost or stolen.",
+ "documentationUrl": "https://fleetdm.com/docs/using-fleet/mdm-commands",
+ "waysToUse": [
+ {
+ "description": "High-level remote lock for macOS, Windows, and Linux.",
+ "moreInfoUrl": "https://github.com/fleetdm/fleet/issues/9949"
+ },
+ {
+ "description": "High-level remote wipe for macOS, Windows, and Linux.",
+ "moreInfoUrl": "https://github.com/fleetdm/fleet/issues/9951"
+ }
+ ],
+ "tier": "Premium",
+ "jamfProHasFeature": "appleOnly",
+ "jamfProtectHasFeature": "no",
+ "usualDepartment": "IT",
+ "productCategories": [
+ "Device management"
+ ],
+ "pricingTableCategories": [
+ "Devices"
+ ],
+ "name": "Send lock and wipe commands"
+ },
+ {
+ "industryName": "Queries",
+ "description": "Scheduled or saved queries with optional AI-generated descriptions, and, live queries for real-time data collection.",
+ "documentationUrl": "https://fleetdm.com/docs/using-fleet/fleet-ui",
+ "tier": "Free",
+ "jamfProHasFeature": "no",
+ "jamfProtectHasFeature": "no",
+ "productCategories": [
+ "Endpoint operations",
+ "Device management",
+ "Vulnerability management"
+ ],
+ "pricingTableCategories": [
+ "Devices"
+ ],
+ "usualDepartment": "IT",
+ "demos": [
+ {
+ "description": "A top financial services company needed to set up rolling deployments for changes to osquery agents running on their production servers.",
+ "moreInfoUrl": "https://docs.google.com/document/d/1UdzZMyBLbs9SUXfSXN2x2wZQCbjZZUetYlNWH6-ryqQ/edit#heading=h.2lh6ehprpvl6"
+ }
+ ],
+ "name": "Queries"
+ },
+ {
+ "industryName": "Query performance monitoring",
+ "documentationUrl": "https://fleetdm.com/docs/get-started/faq#will-fleet-slow-down-my-servers-what-about-my-employee-laptops",
+ "tier": "Free",
+ "jamfProHasFeature": "no",
+ "jamfProtectHasFeature": "no",
+ "productCategories": [
+ "Endpoint operations"
+ ],
+ "pricingTableCategories": [
+ "Devices"
+ ],
+ "demos": [
+ {
+ "description": "A top software company needed to understand the performance impact of osquery queries before running them on all of their production Linux servers.",
+ "moreInfoUrl": "https://docs.google.com/document/d/1WzMc8GJCRU6tTBb6gLsSTzFysqtXO8CtP2sXMPKgYSk/edit?disco=AAAA6xuVxGg"
+ },
+ {
+ "description": "A top software company wanted to detect regressions when adding/changing queries and fail builds if queries were too expensive.",
+ "moreInfoUrl": "https://docs.google.com/document/d/1WzMc8GJCRU6tTBb6gLsSTzFysqtXO8CtP2sXMPKgYSk/edit?disco=AAAA6xuVxGg"
+ }
+ ],
+ "waysToUse": [
+ {
+ "description": "Monitor performance for automated queries."
+ },
+ {
+ "description": "Monitor performance for live queries.",
+ "moreInfoUrl": "https://github.com/fleetdm/fleet/issues/467"
+ }
+ ],
+ "name": "Query performance monitoring"
+ },
+ {
+ "industryName": "Custom tables",
+ "friendlyName": "Add tables to osquery with extensions",
+ "description": "Create your own osquery tables, extensions & automatic table configurations or disable existing tables to maintain PII or privacy.",
+ "documentationUrl": "https://fleetdm.com/docs/configuration/agent-configuration#extensions",
+ "moreInfoUrl": "https://github.com/trailofbits/osquery-extensions/blob/3df2b72ad78549e25344c79dbc9bce6808c4d92a/README.md#extensions",
+ "tier": "Premium",
+ "jamfProHasFeature": "no",
+ "jamfProtectHasFeature": "no",
+ "productCategories": [
+ "Endpoint operations"
+ ],
+ "pricingTableCategories": [
+ "Devices"
+ ],
+ "usualDepartment": "IT",
+ "name": "Custom tables"
+ },
+ {
+ "industryName": "Remote settings",
+ "description": "Configure agent options remotely, over the air. (Includes osquery config, and osquery startup flags.).",
+ "documentationUrl": "https://fleetdm.com/docs/configuration/agent-configuration",
+ "moreInfoUrl": "https://github.com/fleetdm/fleet/issues/13825",
+ "tier": "Free",
+ "jamfProHasFeature": "no",
+ "jamfProtectHasFeature": "no",
+ "productCategories": [
+ "Endpoint operations"
+ ],
+ "pricingTableCategories": [
+ "Devices"
+ ],
+ "usualDepartment": "Security",
+ "name": "Remote settings"
+ },
+ {
+ "industryName": "Teams",
+ "friendlyName": "Manage different endpoints differently",
+ "documentationUrl": "https://fleetdm.com/docs/using-fleet/segment-hosts",
+ "description": "Teams are what Fleet calls baselines, kinda like security groups or images. Every host in a team matches the same baseline, with minor exceptions. This makes it faster and less risky to maintain computers, leading to faster timelines and fewer tickets.",
+ "tier": "Premium",
+ "jamfProHasFeature": "yes",
+ "jamfProtectHasFeature": "yes",
+ "productCategories": [
+ "Endpoint operations",
+ "Device management",
+ "Vulnerability management"
+ ],
+ "pricingTableCategories": [
+ "Devices"
+ ],
+ "waysToUse": [
+ {
+ "description": "Automate remediation for different applications with different security postures (cloud security engineering)"
+ }
+ ],
+ "name": "Teams"
+ },
+ {
+ "industryName": "Labels",
+ "documentationUrl": "https://fleetdm.com/docs/rest-api/rest-api#add-label",
+ "friendlyName": "Filter hosts using SQL",
+ "productCategories": [
+ "Endpoint operations",
+ "Device management",
+ "Vulnerability management"
+ ],
+ "pricingTableCategories": [
+ "Devices"
+ ],
+ "usualDepartment": "IT",
+ "tier": "Free",
+ "jamfProHasFeature": "no",
+ "jamfProtectHasFeature": "no",
+ "name": "Labels"
+ },
+ {
+ "industryName": "Policies",
+ "description": "A policy is a specific “yes” or “no” query. Use policies to manage security compliance in your organization.",
+ "documentationUrl": "https://fleetdm.com/docs/using-fleet/fleet-ui",
+ "tier": "Free",
+ "jamfProHasFeature": "yes",
+ "jamfProtectHasFeature": "no",
+ "productCategories": [
+ "Endpoint operations",
+ "Device management",
+ "Vulnerability management"
+ ],
+ "pricingTableCategories": [
+ "Devices"
+ ],
+ "usualDepartment": "IT",
+ "demos": [
+ {
+ "description": "A top financial services company needed to set up rolling deployments for changes to osquery agents running on their production servers.",
+ "moreInfoUrl": "https://docs.google.com/document/d/1UdzZMyBLbs9SUXfSXN2x2wZQCbjZZUetYlNWH6-ryqQ/edit#heading=h.2lh6ehprpvl6"
+ }
+ ],
+ "waysToUse": [
+ {
+ "description": "Trigger a workflow based on a failing policy",
+ "moreInfoUrl": "https://fleetdm.com/docs/using-fleet/automations#policy-automations"
+ }
+ ],
+ "name": "Policies"
+ },
+ {
+ "industryName": "File integrity monitoring (FIM)",
+ "friendlyName": "Detect changes to critical files",
+ "description": "Specify files to monitor for changes or deletions, then log those events to your SIEM or data lake, including key information such as filepath and checksum.",
+ "documentationUrl": "https://fleetdm.com/guides/osquery-evented-tables-overview#file-integrity-monitoring-fim",
+ "screenshotSrc": "",
+ "tier": "Free",
+ "jamfProHasFeature": "no",
+ "jamfProtectHasFeature": "yes",
+ "usualDepartment": "Security",
+ "productCategories": [
+ "Endpoint operations"
+ ],
+ "pricingTableCategories": [
+ "Devices"
+ ],
+ "dri": "mikermcneil",
+ "demos": [
+ {
+ "description": "A top gaming company needed a way to monitor critical files on production Debian servers.",
+ "quote": "The FIM features are kind of a top priority.",
+ "moreInfoUrl": "https://docs.google.com/document/d/1pE9U-1E4YDiy6h4TorszrTOiFAauFiORikSUFUqW7Pk/edit"
+ }
+ ],
+ "buzzwords": [
+ "File integrity monitoring (FIM)",
+ "Host-based intrusion detection system (HIDS)",
+ "Anomaly detection"
+ ],
+ "waysToUse": [
+ {
+ "description": "Monitor critical files on production Debian servers"
+ },
+ {
+ "description": "Detect anomalous filesystem activity",
+ "moreInfoUrl": "https://www.beyondtrust.com/resources/glossary/file-integrity-monitoring"
+ },
+ {
+ "description": "Detect unintended changes",
+ "moreInfoUrl": "https://www.beyondtrust.com/resources/glossary/file-integrity-monitoring"
+ },
+ {
+ "description": "Verify update status and monitor system health",
+ "moreInfoUrl": "https://www.beyondtrust.com/resources/glossary/file-integrity-monitoring"
+ },
+ {
+ "description": "Meet compliance mandates",
+ "moreInfoUrl": "https://www.beyondtrust.com/resources/glossary/file-integrity-monitoring"
+ }
+ ],
+ "name": "File integrity monitoring (FIM)"
+ },
+ {
+ "industryName": "File carving",
+ "description": "Write the results of complex queries to AWS S3.",
+ "documentationUrl": "https://fleetdm.com/docs/configuration/fleet-server-configuration#s-3-file-carving-backend",
+ "tier": "Free",
+ "jamfProHasFeature": "no",
+ "jamfProtectHasFeature": "no",
+ "usualDepartment": "Security",
+ "productCategories": [
+ "Endpoint operations"
+ ],
+ "pricingTableCategories": [
+ "Devices"
+ ],
+ "name": "File carving"
+ },
+ {
+ "industryName": "Binary authorization",
+ "friendlyName": "Restrict what programs can run, and what files running programs can access.",
+ "description": null,
+ "documentationUrl": null,
+ "tier": "Free",
+ "jamfProHasFeature": "yes",
+ "jamfProtectHasFeature": "yes",
+ "dri": "mikermcneil",
+ "usualDepartment": "Security",
+ "productCategories": [
+ "Endpoint operations"
+ ],
+ "pricingTableCategories": [
+ "Devices"
+ ],
+ "comingSoonOn": "2025-06-30",
+ "buzzwords": [
+ "Mandatory Access Control (MAC)",
+ "Privilege confinement",
+ "Binary authorization",
+ "Santa",
+ "Binary allowlisting",
+ "Binary whitelisting"
+ ],
+ "demos": [
+ {
+ "description": null,
+ "moreInfoUrl": null
+ }
+ ],
+ "waysToUse": [
+ {
+ "description": "Confine programs to a limited set of resources."
+ },
+ {
+ "description": "Report on AppArmor events",
+ "moreInfoUrl": "https://fleetdm.com/tables/apparmor_events"
+ },
+ {
+ "description": "Confine programs according to a set of rules that specify which files a program can access.",
+ "moreInfoUrl": "https://wiki.debian.org/AppArmor"
+ },
+ {
+ "description": "Proactively protect the system against both known and unknown vulnerabilities."
+ }
+ ],
+ "name": "Binary authorization",
+ "comingSoon": true
+ },
+ {
+ "industryName": "Reporting",
+ "description": "Generate reports based on searchable device attributes",
+ "documentationUrl": "https://fleetdm.com/docs/rest-api/rest-api#get-query-report",
+ "productCategories": [
+ "Endpoint operations",
+ "Device management",
+ "Vulnerability management"
+ ],
+ "pricingTableCategories": [
+ "Devices"
+ ],
+ "usualDepartment": "IT",
+ "tier": "Premium",
+ "jamfProHasFeature": "yes",
+ "jamfProtectHasFeature": "yes",
+ "name": "Reporting"
+ },
+ {
+ "industryName": "Incident response",
+ "friendlyName": "Interrogate hosts in real time",
+ "description": "Live query, triage, figuring out scope of impact, remediate using scripts or MDM commands (e.g. remote wipe), and quarantine or reimage using other systems and APIs (e.g. remove from network, decommission container)",
+ "documentationUrl": "https://fleetdm.com/securing/how-osquery-can-help-cyber-responders#simplifying-endpoint-visibility-with-osquery-and-fleet",
+ "tier": "Free",
+ "jamfProHasFeature": "yes",
+ "jamfProtectHasFeature": "yes",
+ "dri": "mikermcneil",
+ "usualDepartment": "Security",
+ "productCategories": [
+ "Endpoint operations"
+ ],
+ "pricingTableCategories": [
+ "Devices"
+ ],
+ "buzzwords": [],
+ "demos": [
+ {
+ "description": null,
+ "moreInfoUrl": null
+ }
+ ],
+ "waysToUse": [
+ {
+ "description": null
+ }
+ ],
+ "name": "Incident response"
+ },
+ {
+ "industryName": "Custom logging",
+ "description": "Flexible, configurable logging destinations (AWS Kinesis, Lambda, GCP, Kafka).",
+ "documentationUrl": "https://fleetdm.com/docs/using-fleet/log-destinations#log-destinations",
+ "tier": "Free",
+ "jamfProHasFeature": "yes",
+ "jamfProtectHasFeature": "yes",
+ "usualDepartment": "Security",
+ "productCategories": [
+ "Endpoint operations"
+ ],
+ "pricingTableCategories": [
+ "Devices"
+ ],
+ "buzzwords": [
+ "Real-time export",
+ "Ship logs"
+ ],
+ "name": "Custom logging"
+ },
+ {
+ "industryName": "Malware detection (YARA/custom IoCs)",
+ "friendlyName": "Scan files for zero days and malware signatures",
+ "description": "Use YARA signatures to report and trigger automations when zero days, malware, or unexpected files are detected on a host.",
+ "documentationUrl": "https://fleetdm.com/tables/yara",
+ "tier": "Free",
+ "jamfProHasFeature": "no",
+ "jamfProtectHasFeature": "yes",
+ "dri": "mikermcneil",
+ "usualDepartment": "Security",
+ "productCategories": [
+ "Endpoint operations",
+ "Vulnerability management"
+ ],
+ "pricingTableCategories": [
+ "Devices"
+ ],
+ "buzzwords": [
+ "YARA scanning",
+ "Cyber Threat Intelligence (CTI)",
+ "Indicators of compromise (IOCs)",
+ "Antivirus (AV)",
+ "Endpoint protection platform (EPP)",
+ "Endpoint detection and response (EDR)",
+ "Malware detection",
+ "Signature-based malware detection",
+ "Malware scanning",
+ "Malware analysis",
+ "Anomaly detection"
+ ],
+ "demos": [
+ {
+ "description": "A top media company used Fleet policies with YARA rules to continuously scan host filesystems for malware signatures provided by internal and external threat intelligence teams.",
+ "moreInfoUrl": null
+ }
+ ],
+ "waysToUse": [
+ {
+ "description": "Detect suspicious bytecode in JAR files"
+ },
+ {
+ "description": "Identify suspicious patterns in binaries using YARA signatures"
+ },
+ {
+ "description": "Continuously scan host filesystems for malware signatures.",
+ "moreInfoUrl": "https://yara.readthedocs.io/en/stable/writingrules.html"
+ },
+ {
+ "description": "Monitor for relevent filesystem changes (YARA events) and on-demand YARA signature scans.",
+ "moreInfoUrl": "https://osquery.readthedocs.io/en/stable/deployment/yara/"
+ },
+ {
+ "description": "Use YARA for malware detection",
+ "moreInfoUrl": "https://www.cisa.gov/sites/default/files/FactSheets/NCCIC%20ICS_FactSheet_YARA_S508C.pdf"
+ },
+ {
+ "description": "Scan for indicators of compromise (IoC) for common malware.",
+ "moreInfoUrl": "https://github.com/Cisco-Talos/osquery_queries"
+ },
+ {
+ "description": "Analyze malware using data from osquery, such as endpoint certificates and launch daemons (launchd).",
+ "moreInfoUrl": "https://medium.com/hackernoon/malware-analysis-using-osquery-part-3-9dc805b67d16"
+ },
+ {
+ "description": "Detect persistent malware (e.g. WireLurker) in endpoints by generating simple policies that search for their static indicators of compromise (IoCs).",
+ "moreInfoUrl": "https://osquery.readthedocs.io/en/stable/deployment/anomaly-detection/"
+ },
+ {
+ "description": "Run a targeted YARA scan with osquery as a lightweight approach to scan anything on a host filesystem, with minimal performance impact. Unlike full system YARA scans which consume considerable CPU resources, an equivalent YARA scan targeted in Fleet can be 8x cheaper (CPU %).",
+ "moreInfoUrl": "https://www.tripwire.com/state-of-security/signature-socket-based-malware-detection-osquery-yara"
+ }
+ ],
+ "name": "Malware detection (YARA/custom IoCs)"
+ },
+ {
+ "industryName": "Continuous scanning",
+ "friendlyName": "Detect vulnerable software",
+ "documentationUrl": "https://fleetdm.com/vulnerability-management",
+ "productCategories": [
+ "Vulnerability management"
+ ],
+ "pricingTableCategories": [
+ "Devices"
+ ],
+ "usualDepartment": "Security",
+ "tier": "Free",
+ "jamfProHasFeature": "no",
+ "jamfProtectHasFeature": "yes",
+ "buzzwords": [
+ "Stakeholder-specific vulnerability categorization (SSVC)",
+ "Continuous scanning",
+ "Continuous vulnerability scanning",
+ "Risk-based vulnerability management"
+ ],
+ "waysToUse": [
+ {
+ "description": "Use an SSVC decision tree model to prioritize relevant vulnerabilities into four possible decisions: \"Track\", \"Track*\", \"Attend\", and \"Act\".",
+ "moreInfoUrl": "https://www.cisa.gov/stakeholder-specific-vulnerability-categorization-ssvc"
+ },
+ {
+ "description": "Balint Fazakas: I think what offers a better use of CVSS if you break it down to vectors. You may find that a DoS (High Availability Impact) not as relevant for you, or equally a vulnerability requiring user interaction has a very low likelihood of exploit in another scenario. If you want to fine tune your SSVC, it worth using the vectors you care about instead of the score itself. But ultimately you would want to read the description of the vulnerabilities to determine the risk they are posing to your environment. SSVC can assist you to do that in a more efficient way.",
+ "moreInfoUrl": "https://www.linkedin.com/feed/update/urn:li:activity:7162614115025215488?commentUrn=urn%3Ali%3Acomment%3A%28activity%3A7162614115025215488%2C7162681703918985216%29&dashCommentUrn=urn%3Ali%3Afsd_comment%3A%287162681703918985216%2Curn%3Ali%3Aactivity%3A7162614115025215488%29"
+ },
+ {
+ "description": "Melissa Bischoping: CVSS is never enough to contextualize the urgency or risk of a vulnerability in your environment. It is one metric that needs to be part of an overall risk calculus, but a CVSS of 6 can be a greater threat in your organization than a CVSS of 10 based on the environmental variables and mitigations. Only two 10.0s here, but several lower severity that are resulting in high-impact breaches. Getting a handle on managing that public facing infrastructure and being able to rapidly patch the apps and devices with such exposure needs to be part of an overall plan, but must go hand in hand with mitigations and layers of a zero trust design. CVSS isn’t the sole determination of risk, it’s only one partial piece of data to understand the impact of a vulnerability if exploited.",
+ "moreInfoUrl": "https://www.linkedin.com/feed/update/urn:li:activity:7162614115025215488?commentUrn=urn%3Ali%3Acomment%3A%28activity%3A7162614115025215488%2C7162629486344159232%29&dashCommentUrn=urn%3Ali%3Afsd_comment%3A%287162629486344159232%2Curn%3Ali%3Aactivity%3A7162614115025215488%29"
+ }
+ ],
+ "demos": [
+ {
+ "description": "A top gaming company wanted to replace Qualys for infrastructure vulnerability detection.",
+ "quote": "So we have some stuff today through Qualys, but it's just not very good. A lot of it is...it's just really noisy. I'm trying to find out specifically, actually what packages are installed where, and then the ability to live query them.",
+ "moreInfoUrl": "https://docs.google.com/document/d/1JWtRsW1FUTCkZEESJj9-CvXjLXK4219by-C6vvVVyBY/edit"
+ },
+ {
+ "description": "One of the world's largest, top transportation companies uses Fleet's API to email relevant, actually-installed vulnerabilities to responsible teams so they can fix them.",
+ "moreInfoUrl": "https://docs.google.com/document/d/1oeCmT077o_5nxzLhnxs7kcg_4Qn1Pn1F5zx10nQOAp8/edit"
+ }
+ ],
+ "name": "Continuous scanning"
+ },
+ {
+ "industryName": "Vulnerability scores",
+ "friendlyName": "EPSS and CVSS",
+ "documentationUrl": "https://fleetdm.com/vulnerability-management",
+ "tier": "Premium",
+ "jamfProHasFeature": "no",
+ "jamfProtectHasFeature": "yes",
+ "usualDepartment": "Security",
+ "productCategories": [
+ "Vulnerability management"
+ ],
+ "pricingTableCategories": [
+ "Devices"
+ ],
+ "buzzwords": [
+ "Risk scores",
+ "Cyber risk",
+ "Risk reduction",
+ "Security operations effectiveness",
+ "Peer benchmarking",
+ "Security program effectiveness",
+ "Risk-based exposure scoring",
+ "Threat context",
+ "Cyber exposure",
+ "Exposure quantification and benchmarking",
+ "Optimize security investments",
+ "Vulnerability assessment"
+ ],
+ "demos": [
+ {
+ "description": "Fleet enables a more modern, threat-first prioritization approach to vulnerability management.",
+ "quote": "In reality, across our inventory of devices, it's unlikely to ever be exploited. I'd rather do that legwork on my team and then go and ask and prioritize work on these infrastructure teams that are already busy with things that could or could not be vulnerable. Being able to be more exact allows us to go to these teams less, which saves everybody time.",
+ "moreInfoUrl": "https://www.youtube.com/watch?v=G5Ry_vQPaYc&t=131s"
+ }
+ ],
+ "waysToUse": [
+ {
+ "description": "By leveraging EPSS (Exploit Prediction Scoring System), security professionals gain insight on the true risk behind rated CVEs."
+ },
+ {
+ "description": "An Introduction to EPSS, The Exploit Prediction Scoring System"
+ },
+ {
+ "moreInfoUrl": "https://www.youtube.com/watch?v=vw1RlZCSRcQ"
+ },
+ {
+ "description": "By extracting metadata from the National Vulnerability Database (NVD) and Microsoft Security Response Center (MSRC), we can determine which version of software is no longer vulnerable."
+ }
+ ],
+ "name": "Vulnerability scores"
+ },
+ {
+ "industryName": "CISA KEVs",
+ "description": "Known exploited vulnerabilities",
+ "documentationUrl": "https://fleetdm.com/vulnerability-management",
+ "tier": "Premium",
+ "jamfProHasFeature": "no",
+ "jamfProtectHasFeature": "yes",
+ "usualDepartment": "Security",
+ "productCategories": [
+ "Vulnerability management"
+ ],
+ "pricingTableCategories": [
+ "Devices"
+ ],
+ "demos": [
+ {
+ "description": null,
+ "moreInfoUrl": null
+ }
+ ],
+ "waysToUse": [
+ {
+ "description": "Help teams work on vulnerabilities that have actually been exploited (CISA KEVs) or have a high probability of being exploited (EPSS), or whatever is important in your environment."
+ },
+ {
+ "description": "Use CISA KEVs for vulnerability management"
+ },
+ {
+ "moreInfoUrl": "https://www.youtube.com/watch?v=Z3mw2oxssYk"
+ }
+ ],
+ "name": "CISA KEVs"
+ },
+ {
+ "industryName": "Asset discovery",
+ "documentationUrl": null,
+ "tier": "Premium",
+ "comingSoonOn": "2025-06-30",
+ "usualDepartment": "Security",
+ "productCategories": [
+ "Vulnerability management"
+ ],
+ "pricingTableCategories": [
+ "Devices"
+ ],
+ "name": "Asset discovery",
+ "comingSoon": true
+ },
+ {
+ "industryName": "REST API",
+ "friendlyName": "Automate any feature",
+ "description": null,
+ "productCategories": [
+ "Endpoint operations",
+ "Device management",
+ "Vulnerability management"
+ ],
+ "pricingTableCategories": [
+ "Integrations"
+ ],
+ "usualDepartment": "IT",
+ "documentationUrl": "https://fleetdm.com/docs/rest-api/rest-api",
+ "screenshotSrc": null,
+ "tier": "Free",
+ "jamfProHasFeature": "yes",
+ "jamfProtectHasFeature": "yes",
+ "dri": "rachaelshaw",
+ "name": "REST API"
+ },
+ {
+ "industryName": "Webhooks",
+ "friendlyName": "Automations",
+ "documentationUrl": "https://fleetdm.com/docs/using-fleet/automations#automations",
+ "productCategories": [
+ "Endpoint operations",
+ "Device management",
+ "Vulnerability management"
+ ],
+ "pricingTableCategories": [
+ "Integrations"
+ ],
+ "usualDepartment": "IT",
+ "tier": "Free",
+ "jamfProHasFeature": "yes",
+ "jamfProtectHasFeature": "yes",
+ "name": "Webhooks"
+ },
+ {
+ "industryName": "Grant API-only access",
+ "description": "Grant API-only access to accounts exclusively for automation.",
+ "documentationUrl": "https://fleetdm.com/docs/using-fleet/fleetctl-cli#using-fleetctl-with-an-api-only-user",
+ "productCategories": [
+ "Endpoint operations"
+ ],
+ "pricingTableCategories": [
+ "Integrations"
+ ],
+ "tier": "Free",
+ "jamfProHasFeature": "yes",
+ "jamfProtectHasFeature": "yes",
+ "name": "Grant API-only access"
+ },
+ {
+ "industryName": "Single sign on",
+ "description": "SSO, SAML",
+ "documentationUrl": "https://fleetdm.com/docs/deploy/single-sign-on-sso#single-sign-on-sso",
+ "productCategories": [
+ "Endpoint operations",
+ "Device management",
+ "Vulnerability management"
+ ],
+ "pricingTableCategories": [
+ "Integrations"
+ ],
+ "usualDepartment": "IT",
+ "tier": "Free",
+ "jamfProHasFeature": "yes",
+ "jamfProtectHasFeature": "yes",
+ "name": "Single sign on"
+ },
+ {
+ "industryName": "Automatic user creation (JIT, SCIM)",
+ "description": "Auto-create and manipulate Fleet users from Okta, etc with just-in-time (JIT) provisioning.",
+ "documentationUrl": "https://fleetdm.com/docs/deploy/single-sign-on-sso#just-in-time-jit-user-provisioning",
+ "productCategories": [
+ "Endpoint operations",
+ "Device management",
+ "Vulnerability management"
+ ],
+ "pricingTableCategories": [
+ "Integrations"
+ ],
+ "usualDepartment": "IT",
+ "tier": "Premium",
+ "jamfProHasFeature": "yes",
+ "jamfProtectHasFeature": "no",
+ "name": "Automatic user creation (JIT, SCIM)"
+ },
+ {
+ "industryName": "Third-party automation",
+ "friendlyName": "Borrow off-the-shelf tactics from the community",
+ "documentationUrl": "https://fleetdm.com/integrations",
+ "productCategories": [
+ "Endpoint operations",
+ "Device management",
+ "Vulnerability management"
+ ],
+ "pricingTableCategories": [
+ "Integrations"
+ ],
+ "usualDepartment": "IT",
+ "description": "Plug Fleet into other frameworks and tools like Tines, Snowflake, Terraform, Chronicle, Jira, Zendesk, etc",
+ "moreInfoUrl": "https://fleetdm.com/integrations",
+ "tier": "Free",
+ "jamfProHasFeature": "yes",
+ "jamfProtectHasFeature": "yes",
+ "waysToUse": [
+ {
+ "description": "(ActiveDirectory) Know who opened your computer and check their device posture before you let them log into anything."
+ },
+ {
+ "description": "(Ansible) Easily issue MDM commands and standardize data across operating systems."
+ },
+ {
+ "description": "(AWS) Deploy your own self-managed Fleet in any AWS environment in minutes."
+ },
+ {
+ "description": "(Azure) Deploy your own self-managed Fleet in the Microsoft Cloud in minutes."
+ },
+ {
+ "description": "(Chef) Easily issue MDM commands and standardize data across operating systems."
+ },
+ {
+ "description": "(Elastic) Ingest osquery data and monitor for important changes or events."
+ },
+ {
+ "description": "(GitHub) Version control using git, enabling collaboration and a GitOps workflow."
+ },
+ {
+ "description": "(GitLab) Version control using git, enabling collaboration and a GitOps workflow."
+ },
+ {
+ "description": "(Chronicle) Ingest osquery data and monitor for important changes or events."
+ },
+ {
+ "description": "(Google Cloud) Deploy your own self-managed Fleet in any GCP environment in minutes."
+ },
+ {
+ "description": "(Munki) Easily issue MDM commands and standardize data across operating systems."
+ },
+ {
+ "description": "(Okta) Know who opened your computer and check their device posture before you let them log into anything."
+ },
+ {
+ "description": "(Snowflake) Ingest osquery data and monitor for important changes or events."
+ },
+ {
+ "description": "(Splunk) Ingest osquery data and monitor for important changes or events."
+ },
+ {
+ "description": "(Tines) Build custom workflows that trigger in various situations."
+ },
+ {
+ "description": "(Webhooks) Configure automations that send webhooks to specific URLs when Fleet detects changes to host, policy, and CVE statuses."
+ },
+ {
+ "description": "(Zendesk) Automatically create Zendesk tickets in various situations."
+ },
+ {
+ "description": "(Jira) Automatically create Jira tickets in various situations, including exporting vulnerabilities to Jira and syncing tickets."
+ }
+ ],
+ "buzzwords": [
+ "Snowflake",
+ "Okta",
+ "Tines",
+ "Splunk",
+ "Elastic",
+ "AWS",
+ "ActiveDirectory",
+ "Ansible",
+ "GitHub",
+ "GitLab",
+ "Chronicle",
+ "Google Cloud",
+ "Munki",
+ "Vanta",
+ "Chef",
+ "Zendesk",
+ "Jira"
+ ],
+ "name": "Third-party automation"
+ },
+ {
+ "industryName": "Third-party orchestration",
+ "friendlyName": "Borrow off-the-shelf tactics from legendary brands",
+ "documentationUrl": "https://fleetdm.com/integrations",
+ "description": "Plug Fleet into other frameworks and tools like Puppet, Vanta, etc.",
+ "productCategories": [
+ "Endpoint operations",
+ "Device management",
+ "Vulnerability management"
+ ],
+ "pricingTableCategories": [
+ "Integrations"
+ ],
+ "usualDepartment": "IT",
+ "moreInfoUrl": "https://fleetdm.com/integrations",
+ "tier": "Premium",
+ "waysToUse": [
+ {
+ "description": "(Vanta) Trigger a workflow based on a failing policy."
+ },
+ {
+ "description": "(Puppet) Easily issue MDM commands, standardize data across operating systems, and map macOS+Windows settings to computers with the Puppet module."
+ },
+ {
+ "description": "(Torq) Build custom workflows that trigger in various situations."
+ },
+ {
+ "description": "(Custom IdP) Manage access to Fleet single sign-on (SSO) through any IdP (using SAML)."
+ }
+ ],
+ "buzzwords": [
+ "Vanta",
+ "Puppet",
+ "Custom IdP"
+ ],
+ "name": "Third-party orchestration"
+ },
+ {
+ "industryName": "Munki compatibility + visibility",
+ "tier": "Premium",
+ "jamfProHasFeature": "yes",
+ "jamfProtectHasFeature": "yes",
+ "usualDepartment": "IT",
+ "productCategories": [
+ "Device management"
+ ],
+ "pricingTableCategories": [
+ "Integrations"
+ ],
+ "name": "Munki compatibility + visibility"
+ },
+ {
+ "industryName": "Open-source issue tracker (GitHub)",
+ "documentationUrl": "https://fleetdm.com/support",
+ "productCategories": [
+ "Endpoint operations",
+ "Device management",
+ "Vulnerability management"
+ ],
+ "pricingTableCategories": [
+ "Support"
+ ],
+ "tier": "Free",
+ "jamfProHasFeature": "no",
+ "jamfProtectHasFeature": "no",
+ "name": "Open-source issue tracker (GitHub)"
+ },
+ {
+ "industryName": "Community Slack channel",
+ "documentationUrl": "https://fleetdm.com/support",
+ "productCategories": [
+ "Endpoint operations",
+ "Device management",
+ "Vulnerability management"
+ ],
+ "pricingTableCategories": [
+ "Support"
+ ],
+ "tier": "Free",
+ "jamfProHasFeature": "yes",
+ "jamfProtectHasFeature": "yes",
+ "name": "Community Slack channel"
+ },
+ {
+ "industryName": "Unlimited email support (confidential)",
+ "documentationUrl": "https://fleetdm.com/support",
+ "productCategories": [
+ "Endpoint operations",
+ "Device management",
+ "Vulnerability management"
+ ],
+ "pricingTableCategories": [
+ "Support"
+ ],
+ "tier": "Premium",
+ "jamfProHasFeature": "yes",
+ "jamfProtectHasFeature": "yes",
+ "name": "Unlimited email support (confidential)"
+ },
+ {
+ "industryName": "Phone and video call support",
+ "documentationUrl": "https://fleetdm.com/support",
+ "productCategories": [
+ "Endpoint operations",
+ "Device management",
+ "Vulnerability management"
+ ],
+ "pricingTableCategories": [
+ "Support"
+ ],
+ "tier": "Premium",
+ "jamfProHasFeature": "no",
+ "jamfProtectHasFeature": "no",
+ "name": "Phone and video call support"
+ }
+ ],
+ "markdownPages": [
+ {
+ "url": "/docs",
+ "title": "Readme.md",
+ "lastModifiedAt": 1726839803427,
+ "htmlId": "docs--readme--51292620cf",
+ "docNavCategory": "Uncategorized",
+ "sectionRelativeRepoPath": "README.md",
+ "meta": {}
+ },
+ {
+ "url": "/docs/rest-api/rest-api",
+ "title": "REST API",
+ "lastModifiedAt": 1726839804830,
+ "htmlId": "docs--rest-api--aa8babd202",
+ "pageOrderInSectionPath": 30,
+ "docNavCategory": "Uncategorized",
+ "sectionRelativeRepoPath": "REST API/rest-api.md",
+ "meta": {
+ "description": "Documentation for Fleet's REST API. See example requests and responses for each API endpoint."
+ }
+ },
+ {
+ "url": "/docs/configuration/agent-configuration",
+ "title": "Agent configuration",
+ "lastModifiedAt": 1726839804835,
+ "htmlId": "docs--agent-configuration--ac988306ab",
+ "pageOrderInSectionPath": 300,
+ "docNavCategory": "Uncategorized",
+ "sectionRelativeRepoPath": "Configuration/agent-configuration.md",
+ "meta": {
+ "description": "Learn how to use configuration files and the fleetctl command line tool to configure agent options."
+ }
+ },
+ {
+ "url": "/docs/configuration",
+ "title": "Configuration",
+ "lastModifiedAt": 1726839804836,
+ "htmlId": "docs--readme--71f5513034",
+ "docNavCategory": "Uncategorized",
+ "sectionRelativeRepoPath": "Configuration/README.md",
+ "meta": {}
+ },
+ {
+ "url": "/docs/configuration/fleet-server-configuration",
+ "title": "Fleet server configuration",
+ "lastModifiedAt": 1726839804850,
+ "htmlId": "docs--fleet-server-configu--51d934dc8a",
+ "pageOrderInSectionPath": 100,
+ "docNavCategory": "Uncategorized",
+ "sectionRelativeRepoPath": "Configuration/fleet-server-configuration.md",
+ "meta": {
+ "description": "This page includes resources for configuring the Fleet binary, managing osquery configurations, and running with systemd."
+ }
+ },
+ {
+ "url": "/docs/configuration/yaml-files",
+ "title": "YAML files",
+ "lastModifiedAt": 1726839804856,
+ "htmlId": "docs--yaml-files--1c08b93d5e",
+ "pageOrderInSectionPath": 1500,
+ "docNavCategory": "Uncategorized",
+ "sectionRelativeRepoPath": "Configuration/yaml-files.md",
+ "meta": {
+ "description": "Reference documentation for Fleet's GitOps workflow. See examples and configuration options."
+ }
+ },
+ {
+ "url": "/docs/rest-api",
+ "title": "REST API",
+ "lastModifiedAt": 1726839804857,
+ "htmlId": "docs--readme--1c430dc120",
+ "docNavCategory": "Uncategorized",
+ "sectionRelativeRepoPath": "REST API/README.md",
+ "meta": {}
+ },
+ {
+ "url": "/docs/deploy/reference-architectures",
+ "title": "Reference architectures",
+ "lastModifiedAt": 1726839804860,
+ "htmlId": "docs--reference-architectu--1e6f63e559",
+ "pageOrderInSectionPath": 400,
+ "docNavCategory": "Uncategorized",
+ "sectionRelativeRepoPath": "Deploy/Reference-Architectures.md",
+ "meta": {
+ "description": "An opinionated view of running Fleet in a production environment, and configuration strategies to enable high availability."
+ }
+ },
+ {
+ "url": "/docs/deploy",
+ "title": "Deploy",
+ "lastModifiedAt": 1726839804861,
+ "htmlId": "docs--readme--926e990cf4",
+ "docNavCategory": "Uncategorized",
+ "sectionRelativeRepoPath": "Deploy/README.md",
+ "meta": {
+ "description": "An overview of the deployment documentation for Fleet."
+ }
+ },
+ {
+ "url": "/docs/deploy/deploy-fleet",
+ "title": "Deploy Fleet",
+ "lastModifiedAt": 1726839804863,
+ "htmlId": "docs--deploy-fleet--82212f6ffe",
+ "pageOrderInSectionPath": 100,
+ "docNavCategory": "Uncategorized",
+ "sectionRelativeRepoPath": "Deploy/deploy-fleet.md",
+ "meta": {
+ "description": "Learn how to easily deploy Fleet on Render or AWS with Terraform."
+ }
+ },
+ {
+ "url": "/docs/deploy/single-sign-on-sso",
+ "title": "Single sign-on (SSO)",
+ "lastModifiedAt": 1726839804865,
+ "htmlId": "docs--single-sign-on-sso--89a4f43390",
+ "pageOrderInSectionPath": 200,
+ "docNavCategory": "Uncategorized",
+ "sectionRelativeRepoPath": "Deploy/single-sign-on-sso.md",
+ "meta": {
+ "description": "Learn how to configure single sign-on (SSO)"
+ }
+ },
+ {
+ "url": "/docs/get-started/faq",
+ "title": "FAQ",
+ "lastModifiedAt": 1726839804868,
+ "htmlId": "docs--faq--abab6eff91",
+ "docNavCategory": "Uncategorized",
+ "sectionRelativeRepoPath": "Get started/FAQ.md",
+ "meta": {
+ "description": "Commonly asked questions and answers about deployment from the Fleet community."
+ }
+ },
+ {
+ "url": "/docs/get-started",
+ "title": "Get started",
+ "lastModifiedAt": 1726839804869,
+ "htmlId": "docs--readme--3568e93d97",
+ "docNavCategory": "Uncategorized",
+ "sectionRelativeRepoPath": "Get started/README.md",
+ "meta": {}
+ },
+ {
+ "url": "/docs/get-started/anatomy",
+ "title": "Anatomy",
+ "lastModifiedAt": 1726839804869,
+ "htmlId": "docs--anatomy--1f83ca9de5",
+ "pageOrderInSectionPath": 200,
+ "docNavCategory": "Uncategorized",
+ "sectionRelativeRepoPath": "Get started/anatomy.md",
+ "meta": {}
+ },
+ {
+ "url": "/docs/get-started/why-fleet",
+ "title": "Why Fleet",
+ "lastModifiedAt": 1726839804870,
+ "htmlId": "docs--why-fleet--9ea776ea58",
+ "pageOrderInSectionPath": 100,
+ "docNavCategory": "Uncategorized",
+ "sectionRelativeRepoPath": "Get started/why-fleet.md",
+ "meta": {}
+ },
+ {
+ "url": "/docs/deploy/upgrading-fleet",
+ "title": "Upgrading Fleet",
+ "lastModifiedAt": 1726839804871,
+ "htmlId": "docs--upgrading-fleet--a39ae08550",
+ "pageOrderInSectionPath": 300,
+ "docNavCategory": "Uncategorized",
+ "sectionRelativeRepoPath": "Deploy/Upgrading-Fleet.md",
+ "meta": {
+ "description": "Learn how to upgrade your Fleet instance to the latest version."
+ }
+ },
+ {
+ "url": "/docs/get-started/tutorials-and-guides",
+ "title": "Tutorials and guides",
+ "lastModifiedAt": 1726839804872,
+ "htmlId": "docs--tutorials-and-guides--27a7cc6bcf",
+ "pageOrderInSectionPath": 300,
+ "docNavCategory": "Uncategorized",
+ "sectionRelativeRepoPath": "Get started/tutorials-and-guides.md",
+ "meta": {
+ "description": "Links to deployment tutorials and guides for using Fleet."
+ }
+ },
+ {
+ "url": "/docs/using-fleet",
+ "title": "Using Fleet",
+ "lastModifiedAt": 1726839804873,
+ "htmlId": "docs--readme--d3ac87c2d1",
+ "docNavCategory": "Uncategorized",
+ "sectionRelativeRepoPath": "Using Fleet/README.md",
+ "meta": {}
+ },
+ {
+ "url": "/handbook",
+ "title": "Readme.md",
+ "lastModifiedAt": 1726839804876,
+ "htmlId": "handbook--readme--58c6582576",
+ "sectionRelativeRepoPath": "README.md",
+ "meta": {
+ "maintainedBy": "mikermcneil"
+ },
+ "linksForHandbookIndex": [
+ {
+ "headingText": "Introduction",
+ "hashLink": "/handbook#introduction"
+ }
+ ]
+ },
+ {
+ "url": "/handbook/company",
+ "title": "🔭 Company",
+ "lastModifiedAt": 1726839804878,
+ "htmlId": "handbook--readme--e464663acc",
+ "sectionRelativeRepoPath": "company/README.md",
+ "meta": {
+ "maintainedBy": "mikermcneil"
+ },
+ "linksForHandbookIndex": [
+ {
+ "headingText": "Purpose",
+ "hashLink": "/handbook/company#purpose"
+ },
+ {
+ "headingText": "Culture",
+ "hashLink": "/handbook/company#culture"
+ },
+ {
+ "headingText": "Open positions",
+ "hashLink": "/handbook/company#open-positions"
+ },
+ {
+ "headingText": "Values",
+ "hashLink": "/handbook/company#values"
+ },
+ {
+ "headingText": "History",
+ "hashLink": "/handbook/company#history"
+ },
+ {
+ "headingText": "Org chart",
+ "hashLink": "/handbook/company#org-chart"
+ },
+ {
+ "headingText": "Advisors",
+ "hashLink": "/handbook/company#advisors"
+ }
+ ]
+ },
+ {
+ "url": "/handbook/company/handbook",
+ "title": "Handbook",
+ "lastModifiedAt": 1726839804879,
+ "htmlId": "handbook--handbook--9ae510ce56",
+ "sectionRelativeRepoPath": "company/handbook.md",
+ "meta": {
+ "maintainedBy": "mike-j-thomas"
+ },
+ "linksForHandbookIndex": [
+ {
+ "headingText": "Contributing to the handbook",
+ "hashLink": "/handbook/company/handbook#contributing-to-the-handbook"
+ }
+ ]
+ },
+ {
+ "url": "/handbook/company/communications",
+ "title": "🛰️ Communications",
+ "lastModifiedAt": 1726839804891,
+ "htmlId": "handbook--communications--f0d5a4a053",
+ "sectionRelativeRepoPath": "company/communications.md",
+ "meta": {
+ "maintainedBy": "mikermcneil"
+ },
+ "linksForHandbookIndex": [
+ {
+ "headingText": "All hands",
+ "hashLink": "/handbook/company/communications#all-hands"
+ },
+ {
+ "headingText": "Strategy",
+ "hashLink": "/handbook/company/communications#strategy"
+ },
+ {
+ "headingText": "Directly responsible individuals (DRIs)",
+ "hashLink": "/handbook/company/communications#directly-responsible-individuals-dr-is"
+ },
+ {
+ "headingText": "Tech stack admins",
+ "hashLink": "/handbook/company/communications#tech-stack-admins"
+ },
+ {
+ "headingText": "Fleetdm.com",
+ "hashLink": "/handbook/company/communications#fleetdm-com"
+ },
+ {
+ "headingText": "Marketing programs",
+ "hashLink": "/handbook/company/communications#marketing-programs"
+ },
+ {
+ "headingText": "Meetings",
+ "hashLink": "/handbook/company/communications#meetings"
+ },
+ {
+ "headingText": "Skip-level 1:1 meetings ",
+ "hashLink": "/handbook/company/communications#skip-level-1-1-meetings"
+ },
+ {
+ "headingText": "Zoom",
+ "hashLink": "/handbook/company/communications#zoom"
+ },
+ {
+ "headingText": "Levels of confidentiality",
+ "hashLink": "/handbook/company/communications#levels-of-confidentiality"
+ },
+ {
+ "headingText": "Google Drive",
+ "hashLink": "/handbook/company/communications#google-drive"
+ },
+ {
+ "headingText": "Email relays",
+ "hashLink": "/handbook/company/communications#email-relays"
+ },
+ {
+ "headingText": "Slack",
+ "hashLink": "/handbook/company/communications#slack"
+ },
+ {
+ "headingText": "GitHub",
+ "hashLink": "/handbook/company/communications#git-hub"
+ },
+ {
+ "headingText": "High priority user stories and bugs",
+ "hashLink": "/handbook/company/communications#high-priority-user-stories-and-bugs"
+ },
+ {
+ "headingText": "Figma",
+ "hashLink": "/handbook/company/communications#figma"
+ },
+ {
+ "headingText": "Spending company money",
+ "hashLink": "/handbook/company/communications#spending-company-money"
+ },
+ {
+ "headingText": "Travel",
+ "hashLink": "/handbook/company/communications#travel"
+ },
+ {
+ "headingText": "SOC 2",
+ "hashLink": "/handbook/company/communications#soc-2"
+ },
+ {
+ "headingText": "Vendor questionnaires ",
+ "hashLink": "/handbook/company/communications#vendor-questionnaires"
+ },
+ {
+ "headingText": "Getting a contract signed",
+ "hashLink": "/handbook/company/communications#getting-a-contract-signed"
+ },
+ {
+ "headingText": "Getting a contract reviewed",
+ "hashLink": "/handbook/company/communications#getting-a-contract-reviewed"
+ },
+ {
+ "headingText": "Trust",
+ "hashLink": "/handbook/company/communications#trust"
+ },
+ {
+ "headingText": "Benefits",
+ "hashLink": "/handbook/company/communications#benefits"
+ },
+ {
+ "headingText": "Compensation",
+ "hashLink": "/handbook/company/communications#compensation"
+ },
+ {
+ "headingText": "Team member onboarding",
+ "hashLink": "/handbook/company/communications#team-member-onboarding"
+ },
+ {
+ "headingText": "Performance feedback",
+ "hashLink": "/handbook/company/communications#performance-feedback"
+ },
+ {
+ "headingText": "Equipment",
+ "hashLink": "/handbook/company/communications#equipment"
+ },
+ {
+ "headingText": "Writing",
+ "hashLink": "/handbook/company/communications#writing"
+ },
+ {
+ "headingText": "Writing in Fleet-flavored Markdown",
+ "hashLink": "/handbook/company/communications#writing-in-fleet-flavored-markdown"
+ },
+ {
+ "headingText": "Things",
+ "hashLink": "/handbook/company/communications#things"
+ },
+ {
+ "headingText": "Commonly used terms",
+ "hashLink": "/handbook/company/communications#commonly-used-terms"
+ }
+ ]
+ },
+ {
+ "url": "/handbook/company/leadership",
+ "title": "🛠️ Leadership",
+ "lastModifiedAt": 1726839804898,
+ "htmlId": "handbook--leadership--7d8a02ee64",
+ "sectionRelativeRepoPath": "company/leadership.md",
+ "meta": {
+ "maintainedBy": "mikermcneil"
+ },
+ "linksForHandbookIndex": [
+ {
+ "headingText": "CEO flaws",
+ "hashLink": "/handbook/company/leadership#ceo-flaws"
+ },
+ {
+ "headingText": "Contact the CEO",
+ "hashLink": "/handbook/company/leadership#contact-the-ceo"
+ },
+ {
+ "headingText": "CEO responsibilities",
+ "hashLink": "/handbook/company/leadership#ceo-responsibilities"
+ },
+ {
+ "headingText": "Outline of departmental page structure",
+ "hashLink": "/handbook/company/leadership#outline-of-departmental-page-structure"
+ },
+ {
+ "headingText": "Key reviews",
+ "hashLink": "/handbook/company/leadership#key-reviews"
+ },
+ {
+ "headingText": "Hiring",
+ "hashLink": "/handbook/company/leadership#hiring"
+ },
+ {
+ "headingText": "CEO shadow program",
+ "hashLink": "/handbook/company/leadership#ceo-shadow-program"
+ },
+ {
+ "headingText": "Tracking hours",
+ "hashLink": "/handbook/company/leadership#tracking-hours"
+ },
+ {
+ "headingText": "Communicating departures",
+ "hashLink": "/handbook/company/leadership#communicating-departures"
+ },
+ {
+ "headingText": "Changing someone's position",
+ "hashLink": "/handbook/company/leadership#changing-someone-s-position"
+ },
+ {
+ "headingText": "Delivering performance feedback",
+ "hashLink": "/handbook/company/leadership#delivering-performance-feedback"
+ }
+ ]
+ },
+ {
+ "url": "/handbook/company/product-groups",
+ "title": "🛩️ Product groups",
+ "lastModifiedAt": 1726839804907,
+ "htmlId": "handbook--product-groups--44ec471e19",
+ "sectionRelativeRepoPath": "company/product-groups.md",
+ "meta": {
+ "maintainedBy": "lukeheath"
+ },
+ "linksForHandbookIndex": [
+ {
+ "headingText": "Product roadmap",
+ "hashLink": "/handbook/company/product-groups#product-roadmap"
+ },
+ {
+ "headingText": "What are product groups?",
+ "hashLink": "/handbook/company/product-groups#what-are-product-groups"
+ },
+ {
+ "headingText": "Current product groups",
+ "hashLink": "/handbook/company/product-groups#current-product-groups"
+ },
+ {
+ "headingText": "Making changes",
+ "hashLink": "/handbook/company/product-groups#making-changes"
+ },
+ {
+ "headingText": "Outages",
+ "hashLink": "/handbook/company/product-groups#outages"
+ },
+ {
+ "headingText": "Scaling Fleet",
+ "hashLink": "/handbook/company/product-groups#scaling-fleet"
+ },
+ {
+ "headingText": "Load testing",
+ "hashLink": "/handbook/company/product-groups#load-testing"
+ },
+ {
+ "headingText": "Version support",
+ "hashLink": "/handbook/company/product-groups#version-support"
+ },
+ {
+ "headingText": "Release testing",
+ "hashLink": "/handbook/company/product-groups#release-testing"
+ },
+ {
+ "headingText": "Feature fest",
+ "hashLink": "/handbook/company/product-groups#feature-fest"
+ },
+ {
+ "headingText": "Quality",
+ "hashLink": "/handbook/company/product-groups#quality"
+ },
+ {
+ "headingText": "How to reach the developer on-call",
+ "hashLink": "/handbook/company/product-groups#how-to-reach-the-developer-on-call"
+ },
+ {
+ "headingText": "Wireframes",
+ "hashLink": "/handbook/company/product-groups#wireframes"
+ },
+ {
+ "headingText": "Meetings",
+ "hashLink": "/handbook/company/product-groups#meetings"
+ },
+ {
+ "headingText": "Development best practices",
+ "hashLink": "/handbook/company/product-groups#development-best-practices"
+ },
+ {
+ "headingText": "Product design conventions",
+ "hashLink": "/handbook/company/product-groups#product-design-conventions"
+ },
+ {
+ "headingText": "Scrum at Fleet",
+ "hashLink": "/handbook/company/product-groups#scrum-at-fleet"
+ },
+ {
+ "headingText": "Sprints",
+ "hashLink": "/handbook/company/product-groups#sprints"
+ },
+ {
+ "headingText": "Outside contributions",
+ "hashLink": "/handbook/company/product-groups#outside-contributions"
+ }
+ ]
+ },
+ {
+ "url": "/handbook/company/why-this-way",
+ "title": "💭 Why this way?",
+ "lastModifiedAt": 1726839804912,
+ "htmlId": "handbook--why-this-way--52ff9aa8d3",
+ "sectionRelativeRepoPath": "company/why-this-way.md",
+ "meta": {
+ "maintainedBy": "mikermcneil"
+ },
+ "linksForHandbookIndex": [
+ {
+ "headingText": "Why open source?",
+ "hashLink": "/handbook/company/why-this-way#why-open-source"
+ },
+ {
+ "headingText": "Why handbook-first strategy?",
+ "hashLink": "/handbook/company/why-this-way#why-handbook-first-strategy"
+ },
+ {
+ "headingText": "Why read documentation?",
+ "hashLink": "/handbook/company/why-this-way#why-read-documentation"
+ },
+ {
+ "headingText": "Why the emphasis on training?",
+ "hashLink": "/handbook/company/why-this-way#why-the-emphasis-on-training"
+ },
+ {
+ "headingText": "Why direct responsibility?",
+ "hashLink": "/handbook/company/why-this-way#why-direct-responsibility"
+ },
+ {
+ "headingText": "Why do we use a wireframe-first approach?",
+ "hashLink": "/handbook/company/why-this-way#why-do-we-use-a-wireframe-first-approach"
+ },
+ {
+ "headingText": "Why do we use one repo?",
+ "hashLink": "/handbook/company/why-this-way#why-do-we-use-one-repo"
+ },
+ {
+ "headingText": "Why not continuously generate REST API reference docs from javadoc-style code comments?",
+ "hashLink": "/handbook/company/why-this-way#why-not-continuously-generate-rest-api-reference-docs-from-javadoc-style-code-comments"
+ },
+ {
+ "headingText": "Why group Slack channels?",
+ "hashLink": "/handbook/company/why-this-way#why-group-slack-channels"
+ },
+ {
+ "headingText": "Why make work visible?",
+ "hashLink": "/handbook/company/why-this-way#why-make-work-visible"
+ },
+ {
+ "headingText": "Why agile?",
+ "hashLink": "/handbook/company/why-this-way#why-agile"
+ },
+ {
+ "headingText": "Why a three-week cadence?",
+ "hashLink": "/handbook/company/why-this-way#why-a-three-week-cadence"
+ },
+ {
+ "headingText": "Why spend so much energy responding to every potential production incident?",
+ "hashLink": "/handbook/company/why-this-way#why-spend-so-much-energy-responding-to-every-potential-production-incident"
+ },
+ {
+ "headingText": "Why make it obvious when stuff breaks?",
+ "hashLink": "/handbook/company/why-this-way#why-make-it-obvious-when-stuff-breaks"
+ },
+ {
+ "headingText": "Why keep issue templates simple?",
+ "hashLink": "/handbook/company/why-this-way#why-keep-issue-templates-simple"
+ },
+ {
+ "headingText": "Why spend less?",
+ "hashLink": "/handbook/company/why-this-way#why-spend-less"
+ },
+ {
+ "headingText": "Why don't we sell like everyone else?",
+ "hashLink": "/handbook/company/why-this-way#why-don-t-we-sell-like-everyone-else"
+ },
+ {
+ "headingText": "Why does Fleet support query packs?",
+ "hashLink": "/handbook/company/why-this-way#why-does-fleet-support-query-packs"
+ },
+ {
+ "headingText": "Why does Fleet use sentence case?",
+ "hashLink": "/handbook/company/why-this-way#why-does-fleet-use-sentence-case"
+ },
+ {
+ "headingText": "Why not use superlatives?",
+ "hashLink": "/handbook/company/why-this-way#why-not-use-superlatives"
+ },
+ {
+ "headingText": "Why does Fleet use \"MDM on/off\" instead of \"MDM enrolled/unenrolled\"?",
+ "hashLink": "/handbook/company/why-this-way#why-does-fleet-use-mdm-on-off-instead-of-mdm-enrolled-unenrolled"
+ },
+ {
+ "headingText": "Why not mention the CEO in Slack threads?",
+ "hashLink": "/handbook/company/why-this-way#why-not-mention-the-ceo-in-slack-threads"
+ }
+ ]
+ },
+ {
+ "url": "/handbook/customer-success",
+ "title": "🌦️ Customer Success",
+ "lastModifiedAt": 1726839804915,
+ "htmlId": "handbook--readme--f00a4291b8",
+ "sectionRelativeRepoPath": "customer-success/README.md",
+ "meta": {
+ "maintainedBy": "zayhanlon"
+ },
+ "linksForHandbookIndex": [
+ {
+ "headingText": "Team",
+ "hashLink": "/handbook/customer-success#team"
+ },
+ {
+ "headingText": "Contact us",
+ "hashLink": "/handbook/customer-success#contact-us"
+ },
+ {
+ "headingText": "Responsibilities",
+ "hashLink": "/handbook/customer-success#responsibilities"
+ },
+ {
+ "headingText": "Rituals",
+ "hashLink": "/handbook/customer-success#rituals"
+ }
+ ]
+ },
+ {
+ "url": "/handbook/engineering/debugging",
+ "title": "Debugging",
+ "lastModifiedAt": 1726839804916,
+ "htmlId": "handbook--debugging--72906ebdd6",
+ "sectionRelativeRepoPath": "engineering/Debugging.md",
+ "meta": {
+ "maintainedBy": "lukeheath",
+ "description": "A guide to triaging and diagnosing issues in Fleet."
+ },
+ "linksForHandbookIndex": [
+ {
+ "headingText": "Goals of this guide",
+ "hashLink": "/handbook/engineering/debugging#goals-of-this-guide"
+ },
+ {
+ "headingText": "Basic data that is needed",
+ "hashLink": "/handbook/engineering/debugging#basic-data-that-is-needed"
+ },
+ {
+ "headingText": "Triaging the issue",
+ "hashLink": "/handbook/engineering/debugging#triaging-the-issue"
+ }
+ ]
+ },
+ {
+ "url": "/handbook/engineering/load-testing",
+ "title": "Load testing",
+ "lastModifiedAt": 1726839804917,
+ "htmlId": "handbook--load-testing--5fd9ee04e0",
+ "sectionRelativeRepoPath": "engineering/Load-testing.md",
+ "meta": {
+ "maintainedBy": "lukeheath",
+ "description": "This page outlines the most recent results of a semi-annual load test of the Fleet server."
+ },
+ "linksForHandbookIndex": [
+ {
+ "headingText": "Test parameters",
+ "hashLink": "/handbook/engineering/load-testing#test-parameters"
+ },
+ {
+ "headingText": "Results",
+ "hashLink": "/handbook/engineering/load-testing#results"
+ },
+ {
+ "headingText": "How we are simulating osquery",
+ "hashLink": "/handbook/engineering/load-testing#how-we-are-simulating-osquery"
+ },
+ {
+ "headingText": "Infrastructure setup",
+ "hashLink": "/handbook/engineering/load-testing#infrastructure-setup"
+ },
+ {
+ "headingText": "Limitations",
+ "hashLink": "/handbook/engineering/load-testing#limitations"
+ }
+ ]
+ },
+ {
+ "url": "/handbook/engineering",
+ "title": "🚀 Engineering",
+ "lastModifiedAt": 1726839804924,
+ "htmlId": "handbook--readme--777ccc3e11",
+ "sectionRelativeRepoPath": "engineering/README.md",
+ "meta": {
+ "maintainedBy": "lukeheath"
+ },
+ "linksForHandbookIndex": [
+ {
+ "headingText": "Team",
+ "hashLink": "/handbook/engineering#team"
+ },
+ {
+ "headingText": "Contact us",
+ "hashLink": "/handbook/engineering#contact-us"
+ },
+ {
+ "headingText": "Responsibilities",
+ "hashLink": "/handbook/engineering#responsibilities"
+ },
+ {
+ "headingText": "Rituals",
+ "hashLink": "/handbook/engineering#rituals"
+ }
+ ]
+ },
+ {
+ "url": "/handbook/engineering/scaling-fleet",
+ "title": "Scaling Fleet",
+ "lastModifiedAt": 1726839804925,
+ "htmlId": "handbook--scaling-fleet--7496895e6e",
+ "sectionRelativeRepoPath": "engineering/scaling-fleet.md",
+ "meta": {
+ "maintainedBy": "lukeheath"
+ }
+ },
+ {
+ "url": "/handbook/finance",
+ "title": "💸 Finance",
+ "lastModifiedAt": 1726839804931,
+ "htmlId": "handbook--readme--adb6ad624d",
+ "sectionRelativeRepoPath": "finance/README.md",
+ "meta": {
+ "maintainedBy": "jostableford"
+ },
+ "linksForHandbookIndex": [
+ {
+ "headingText": "Team",
+ "hashLink": "/handbook/finance#team"
+ },
+ {
+ "headingText": "Contact us",
+ "hashLink": "/handbook/finance#contact-us"
+ },
+ {
+ "headingText": "Responsibilities",
+ "hashLink": "/handbook/finance#responsibilities"
+ },
+ {
+ "headingText": "Rituals",
+ "hashLink": "/handbook/finance#rituals"
+ }
+ ]
+ },
+ {
+ "url": "/handbook/demand",
+ "title": "🫧 Demand",
+ "lastModifiedAt": 1726839804935,
+ "htmlId": "handbook--readme--5f95cdc89d",
+ "sectionRelativeRepoPath": "demand/README.md",
+ "meta": {
+ "maintainedBy": "Drew-P-Drawers"
+ },
+ "linksForHandbookIndex": [
+ {
+ "headingText": "Team",
+ "hashLink": "/handbook/demand#team"
+ },
+ {
+ "headingText": "Contact us",
+ "hashLink": "/handbook/demand#contact-us"
+ },
+ {
+ "headingText": "Responsibilities",
+ "hashLink": "/handbook/demand#responsibilities"
+ },
+ {
+ "headingText": "Rituals",
+ "hashLink": "/handbook/demand#rituals"
+ }
+ ]
+ },
+ {
+ "url": "/handbook/product-design",
+ "title": "🦢 Product design",
+ "lastModifiedAt": 1726839804937,
+ "htmlId": "handbook--readme--5ce44066f3",
+ "sectionRelativeRepoPath": "product-design/README.md",
+ "meta": {
+ "maintainedBy": "noahtalerman"
+ },
+ "linksForHandbookIndex": [
+ {
+ "headingText": "Team",
+ "hashLink": "/handbook/product-design#team"
+ },
+ {
+ "headingText": "Contact us",
+ "hashLink": "/handbook/product-design#contact-us"
+ },
+ {
+ "headingText": "Responsibilities",
+ "hashLink": "/handbook/product-design#responsibilities"
+ },
+ {
+ "headingText": "Rituals",
+ "hashLink": "/handbook/product-design#rituals"
+ }
+ ]
+ },
+ {
+ "url": "/handbook/digital-experience/application-security",
+ "title": "Application security",
+ "lastModifiedAt": 1726839804939,
+ "htmlId": "handbook--application-security--60a7adaa5a",
+ "sectionRelativeRepoPath": "digital-experience/application-security.md",
+ "meta": {
+ "description": "Explore Fleet's application security practices, including secure coding, SQL injection prevention, authentication, data encryption, access controls, and more.",
+ "maintainedBy": "hollidayn"
+ }
+ },
+ {
+ "url": "/handbook/digital-experience",
+ "title": "🌐 Digital Experience",
+ "lastModifiedAt": 1726839804945,
+ "htmlId": "handbook--readme--7c78659bd2",
+ "sectionRelativeRepoPath": "digital-experience/README.md",
+ "meta": {
+ "maintainedBy": "Sampfluger88"
+ },
+ "linksForHandbookIndex": [
+ {
+ "headingText": "Team",
+ "hashLink": "/handbook/digital-experience#team"
+ },
+ {
+ "headingText": "Contact us",
+ "hashLink": "/handbook/digital-experience#contact-us"
+ },
+ {
+ "headingText": "Responsibilities",
+ "hashLink": "/handbook/digital-experience#responsibilities"
+ },
+ {
+ "headingText": "Rituals",
+ "hashLink": "/handbook/digital-experience#rituals"
+ }
+ ]
+ },
+ {
+ "url": "/handbook/digital-experience/security-audits",
+ "title": "Security audits",
+ "lastModifiedAt": 1726839804948,
+ "htmlId": "handbook--security-audits--b0d65992c5",
+ "sectionRelativeRepoPath": "digital-experience/security-audits.md",
+ "meta": {
+ "description": "Explanations of the latest external security audits performed on Fleet software.",
+ "maintainedBy": "hollidayn"
+ },
+ "linksForHandbookIndex": [
+ {
+ "headingText": "June 2024 penetration testing of Fleet 4.50.1",
+ "hashLink": "/handbook/digital-experience/security-audits#june-2024-penetration-testing-of-fleet-4-50-1"
+ },
+ {
+ "headingText": "June 2023 penetration testing of Fleet 4.32 ",
+ "hashLink": "/handbook/digital-experience/security-audits#june-2023-penetration-testing-of-fleet-4-32"
+ },
+ {
+ "headingText": "April 2022 penetration testing of Fleet 4.12 ",
+ "hashLink": "/handbook/digital-experience/security-audits#april-2022-penetration-testing-of-fleet-4-12"
+ },
+ {
+ "headingText": "August 2021 security of Orbit auto-updater",
+ "hashLink": "/handbook/digital-experience/security-audits#august-2021-security-of-orbit-auto-updater"
+ }
+ ]
+ },
+ {
+ "url": "/handbook/digital-experience/security-policies",
+ "title": "📜 Security policies",
+ "lastModifiedAt": 1726839804955,
+ "htmlId": "handbook--security-policies--96158a5cf6",
+ "sectionRelativeRepoPath": "digital-experience/security-policies.md",
+ "meta": {
+ "maintainedBy": "jostableford"
+ },
+ "linksForHandbookIndex": [
+ {
+ "headingText": "Information security policy and acceptable use policy",
+ "hashLink": "/handbook/digital-experience/security-policies#information-security-policy-and-acceptable-use-policy"
+ },
+ {
+ "headingText": "Access control policy",
+ "hashLink": "/handbook/digital-experience/security-policies#access-control-policy"
+ },
+ {
+ "headingText": "Asset management policy",
+ "hashLink": "/handbook/digital-experience/security-policies#asset-management-policy"
+ },
+ {
+ "headingText": "Business continuity and disaster recovery policy",
+ "hashLink": "/handbook/digital-experience/security-policies#business-continuity-and-disaster-recovery-policy"
+ },
+ {
+ "headingText": "Data management policy",
+ "hashLink": "/handbook/digital-experience/security-policies#data-management-policy"
+ },
+ {
+ "headingText": "Encryption policy",
+ "hashLink": "/handbook/digital-experience/security-policies#encryption-policy"
+ },
+ {
+ "headingText": "Human resources security policy",
+ "hashLink": "/handbook/digital-experience/security-policies#human-resources-security-policy"
+ },
+ {
+ "headingText": "Incident response policy",
+ "hashLink": "/handbook/digital-experience/security-policies#incident-response-policy"
+ },
+ {
+ "headingText": "Network and system hardening standards",
+ "hashLink": "/handbook/digital-experience/security-policies#network-and-system-hardening-standards"
+ },
+ {
+ "headingText": "Operations security and change management policy",
+ "hashLink": "/handbook/digital-experience/security-policies#operations-security-and-change-management-policy"
+ },
+ {
+ "headingText": "Risk management policy",
+ "hashLink": "/handbook/digital-experience/security-policies#risk-management-policy"
+ },
+ {
+ "headingText": "Secure software development and product security policy ",
+ "hashLink": "/handbook/digital-experience/security-policies#secure-software-development-and-product-security-policy"
+ },
+ {
+ "headingText": "Security policy management policy",
+ "hashLink": "/handbook/digital-experience/security-policies#security-policy-management-policy"
+ },
+ {
+ "headingText": "Third-party management policy",
+ "hashLink": "/handbook/digital-experience/security-policies#third-party-management-policy"
+ },
+ {
+ "headingText": "Anti-corruption policy",
+ "hashLink": "/handbook/digital-experience/security-policies#anti-corruption-policy"
+ }
+ ]
+ },
+ {
+ "url": "/handbook/digital-experience/vendor-questionnaires",
+ "title": "📃 Vendor questionnaires",
+ "lastModifiedAt": 1726839804956,
+ "htmlId": "handbook--vendor-questionnaire--46cac642a1",
+ "sectionRelativeRepoPath": "digital-experience/vendor-questionnaires.md",
+ "meta": {
+ "maintainedBy": "dherder"
+ },
+ "linksForHandbookIndex": [
+ {
+ "headingText": "Scoping",
+ "hashLink": "/handbook/digital-experience/vendor-questionnaires#scoping"
+ },
+ {
+ "headingText": "Application security",
+ "hashLink": "/handbook/digital-experience/vendor-questionnaires#application-security"
+ },
+ {
+ "headingText": "Data security",
+ "hashLink": "/handbook/digital-experience/vendor-questionnaires#data-security"
+ },
+ {
+ "headingText": "Service monitoring and logging",
+ "hashLink": "/handbook/digital-experience/vendor-questionnaires#service-monitoring-and-logging"
+ },
+ {
+ "headingText": "Encryption and key management",
+ "hashLink": "/handbook/digital-experience/vendor-questionnaires#encryption-and-key-management"
+ },
+ {
+ "headingText": "Governance and risk management",
+ "hashLink": "/handbook/digital-experience/vendor-questionnaires#governance-and-risk-management"
+ },
+ {
+ "headingText": "Business continuity",
+ "hashLink": "/handbook/digital-experience/vendor-questionnaires#business-continuity"
+ },
+ {
+ "headingText": "Network security",
+ "hashLink": "/handbook/digital-experience/vendor-questionnaires#network-security"
+ },
+ {
+ "headingText": "Privacy",
+ "hashLink": "/handbook/digital-experience/vendor-questionnaires#privacy"
+ },
+ {
+ "headingText": "Sub-processors",
+ "hashLink": "/handbook/digital-experience/vendor-questionnaires#sub-processors"
+ }
+ ]
+ },
+ {
+ "url": "/handbook/digital-experience/security",
+ "title": "Security",
+ "lastModifiedAt": 1726839804965,
+ "htmlId": "handbook--security--585b03364d",
+ "sectionRelativeRepoPath": "digital-experience/security.md",
+ "meta": {
+ "maintainedBy": "hollidayn"
+ },
+ "linksForHandbookIndex": [
+ {
+ "headingText": "Security policies",
+ "hashLink": "/handbook/digital-experience/security#security-policies"
+ },
+ {
+ "headingText": "Account recovery process",
+ "hashLink": "/handbook/digital-experience/security#account-recovery-process"
+ },
+ {
+ "headingText": "How we protect end-user devices",
+ "hashLink": "/handbook/digital-experience/security#how-we-protect-end-user-devices"
+ },
+ {
+ "headingText": "Hardware security keys",
+ "hashLink": "/handbook/digital-experience/security#hardware-security-keys"
+ },
+ {
+ "headingText": "GitHub security",
+ "hashLink": "/handbook/digital-experience/security#git-hub-security"
+ },
+ {
+ "headingText": "Google Workspace security",
+ "hashLink": "/handbook/digital-experience/security#google-workspace-security"
+ },
+ {
+ "headingText": "Vulnerability management",
+ "hashLink": "/handbook/digital-experience/security#vulnerability-management"
+ },
+ {
+ "headingText": "Trust report",
+ "hashLink": "/handbook/digital-experience/security#trust-report"
+ },
+ {
+ "headingText": "Securtiy audits",
+ "hashLink": "/handbook/digital-experience/security#securtiy-audits"
+ },
+ {
+ "headingText": "Application security",
+ "hashLink": "/handbook/digital-experience/security#application-security"
+ }
+ ]
+ },
+ {
+ "url": "/handbook/sales",
+ "title": "🐋 Sales",
+ "lastModifiedAt": 1726839804968,
+ "htmlId": "handbook--readme--4fe57c451a",
+ "sectionRelativeRepoPath": "sales/README.md",
+ "meta": {
+ "maintainedBy": "alexmitchelliii"
+ },
+ "linksForHandbookIndex": [
+ {
+ "headingText": "Team",
+ "hashLink": "/handbook/sales#team"
+ },
+ {
+ "headingText": "Contact us",
+ "hashLink": "/handbook/sales#contact-us"
+ },
+ {
+ "headingText": "Responsibilities",
+ "hashLink": "/handbook/sales#responsibilities"
+ },
+ {
+ "headingText": "Rituals",
+ "hashLink": "/handbook/sales#rituals"
+ }
+ ]
+ },
+ {
+ "url": "/engineering/tips-for-github-actions-usability",
+ "title": "Tips for github actions usability",
+ "lastModifiedAt": 1726839804972,
+ "htmlId": "articles--4-tips-for-github-ac--c93d8d672b",
+ "sectionRelativeRepoPath": "4-tips-for-github-actions-usability.md",
+ "meta": {
+ "category": "engineering",
+ "authorGitHubUsername": "zwass",
+ "authorFullName": "Zach Wasserman",
+ "publishedOn": "2022-01-03",
+ "articleTitle": "4 tips for GitHub Actions usability (+2 bonus tips for debugging)",
+ "articleImageUrl": "/images/articles/4-tips-for-github-actions-usability-cover-1600x900@2x.jpg"
+ }
+ },
+ {
+ "url": "/guides/apple-developer-certificates-on-linux-for-configuration-profile-signing",
+ "title": "Apple developer certificates on linux for configuration profile signing",
+ "lastModifiedAt": 1726839804973,
+ "htmlId": "articles--apple-developer-cert--3d7bfdf01f",
+ "sectionRelativeRepoPath": "apple-developer-certificates-on-linux-for-configuration-profile-signing.md",
+ "meta": {
+ "articleTitle": "Apple developer certificates on Linux for configuration profile signing",
+ "authorFullName": "Brock Walters",
+ "authorGitHubUsername": "nonpunctual",
+ "category": "guides",
+ "publishedOn": "2024-03-06",
+ "articleImageUrl": "/images/articles/apple-developer-certificates-on-linux-for-configuration-profile-signing-1600x900@2x.png",
+ "description": "This guide walks through the process of adding an Apple signing certificate to a Linux host."
+ }
+ },
+ {
+ "url": "/announcements/a-new-fleet",
+ "title": "A new Fleet",
+ "lastModifiedAt": 1726839804974,
+ "htmlId": "articles--a-new-fleet--0c5af0e434",
+ "sectionRelativeRepoPath": "a-new-fleet.md",
+ "meta": {
+ "category": "announcements",
+ "authorGitHubUsername": "zwass",
+ "authorFullName": "Zach Wasserman",
+ "publishedOn": "2020-01-05",
+ "articleTitle": "A new Fleet",
+ "articleImageUrl": "/images/articles/a-new-fleet-cover-700x340@2x.jpeg"
+ }
+ },
+ {
+ "url": "/securing/apply-byod-to-soothe-supply-chain-pain",
+ "title": "Apply byod to soothe supply chain pain",
+ "lastModifiedAt": 1726839804976,
+ "htmlId": "articles--apply-byod-to-soothe--866604b091",
+ "sectionRelativeRepoPath": "apply-byod-to-soothe-supply-chain-pain.md",
+ "meta": {
+ "category": "security",
+ "authorGitHubUsername": "GuillaumeRoss",
+ "authorFullName": "Guillaume Ross",
+ "publishedOn": "2022-02-10",
+ "articleTitle": "Apply BYOD to soothe supply chain pain",
+ "articleImageUrl": "/images/articles/apply-byod-to-soothe-supply-chain-pain-cover-1600x900@2x.jpg"
+ }
+ },
+ {
+ "url": "/guides/automations",
+ "title": "Automations",
+ "lastModifiedAt": 1726839804976,
+ "htmlId": "articles--automations--ff5e8024a5",
+ "sectionRelativeRepoPath": "automations.md",
+ "meta": {
+ "category": "guides",
+ "authorGitHubUsername": "noahtalerman",
+ "authorFullName": "Noah Talerman",
+ "publishedOn": "2024-07-03",
+ "articleTitle": "Automations",
+ "description": "Configure Fleet automations to trigger webhooks or create tickets in Jira and Zendesk for vulnerability, policy, and host status events."
+ }
+ },
+ {
+ "url": "/guides/building-webhook-flows-with-fleet-and-tines",
+ "title": "Building webhook flows with Fleet and tines",
+ "lastModifiedAt": 1726839804978,
+ "htmlId": "articles--building-webhook-flo--3ffb4a9791",
+ "sectionRelativeRepoPath": "building-webhook-flows-with-fleet-and-tines.md",
+ "meta": {
+ "articleTitle": "Building webhook flows with Fleet and Tines",
+ "authorFullName": "Victor Lyuboslavsky",
+ "authorGitHubUsername": "getvictor",
+ "category": "guides",
+ "publishedOn": "2024-05-30",
+ "articleImageUrl": "/images/articles/building-webhook-flows-with-fleet-and-tines-1600x900@2x.png",
+ "description": "A guide to workflows using Tines and Fleet via webhook to update outdated OS versions."
+ }
+ },
+ {
+ "url": "/guides/building-an-effective-dashboard-with-fleet-rest-api-flask-and-plotly",
+ "title": "Building an effective dashboard with Fleet REST API flask and plotly",
+ "lastModifiedAt": 1726839804979,
+ "htmlId": "articles--building-an-effectiv--d3c30b5cf6",
+ "sectionRelativeRepoPath": "building-an-effective-dashboard-with-fleet-rest-api-flask-and-plotly.md",
+ "meta": {
+ "articleTitle": "Building an effective dashboard with Fleet's REST API, Flask, and Plotly: A step-by-step guide",
+ "authorFullName": "Dave Herder",
+ "authorGitHubUsername": "dherder",
+ "category": "guides",
+ "publishedOn": "2023-05-22",
+ "articleImageUrl": "/images/articles/building-an-effective-dashboard-with-fleet-rest-api-flask-and-plotly@2x.jpg",
+ "description": "Step-by-step guide on building a dynamic dashboard with Fleet's REST API, Flask, and Plotly. Master data visualization with open-source tools!"
+ }
+ },
+ {
+ "url": "/guides/certificates-in-fleetd",
+ "title": "Certificates in fleetd",
+ "lastModifiedAt": 1726839804980,
+ "htmlId": "articles--certificates-in-flee--f860411dcf",
+ "sectionRelativeRepoPath": "certificates-in-fleetd.md",
+ "meta": {
+ "articleTitle": "Certificates in fleetd",
+ "authorFullName": "Lucas Manuel Rodriguez",
+ "authorGitHubUsername": "lucasmrod",
+ "category": "guides",
+ "publishedOn": "2024-07-09",
+ "articleImageUrl": "/images/articles/apple-developer-certificates-on-linux-for-configuration-profile-signing-1600x900@2x.png",
+ "description": "TLS certificates in fleetd"
+ }
+ },
+ {
+ "url": "/guides/chrome-os",
+ "title": "Chrome os",
+ "lastModifiedAt": 1726839804981,
+ "htmlId": "articles--chrome-os--8f9e4f0cca",
+ "sectionRelativeRepoPath": "chrome-os.md",
+ "meta": {
+ "category": "guides",
+ "authorGitHubUsername": "zhumo",
+ "authorFullName": "Mo Zhu",
+ "publishedOn": "2023-11-21",
+ "articleTitle": "ChromeOS",
+ "description": "Learn about ChromeOS and Fleet."
+ }
+ },
+ {
+ "url": "/guides/catch-missed-authorization-checks-during-software-development",
+ "title": "Catch missed authorization checks during software development",
+ "lastModifiedAt": 1726839804981,
+ "htmlId": "articles--catch-missed-authori--74d449dae1",
+ "sectionRelativeRepoPath": "catch-missed-authorization-checks-during-software-development.md",
+ "meta": {
+ "articleTitle": "Catch missed authorization checks during software development",
+ "authorFullName": "Victor Lyuboslavsky",
+ "authorGitHubUsername": "getvictor",
+ "category": "guides",
+ "publishedOn": "2023-12-04",
+ "description": "How to perform authorization checks in a golang codebase for cybersecurity"
+ }
+ },
+ {
+ "url": "/guides/cis-benchmarks",
+ "title": "Cis benchmarks",
+ "lastModifiedAt": 1726839804982,
+ "htmlId": "articles--cis-benchmarks--c493697884",
+ "sectionRelativeRepoPath": "cis-benchmarks.md",
+ "meta": {
+ "category": "guides",
+ "authorGitHubUsername": "lucasmrod",
+ "authorFullName": "Lucas Rodriguez",
+ "publishedOn": "2024-04-02",
+ "articleTitle": "CIS Benchmarks",
+ "description": "Read about how Fleet's implementation of CIS Benchmarks offers consensus-based cybersecurity guidance."
+ }
+ },
+ {
+ "url": "/announcements/comparative-look-at-ws1-and-fleet",
+ "title": "Comparative look at ws1 and Fleet",
+ "lastModifiedAt": 1726839804983,
+ "htmlId": "articles--comparative-look-at---d3aff5bdd7",
+ "sectionRelativeRepoPath": "comparative-look-at-ws1-and-fleet.md",
+ "meta": {
+ "category": "announcements",
+ "authorFullName": "JD Strong",
+ "authorGitHubUsername": "spokanemac",
+ "publishedOn": "2024-02-01",
+ "articleTitle": "A comparative look at VMware Workspace ONE and Fleet Device Management",
+ "articleImageUrl": "/images/articles/comparative-look-at-ws1-and-fleet-1600x900@2x.png"
+ }
+ },
+ {
+ "url": "/guides/config-less-fleetd-agent-deployment",
+ "title": "Config less fleetd agent deployment",
+ "lastModifiedAt": 1726839804984,
+ "htmlId": "articles--config-less-fleetd-a--e5546949d5",
+ "sectionRelativeRepoPath": "config-less-fleetd-agent-deployment.md",
+ "meta": {
+ "articleTitle": "Config-less fleetd agent deployment",
+ "authorFullName": "Noah Talerman",
+ "authorGitHubUsername": "noahtalerman",
+ "category": "guides",
+ "publishedOn": "2024-01-31",
+ "articleImageUrl": "/images/articles/config-less-fleetd-agent-deployment-1600x900@2x.png",
+ "description": "Config-less `fleetd` agent deployment"
+ }
+ },
+ {
+ "url": "/guides/configuring-default-teams-for-devices-in-fleet",
+ "title": "Configuring default teams for devices in Fleet",
+ "lastModifiedAt": 1726839804985,
+ "htmlId": "articles--configuring-default---d9b024f2b7",
+ "sectionRelativeRepoPath": "configuring-default-teams-for-devices-in-fleet.md",
+ "meta": {
+ "articleTitle": "Configuring default teams for macOS, iOS, and iPadOS devices in Fleet",
+ "authorFullName": "JD Strong",
+ "authorGitHubUsername": "spokanemac",
+ "category": "guides",
+ "publishedOn": "2024-09-12",
+ "description": "This guide will walk you through configuring default teams for devices using the Fleet web UI."
+ }
+ },
+ {
+ "url": "/guides/converting-unix-timestamps-with-osquery",
+ "title": "Converting unix timestamps with osquery",
+ "lastModifiedAt": 1726839804986,
+ "htmlId": "articles--converting-unix-time--ace81a16aa",
+ "sectionRelativeRepoPath": "converting-unix-timestamps-with-osquery.md",
+ "meta": {
+ "category": "guides",
+ "authorFullName": "Mike Thomas",
+ "authorGitHubUsername": "mike-j-thomas",
+ "publishedOn": "2021-06-15",
+ "articleTitle": "Converting unix timestamps with osquery",
+ "articleImageUrl": "/images/articles/converting-unix-timestamps-with-osquery-cover-800x450@2x.jpeg"
+ }
+ },
+ {
+ "url": "/guides/correlate-network-connections-with-community-id-in-osquery",
+ "title": "Correlate network connections with community id in osquery",
+ "lastModifiedAt": 1726839804987,
+ "htmlId": "articles--correlate-network-co--10ea0b1641",
+ "sectionRelativeRepoPath": "correlate-network-connections-with-community-id-in-osquery.md",
+ "meta": {
+ "category": "guides",
+ "authorFullName": "Zach Wasserman",
+ "authorGitHubUsername": "zwass",
+ "publishedOn": "2021-06-02",
+ "articleTitle": "Correlate network connections with community ID in osquery.",
+ "articleImageUrl": "/images/articles/correlate-network-connections-with-community-id-in-osquery-cover-800x502@2x.jpeg"
+ }
+ },
+ {
+ "url": "/guides/custom-os-settings",
+ "title": "Custom os settings",
+ "lastModifiedAt": 1726839804988,
+ "htmlId": "articles--custom-os-settings--5e97a43205",
+ "sectionRelativeRepoPath": "custom-os-settings.md",
+ "meta": {
+ "category": "guides",
+ "authorGitHubUsername": "noahtalerman",
+ "authorFullName": "Noah Talerman",
+ "publishedOn": "2024-07-27",
+ "articleTitle": "Custom OS settings",
+ "description": "Learn how to enforce custom settings on macOS and Window hosts using Fleet's configuration profiles."
+ }
+ },
+ {
+ "url": "/announcements/debunk-the-cross-platform-myth",
+ "title": "Debunk the cross platform myth",
+ "lastModifiedAt": 1726839804989,
+ "htmlId": "articles--debunk-the-cross-pla--d46aac3cb4",
+ "sectionRelativeRepoPath": "debunk-the-cross-platform-myth.md",
+ "meta": {
+ "category": "announcements",
+ "authorFullName": "Mike McNeil",
+ "authorGitHubUsername": "mikermcneil",
+ "publishedOn": "2024-08-27",
+ "articleTitle": "Debunk the cross-platform myth",
+ "description": "Debunk the cross-platform myth with MDM"
+ }
+ },
+ {
+ "url": "/guides/delivering-data-to-snowflake-from-fleet-and-osquery",
+ "title": "Delivering data to snowflake from Fleet and osquery",
+ "lastModifiedAt": 1726839804991,
+ "htmlId": "articles--delivering-data-to-s--9677bbe81b",
+ "sectionRelativeRepoPath": "delivering-data-to-snowflake-from-fleet-and-osquery.md",
+ "meta": {
+ "category": "guides",
+ "authorGitHubUsername": "t-lark",
+ "authorFullName": "Tom Larkin",
+ "publishedOn": "2022-02-01",
+ "articleTitle": "Delivering data to Snowflake from Fleet and osquery.",
+ "articleImageUrl": "/images/articles/delivering-data-to-snowflake-from-fleet-and-osquery-cover-1600x900@2x.jpg"
+ }
+ },
+ {
+ "url": "/guides/deploy-fleet-on-aws-ecs",
+ "title": "Deploy Fleet on aws ecs",
+ "lastModifiedAt": 1726839804992,
+ "htmlId": "articles--deploy-fleet-on-aws---ca8c5b2fc4",
+ "sectionRelativeRepoPath": "deploy-fleet-on-aws-ecs.md",
+ "meta": {
+ "articleTitle": "Deploy Fleet on AWS ECS",
+ "authorGitHubUsername": "edwardsb",
+ "authorFullName": "Ben Edwards",
+ "publishedOn": "2021-10-06",
+ "category": "guides",
+ "articleImageUrl": "/images/articles/deploy-fleet-on-aws-ecs-800x450@2x.png",
+ "description": "Information for deploying Fleet on AWS ECS."
+ }
+ },
+ {
+ "url": "/guides/deploy-fleet-on-aws-with-terraform",
+ "title": "Deploy Fleet on aws with terraform",
+ "lastModifiedAt": 1726839804993,
+ "htmlId": "articles--deploy-fleet-on-aws---8b2a9168ab",
+ "sectionRelativeRepoPath": "deploy-fleet-on-aws-with-terraform.md",
+ "meta": {
+ "articleTitle": "Deploy Fleet on AWS with Terraform",
+ "authorGitHubUsername": "edwardsb",
+ "authorFullName": "Ben Edwards",
+ "publishedOn": "2021-11-30",
+ "category": "guides",
+ "articleImageUrl": "/images/articles/deploy-fleet-on-aws-with-terraform-800x450@2x.png",
+ "description": "Learn how to deploy Fleet on AWS."
+ }
+ },
+ {
+ "url": "/guides/deploy-fleet-on-centos",
+ "title": "Deploy Fleet on centos",
+ "lastModifiedAt": 1726839804994,
+ "htmlId": "articles--deploy-fleet-on-cent--4841e96234",
+ "sectionRelativeRepoPath": "deploy-fleet-on-centos.md",
+ "meta": {
+ "articleTitle": "Deploy Fleet on CentOS",
+ "authorGitHubUsername": "marpaia",
+ "authorFullName": "Mike Arpaia",
+ "publishedOn": "2017-09-22",
+ "category": "guides",
+ "articleImageUrl": "/images/articles/deploy-fleet-on-centos-800x450@2x.png",
+ "description": "A guide to deploy Fleet on CentOS."
+ }
+ },
+ {
+ "url": "/guides/deploy-fleet-on-cloudgov",
+ "title": "Deploy Fleet on cloudgov",
+ "lastModifiedAt": 1726839804995,
+ "htmlId": "articles--deploy-fleet-on-clou--ecdaaf656b",
+ "sectionRelativeRepoPath": "deploy-fleet-on-cloudgov.md",
+ "meta": {
+ "articleTitle": "Deploy Fleet on Cloud.gov",
+ "authorGitHubUsername": "JJediny",
+ "authorFullName": "John Jediny",
+ "publishedOn": "2022-09-08",
+ "category": "guides",
+ "articleImageUrl": "/images/articles/deploy-fleet-on-cloudgov-800x450@2x.png",
+ "description": "Information for deploying Fleet on Cloud.gov."
+ }
+ },
+ {
+ "url": "/guides/deploy-fleet-on-hetzner-cloud",
+ "title": "Deploy Fleet on hetzner cloud",
+ "lastModifiedAt": 1726839804999,
+ "htmlId": "articles--deploy-fleet-on-hetz--ab40dd3e5f",
+ "sectionRelativeRepoPath": "deploy-fleet-on-hetzner-cloud.md",
+ "meta": {
+ "articleTitle": "Deploy Fleet on Hetzner Cloud",
+ "authorGitHubUsername": "ksatter",
+ "authorFullName": "Kathy Satterlee",
+ "publishedOn": "2022-06-27",
+ "category": "guides",
+ "articleImageUrl": "/images/articles/deploy-fleet-on-hetzner-cloud-800x450@2x.png",
+ "description": "Learn how to deploy Fleet on Hetzner Cloud using cloud-init and Docker."
+ }
+ },
+ {
+ "url": "/guides/deploy-fleet-on-kubernetes",
+ "title": "Deploy Fleet on kubernetes",
+ "lastModifiedAt": 1726839805000,
+ "htmlId": "articles--deploy-fleet-on-kube--b62fcc97c7",
+ "sectionRelativeRepoPath": "deploy-fleet-on-kubernetes.md",
+ "meta": {
+ "articleTitle": "Deploy Fleet on Kubernetes",
+ "authorGitHubUsername": "marpaia",
+ "authorFullName": "Mike Arpaia",
+ "publishedOn": "2017-11-18",
+ "category": "guides",
+ "articleImageUrl": "/images/articles/deploy-fleet-on-kubernetes-800x450@2x.png",
+ "description": "Learn how to deploy Fleet on Kubernetes."
+ }
+ },
+ {
+ "url": "/guides/deploy-fleet-on-render",
+ "title": "Deploy Fleet on render",
+ "lastModifiedAt": 1726839805001,
+ "htmlId": "articles--deploy-fleet-on-rend--175bce353f",
+ "sectionRelativeRepoPath": "deploy-fleet-on-render.md",
+ "meta": {
+ "articleTitle": "Deploy Fleet on Render",
+ "authorGitHubUsername": "edwardsb",
+ "authorFullName": "Ben Edwards",
+ "publishedOn": "2021-11-21",
+ "category": "guides",
+ "articleImageUrl": "/images/articles/deploy-fleet-on-render-800x450@2x.png",
+ "description": "Learn how to deploy Fleet on Render."
+ }
+ },
+ {
+ "url": "/guides/deploy-fleet-on-ubuntu-with-elastic",
+ "title": "Deploy Fleet on ubuntu with elastic",
+ "lastModifiedAt": 1726839805004,
+ "htmlId": "articles--deploy-fleet-on-ubun--db33029e1f",
+ "sectionRelativeRepoPath": "deploy-fleet-on-ubuntu-with-elastic.md",
+ "meta": {
+ "articleTitle": "Deploy Fleet on Ubuntu",
+ "authorGitHubUsername": "defensivedepth",
+ "authorFullName": "Josh Brower",
+ "publishedOn": "2024-06-12",
+ "category": "guides",
+ "description": "A guide to deploy Fleet and Elastic on Ubuntu.",
+ "articleImageUrl": "/images/articles/deploy-fleet-on-ubuntu-with-elastic-1600x900@2x.png"
+ }
+ },
+ {
+ "url": "/guides/deploy-security-agents",
+ "title": "Deploy security agents",
+ "lastModifiedAt": 1726839805005,
+ "htmlId": "articles--deploy-security-agen--a3a93c715b",
+ "sectionRelativeRepoPath": "deploy-security-agents.md",
+ "meta": {
+ "articleTitle": "Deploy security agents",
+ "authorFullName": "Roberto Dip",
+ "authorGitHubUsername": "roperzh",
+ "category": "guides",
+ "publishedOn": "2024-08-05",
+ "articleImageUrl": "/images/articles/deploy-security-agents-1600x900@2x.png",
+ "description": "This guide will walk you through adding software to Fleet."
+ }
+ },
+ {
+ "url": "/securing/detect-log4j-with-osquery-and-fleet",
+ "title": "Detect log4j with osquery and Fleet",
+ "lastModifiedAt": 1726839805006,
+ "htmlId": "articles--detect-log4j-with-os--812eb5ba15",
+ "sectionRelativeRepoPath": "detect-log4j-with-osquery-and-fleet.md",
+ "meta": {
+ "category": "security",
+ "authorFullName": "Zach Wasserman",
+ "authorGitHubUsername": "zwass",
+ "publishedOn": "2021-12-15",
+ "articleTitle": "Detect Log4j with osquery (and Fleet)",
+ "articleImageUrl": "/images/articles/detect-log4j-with-osquery-and-fleet-1600x900@2x.jpg"
+ }
+ },
+ {
+ "url": "/guides/discovering-chrome-ai-using-fleet",
+ "title": "Discovering chrome ai using Fleet",
+ "lastModifiedAt": 1726839805007,
+ "htmlId": "articles--discovering-chrome-a--4de87d4fb6",
+ "sectionRelativeRepoPath": "discovering-chrome-ai-using-fleet.md",
+ "meta": {
+ "articleTitle": "Discovering Chrome AI using Fleet",
+ "authorFullName": "Brock Walters",
+ "authorGitHubUsername": "nonpunctual",
+ "category": "guides",
+ "publishedOn": "2024-09-06",
+ "articleImageUrl": "/images/articles/discovering-chrome-ai-using-fleet-1600x900@2x.jpg",
+ "description": "Use Fleet to detect and monitor settings enabled in Google Chrome by querying Chrome's preferences JSON file."
+ }
+ },
+ {
+ "url": "/guides/discovering-geacon-using-fleet",
+ "title": "Discovering geacon using Fleet",
+ "lastModifiedAt": 1726839805008,
+ "htmlId": "articles--discovering-geacon-u--bab06239aa",
+ "sectionRelativeRepoPath": "discovering-geacon-using-fleet.md",
+ "meta": {
+ "articleTitle": "Discovering Geacon using Fleet",
+ "authorFullName": "JD Strong",
+ "authorGitHubUsername": "spokanemac",
+ "category": "guides",
+ "publishedOn": "2023-05-18",
+ "articleImageUrl": "/images/articles/discovering-geacon-using-fleet-1600x900@2x.jpg",
+ "description": "Enterprise security teams can use Fleet to identify and locate Geacon payloads and protect their macOS devices from this threat."
+ }
+ },
+ {
+ "url": "/guides/discovering-xz-vulnerability-with-fleet",
+ "title": "Discovering xz vulnerability with Fleet",
+ "lastModifiedAt": 1726839805010,
+ "htmlId": "articles--discovering-xz-vulne--0a7dc5a7f8",
+ "sectionRelativeRepoPath": "discovering-xz-vulnerability-with-fleet.md",
+ "meta": {
+ "articleTitle": "Discovering xz vulnerability with Fleet",
+ "authorFullName": "Brock Walters",
+ "authorGitHubUsername": "nonpunctual",
+ "category": "guides",
+ "publishedOn": "2024-06-03",
+ "articleImageUrl": "/images/articles/discovering-geacon-using-fleet-1600x900@2x.jpg",
+ "description": "Discover and create a comprehensive end-to-end remediation workflow for the xz vulnerability (CVE-2024-3094) with Fleet."
+ }
+ },
+ {
+ "url": "/securing/does-osquery-violate-the-new-york-employee-monitoring-law",
+ "title": "Does osquery violate the new york employee monitoring law",
+ "lastModifiedAt": 1726839805011,
+ "htmlId": "articles--does-osquery-violate--fcac4cc8a5",
+ "sectionRelativeRepoPath": "does-osquery-violate-the-new-york-employee-monitoring-law.md",
+ "meta": {
+ "category": "security",
+ "authorFullName": "JD Strong",
+ "authorGitHubUsername": "spokanemac",
+ "publishedOn": "2023-04-18",
+ "articleTitle": "Does osquery violate the New York employee monitoring law?"
+ }
+ },
+ {
+ "url": "/guides/downgrade-fleet",
+ "title": "Downgrade Fleet",
+ "lastModifiedAt": 1726839805012,
+ "htmlId": "articles--downgrade-fleet--76de2fe679",
+ "sectionRelativeRepoPath": "downgrade-fleet.md",
+ "meta": {
+ "category": "guides",
+ "authorGitHubUsername": "eashaw",
+ "authorFullName": "Eric Shaw",
+ "publishedOn": "2024-01-09",
+ "articleTitle": "Downgrade from Fleet Premium",
+ "description": "Learn how to downgrade from Fleet Premium."
+ }
+ },
+ {
+ "url": "/guides/driving-company-culture-through-ai-haiku-poetry",
+ "title": "Driving company culture through ai haiku poetry",
+ "lastModifiedAt": 1726839805013,
+ "htmlId": "articles--driving-company-cult--52db9708d4",
+ "sectionRelativeRepoPath": "driving-company-culture-through-ai-haiku-poetry.md",
+ "meta": {
+ "articleTitle": "Driving company culture through AI haiku poetry",
+ "authorFullName": "Luke Heath",
+ "authorGitHubUsername": "lukeheath",
+ "category": "guides",
+ "publishedOn": "2024-04-17",
+ "articleImageUrl": "/images/articles/driving-company-culture-through-ai-haiku-poetry-1600x900@2x.png",
+ "description": "Code and verse entwine, Silicon sparks, haikus shine, Art meets design line."
+ }
+ },
+ {
+ "url": "/securing/ebpf-the-future-of-osquery-on-linux",
+ "title": "Ebpf the future of osquery on linux",
+ "lastModifiedAt": 1726839805014,
+ "htmlId": "articles--ebpf-the-future-of-o--cd30e84170",
+ "sectionRelativeRepoPath": "ebpf-the-future-of-osquery-on-linux.md",
+ "meta": {
+ "category": "security",
+ "authorGitHubUsername": "zwass",
+ "authorFullName": "Zach Wasserman",
+ "publishedOn": "2021-01-25",
+ "articleTitle": "eBPF & the future of osquery on Linux",
+ "articleImageUrl": "/images/articles/ebpf-the-future-of-osquery-on-linux-cover-700x394@2x.png"
+ }
+ },
+ {
+ "url": "/announcements/embracing-the-future-declarative-device-management",
+ "title": "Embracing the future declarative device management",
+ "lastModifiedAt": 1726839805015,
+ "htmlId": "articles--embracing-the-future--b3151457e1",
+ "sectionRelativeRepoPath": "embracing-the-future-declarative-device-management.md",
+ "meta": {
+ "category": "announcements",
+ "authorGitHubUsername": "spokanemac",
+ "authorFullName": "JD Strong",
+ "publishedOn": "2023-07-06",
+ "articleTitle": "Embracing the future: Declarative Device Management",
+ "articleImageUrl": "/images/articles/embracing-the-future-declarative-device-management@2x.png",
+ "description": "Explore the transformative impact of Declarative Device Management (DDM), Fleet, and osquery for MacAdmins."
+ }
+ },
+ {
+ "url": "/securing/end-user-self-remediation",
+ "title": "End user self remediation",
+ "lastModifiedAt": 1726839805016,
+ "htmlId": "articles--end-user-self-remedi--1ebc67c784",
+ "sectionRelativeRepoPath": "end-user-self-remediation.md",
+ "meta": {
+ "category": "security",
+ "authorFullName": "Chris McGillicuddy",
+ "authorGitHubUsername": "chris-mcgillicuddy",
+ "publishedOn": "2022-12-15",
+ "articleTitle": "End-user self remediation: empower your employees to fix security issues with Fleet"
+ }
+ },
+ {
+ "url": "/announcements/endpoint-managements-crucial-role-in-healthcare",
+ "title": "Endpoint managements crucial role in healthcare",
+ "lastModifiedAt": 1726839805017,
+ "htmlId": "articles--endpoint-managements--ec90fcd20a",
+ "sectionRelativeRepoPath": "endpoint-managements-crucial-role-in-healthcare.md",
+ "meta": {
+ "category": "announcements",
+ "authorFullName": "Alex Mitchell",
+ "authorGitHubUsername": "alexmitchelliii",
+ "publishedOn": "2024-05-24",
+ "articleTitle": "Endpoint management's crucial role in healthcare",
+ "articleImageUrl": "/images/articles/endpoint-managements-crucial-role-in-healthcare-1600x900@2x.png",
+ "description": "Discover how robust endpoint management is essential for securing healthcare data, ensuring compliance, and building patient trust."
+ }
+ },
+ {
+ "url": "/guides/enforce-disk-encryption",
+ "title": "Enforce disk encryption",
+ "lastModifiedAt": 1726839805018,
+ "htmlId": "articles--enforce-disk-encrypt--0ab61200c1",
+ "sectionRelativeRepoPath": "enforce-disk-encryption.md",
+ "meta": {
+ "category": "guides",
+ "authorGitHubUsername": "noahtalerman",
+ "authorFullName": "Noah Talerman",
+ "publishedOn": "2024-08-14",
+ "articleTitle": "Enforce disk encryption",
+ "description": "Learn how to enforce disk encryption on macOS and Windows hosts and manage encryption keys with Fleet Premium."
+ }
+ },
+ {
+ "url": "/guides/enforce-os-updates",
+ "title": "Enforce os updates",
+ "lastModifiedAt": 1726839805019,
+ "htmlId": "articles--enforce-os-updates--0ddd6f9117",
+ "sectionRelativeRepoPath": "enforce-os-updates.md",
+ "meta": {
+ "category": "guides",
+ "authorGitHubUsername": "noahtalerman",
+ "authorFullName": "Noah Talerman",
+ "publishedOn": "2024-08-10",
+ "articleTitle": "Enforce OS updates",
+ "description": "Learn how to manage OS updates on macOS, Windows, iOS, and iPadOS devices."
+ }
+ },
+ {
+ "url": "/announcements/enhancing-fleets-vulnerability-management-with-vulncheck-integration",
+ "title": "Enhancing fleets vulnerability management with vulncheck integration",
+ "lastModifiedAt": 1726839805020,
+ "htmlId": "articles--enhancing-fleets-vul--3cc4d5cb3a",
+ "sectionRelativeRepoPath": "enhancing-fleets-vulnerability-management-with-vulncheck-integration.md",
+ "meta": {
+ "category": "announcements",
+ "authorFullName": "JD Strong",
+ "authorGitHubUsername": "spokanemac",
+ "publishedOn": "2024-04-23",
+ "articleTitle": "Enhancing Fleet's vulnerability management with VulnCheck integration",
+ "articleImageUrl": "/images/articles/enhancing-fleets-vulnerability-management-with-vulncheck-integration-1600x900@2x.png"
+ }
+ },
+ {
+ "url": "/announcements/enhancing-k-12-cybersecurity-with-fcc-funds-and-fleet",
+ "title": "Enhancing k 12 cybersecurity with fcc funds and Fleet",
+ "lastModifiedAt": 1726839805021,
+ "htmlId": "articles--enhancing-k-12-cyber--90c76b24ef",
+ "sectionRelativeRepoPath": "enhancing-k-12-cybersecurity-with-fcc-funds-and-fleet.md",
+ "meta": {
+ "category": "announcements",
+ "authorFullName": "Alex Mitchell",
+ "authorGitHubUsername": "alexmitchelliii",
+ "publishedOn": "2024-07-25",
+ "articleTitle": "Enhancing K-12 cybersecurity with FCC funds and Fleet",
+ "articleImageUrl": "/images/articles/enhancing-k-12-cybersecurity-with-fcc-funds-and-fleet-1600x900@2x.png"
+ }
+ },
+ {
+ "url": "/guides/enroll-hosts",
+ "title": "Enroll hosts",
+ "lastModifiedAt": 1726839805023,
+ "htmlId": "articles--enroll-hosts--72fecd86ff",
+ "sectionRelativeRepoPath": "enroll-hosts.md",
+ "meta": {
+ "category": "guides",
+ "authorGitHubUsername": "noahtalerman",
+ "authorFullName": "Noah Talerman",
+ "publishedOn": "2024-08-08",
+ "articleTitle": "Enroll hosts",
+ "description": "Learn how to enroll hosts to Fleet."
+ }
+ },
+ {
+ "url": "/guides/enrolling-a-digital-ocean-droplet-on-a-fleet-instance",
+ "title": "Enrolling a digital ocean droplet on a Fleet instance",
+ "lastModifiedAt": 1726839805025,
+ "htmlId": "articles--enrolling-a-digital---6fbc5a61b0",
+ "sectionRelativeRepoPath": "enrolling-a-digital-ocean-droplet-on-a-fleet-instance.md",
+ "meta": {
+ "category": "guides",
+ "authorGitHubUsername": "DominusKelvin",
+ "authorFullName": "Kelvin Omereshone",
+ "publishedOn": "2022-05-26",
+ "articleTitle": "Enrolling a DigitalOcean Droplet on a Fleet instance",
+ "articleImageUrl": "/images/articles/enrolling-a-digitalocean-droplet-server-on-a-fleet-instance-cover-1600x900@2x.jpg"
+ }
+ },
+ {
+ "url": "/podcasts/expeditioners-bradley-chambers",
+ "title": "Expeditioners bradley chambers",
+ "lastModifiedAt": 1726839805026,
+ "htmlId": "articles--expeditioners-bradle--434ed8f62f",
+ "sectionRelativeRepoPath": "expeditioners-bradley-chambers.md",
+ "meta": {
+ "category": "podcasts",
+ "authorGitHubUsername": "zwass",
+ "authorFullName": "Zach Wasserman",
+ "publishedOn": "2023-07-20",
+ "articleTitle": "ExpedITioners podcast with Bradley Chambers",
+ "articleImageUrl": "/images/articles/expeditioners-podcast-ep1-1600x900@2x.png"
+ }
+ },
+ {
+ "url": "/podcasts/expeditioners-charles-edge",
+ "title": "Expeditioners charles edge",
+ "lastModifiedAt": 1726839805027,
+ "htmlId": "articles--expeditioners-charle--078e2e677d",
+ "sectionRelativeRepoPath": "expeditioners-charles-edge.md",
+ "meta": {
+ "category": "podcasts",
+ "authorGitHubUsername": "zwass",
+ "authorFullName": "Zach Wasserman",
+ "publishedOn": "2023-10-23",
+ "articleTitle": "ExpedITioners podcast with Charles Edge",
+ "articleImageUrl": "/images/articles/expeditioners-podcast-ep5-1600x900@2x.jpg"
+ }
+ },
+ {
+ "url": "/podcasts/expeditioners-huxley-barbee",
+ "title": "Expeditioners huxley barbee",
+ "lastModifiedAt": 1726839805027,
+ "htmlId": "articles--expeditioners-huxley--59793f39c1",
+ "sectionRelativeRepoPath": "expeditioners-huxley-barbee.md",
+ "meta": {
+ "category": "podcasts",
+ "authorGitHubUsername": "zwass",
+ "authorFullName": "Zach Wasserman",
+ "publishedOn": "2024-01-30",
+ "articleTitle": "ExpedITioners podcast with Huxley Barbee",
+ "articleImageUrl": "/images/articles/expeditioners-podcast-ep8-1600x900@2x.jpg"
+ }
+ },
+ {
+ "url": "/podcasts/expeditioners-jeff-chao",
+ "title": "Expeditioners jeff chao",
+ "lastModifiedAt": 1726839805028,
+ "htmlId": "articles--expeditioners-jeff-c--69f6b2fce1",
+ "sectionRelativeRepoPath": "expeditioners-jeff-chao.md",
+ "meta": {
+ "category": "podcasts",
+ "authorGitHubUsername": "zwass",
+ "authorFullName": "Zach Wasserman",
+ "publishedOn": "2023-11-15",
+ "articleTitle": "ExpedITioners podcast with Jeff Chao",
+ "articleImageUrl": "/images/articles/expeditioners-podcast-ep6-1600x900@2x.jpg"
+ }
+ },
+ {
+ "url": "/podcasts/expeditioners-john-reynolds",
+ "title": "Expeditioners john reynolds",
+ "lastModifiedAt": 1726839805029,
+ "htmlId": "articles--expeditioners-john-r--2abfb47f0e",
+ "sectionRelativeRepoPath": "expeditioners-john-reynolds.md",
+ "meta": {
+ "category": "podcasts",
+ "authorGitHubUsername": "zwass",
+ "authorFullName": "Zach Wasserman",
+ "publishedOn": "2023-09-21",
+ "articleTitle": "ExpedITioners podcast with John Reynolds",
+ "articleImageUrl": "/images/articles/expeditioners-podcast-ep4-1600x900@2x.jpg"
+ }
+ },
+ {
+ "url": "/podcasts/expeditioners-niels-hofmans",
+ "title": "Expeditioners niels hofmans",
+ "lastModifiedAt": 1726839805030,
+ "htmlId": "articles--expeditioners-niels---d1c8e645af",
+ "sectionRelativeRepoPath": "expeditioners-niels-hofmans.md",
+ "meta": {
+ "category": "podcasts",
+ "authorGitHubUsername": "zwass",
+ "authorFullName": "Zach Wasserman",
+ "publishedOn": "2023-08-22",
+ "articleTitle": "ExpedITioners podcast with Niels Hofmans",
+ "articleImageUrl": "/images/articles/expeditioners-podcast-ep2-1600x900@2x.jpg"
+ }
+ },
+ {
+ "url": "/podcasts/expeditioners-podcast-with-marcus-ransom",
+ "title": "Expeditioners podcast with marcus ransom",
+ "lastModifiedAt": 1726839805031,
+ "htmlId": "articles--expeditioners-podcas--98c32a782f",
+ "sectionRelativeRepoPath": "expeditioners-podcast-with-marcus-ransom.md",
+ "meta": {
+ "category": "podcasts",
+ "authorGitHubUsername": "zwass",
+ "authorFullName": "Zach Wasserman",
+ "publishedOn": "2023-12-11",
+ "articleTitle": "ExpedITioners podcast with Marcus Ransom",
+ "articleImageUrl": "/images/articles/expeditioners-podcast-ep7-1600x900@2x.jpg"
+ }
+ },
+ {
+ "url": "/podcasts/expeditioners-rich-trouton",
+ "title": "Expeditioners rich trouton",
+ "lastModifiedAt": 1726839805032,
+ "htmlId": "articles--expeditioners-rich-t--c394f4ba38",
+ "sectionRelativeRepoPath": "expeditioners-rich-trouton.md",
+ "meta": {
+ "category": "podcasts",
+ "authorGitHubUsername": "zwass",
+ "authorFullName": "Zach Wasserman",
+ "publishedOn": "2023-08-31",
+ "articleTitle": "ExpedITioners podcast with Rich Trouton",
+ "articleImageUrl": "/images/articles/expeditioners-podcast-ep3-1600x900@2x.jpg"
+ }
+ },
+ {
+ "url": "/guides/filtering-software-by-vulnerability",
+ "title": "Filtering software by vulnerability",
+ "lastModifiedAt": 1726839805033,
+ "htmlId": "articles--filtering-software-b--900d8b7307",
+ "sectionRelativeRepoPath": "filtering-software-by-vulnerability.md",
+ "meta": {
+ "articleTitle": "Filtering software by vulnerability in Fleet",
+ "authorFullName": "Tim Lee",
+ "authorGitHubUsername": "mostlikelee",
+ "category": "guides",
+ "publishedOn": "2024-08-30",
+ "articleImageUrl": "/images/articles/discovering-geacon-using-fleet-1600x900@2x.jpg",
+ "description": "Filter software by vulnerability in Fleet to prioritize critical patches and enhance your organization's security posture."
+ }
+ },
+ {
+ "url": "/releases/fleet-3.10.0",
+ "title": "Fleet 3.10.0",
+ "lastModifiedAt": 1726839805034,
+ "htmlId": "articles--fleet-3100--09d2002dcd",
+ "sectionRelativeRepoPath": "fleet-3.10.0.md",
+ "meta": {
+ "category": "releases",
+ "authorFullName": "Noah Talerman",
+ "authorGitHubUsername": "noahtalerman",
+ "publishedOn": "2021-04-01",
+ "articleTitle": "Fleet 3.10.0 released with agent auto-updates beta",
+ "articleImageUrl": "/images/articles/fleet-3.10.0-cover-1600x900@2x.jpg"
+ }
+ },
+ {
+ "url": "/releases/fleet-3.11.0",
+ "title": "Fleet 3.11.0",
+ "lastModifiedAt": 1726839805035,
+ "htmlId": "articles--fleet-3110--ad56a464f5",
+ "sectionRelativeRepoPath": "fleet-3.11.0.md",
+ "meta": {
+ "category": "releases",
+ "authorFullName": "Noah Talerman",
+ "authorGitHubUsername": "noahtalerman",
+ "publishedOn": "2021-04-29",
+ "articleTitle": "Fleet 3.11.0 released with software inventory",
+ "articleImageUrl": "/images/articles/fleet-3.11.0-cover-1600x900@2x.jpg"
+ }
+ },
+ {
+ "url": "/releases/fleet-3.12.0",
+ "title": "Fleet 3.12.0",
+ "lastModifiedAt": 1726839805036,
+ "htmlId": "articles--fleet-3120--8f3c795b51",
+ "sectionRelativeRepoPath": "fleet-3.12.0.md",
+ "meta": {
+ "category": "releases",
+ "authorFullName": "Noah Talerman",
+ "authorGitHubUsername": "noahtalerman",
+ "publishedOn": "2021-05-20",
+ "articleTitle": "Fleet 3.12.0",
+ "articleImageUrl": "/images/articles/fleet-3.12.0-cover-1600x900@2x.jpg"
+ }
+ },
+ {
+ "url": "/releases/fleet-3.5.0",
+ "title": "Fleet 3.5.0",
+ "lastModifiedAt": 1726839805037,
+ "htmlId": "articles--fleet-350--0912885a04",
+ "sectionRelativeRepoPath": "fleet-3.5.0.md",
+ "meta": {
+ "category": "releases",
+ "authorFullName": "Noah Talerman",
+ "authorGitHubUsername": "noahtalerman",
+ "publishedOn": "2020-12-12",
+ "articleTitle": "Fleet 3.5.0",
+ "articleImageUrl": "/images/articles/fleet-3.5.0-cover-1600x900@2x.jpg"
+ }
+ },
+ {
+ "url": "/releases/fleet-3.6.0",
+ "title": "Fleet 3.6.0",
+ "lastModifiedAt": 1726839805039,
+ "htmlId": "articles--fleet-360--b415aaaf59",
+ "sectionRelativeRepoPath": "fleet-3.6.0.md",
+ "meta": {
+ "category": "releases",
+ "authorFullName": "Noah Talerman",
+ "authorGitHubUsername": "noahtalerman",
+ "publishedOn": "2021-01-09",
+ "articleTitle": "Fleet 3.6.0",
+ "articleImageUrl": "/images/articles/fleet-3.6.0-cover-1600x900@2x.jpg"
+ }
+ },
+ {
+ "url": "/releases/fleet-3.13.0",
+ "title": "Fleet 3.13.0",
+ "lastModifiedAt": 1726839805041,
+ "htmlId": "articles--fleet-3130--6a4b26ee04",
+ "sectionRelativeRepoPath": "fleet-3.13.0.md",
+ "meta": {
+ "category": "releases",
+ "authorFullName": "Noah Talerman",
+ "authorGitHubUsername": "noahtalerman",
+ "publishedOn": "2021-06-04",
+ "articleTitle": "Fleet 3.13.0",
+ "articleImageUrl": "/images/articles/fleet-3.13.0-cover-1600x900@2x.jpg"
+ }
+ },
+ {
+ "url": "/releases/fleet-3.7.1",
+ "title": "Fleet 3.7.1",
+ "lastModifiedAt": 1726839805042,
+ "htmlId": "articles--fleet-371--a3099c00cb",
+ "sectionRelativeRepoPath": "fleet-3.7.1.md",
+ "meta": {
+ "category": "releases",
+ "authorFullName": "Noah Talerman",
+ "authorGitHubUsername": "noahtalerman",
+ "publishedOn": "2021-02-04",
+ "articleTitle": "Fleet 3.7.1",
+ "articleImageUrl": "/images/articles/fleet-3.7.1-cover-1600x900@2x.jpg"
+ }
+ },
+ {
+ "url": "/releases/fleet-3.8.0",
+ "title": "Fleet 3.8.0",
+ "lastModifiedAt": 1726839805042,
+ "htmlId": "articles--fleet-380--681019a9ad",
+ "sectionRelativeRepoPath": "fleet-3.8.0.md",
+ "meta": {
+ "category": "releases",
+ "authorFullName": "Noah Talerman",
+ "authorGitHubUsername": "noahtalerman",
+ "publishedOn": "2021-02-26",
+ "articleTitle": "Fleet 3.8.0",
+ "articleImageUrl": "/images/articles/fleet-3.8.0-cover-1600x900@2x.jpg"
+ }
+ },
+ {
+ "url": "/releases/fleet-3.9.0",
+ "title": "Fleet 3.9.0",
+ "lastModifiedAt": 1726839805043,
+ "htmlId": "articles--fleet-390--7ceb277f2f",
+ "sectionRelativeRepoPath": "fleet-3.9.0.md",
+ "meta": {
+ "category": "releases",
+ "authorFullName": "Noah Talerman",
+ "authorGitHubUsername": "noahtalerman",
+ "publishedOn": "2021-03-10",
+ "articleTitle": "Fleet 3.9.0",
+ "articleImageUrl": "/images/articles/fleet-3.9.0-cover-1600x900@2x.jpg"
+ }
+ },
+ {
+ "url": "/releases/fleet-4.0.0",
+ "title": "Fleet 4.0.0",
+ "lastModifiedAt": 1726839805044,
+ "htmlId": "articles--fleet-400--33d96e46d6",
+ "sectionRelativeRepoPath": "fleet-4.0.0.md",
+ "meta": {
+ "category": "releases",
+ "authorFullName": "Noah Talerman",
+ "authorGitHubUsername": "noahtalerman",
+ "publishedOn": "2021-06-30",
+ "articleTitle": "Fleet 4.0.0 released with Role-based access control and Teams features",
+ "articleImageUrl": "/images/articles/fleet-4.0.0-cover-1600x900@2x.jpg"
+ }
+ },
+ {
+ "url": "/releases/fleet-4.1.0",
+ "title": "Fleet 4.1.0",
+ "lastModifiedAt": 1726839805045,
+ "htmlId": "articles--fleet-410--2f2a288a79",
+ "sectionRelativeRepoPath": "fleet-4.1.0.md",
+ "meta": {
+ "category": "releases",
+ "authorFullName": "Noah Talerman",
+ "authorGitHubUsername": "noahtalerman",
+ "publishedOn": "2021-07-27",
+ "articleTitle": "Fleet 4.1.0 released with Schedule and Activity feed features",
+ "articleImageUrl": "/images/articles/fleet-4.1.0-cover-1600x900@2x.jpg"
+ }
+ },
+ {
+ "url": "/releases/fleet-4.10.0",
+ "title": "Fleet 4.10.0",
+ "lastModifiedAt": 1726839805046,
+ "htmlId": "articles--fleet-4100--dd259b5e42",
+ "sectionRelativeRepoPath": "fleet-4.10.0.md",
+ "meta": {
+ "category": "releases",
+ "authorFullName": "Mike Thomas",
+ "authorGitHubUsername": "mike-j-thomas",
+ "publishedOn": "2022-02-14",
+ "articleTitle": "Fleet 4.10.0 brings new features and improvements for vulnerability analysts.",
+ "articleImageUrl": "/images/articles/fleet-4.10.0-cover-1600x900@2x.jpg"
+ }
+ },
+ {
+ "url": "/releases/fleet-4.12.0",
+ "title": "Fleet 4.12.0",
+ "lastModifiedAt": 1726839805047,
+ "htmlId": "articles--fleet-4120--150c6e2731",
+ "sectionRelativeRepoPath": "fleet-4.12.0.md",
+ "meta": {
+ "category": "releases",
+ "authorFullName": "Mike Thomas",
+ "authorGitHubUsername": "mike-j-thomas",
+ "publishedOn": "2022-03-25",
+ "articleTitle": "Fleet 4.12.0 | Platform-specific policies, and improved query results",
+ "articleImageUrl": "/images/articles/fleet-4.12.0-cover-1600x900@2x.jpg"
+ }
+ },
+ {
+ "url": "/releases/fleet-4.13.0",
+ "title": "Fleet 4.13.0",
+ "lastModifiedAt": 1726839805047,
+ "htmlId": "articles--fleet-4130--771b1f08ac",
+ "sectionRelativeRepoPath": "fleet-4.13.0.md",
+ "meta": {
+ "category": "releases",
+ "authorFullName": "Fleet",
+ "authorGitHubUsername": "fleetdm",
+ "publishedOn": "2022-04-19",
+ "articleTitle": "Fleet 4.13.0 | Security fixes, policy automations for teams, and aggregated macOS versions for MacAdmins.",
+ "articleImageUrl": "/images/articles/fleet-4.13.0-cover-1600x900@2x.jpg"
+ }
+ },
+ {
+ "url": "/releases/fleet-4.11.0",
+ "title": "Fleet 4.11.0",
+ "lastModifiedAt": 1726839805048,
+ "htmlId": "articles--fleet-4110--a057b8896f",
+ "sectionRelativeRepoPath": "fleet-4.11.0.md",
+ "meta": {
+ "category": "releases",
+ "authorFullName": "Mike Thomas",
+ "authorGitHubUsername": "mike-j-thomas",
+ "publishedOn": "2022-03-07",
+ "articleTitle": "Fleet 4.11.0 brings impact clarity, improvements to vulnerability processing, and performance updates.",
+ "articleImageUrl": "/images/articles/fleet-4.11.0-cover-1600x900@2x.jpg"
+ }
+ },
+ {
+ "url": "/releases/fleet-4.14.0",
+ "title": "Fleet 4.14.0",
+ "lastModifiedAt": 1726839805049,
+ "htmlId": "articles--fleet-4140--e58b7a34f3",
+ "sectionRelativeRepoPath": "fleet-4.14.0.md",
+ "meta": {
+ "category": "releases",
+ "authorFullName": "Kathy Satterlee",
+ "authorGitHubUsername": "ksatter",
+ "publishedOn": "2022-05-06",
+ "articleTitle": "Fleet 4.14.0 adds beta support for automatic ticket creation and improves the live query experience.",
+ "articleImageUrl": "/images/articles/fleet-4.14.0-cover-1600x900@2x.jpg"
+ }
+ },
+ {
+ "url": "/releases/fleet-4.16.0",
+ "title": "Fleet 4.16.0",
+ "lastModifiedAt": 1726839805051,
+ "htmlId": "articles--fleet-4160--ac79cd8c59",
+ "sectionRelativeRepoPath": "fleet-4.16.0.md",
+ "meta": {
+ "category": "releases",
+ "authorFullName": "Kathy Satterlee",
+ "authorGitHubUsername": "ksatter",
+ "publishedOn": "2022-06-16",
+ "articleTitle": "Fleet 4.16.0 | more customization, beefed up vuln management, Jira added to integrations.",
+ "articleImageUrl": "/images/articles/fleet-4.16.0-cover-1600x900@2x.jpg"
+ }
+ },
+ {
+ "url": "/releases/fleet-4.17.0",
+ "title": "Fleet 4.17.0",
+ "lastModifiedAt": 1726839805052,
+ "htmlId": "articles--fleet-4170--a276e12e2a",
+ "sectionRelativeRepoPath": "fleet-4.17.0.md",
+ "meta": {
+ "category": "releases",
+ "authorFullName": "Kathy Satterlee",
+ "authorGitHubUsername": "ksatter",
+ "publishedOn": "2022-07-11",
+ "articleTitle": "Fleet 4.17.0 | Better osquery management, user engagement, improved host vitals.",
+ "articleImageUrl": "/images/articles/fleet-4.17.0-cover-1600x900@2x.jpg"
+ }
+ },
+ {
+ "url": "/releases/fleet-4.15.0",
+ "title": "Fleet 4.15.0",
+ "lastModifiedAt": 1726839805053,
+ "htmlId": "articles--fleet-4150--3865641c1c",
+ "sectionRelativeRepoPath": "fleet-4.15.0.md",
+ "meta": {
+ "category": "releases",
+ "authorFullName": "Kathy Satterlee",
+ "authorGitHubUsername": "ksatter",
+ "publishedOn": "2022-05-30",
+ "articleTitle": "Fleet 4.15.0 adds beta support for Self-service, Scope transparency, and brings Zendesk to the party.",
+ "articleImageUrl": "/images/articles/fleet-4.15.0-cover-1600x900@2x.jpg"
+ }
+ },
+ {
+ "url": "/releases/fleet-4.18.0",
+ "title": "Fleet 4.18.0",
+ "lastModifiedAt": 1726839805054,
+ "htmlId": "articles--fleet-4180--9e4ce6c31b",
+ "sectionRelativeRepoPath": "fleet-4.18.0.md",
+ "meta": {
+ "category": "releases",
+ "authorFullName": "Kathy Satterlee",
+ "authorGitHubUsername": "ksatter",
+ "publishedOn": "2022-08-03",
+ "articleTitle": "Fleet 4.18.0 | Better security and user messaging in Fleet Desktop",
+ "articleImageUrl": "/images/articles/fleet-4.18.0-cover-1600x900@2x.jpg"
+ }
+ },
+ {
+ "url": "/releases/fleet-4.19.0",
+ "title": "Fleet 4.19.0",
+ "lastModifiedAt": 1726839805055,
+ "htmlId": "articles--fleet-4190--450188c15f",
+ "sectionRelativeRepoPath": "fleet-4.19.0.md",
+ "meta": {
+ "category": "releases",
+ "authorFullName": "Noah Talerman",
+ "authorGitHubUsername": "noahtalerman",
+ "publishedOn": "2022-08-22",
+ "articleTitle": "Fleet 4.19.0 | Just-in-time (JIT) user provisioning, remaining disk space, aggregate Windows and mobile device management (MDM) data",
+ "articleImageUrl": "/images/articles/fleet-4.19.0-cover-1600x900@2x.jpg"
+ }
+ },
+ {
+ "url": "/releases/fleet-4.2.0",
+ "title": "Fleet 4.2.0",
+ "lastModifiedAt": 1726839805055,
+ "htmlId": "articles--fleet-420--ead484f1f9",
+ "sectionRelativeRepoPath": "fleet-4.2.0.md",
+ "meta": {
+ "category": "releases",
+ "authorFullName": "Noah Talerman",
+ "authorGitHubUsername": "noahtalerman",
+ "publishedOn": "2021-08-12",
+ "articleTitle": "Fleet 4.2.0",
+ "articleImageUrl": "/images/articles/fleet-4.2.0-cover-1600x900@2x.jpg"
+ }
+ },
+ {
+ "url": "/releases/fleet-4.20.0",
+ "title": "Fleet 4.20.0",
+ "lastModifiedAt": 1726839805057,
+ "htmlId": "articles--fleet-4200--3a3e9234b6",
+ "sectionRelativeRepoPath": "fleet-4.20.0.md",
+ "meta": {
+ "category": "releases",
+ "authorFullName": "Noah Talerman",
+ "authorGitHubUsername": "noahtalerman",
+ "publishedOn": "2022-09-09",
+ "articleTitle": "Fleet 4.20.0 | Aggregate Munki issues, test features on canary teams, improved macOS vulnerability detection",
+ "articleImageUrl": "/images/articles/fleet-4.20.0-1600x900.jpg"
+ }
+ },
+ {
+ "url": "/releases/fleet-4.21.0",
+ "title": "Fleet 4.21.0",
+ "lastModifiedAt": 1726839805058,
+ "htmlId": "articles--fleet-4210--ef1f69ba72",
+ "sectionRelativeRepoPath": "fleet-4.21.0.md",
+ "meta": {
+ "category": "releases",
+ "authorFullName": "Chris McGillicuddy",
+ "authorGitHubUsername": "chris-mcgillicuddy",
+ "publishedOn": "2022-10-05",
+ "articleTitle": "Fleet 4.21.0 | Validate config and teams YAML documents, manage osquery flags remotely with Orbit, view team and global policy compliance",
+ "articleImageUrl": "/images/articles/fleet-4.21.0-1600x900@2x.jpeg"
+ }
+ },
+ {
+ "url": "/releases/fleet-4.22.0",
+ "title": "Fleet 4.22.0",
+ "lastModifiedAt": 1726839805059,
+ "htmlId": "articles--fleet-4220--79ccc66c3c",
+ "sectionRelativeRepoPath": "fleet-4.22.0.md",
+ "meta": {
+ "category": "releases",
+ "authorFullName": "Chris McGillicuddy",
+ "authorGitHubUsername": "chris-mcgillicuddy",
+ "publishedOn": "2022-10-21",
+ "articleTitle": "Fleet 4.22.0 | Easier access to host information, better query console UX, and clearer display names",
+ "articleImageUrl": "/images/articles/fleet-4.22.0-cover-800x450@2x.jpg"
+ }
+ },
+ {
+ "url": "/releases/fleet-4.23.0",
+ "title": "Fleet 4.23.0",
+ "lastModifiedAt": 1726839805060,
+ "htmlId": "articles--fleet-4230--653ee52499",
+ "sectionRelativeRepoPath": "fleet-4.23.0.md",
+ "meta": {
+ "category": "releases",
+ "authorFullName": "Noah Talerman",
+ "authorGitHubUsername": "noahtalerman",
+ "publishedOn": "2022-11-14",
+ "articleTitle": "Fleet 4.23.0 | Better insight into inherited policies, improved host vitals, and more configuration visibility",
+ "articleImageUrl": "/images/articles/fleet-4.23.0-800x450@2x.jpg"
+ }
+ },
+ {
+ "url": "/releases/fleet-4.24.0",
+ "title": "Fleet 4.24.0",
+ "lastModifiedAt": 1726839805061,
+ "htmlId": "articles--fleet-4240--19516bb4b8",
+ "sectionRelativeRepoPath": "fleet-4.24.0.md",
+ "meta": {
+ "category": "releases",
+ "authorFullName": "Noah Talerman",
+ "authorGitHubUsername": "noahtalerman",
+ "publishedOn": "2022-12-06",
+ "articleTitle": "Fleet 4.24.0 | Live query notifications and navigation improvements",
+ "articleImageUrl": "/images/articles/fleet-4.24.0-cover-1600x900@2x.jpg"
+ }
+ },
+ {
+ "url": "/releases/fleet-4.25.0",
+ "title": "Fleet 4.25.0",
+ "lastModifiedAt": 1726839805063,
+ "htmlId": "articles--fleet-4250--9127fac1f2",
+ "sectionRelativeRepoPath": "fleet-4.25.0.md",
+ "meta": {
+ "category": "releases",
+ "authorFullName": "Noah Talerman",
+ "authorGitHubUsername": "noahtalerman",
+ "publishedOn": "2023-01-03",
+ "articleTitle": "Fleet 4.25.0 | Extra security and MDM visibility",
+ "articleImageUrl": "/images/articles/fleet-4.25.0-1600x900@2x.jpg"
+ }
+ },
+ {
+ "url": "/releases/fleet-4.26.0",
+ "title": "Fleet 4.26.0",
+ "lastModifiedAt": 1726839805064,
+ "htmlId": "articles--fleet-4260--3ecc26a58f",
+ "sectionRelativeRepoPath": "fleet-4.26.0.md",
+ "meta": {
+ "category": "releases",
+ "authorFullName": "Noah Talerman",
+ "authorGitHubUsername": "noahtalerman",
+ "publishedOn": "2023-01-16",
+ "articleTitle": "Fleet 4.26.0 | Easier osquery extensions, external audit log destinations, and cleaner data lakes",
+ "articleImageUrl": "/images/articles/fleet-4.26.0-1600x900@2x.png"
+ }
+ },
+ {
+ "url": "/releases/fleet-4.27.0",
+ "title": "Fleet 4.27.0",
+ "lastModifiedAt": 1726839805065,
+ "htmlId": "articles--fleet-4270--5def591f64",
+ "sectionRelativeRepoPath": "fleet-4.27.0.md",
+ "meta": {
+ "category": "releases",
+ "authorFullName": "Noah Talerman",
+ "authorGitHubUsername": "noahtalerman",
+ "publishedOn": "2023-02-14",
+ "articleTitle": "Fleet 4.27.0 | Improved access management and improved search filters",
+ "articleImageUrl": "/images/articles/fleet-4.27.0-1600x900@2x.png"
+ }
+ },
+ {
+ "url": "/releases/fleet-4.28.0",
+ "title": "Fleet 4.28.0",
+ "lastModifiedAt": 1726839805066,
+ "htmlId": "articles--fleet-4280--52f2441fa4",
+ "sectionRelativeRepoPath": "fleet-4.28.0.md",
+ "meta": {
+ "category": "releases",
+ "authorFullName": "JD Strong",
+ "authorGitHubUsername": "spokanemac",
+ "publishedOn": "2023-02-28",
+ "articleTitle": "Fleet 4.28.0 | CIS benchmarks for Ventura",
+ "articleImageUrl": "/images/articles/fleet-4.28.0-800x450@2x.png"
+ }
+ },
+ {
+ "url": "/releases/fleet-4.29.0",
+ "title": "Fleet 4.29.0",
+ "lastModifiedAt": 1726839805067,
+ "htmlId": "articles--fleet-4290--507fc72ef3",
+ "sectionRelativeRepoPath": "fleet-4.29.0.md",
+ "meta": {
+ "category": "releases",
+ "authorFullName": "JD Strong",
+ "authorGitHubUsername": "spokanemac",
+ "publishedOn": "2023-03-22",
+ "articleTitle": "Fleet 4.29.0 | SSO provides JIT Fleet user roles",
+ "articleImageUrl": "/images/articles/fleet-4.29.0-1600x900@2x.png"
+ }
+ },
+ {
+ "url": "/releases/fleet-4.3.0",
+ "title": "Fleet 4.3.0",
+ "lastModifiedAt": 1726839805068,
+ "htmlId": "articles--fleet-430--f231d44352",
+ "sectionRelativeRepoPath": "fleet-4.3.0.md",
+ "meta": {
+ "category": "releases",
+ "authorFullName": "Mike Thomas",
+ "authorGitHubUsername": "mike-j-thomas",
+ "publishedOn": "2021-09-07",
+ "articleTitle": "Fleet 4.3.0",
+ "articleImageUrl": "/images/articles/fleet-4.3.0-cover-1600x900@2x.jpg"
+ }
+ },
+ {
+ "url": "/releases/fleet-4.30.0",
+ "title": "Fleet 4.30.0",
+ "lastModifiedAt": 1726839805069,
+ "htmlId": "articles--fleet-4300--0e053dac25",
+ "sectionRelativeRepoPath": "fleet-4.30.0.md",
+ "meta": {
+ "category": "releases",
+ "authorFullName": "JD Strong",
+ "authorGitHubUsername": "spokanemac",
+ "publishedOn": "2023-04-11",
+ "articleTitle": "Fleet 4.30.0 | MDM public beta, Observer+ role, Vulnerability publication dates",
+ "articleImageUrl": "/images/articles/fleet-4.30.0-1600x900@2x.png"
+ }
+ },
+ {
+ "url": "/releases/fleet-4.31.0",
+ "title": "Fleet 4.31.0",
+ "lastModifiedAt": 1726839805071,
+ "htmlId": "articles--fleet-4310--439ea795b4",
+ "sectionRelativeRepoPath": "fleet-4.31.0.md",
+ "meta": {
+ "category": "releases",
+ "authorFullName": "JD Strong",
+ "authorGitHubUsername": "spokanemac",
+ "publishedOn": "2023-05-01",
+ "articleTitle": "Fleet 4.31.0 | MDM enrollment workflow, API user role.",
+ "articleImageUrl": "/images/articles/fleet-4.31.0-1600x900@2x.png"
+ }
+ },
+ {
+ "url": "/releases/fleet-4.32.0",
+ "title": "Fleet 4.32.0",
+ "lastModifiedAt": 1726839805073,
+ "htmlId": "articles--fleet-4320--221d90689c",
+ "sectionRelativeRepoPath": "fleet-4.32.0.md",
+ "meta": {
+ "category": "releases",
+ "authorFullName": "JD Strong",
+ "authorGitHubUsername": "spokanemac",
+ "publishedOn": "2023-05-24",
+ "articleTitle": "Fleet 4.32.0 | User migration, customizing macOS Setup Assistant.",
+ "articleImageUrl": "/images/articles/fleet-4.32.0-1600x900@2x.png"
+ }
+ },
+ {
+ "url": "/releases/fleet-4.33.0",
+ "title": "Fleet 4.33.0",
+ "lastModifiedAt": 1726839805074,
+ "htmlId": "articles--fleet-4330--3b965c130a",
+ "sectionRelativeRepoPath": "fleet-4.33.0.md",
+ "meta": {
+ "category": "releases",
+ "authorFullName": "JD Strong",
+ "authorGitHubUsername": "spokanemac",
+ "publishedOn": "2023-06-13",
+ "articleTitle": "Fleet 4.33.0 | ChromeOS support, new verified status",
+ "articleImageUrl": "/images/articles/fleet-4.33.0-1600x900@2x.png"
+ }
+ },
+ {
+ "url": "/releases/fleet-4.34.0",
+ "title": "Fleet 4.34.0",
+ "lastModifiedAt": 1726839805075,
+ "htmlId": "articles--fleet-4340--aab74d16d2",
+ "sectionRelativeRepoPath": "fleet-4.34.0.md",
+ "meta": {
+ "category": "releases",
+ "authorFullName": "JD Strong",
+ "authorGitHubUsername": "spokanemac",
+ "publishedOn": "2023-07-12",
+ "articleTitle": "Fleet 4.34.0 | ChromeOS tables, CIS Benchmark load testing",
+ "articleImageUrl": "/images/articles/fleet-4.34.0-1600x900@2x.png"
+ }
+ },
+ {
+ "url": "/releases/fleet-4.35.0",
+ "title": "Fleet 4.35.0",
+ "lastModifiedAt": 1726839805076,
+ "htmlId": "articles--fleet-4350--d4921e1140",
+ "sectionRelativeRepoPath": "fleet-4.35.0.md",
+ "meta": {
+ "category": "releases",
+ "authorFullName": "JD Strong",
+ "authorGitHubUsername": "spokanemac",
+ "publishedOn": "2023-08-01",
+ "articleTitle": "Fleet 4.35.0 | Improvements and bug fixes.",
+ "articleImageUrl": "/images/articles/fleet-4.35.0-1600x900@2x.png"
+ }
+ },
+ {
+ "url": "/releases/fleet-4.37.0",
+ "title": "Fleet 4.37.0",
+ "lastModifiedAt": 1726839805077,
+ "htmlId": "articles--fleet-4370--56524e6b70",
+ "sectionRelativeRepoPath": "fleet-4.37.0.md",
+ "meta": {
+ "category": "releases",
+ "authorFullName": "JD Strong",
+ "authorGitHubUsername": "spokanemac",
+ "publishedOn": "2023-09-07",
+ "articleTitle": "Fleet 4.37.0 | Remote script execution & Puppet support.",
+ "articleImageUrl": "/images/articles/fleet-4.37.0-1600x900@2x.png"
+ }
+ },
+ {
+ "url": "/releases/fleet-4.36.0",
+ "title": "Fleet 4.36.0",
+ "lastModifiedAt": 1726839805078,
+ "htmlId": "articles--fleet-4360--0167b9704b",
+ "sectionRelativeRepoPath": "fleet-4.36.0.md",
+ "meta": {
+ "category": "releases",
+ "authorFullName": "JD Strong",
+ "authorGitHubUsername": "spokanemac",
+ "publishedOn": "2023-08-18",
+ "articleTitle": "Fleet 4.36.0 | Saved and scheduled queries merge.",
+ "articleImageUrl": "/images/articles/fleet-4.36.0-1600x900@2x.png"
+ }
+ },
+ {
+ "url": "/releases/fleet-4.38.0",
+ "title": "Fleet 4.38.0",
+ "lastModifiedAt": 1726839805080,
+ "htmlId": "articles--fleet-4380--8522df1a2e",
+ "sectionRelativeRepoPath": "fleet-4.38.0.md",
+ "meta": {
+ "category": "releases",
+ "authorFullName": "JD Strong",
+ "authorGitHubUsername": "spokanemac",
+ "publishedOn": "2023-09-25",
+ "articleTitle": "Fleet 4.38.0 | Profile redelivery, NVD details, and custom extension label support.",
+ "articleImageUrl": "/images/articles/fleet-4.38.0-1600x900@2x.png"
+ }
+ },
+ {
+ "url": "/releases/fleet-4.39.0",
+ "title": "Fleet 4.39.0",
+ "lastModifiedAt": 1726839805081,
+ "htmlId": "articles--fleet-4390--ad9a535d1c",
+ "sectionRelativeRepoPath": "fleet-4.39.0.md",
+ "meta": {
+ "category": "releases",
+ "authorFullName": "JD Strong",
+ "authorGitHubUsername": "spokanemac",
+ "publishedOn": "2023-10-26",
+ "articleTitle": "Fleet 4.39.0 | Sonoma support, script library, query reports.",
+ "articleImageUrl": "/images/articles/fleet-4.39.0-1600x900@2x.png"
+ }
+ },
+ {
+ "url": "/releases/fleet-4.4.0",
+ "title": "Fleet 4.4.0",
+ "lastModifiedAt": 1726839805082,
+ "htmlId": "articles--fleet-440--24061a1eff",
+ "sectionRelativeRepoPath": "fleet-4.4.0.md",
+ "meta": {
+ "category": "releases",
+ "authorFullName": "Mike Thomas",
+ "authorGitHubUsername": "mike-j-thomas",
+ "publishedOn": "2021-10-07",
+ "articleTitle": "Fleet 4.4.0 releases aggregated software inventory, team policies, and improved team scheduling",
+ "articleImageUrl": "/images/articles/fleet-4.4.0-cover-1600x900@2x.jpg"
+ }
+ },
+ {
+ "url": "/releases/fleet-4.40.0",
+ "title": "Fleet 4.40.0",
+ "lastModifiedAt": 1726839805083,
+ "htmlId": "articles--fleet-4400--53f1a0954b",
+ "sectionRelativeRepoPath": "fleet-4.40.0.md",
+ "meta": {
+ "category": "releases",
+ "authorFullName": "JD Strong",
+ "authorGitHubUsername": "spokanemac",
+ "publishedOn": "2023-11-06",
+ "articleTitle": "Fleet 4.40.0 | More Data, Rapid Security Response, CIS Benchmark updates.",
+ "articleImageUrl": "/images/articles/fleet-4.40.0-1600x900@2x.png"
+ }
+ },
+ {
+ "url": "/releases/fleet-4.41.0",
+ "title": "Fleet 4.41.0",
+ "lastModifiedAt": 1726839805084,
+ "htmlId": "articles--fleet-4410--f4c37d963b",
+ "sectionRelativeRepoPath": "fleet-4.41.0.md",
+ "meta": {
+ "category": "releases",
+ "authorFullName": "JD Strong",
+ "authorGitHubUsername": "spokanemac",
+ "publishedOn": "2023-11-28",
+ "articleTitle": "Fleet 4.41.0 | NVD API 2.0, Windows script library.",
+ "articleImageUrl": "/images/articles/fleet-4.41.0-1600x900@2x.png"
+ }
+ },
+ {
+ "url": "/releases/fleet-4.42.0",
+ "title": "Fleet 4.42.0",
+ "lastModifiedAt": 1726839805086,
+ "htmlId": "articles--fleet-4420--8d6641fa28",
+ "sectionRelativeRepoPath": "fleet-4.42.0.md",
+ "meta": {
+ "category": "releases",
+ "authorFullName": "JD Strong",
+ "authorGitHubUsername": "spokanemac",
+ "publishedOn": "2023-12-21",
+ "articleTitle": "Fleet 4.42.0 | Query performance reporting, host targeting improvements.",
+ "articleImageUrl": "/images/articles/fleet-4.42.0-1600x900@2x.png"
+ }
+ },
+ {
+ "url": "/releases/fleet-4.43.0",
+ "title": "Fleet 4.43.0",
+ "lastModifiedAt": 1726839805087,
+ "htmlId": "articles--fleet-4430--296526b139",
+ "sectionRelativeRepoPath": "fleet-4.43.0.md",
+ "meta": {
+ "category": "releases",
+ "authorFullName": "JD Strong",
+ "authorGitHubUsername": "spokanemac",
+ "publishedOn": "2024-01-09",
+ "articleTitle": "Fleet 4.43.0 | Query performance reporting, host targeting improvements.",
+ "articleImageUrl": "/images/articles/fleet-4.43.0-1600x900@2x.png"
+ }
+ },
+ {
+ "url": "/releases/fleet-4.44.0",
+ "title": "Fleet 4.44.0",
+ "lastModifiedAt": 1726839805089,
+ "htmlId": "articles--fleet-4440--e0c9504248",
+ "sectionRelativeRepoPath": "fleet-4.44.0.md",
+ "meta": {
+ "category": "releases",
+ "authorFullName": "JD Strong",
+ "authorGitHubUsername": "spokanemac",
+ "publishedOn": "2024-02-05",
+ "articleTitle": "Fleet 4.44.0 | Script execution, host expiry, and host targeting improvements.",
+ "articleImageUrl": "/images/articles/fleet-4.44.0-1600x900@2x.png"
+ }
+ },
+ {
+ "url": "/releases/fleet-4.45.0",
+ "title": "Fleet 4.45.0",
+ "lastModifiedAt": 1726839805090,
+ "htmlId": "articles--fleet-4450--525bed4841",
+ "sectionRelativeRepoPath": "fleet-4.45.0.md",
+ "meta": {
+ "category": "releases",
+ "authorFullName": "JD Strong",
+ "authorGitHubUsername": "spokanemac",
+ "publishedOn": "2024-02-21",
+ "articleTitle": "Fleet 4.45.0 | Remote lock, Linux script library, osquery storage location.",
+ "articleImageUrl": "/images/articles/fleet-4.45.0-1600x900@2x.png"
+ }
+ },
+ {
+ "url": "/releases/fleet-4.46.0",
+ "title": "Fleet 4.46.0",
+ "lastModifiedAt": 1726839805091,
+ "htmlId": "articles--fleet-4460--2bc79fbeb9",
+ "sectionRelativeRepoPath": "fleet-4.46.0.md",
+ "meta": {
+ "category": "releases",
+ "authorFullName": "JD Strong",
+ "authorGitHubUsername": "spokanemac",
+ "publishedOn": "2024-02-26",
+ "articleTitle": "Fleet 4.46.0 | Automatic SCEP certificate renewal.",
+ "articleImageUrl": "/images/articles/fleet-4.46.0-1600x900@2x.png"
+ }
+ },
+ {
+ "url": "/releases/fleet-4.47.0",
+ "title": "Fleet 4.47.0",
+ "lastModifiedAt": 1726839805092,
+ "htmlId": "articles--fleet-4470--d61e2e7199",
+ "sectionRelativeRepoPath": "fleet-4.47.0.md",
+ "meta": {
+ "category": "releases",
+ "authorFullName": "JD Strong",
+ "authorGitHubUsername": "spokanemac",
+ "publishedOn": "2024-03-12",
+ "articleTitle": "Fleet 4.47.0 | Cross-platform remote wipe, vulnerabilities page, and scripting improvements.",
+ "articleImageUrl": "/images/articles/fleet-4.47.0-1600x900@2x.png"
+ }
+ },
+ {
+ "url": "/releases/fleet-4.48.0",
+ "title": "Fleet 4.48.0",
+ "lastModifiedAt": 1726839805094,
+ "htmlId": "articles--fleet-4480--ecbe7beab5",
+ "sectionRelativeRepoPath": "fleet-4.48.0.md",
+ "meta": {
+ "category": "releases",
+ "authorFullName": "JD Strong",
+ "authorGitHubUsername": "spokanemac",
+ "publishedOn": "2024-04-03",
+ "articleTitle": "Fleet 4.48.0 | IdP local account creation, VS Code extensions.",
+ "articleImageUrl": "/images/articles/fleet-4.48.0-1600x900@2x.png"
+ }
+ },
+ {
+ "url": "/releases/fleet-4.49.0",
+ "title": "Fleet 4.49.0",
+ "lastModifiedAt": 1726839805095,
+ "htmlId": "articles--fleet-4490--c90f5fc656",
+ "sectionRelativeRepoPath": "fleet-4.49.0.md",
+ "meta": {
+ "category": "releases",
+ "authorFullName": "JD Strong",
+ "authorGitHubUsername": "spokanemac",
+ "publishedOn": "2024-04-23",
+ "articleTitle": "Fleet 4.49.0 | VulnCheck's NVD++, device health API, fleetd data parsing.",
+ "articleImageUrl": "/images/articles/fleet-4.49.0-1600x900@2x.png"
+ }
+ },
+ {
+ "url": "/releases/fleet-4.5.0",
+ "title": "Fleet 4.5.0",
+ "lastModifiedAt": 1726839805096,
+ "htmlId": "articles--fleet-450--2c474c8040",
+ "sectionRelativeRepoPath": "fleet-4.5.0.md",
+ "meta": {
+ "category": "releases",
+ "authorFullName": "Mike Thomas",
+ "authorGitHubUsername": "mike-j-thomas",
+ "publishedOn": "2021-11-02",
+ "articleTitle": "Fleet 4.5.0 with new team admin role, live OS compatibility checking, query performance impact, and a new-look dashboard",
+ "articleImageUrl": "/images/articles/fleet-4.5.0-cover-1600x900@2x.jpg"
+ }
+ },
+ {
+ "url": "/releases/fleet-4.50.0",
+ "title": "Fleet 4.50.0",
+ "lastModifiedAt": 1726839805098,
+ "htmlId": "articles--fleet-4500--44757c8700",
+ "sectionRelativeRepoPath": "fleet-4.50.0.md",
+ "meta": {
+ "category": "releases",
+ "authorFullName": "JD Strong",
+ "authorGitHubUsername": "spokanemac",
+ "publishedOn": "2024-05-22",
+ "articleTitle": "Fleet 4.50.0 | Security agent deployment, AI descriptions, and Mac Admins SOFA support.",
+ "articleImageUrl": "/images/articles/fleet-4.50.0-1600x900@2x.png"
+ }
+ },
+ {
+ "url": "/releases/fleet-4.53.0",
+ "title": "Fleet 4.53.0",
+ "lastModifiedAt": 1726839805100,
+ "htmlId": "articles--fleet-4530--1cc540fb24",
+ "sectionRelativeRepoPath": "fleet-4.53.0.md",
+ "meta": {
+ "category": "releases",
+ "authorFullName": "JD Strong",
+ "authorGitHubUsername": "spokanemac",
+ "publishedOn": "2024-06-25",
+ "articleTitle": "Fleet 4.53.0 | Better vuln matching, multi-issue hosts, & `fleetd` logs as tables",
+ "articleImageUrl": "/images/articles/fleet-4.53.0-1600x900@2x.png"
+ }
+ },
+ {
+ "url": "/releases/fleet-4.54.0",
+ "title": "Fleet 4.54.0",
+ "lastModifiedAt": 1726839805101,
+ "htmlId": "articles--fleet-4540--11b1c848f2",
+ "sectionRelativeRepoPath": "fleet-4.54.0.md",
+ "meta": {
+ "category": "releases",
+ "authorFullName": "JD Strong",
+ "authorGitHubUsername": "spokanemac",
+ "publishedOn": "2024-07-17",
+ "articleTitle": "Fleet 4.54.0 | Target hosts via label exclusion, script execution time.",
+ "articleImageUrl": "/images/articles/fleet-4.54.0-1600x900@2x.png"
+ }
+ },
+ {
+ "url": "/releases/fleet-4.51.0",
+ "title": "Fleet 4.51.0",
+ "lastModifiedAt": 1726839805102,
+ "htmlId": "articles--fleet-4510--7274f6fa9d",
+ "sectionRelativeRepoPath": "fleet-4.51.0.md",
+ "meta": {
+ "category": "releases",
+ "authorFullName": "JD Strong",
+ "authorGitHubUsername": "spokanemac",
+ "publishedOn": "2024-06-10",
+ "articleTitle": "Fleet 4.51.0 | Global activity webhook, macOS TCC table, and software self-service.",
+ "articleImageUrl": "/images/articles/fleet-4.51.0-1600x900@2x.png"
+ }
+ },
+ {
+ "url": "/releases/fleet-4.55.0",
+ "title": "Fleet 4.55.0",
+ "lastModifiedAt": 1726839805106,
+ "htmlId": "articles--fleet-4550--f7134a8007",
+ "sectionRelativeRepoPath": "fleet-4.55.0.md",
+ "meta": {
+ "category": "releases",
+ "authorFullName": "JD Strong",
+ "authorGitHubUsername": "spokanemac",
+ "publishedOn": "2024-08-09",
+ "articleTitle": "Fleet 4.55.0 | MySQL 8, arm64 support, FileVault improvements, VPP support.",
+ "articleImageUrl": "/images/articles/fleet-4.55.0-1600x900@2x.png"
+ }
+ },
+ {
+ "url": "/releases/fleet-4.56.0",
+ "title": "Fleet 4.56.0",
+ "lastModifiedAt": 1726839805108,
+ "htmlId": "articles--fleet-4560--6f2f9c6451",
+ "sectionRelativeRepoPath": "fleet-4.56.0.md",
+ "meta": {
+ "category": "releases",
+ "authorFullName": "JD Strong",
+ "authorGitHubUsername": "spokanemac",
+ "publishedOn": "2024-09-07",
+ "articleTitle": "Fleet 4.56.0 | Enhanced MDM migration, Exact CVE Search, and Self-Service VPP Apps.",
+ "articleImageUrl": "/images/articles/fleet-4.56.0-1600x900@2x.png"
+ }
+ },
+ {
+ "url": "/releases/fleet-4.6.0",
+ "title": "Fleet 4.6.0",
+ "lastModifiedAt": 1726839805109,
+ "htmlId": "articles--fleet-460--d71c3386e5",
+ "sectionRelativeRepoPath": "fleet-4.6.0.md",
+ "meta": {
+ "category": "releases",
+ "authorFullName": "Mike Thomas",
+ "authorGitHubUsername": "mike-j-thomas",
+ "publishedOn": "2021-11-19",
+ "articleTitle": "Fleet 4.6.0 with osquery installer, enroll secret management, and improved host vitals",
+ "articleImageUrl": "/images/articles/fleet-4.6.0-cover-1600x900@2x.jpg"
+ }
+ },
+ {
+ "url": "/releases/fleet-4.7.0",
+ "title": "Fleet 4.7.0",
+ "lastModifiedAt": 1726839805110,
+ "htmlId": "articles--fleet-470--f6d85e866c",
+ "sectionRelativeRepoPath": "fleet-4.7.0.md",
+ "meta": {
+ "category": "releases",
+ "authorFullName": "Mike Thomas",
+ "authorGitHubUsername": "mike-j-thomas",
+ "publishedOn": "2021-12-14",
+ "articleTitle": "Does Fleet 4.7.0 bring more power to your osquery compliance policies? Yes.",
+ "articleImageUrl": "/images/articles/fleet-4.7.0-cover-1600x900@2x.jpg"
+ }
+ },
+ {
+ "url": "/releases/fleet-4.8.0",
+ "title": "Fleet 4.8.0",
+ "lastModifiedAt": 1726839805111,
+ "htmlId": "articles--fleet-480--e0296e324b",
+ "sectionRelativeRepoPath": "fleet-4.8.0.md",
+ "meta": {
+ "category": "releases",
+ "authorFullName": "Drew Baker",
+ "authorGitHubUsername": "Drew-P-drawers",
+ "publishedOn": "2021-12-31",
+ "articleTitle": "Looking for policy automations, Google Chrome profile search, and Munki details from your hosts? Upgrade to Fleet 4.8.0",
+ "articleImageUrl": "/images/articles/fleet-4.8.0-cover-1600x900@2x.jpg"
+ }
+ },
+ {
+ "url": "/releases/fleet-4.9.0",
+ "title": "Fleet 4.9.0",
+ "lastModifiedAt": 1726839805112,
+ "htmlId": "articles--fleet-490--d6149315ff",
+ "sectionRelativeRepoPath": "fleet-4.9.0.md",
+ "meta": {
+ "category": "releases",
+ "authorFullName": "Mike Thomas",
+ "authorGitHubUsername": "mike-j-thomas",
+ "publishedOn": "2022-01-24",
+ "articleTitle": "Fleet 4.9.0 brings performance updates, paginated live query results, and policy YAML doc support.",
+ "articleImageUrl": "/images/articles/fleet-4.9.0-cover-1600x900@2x.jpg"
+ }
+ },
+ {
+ "url": "/guides/fleet-ai-assisted-policy-descriptions-and-resolutions",
+ "title": "Fleet ai assisted policy descriptions and resolutions",
+ "lastModifiedAt": 1726839805113,
+ "htmlId": "articles--fleet-ai-assisted-po--74a94535fe",
+ "sectionRelativeRepoPath": "fleet-ai-assisted-policy-descriptions-and-resolutions.md",
+ "meta": {
+ "articleTitle": "Fleet’s AI-assisted policy descriptions and resolutions",
+ "authorFullName": "Rachel Perkins",
+ "authorGitHubUsername": "rachelelysia",
+ "category": "guides",
+ "publishedOn": "2024-05-20",
+ "articleImageUrl": "/images/articles/fleet-ai-assisted-policy-descriptions-and-resolutions-1600x900@2x.png",
+ "description": "AI guides our way, Policies clear, secure paths, Compliance shines bright."
+ }
+ },
+ {
+ "url": "/announcements/fleet-adds-support-for-chrome-os",
+ "title": "Fleet adds support for chrome os",
+ "lastModifiedAt": 1726839805114,
+ "htmlId": "articles--fleet-adds-support-f--e846968e31",
+ "sectionRelativeRepoPath": "fleet-adds-support-for-chrome-os.md",
+ "meta": {
+ "category": "announcements",
+ "authorGitHubUsername": "spokanemac",
+ "authorFullName": "JD Strong",
+ "publishedOn": "2023-06-13",
+ "articleTitle": "Fleet enhances device management with ChromeOS support",
+ "articleImageUrl": "/images/articles/fleet-adds-support-for-chrome-os-1600x900@2x.png",
+ "description": "We're thrilled to announce that Fleet has expanded support to include ChromeOS and ChromeOS Flex!"
+ }
+ },
+ {
+ "url": "/announcements/fleet-desktop-says-hello-world",
+ "title": "Fleet desktop says hello world",
+ "lastModifiedAt": 1726839805115,
+ "htmlId": "articles--fleet-desktop-says-h--b773918322",
+ "sectionRelativeRepoPath": "fleet-desktop-says-hello-world.md",
+ "meta": {
+ "category": "announcements",
+ "authorGitHubUsername": "zhumo",
+ "authorFullName": "Mo Zhu",
+ "publishedOn": "2022-08-02",
+ "articleTitle": "Fleet Desktop says “Hello, world!”",
+ "articleImageUrl": "/images/articles/fleet-desktop-says-hello-world-cover-1600x900@2x.jpg"
+ }
+ },
+ {
+ "url": "/guides/fleet-desktop",
+ "title": "Fleet desktop",
+ "lastModifiedAt": 1726839805116,
+ "htmlId": "articles--fleet-desktop--9214a6a67a",
+ "sectionRelativeRepoPath": "fleet-desktop.md",
+ "meta": {
+ "category": "guides",
+ "authorGitHubUsername": "zhumo",
+ "authorFullName": "Mo Zhu",
+ "publishedOn": "2024-04-19",
+ "articleTitle": "Fleet Desktop",
+ "description": "Learn about Fleet Desktop's features for self-remediation and transparency."
+ }
+ },
+ {
+ "url": "/announcements/fleet-in-vegas-2023",
+ "title": "Fleet in vegas 2023",
+ "lastModifiedAt": 1726839805117,
+ "htmlId": "articles--fleet-in-vegas-2023--284818a7ab",
+ "sectionRelativeRepoPath": "fleet-in-vegas-2023.md",
+ "meta": {
+ "category": "announcements",
+ "authorGitHubUsername": "spokanemac",
+ "authorFullName": "JD Strong",
+ "publishedOn": "2023-08-02",
+ "articleTitle": "Fleet takes on Vegas: Exploring cybersecurity's future at Black Hat, B-Sides, and DEF CON 31",
+ "articleImageUrl": "/images/articles/fleet-in-vegas-2023@2x.jpg",
+ "description": "Explore cybersecurity's cutting edge with Fleet at three top-tier conferences - Black Hat, Security B-Sides, and DEF CON."
+ }
+ },
+ {
+ "url": "/releases/fleet-introduces-mdm",
+ "title": "Fleet introduces mdm",
+ "lastModifiedAt": 1726839805118,
+ "htmlId": "articles--fleet-introduces-mdm--e7ec825f3a",
+ "sectionRelativeRepoPath": "fleet-introduces-mdm.md",
+ "meta": {
+ "category": "releases",
+ "authorFullName": "JD Strong",
+ "authorGitHubUsername": "spokanemac",
+ "publishedOn": "2023-04-11",
+ "articleTitle": "Fleet introduces MDM",
+ "articleImageUrl": "/images/articles/fleet-mdm-launch-cover-800x450@2x.jpg"
+ }
+ },
+ {
+ "url": "/announcements/fleet-in-your-calendar-introducing-maintenance-windows",
+ "title": "Fleet in your calendar introducing maintenance windows",
+ "lastModifiedAt": 1726839805119,
+ "htmlId": "articles--fleet-in-your-calend--35d205d395",
+ "sectionRelativeRepoPath": "fleet-in-your-calendar-introducing-maintenance-windows.md",
+ "meta": {
+ "category": "announcements",
+ "authorFullName": "JD Strong",
+ "authorGitHubUsername": "spokanemac",
+ "publishedOn": "2024-04-30",
+ "articleTitle": "Fleet in your calendar: introducing maintenance windows",
+ "articleImageUrl": "/images/articles/fleet-in-your-calendar-introducing-maintenance-windows-cover-900x450@2x.png",
+ "description": "Like any good colleague, when Fleet needs some of your time, it puts it on your calendar."
+ }
+ },
+ {
+ "url": "/announcements/fleet-introduces-windows-mdm",
+ "title": "Fleet introduces windows mdm",
+ "lastModifiedAt": 1726839805120,
+ "htmlId": "articles--fleet-introduces-win--c7cafc9ba6",
+ "sectionRelativeRepoPath": "fleet-introduces-windows-mdm.md",
+ "meta": {
+ "category": "announcements",
+ "authorFullName": "JD Strong",
+ "authorGitHubUsername": "spokanemac",
+ "publishedOn": "2024-01-24",
+ "articleTitle": "Fleet introduces Windows MDM",
+ "articleImageUrl": "/images/articles/fleet-win-mdm-launch-cover-800x450@2x.png"
+ }
+ },
+ {
+ "url": "/announcements/fleet-is-abuzz-for-macdevops-yvr-2023",
+ "title": "Fleet is abuzz for macdevops yvr 2023",
+ "lastModifiedAt": 1726839805121,
+ "htmlId": "articles--fleet-is-abuzz-for-m--ad5da5f6fb",
+ "sectionRelativeRepoPath": "fleet-is-abuzz-for-macdevops-yvr-2023.md",
+ "meta": {
+ "category": "announcements",
+ "authorGitHubUsername": "spokanemac",
+ "authorFullName": "JD Strong",
+ "publishedOn": "2023-06-07",
+ "articleTitle": "Fleet is abuzz 🐝 for MacDevOps:YVR",
+ "articleImageUrl": "/images/articles/fleet-is-abuzz-for-macdevops-yvr-2023@2x.png",
+ "description": "Fleet is a proud sponsor of MacDevOps:YVR which is back in person in Vancouver, B.C. June 21-22, 2023"
+ }
+ },
+ {
+ "url": "/securing/fleet-osquery-unlocking-the-value-of-axonius-with-open-source-telemetry",
+ "title": "Fleet osquery unlocking the value of axonius with open source telemetry",
+ "lastModifiedAt": 1726839805122,
+ "htmlId": "articles--fleet-osquery-unlock--3d8a42de76",
+ "sectionRelativeRepoPath": "fleet-osquery-unlocking-the-value-of-axonius-with-open-source-telemetry.md",
+ "meta": {
+ "category": "security",
+ "authorFullName": "Brad Macdowall",
+ "authorGitHubUsername": "BradMacd",
+ "publishedOn": "2023-12-28",
+ "articleTitle": "Fleet & osquery: Unlocking the value of Axonius with open-source telemetry",
+ "articleImageUrl": "/images/articles/fleet-osquery-unlocking-the-value-of-axonius-with-open-source-telemetry-1600x900@2x.png"
+ }
+ },
+ {
+ "url": "/guides/fleet-quick-tips-querying-procdump-eula-has-been-accepted",
+ "title": "Fleet quick tips querying procdump eula has been accepted",
+ "lastModifiedAt": 1726839805123,
+ "htmlId": "articles--fleet-quick-tips-que--083c7ab95c",
+ "sectionRelativeRepoPath": "fleet-quick-tips-querying-procdump-eula-has-been-accepted.md",
+ "meta": {
+ "category": "guides",
+ "authorGitHubUsername": "mike-j-thomas",
+ "authorFullName": "Mike Thomas",
+ "publishedOn": "2021-05-11",
+ "articleTitle": "Fleet quick tips — identify systems where the ProcDump EULA has been accepted",
+ "articleImageUrl": "/images/articles/fleet-quick-tips-querying-procdump-eula-has-been-accepted-cover-700x440@2x.png"
+ }
+ },
+ {
+ "url": "/guides/fleet-terraform-byo-vpc-module",
+ "title": "Fleet terraform byo vpc module",
+ "lastModifiedAt": 1726839805124,
+ "htmlId": "articles--fleet-terraform-byo---dc914e6434",
+ "sectionRelativeRepoPath": "fleet-terraform-byo-vpc-module.md",
+ "meta": {
+ "category": "guides",
+ "authorFullName": "Robert Fairburn",
+ "authorGitHubUsername": "rfairburn",
+ "publishedOn": "2023-09-01",
+ "articleTitle": "Using the Fleet Terraform module with an existing VPC"
+ }
+ },
+ {
+ "url": "/announcements/fleet-terraform-module",
+ "title": "Fleet terraform module",
+ "lastModifiedAt": 1726839805125,
+ "htmlId": "articles--fleet-terraform-modu--290ad35faf",
+ "sectionRelativeRepoPath": "fleet-terraform-module.md",
+ "meta": {
+ "category": "announcements",
+ "authorFullName": "Zachary Winnerman",
+ "authorGitHubUsername": "zwinnerman-fleetdm",
+ "publishedOn": "2023-01-09",
+ "articleTitle": "Keep Fleet running smoothly on AWS with the new Terraform module"
+ }
+ },
+ {
+ "url": "/guides/fleet-usage-statistics",
+ "title": "Fleet usage statistics",
+ "lastModifiedAt": 1726839805126,
+ "htmlId": "articles--fleet-usage-statisti--8212e2baf7",
+ "sectionRelativeRepoPath": "fleet-usage-statistics.md",
+ "meta": {
+ "category": "guides",
+ "authorGitHubUsername": "noahtalerman",
+ "authorFullName": "Noah Talerman",
+ "publishedOn": "2024-08-13",
+ "articleTitle": "Fleet usage statistics",
+ "description": "Learn about Fleet's usage statistics and what information is collected."
+ }
+ },
+ {
+ "url": "/success-stories/fleet-user-stories-f100",
+ "title": "Fleet user stories f100",
+ "lastModifiedAt": 1726839805127,
+ "htmlId": "articles--fleet-user-stories-f--869652e2be",
+ "sectionRelativeRepoPath": "fleet-user-stories-f100.md",
+ "meta": {
+ "category": "success stories",
+ "authorGitHubUsername": "mike-j-thomas",
+ "authorFullName": "Mike Thomas",
+ "publishedOn": "2021-09-29",
+ "articleTitle": "Fleet user stories — F100",
+ "articleImageUrl": "/images/articles/fleet-user-stories-f100-cover-800x450@2x.png"
+ }
+ },
+ {
+ "url": "/success-stories/fleet-user-stories-schrodinger",
+ "title": "Fleet user stories schrodinger",
+ "lastModifiedAt": 1726839805127,
+ "htmlId": "articles--fleet-user-stories-s--1486ea1812",
+ "sectionRelativeRepoPath": "fleet-user-stories-schrodinger.md",
+ "meta": {
+ "category": "success stories",
+ "authorGitHubUsername": "mike-j-thomas",
+ "authorFullName": "Mike Thomas",
+ "publishedOn": "2021-09-10",
+ "articleTitle": "Fleet user stories — Schrödinger",
+ "articleImageUrl": "/images/articles/fleet-user-stories-schrodinger-cover-800x450@2x.png"
+ }
+ },
+ {
+ "url": "/success-stories/fleet-user-stories-wayfair",
+ "title": "Fleet user stories wayfair",
+ "lastModifiedAt": 1726839805128,
+ "htmlId": "articles--fleet-user-stories-w--c78d4fa6b9",
+ "sectionRelativeRepoPath": "fleet-user-stories-wayfair.md",
+ "meta": {
+ "category": "success stories",
+ "authorGitHubUsername": "mike-j-thomas",
+ "authorFullName": "Mike Thomas",
+ "publishedOn": "2021-08-20",
+ "articleTitle": "Fleet user stories — Wayfair",
+ "articleImageUrl": "/images/articles/fleet-user-stories-wayfair-cover-800x450@2x.png"
+ }
+ },
+ {
+ "url": "/guides/fleetctl",
+ "title": "Fleetctl",
+ "lastModifiedAt": 1726839805129,
+ "htmlId": "articles--fleetctl--0cb8193ba2",
+ "sectionRelativeRepoPath": "fleetctl.md",
+ "meta": {
+ "category": "guides",
+ "authorGitHubUsername": "noahtalerman",
+ "authorFullName": "Noah Talerman",
+ "publishedOn": "2024-07-04",
+ "articleTitle": "fleetctl",
+ "description": "Read about fleetctl, a CLI tool for managing Fleet and osquery configurations, running queries, generating Fleet's agent (fleetd) and more."
+ }
+ },
+ {
+ "url": "/announcements/from-osquery-to-fleet-planting-the-seed",
+ "title": "From osquery to Fleet planting the seed",
+ "lastModifiedAt": 1726839805130,
+ "htmlId": "articles--from-osquery-to-flee--229a9b9742",
+ "sectionRelativeRepoPath": "from-osquery-to-fleet-planting-the-seed.md",
+ "meta": {
+ "category": "announcements",
+ "authorGitHubUsername": "zwass",
+ "authorFullName": "Zach Wasserman",
+ "publishedOn": "2022-01-20",
+ "articleTitle": "The next step for Fleet: our $5M seed round 🌱",
+ "articleImageUrl": "/images/articles/from-osquery-to-fleet-planting-the-seed-cover-800x450@2x.png"
+ }
+ },
+ {
+ "url": "/guides/fleetd-updates",
+ "title": "Fleetd updates",
+ "lastModifiedAt": 1726839805131,
+ "htmlId": "articles--fleetd-updates--6d4aebafec",
+ "sectionRelativeRepoPath": "fleetd-updates.md",
+ "meta": {
+ "category": "guides",
+ "authorGitHubUsername": "noahtalerman",
+ "authorFullName": "Noah Talerman",
+ "publishedOn": "2024-04-30",
+ "articleTitle": "Fleetd updates",
+ "description": "Information on how to manage and secure Fleet agent updates."
+ }
+ },
+ {
+ "url": "/guides/generate-process-trees-with-osquery",
+ "title": "Generate process trees with osquery",
+ "lastModifiedAt": 1726839805132,
+ "htmlId": "articles--generate-process-tre--d1b0edcce1",
+ "sectionRelativeRepoPath": "generate-process-trees-with-osquery.md",
+ "meta": {
+ "category": "guides",
+ "authorGitHubUsername": "zwass",
+ "authorFullName": "Zach Wasserman",
+ "publishedOn": "2020-03-17",
+ "articleTitle": "Generate process trees with osquery",
+ "articleImageUrl": "/images/articles/generate-process-trees-with-osquery-cover-700x393@2x.jpeg"
+ }
+ },
+ {
+ "url": "/securing/get-and-stay-compliant-across-your-devices-with-fleet",
+ "title": "Get and stay compliant across your devices with Fleet",
+ "lastModifiedAt": 1726839805133,
+ "htmlId": "articles--get-and-stay-complia--2cb805730d",
+ "sectionRelativeRepoPath": "get-and-stay-compliant-across-your-devices-with-fleet.md",
+ "meta": {
+ "category": "security",
+ "authorFullName": "Drew Baker",
+ "authorGitHubUsername": "Drew-P-drawers",
+ "publishedOn": "2022-03-09",
+ "articleTitle": "Get and stay compliant across your devices with Fleet.",
+ "articleImageUrl": "/images/articles/get-and-stay-compliant-across-your-devices-with-fleet-cover-1600x900@2x.jpg"
+ }
+ },
+ {
+ "url": "/guides/get-current-telemetry-from-your-devices-with-live-queries",
+ "title": "Get current telemetry from your devices with live queries",
+ "lastModifiedAt": 1726839805134,
+ "htmlId": "articles--get-current-telemetr--019d64996a",
+ "sectionRelativeRepoPath": "get-current-telemetry-from-your-devices-with-live-queries.md",
+ "meta": {
+ "articleTitle": "Get current telemetry from your devices with live queries",
+ "authorFullName": "Victor Lyuboslavsky",
+ "authorGitHubUsername": "getvictor",
+ "category": "guides",
+ "publishedOn": "2023-12-27",
+ "description": "Learn how live queries work under the hood."
+ }
+ },
+ {
+ "url": "/announcements/government-agencies-need-to-dith-the-mdm-thicket",
+ "title": "Government agencies need to dith the mdm thicket",
+ "lastModifiedAt": 1726839805135,
+ "htmlId": "articles--government-agencies---f0385b3f79",
+ "sectionRelativeRepoPath": "government-agencies-need-to-dith-the-mdm-thicket.md",
+ "meta": {
+ "category": "announcements",
+ "authorFullName": "Keith Barnes",
+ "authorGitHubUsername": "KAB703",
+ "publishedOn": "2024-02-09",
+ "articleTitle": "Government agencies need to ditch the MDM thicket: multiple solutions cost you more than you think",
+ "articleImageUrl": "/images/articles/government-agencies-need-to-dith-the-mdm-thicket-1600x900@2x.png"
+ }
+ },
+ {
+ "url": "/announcements/happy-1st-anniversary-fleet",
+ "title": "Happy 1st anniversary Fleet",
+ "lastModifiedAt": 1726839805135,
+ "htmlId": "articles--happy-1st-anniversar--128480e14b",
+ "sectionRelativeRepoPath": "happy-1st-anniversary-fleet.md",
+ "meta": {
+ "category": "announcements",
+ "authorGitHubUsername": "mike-j-thomas",
+ "authorFullName": "Mike Thomas",
+ "publishedOn": "2021-10-08",
+ "articleTitle": "Happy 1st anniversary, Fleet.",
+ "articleImageUrl": "/images/articles/happy-1st-anniversary-fleet-cover-800x450@2x.png"
+ }
+ },
+ {
+ "url": "/securing/how-fleet-helps-federal-agencies-meet-cisa-bod-23-01",
+ "title": "How Fleet helps federal agencies meet cisa bod 23 01",
+ "lastModifiedAt": 1726839805136,
+ "htmlId": "articles--how-fleet-helps-fede--82d74da10e",
+ "sectionRelativeRepoPath": "how-fleet-helps-federal-agencies-meet-cisa-bod-23-01.md",
+ "meta": {
+ "category": "security",
+ "authorFullName": "Chris McGillicuddy",
+ "authorGitHubUsername": "chris-mcgillicuddy",
+ "publishedOn": "2022-10-28",
+ "articleTitle": "How Fleet helps federal agencies meet CISA BOD 23-01",
+ "articleImageUrl": "/images/articles/BOD-23-01-800x450@2x.jpg"
+ }
+ },
+ {
+ "url": "/securing/how-osquery-can-help-cyber-responders",
+ "title": "How osquery can help cyber responders",
+ "lastModifiedAt": 1726839805138,
+ "htmlId": "articles--how-osquery-can-help--eca2df006d",
+ "sectionRelativeRepoPath": "how-osquery-can-help-cyber-responders.md",
+ "meta": {
+ "category": "security",
+ "authorFullName": "JD Strong",
+ "authorGitHubUsername": "spokanemac",
+ "publishedOn": "2023-11-02",
+ "articleTitle": "How osquery can help cyber responders.",
+ "articleImageUrl": "/images/articles/osquery-for-cyber-responders-1600x900@2x.png"
+ }
+ },
+ {
+ "url": "/guides/how-to-configure-logging-destinations",
+ "title": "How to configure logging destinations",
+ "lastModifiedAt": 1726839805139,
+ "htmlId": "articles--how-to-configure-log--e7ef58a2dc",
+ "sectionRelativeRepoPath": "how-to-configure-logging-destinations.md",
+ "meta": {
+ "category": "guides",
+ "authorFullName": "Grant Bilstad",
+ "authorGitHubUsername": "pacamaster",
+ "publishedOn": "2024-06-28",
+ "articleTitle": "How to configure logging destinations",
+ "articleImageUrl": "/images/articles/how-to-configure-logging-destinations-1600x900@2x.jpg"
+ }
+ },
+ {
+ "url": "/guides/how-to-install-osquery-and-enroll-linux-devices-into-fleet",
+ "title": "How to install osquery and enroll linux devices into Fleet",
+ "lastModifiedAt": 1726839805140,
+ "htmlId": "articles--how-to-install-osque--7ef1932c39",
+ "sectionRelativeRepoPath": "how-to-install-osquery-and-enroll-linux-devices-into-fleet.md",
+ "meta": {
+ "category": "guides",
+ "authorFullName": "Kathy Satterlee",
+ "authorGitHubUsername": "ksatter",
+ "publishedOn": "2022-03-19",
+ "articleTitle": "How to install osquery and enroll Linux devices into Fleet",
+ "articleImageUrl": "/images/articles/install-osquery-and-enroll-linux-devices-into-fleet-cover-1600x900@2x.jpg"
+ }
+ },
+ {
+ "url": "/guides/how-to-install-osquery-and-enroll-macos-devices-into-fleet",
+ "title": "How to install osquery and enroll macos devices into Fleet",
+ "lastModifiedAt": 1726839805142,
+ "htmlId": "articles--how-to-install-osque--9584297736",
+ "sectionRelativeRepoPath": "how-to-install-osquery-and-enroll-macos-devices-into-fleet.md",
+ "meta": {
+ "category": "guides",
+ "authorFullName": "Kelvin Omereshone",
+ "authorGitHubUsername": "dominuskelvin",
+ "publishedOn": "2022-01-13",
+ "articleTitle": "How to install osquery and enroll macOS devices into Fleet",
+ "articleImageUrl": "/images/articles/install-osquery-and-enroll-macos-devices-into-fleet-cover-1600x900@2x.jpg"
+ }
+ },
+ {
+ "url": "/guides/how-to-install-osquery-and-enroll-windows-devices-into-fleet",
+ "title": "How to install osquery and enroll windows devices into Fleet",
+ "lastModifiedAt": 1726839805143,
+ "htmlId": "articles--how-to-install-osque--65750e792f",
+ "sectionRelativeRepoPath": "how-to-install-osquery-and-enroll-windows-devices-into-fleet.md",
+ "meta": {
+ "category": "guides",
+ "authorFullName": "Kelvin Omereshone",
+ "authorGitHubUsername": "dominuskelvin",
+ "publishedOn": "2022-02-03",
+ "articleTitle": "How to install osquery and enroll Windows devices into Fleet",
+ "articleImageUrl": "/images/articles/install-osquery-and-enroll-windows-devices-into-fleet-cover-1600x900@2x.jpg"
+ }
+ },
+ {
+ "url": "/guides/how-to-uninstall-osquery",
+ "title": "How to uninstall osquery",
+ "lastModifiedAt": 1726839805143,
+ "htmlId": "articles--how-to-uninstall-osq--7455ca45fc",
+ "sectionRelativeRepoPath": "how-to-uninstall-osquery.md",
+ "meta": {
+ "category": "guides",
+ "authorFullName": "Eric Shaw",
+ "authorGitHubUsername": "eashaw",
+ "publishedOn": "2021-09-08",
+ "articleTitle": "How to uninstall osquery",
+ "articleImageUrl": "/images/articles/how-to-uninstall-osquery-cover-1600x900@2x.jpg"
+ }
+ },
+ {
+ "url": "/guides/import-and-export-queries-in-fleet",
+ "title": "Import and export queries in Fleet",
+ "lastModifiedAt": 1726839805144,
+ "htmlId": "articles--import-and-export-qu--44b09ee020",
+ "sectionRelativeRepoPath": "import-and-export-queries-in-fleet.md",
+ "meta": {
+ "category": "guides",
+ "authorGitHubUsername": "noahtalerman",
+ "authorFullName": "Noah Talerman",
+ "publishedOn": "2021-02-16",
+ "articleTitle": "Import and export queries in Fleet",
+ "articleImageUrl": "/images/articles/import-and-export-queries-in-Fleet-1600x900@2x.png"
+ }
+ },
+ {
+ "url": "/guides/install-vpp-apps-on-macos-using-fleet",
+ "title": "Install vpp apps on macos using Fleet",
+ "lastModifiedAt": 1726839805145,
+ "htmlId": "articles--install-vpp-apps-on---4e6a161ea8",
+ "sectionRelativeRepoPath": "install-vpp-apps-on-macos-using-fleet.md",
+ "meta": {
+ "articleTitle": "Install VPP apps on macOS, iOS, and iPadOS using Fleet",
+ "authorFullName": "Jahziel Villasana-Espinoza",
+ "authorGitHubUsername": "jahzielv",
+ "category": "guides",
+ "publishedOn": "2024-08-12",
+ "articleImageUrl": "/images/articles/install-vpp-apps-on-macos-using-fleet-1600x900@2x.png",
+ "description": "This guide will walk you through installing VPP apps on macOS, iOS, and iPadOS using Fleet."
+ }
+ },
+ {
+ "url": "/announcements/introducing-cross-platform-script-execution",
+ "title": "Introducing cross platform script execution",
+ "lastModifiedAt": 1726839805147,
+ "htmlId": "articles--introducing-cross-pl--f50031e3db",
+ "sectionRelativeRepoPath": "introducing-cross-platform-script-execution.md",
+ "meta": {
+ "category": "announcements",
+ "authorFullName": "JD Strong",
+ "authorGitHubUsername": "spokanemac",
+ "publishedOn": "2023-10-17",
+ "articleTitle": "Introducing cross-platform script execution",
+ "articleImageUrl": "/images/articles/introducing-cross-platform-script-execution-800x450@2x.png"
+ }
+ },
+ {
+ "url": "/announcements/introducing-fleet-ultimate",
+ "title": "Introducing Fleet ultimate",
+ "lastModifiedAt": 1726839805147,
+ "htmlId": "articles--introducing-fleet-ul--caba265ec4",
+ "sectionRelativeRepoPath": "introducing-fleet-ultimate.md",
+ "meta": {
+ "category": "announcements",
+ "authorGitHubUsername": "jarodreyes",
+ "authorFullName": "Jarod Reyes",
+ "publishedOn": "2023-02-20",
+ "articleTitle": "Introducing CIS benchmarks, managed-cloud hosting and custom calculator in the new Fleet Ultimate plan.",
+ "articleImageUrl": "/images/articles/happy-1st-anniversary-fleet-cover-800x450@2x.png"
+ }
+ },
+ {
+ "url": "/announcements/introducing-orbit-your-fleet-agent-manager",
+ "title": "Introducing orbit your Fleet agent manager",
+ "lastModifiedAt": 1726839805148,
+ "htmlId": "articles--introducing-orbit-yo--1de0ea07ab",
+ "sectionRelativeRepoPath": "introducing-orbit-your-fleet-agent-manager.md",
+ "meta": {
+ "category": "announcements",
+ "authorFullName": "Mo Zhu",
+ "authorGitHubUsername": "zhumo",
+ "publishedOn": "2022-08-18",
+ "articleTitle": "Introducing Orbit, your Fleet agent manager",
+ "articleImageUrl": "/images/articles/fleet-4.17.0-1-1600x900@2x.jpg"
+ }
+ },
+ {
+ "url": "/engineering/linux-vulnerability-detection-with-oval-and-fleet",
+ "title": "Linux vulnerability detection with oval and Fleet",
+ "lastModifiedAt": 1726839805150,
+ "htmlId": "articles--linux-vulnerability---0d4c8fd5ac",
+ "sectionRelativeRepoPath": "linux-vulnerability-detection-with-oval-and-fleet.md",
+ "meta": {
+ "category": "engineering",
+ "authorGitHubUsername": "juan-fdz-hawa",
+ "authorFullName": "Juan Fernandes",
+ "publishedOn": "2022-07-29",
+ "articleTitle": "Linux vulnerability detection with OVAL and Fleet",
+ "articleImageUrl": "/images/articles/linux-vulnerability-detection-with-oval-and-fleet-1600x900@2x.jpg"
+ }
+ },
+ {
+ "url": "/guides/locate-assets-with-osquery",
+ "title": "Locate assets with osquery",
+ "lastModifiedAt": 1726839805150,
+ "htmlId": "articles--locate-assets-with-o--764d2b5f55",
+ "sectionRelativeRepoPath": "locate-assets-with-osquery.md",
+ "meta": {
+ "category": "guides",
+ "authorGitHubUsername": "zwass",
+ "authorFullName": "Zach Wasserman",
+ "publishedOn": "2021-05-11",
+ "articleTitle": "Locate device assets in the event of an emergency.",
+ "articleImageUrl": "/images/articles/locate-assets-with-osquery-cover-700x393@2x.jpeg"
+ }
+ },
+ {
+ "url": "/guides/log-destinations",
+ "title": "Log destinations",
+ "lastModifiedAt": 1726839805152,
+ "htmlId": "articles--log-destinations--9bb62f5aa2",
+ "sectionRelativeRepoPath": "log-destinations.md",
+ "meta": {
+ "category": "guides",
+ "authorGitHubUsername": "rachaelshaw",
+ "authorFullName": "Rachael Shaw",
+ "publishedOn": "2023-11-02",
+ "articleTitle": "Log destinations",
+ "description": "Learn about supported log destinations in Fleet, including Amazon Kinesis, AWS Lambda Snowflake, Splunk, and more."
+ }
+ },
+ {
+ "url": "/securing/lossless-yubikeys-with-yubitrak-and-airtag",
+ "title": "Lossless yubikeys with yubitrak and airtag",
+ "lastModifiedAt": 1726839805153,
+ "htmlId": "articles--lossless-yubikeys-wi--b260bfc20a",
+ "sectionRelativeRepoPath": "lossless-yubiKeys-with-yubitrak-and-airtag.md",
+ "meta": {
+ "category": "security",
+ "authorGitHubUsername": "GuillaumeRoss",
+ "authorFullName": "Guillaume Ross",
+ "publishedOn": "2022-06-16",
+ "articleTitle": "Lossless YubiKeys with Yubitrak and AirTag",
+ "articleImageUrl": "/images/articles/lossless-yubikeys-with-yubitrak-and-airtag-cover-1600x900@2x.jpg"
+ }
+ },
+ {
+ "url": "/guides/macos-mdm-setup",
+ "title": "Macos mdm setup",
+ "lastModifiedAt": 1726839805154,
+ "htmlId": "articles--macos-mdm-setup--66538706f5",
+ "sectionRelativeRepoPath": "macos-mdm-setup.md",
+ "meta": {
+ "category": "guides",
+ "authorGitHubUsername": "zhumo",
+ "authorFullName": "Mo Zhu",
+ "publishedOn": "2024-07-02",
+ "articleTitle": "macOS MDM setup",
+ "description": "Learn how to turn on MDM features in Fleet."
+ }
+ },
+ {
+ "url": "/guides/macos-setup-experience",
+ "title": "Macos setup experience",
+ "lastModifiedAt": 1726839805155,
+ "htmlId": "articles--macos-setup-experien--cca7e9e073",
+ "sectionRelativeRepoPath": "macos-setup-experience.md",
+ "meta": {
+ "category": "guides",
+ "authorGitHubUsername": "noahtalerman",
+ "authorFullName": "Noah Talerman",
+ "publishedOn": "2024-07-03",
+ "articleTitle": "macOS setup experience",
+ "description": "Customize your macOS setup experience with Fleet Premium by managing user authentication, Setup Assistant panes, and installing bootstrap packages."
+ }
+ },
+ {
+ "url": "/guides/managing-labels-in-fleet",
+ "title": "Managing labels in Fleet",
+ "lastModifiedAt": 1726839805156,
+ "htmlId": "articles--managing-labels-in-f--b2e5aed976",
+ "sectionRelativeRepoPath": "managing-labels-in-fleet.md",
+ "meta": {
+ "articleTitle": "Managing labels in Fleet",
+ "authorFullName": "JD Strong",
+ "authorGitHubUsername": "spokanemac",
+ "category": "guides",
+ "publishedOn": "2024-07-18",
+ "articleImageUrl": "/images/articles/managing-labels-in-fleet-1600x900@2x.png",
+ "description": "This guide will walk you through managing labels using the Fleet web UI."
+ }
+ },
+ {
+ "url": "/securing/mapping-fleet-and-osquery-results-to-the-mitre-attck-framework-via-splunk",
+ "title": "Mapping Fleet and osquery results to the mitre attck framework via splunk",
+ "lastModifiedAt": 1726839805157,
+ "htmlId": "articles--mapping-fleet-and-os--7ee9249dc4",
+ "sectionRelativeRepoPath": "mapping-fleet-and-osquery-results-to-the-mitre-attck-framework-via-splunk.md",
+ "meta": {
+ "category": "security",
+ "authorFullName": "Dave Herder",
+ "authorGitHubUsername": "dherder",
+ "publishedOn": "2023-01-30",
+ "articleTitle": "Mapping Fleet and osquery results to the MITRE ATT&CK® framework via Splunk",
+ "articleImageUrl": "/images/articles/mapping-fleet-and-osquery-results-to-the-mitre-attck-framework-via-splunk-1600x900@2x.png"
+ }
+ },
+ {
+ "url": "/guides/mdm-commands",
+ "title": "Mdm commands",
+ "lastModifiedAt": 1726839805158,
+ "htmlId": "articles--mdm-commands--8de440c455",
+ "sectionRelativeRepoPath": "mdm-commands.md",
+ "meta": {
+ "category": "guides",
+ "authorGitHubUsername": "noahtalerman",
+ "authorFullName": "Noah Talerman",
+ "publishedOn": "2024-06-12",
+ "articleTitle": "MDM commands",
+ "description": "Learn how to run custom MDM commands on hosts using Fleet."
+ }
+ },
+ {
+ "url": "/guides/mdm-migration",
+ "title": "Mdm migration",
+ "lastModifiedAt": 1726839805159,
+ "htmlId": "articles--mdm-migration--a500f61869",
+ "sectionRelativeRepoPath": "mdm-migration.md",
+ "meta": {
+ "category": "guides",
+ "authorGitHubUsername": "zhumo",
+ "authorFullName": "Mo Zhu",
+ "publishedOn": "2024-08-14",
+ "articleTitle": "MDM migration",
+ "description": "Instructions for migrating hosts away from an old MDM solution to Fleet."
+ }
+ },
+ {
+ "url": "/announcements/nvd-api-2.0",
+ "title": "Nvd API 2.0",
+ "lastModifiedAt": 1726839805160,
+ "htmlId": "articles--nvd-api-20--a754d441c3",
+ "sectionRelativeRepoPath": "nvd-api-2.0.md",
+ "meta": {
+ "category": "announcements",
+ "authorFullName": "JD Strong",
+ "authorGitHubUsername": "spokanemac",
+ "publishedOn": "2023-11-28",
+ "articleTitle": "NVD API 2.0: An important update for Fleet users",
+ "articleImageUrl": "/images/articles/nvd-api-2.0-1600x900@2x.jpg"
+ }
+ },
+ {
+ "url": "/securing/optimizing-government-cybersecurity-strategies",
+ "title": "Optimizing government cybersecurity strategies",
+ "lastModifiedAt": 1726839805161,
+ "htmlId": "articles--optimizing-governmen--78189d23a6",
+ "sectionRelativeRepoPath": "optimizing-government-cybersecurity-strategies.md",
+ "meta": {
+ "category": "security",
+ "authorFullName": "Keith Barnes",
+ "authorGitHubUsername": "KAB703",
+ "publishedOn": "2023-11-14",
+ "articleTitle": "Optimizing government cybersecurity strategies with Fleet.",
+ "articleImageUrl": "/images/articles/optimizing-government-cybersecurity-strategies-1600x900@2x.png"
+ }
+ },
+ {
+ "url": "/releases/osquery-5.11.0",
+ "title": "Osquery 5.11.0",
+ "lastModifiedAt": 1726839805162,
+ "htmlId": "articles--osquery-5110--5af6435495",
+ "sectionRelativeRepoPath": "osquery-5.11.0.md",
+ "meta": {
+ "category": "releases",
+ "authorFullName": "JD Strong",
+ "authorGitHubUsername": "spokanemac",
+ "publishedOn": "2024-02-16",
+ "articleTitle": "osquery 5.11.0 | VSCode, Apple silicon, and more",
+ "articleImageUrl": "/images/articles/osquery-5.11.0-cover-1600x900@2x.png"
+ }
+ },
+ {
+ "url": "/guides/osquery-a-tool-to-easily-ask-questions-about-operating-systems",
+ "title": "Osquery a tool to easily ask questions about operating systems",
+ "lastModifiedAt": 1726839805163,
+ "htmlId": "articles--osquery-a-tool-to-ea--424e2ed801",
+ "sectionRelativeRepoPath": "osquery-a-tool-to-easily-ask-questions-about-operating-systems.md",
+ "meta": {
+ "category": "guides",
+ "authorGitHubUsername": "dominuskelvin",
+ "authorFullName": "Kelvin Omereshone",
+ "publishedOn": "2022-04-04",
+ "articleTitle": "Osquery: a tool to easily ask questions about operating systems",
+ "articleImageUrl": "/images/articles/osquery-a-tool-to-easily-ask-questions-about-operating-systems-cover-1600x900@2x.jpg"
+ }
+ },
+ {
+ "url": "/securing/osquery-as-a-threat-hunting-platform",
+ "title": "Osquery as a threat hunting platform",
+ "lastModifiedAt": 1726839805164,
+ "htmlId": "articles--osquery-as-a-threat---d96a59f1dd",
+ "sectionRelativeRepoPath": "osquery-as-a-threat-hunting-platform.md",
+ "meta": {
+ "category": "security",
+ "authorFullName": "Chris McGillicuddy",
+ "authorGitHubUsername": "chris-mcgillicuddy",
+ "publishedOn": "2022-09-16",
+ "articleTitle": "Osquery… as a threat hunting platform?",
+ "articleImageUrl": "/images/articles/osquery-for-threat-hunting-1600x900@2x.jpg"
+ }
+ },
+ {
+ "url": "/guides/osquery-consider-joining-against-the-users-table",
+ "title": "Osquery consider joining against the users table",
+ "lastModifiedAt": 1726839805165,
+ "htmlId": "articles--osquery-consider-joi--b99ae264e4",
+ "sectionRelativeRepoPath": "osquery-consider-joining-against-the-users-table.md",
+ "meta": {
+ "category": "guides",
+ "authorGitHubUsername": "zwass",
+ "authorFullName": "Zach Wasserman",
+ "publishedOn": "2021-05-06",
+ "articleTitle": "Osquery: Consider joining against the users table",
+ "articleImageUrl": "/images/articles/osquery-consider-joining-against-the-users-table-cover-700x437@2x.jpeg"
+ }
+ },
+ {
+ "url": "/releases/osquery-5.8.1",
+ "title": "Osquery 5.8.1",
+ "lastModifiedAt": 1726839805166,
+ "htmlId": "articles--osquery-581--5d3dced550",
+ "sectionRelativeRepoPath": "osquery-5.8.1.md",
+ "meta": {
+ "category": "releases",
+ "authorFullName": "JD Strong",
+ "authorGitHubUsername": "spokanemac",
+ "publishedOn": "2023-03-14",
+ "articleTitle": "osquery 5.8.1 | Process auditing, stats, and additional tables",
+ "articleImageUrl": "/images/articles/osquery-5.8.1-cover-1600x900@2x.png"
+ }
+ },
+ {
+ "url": "/guides/osquery-evented-tables-overview",
+ "title": "Osquery evented tables overview",
+ "lastModifiedAt": 1726839805168,
+ "htmlId": "articles--osquery-evented-tabl--b9b1176562",
+ "sectionRelativeRepoPath": "osquery-evented-tables-overview.md",
+ "meta": {
+ "articleTitle": "How to use osquery evented tables",
+ "authorFullName": "Mo Zhu",
+ "authorGitHubUsername": "zhumo",
+ "category": "guides",
+ "publishedOn": "2022-09-21"
+ }
+ },
+ {
+ "url": "/securing/osquery-vulnerability-management-at-scale",
+ "title": "Osquery vulnerability management at scale",
+ "lastModifiedAt": 1726839805169,
+ "htmlId": "articles--osquery-vulnerabilit--cac605ad18",
+ "sectionRelativeRepoPath": "osquery-vulnerability-management-at-scale.md",
+ "meta": {
+ "category": "security",
+ "authorFullName": "Chris McGillicuddy",
+ "authorGitHubUsername": "chris-mcgillicuddy",
+ "publishedOn": "2022-10-05",
+ "articleTitle": "Vulnerability management at scale: a presentation from osquery Co-creator Zach Wasserman",
+ "articleImageUrl": "/images/articles/vulnerability-management-at-scale-with-osquery_800x450@2x.jpg"
+ }
+ },
+ {
+ "url": "/guides/osquery-watchdog",
+ "title": "Osquery watchdog",
+ "lastModifiedAt": 1726839805170,
+ "htmlId": "articles--osquery-watchdog--6a195970e0",
+ "sectionRelativeRepoPath": "osquery-watchdog.md",
+ "meta": {
+ "category": "guides",
+ "authorGitHubUsername": "juan-fdz-hawa",
+ "authorFullName": "Juan Fernandes",
+ "publishedOn": "2023-07-28",
+ "articleTitle": "Osquery watchdog",
+ "description": "Learn about how osquery process manages child processes and managed extensions in Fleet."
+ }
+ },
+ {
+ "url": "/announcements/psu-macadmins-conference-2023",
+ "title": "Psu macadmins conference 2023",
+ "lastModifiedAt": 1726839805171,
+ "htmlId": "articles--psu-macadmins-confer--175629dfbd",
+ "sectionRelativeRepoPath": "psu-macadmins-conference-2023.md",
+ "meta": {
+ "category": "announcements",
+ "authorGitHubUsername": "spokanemac",
+ "authorFullName": "JD Strong",
+ "publishedOn": "2023-07-13",
+ "articleTitle": "Mac admins summer camp ⛺ at PSU MacAdmins Conference 2023",
+ "articleImageUrl": "/images/articles/psu-macadmins-conference-2023@2x.png",
+ "description": "A look ahead to PSU MacAdmin Conference July 18-21, 2023"
+ }
+ },
+ {
+ "url": "/guides/puppet-module",
+ "title": "Puppet module",
+ "lastModifiedAt": 1726839805172,
+ "htmlId": "articles--puppet-module--c01ecdf2b6",
+ "sectionRelativeRepoPath": "puppet-module.md",
+ "meta": {
+ "category": "guides",
+ "authorGitHubUsername": "noahtalerman",
+ "authorFullName": "Noah Talerman",
+ "publishedOn": "2024-05-24",
+ "articleTitle": "Puppet module",
+ "description": "Learn how to use Fleet's Puppet module to automatically assign custom configuration profiles on your macOS hosts."
+ }
+ },
+ {
+ "url": "/guides/queries",
+ "title": "Queries",
+ "lastModifiedAt": 1726839805173,
+ "htmlId": "articles--queries--ce5c1e3c99",
+ "sectionRelativeRepoPath": "queries.md",
+ "meta": {
+ "category": "guides",
+ "authorGitHubUsername": "noahtalerman",
+ "authorFullName": "Noah Talerman",
+ "publishedOn": "2024-08-09",
+ "articleTitle": "Queries",
+ "description": "Learn how to create, run, and schedule queries, as well as update agent options in the Fleet user interface."
+ }
+ },
+ {
+ "url": "/guides/querying-process-file-events-table-on-centos-7",
+ "title": "Querying process file events table on centos 7",
+ "lastModifiedAt": 1726839805174,
+ "htmlId": "articles--querying-process-fil--5587f39199",
+ "sectionRelativeRepoPath": "querying-process-file-events-table-on-centos-7.md",
+ "meta": {
+ "articleTitle": "Querying process_file_events on CentOS 7",
+ "description": "Learn how to configure and query the process_file_events table on CentOS 7 with Fleet.",
+ "category": "guides",
+ "authorGitHubUsername": "lucasmrod",
+ "authorFullName": "Lucas Rodriguez",
+ "publishedOn": "2023-07-17"
+ }
+ },
+ {
+ "url": "/guides/role-based-access",
+ "title": "Role based access",
+ "lastModifiedAt": 1726839805177,
+ "htmlId": "articles--role-based-access--92a94667b2",
+ "sectionRelativeRepoPath": "role-based-access.md",
+ "meta": {
+ "category": "guides",
+ "authorGitHubUsername": "noahtalerman",
+ "authorFullName": "Noah Talerman",
+ "publishedOn": "2024-08-10",
+ "articleTitle": "Role-based access",
+ "description": "Learn about the different roles and permissions in Fleet."
+ }
+ },
+ {
+ "url": "/engineering/saving-over-100x-on-egress-switching-from-aws-to-hetzner",
+ "title": "Saving over 100x on egress switching from aws to hetzner",
+ "lastModifiedAt": 1726839805179,
+ "htmlId": "articles--saving-over-100x-on---a46f112fc0",
+ "sectionRelativeRepoPath": "saving-over-100x-on-egress-switching-from-aws-to-hetzner.md",
+ "meta": {
+ "category": "engineering",
+ "authorGitHubUsername": "zwass",
+ "authorFullName": "Zach Wasserman",
+ "publishedOn": "2022-01-25",
+ "articleTitle": "Saving over 100x on egress switching from AWS to Hetzner",
+ "articleImageUrl": "/images/articles/saving-over-100x-on-egress-switching-from-aws-to-hetzner-cover-1600x900@2x.jpg"
+ }
+ },
+ {
+ "url": "/guides/scripts",
+ "title": "Scripts",
+ "lastModifiedAt": 1726839805179,
+ "htmlId": "articles--scripts--3a91ba655e",
+ "sectionRelativeRepoPath": "scripts.md",
+ "meta": {
+ "category": "guides",
+ "authorGitHubUsername": "noahtalerman",
+ "authorFullName": "Noah Talerman",
+ "publishedOn": "2024-06-04",
+ "articleTitle": "Scripts",
+ "description": "Learn how to execute a custom script on macOS, Windows, and Linux hosts in Fleet."
+ }
+ },
+ {
+ "url": "/guides/seamless-mdm-migration",
+ "title": "Seamless mdm migration",
+ "lastModifiedAt": 1726839805182,
+ "htmlId": "articles--seamless-mdm-migrati--f0abcf2f23",
+ "sectionRelativeRepoPath": "seamless-mdm-migration.md",
+ "meta": {
+ "category": "guides",
+ "authorFullName": "Zach Wasserman",
+ "authorGitHubUsername": "zwass",
+ "publishedOn": "2024-08-08",
+ "articleTitle": "Seamless MDM migrations to Fleet",
+ "articleImageUrl": "/images/articles/seamless-mdm-migration-1600x900@2x.png",
+ "description": "This guide provides a process for seamlessly migrating macOS devices from an existing MDM solution to Fleet."
+ }
+ },
+ {
+ "url": "/announcements/seattle-bellevue-cyber-security-summit-march-8-2023",
+ "title": "Seattle bellevue cyber security summit march 8 2023",
+ "lastModifiedAt": 1726839805183,
+ "htmlId": "articles--seattle-bellevue-cyb--3b5ca28169",
+ "sectionRelativeRepoPath": "seattle-bellevue-cyber-security-summit-march-8-2023.md",
+ "meta": {
+ "category": "announcements",
+ "authorGitHubUsername": "spokanemac",
+ "authorFullName": "JD Strong",
+ "publishedOn": "2023-03-02",
+ "articleTitle": "Join Fleet at Cyber Security Summit Seattle/Bellevue",
+ "articleImageUrl": "/images/articles/seattle-bellevue-cyber-security-summit-social-post-1200x628@2x.png"
+ }
+ },
+ {
+ "url": "/securing/security-testing-at-fleet-fleet-pentest",
+ "title": "Security testing at Fleet Fleet pentest",
+ "lastModifiedAt": 1726839805184,
+ "htmlId": "articles--security-testing-at---106e7f1999",
+ "sectionRelativeRepoPath": "security-testing-at-fleet-fleet-pentest.md",
+ "meta": {
+ "category": "security",
+ "authorGitHubUsername": "GuillaumeRoss",
+ "authorFullName": "Guillaume Ross",
+ "publishedOn": "2022-05-10",
+ "articleTitle": "Penetration testing of Fleet (April 2022)",
+ "articleImageUrl": "/images/articles/security-testing-at-fleet-fleet-pentest-cover-1600x900@2x.jpg"
+ }
+ },
+ {
+ "url": "/securing/security-testing-at-fleet-orbit-auto-updater-audit",
+ "title": "Security testing at Fleet orbit auto updater audit",
+ "lastModifiedAt": 1726839805185,
+ "htmlId": "articles--security-testing-at---f487015e45",
+ "sectionRelativeRepoPath": "security-testing-at-fleet-orbit-auto-updater-audit.md",
+ "meta": {
+ "category": "security",
+ "authorGitHubUsername": "GuillaumeRoss",
+ "authorFullName": "Guillaume Ross",
+ "publishedOn": "2022-03-30",
+ "articleTitle": "Security testing at Fleet/Orbit auto-updater audit",
+ "articleImageUrl": "/images/articles/security-testing-at-fleet-orbit-auto-updater-audit-cover-1600x900@2x.jpg"
+ }
+ },
+ {
+ "url": "/guides/software-self-service",
+ "title": "Software self service",
+ "lastModifiedAt": 1726839805186,
+ "htmlId": "articles--software-self-servic--9047e7f63d",
+ "sectionRelativeRepoPath": "software-self-service.md",
+ "meta": {
+ "articleTitle": "Software self-service",
+ "authorFullName": "Jahziel Villasana-Espinoza",
+ "authorGitHubUsername": "jahzielv",
+ "category": "guides",
+ "publishedOn": "2024-08-06",
+ "articleImageUrl": "/images/articles/software-self-service-1600x900@2x.png",
+ "description": "This guide will walk you through adding apps to Fleet for user self-service."
+ }
+ },
+ {
+ "url": "/guides/standard-query-library",
+ "title": "Standard query library",
+ "lastModifiedAt": 1726839805187,
+ "htmlId": "articles--standard-query-libra--dccfaa84b4",
+ "sectionRelativeRepoPath": "standard-query-library.md",
+ "meta": {
+ "category": "guides",
+ "authorGitHubUsername": "noahtalerman",
+ "authorFullName": "Noah Talerman",
+ "publishedOn": "2024-04-04",
+ "articleTitle": "Standard query library",
+ "description": "Learn how to use and contribute to Fleet's standard query library."
+ }
+ },
+ {
+ "url": "/report/state-of-device-management",
+ "title": "State of device management",
+ "lastModifiedAt": 1726839805187,
+ "htmlId": "articles--state-of-device-mana--f6254cc69c",
+ "sectionRelativeRepoPath": "state-of-device-management.md",
+ "meta": {
+ "category": "report",
+ "authorFullName": "Mike McNeil",
+ "authorGitHubUsername": "mikermcneil",
+ "publishedOn": "2022-07-07",
+ "articleTitle": "State of Device Management report 2022",
+ "articleImageUrl": "/images/articles/state-of-device-management-report-1600x900@2x.png"
+ }
+ },
+ {
+ "url": "/securing/stay-on-course-with-your-security-compliance-goals",
+ "title": "Stay on course with your security compliance goals",
+ "lastModifiedAt": 1726839805188,
+ "htmlId": "articles--stay-on-course-with---a487f310dc",
+ "sectionRelativeRepoPath": "stay-on-course-with-your-security-compliance-goals.md",
+ "meta": {
+ "category": "security",
+ "authorFullName": "Chris McGillicuddy",
+ "authorGitHubUsername": "chris-mcgillicuddy",
+ "publishedOn": "2022-07-18",
+ "articleTitle": "Stay on course with your security compliance goals",
+ "articleImageUrl": "/images/articles/security-compliance-goals-cover-800x450@2x.jpg"
+ }
+ },
+ {
+ "url": "/guides/sysadmin-diaries-device-enrollment",
+ "title": "Sysadmin diaries device enrollment",
+ "lastModifiedAt": 1726839805189,
+ "htmlId": "articles--sysadmin-diaries-dev--abfda23f04",
+ "sectionRelativeRepoPath": "sysadmin-diaries-device-enrollment.md",
+ "meta": {
+ "articleTitle": "Sysadmin diaries: device enrollment",
+ "authorFullName": "JD Strong",
+ "authorGitHubUsername": "spokanemac",
+ "category": "guides",
+ "publishedOn": "2024-05-03",
+ "articleImageUrl": "/images/articles/sysadmin-diaries-1600x900@2x.png",
+ "description": "In this sysadmin diary, we explore a the differences in device enrollment."
+ }
+ },
+ {
+ "url": "/guides/sysadmin-diaries-exporting-policies",
+ "title": "Sysadmin diaries exporting policies",
+ "lastModifiedAt": 1726839805190,
+ "htmlId": "articles--sysadmin-diaries-exp--a101d98c97",
+ "sectionRelativeRepoPath": "sysadmin-diaries-exporting-policies.md",
+ "meta": {
+ "articleTitle": "Sysadmin diaries: exporting policies",
+ "authorFullName": "JD Strong",
+ "authorGitHubUsername": "spokanemac",
+ "category": "guides",
+ "publishedOn": "2024-06-28",
+ "articleImageUrl": "/images/articles/sysadmin-diaries-1600x900@2x.png",
+ "description": "In this sysadmin diary, we explore extracting existing policies to enable gitops."
+ }
+ },
+ {
+ "url": "/guides/sysadmin-diaries-lost-device",
+ "title": "Sysadmin diaries lost device",
+ "lastModifiedAt": 1726839805191,
+ "htmlId": "articles--sysadmin-diaries-los--3bcb909203",
+ "sectionRelativeRepoPath": "sysadmin-diaries-lost-device.md",
+ "meta": {
+ "articleTitle": "Sysadmin diaries: lost device",
+ "authorFullName": "JD Strong",
+ "authorGitHubUsername": "spokanemac",
+ "category": "guides",
+ "publishedOn": "2024-07-09",
+ "articleImageUrl": "/images/articles/sysadmin-diaries-1600x900@2x.png",
+ "description": "In this sysadmin diary, we explore what actions can be taken with Fleet when a device is lost."
+ }
+ },
+ {
+ "url": "/guides/sysadmin-diaries-passcode-profiles",
+ "title": "Sysadmin diaries passcode profiles",
+ "lastModifiedAt": 1726839805192,
+ "htmlId": "articles--sysadmin-diaries-pas--883471875d",
+ "sectionRelativeRepoPath": "sysadmin-diaries-passcode-profiles.md",
+ "meta": {
+ "articleTitle": "Sysadmin diaries: passcode profiles",
+ "authorFullName": "JD Strong",
+ "authorGitHubUsername": "spokanemac",
+ "category": "guides",
+ "publishedOn": "2024-04-01",
+ "articleImageUrl": "/images/articles/sysadmin-diaries-1600x900@2x.png",
+ "description": "In this sysadmin diary, we explore a missapplied passcode policy."
+ }
+ },
+ {
+ "url": "/guides/sysadmin-diaries-restoring-fleetd",
+ "title": "Sysadmin diaries restoring fleetd",
+ "lastModifiedAt": 1726839805193,
+ "htmlId": "articles--sysadmin-diaries-res--96c547e138",
+ "sectionRelativeRepoPath": "sysadmin-diaries-restoring-fleetd.md",
+ "meta": {
+ "articleTitle": "Sysadmin diaries: restoring fleetd",
+ "authorFullName": "JD Strong",
+ "authorGitHubUsername": "spokanemac",
+ "category": "guides",
+ "publishedOn": "2024-06-14",
+ "articleImageUrl": "/images/articles/sysadmin-diaries-1600x900@2x.png",
+ "description": "In this sysadmin diary, we explore restoring fleetd deleted by a surly employee."
+ }
+ },
+ {
+ "url": "/securing/tales-from-fleet-security-github-configuration-and-openssf-scorecards",
+ "title": "Tales from Fleet security github configuration and openssf scorecards",
+ "lastModifiedAt": 1726839805194,
+ "htmlId": "articles--tales-from-fleet-sec--035c3d6474",
+ "sectionRelativeRepoPath": "tales-from-fleet-security-github-configuration-and-openssf-scorecards.md",
+ "meta": {
+ "category": "security",
+ "authorFullName": "Guillaume Ross",
+ "authorGitHubUsername": "GuillaumeRoss",
+ "publishedOn": "2022-04-15",
+ "articleTitle": "Tales from Fleet security: GitHub configuration and OpenSSF Scorecards",
+ "articleImageUrl": "/images/articles/tales-from-fleet-security-github-configuration-and-openssf-scorecards-cover-1600x900@2x.jpg"
+ }
+ },
+ {
+ "url": "/securing/tales-from-fleet-security-google-groups-scams",
+ "title": "Tales from Fleet security google groups scams",
+ "lastModifiedAt": 1726839805195,
+ "htmlId": "articles--tales-from-fleet-sec--841598a71f",
+ "sectionRelativeRepoPath": "tales-from-fleet-security-google-groups-scams.md",
+ "meta": {
+ "category": "security",
+ "authorFullName": "Guillaume Ross",
+ "authorGitHubUsername": "GuillaumeRoss",
+ "publishedOn": "2022-08-05",
+ "articleTitle": "Tales from Fleet security: scams targeting Google Groups",
+ "articleImageUrl": "/images/articles/tales-from-fleet-security-google-groups-scams-cover-1600x900@2x.jpg"
+ }
+ },
+ {
+ "url": "/securing/tales-from-fleet-security-securing-1password",
+ "title": "Tales from Fleet security securing 1password",
+ "lastModifiedAt": 1726839805196,
+ "htmlId": "articles--tales-from-fleet-sec--d172f39898",
+ "sectionRelativeRepoPath": "tales-from-fleet-security-securing-1password.md",
+ "meta": {
+ "category": "security",
+ "authorFullName": "Guillaume Ross",
+ "authorGitHubUsername": "GuillaumeRoss",
+ "publishedOn": "2022-05-06",
+ "articleTitle": "Tales from Fleet security: securing 1Password",
+ "articleImageUrl": "/images/articles/tales-from-fleet-security-securing-1password-cover-1600x900@2x.jpg"
+ }
+ },
+ {
+ "url": "/securing/tales-from-fleet-security-securing-bank-accounts-from-business-email-compromise",
+ "title": "Tales from Fleet security securing bank accounts from business email compromise",
+ "lastModifiedAt": 1726839805198,
+ "htmlId": "articles--tales-from-fleet-sec--f60a0becab",
+ "sectionRelativeRepoPath": "tales-from-fleet-security-securing-bank-accounts-from-business-email-compromise.md",
+ "meta": {
+ "category": "security",
+ "authorFullName": "Guillaume Ross",
+ "authorGitHubUsername": "GuillaumeRoss",
+ "publishedOn": "2022-07-15",
+ "articleTitle": "Tales from Fleet security: securing bank accounts from business email compromise",
+ "articleImageUrl": "/images/articles/securing-bank-accounts-from-business-email-compromise-1600x900@2x.jpg"
+ }
+ },
+ {
+ "url": "/securing/tales-from-fleet-security-securing-google-workspace",
+ "title": "Tales from Fleet security securing google workspace",
+ "lastModifiedAt": 1726839805199,
+ "htmlId": "articles--tales-from-fleet-sec--72efc9f80f",
+ "sectionRelativeRepoPath": "tales-from-fleet-security-securing-google-workspace.md",
+ "meta": {
+ "category": "security",
+ "authorFullName": "Guillaume Ross",
+ "authorGitHubUsername": "GuillaumeRoss",
+ "publishedOn": "2022-03-25",
+ "articleTitle": "Tales from Fleet security: securing Google Workspace",
+ "articleImageUrl": "/images/articles/tales-from-fleet-security-securing-google-workspace-cover-1600x900@2x.jpg"
+ }
+ },
+ {
+ "url": "/securing/tales-from-fleet-security-securing-the-startup",
+ "title": "Tales from Fleet security securing the startup",
+ "lastModifiedAt": 1726839805200,
+ "htmlId": "articles--tales-from-fleet-sec--a25132f487",
+ "sectionRelativeRepoPath": "tales-from-fleet-security-securing-the-startup.md",
+ "meta": {
+ "category": "security",
+ "authorFullName": "Guillaume Ross",
+ "authorGitHubUsername": "GuillaumeRoss",
+ "publishedOn": "2022-03-17",
+ "articleTitle": "Tales from Fleet security: securing the startup",
+ "articleImageUrl": "/images/articles/tales-from-fleet-security-securing-the-startup-cover-1600x900@2x.jpg"
+ }
+ },
+ {
+ "url": "/securing/tales-from-fleet-security-soc2",
+ "title": "Tales from Fleet security soc2",
+ "lastModifiedAt": 1726839805202,
+ "htmlId": "articles--tales-from-fleet-sec--f537169e1e",
+ "sectionRelativeRepoPath": "tales-from-fleet-security-soc2.md",
+ "meta": {
+ "category": "security",
+ "authorGitHubUsername": "GuillaumeRoss",
+ "authorFullName": "Guillaume Ross",
+ "publishedOn": "2022-06-24",
+ "articleTitle": "Tales from Fleet security: how we achieved our SOC 2 type 1 rapidly",
+ "articleImageUrl": "/images/articles/tales-from-fleet-soc2-type1-report-cover-1600x900@2x.jpg"
+ }
+ },
+ {
+ "url": "/securing/tales-from-fleet-security-speeding-up-macos-updates-with-nudge",
+ "title": "Tales from Fleet security speeding up macos updates with nudge",
+ "lastModifiedAt": 1726839805203,
+ "htmlId": "articles--tales-from-fleet-sec--41bc496d3c",
+ "sectionRelativeRepoPath": "tales-from-fleet-security-speeding-up-macos-updates-with-nudge.md",
+ "meta": {
+ "category": "security",
+ "authorFullName": "Guillaume Ross",
+ "authorGitHubUsername": "GuillaumeRoss",
+ "publishedOn": "2022-07-05",
+ "articleTitle": "Tales from Fleet security: speeding up macOS updates with Nudge",
+ "articleImageUrl": "/images/articles/tales-from-fleet-nudge-cover-1600x900@2x.jpg"
+ }
+ },
+ {
+ "url": "/guides/teams",
+ "title": "Teams",
+ "lastModifiedAt": 1726839805204,
+ "htmlId": "articles--teams--a6aba53335",
+ "sectionRelativeRepoPath": "teams.md",
+ "meta": {
+ "category": "guides",
+ "authorGitHubUsername": "noahtalerman",
+ "authorFullName": "Noah Talerman",
+ "publishedOn": "2024-07-11",
+ "articleTitle": "Teams",
+ "description": "Learn how to group hosts in Fleet to apply specific queries, policies, and agent options using teams."
+ }
+ },
+ {
+ "url": "/announcements/the-device-security-tightrope-balancing-cost-and-protection-in-k-12-schools",
+ "title": "The device security tightrope balancing cost and protection in k 12 schools",
+ "lastModifiedAt": 1726839805205,
+ "htmlId": "articles--the-device-security---cba806f3e1",
+ "sectionRelativeRepoPath": "the-device-security-tightrope-balancing-cost-and-protection-in-K-12-schools.md",
+ "meta": {
+ "category": "announcements",
+ "authorFullName": "Keith Barnes",
+ "authorGitHubUsername": "KAB703",
+ "publishedOn": "2024-03-01",
+ "articleTitle": "The device security tightrope: balancing cost and protection in K-12 schools",
+ "articleImageUrl": "/images/articles/the-device-security-tightrope-balancing-cost-and-protection-in-K-12-schools-1600x900@2x.png"
+ }
+ },
+ {
+ "url": "/podcasts/the-future-of-device-management-ep1",
+ "title": "The future of device management ep1",
+ "lastModifiedAt": 1726839805207,
+ "htmlId": "articles--the-future-of-device--e424a67517",
+ "sectionRelativeRepoPath": "the-future-of-device-management-ep1.md",
+ "meta": {
+ "category": "podcasts",
+ "authorGitHubUsername": "zwass",
+ "authorFullName": "Zach Wasserman",
+ "publishedOn": "2022-06-06",
+ "articleTitle": "Future of device management episode 1",
+ "articleImageUrl": "/images/articles/future-of-device-management-ep1-cover-1600x900@2x.jpg"
+ }
+ },
+ {
+ "url": "/podcasts/the-future-of-device-management-ep2",
+ "title": "The future of device management ep2",
+ "lastModifiedAt": 1726839805208,
+ "htmlId": "articles--the-future-of-device--0b4ec299db",
+ "sectionRelativeRepoPath": "the-future-of-device-management-ep2.md",
+ "meta": {
+ "category": "podcasts",
+ "authorGitHubUsername": "zwass",
+ "authorFullName": "Zach Wasserman",
+ "publishedOn": "2022-06-30",
+ "articleTitle": "Future of device management episode 2",
+ "articleImageUrl": "/images/articles/future-of-device-management-ep2-cover-1600x900@2x.jpg"
+ }
+ },
+ {
+ "url": "/podcasts/the-future-of-device-management-ep3",
+ "title": "The future of device management ep3",
+ "lastModifiedAt": 1726839805209,
+ "htmlId": "articles--the-future-of-device--d7b8d1fbfe",
+ "sectionRelativeRepoPath": "the-future-of-device-management-ep3.md",
+ "meta": {
+ "category": "podcasts",
+ "authorGitHubUsername": "zwass",
+ "authorFullName": "Zach Wasserman",
+ "publishedOn": "2022-07-21",
+ "articleTitle": "Future of device management episode 3",
+ "articleImageUrl": "/images/articles/future-of-device-management-ep3-cover-1600x900@2x.jpg"
+ }
+ },
+ {
+ "url": "/podcasts/the-future-of-device-management-ep4",
+ "title": "The future of device management ep4",
+ "lastModifiedAt": 1726839805210,
+ "htmlId": "articles--the-future-of-device--bd6c88c590",
+ "sectionRelativeRepoPath": "the-future-of-device-management-ep4.md",
+ "meta": {
+ "category": "podcasts",
+ "authorGitHubUsername": "zwass",
+ "authorFullName": "Zach Wasserman",
+ "publishedOn": "2022-08-12",
+ "articleTitle": "Future of device management episode 4",
+ "articleImageUrl": "/images/articles/future-of-device-management-ep4-cover-1600x900@2x.jpg"
+ }
+ },
+ {
+ "url": "/podcasts/the-future-of-device-management-ep5",
+ "title": "The future of device management ep5",
+ "lastModifiedAt": 1726839805210,
+ "htmlId": "articles--the-future-of-device--c5ce4719fa",
+ "sectionRelativeRepoPath": "the-future-of-device-management-ep5.md",
+ "meta": {
+ "category": "podcasts",
+ "authorGitHubUsername": "zwass",
+ "authorFullName": "Zach Wasserman",
+ "publishedOn": "2022-09-01",
+ "articleTitle": "Future of device management episode 5",
+ "articleImageUrl": "/images/articles/future-of-device-management-ep5-cover-1600x900@2x.jpg"
+ }
+ },
+ {
+ "url": "/podcasts/the-future-of-device-management-ep6",
+ "title": "The future of device management ep6",
+ "lastModifiedAt": 1726839805211,
+ "htmlId": "articles--the-future-of-device--141153d341",
+ "sectionRelativeRepoPath": "the-future-of-device-management-ep6.md",
+ "meta": {
+ "category": "podcasts",
+ "authorGitHubUsername": "zwass",
+ "authorFullName": "Zach Wasserman",
+ "publishedOn": "2022-09-23",
+ "articleTitle": "Future of device management episode 6",
+ "articleImageUrl": "/images/articles/future-of-device-management-ep6-cover-1600x900@2x.jpg"
+ }
+ },
+ {
+ "url": "/podcasts/the-future-of-device-management-ep7",
+ "title": "The future of device management ep7",
+ "lastModifiedAt": 1726839805212,
+ "htmlId": "articles--the-future-of-device--52a1db0bde",
+ "sectionRelativeRepoPath": "the-future-of-device-management-ep7.md",
+ "meta": {
+ "category": "podcasts",
+ "authorGitHubUsername": "zwass",
+ "authorFullName": "Zach Wasserman",
+ "publishedOn": "2022-11-03",
+ "articleTitle": "Future of device management episode 7",
+ "articleImageUrl": "/images/articles/future-of-device-management-ep7-cover-1600x900@2x.jpg"
+ }
+ },
+ {
+ "url": "/guides/understanding-the-intricacies-of-fleet-policies",
+ "title": "Understanding the intricacies of Fleet policies",
+ "lastModifiedAt": 1726839805213,
+ "htmlId": "articles--understanding-the-in--edae4ca064",
+ "sectionRelativeRepoPath": "understanding-the-intricacies-of-fleet-policies.md",
+ "meta": {
+ "articleTitle": "Understanding the intricacies of Fleet policies",
+ "authorFullName": "Victor Lyuboslavsky",
+ "authorGitHubUsername": "getvictor",
+ "category": "guides",
+ "publishedOn": "2023-12-29",
+ "description": "Learn how Fleet policies work behind the scenes."
+ }
+ },
+ {
+ "url": "/guides/using-elasticsearch-and-kibana-to-visualize-osquery-performance",
+ "title": "Using elasticsearch and kibana to visualize osquery performance",
+ "lastModifiedAt": 1726839805215,
+ "htmlId": "articles--using-elasticsearch---55019ee35a",
+ "sectionRelativeRepoPath": "using-elasticsearch-and-kibana-to-visualize-osquery-performance.md",
+ "meta": {
+ "category": "guides",
+ "authorFullName": "Zach Wasserman",
+ "authorGitHubUsername": "zwass",
+ "publishedOn": "2021-05-26",
+ "articleTitle": "Using Elasticsearch and Kibana to visualize osquery performance",
+ "articleImageUrl": "/images/articles/using-elasticsearch-and-kibana-to-visualize-osquery-performance-cover-700x393@2x.jpeg"
+ }
+ },
+ {
+ "url": "/guides/using-fleet-and-okta-workflows-to-generate-a-daily-os-report",
+ "title": "Using Fleet and okta workflows to generate a daily os report",
+ "lastModifiedAt": 1726839805218,
+ "htmlId": "articles--using-fleet-and-okta--a4676a8577",
+ "sectionRelativeRepoPath": "using-fleet-and-okta-workflows-to-generate-a-daily-os-report.md",
+ "meta": {
+ "articleTitle": "Using Fleet and Okta Workflows to generate a daily OS report",
+ "authorFullName": "Harrison Ravazzolo",
+ "authorGitHubUsername": "harrisonravazzolo",
+ "category": "guides",
+ "publishedOn": "2023-05-09",
+ "articleImageUrl": "/images/articles/using-fleet-and-okta-workflows-to-generate-a-daily-os-report@2x.jpg",
+ "description": "Learn how to use Fleet to query device OS information through the Fleet REST API and automate daily Slack notifications using Okta Workflows."
+ }
+ },
+ {
+ "url": "/guides/using-fleet-and-tines-together",
+ "title": "Using Fleet and tines together",
+ "lastModifiedAt": 1726839805219,
+ "htmlId": "articles--using-fleet-and-tine--3606f85672",
+ "sectionRelativeRepoPath": "using-fleet-and-tines-together.md",
+ "meta": {
+ "category": "guides",
+ "authorFullName": "Dave Herder",
+ "authorGitHubUsername": "dherder",
+ "publishedOn": "2023-03-08",
+ "articleTitle": "Using Fleet and Tines together",
+ "articleImageUrl": "/images/articles/using-fleet-and-tines-together-1600x900@2x.png"
+ }
+ },
+ {
+ "url": "/guides/using-github-actions-to-apply-configuration-profiles-with-fleet",
+ "title": "Using github actions to apply configuration profiles with Fleet",
+ "lastModifiedAt": 1726839805220,
+ "htmlId": "articles--using-github-actions--d966ed0177",
+ "sectionRelativeRepoPath": "using-github-actions-to-apply-configuration-profiles-with-fleet.md",
+ "meta": {
+ "articleTitle": "Using GitHub Actions to apply configuration profiles with Fleet",
+ "authorFullName": "JD Strong",
+ "authorGitHubUsername": "spokanemac",
+ "category": "guides",
+ "publishedOn": "2023-05-31",
+ "articleImageUrl": "/images/articles/using-github-actions-to-apply-configuration-profiles-with-fleet@2x.jpg",
+ "description": "A guide on using GitHub Actions with Fleet for efficient and automated application of the latest configuration profiles for a GitOps workflow."
+ }
+ },
+ {
+ "url": "/securing/vulnerability-management-the-advantages-of-fleet-to-support-government-agencies",
+ "title": "Vulnerability management the advantages of Fleet to support government agencies",
+ "lastModifiedAt": 1726839805221,
+ "htmlId": "articles--vulnerability-manage--fae19ad566",
+ "sectionRelativeRepoPath": "vulnerability-management-the-advantages-of-fleet-to-support-government-agencies.md",
+ "meta": {
+ "category": "security",
+ "authorFullName": "Keith Barnes",
+ "authorGitHubUsername": "KAB703",
+ "publishedOn": "2023-12-26",
+ "articleTitle": "Vulnerability management: advantages of Fleet to support government agencies",
+ "articleImageUrl": "/images/articles/vulnerability-management-advantages-of-fleet-to-support-government-agencies-1600x900@2x.png"
+ }
+ },
+ {
+ "url": "/guides/vulnerability-processing",
+ "title": "Vulnerability processing",
+ "lastModifiedAt": 1726839805222,
+ "htmlId": "articles--vulnerability-proces--244a2b70ee",
+ "sectionRelativeRepoPath": "vulnerability-processing.md",
+ "meta": {
+ "category": "guides",
+ "authorGitHubUsername": "noahtalerman",
+ "authorFullName": "Noah Talerman",
+ "publishedOn": "2024-07-12",
+ "articleTitle": "Vulnerability processing",
+ "description": "Find out how Fleet detects vulnerabilities and what software it covers."
+ }
+ },
+ {
+ "url": "/guides/what-api-endpoints-to-expose-to-the-public-internet",
+ "title": "What API endpoints to expose to the public internet",
+ "lastModifiedAt": 1726839805223,
+ "htmlId": "articles--what-api-endpoints-t--cd0552d444",
+ "sectionRelativeRepoPath": "what-api-endpoints-to-expose-to-the-public-internet.md",
+ "meta": {
+ "category": "guides",
+ "authorGitHubUsername": "mike-j-thomas",
+ "authorFullName": "Mike Thomas",
+ "publishedOn": "2023-11-13",
+ "articleTitle": "Which API endpoints to expose to the public internet?"
+ }
+ },
+ {
+ "url": "/securing/what-are-fleet-policies",
+ "title": "What are Fleet policies",
+ "lastModifiedAt": 1726839805224,
+ "htmlId": "articles--what-are-fleet-polic--d8ca2da611",
+ "sectionRelativeRepoPath": "what-are-fleet-policies.md",
+ "meta": {
+ "category": "security",
+ "authorGitHubUsername": "Drew-P-drawers",
+ "authorFullName": "Andrew Baker",
+ "publishedOn": "2022-05-20",
+ "articleTitle": "What are Fleet policies?",
+ "articleImageUrl": "/images/articles/what-are-fleet-policies-cover-1600x900@2x.jpg"
+ }
+ },
+ {
+ "url": "/guides/windows-mdm-setup",
+ "title": "Windows mdm setup",
+ "lastModifiedAt": 1726839805226,
+ "htmlId": "articles--windows-mdm-setup--ebf4ebf0ba",
+ "sectionRelativeRepoPath": "windows-mdm-setup.md",
+ "meta": {
+ "articleTitle": "Windows MDM setup",
+ "authorFullName": "Noah Talerman",
+ "authorGitHubUsername": "noahtalerman",
+ "category": "guides",
+ "publishedOn": "2023-10-23",
+ "articleImageUrl": "/images/articles/windows-mdm-fleet-1600x900@2x.png",
+ "description": "Configuring Windows MDM in Fleet."
+ }
+ },
+ {
+ "url": "/guides/zero-trust-attestation-with-fleet",
+ "title": "Zero trust attestation with Fleet",
+ "lastModifiedAt": 1726839805227,
+ "htmlId": "articles--zero-trust-attestati--b892a54252",
+ "sectionRelativeRepoPath": "zero-trust-attestation-with-fleet.md",
+ "meta": {
+ "articleTitle": "How to use Fleet for zero trust attestation",
+ "authorFullName": "Mo Zhu",
+ "authorGitHubUsername": "zhumo",
+ "category": "guides",
+ "publishedOn": "2022-10-14",
+ "articleImageUrl": "/images/articles/fleet-for-zero-trust-attestation-800x450@2x.jpg"
+ }
+ },
+ {
+ "url": "/securing/work-may-be-watching-but-it-might-not-be-as-bad-as-you-think",
+ "title": "Work may be watching but it might not be as bad as you think",
+ "lastModifiedAt": 1726839805227,
+ "htmlId": "articles--work-may-be-watching--420e065d2f",
+ "sectionRelativeRepoPath": "work-may-be-watching-but-it-might-not-be-as-bad-as-you-think.md",
+ "meta": {
+ "category": "security",
+ "authorFullName": "Mike Thomas",
+ "authorGitHubUsername": "mike-j-thomas",
+ "publishedOn": "2021-10-22",
+ "articleTitle": "Work may be watching, but it might not be as bad as you think.",
+ "articleImageUrl": "/images/articles/work-may-be-watching-but-it-might-not-be-as-bad-as-you-think-cover-1600x900@2x.jpg"
+ }
+ },
+ {
+ "url": "/handbook/company/open-positions/software-engineer",
+ "title": "🚀 Software Engineer",
+ "lastModifiedAt": 1726839805228,
+ "htmlId": "handbook--software-engineer--be50029cfb",
+ "sectionRelativeRepoPath": "company/open-positions.yml",
+ "meta": {
+ "maintainedBy": "LukeHeath"
+ }
+ },
+ {
+ "url": "/handbook/company/open-positions/account-executive",
+ "title": "🐋 Account Executive",
+ "lastModifiedAt": 1726839805228,
+ "htmlId": "handbook--account-executive--d5def7dc8f",
+ "sectionRelativeRepoPath": "company/open-positions.yml",
+ "meta": {
+ "maintainedBy": "alexmitchelliii"
+ }
+ },
+ {
+ "url": "/tables/account_policy_data",
+ "title": "account_policy_data",
+ "htmlId": "table--accountpolicydata--31df68b22b",
+ "evented": false,
+ "platforms": [
+ "darwin"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "account_policy_data",
+ "creation_time",
+ "failed_login_count",
+ "failed_login_timestamp",
+ "password_last_set_time",
+ "uid"
+ ],
+ "sectionRelativeRepoPath": "account_policy_data",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/account_policy_data.yml"
+ },
+ {
+ "url": "/tables/ad_config",
+ "title": "ad_config",
+ "htmlId": "table--adconfig--39d2211d09",
+ "evented": false,
+ "platforms": [
+ "darwin"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "ad_config",
+ "domain",
+ "name",
+ "option",
+ "value"
+ ],
+ "sectionRelativeRepoPath": "ad_config",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/ad_config.yml"
+ },
+ {
+ "url": "/tables/alf",
+ "title": "alf",
+ "htmlId": "table--alf--4c28031b0f",
+ "evented": false,
+ "platforms": [
+ "darwin"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "alf",
+ "allow_signed_enabled",
+ "firewall_unload",
+ "global_state",
+ "logging_enabled",
+ "logging_option",
+ "stealth_enabled",
+ "version"
+ ],
+ "sectionRelativeRepoPath": "alf",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/alf.yml"
+ },
+ {
+ "url": "/tables/alf_exceptions",
+ "title": "alf_exceptions",
+ "htmlId": "table--alfexceptions--1fbd2a6157",
+ "evented": false,
+ "platforms": [
+ "darwin"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "alf_exceptions",
+ "path",
+ "state"
+ ],
+ "sectionRelativeRepoPath": "alf_exceptions",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/alf_exceptions.yml"
+ },
+ {
+ "url": "/tables/alf_explicit_auths",
+ "title": "alf_explicit_auths",
+ "htmlId": "table--alfexplicitauths--4b47436520",
+ "evented": false,
+ "platforms": [
+ "darwin"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "alf_explicit_auths",
+ "process"
+ ],
+ "sectionRelativeRepoPath": "alf_explicit_auths",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/alf_explicit_auths.yml"
+ },
+ {
+ "url": "/tables/apfs_physical_stores",
+ "title": "apfs_physical_stores",
+ "htmlId": "table--apfsphysicalstores--30af4e1d13",
+ "evented": false,
+ "platforms": [
+ "darwin"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "apfs_physical_stores",
+ "container_capacity_ceiling",
+ "container_capacity_free",
+ "container_designated_physical_store",
+ "container_fusion",
+ "container_reference",
+ "container_uuid",
+ "identifier",
+ "size",
+ "uuid"
+ ],
+ "sectionRelativeRepoPath": "apfs_physical_stores",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/apfs_physical_stores.yml"
+ },
+ {
+ "url": "/tables/apfs_volumes",
+ "title": "apfs_volumes",
+ "htmlId": "table--apfsvolumes--d8e8cc281d",
+ "evented": false,
+ "platforms": [
+ "darwin"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "apfs_volumes",
+ "capacity_in_use",
+ "capacity_quota",
+ "capacity_reserve",
+ "container_capacity_ceiling",
+ "container_capacity_free",
+ "container_designated_physical_store",
+ "container_fusion",
+ "container_reference",
+ "container_uuid",
+ "crypto_migration_on",
+ "device_identifier",
+ "encryption",
+ "filevault",
+ "locked",
+ "name",
+ "role",
+ "uuid"
+ ],
+ "sectionRelativeRepoPath": "apfs_volumes",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/apfs_volumes.yml"
+ },
+ {
+ "url": "/tables/app_icons",
+ "title": "app_icons",
+ "htmlId": "table--appicons--93bed0002f",
+ "evented": false,
+ "platforms": [
+ "darwin"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "app_icons",
+ "hash",
+ "icon",
+ "path"
+ ],
+ "sectionRelativeRepoPath": "app_icons",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/app_icons.yml"
+ },
+ {
+ "url": "/tables/app_schemes",
+ "title": "app_schemes",
+ "htmlId": "table--appschemes--e75c685f8d",
+ "evented": false,
+ "platforms": [
+ "darwin"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "app_schemes",
+ "enabled",
+ "external",
+ "handler",
+ "protected",
+ "scheme"
+ ],
+ "sectionRelativeRepoPath": "app_schemes",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/app_schemes.yml"
+ },
+ {
+ "url": "/tables/apparmor_events",
+ "title": "apparmor_events",
+ "htmlId": "table--apparmorevents--1b9b1af186",
+ "evented": true,
+ "platforms": [
+ "linux"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "apparmor_events",
+ "apparmor",
+ "capability",
+ "capname",
+ "comm",
+ "denied_mask",
+ "eid",
+ "error",
+ "fsuid",
+ "info",
+ "label",
+ "message",
+ "name",
+ "namespace",
+ "operation",
+ "ouid",
+ "parent",
+ "pid",
+ "profile",
+ "requested_mask",
+ "time",
+ "type",
+ "uptime"
+ ],
+ "sectionRelativeRepoPath": "apparmor_events",
+ "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fapparmor_events.yml&value=name%3A%20apparmor_events%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table."
+ },
+ {
+ "url": "/tables/apparmor_profiles",
+ "title": "apparmor_profiles",
+ "htmlId": "table--apparmorprofiles--49f0f69437",
+ "evented": false,
+ "platforms": [
+ "linux"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "apparmor_profiles",
+ "attach",
+ "mode",
+ "name",
+ "path",
+ "sha1"
+ ],
+ "sectionRelativeRepoPath": "apparmor_profiles",
+ "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fapparmor_profiles.yml&value=name%3A%20apparmor_profiles%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table."
+ },
+ {
+ "url": "/tables/appcompat_shims",
+ "title": "appcompat_shims",
+ "htmlId": "table--appcompatshims--33b5da402f",
+ "evented": false,
+ "platforms": [
+ "windows"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "appcompat_shims",
+ "description",
+ "executable",
+ "install_time",
+ "path",
+ "sdb_id",
+ "type"
+ ],
+ "sectionRelativeRepoPath": "appcompat_shims",
+ "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fappcompat_shims.yml&value=name%3A%20appcompat_shims%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table."
+ },
+ {
+ "url": "/tables/apps",
+ "title": "apps",
+ "htmlId": "table--apps--ccdee150a9",
+ "evented": false,
+ "platforms": [
+ "darwin"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "apps",
+ "applescript_enabled",
+ "bundle_executable",
+ "bundle_identifier",
+ "bundle_name",
+ "bundle_package_type",
+ "bundle_short_version",
+ "bundle_version",
+ "category",
+ "compiler",
+ "copyright",
+ "development_region",
+ "display_name",
+ "element",
+ "environment",
+ "info_string",
+ "last_opened_time",
+ "minimum_system_version",
+ "name",
+ "path"
+ ],
+ "sectionRelativeRepoPath": "apps",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/apps.yml"
+ },
+ {
+ "url": "/tables/apt_sources",
+ "title": "apt_sources",
+ "htmlId": "table--aptsources--a209051a90",
+ "evented": false,
+ "platforms": [
+ "linux"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "apt_sources",
+ "architectures",
+ "base_uri",
+ "components",
+ "maintainer",
+ "name",
+ "pid_with_namespace",
+ "release",
+ "source",
+ "version"
+ ],
+ "sectionRelativeRepoPath": "apt_sources",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/apt_sources.yml"
+ },
+ {
+ "url": "/tables/arp_cache",
+ "title": "arp_cache",
+ "htmlId": "table--arpcache--83f95510b6",
+ "evented": false,
+ "platforms": [
+ "darwin",
+ "linux",
+ "windows"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "arp_cache",
+ "address",
+ "interface",
+ "mac",
+ "permanent"
+ ],
+ "sectionRelativeRepoPath": "arp_cache",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/arp_cache.yml"
+ },
+ {
+ "url": "/tables/asl",
+ "title": "asl",
+ "htmlId": "table--asl--d2accdbfe3",
+ "evented": false,
+ "platforms": [
+ "darwin"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "asl",
+ "extra",
+ "facility",
+ "gid",
+ "host",
+ "level",
+ "message",
+ "pid",
+ "ref_pid",
+ "ref_proc",
+ "sender",
+ "time",
+ "time_nano_sec",
+ "uid"
+ ],
+ "sectionRelativeRepoPath": "asl",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/asl.yml"
+ },
+ {
+ "url": "/tables/augeas",
+ "title": "augeas",
+ "htmlId": "table--augeas--b316cda7a7",
+ "evented": false,
+ "platforms": [
+ "darwin",
+ "linux"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "augeas",
+ "label",
+ "node",
+ "path",
+ "value"
+ ],
+ "sectionRelativeRepoPath": "augeas",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/augeas.yml"
+ },
+ {
+ "url": "/tables/authdb",
+ "title": "authdb",
+ "htmlId": "table--authdb--a304d751e5",
+ "evented": false,
+ "platforms": [
+ "darwin"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "authdb",
+ "json_result",
+ "right_name"
+ ],
+ "sectionRelativeRepoPath": "authdb",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/authdb.yml"
+ },
+ {
+ "url": "/tables/authenticode",
+ "title": "authenticode",
+ "htmlId": "table--authenticode--0de9da48eb",
+ "evented": false,
+ "platforms": [
+ "windows"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "authenticode",
+ "issuer_name",
+ "original_program_name",
+ "path",
+ "result",
+ "serial_number",
+ "subject_name"
+ ],
+ "sectionRelativeRepoPath": "authenticode",
+ "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fauthenticode.yml&value=name%3A%20authenticode%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table."
+ },
+ {
+ "url": "/tables/authorization_mechanisms",
+ "title": "authorization_mechanisms",
+ "htmlId": "table--authorizationmechanisms--d2490cb436",
+ "evented": false,
+ "platforms": [
+ "darwin"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "authorization_mechanisms",
+ "entry",
+ "label",
+ "mechanism",
+ "plugin",
+ "privileged"
+ ],
+ "sectionRelativeRepoPath": "authorization_mechanisms",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/authorization_mechanisms.yml"
+ },
+ {
+ "url": "/tables/authorizations",
+ "title": "authorizations",
+ "htmlId": "table--authorizations--7fb6b733e8",
+ "evented": false,
+ "platforms": [
+ "darwin"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "authorizations",
+ "allow_root",
+ "authenticate_user",
+ "class",
+ "comment",
+ "created",
+ "label",
+ "modified",
+ "session_owner",
+ "shared",
+ "timeout",
+ "tries",
+ "version"
+ ],
+ "sectionRelativeRepoPath": "authorizations",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/authorizations.yml"
+ },
+ {
+ "url": "/tables/authorized_keys",
+ "title": "authorized_keys",
+ "htmlId": "table--authorizedkeys--5108700dee",
+ "evented": false,
+ "platforms": [
+ "darwin",
+ "linux"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "authorized_keys",
+ "algorithm",
+ "comment",
+ "key",
+ "key_file",
+ "options",
+ "pid_with_namespace",
+ "uid"
+ ],
+ "sectionRelativeRepoPath": "authorized_keys",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/authorized_keys.yml"
+ },
+ {
+ "url": "/tables/autoexec",
+ "title": "autoexec",
+ "htmlId": "table--autoexec--ab98111b94",
+ "evented": false,
+ "platforms": [
+ "windows"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "autoexec",
+ "name",
+ "path",
+ "source"
+ ],
+ "sectionRelativeRepoPath": "autoexec",
+ "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fautoexec.yml&value=name%3A%20autoexec%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table."
+ },
+ {
+ "url": "/tables/azure_instance_metadata",
+ "title": "azure_instance_metadata",
+ "htmlId": "table--azureinstancemetadata--01df1dde23",
+ "evented": false,
+ "platforms": [
+ "darwin",
+ "linux",
+ "windows"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "azure_instance_metadata",
+ "location",
+ "name",
+ "offer",
+ "os_type",
+ "placement_group_id",
+ "platform_fault_domain",
+ "platform_update_domain",
+ "publisher",
+ "resource_group_name",
+ "sku",
+ "subscription_id",
+ "version",
+ "vm_id",
+ "vm_scale_set_name",
+ "vm_size",
+ "zone"
+ ],
+ "sectionRelativeRepoPath": "azure_instance_metadata",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/azure_instance_metadata.yml"
+ },
+ {
+ "url": "/tables/azure_instance_tags",
+ "title": "azure_instance_tags",
+ "htmlId": "table--azureinstancetags--166e2b6f18",
+ "evented": false,
+ "platforms": [
+ "darwin",
+ "linux",
+ "windows"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "azure_instance_tags",
+ "key",
+ "value",
+ "vm_id"
+ ],
+ "sectionRelativeRepoPath": "azure_instance_tags",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/azure_instance_tags.yml"
+ },
+ {
+ "url": "/tables/background_activities_moderator",
+ "title": "background_activities_moderator",
+ "htmlId": "table--backgroundactivitiesmoderator--12072ab407",
+ "evented": false,
+ "platforms": [
+ "windows"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "background_activities_moderator",
+ "last_execution_time",
+ "path",
+ "sid"
+ ],
+ "sectionRelativeRepoPath": "background_activities_moderator",
+ "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fbackground_activities_moderator.yml&value=name%3A%20background_activities_moderator%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table."
+ },
+ {
+ "url": "/tables/battery",
+ "title": "battery",
+ "htmlId": "table--battery--e54a7e368b",
+ "evented": false,
+ "platforms": [
+ "darwin",
+ "windows"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "battery",
+ "amperage",
+ "charged",
+ "charging",
+ "chemistry",
+ "condition",
+ "current_capacity",
+ "cycle_count",
+ "designed_capacity",
+ "health",
+ "manufacture_date",
+ "manufacturer",
+ "max_capacity",
+ "minutes_to_full_charge",
+ "minutes_until_empty",
+ "model",
+ "percent_remaining",
+ "serial_number",
+ "state",
+ "voltage"
+ ],
+ "sectionRelativeRepoPath": "battery",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/battery.yml"
+ },
+ {
+ "url": "/tables/bitlocker_info",
+ "title": "bitlocker_info",
+ "htmlId": "table--bitlockerinfo--277b4f7713",
+ "evented": false,
+ "platforms": [
+ "windows"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "bitlocker_info",
+ "conversion_status",
+ "device_id",
+ "drive_letter",
+ "encryption_method",
+ "lock_status",
+ "percentage_encrypted",
+ "persistent_volume_id",
+ "protection_status",
+ "version"
+ ],
+ "sectionRelativeRepoPath": "bitlocker_info",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/bitlocker_info.yml"
+ },
+ {
+ "url": "/tables/block_devices",
+ "title": "block_devices",
+ "htmlId": "table--blockdevices--3db1d23d7b",
+ "evented": false,
+ "platforms": [
+ "darwin",
+ "linux"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "block_devices",
+ "block_size",
+ "label",
+ "model",
+ "name",
+ "parent",
+ "size",
+ "type",
+ "uuid",
+ "vendor"
+ ],
+ "sectionRelativeRepoPath": "block_devices",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/block_devices.yml"
+ },
+ {
+ "url": "/tables/bpf_process_events",
+ "title": "bpf_process_events",
+ "htmlId": "table--bpfprocessevents--f98d50f0c4",
+ "evented": true,
+ "platforms": [
+ "linux"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "bpf_process_events",
+ "cid",
+ "cmdline",
+ "cwd",
+ "duration",
+ "eid",
+ "exit_code",
+ "gid",
+ "json_cmdline",
+ "ntime",
+ "parent",
+ "path",
+ "pid",
+ "probe_error",
+ "syscall",
+ "tid",
+ "time",
+ "uid"
+ ],
+ "sectionRelativeRepoPath": "bpf_process_events",
+ "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fbpf_process_events.yml&value=name%3A%20bpf_process_events%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table."
+ },
+ {
+ "url": "/tables/bpf_socket_events",
+ "title": "bpf_socket_events",
+ "htmlId": "table--bpfsocketevents--2bbe58be1b",
+ "evented": true,
+ "platforms": [
+ "linux"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "bpf_socket_events",
+ "cid",
+ "duration",
+ "eid",
+ "exit_code",
+ "family",
+ "fd",
+ "gid",
+ "local_address",
+ "local_port",
+ "ntime",
+ "parent",
+ "path",
+ "pid",
+ "probe_error",
+ "protocol",
+ "remote_address",
+ "remote_port",
+ "syscall",
+ "tid",
+ "time",
+ "type",
+ "uid"
+ ],
+ "sectionRelativeRepoPath": "bpf_socket_events",
+ "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fbpf_socket_events.yml&value=name%3A%20bpf_socket_events%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table."
+ },
+ {
+ "url": "/tables/carbon_black_info",
+ "title": "carbon_black_info",
+ "htmlId": "table--carbonblackinfo--1a7333701d",
+ "evented": false,
+ "platforms": [
+ "darwin",
+ "linux",
+ "windows"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "carbon_black_info",
+ "binary_queue",
+ "collect_cross_processes",
+ "collect_data_file_writes",
+ "collect_emet_events",
+ "collect_file_mods",
+ "collect_module_info",
+ "collect_module_loads",
+ "collect_net_conns",
+ "collect_process_user_context",
+ "collect_processes",
+ "collect_reg_mods",
+ "collect_sensor_operations",
+ "collect_store_files",
+ "config_name",
+ "event_queue",
+ "log_file_disk_quota_mb",
+ "log_file_disk_quota_percentage",
+ "protection_disabled",
+ "sensor_backend_server",
+ "sensor_id",
+ "sensor_ip_addr"
+ ],
+ "sectionRelativeRepoPath": "carbon_black_info",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/carbon_black_info.yml"
+ },
+ {
+ "url": "/tables/carves",
+ "title": "carves",
+ "htmlId": "table--carves--faab2a865e",
+ "evented": false,
+ "platforms": [
+ "darwin",
+ "linux",
+ "windows"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "carves",
+ "carve",
+ "carve_guid",
+ "path",
+ "request_id",
+ "sha256",
+ "size",
+ "status",
+ "time"
+ ],
+ "sectionRelativeRepoPath": "carves",
+ "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fcarves.yml&value=name%3A%20carves%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table."
+ },
+ {
+ "url": "/tables/certificates",
+ "title": "certificates",
+ "htmlId": "table--certificates--e853dcf612",
+ "evented": false,
+ "platforms": [
+ "darwin",
+ "linux",
+ "windows"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "certificates",
+ "authority_key_id",
+ "ca",
+ "common_name",
+ "issuer",
+ "issuer2",
+ "key_algorithm",
+ "key_strength",
+ "key_usage",
+ "not_valid_after",
+ "not_valid_before",
+ "path",
+ "self_signed",
+ "serial",
+ "sha1",
+ "sid",
+ "signing_algorithm",
+ "store",
+ "store_id",
+ "store_location",
+ "subject",
+ "subject2",
+ "subject_key_id",
+ "username"
+ ],
+ "sectionRelativeRepoPath": "certificates",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/certificates.yml"
+ },
+ {
+ "url": "/tables/chassis_info",
+ "title": "chassis_info",
+ "htmlId": "table--chassisinfo--b4f2a373fd",
+ "evented": false,
+ "platforms": [
+ "windows"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "chassis_info",
+ "audible_alarm",
+ "breach_description",
+ "chassis_types",
+ "description",
+ "lock",
+ "manufacturer",
+ "model",
+ "security_breach",
+ "serial",
+ "sku",
+ "smbios_tag",
+ "status",
+ "visible_alarm"
+ ],
+ "sectionRelativeRepoPath": "chassis_info",
+ "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fchassis_info.yml&value=name%3A%20chassis_info%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table."
+ },
+ {
+ "url": "/tables/chocolatey_packages",
+ "title": "chocolatey_packages",
+ "htmlId": "table--chocolateypackages--a948b45942",
+ "evented": false,
+ "platforms": [
+ "windows"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "chocolatey_packages",
+ "author",
+ "license",
+ "name",
+ "path",
+ "summary",
+ "version"
+ ],
+ "sectionRelativeRepoPath": "chocolatey_packages",
+ "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fchocolatey_packages.yml&value=name%3A%20chocolatey_packages%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table."
+ },
+ {
+ "url": "/tables/chrome_extension_content_scripts",
+ "title": "chrome_extension_content_scripts",
+ "htmlId": "table--chromeextensioncontentscripts--90dfc8f7b0",
+ "evented": false,
+ "platforms": [
+ "darwin",
+ "linux",
+ "windows"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "chrome_extension_content_scripts",
+ "browser_type",
+ "identifier",
+ "match",
+ "path",
+ "profile_path",
+ "referenced",
+ "script",
+ "uid",
+ "version"
+ ],
+ "sectionRelativeRepoPath": "chrome_extension_content_scripts",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/chrome_extension_content_scripts.yml"
+ },
+ {
+ "url": "/tables/chrome_extensions",
+ "title": "chrome_extensions",
+ "htmlId": "table--chromeextensions--0b832601b4",
+ "evented": false,
+ "platforms": [
+ "darwin",
+ "windows",
+ "linux",
+ "chrome"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "chrome_extensions",
+ "author",
+ "browser_type",
+ "current_locale",
+ "default_locale",
+ "description",
+ "from_webstore",
+ "identifier",
+ "install_time",
+ "install_timestamp",
+ "key",
+ "manifest_hash",
+ "manifest_json",
+ "name",
+ "optional_permissions",
+ "optional_permissions_json",
+ "path",
+ "permissions",
+ "permissions_json",
+ "persistent",
+ "profile",
+ "profile_path",
+ "referenced",
+ "referenced_identifier",
+ "state",
+ "uid",
+ "update_url",
+ "version"
+ ],
+ "sectionRelativeRepoPath": "chrome_extensions",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/chrome_extensions.yml"
+ },
+ {
+ "url": "/tables/cis_audit",
+ "title": "cis_audit",
+ "htmlId": "table--cisaudit--021dcf9746",
+ "evented": false,
+ "platforms": [
+ "windows"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "cis_audit",
+ "item",
+ "value"
+ ],
+ "sectionRelativeRepoPath": "cis_audit",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/cis_audit.yml"
+ },
+ {
+ "url": "/tables/connected_displays",
+ "title": "connected_displays",
+ "htmlId": "table--connecteddisplays--f57653bc5b",
+ "evented": false,
+ "platforms": [
+ "darwin"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "connected_displays",
+ "ambient_brightness_enabled",
+ "connection_type",
+ "display_id",
+ "display_type",
+ "main",
+ "manufactured_week",
+ "manufactured_year",
+ "mirror",
+ "name",
+ "online",
+ "pixels",
+ "product_id",
+ "resolution",
+ "rotation",
+ "serial_number",
+ "vendor_id"
+ ],
+ "sectionRelativeRepoPath": "connected_displays",
+ "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fconnected_displays.yml&value=name%3A%20connected_displays%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table."
+ },
+ {
+ "url": "/tables/connectivity",
+ "title": "connectivity",
+ "htmlId": "table--connectivity--9bd961f435",
+ "evented": false,
+ "platforms": [
+ "windows"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "connectivity",
+ "disconnected",
+ "ipv4_internet",
+ "ipv4_local_network",
+ "ipv4_no_traffic",
+ "ipv4_subnet",
+ "ipv6_internet",
+ "ipv6_local_network",
+ "ipv6_no_traffic",
+ "ipv6_subnet"
+ ],
+ "sectionRelativeRepoPath": "connectivity",
+ "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fconnectivity.yml&value=name%3A%20connectivity%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table."
+ },
+ {
+ "url": "/tables/corestorage_logical_volume_families",
+ "title": "corestorage_logical_volume_families",
+ "htmlId": "table--corestoragelogicalvolumefamilies--c844b6943f",
+ "evented": false,
+ "platforms": [
+ "darwin"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "corestorage_logical_volume_families",
+ "EncryptionStatus",
+ "EncryptionType",
+ "HasVisibleUsers",
+ "HasVolumeKey",
+ "IsAcceptingNewUsers",
+ "IsFullySecure",
+ "MayHaveEncryptedEvents",
+ "RequiresPasswordUnlock",
+ "UUID",
+ "vg_FreeSpace",
+ "vg_FusionDrive",
+ "vg_Name",
+ "vg_Sequence",
+ "vg_Size",
+ "vg_Sparse",
+ "vg_Status",
+ "vg_UUID",
+ "vg_Version"
+ ],
+ "sectionRelativeRepoPath": "corestorage_logical_volume_families",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/corestorage_logical_volume_families.yml"
+ },
+ {
+ "url": "/tables/corestorage_logical_volumes",
+ "title": "corestorage_logical_volumes",
+ "htmlId": "table--corestoragelogicalvolumes--b32c10c6c2",
+ "evented": false,
+ "platforms": [
+ "darwin"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "corestorage_logical_volumes",
+ "ContentHint",
+ "ConversionState",
+ "ConverstionProgressPercent",
+ "DesignatedPhysicalVolume",
+ "DesignatedPhysicalVolumeIdentifier",
+ "Identifier",
+ "Name",
+ "Sequence",
+ "Size",
+ "Status",
+ "UUID",
+ "Version",
+ "VolumeName",
+ "lvf_EncryptionStatus",
+ "lvf_EncryptionType",
+ "lvf_HasVisibleUsers",
+ "lvf_HasVolumeKey",
+ "lvf_IsAcceptingNewUsers",
+ "lvf_IsFullySecure",
+ "lvf_MayHaveEncryptedEvents",
+ "lvf_RequiresPasswordUnlock",
+ "lvf_UUID",
+ "vg_FreeSpace",
+ "vg_FusionDrive",
+ "vg_Name",
+ "vg_Sequence",
+ "vg_Size",
+ "vg_Sparse",
+ "vg_Status",
+ "vg_UUID",
+ "vg_Version"
+ ],
+ "sectionRelativeRepoPath": "corestorage_logical_volumes",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/corestorage_logical_volumes.yml"
+ },
+ {
+ "url": "/tables/cpu_info",
+ "title": "cpu_info",
+ "htmlId": "table--cpuinfo--aa3c0cfb0c",
+ "evented": false,
+ "platforms": [
+ "darwin",
+ "linux",
+ "windows"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "cpu_info",
+ "address_width",
+ "availability",
+ "cpu_status",
+ "current_clock_speed",
+ "device_id",
+ "load_percentage",
+ "logical_processors",
+ "manufacturer",
+ "max_clock_speed",
+ "model",
+ "number_of_cores",
+ "number_of_efficiency_cores",
+ "number_of_performance_cores",
+ "processor_type",
+ "socket_designation"
+ ],
+ "sectionRelativeRepoPath": "cpu_info",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/cpu_info.yml"
+ },
+ {
+ "url": "/tables/cpu_time",
+ "title": "cpu_time",
+ "htmlId": "table--cputime--8f68637ee3",
+ "evented": false,
+ "platforms": [
+ "darwin",
+ "linux"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "cpu_time",
+ "core",
+ "guest",
+ "guest_nice",
+ "idle",
+ "iowait",
+ "irq",
+ "nice",
+ "softirq",
+ "steal",
+ "system",
+ "user"
+ ],
+ "sectionRelativeRepoPath": "cpu_time",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/cpu_time.yml"
+ },
+ {
+ "url": "/tables/cpuid",
+ "title": "cpuid",
+ "htmlId": "table--cpuid--68704a46e7",
+ "evented": false,
+ "platforms": [
+ "darwin",
+ "linux",
+ "windows"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "cpuid",
+ "feature",
+ "input_eax",
+ "output_bit",
+ "output_register",
+ "value"
+ ],
+ "sectionRelativeRepoPath": "cpuid",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/cpuid.yml"
+ },
+ {
+ "url": "/tables/crashes",
+ "title": "crashes",
+ "htmlId": "table--crashes--6bccea7c2f",
+ "evented": false,
+ "platforms": [
+ "darwin"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "crashes",
+ "crash_path",
+ "crashed_thread",
+ "datetime",
+ "exception_codes",
+ "exception_notes",
+ "exception_type",
+ "identifier",
+ "parent",
+ "path",
+ "pid",
+ "registers",
+ "responsible",
+ "stack_trace",
+ "type",
+ "uid",
+ "version"
+ ],
+ "sectionRelativeRepoPath": "crashes",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/crashes.yml"
+ },
+ {
+ "url": "/tables/crontab",
+ "title": "crontab",
+ "htmlId": "table--crontab--a8fe1b5316",
+ "evented": false,
+ "platforms": [
+ "darwin",
+ "linux"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "crontab",
+ "command",
+ "day_of_month",
+ "day_of_week",
+ "event",
+ "hour",
+ "minute",
+ "month",
+ "path",
+ "pid_with_namespace"
+ ],
+ "sectionRelativeRepoPath": "crontab",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/crontab.yml"
+ },
+ {
+ "url": "/tables/cryptoinfo",
+ "title": "cryptoinfo",
+ "htmlId": "table--cryptoinfo--5e90627c08",
+ "evented": false,
+ "platforms": [
+ "darwin",
+ "windows",
+ "linux"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "cryptoinfo",
+ "fullkey",
+ "key",
+ "parent",
+ "passphrase",
+ "path",
+ "query",
+ "value"
+ ],
+ "sectionRelativeRepoPath": "cryptoinfo",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/cryptoinfo.yml"
+ },
+ {
+ "url": "/tables/cryptsetup_status",
+ "title": "cryptsetup_status",
+ "htmlId": "table--cryptsetupstatus--3aa1264a26",
+ "evented": false,
+ "platforms": [
+ "linux"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "cryptsetup_status",
+ "fullkey",
+ "key",
+ "name",
+ "parent",
+ "query",
+ "value"
+ ],
+ "sectionRelativeRepoPath": "cryptsetup_status",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/cryptsetup_status.yml"
+ },
+ {
+ "url": "/tables/csrutil_info",
+ "title": "csrutil_info",
+ "htmlId": "table--csrutilinfo--959d823b8e",
+ "evented": false,
+ "platforms": [
+ "darwin"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "csrutil_info",
+ "ssv_enabled"
+ ],
+ "sectionRelativeRepoPath": "csrutil_info",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/csrutil_info.yml"
+ },
+ {
+ "url": "/tables/cups_destinations",
+ "title": "cups_destinations",
+ "htmlId": "table--cupsdestinations--8ccb3721f2",
+ "evented": false,
+ "platforms": [
+ "darwin"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "cups_destinations",
+ "name",
+ "option_name",
+ "option_value"
+ ],
+ "sectionRelativeRepoPath": "cups_destinations",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/cups_destinations.yml"
+ },
+ {
+ "url": "/tables/cups_jobs",
+ "title": "cups_jobs",
+ "htmlId": "table--cupsjobs--3268465efb",
+ "evented": false,
+ "platforms": [
+ "darwin"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "cups_jobs",
+ "completed_time",
+ "creation_time",
+ "destination",
+ "format",
+ "processing_time",
+ "size",
+ "title",
+ "user"
+ ],
+ "sectionRelativeRepoPath": "cups_jobs",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/cups_jobs.yml"
+ },
+ {
+ "url": "/tables/curl",
+ "title": "curl",
+ "htmlId": "table--curl--2ab03fa14d",
+ "evented": false,
+ "platforms": [
+ "darwin",
+ "linux",
+ "windows"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "curl",
+ "bytes",
+ "method",
+ "response_code",
+ "result",
+ "round_trip_time",
+ "url",
+ "user_agent"
+ ],
+ "sectionRelativeRepoPath": "curl",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/curl.yml"
+ },
+ {
+ "url": "/tables/curl_certificate",
+ "title": "curl_certificate",
+ "htmlId": "table--curlcertificate--6d52c798b0",
+ "evented": false,
+ "platforms": [
+ "darwin",
+ "linux",
+ "windows"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "curl_certificate",
+ "authority_key_identifier",
+ "basic_constraint",
+ "common_name",
+ "dump_certificate",
+ "extended_key_usage",
+ "has_expired",
+ "hostname",
+ "info_access",
+ "issuer_alternative_names",
+ "issuer_common_name",
+ "issuer_organization",
+ "issuer_organization_unit",
+ "key_usage",
+ "name_constraints",
+ "organization",
+ "organization_unit",
+ "pem",
+ "policies",
+ "policy_constraints",
+ "policy_mappings",
+ "serial_number",
+ "sha1_fingerprint",
+ "sha256_fingerprint",
+ "signature",
+ "signature_algorithm",
+ "subject_alternative_names",
+ "subject_info_access",
+ "subject_key_identifier",
+ "timeout",
+ "valid_from",
+ "valid_to",
+ "version"
+ ],
+ "sectionRelativeRepoPath": "curl_certificate",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/curl_certificate.yml"
+ },
+ {
+ "url": "/tables/deb_packages",
+ "title": "deb_packages",
+ "htmlId": "table--debpackages--f9f4ca0355",
+ "evented": false,
+ "platforms": [
+ "linux"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "deb_packages",
+ "admindir",
+ "arch",
+ "maintainer",
+ "mount_namespace_id",
+ "name",
+ "pid_with_namespace",
+ "priority",
+ "revision",
+ "section",
+ "size",
+ "source",
+ "status",
+ "version"
+ ],
+ "sectionRelativeRepoPath": "deb_packages",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/deb_packages.yml"
+ },
+ {
+ "url": "/tables/default_environment",
+ "title": "default_environment",
+ "htmlId": "table--defaultenvironment--ccbaea6671",
+ "evented": false,
+ "platforms": [
+ "windows"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "default_environment",
+ "expand",
+ "value",
+ "variable"
+ ],
+ "sectionRelativeRepoPath": "default_environment",
+ "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fdefault_environment.yml&value=name%3A%20default_environment%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table."
+ },
+ {
+ "url": "/tables/device_file",
+ "title": "device_file",
+ "htmlId": "table--devicefile--e5267d9f3e",
+ "evented": false,
+ "platforms": [
+ "darwin",
+ "linux"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "device_file",
+ "atime",
+ "block_size",
+ "ctime",
+ "device",
+ "filename",
+ "gid",
+ "hard_links",
+ "inode",
+ "mode",
+ "mtime",
+ "partition",
+ "path",
+ "size",
+ "type",
+ "uid"
+ ],
+ "sectionRelativeRepoPath": "device_file",
+ "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fdevice_file.yml&value=name%3A%20device_file%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table."
+ },
+ {
+ "url": "/tables/device_firmware",
+ "title": "device_firmware",
+ "htmlId": "table--devicefirmware--ab4ba7dd63",
+ "evented": false,
+ "platforms": [
+ "darwin"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "device_firmware",
+ "device",
+ "type",
+ "version"
+ ],
+ "sectionRelativeRepoPath": "device_firmware",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/device_firmware.yml"
+ },
+ {
+ "url": "/tables/device_hash",
+ "title": "device_hash",
+ "htmlId": "table--devicehash--c839a630b0",
+ "evented": false,
+ "platforms": [
+ "darwin",
+ "linux"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "device_hash",
+ "device",
+ "inode",
+ "md5",
+ "partition",
+ "sha1",
+ "sha256"
+ ],
+ "sectionRelativeRepoPath": "device_hash",
+ "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fdevice_hash.yml&value=name%3A%20device_hash%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table."
+ },
+ {
+ "url": "/tables/device_partitions",
+ "title": "device_partitions",
+ "htmlId": "table--devicepartitions--3489019e85",
+ "evented": false,
+ "platforms": [
+ "darwin",
+ "linux"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "device_partitions",
+ "blocks",
+ "blocks_size",
+ "device",
+ "flags",
+ "inodes",
+ "label",
+ "offset",
+ "partition",
+ "type"
+ ],
+ "sectionRelativeRepoPath": "device_partitions",
+ "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fdevice_partitions.yml&value=name%3A%20device_partitions%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table."
+ },
+ {
+ "url": "/tables/disk_encryption",
+ "title": "disk_encryption",
+ "htmlId": "table--diskencryption--26d5b55253",
+ "evented": false,
+ "platforms": [
+ "darwin",
+ "linux"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "disk_encryption",
+ "encrypted",
+ "encryption_status",
+ "filevault_status",
+ "name",
+ "type",
+ "uid",
+ "user_uuid",
+ "uuid"
+ ],
+ "sectionRelativeRepoPath": "disk_encryption",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/disk_encryption.yml"
+ },
+ {
+ "url": "/tables/disk_events",
+ "title": "disk_events",
+ "htmlId": "table--diskevents--737534006f",
+ "evented": true,
+ "platforms": [
+ "darwin"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "disk_events",
+ "action",
+ "checksum",
+ "content",
+ "device",
+ "eid",
+ "ejectable",
+ "filesystem",
+ "media_name",
+ "mountable",
+ "name",
+ "path",
+ "size",
+ "time",
+ "uuid",
+ "vendor",
+ "writable"
+ ],
+ "sectionRelativeRepoPath": "disk_events",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/disk_events.yml"
+ },
+ {
+ "url": "/tables/disk_info",
+ "title": "disk_info",
+ "htmlId": "table--diskinfo--e7393d4e29",
+ "evented": false,
+ "platforms": [
+ "windows",
+ "chrome"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "disk_info",
+ "description",
+ "disk_index",
+ "disk_size",
+ "hardware_model",
+ "id",
+ "manufacturer",
+ "name",
+ "partitions",
+ "pnp_device_id",
+ "serial",
+ "type"
+ ],
+ "sectionRelativeRepoPath": "disk_info",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/disk_info.yml"
+ },
+ {
+ "url": "/tables/dns_cache",
+ "title": "dns_cache",
+ "htmlId": "table--dnscache--dc0e67fdcf",
+ "evented": false,
+ "platforms": [
+ "windows"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "dns_cache",
+ "flags",
+ "name",
+ "type"
+ ],
+ "sectionRelativeRepoPath": "dns_cache",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/dns_cache.yml"
+ },
+ {
+ "url": "/tables/dns_resolvers",
+ "title": "dns_resolvers",
+ "htmlId": "table--dnsresolvers--2c8fb31e5d",
+ "evented": false,
+ "platforms": [
+ "darwin",
+ "linux"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "dns_resolvers",
+ "address",
+ "id",
+ "netmask",
+ "options",
+ "pid_with_namespace",
+ "type"
+ ],
+ "sectionRelativeRepoPath": "dns_resolvers",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/dns_resolvers.yml"
+ },
+ {
+ "url": "/tables/docker_container_envs",
+ "title": "docker_container_envs",
+ "htmlId": "table--dockercontainerenvs--3f92fabef8",
+ "evented": false,
+ "platforms": [
+ "darwin",
+ "linux"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "docker_container_envs",
+ "id",
+ "key",
+ "value"
+ ],
+ "sectionRelativeRepoPath": "docker_container_envs",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/docker_container_envs.yml"
+ },
+ {
+ "url": "/tables/docker_container_fs_changes",
+ "title": "docker_container_fs_changes",
+ "htmlId": "table--dockercontainerfschanges--e8a13529f8",
+ "evented": false,
+ "platforms": [
+ "darwin",
+ "linux"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "docker_container_fs_changes",
+ "change_type",
+ "id",
+ "path"
+ ],
+ "sectionRelativeRepoPath": "docker_container_fs_changes",
+ "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fdocker_container_fs_changes.yml&value=name%3A%20docker_container_fs_changes%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table."
+ },
+ {
+ "url": "/tables/docker_container_labels",
+ "title": "docker_container_labels",
+ "htmlId": "table--dockercontainerlabels--525f815a85",
+ "evented": false,
+ "platforms": [
+ "darwin",
+ "linux"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "docker_container_labels",
+ "id",
+ "key",
+ "value"
+ ],
+ "sectionRelativeRepoPath": "docker_container_labels",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/docker_container_labels.yml"
+ },
+ {
+ "url": "/tables/docker_container_mounts",
+ "title": "docker_container_mounts",
+ "htmlId": "table--dockercontainermounts--feffa9b278",
+ "evented": false,
+ "platforms": [
+ "darwin",
+ "linux"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "docker_container_mounts",
+ "destination",
+ "driver",
+ "id",
+ "mode",
+ "name",
+ "propagation",
+ "rw",
+ "source",
+ "type"
+ ],
+ "sectionRelativeRepoPath": "docker_container_mounts",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/docker_container_mounts.yml"
+ },
+ {
+ "url": "/tables/docker_container_networks",
+ "title": "docker_container_networks",
+ "htmlId": "table--dockercontainernetworks--7482838a3b",
+ "evented": false,
+ "platforms": [
+ "darwin",
+ "linux"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "docker_container_networks",
+ "endpoint_id",
+ "gateway",
+ "id",
+ "ip_address",
+ "ip_prefix_len",
+ "ipv6_address",
+ "ipv6_gateway",
+ "ipv6_prefix_len",
+ "mac_address",
+ "name",
+ "network_id"
+ ],
+ "sectionRelativeRepoPath": "docker_container_networks",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/docker_container_networks.yml"
+ },
+ {
+ "url": "/tables/docker_container_ports",
+ "title": "docker_container_ports",
+ "htmlId": "table--dockercontainerports--8fa613bed0",
+ "evented": false,
+ "platforms": [
+ "darwin",
+ "linux"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "docker_container_ports",
+ "host_ip",
+ "host_port",
+ "id",
+ "port",
+ "type"
+ ],
+ "sectionRelativeRepoPath": "docker_container_ports",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/docker_container_ports.yml"
+ },
+ {
+ "url": "/tables/docker_container_processes",
+ "title": "docker_container_processes",
+ "htmlId": "table--dockercontainerprocesses--3790b40e9b",
+ "evented": false,
+ "platforms": [
+ "darwin",
+ "linux"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "docker_container_processes",
+ "cmdline",
+ "cpu",
+ "egid",
+ "euid",
+ "gid",
+ "id",
+ "mem",
+ "name",
+ "nice",
+ "parent",
+ "pgroup",
+ "pid",
+ "resident_size",
+ "sgid",
+ "start_time",
+ "state",
+ "suid",
+ "threads",
+ "time",
+ "total_size",
+ "uid",
+ "user",
+ "wired_size"
+ ],
+ "sectionRelativeRepoPath": "docker_container_processes",
+ "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fdocker_container_processes.yml&value=name%3A%20docker_container_processes%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table."
+ },
+ {
+ "url": "/tables/docker_container_stats",
+ "title": "docker_container_stats",
+ "htmlId": "table--dockercontainerstats--55f8d1f434",
+ "evented": false,
+ "platforms": [
+ "darwin",
+ "linux"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "docker_container_stats",
+ "cpu_kernelmode_usage",
+ "cpu_total_usage",
+ "cpu_usermode_usage",
+ "disk_read",
+ "disk_write",
+ "id",
+ "interval",
+ "memory_cached",
+ "memory_limit",
+ "memory_max_usage",
+ "memory_usage",
+ "name",
+ "network_rx_bytes",
+ "network_tx_bytes",
+ "num_procs",
+ "online_cpus",
+ "pids",
+ "pre_cpu_kernelmode_usage",
+ "pre_cpu_total_usage",
+ "pre_cpu_usermode_usage",
+ "pre_online_cpus",
+ "pre_system_cpu_usage",
+ "preread",
+ "read",
+ "system_cpu_usage"
+ ],
+ "sectionRelativeRepoPath": "docker_container_stats",
+ "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fdocker_container_stats.yml&value=name%3A%20docker_container_stats%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table."
+ },
+ {
+ "url": "/tables/docker_containers",
+ "title": "docker_containers",
+ "htmlId": "table--dockercontainers--e586f60cb7",
+ "evented": false,
+ "platforms": [
+ "darwin",
+ "linux"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "docker_containers",
+ "cgroup_namespace",
+ "command",
+ "config_entrypoint",
+ "created",
+ "env_variables",
+ "finished_at",
+ "id",
+ "image",
+ "image_id",
+ "ipc_namespace",
+ "mnt_namespace",
+ "name",
+ "net_namespace",
+ "path",
+ "pid",
+ "pid_namespace",
+ "privileged",
+ "readonly_rootfs",
+ "security_options",
+ "started_at",
+ "state",
+ "status",
+ "user_namespace",
+ "uts_namespace"
+ ],
+ "sectionRelativeRepoPath": "docker_containers",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/docker_containers.yml"
+ },
+ {
+ "url": "/tables/docker_image_history",
+ "title": "docker_image_history",
+ "htmlId": "table--dockerimagehistory--77b04426fe",
+ "evented": false,
+ "platforms": [
+ "darwin",
+ "linux"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "docker_image_history",
+ "comment",
+ "created",
+ "created_by",
+ "id",
+ "size",
+ "tags"
+ ],
+ "sectionRelativeRepoPath": "docker_image_history",
+ "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fdocker_image_history.yml&value=name%3A%20docker_image_history%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table."
+ },
+ {
+ "url": "/tables/docker_image_labels",
+ "title": "docker_image_labels",
+ "htmlId": "table--dockerimagelabels--14e0871386",
+ "evented": false,
+ "platforms": [
+ "darwin",
+ "linux"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "docker_image_labels",
+ "id",
+ "key",
+ "value"
+ ],
+ "sectionRelativeRepoPath": "docker_image_labels",
+ "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fdocker_image_labels.yml&value=name%3A%20docker_image_labels%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table."
+ },
+ {
+ "url": "/tables/docker_image_layers",
+ "title": "docker_image_layers",
+ "htmlId": "table--dockerimagelayers--91693c4e4c",
+ "evented": false,
+ "platforms": [
+ "darwin",
+ "linux"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "docker_image_layers",
+ "id",
+ "layer_id",
+ "layer_order"
+ ],
+ "sectionRelativeRepoPath": "docker_image_layers",
+ "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fdocker_image_layers.yml&value=name%3A%20docker_image_layers%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table."
+ },
+ {
+ "url": "/tables/docker_images",
+ "title": "docker_images",
+ "htmlId": "table--dockerimages--6819d40071",
+ "evented": false,
+ "platforms": [
+ "darwin",
+ "linux"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "docker_images",
+ "created",
+ "id",
+ "size_bytes",
+ "tags"
+ ],
+ "sectionRelativeRepoPath": "docker_images",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/docker_images.yml"
+ },
+ {
+ "url": "/tables/docker_info",
+ "title": "docker_info",
+ "htmlId": "table--dockerinfo--2f30b285cd",
+ "evented": false,
+ "platforms": [
+ "darwin",
+ "linux"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "docker_info",
+ "architecture",
+ "bridge_nf_ip6tables",
+ "bridge_nf_iptables",
+ "cgroup_driver",
+ "containers",
+ "containers_paused",
+ "containers_running",
+ "containers_stopped",
+ "cpu_cfs_period",
+ "cpu_cfs_quota",
+ "cpu_set",
+ "cpu_shares",
+ "cpus",
+ "http_proxy",
+ "https_proxy",
+ "id",
+ "images",
+ "ipv4_forwarding",
+ "kernel_memory",
+ "kernel_version",
+ "logging_driver",
+ "memory",
+ "memory_limit",
+ "name",
+ "no_proxy",
+ "oom_kill_disable",
+ "os",
+ "os_type",
+ "root_dir",
+ "server_version",
+ "storage_driver",
+ "swap_limit"
+ ],
+ "sectionRelativeRepoPath": "docker_info",
+ "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fdocker_info.yml&value=name%3A%20docker_info%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table."
+ },
+ {
+ "url": "/tables/docker_network_labels",
+ "title": "docker_network_labels",
+ "htmlId": "table--dockernetworklabels--1f827dc474",
+ "evented": false,
+ "platforms": [
+ "darwin",
+ "linux"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "docker_network_labels",
+ "id",
+ "key",
+ "value"
+ ],
+ "sectionRelativeRepoPath": "docker_network_labels",
+ "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fdocker_network_labels.yml&value=name%3A%20docker_network_labels%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table."
+ },
+ {
+ "url": "/tables/docker_networks",
+ "title": "docker_networks",
+ "htmlId": "table--dockernetworks--2ae40ea518",
+ "evented": false,
+ "platforms": [
+ "darwin",
+ "linux"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "docker_networks",
+ "created",
+ "driver",
+ "enable_ipv6",
+ "gateway",
+ "id",
+ "name",
+ "subnet"
+ ],
+ "sectionRelativeRepoPath": "docker_networks",
+ "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fdocker_networks.yml&value=name%3A%20docker_networks%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table."
+ },
+ {
+ "url": "/tables/docker_version",
+ "title": "docker_version",
+ "htmlId": "table--dockerversion--d5c8b11df6",
+ "evented": false,
+ "platforms": [
+ "darwin",
+ "linux"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "docker_version",
+ "api_version",
+ "arch",
+ "build_time",
+ "git_commit",
+ "go_version",
+ "kernel_version",
+ "min_api_version",
+ "os",
+ "version"
+ ],
+ "sectionRelativeRepoPath": "docker_version",
+ "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fdocker_version.yml&value=name%3A%20docker_version%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table."
+ },
+ {
+ "url": "/tables/docker_volume_labels",
+ "title": "docker_volume_labels",
+ "htmlId": "table--dockervolumelabels--45adc74ba3",
+ "evented": false,
+ "platforms": [
+ "darwin",
+ "linux"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "docker_volume_labels",
+ "key",
+ "name",
+ "value"
+ ],
+ "sectionRelativeRepoPath": "docker_volume_labels",
+ "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fdocker_volume_labels.yml&value=name%3A%20docker_volume_labels%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table."
+ },
+ {
+ "url": "/tables/docker_volumes",
+ "title": "docker_volumes",
+ "htmlId": "table--dockervolumes--cee95f6b90",
+ "evented": false,
+ "platforms": [
+ "darwin",
+ "linux"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "docker_volumes",
+ "driver",
+ "mount_point",
+ "name",
+ "type"
+ ],
+ "sectionRelativeRepoPath": "docker_volumes",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/docker_volumes.yml"
+ },
+ {
+ "url": "/tables/drivers",
+ "title": "drivers",
+ "htmlId": "table--drivers--58290d489f",
+ "evented": false,
+ "platforms": [
+ "windows"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "drivers",
+ "class",
+ "date",
+ "description",
+ "device_id",
+ "device_name",
+ "driver_key",
+ "image",
+ "inf",
+ "manufacturer",
+ "provider",
+ "service",
+ "service_key",
+ "signed",
+ "version"
+ ],
+ "sectionRelativeRepoPath": "drivers",
+ "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fdrivers.yml&value=name%3A%20drivers%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table."
+ },
+ {
+ "url": "/tables/dscl",
+ "title": "dscl",
+ "htmlId": "table--dscl--54e7060384",
+ "evented": false,
+ "platforms": [
+ "darwin"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "dscl",
+ "command",
+ "key",
+ "path",
+ "value"
+ ],
+ "sectionRelativeRepoPath": "dscl",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/dscl.yml"
+ },
+ {
+ "url": "/tables/ec2_instance_metadata",
+ "title": "ec2_instance_metadata",
+ "htmlId": "table--ec2instancemetadata--8b1828d8f6",
+ "evented": false,
+ "platforms": [
+ "darwin",
+ "linux",
+ "windows"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "ec2_instance_metadata",
+ "account_id",
+ "ami_id",
+ "architecture",
+ "availability_zone",
+ "iam_arn",
+ "instance_id",
+ "instance_type",
+ "local_hostname",
+ "local_ipv4",
+ "mac",
+ "region",
+ "reservation_id",
+ "security_groups",
+ "ssh_public_key"
+ ],
+ "sectionRelativeRepoPath": "ec2_instance_metadata",
+ "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fec2_instance_metadata.yml&value=name%3A%20ec2_instance_metadata%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table."
+ },
+ {
+ "url": "/tables/ec2_instance_tags",
+ "title": "ec2_instance_tags",
+ "htmlId": "table--ec2instancetags--450384158f",
+ "evented": false,
+ "platforms": [
+ "darwin",
+ "linux",
+ "windows"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "ec2_instance_tags",
+ "instance_id",
+ "key",
+ "value"
+ ],
+ "sectionRelativeRepoPath": "ec2_instance_tags",
+ "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fec2_instance_tags.yml&value=name%3A%20ec2_instance_tags%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table."
+ },
+ {
+ "url": "/tables/es_process_events",
+ "title": "es_process_events",
+ "htmlId": "table--esprocessevents--d79d694750",
+ "evented": true,
+ "platforms": [
+ "darwin"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "es_process_events",
+ "cdhash",
+ "child_pid",
+ "cmdline",
+ "cmdline_count",
+ "codesigning_flags",
+ "cwd",
+ "egid",
+ "eid",
+ "env",
+ "env_count",
+ "euid",
+ "event_type",
+ "exit_code",
+ "gid",
+ "global_seq_num",
+ "original_parent",
+ "parent",
+ "path",
+ "pid",
+ "platform_binary",
+ "seq_num",
+ "signing_id",
+ "team_id",
+ "time",
+ "uid",
+ "username",
+ "version"
+ ],
+ "sectionRelativeRepoPath": "es_process_events",
+ "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fes_process_events.yml&value=name%3A%20es_process_events%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table."
+ },
+ {
+ "url": "/tables/es_process_file_events",
+ "title": "es_process_file_events",
+ "htmlId": "table--esprocessfileevents--e28968a0e8",
+ "evented": true,
+ "platforms": [
+ "darwin"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "es_process_file_events",
+ "dest_filename",
+ "eid",
+ "event_type",
+ "filename",
+ "global_seq_num",
+ "parent",
+ "path",
+ "pid",
+ "seq_num",
+ "time",
+ "version"
+ ],
+ "sectionRelativeRepoPath": "es_process_file_events",
+ "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fes_process_file_events.yml&value=name%3A%20es_process_file_events%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table."
+ },
+ {
+ "url": "/tables/etc_hosts",
+ "title": "etc_hosts",
+ "htmlId": "table--etchosts--a56205b3f9",
+ "evented": false,
+ "platforms": [
+ "darwin",
+ "linux",
+ "windows"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "etc_hosts",
+ "address",
+ "hostnames",
+ "pid_with_namespace"
+ ],
+ "sectionRelativeRepoPath": "etc_hosts",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/etc_hosts.yml"
+ },
+ {
+ "url": "/tables/etc_protocols",
+ "title": "etc_protocols",
+ "htmlId": "table--etcprotocols--b5ffb257d1",
+ "evented": false,
+ "platforms": [
+ "darwin",
+ "linux",
+ "windows"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "etc_protocols",
+ "alias",
+ "comment",
+ "name",
+ "number"
+ ],
+ "sectionRelativeRepoPath": "etc_protocols",
+ "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fetc_protocols.yml&value=name%3A%20etc_protocols%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table."
+ },
+ {
+ "url": "/tables/etc_services",
+ "title": "etc_services",
+ "htmlId": "table--etcservices--454572c18c",
+ "evented": false,
+ "platforms": [
+ "darwin",
+ "linux",
+ "windows"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "etc_services",
+ "aliases",
+ "comment",
+ "name",
+ "port",
+ "protocol"
+ ],
+ "sectionRelativeRepoPath": "etc_services",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/etc_services.yml"
+ },
+ {
+ "url": "/tables/event_taps",
+ "title": "event_taps",
+ "htmlId": "table--eventtaps--b2afde9ecc",
+ "evented": false,
+ "platforms": [
+ "darwin"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "event_taps",
+ "enabled",
+ "event_tap_id",
+ "event_tapped",
+ "process_being_tapped",
+ "tapping_process"
+ ],
+ "sectionRelativeRepoPath": "event_taps",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/event_taps.yml"
+ },
+ {
+ "url": "/tables/extended_attributes",
+ "title": "extended_attributes",
+ "htmlId": "table--extendedattributes--9dea030217",
+ "evented": false,
+ "platforms": [
+ "darwin",
+ "linux"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "extended_attributes",
+ "base64",
+ "directory",
+ "key",
+ "path",
+ "value"
+ ],
+ "sectionRelativeRepoPath": "extended_attributes",
+ "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fextended_attributes.yml&value=name%3A%20extended_attributes%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table."
+ },
+ {
+ "url": "/tables/falcon_kernel_check",
+ "title": "falcon_kernel_check",
+ "htmlId": "table--falconkernelcheck--5479232641",
+ "evented": false,
+ "platforms": [
+ "linux"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "falcon_kernel_check",
+ "kernel",
+ "sensor_version",
+ "supported"
+ ],
+ "sectionRelativeRepoPath": "falcon_kernel_check",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/falcon_kernel_check.yml"
+ },
+ {
+ "url": "/tables/falconctl_options",
+ "title": "falconctl_options",
+ "htmlId": "table--falconctloptions--7106491b65",
+ "evented": false,
+ "platforms": [
+ "linux"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "falconctl_options",
+ "options"
+ ],
+ "sectionRelativeRepoPath": "falconctl_options",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/falconctl_options.yml"
+ },
+ {
+ "url": "/tables/fan_speed_sensors",
+ "title": "fan_speed_sensors",
+ "htmlId": "table--fanspeedsensors--32417c8bf6",
+ "evented": false,
+ "platforms": [
+ "darwin"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "fan_speed_sensors",
+ "actual",
+ "fan",
+ "max",
+ "min",
+ "name",
+ "target"
+ ],
+ "sectionRelativeRepoPath": "fan_speed_sensors",
+ "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Ffan_speed_sensors.yml&value=name%3A%20fan_speed_sensors%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table."
+ },
+ {
+ "url": "/tables/file",
+ "title": "file",
+ "htmlId": "table--file--5f21761417",
+ "evented": false,
+ "platforms": [
+ "darwin",
+ "linux",
+ "windows"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "file",
+ "atime",
+ "attributes",
+ "block_size",
+ "bsd_flags",
+ "btime",
+ "ctime",
+ "device",
+ "directory",
+ "file_id",
+ "file_version",
+ "filename",
+ "gid",
+ "hard_links",
+ "inode",
+ "mode",
+ "mount_namespace_id",
+ "mtime",
+ "original_filename",
+ "path",
+ "pid_with_namespace",
+ "product_version",
+ "shortcut_comment",
+ "shortcut_run",
+ "shortcut_start_in",
+ "shortcut_target_location",
+ "shortcut_target_path",
+ "shortcut_target_type",
+ "size",
+ "symlink",
+ "type",
+ "uid",
+ "volume_serial"
+ ],
+ "sectionRelativeRepoPath": "file",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/file.yml"
+ },
+ {
+ "url": "/tables/file_events",
+ "title": "file_events",
+ "htmlId": "table--fileevents--7d5b0a2d3e",
+ "evented": true,
+ "platforms": [
+ "darwin",
+ "linux"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "file_events",
+ "action",
+ "atime",
+ "category",
+ "ctime",
+ "eid",
+ "gid",
+ "hashed",
+ "inode",
+ "md5",
+ "mode",
+ "mtime",
+ "sha1",
+ "sha256",
+ "size",
+ "target_path",
+ "time",
+ "transaction_id",
+ "uid"
+ ],
+ "sectionRelativeRepoPath": "file_events",
+ "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Ffile_events.yml&value=name%3A%20file_events%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table."
+ },
+ {
+ "url": "/tables/file_lines",
+ "title": "file_lines",
+ "htmlId": "table--filelines--66f7e5497f",
+ "evented": false,
+ "platforms": [
+ "darwin",
+ "windows",
+ "linux"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "file_lines",
+ "line",
+ "path"
+ ],
+ "sectionRelativeRepoPath": "file_lines",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/file_lines.yml"
+ },
+ {
+ "url": "/tables/filevault_prk",
+ "title": "filevault_prk",
+ "htmlId": "table--filevaultprk--4327326014",
+ "evented": false,
+ "platforms": [
+ "darwin"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "filevault_prk",
+ "base64_encrypted"
+ ],
+ "sectionRelativeRepoPath": "filevault_prk",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/filevault_prk.yml"
+ },
+ {
+ "url": "/tables/filevault_status",
+ "title": "filevault_status",
+ "htmlId": "table--filevaultstatus--808666eddb",
+ "evented": false,
+ "platforms": [
+ "darwin"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "filevault_status",
+ "status"
+ ],
+ "sectionRelativeRepoPath": "filevault_status",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/filevault_status.yml"
+ },
+ {
+ "url": "/tables/filevault_users",
+ "title": "filevault_users",
+ "htmlId": "table--filevaultusers--283a958213",
+ "evented": false,
+ "platforms": [
+ "darwin"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "filevault_users",
+ "username",
+ "uuid"
+ ],
+ "sectionRelativeRepoPath": "filevault_users",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/filevault_users.yml"
+ },
+ {
+ "url": "/tables/find_cmd",
+ "title": "find_cmd",
+ "htmlId": "table--findcmd--6d09c7cd5f",
+ "evented": false,
+ "platforms": [
+ "darwin"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "find_cmd",
+ "directory",
+ "path",
+ "perm",
+ "type"
+ ],
+ "sectionRelativeRepoPath": "find_cmd",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/find_cmd.yml"
+ },
+ {
+ "url": "/tables/firefox_addons",
+ "title": "firefox_addons",
+ "htmlId": "table--firefoxaddons--9eabc39fea",
+ "evented": false,
+ "platforms": [
+ "darwin",
+ "linux",
+ "windows"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "firefox_addons",
+ "active",
+ "autoupdate",
+ "creator",
+ "description",
+ "disabled",
+ "identifier",
+ "location",
+ "name",
+ "path",
+ "source_url",
+ "type",
+ "uid",
+ "version",
+ "visible"
+ ],
+ "sectionRelativeRepoPath": "firefox_addons",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/firefox_addons.yml"
+ },
+ {
+ "url": "/tables/firefox_preferences",
+ "title": "firefox_preferences",
+ "htmlId": "table--firefoxpreferences--2366a56fa1",
+ "evented": false,
+ "platforms": [
+ "darwin"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "firefox_preferences",
+ "fullkey",
+ "key",
+ "parent",
+ "path",
+ "query",
+ "value"
+ ],
+ "sectionRelativeRepoPath": "firefox_preferences",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/firefox_preferences.yml"
+ },
+ {
+ "url": "/tables/firmware_eficheck_integrity_check",
+ "title": "firmware_eficheck_integrity_check",
+ "htmlId": "table--firmwareeficheckintegritycheck--88da320790",
+ "evented": false,
+ "platforms": [
+ "darwin"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "firmware_eficheck_integrity_check",
+ "chip",
+ "output"
+ ],
+ "sectionRelativeRepoPath": "firmware_eficheck_integrity_check",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/firmware_eficheck_integrity_check.yml"
+ },
+ {
+ "url": "/tables/firmwarepasswd",
+ "title": "firmwarepasswd",
+ "htmlId": "table--firmwarepasswd--34c47d2dc2",
+ "evented": false,
+ "platforms": [
+ "darwin"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "firmwarepasswd",
+ "mode",
+ "option_roms_allowed",
+ "password_enabled"
+ ],
+ "sectionRelativeRepoPath": "firmwarepasswd",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/firmwarepasswd.yml"
+ },
+ {
+ "url": "/tables/fleetd_logs",
+ "title": "fleetd_logs",
+ "htmlId": "table--fleetdlogs--04f95fb2e5",
+ "evented": false,
+ "platforms": [
+ "darwin",
+ "windows",
+ "linux"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "fleetd_logs",
+ "error",
+ "level",
+ "message",
+ "payload",
+ "time"
+ ],
+ "sectionRelativeRepoPath": "fleetd_logs",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/fleetd_logs.yml"
+ },
+ {
+ "url": "/tables/gatekeeper",
+ "title": "gatekeeper",
+ "htmlId": "table--gatekeeper--c48826d081",
+ "evented": false,
+ "platforms": [
+ "darwin"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "gatekeeper",
+ "assessments_enabled",
+ "dev_id_enabled",
+ "opaque_version",
+ "version"
+ ],
+ "sectionRelativeRepoPath": "gatekeeper",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/gatekeeper.yml"
+ },
+ {
+ "url": "/tables/gatekeeper_approved_apps",
+ "title": "gatekeeper_approved_apps",
+ "htmlId": "table--gatekeeperapprovedapps--ccb2041adc",
+ "evented": false,
+ "platforms": [
+ "darwin"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "gatekeeper_approved_apps",
+ "ctime",
+ "mtime",
+ "path",
+ "requirement"
+ ],
+ "sectionRelativeRepoPath": "gatekeeper_approved_apps",
+ "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fgatekeeper_approved_apps.yml&value=name%3A%20gatekeeper_approved_apps%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table."
+ },
+ {
+ "url": "/tables/geolocation",
+ "title": "geolocation",
+ "htmlId": "table--geolocation--0338bc3ba9",
+ "evented": false,
+ "platforms": [
+ "chrome"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "geolocation",
+ "city",
+ "country",
+ "ip",
+ "region"
+ ],
+ "sectionRelativeRepoPath": "geolocation",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/geolocation.yml"
+ },
+ {
+ "url": "/tables/google_chrome_profiles",
+ "title": "google_chrome_profiles",
+ "htmlId": "table--googlechromeprofiles--bc22157648",
+ "evented": false,
+ "platforms": [
+ "darwin",
+ "windows",
+ "linux"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "google_chrome_profiles",
+ "email",
+ "ephemeral",
+ "name",
+ "username"
+ ],
+ "sectionRelativeRepoPath": "google_chrome_profiles",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/google_chrome_profiles.yml"
+ },
+ {
+ "url": "/tables/groups",
+ "title": "groups",
+ "htmlId": "table--groups--05fec1d6ce",
+ "evented": false,
+ "platforms": [
+ "darwin",
+ "linux",
+ "windows"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "groups",
+ "comment",
+ "gid",
+ "gid_signed",
+ "group_sid",
+ "groupname",
+ "is_hidden",
+ "pid_with_namespace"
+ ],
+ "sectionRelativeRepoPath": "groups",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/groups.yml"
+ },
+ {
+ "url": "/tables/hardware_events",
+ "title": "hardware_events",
+ "htmlId": "table--hardwareevents--f7cce3883a",
+ "evented": true,
+ "platforms": [
+ "darwin",
+ "linux"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "hardware_events",
+ "action",
+ "driver",
+ "eid",
+ "model",
+ "model_id",
+ "path",
+ "revision",
+ "serial",
+ "time",
+ "type",
+ "vendor",
+ "vendor_id"
+ ],
+ "sectionRelativeRepoPath": "hardware_events",
+ "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fhardware_events.yml&value=name%3A%20hardware_events%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table."
+ },
+ {
+ "url": "/tables/hash",
+ "title": "hash",
+ "htmlId": "table--hash--c08ce91512",
+ "evented": false,
+ "platforms": [
+ "darwin",
+ "linux",
+ "windows"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "hash",
+ "directory",
+ "md5",
+ "mount_namespace_id",
+ "path",
+ "pid_with_namespace",
+ "sha1",
+ "sha256"
+ ],
+ "sectionRelativeRepoPath": "hash",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/hash.yml"
+ },
+ {
+ "url": "/tables/homebrew_packages",
+ "title": "homebrew_packages",
+ "htmlId": "table--homebrewpackages--9c26173ba7",
+ "evented": false,
+ "platforms": [
+ "darwin"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "homebrew_packages",
+ "name",
+ "path",
+ "prefix",
+ "type",
+ "version"
+ ],
+ "sectionRelativeRepoPath": "homebrew_packages",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/homebrew_packages.yml"
+ },
+ {
+ "url": "/tables/hvci_status",
+ "title": "hvci_status",
+ "htmlId": "table--hvcistatus--46a3ee08e5",
+ "evented": false,
+ "platforms": [
+ "windows"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "hvci_status",
+ "code_integrity_policy_enforcement_status",
+ "instance_identifier",
+ "umci_policy_status",
+ "vbs_status",
+ "version"
+ ],
+ "sectionRelativeRepoPath": "hvci_status",
+ "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fhvci_status.yml&value=name%3A%20hvci_status%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table."
+ },
+ {
+ "url": "/tables/ibridge_info",
+ "title": "ibridge_info",
+ "htmlId": "table--ibridgeinfo--38f5f5d7eb",
+ "evented": false,
+ "platforms": [
+ "darwin"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "ibridge_info",
+ "boot_uuid",
+ "coprocessor_version",
+ "firmware_version",
+ "unique_chip_id"
+ ],
+ "sectionRelativeRepoPath": "ibridge_info",
+ "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fibridge_info.yml&value=name%3A%20ibridge_info%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table."
+ },
+ {
+ "url": "/tables/icloud_private_relay",
+ "title": "icloud_private_relay",
+ "htmlId": "table--icloudprivaterelay--7cbb9c575c",
+ "evented": false,
+ "platforms": [
+ "darwin"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "icloud_private_relay",
+ "status"
+ ],
+ "sectionRelativeRepoPath": "icloud_private_relay",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/icloud_private_relay.yml"
+ },
+ {
+ "url": "/tables/ie_extensions",
+ "title": "ie_extensions",
+ "htmlId": "table--ieextensions--412b814817",
+ "evented": false,
+ "platforms": [
+ "windows"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "ie_extensions",
+ "name",
+ "path",
+ "registry_path",
+ "version"
+ ],
+ "sectionRelativeRepoPath": "ie_extensions",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/ie_extensions.yml"
+ },
+ {
+ "url": "/tables/intel_me_info",
+ "title": "intel_me_info",
+ "htmlId": "table--intelmeinfo--fd5eb9626f",
+ "evented": false,
+ "platforms": [
+ "linux",
+ "windows"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "intel_me_info",
+ "version"
+ ],
+ "sectionRelativeRepoPath": "intel_me_info",
+ "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fintel_me_info.yml&value=name%3A%20intel_me_info%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table."
+ },
+ {
+ "url": "/tables/interface_addresses",
+ "title": "interface_addresses",
+ "htmlId": "table--interfaceaddresses--4163068693",
+ "evented": false,
+ "platforms": [
+ "darwin",
+ "linux",
+ "windows"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "interface_addresses",
+ "address",
+ "broadcast",
+ "friendly_name",
+ "interface",
+ "mask",
+ "point_to_point",
+ "type"
+ ],
+ "sectionRelativeRepoPath": "interface_addresses",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/interface_addresses.yml"
+ },
+ {
+ "url": "/tables/interface_details",
+ "title": "interface_details",
+ "htmlId": "table--interfacedetails--c8234f77ad",
+ "evented": false,
+ "platforms": [
+ "darwin",
+ "linux",
+ "windows"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "interface_details",
+ "collisions",
+ "connection_id",
+ "connection_status",
+ "description",
+ "dhcp_enabled",
+ "dhcp_lease_expires",
+ "dhcp_lease_obtained",
+ "dhcp_server",
+ "dns_domain",
+ "dns_domain_suffix_search_order",
+ "dns_host_name",
+ "dns_server_search_order",
+ "enabled",
+ "flags",
+ "friendly_name",
+ "ibytes",
+ "idrops",
+ "ierrors",
+ "interface",
+ "ipackets",
+ "last_change",
+ "link_speed",
+ "mac",
+ "manufacturer",
+ "metric",
+ "mtu",
+ "obytes",
+ "odrops",
+ "oerrors",
+ "opackets",
+ "pci_slot",
+ "physical_adapter",
+ "service",
+ "speed",
+ "type"
+ ],
+ "sectionRelativeRepoPath": "interface_details",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/interface_details.yml"
+ },
+ {
+ "url": "/tables/interface_ipv6",
+ "title": "interface_ipv6",
+ "htmlId": "table--interfaceipv6--48a78776ae",
+ "evented": false,
+ "platforms": [
+ "darwin",
+ "linux"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "interface_ipv6",
+ "forwarding_enabled",
+ "hop_limit",
+ "interface",
+ "redirect_accept",
+ "rtadv_accept"
+ ],
+ "sectionRelativeRepoPath": "interface_ipv6",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/interface_ipv6.yml"
+ },
+ {
+ "url": "/tables/iokit_devicetree",
+ "title": "iokit_devicetree",
+ "htmlId": "table--iokitdevicetree--475d23de81",
+ "evented": false,
+ "platforms": [
+ "darwin"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "iokit_devicetree",
+ "busy_state",
+ "class",
+ "depth",
+ "device_path",
+ "id",
+ "name",
+ "parent",
+ "retain_count",
+ "service"
+ ],
+ "sectionRelativeRepoPath": "iokit_devicetree",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/iokit_devicetree.yml"
+ },
+ {
+ "url": "/tables/iokit_registry",
+ "title": "iokit_registry",
+ "htmlId": "table--iokitregistry--213523c85d",
+ "evented": false,
+ "platforms": [
+ "darwin"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "iokit_registry",
+ "busy_state",
+ "class",
+ "depth",
+ "id",
+ "name",
+ "parent",
+ "retain_count"
+ ],
+ "sectionRelativeRepoPath": "iokit_registry",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/iokit_registry.yml"
+ },
+ {
+ "url": "/tables/ioreg",
+ "title": "ioreg",
+ "htmlId": "table--ioreg--64934c5b2c",
+ "evented": false,
+ "platforms": [
+ "darwin"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "ioreg",
+ "c",
+ "d",
+ "fullkey",
+ "k",
+ "key",
+ "n",
+ "p",
+ "parent",
+ "query",
+ "r",
+ "value"
+ ],
+ "sectionRelativeRepoPath": "ioreg",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/ioreg.yml"
+ },
+ {
+ "url": "/tables/iptables",
+ "title": "iptables",
+ "htmlId": "table--iptables--73fe23ccfd",
+ "evented": false,
+ "platforms": [
+ "linux"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "iptables",
+ "bytes",
+ "chain",
+ "dst_ip",
+ "dst_mask",
+ "dst_port",
+ "filter_name",
+ "iniface",
+ "iniface_mask",
+ "match",
+ "outiface",
+ "outiface_mask",
+ "packets",
+ "policy",
+ "protocol",
+ "src_ip",
+ "src_mask",
+ "src_port",
+ "target"
+ ],
+ "sectionRelativeRepoPath": "iptables",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/iptables.yml"
+ },
+ {
+ "url": "/tables/kernel_extensions",
+ "title": "kernel_extensions",
+ "htmlId": "table--kernelextensions--015ed33cfc",
+ "evented": false,
+ "platforms": [
+ "darwin"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "kernel_extensions",
+ "idx",
+ "linked_against",
+ "name",
+ "path",
+ "refs",
+ "size",
+ "version"
+ ],
+ "sectionRelativeRepoPath": "kernel_extensions",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/kernel_extensions.yml"
+ },
+ {
+ "url": "/tables/kernel_info",
+ "title": "kernel_info",
+ "htmlId": "table--kernelinfo--e02ab4d886",
+ "evented": false,
+ "platforms": [
+ "darwin",
+ "linux",
+ "windows"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "kernel_info",
+ "arguments",
+ "device",
+ "path",
+ "version"
+ ],
+ "sectionRelativeRepoPath": "kernel_info",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/kernel_info.yml"
+ },
+ {
+ "url": "/tables/kernel_keys",
+ "title": "kernel_keys",
+ "htmlId": "table--kernelkeys--c3a84244c8",
+ "evented": false,
+ "platforms": [
+ "linux"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "kernel_keys",
+ "description",
+ "flags",
+ "gid",
+ "permissions",
+ "serial_number",
+ "timeout",
+ "type",
+ "uid",
+ "usage"
+ ],
+ "sectionRelativeRepoPath": "kernel_keys",
+ "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fkernel_keys.yml&value=name%3A%20kernel_keys%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table."
+ },
+ {
+ "url": "/tables/kernel_modules",
+ "title": "kernel_modules",
+ "htmlId": "table--kernelmodules--c9051ad100",
+ "evented": false,
+ "platforms": [
+ "linux"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "kernel_modules",
+ "address",
+ "name",
+ "size",
+ "status",
+ "used_by"
+ ],
+ "sectionRelativeRepoPath": "kernel_modules",
+ "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fkernel_modules.yml&value=name%3A%20kernel_modules%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table."
+ },
+ {
+ "url": "/tables/kernel_panics",
+ "title": "kernel_panics",
+ "htmlId": "table--kernelpanics--c6cb2cce6e",
+ "evented": false,
+ "platforms": [
+ "darwin"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "kernel_panics",
+ "dependencies",
+ "frame_backtrace",
+ "kernel_version",
+ "last_loaded",
+ "last_unloaded",
+ "module_backtrace",
+ "name",
+ "os_version",
+ "path",
+ "registers",
+ "system_model",
+ "time",
+ "uptime"
+ ],
+ "sectionRelativeRepoPath": "kernel_panics",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/kernel_panics.yml"
+ },
+ {
+ "url": "/tables/keychain_acls",
+ "title": "keychain_acls",
+ "htmlId": "table--keychainacls--e46564a1f0",
+ "evented": false,
+ "platforms": [
+ "darwin"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "keychain_acls",
+ "authorizations",
+ "description",
+ "keychain_path",
+ "label",
+ "path"
+ ],
+ "sectionRelativeRepoPath": "keychain_acls",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/keychain_acls.yml"
+ },
+ {
+ "url": "/tables/keychain_items",
+ "title": "keychain_items",
+ "htmlId": "table--keychainitems--ceb19aa966",
+ "evented": false,
+ "platforms": [
+ "darwin"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "keychain_items",
+ "account",
+ "comment",
+ "created",
+ "description",
+ "label",
+ "modified",
+ "path",
+ "pk_hash",
+ "type"
+ ],
+ "sectionRelativeRepoPath": "keychain_items",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/keychain_items.yml"
+ },
+ {
+ "url": "/tables/known_hosts",
+ "title": "known_hosts",
+ "htmlId": "table--knownhosts--2c508bc3c8",
+ "evented": false,
+ "platforms": [
+ "darwin",
+ "linux"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "known_hosts",
+ "key",
+ "key_file",
+ "uid"
+ ],
+ "sectionRelativeRepoPath": "known_hosts",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/known_hosts.yml"
+ },
+ {
+ "url": "/tables/kva_speculative_info",
+ "title": "kva_speculative_info",
+ "htmlId": "table--kvaspeculativeinfo--aa9ff39cc2",
+ "evented": false,
+ "platforms": [
+ "windows"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "kva_speculative_info",
+ "bp_microcode_disabled",
+ "bp_mitigations",
+ "bp_system_pol_disabled",
+ "cpu_pred_cmd_supported",
+ "cpu_spec_ctrl_supported",
+ "ibrs_support_enabled",
+ "kva_shadow_enabled",
+ "kva_shadow_inv_pcid",
+ "kva_shadow_pcid",
+ "kva_shadow_user_global",
+ "stibp_support_enabled"
+ ],
+ "sectionRelativeRepoPath": "kva_speculative_info",
+ "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fkva_speculative_info.yml&value=name%3A%20kva_speculative_info%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table."
+ },
+ {
+ "url": "/tables/last",
+ "title": "last",
+ "htmlId": "table--last--81b773b51e",
+ "evented": false,
+ "platforms": [
+ "darwin",
+ "linux"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "last",
+ "host",
+ "pid",
+ "time",
+ "tty",
+ "type",
+ "type_name",
+ "username"
+ ],
+ "sectionRelativeRepoPath": "last",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/last.yml"
+ },
+ {
+ "url": "/tables/launchd",
+ "title": "launchd",
+ "htmlId": "table--launchd--e309e31831",
+ "evented": false,
+ "platforms": [
+ "darwin"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "launchd",
+ "disabled",
+ "groupname",
+ "inetd_compatibility",
+ "keep_alive",
+ "label",
+ "name",
+ "on_demand",
+ "path",
+ "process_type",
+ "program",
+ "program_arguments",
+ "queue_directories",
+ "root_directory",
+ "run_at_load",
+ "start_interval",
+ "start_on_mount",
+ "stderr_path",
+ "stdout_path",
+ "username",
+ "watch_paths",
+ "working_directory"
+ ],
+ "sectionRelativeRepoPath": "launchd",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/launchd.yml"
+ },
+ {
+ "url": "/tables/launchd_overrides",
+ "title": "launchd_overrides",
+ "htmlId": "table--launchdoverrides--89410cb367",
+ "evented": false,
+ "platforms": [
+ "darwin"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "launchd_overrides",
+ "key",
+ "label",
+ "path",
+ "uid",
+ "value"
+ ],
+ "sectionRelativeRepoPath": "launchd_overrides",
+ "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Flaunchd_overrides.yml&value=name%3A%20launchd_overrides%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table."
+ },
+ {
+ "url": "/tables/listening_ports",
+ "title": "listening_ports",
+ "htmlId": "table--listeningports--de6bf76ec3",
+ "evented": false,
+ "platforms": [
+ "darwin",
+ "linux",
+ "windows"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "listening_ports",
+ "address",
+ "family",
+ "fd",
+ "net_namespace",
+ "path",
+ "pid",
+ "port",
+ "protocol",
+ "socket"
+ ],
+ "sectionRelativeRepoPath": "listening_ports",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/listening_ports.yml"
+ },
+ {
+ "url": "/tables/load_average",
+ "title": "load_average",
+ "htmlId": "table--loadaverage--f5f080e140",
+ "evented": false,
+ "platforms": [
+ "darwin",
+ "linux"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "load_average",
+ "average",
+ "period"
+ ],
+ "sectionRelativeRepoPath": "load_average",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/load_average.yml"
+ },
+ {
+ "url": "/tables/location_services",
+ "title": "location_services",
+ "htmlId": "table--locationservices--f22473f4be",
+ "evented": false,
+ "platforms": [
+ "darwin"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "location_services",
+ "enabled"
+ ],
+ "sectionRelativeRepoPath": "location_services",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/location_services.yml"
+ },
+ {
+ "url": "/tables/logged_in_users",
+ "title": "logged_in_users",
+ "htmlId": "table--loggedinusers--bd140b0e93",
+ "evented": false,
+ "platforms": [
+ "darwin",
+ "linux",
+ "windows"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "logged_in_users",
+ "host",
+ "pid",
+ "registry_hive",
+ "sid",
+ "time",
+ "tty",
+ "type",
+ "user"
+ ],
+ "sectionRelativeRepoPath": "logged_in_users",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/logged_in_users.yml"
+ },
+ {
+ "url": "/tables/logical_drives",
+ "title": "logical_drives",
+ "htmlId": "table--logicaldrives--e69b777f6c",
+ "evented": false,
+ "platforms": [
+ "windows"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "logical_drives",
+ "boot_partition",
+ "description",
+ "device_id",
+ "file_system",
+ "free_space",
+ "size",
+ "type"
+ ],
+ "sectionRelativeRepoPath": "logical_drives",
+ "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Flogical_drives.yml&value=name%3A%20logical_drives%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table."
+ },
+ {
+ "url": "/tables/logon_sessions",
+ "title": "logon_sessions",
+ "htmlId": "table--logonsessions--54d10b59e8",
+ "evented": false,
+ "platforms": [
+ "windows"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "logon_sessions",
+ "authentication_package",
+ "dns_domain_name",
+ "home_directory",
+ "home_directory_drive",
+ "logon_domain",
+ "logon_id",
+ "logon_script",
+ "logon_server",
+ "logon_sid",
+ "logon_time",
+ "logon_type",
+ "profile_path",
+ "session_id",
+ "upn",
+ "user"
+ ],
+ "sectionRelativeRepoPath": "logon_sessions",
+ "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Flogon_sessions.yml&value=name%3A%20logon_sessions%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table."
+ },
+ {
+ "url": "/tables/lxd_certificates",
+ "title": "lxd_certificates",
+ "htmlId": "table--lxdcertificates--06e045fa14",
+ "evented": false,
+ "platforms": [
+ "linux"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "lxd_certificates",
+ "certificate",
+ "fingerprint",
+ "name",
+ "type"
+ ],
+ "sectionRelativeRepoPath": "lxd_certificates",
+ "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Flxd_certificates.yml&value=name%3A%20lxd_certificates%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table."
+ },
+ {
+ "url": "/tables/lxd_cluster",
+ "title": "lxd_cluster",
+ "htmlId": "table--lxdcluster--a8491b6203",
+ "evented": false,
+ "platforms": [
+ "linux"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "lxd_cluster",
+ "enabled",
+ "member_config_description",
+ "member_config_entity",
+ "member_config_key",
+ "member_config_name",
+ "member_config_value",
+ "server_name"
+ ],
+ "sectionRelativeRepoPath": "lxd_cluster",
+ "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Flxd_cluster.yml&value=name%3A%20lxd_cluster%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table."
+ },
+ {
+ "url": "/tables/lxd_cluster_members",
+ "title": "lxd_cluster_members",
+ "htmlId": "table--lxdclustermembers--7d6e6837d2",
+ "evented": false,
+ "platforms": [
+ "linux"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "lxd_cluster_members",
+ "database",
+ "message",
+ "server_name",
+ "status",
+ "url"
+ ],
+ "sectionRelativeRepoPath": "lxd_cluster_members",
+ "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Flxd_cluster_members.yml&value=name%3A%20lxd_cluster_members%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table."
+ },
+ {
+ "url": "/tables/lxd_images",
+ "title": "lxd_images",
+ "htmlId": "table--lxdimages--55db6fdd97",
+ "evented": false,
+ "platforms": [
+ "linux"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "lxd_images",
+ "aliases",
+ "architecture",
+ "auto_update",
+ "cached",
+ "created_at",
+ "description",
+ "expires_at",
+ "filename",
+ "id",
+ "last_used_at",
+ "os",
+ "public",
+ "release",
+ "size",
+ "update_source_alias",
+ "update_source_certificate",
+ "update_source_protocol",
+ "update_source_server",
+ "uploaded_at"
+ ],
+ "sectionRelativeRepoPath": "lxd_images",
+ "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Flxd_images.yml&value=name%3A%20lxd_images%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table."
+ },
+ {
+ "url": "/tables/lxd_instance_config",
+ "title": "lxd_instance_config",
+ "htmlId": "table--lxdinstanceconfig--54469816ca",
+ "evented": false,
+ "platforms": [
+ "linux"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "lxd_instance_config",
+ "key",
+ "name",
+ "value"
+ ],
+ "sectionRelativeRepoPath": "lxd_instance_config",
+ "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Flxd_instance_config.yml&value=name%3A%20lxd_instance_config%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table."
+ },
+ {
+ "url": "/tables/lxd_instance_devices",
+ "title": "lxd_instance_devices",
+ "htmlId": "table--lxdinstancedevices--f28caba867",
+ "evented": false,
+ "platforms": [
+ "linux"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "lxd_instance_devices",
+ "device",
+ "device_type",
+ "key",
+ "name",
+ "value"
+ ],
+ "sectionRelativeRepoPath": "lxd_instance_devices",
+ "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Flxd_instance_devices.yml&value=name%3A%20lxd_instance_devices%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table."
+ },
+ {
+ "url": "/tables/lxd_instances",
+ "title": "lxd_instances",
+ "htmlId": "table--lxdinstances--77d953ad3e",
+ "evented": false,
+ "platforms": [
+ "linux"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "lxd_instances",
+ "architecture",
+ "base_image",
+ "created_at",
+ "description",
+ "ephemeral",
+ "name",
+ "os",
+ "pid",
+ "processes",
+ "stateful",
+ "status"
+ ],
+ "sectionRelativeRepoPath": "lxd_instances",
+ "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Flxd_instances.yml&value=name%3A%20lxd_instances%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table."
+ },
+ {
+ "url": "/tables/lxd_networks",
+ "title": "lxd_networks",
+ "htmlId": "table--lxdnetworks--7dd5f10782",
+ "evented": false,
+ "platforms": [
+ "linux"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "lxd_networks",
+ "bytes_received",
+ "bytes_sent",
+ "hwaddr",
+ "ipv4_address",
+ "ipv6_address",
+ "managed",
+ "mtu",
+ "name",
+ "packets_received",
+ "packets_sent",
+ "state",
+ "type",
+ "used_by"
+ ],
+ "sectionRelativeRepoPath": "lxd_networks",
+ "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Flxd_networks.yml&value=name%3A%20lxd_networks%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table."
+ },
+ {
+ "url": "/tables/lxd_storage_pools",
+ "title": "lxd_storage_pools",
+ "htmlId": "table--lxdstoragepools--950b575e61",
+ "evented": false,
+ "platforms": [
+ "linux"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "lxd_storage_pools",
+ "driver",
+ "inodes_total",
+ "inodes_used",
+ "name",
+ "size",
+ "source",
+ "space_total",
+ "space_used"
+ ],
+ "sectionRelativeRepoPath": "lxd_storage_pools",
+ "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Flxd_storage_pools.yml&value=name%3A%20lxd_storage_pools%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table."
+ },
+ {
+ "url": "/tables/macadmins_unified_log",
+ "title": "macadmins_unified_log",
+ "htmlId": "table--macadminsunifiedlog--e036df9e57",
+ "evented": false,
+ "platforms": [
+ "darwin"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "macadmins_unified_log",
+ "activity_identifier",
+ "boot_uuid",
+ "category",
+ "event_message",
+ "event_type",
+ "format_string",
+ "log_level",
+ "parent_activity_identifier",
+ "process_id",
+ "process_image_path",
+ "sender_image_path",
+ "sender_image_uuid",
+ "sender_program_counter",
+ "subsystem",
+ "thread_id",
+ "timestamp",
+ "trace_id"
+ ],
+ "sectionRelativeRepoPath": "macadmins_unified_log",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/macadmins_unified_log.yml"
+ },
+ {
+ "url": "/tables/macos_profiles",
+ "title": "macos_profiles",
+ "htmlId": "table--macosprofiles--cae047dfff",
+ "evented": false,
+ "platforms": [
+ "darwin"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "macos_profiles",
+ "description",
+ "display_name",
+ "identifier",
+ "install_date",
+ "organization",
+ "type",
+ "uuid",
+ "verification_state"
+ ],
+ "sectionRelativeRepoPath": "macos_profiles",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/macos_profiles.yml"
+ },
+ {
+ "url": "/tables/macos_rsr",
+ "title": "macos_rsr",
+ "htmlId": "table--macosrsr--9c9ef590fd",
+ "evented": false,
+ "platforms": [
+ "darwin"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "macos_rsr",
+ "full_macos_version",
+ "macos_version",
+ "rsr_supported",
+ "rsr_version"
+ ],
+ "sectionRelativeRepoPath": "macos_rsr",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/macos_rsr.yml"
+ },
+ {
+ "url": "/tables/magic",
+ "title": "magic",
+ "htmlId": "table--magic--2b54571c80",
+ "evented": false,
+ "platforms": [
+ "darwin",
+ "linux"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "magic",
+ "data",
+ "magic_db_files",
+ "mime_encoding",
+ "mime_type",
+ "path"
+ ],
+ "sectionRelativeRepoPath": "magic",
+ "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fmagic.yml&value=name%3A%20magic%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table."
+ },
+ {
+ "url": "/tables/managed_policies",
+ "title": "managed_policies",
+ "htmlId": "table--managedpolicies--494a329dfb",
+ "evented": false,
+ "platforms": [
+ "darwin"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "managed_policies",
+ "domain",
+ "manual",
+ "name",
+ "username",
+ "uuid",
+ "value"
+ ],
+ "sectionRelativeRepoPath": "managed_policies",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/managed_policies.yml"
+ },
+ {
+ "url": "/tables/md_devices",
+ "title": "md_devices",
+ "htmlId": "table--mddevices--cc18ebf22a",
+ "evented": false,
+ "platforms": [
+ "linux"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "md_devices",
+ "active_disks",
+ "bitmap_chunk_size",
+ "bitmap_external_file",
+ "bitmap_on_mem",
+ "check_array_finish",
+ "check_array_progress",
+ "check_array_speed",
+ "chunk_size",
+ "device_name",
+ "failed_disks",
+ "nr_raid_disks",
+ "other",
+ "raid_disks",
+ "raid_level",
+ "recovery_finish",
+ "recovery_progress",
+ "recovery_speed",
+ "reshape_finish",
+ "reshape_progress",
+ "reshape_speed",
+ "resync_finish",
+ "resync_progress",
+ "resync_speed",
+ "size",
+ "spare_disks",
+ "status",
+ "superblock_state",
+ "superblock_update_time",
+ "superblock_version",
+ "unused_devices",
+ "working_disks"
+ ],
+ "sectionRelativeRepoPath": "md_devices",
+ "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fmd_devices.yml&value=name%3A%20md_devices%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table."
+ },
+ {
+ "url": "/tables/md_drives",
+ "title": "md_drives",
+ "htmlId": "table--mddrives--f529358f7d",
+ "evented": false,
+ "platforms": [
+ "linux"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "md_drives",
+ "drive_name",
+ "md_device_name",
+ "slot",
+ "state"
+ ],
+ "sectionRelativeRepoPath": "md_drives",
+ "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fmd_drives.yml&value=name%3A%20md_drives%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table."
+ },
+ {
+ "url": "/tables/md_personalities",
+ "title": "md_personalities",
+ "htmlId": "table--mdpersonalities--6234b42367",
+ "evented": false,
+ "platforms": [
+ "linux"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "md_personalities",
+ "name"
+ ],
+ "sectionRelativeRepoPath": "md_personalities",
+ "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fmd_personalities.yml&value=name%3A%20md_personalities%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table."
+ },
+ {
+ "url": "/tables/mdfind",
+ "title": "mdfind",
+ "htmlId": "table--mdfind--2061531fab",
+ "evented": false,
+ "platforms": [
+ "darwin"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "mdfind",
+ "path",
+ "query"
+ ],
+ "sectionRelativeRepoPath": "mdfind",
+ "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fmdfind.yml&value=name%3A%20mdfind%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table."
+ },
+ {
+ "url": "/tables/mdls",
+ "title": "mdls",
+ "htmlId": "table--mdls--8826cff54e",
+ "evented": false,
+ "platforms": [
+ "darwin"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "mdls",
+ "key",
+ "path",
+ "value",
+ "valuetype"
+ ],
+ "sectionRelativeRepoPath": "mdls",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/mdls.yml"
+ },
+ {
+ "url": "/tables/mdm",
+ "title": "mdm",
+ "htmlId": "table--mdm--4e74952c0b",
+ "evented": false,
+ "platforms": [
+ "darwin"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "mdm",
+ "access_rights",
+ "checkin_url",
+ "dep_capable",
+ "enrolled",
+ "has_scep_payload",
+ "identity_certificate_uuid",
+ "install_date",
+ "installed_from_dep",
+ "payload_identifier",
+ "server_url",
+ "sign_message",
+ "topic",
+ "user_approved"
+ ],
+ "sectionRelativeRepoPath": "mdm",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/mdm.yml"
+ },
+ {
+ "url": "/tables/mdm_bridge",
+ "title": "mdm_bridge",
+ "htmlId": "table--mdmbridge--6dff726888",
+ "evented": false,
+ "platforms": [
+ "windows"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "mdm_bridge",
+ "enrolled_user",
+ "enrollment_status",
+ "mdm_command_input",
+ "mdm_command_output",
+ "raw_mdm_command_output"
+ ],
+ "sectionRelativeRepoPath": "mdm_bridge",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/mdm_bridge.yml"
+ },
+ {
+ "url": "/tables/memory_array_mapped_addresses",
+ "title": "memory_array_mapped_addresses",
+ "htmlId": "table--memoryarraymappedaddresses--6f656395f7",
+ "evented": false,
+ "platforms": [
+ "darwin",
+ "linux"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "memory_array_mapped_addresses",
+ "ending_address",
+ "handle",
+ "memory_array_handle",
+ "partition_width",
+ "starting_address"
+ ],
+ "sectionRelativeRepoPath": "memory_array_mapped_addresses",
+ "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fmemory_array_mapped_addresses.yml&value=name%3A%20memory_array_mapped_addresses%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table."
+ },
+ {
+ "url": "/tables/memory_arrays",
+ "title": "memory_arrays",
+ "htmlId": "table--memoryarrays--abd1487b4b",
+ "evented": false,
+ "platforms": [
+ "darwin",
+ "linux"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "memory_arrays",
+ "handle",
+ "location",
+ "max_capacity",
+ "memory_error_correction",
+ "memory_error_info_handle",
+ "number_memory_devices",
+ "use"
+ ],
+ "sectionRelativeRepoPath": "memory_arrays",
+ "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fmemory_arrays.yml&value=name%3A%20memory_arrays%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table."
+ },
+ {
+ "url": "/tables/memory_device_mapped_addresses",
+ "title": "memory_device_mapped_addresses",
+ "htmlId": "table--memorydevicemappedaddresses--21aa4bee51",
+ "evented": false,
+ "platforms": [
+ "darwin",
+ "linux"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "memory_device_mapped_addresses",
+ "ending_address",
+ "handle",
+ "interleave_data_depth",
+ "interleave_position",
+ "memory_array_mapped_address_handle",
+ "memory_device_handle",
+ "partition_row_position",
+ "starting_address"
+ ],
+ "sectionRelativeRepoPath": "memory_device_mapped_addresses",
+ "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fmemory_device_mapped_addresses.yml&value=name%3A%20memory_device_mapped_addresses%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table."
+ },
+ {
+ "url": "/tables/memory_devices",
+ "title": "memory_devices",
+ "htmlId": "table--memorydevices--8e8226757f",
+ "evented": false,
+ "platforms": [
+ "darwin",
+ "linux",
+ "windows"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "memory_devices",
+ "array_handle",
+ "asset_tag",
+ "bank_locator",
+ "configured_clock_speed",
+ "configured_voltage",
+ "data_width",
+ "device_locator",
+ "form_factor",
+ "handle",
+ "manufacturer",
+ "max_speed",
+ "max_voltage",
+ "memory_type",
+ "memory_type_details",
+ "min_voltage",
+ "part_number",
+ "serial_number",
+ "set",
+ "size",
+ "total_width"
+ ],
+ "sectionRelativeRepoPath": "memory_devices",
+ "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fmemory_devices.yml&value=name%3A%20memory_devices%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table."
+ },
+ {
+ "url": "/tables/memory_error_info",
+ "title": "memory_error_info",
+ "htmlId": "table--memoryerrorinfo--0e04980533",
+ "evented": false,
+ "platforms": [
+ "darwin",
+ "linux"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "memory_error_info",
+ "device_error_address",
+ "error_granularity",
+ "error_operation",
+ "error_resolution",
+ "error_type",
+ "handle",
+ "memory_array_error_address",
+ "vendor_syndrome"
+ ],
+ "sectionRelativeRepoPath": "memory_error_info",
+ "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fmemory_error_info.yml&value=name%3A%20memory_error_info%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table."
+ },
+ {
+ "url": "/tables/memory_info",
+ "title": "memory_info",
+ "htmlId": "table--memoryinfo--84feac1e17",
+ "evented": false,
+ "platforms": [
+ "linux"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "memory_info",
+ "active",
+ "buffers",
+ "cached",
+ "inactive",
+ "memory_available",
+ "memory_free",
+ "memory_total",
+ "swap_cached",
+ "swap_free",
+ "swap_total"
+ ],
+ "sectionRelativeRepoPath": "memory_info",
+ "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fmemory_info.yml&value=name%3A%20memory_info%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table."
+ },
+ {
+ "url": "/tables/memory_map",
+ "title": "memory_map",
+ "htmlId": "table--memorymap--dbdfd30e2f",
+ "evented": false,
+ "platforms": [
+ "linux"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "memory_map",
+ "end",
+ "name",
+ "start"
+ ],
+ "sectionRelativeRepoPath": "memory_map",
+ "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fmemory_map.yml&value=name%3A%20memory_map%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table."
+ },
+ {
+ "url": "/tables/mounts",
+ "title": "mounts",
+ "htmlId": "table--mounts--9bd193b227",
+ "evented": false,
+ "platforms": [
+ "darwin",
+ "linux"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "mounts",
+ "blocks",
+ "blocks_available",
+ "blocks_free",
+ "blocks_size",
+ "device",
+ "device_alias",
+ "flags",
+ "inodes",
+ "inodes_free",
+ "path",
+ "type"
+ ],
+ "sectionRelativeRepoPath": "mounts",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/mounts.yml"
+ },
+ {
+ "url": "/tables/msr",
+ "title": "msr",
+ "htmlId": "table--msr--ff9484332b",
+ "evented": false,
+ "platforms": [
+ "linux"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "msr",
+ "feature_control",
+ "perf_ctl",
+ "perf_status",
+ "platform_info",
+ "processor_number",
+ "rapl_energy_status",
+ "rapl_power_limit",
+ "rapl_power_units",
+ "turbo_disabled",
+ "turbo_ratio_limit"
+ ],
+ "sectionRelativeRepoPath": "msr",
+ "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fmsr.yml&value=name%3A%20msr%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table."
+ },
+ {
+ "url": "/tables/munki_info",
+ "title": "munki_info",
+ "htmlId": "table--munkiinfo--2e4b112369",
+ "evented": false,
+ "platforms": [
+ "darwin"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "munki_info",
+ "console_user",
+ "end_time",
+ "errors",
+ "manifest_name",
+ "problem_installs",
+ "start_time",
+ "success",
+ "version",
+ "warnings"
+ ],
+ "sectionRelativeRepoPath": "munki_info",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/munki_info.yml"
+ },
+ {
+ "url": "/tables/munki_installs",
+ "title": "munki_installs",
+ "htmlId": "table--munkiinstalls--b403c42531",
+ "evented": false,
+ "platforms": [
+ "darwin"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "munki_installs",
+ "end_time",
+ "installed",
+ "installed_version",
+ "name"
+ ],
+ "sectionRelativeRepoPath": "munki_installs",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/munki_installs.yml"
+ },
+ {
+ "url": "/tables/network_interfaces",
+ "title": "network_interfaces",
+ "htmlId": "table--networkinterfaces--ea6f795816",
+ "evented": false,
+ "platforms": [
+ "chrome"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "network_interfaces",
+ "ipv4",
+ "ipv6",
+ "mac"
+ ],
+ "sectionRelativeRepoPath": "network_interfaces",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/network_interfaces.yml"
+ },
+ {
+ "url": "/tables/nfs_shares",
+ "title": "nfs_shares",
+ "htmlId": "table--nfsshares--b4f614d51e",
+ "evented": false,
+ "platforms": [
+ "darwin"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "nfs_shares",
+ "options",
+ "readonly",
+ "share"
+ ],
+ "sectionRelativeRepoPath": "nfs_shares",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/nfs_shares.yml"
+ },
+ {
+ "url": "/tables/npm_packages",
+ "title": "npm_packages",
+ "htmlId": "table--npmpackages--b2a26bbba0",
+ "evented": false,
+ "platforms": [
+ "darwin",
+ "linux",
+ "windows"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "npm_packages",
+ "author",
+ "description",
+ "directory",
+ "homepage",
+ "license",
+ "mount_namespace_id",
+ "name",
+ "path",
+ "pid_with_namespace",
+ "version"
+ ],
+ "sectionRelativeRepoPath": "npm_packages",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/npm_packages.yml"
+ },
+ {
+ "url": "/tables/ntdomains",
+ "title": "ntdomains",
+ "htmlId": "table--ntdomains--57ef982364",
+ "evented": false,
+ "platforms": [
+ "windows"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "ntdomains",
+ "client_site_name",
+ "dc_site_name",
+ "dns_forest_name",
+ "domain_controller_address",
+ "domain_controller_name",
+ "domain_name",
+ "name",
+ "status"
+ ],
+ "sectionRelativeRepoPath": "ntdomains",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/ntdomains.yml"
+ },
+ {
+ "url": "/tables/ntfs_acl_permissions",
+ "title": "ntfs_acl_permissions",
+ "htmlId": "table--ntfsaclpermissions--2d66c6c45e",
+ "evented": false,
+ "platforms": [
+ "windows"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "ntfs_acl_permissions",
+ "access",
+ "inherited_from",
+ "path",
+ "principal",
+ "type"
+ ],
+ "sectionRelativeRepoPath": "ntfs_acl_permissions",
+ "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fntfs_acl_permissions.yml&value=name%3A%20ntfs_acl_permissions%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table."
+ },
+ {
+ "url": "/tables/ntfs_journal_events",
+ "title": "ntfs_journal_events",
+ "htmlId": "table--ntfsjournalevents--2369d84275",
+ "evented": true,
+ "platforms": [
+ "windows"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "ntfs_journal_events",
+ "action",
+ "category",
+ "drive_letter",
+ "eid",
+ "file_attributes",
+ "node_ref_number",
+ "old_path",
+ "parent_ref_number",
+ "partial",
+ "path",
+ "record_timestamp",
+ "record_usn",
+ "time"
+ ],
+ "sectionRelativeRepoPath": "ntfs_journal_events",
+ "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fntfs_journal_events.yml&value=name%3A%20ntfs_journal_events%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table."
+ },
+ {
+ "url": "/tables/nvram",
+ "title": "nvram",
+ "htmlId": "table--nvram--450a99f968",
+ "evented": false,
+ "platforms": [
+ "darwin"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "nvram",
+ "name",
+ "type",
+ "value"
+ ],
+ "sectionRelativeRepoPath": "nvram",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/nvram.yml"
+ },
+ {
+ "url": "/tables/nvram_info",
+ "title": "nvram_info",
+ "htmlId": "table--nvraminfo--a99cb280af",
+ "evented": false,
+ "platforms": [
+ "darwin"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "nvram_info",
+ "amfi_enabled"
+ ],
+ "sectionRelativeRepoPath": "nvram_info",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/nvram_info.yml"
+ },
+ {
+ "url": "/tables/oem_strings",
+ "title": "oem_strings",
+ "htmlId": "table--oemstrings--89f170ddda",
+ "evented": false,
+ "platforms": [
+ "darwin",
+ "linux"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "oem_strings",
+ "handle",
+ "number",
+ "value"
+ ],
+ "sectionRelativeRepoPath": "oem_strings",
+ "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Foem_strings.yml&value=name%3A%20oem_strings%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table."
+ },
+ {
+ "url": "/tables/office_mru",
+ "title": "office_mru",
+ "htmlId": "table--officemru--11e1929c70",
+ "evented": false,
+ "platforms": [
+ "windows"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "office_mru",
+ "application",
+ "last_opened_time",
+ "path",
+ "sid",
+ "version"
+ ],
+ "sectionRelativeRepoPath": "office_mru",
+ "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Foffice_mru.yml&value=name%3A%20office_mru%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table."
+ },
+ {
+ "url": "/tables/orbit_info",
+ "title": "orbit_info",
+ "htmlId": "table--orbitinfo--98fca7c408",
+ "evented": false,
+ "platforms": [
+ "darwin",
+ "linux",
+ "windows"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "orbit_info",
+ "desktop_channel",
+ "desktop_version",
+ "device_auth_token",
+ "enrolled",
+ "last_recorded_error",
+ "orbit_channel",
+ "osqueryd_channel",
+ "scripts_enabled",
+ "uptime",
+ "version"
+ ],
+ "sectionRelativeRepoPath": "orbit_info",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/orbit_info.yml"
+ },
+ {
+ "url": "/tables/os_version",
+ "title": "os_version",
+ "htmlId": "table--osversion--95451301c8",
+ "evented": false,
+ "platforms": [
+ "darwin",
+ "linux",
+ "windows",
+ "chrome"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "os_version",
+ "arch",
+ "build",
+ "codename",
+ "extra",
+ "install_date",
+ "major",
+ "minor",
+ "mount_namespace_id",
+ "name",
+ "patch",
+ "pid_with_namespace",
+ "platform",
+ "platform_like",
+ "revision",
+ "version"
+ ],
+ "sectionRelativeRepoPath": "os_version",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/os_version.yml"
+ },
+ {
+ "url": "/tables/osquery_events",
+ "title": "osquery_events",
+ "htmlId": "table--osqueryevents--3bff81a1b8",
+ "evented": false,
+ "platforms": [
+ "darwin",
+ "linux",
+ "windows"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "osquery_events",
+ "active",
+ "events",
+ "name",
+ "publisher",
+ "refreshes",
+ "subscriptions",
+ "type"
+ ],
+ "sectionRelativeRepoPath": "osquery_events",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/osquery_events.yml"
+ },
+ {
+ "url": "/tables/osquery_extensions",
+ "title": "osquery_extensions",
+ "htmlId": "table--osqueryextensions--56dea82216",
+ "evented": false,
+ "platforms": [
+ "darwin",
+ "linux",
+ "windows"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "osquery_extensions",
+ "name",
+ "path",
+ "sdk_version",
+ "type",
+ "uuid",
+ "version"
+ ],
+ "sectionRelativeRepoPath": "osquery_extensions",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/osquery_extensions.yml"
+ },
+ {
+ "url": "/tables/osquery_flags",
+ "title": "osquery_flags",
+ "htmlId": "table--osqueryflags--27972ebab6",
+ "evented": false,
+ "platforms": [
+ "darwin",
+ "linux",
+ "windows"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "osquery_flags",
+ "default_value",
+ "description",
+ "name",
+ "shell_only",
+ "type",
+ "value"
+ ],
+ "sectionRelativeRepoPath": "osquery_flags",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/osquery_flags.yml"
+ },
+ {
+ "url": "/tables/osquery_info",
+ "title": "osquery_info",
+ "htmlId": "table--osqueryinfo--99ebd3222b",
+ "evented": false,
+ "platforms": [
+ "darwin",
+ "windows",
+ "linux",
+ "chrome"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "osquery_info",
+ "build_distro",
+ "build_platform",
+ "config_hash",
+ "config_valid",
+ "extensions",
+ "instance_id",
+ "pid",
+ "platform_mask",
+ "start_time",
+ "uuid",
+ "version",
+ "watcher"
+ ],
+ "sectionRelativeRepoPath": "osquery_info",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/osquery_info.yml"
+ },
+ {
+ "url": "/tables/osquery_packs",
+ "title": "osquery_packs",
+ "htmlId": "table--osquerypacks--c2f0293ed5",
+ "evented": false,
+ "platforms": [
+ "darwin",
+ "linux",
+ "windows"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "osquery_packs",
+ "active",
+ "discovery_cache_hits",
+ "discovery_executions",
+ "name",
+ "platform",
+ "shard",
+ "version"
+ ],
+ "sectionRelativeRepoPath": "osquery_packs",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/osquery_packs.yml"
+ },
+ {
+ "url": "/tables/osquery_registry",
+ "title": "osquery_registry",
+ "htmlId": "table--osqueryregistry--723b93f998",
+ "evented": false,
+ "platforms": [
+ "darwin",
+ "linux",
+ "windows"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "osquery_registry",
+ "active",
+ "internal",
+ "name",
+ "owner_uuid",
+ "registry"
+ ],
+ "sectionRelativeRepoPath": "osquery_registry",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/osquery_registry.yml"
+ },
+ {
+ "url": "/tables/osquery_schedule",
+ "title": "osquery_schedule",
+ "htmlId": "table--osqueryschedule--81eadaf536",
+ "evented": false,
+ "platforms": [
+ "darwin",
+ "linux",
+ "windows"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "osquery_schedule",
+ "average_memory",
+ "denylisted",
+ "executions",
+ "interval",
+ "last_executed",
+ "last_memory",
+ "last_system_time",
+ "last_user_time",
+ "last_wall_time_ms",
+ "name",
+ "output_size",
+ "query",
+ "system_time",
+ "user_time",
+ "wall_time",
+ "wall_time_ms"
+ ],
+ "sectionRelativeRepoPath": "osquery_schedule",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/osquery_schedule.yml"
+ },
+ {
+ "url": "/tables/package_bom",
+ "title": "package_bom",
+ "htmlId": "table--packagebom--8182ed768f",
+ "evented": false,
+ "platforms": [
+ "darwin"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "package_bom",
+ "filepath",
+ "gid",
+ "mode",
+ "modified_time",
+ "path",
+ "size",
+ "uid"
+ ],
+ "sectionRelativeRepoPath": "package_bom",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/package_bom.yml"
+ },
+ {
+ "url": "/tables/package_install_history",
+ "title": "package_install_history",
+ "htmlId": "table--packageinstallhistory--988f999553",
+ "evented": false,
+ "platforms": [
+ "darwin"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "package_install_history",
+ "content_type",
+ "name",
+ "package_id",
+ "source",
+ "time",
+ "version"
+ ],
+ "sectionRelativeRepoPath": "package_install_history",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/package_install_history.yml"
+ },
+ {
+ "url": "/tables/package_receipts",
+ "title": "package_receipts",
+ "htmlId": "table--packagereceipts--4d830b5b2d",
+ "evented": false,
+ "platforms": [
+ "darwin"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "package_receipts",
+ "install_time",
+ "installer_name",
+ "location",
+ "package_filename",
+ "package_id",
+ "path",
+ "version"
+ ],
+ "sectionRelativeRepoPath": "package_receipts",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/package_receipts.yml"
+ },
+ {
+ "url": "/tables/parse_ini",
+ "title": "parse_ini",
+ "htmlId": "table--parseini--4de2377a57",
+ "evented": false,
+ "platforms": [
+ "darwin",
+ "windows",
+ "linux"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "parse_ini",
+ "fullkey",
+ "key",
+ "parent",
+ "path",
+ "value"
+ ],
+ "sectionRelativeRepoPath": "parse_ini",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/parse_ini.yml"
+ },
+ {
+ "url": "/tables/parse_json",
+ "title": "parse_json",
+ "htmlId": "table--parsejson--c3c9947479",
+ "evented": false,
+ "platforms": [
+ "darwin",
+ "windows",
+ "linux"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "parse_json",
+ "fullkey",
+ "key",
+ "parent",
+ "path",
+ "value"
+ ],
+ "sectionRelativeRepoPath": "parse_json",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/parse_json.yml"
+ },
+ {
+ "url": "/tables/parse_jsonl",
+ "title": "parse_jsonl",
+ "htmlId": "table--parsejsonl--b71d789467",
+ "evented": false,
+ "platforms": [
+ "darwin",
+ "windows",
+ "linux"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "parse_jsonl",
+ "fullkey",
+ "key",
+ "parent",
+ "path",
+ "value"
+ ],
+ "sectionRelativeRepoPath": "parse_jsonl",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/parse_jsonl.yml"
+ },
+ {
+ "url": "/tables/parse_xml",
+ "title": "parse_xml",
+ "htmlId": "table--parsexml--15ed589727",
+ "evented": false,
+ "platforms": [
+ "darwin",
+ "windows",
+ "linux"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "parse_xml",
+ "fullkey",
+ "key",
+ "parent",
+ "path",
+ "value"
+ ],
+ "sectionRelativeRepoPath": "parse_xml",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/parse_xml.yml"
+ },
+ {
+ "url": "/tables/password_policy",
+ "title": "password_policy",
+ "htmlId": "table--passwordpolicy--9a2e1051b8",
+ "evented": false,
+ "platforms": [
+ "darwin"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "password_policy",
+ "policy_content",
+ "policy_description",
+ "policy_identifier",
+ "uid"
+ ],
+ "sectionRelativeRepoPath": "password_policy",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/password_policy.yml"
+ },
+ {
+ "url": "/tables/patches",
+ "title": "patches",
+ "htmlId": "table--patches--b3f61813f5",
+ "evented": false,
+ "platforms": [
+ "windows"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "patches",
+ "caption",
+ "csname",
+ "description",
+ "fix_comments",
+ "hotfix_id",
+ "install_date",
+ "installed_by",
+ "installed_on"
+ ],
+ "sectionRelativeRepoPath": "patches",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/patches.yml"
+ },
+ {
+ "url": "/tables/pci_devices",
+ "title": "pci_devices",
+ "htmlId": "table--pcidevices--b00adf6d59",
+ "evented": false,
+ "platforms": [
+ "darwin",
+ "linux"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "pci_devices",
+ "driver",
+ "model",
+ "model_id",
+ "pci_class",
+ "pci_class_id",
+ "pci_slot",
+ "pci_subclass",
+ "pci_subclass_id",
+ "subsystem_model",
+ "subsystem_model_id",
+ "subsystem_vendor",
+ "subsystem_vendor_id",
+ "vendor",
+ "vendor_id"
+ ],
+ "sectionRelativeRepoPath": "pci_devices",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/pci_devices.yml"
+ },
+ {
+ "url": "/tables/physical_disk_performance",
+ "title": "physical_disk_performance",
+ "htmlId": "table--physicaldiskperformance--21ffb96328",
+ "evented": false,
+ "platforms": [
+ "windows"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "physical_disk_performance",
+ "avg_disk_bytes_per_read",
+ "avg_disk_bytes_per_write",
+ "avg_disk_read_queue_length",
+ "avg_disk_sec_per_read",
+ "avg_disk_sec_per_write",
+ "avg_disk_write_queue_length",
+ "current_disk_queue_length",
+ "name",
+ "percent_disk_read_time",
+ "percent_disk_time",
+ "percent_disk_write_time",
+ "percent_idle_time"
+ ],
+ "sectionRelativeRepoPath": "physical_disk_performance",
+ "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fphysical_disk_performance.yml&value=name%3A%20physical_disk_performance%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table."
+ },
+ {
+ "url": "/tables/pipes",
+ "title": "pipes",
+ "htmlId": "table--pipes--6c348a0bda",
+ "evented": false,
+ "platforms": [
+ "windows"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "pipes",
+ "flags",
+ "instances",
+ "max_instances",
+ "name",
+ "pid"
+ ],
+ "sectionRelativeRepoPath": "pipes",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/pipes.yml"
+ },
+ {
+ "url": "/tables/platform_info",
+ "title": "platform_info",
+ "htmlId": "table--platforminfo--606b0b07f8",
+ "evented": false,
+ "platforms": [
+ "darwin",
+ "linux",
+ "windows"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "platform_info",
+ "address",
+ "date",
+ "extra",
+ "firmware_type",
+ "revision",
+ "size",
+ "vendor",
+ "version",
+ "volume_size"
+ ],
+ "sectionRelativeRepoPath": "platform_info",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/platform_info.yml"
+ },
+ {
+ "url": "/tables/plist",
+ "title": "plist",
+ "htmlId": "table--plist--10bd270ccc",
+ "evented": false,
+ "platforms": [
+ "darwin"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "plist",
+ "key",
+ "path",
+ "subkey",
+ "value"
+ ],
+ "sectionRelativeRepoPath": "plist",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/plist.yml"
+ },
+ {
+ "url": "/tables/pmset",
+ "title": "pmset",
+ "htmlId": "table--pmset--5f7c05dca3",
+ "evented": false,
+ "platforms": [
+ "darwin"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "pmset",
+ "getting",
+ "json_result"
+ ],
+ "sectionRelativeRepoPath": "pmset",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/pmset.yml"
+ },
+ {
+ "url": "/tables/portage_keywords",
+ "title": "portage_keywords",
+ "htmlId": "table--portagekeywords--16048373f7",
+ "evented": false,
+ "platforms": [
+ "linux"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "portage_keywords",
+ "keyword",
+ "mask",
+ "package",
+ "unmask",
+ "version"
+ ],
+ "sectionRelativeRepoPath": "portage_keywords",
+ "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fportage_keywords.yml&value=name%3A%20portage_keywords%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table."
+ },
+ {
+ "url": "/tables/portage_packages",
+ "title": "portage_packages",
+ "htmlId": "table--portagepackages--af336b6b49",
+ "evented": false,
+ "platforms": [
+ "linux"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "portage_packages",
+ "build_time",
+ "eapi",
+ "package",
+ "repository",
+ "size",
+ "slot",
+ "version",
+ "world"
+ ],
+ "sectionRelativeRepoPath": "portage_packages",
+ "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fportage_packages.yml&value=name%3A%20portage_packages%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table."
+ },
+ {
+ "url": "/tables/portage_use",
+ "title": "portage_use",
+ "htmlId": "table--portageuse--61384aa618",
+ "evented": false,
+ "platforms": [
+ "linux"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "portage_use",
+ "package",
+ "use",
+ "version"
+ ],
+ "sectionRelativeRepoPath": "portage_use",
+ "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fportage_use.yml&value=name%3A%20portage_use%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table."
+ },
+ {
+ "url": "/tables/power_sensors",
+ "title": "power_sensors",
+ "htmlId": "table--powersensors--27bd8387f6",
+ "evented": false,
+ "platforms": [
+ "darwin"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "power_sensors",
+ "category",
+ "key",
+ "name",
+ "value"
+ ],
+ "sectionRelativeRepoPath": "power_sensors",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/power_sensors.yml"
+ },
+ {
+ "url": "/tables/powershell_events",
+ "title": "powershell_events",
+ "htmlId": "table--powershellevents--728605e870",
+ "evented": true,
+ "platforms": [
+ "windows"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "powershell_events",
+ "cosine_similarity",
+ "datetime",
+ "script_block_count",
+ "script_block_id",
+ "script_name",
+ "script_path",
+ "script_text",
+ "time"
+ ],
+ "sectionRelativeRepoPath": "powershell_events",
+ "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fpowershell_events.yml&value=name%3A%20powershell_events%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table."
+ },
+ {
+ "url": "/tables/preferences",
+ "title": "preferences",
+ "htmlId": "table--preferences--96fcf226b3",
+ "evented": false,
+ "platforms": [
+ "darwin"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "preferences",
+ "domain",
+ "forced",
+ "host",
+ "key",
+ "subkey",
+ "username",
+ "value"
+ ],
+ "sectionRelativeRepoPath": "preferences",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/preferences.yml"
+ },
+ {
+ "url": "/tables/prefetch",
+ "title": "prefetch",
+ "htmlId": "table--prefetch--8592ee7112",
+ "evented": false,
+ "platforms": [
+ "windows"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "prefetch",
+ "accessed_directories",
+ "accessed_directories_count",
+ "accessed_files",
+ "accessed_files_count",
+ "filename",
+ "hash",
+ "last_run_time",
+ "other_run_times",
+ "path",
+ "run_count",
+ "size",
+ "volume_creation",
+ "volume_serial"
+ ],
+ "sectionRelativeRepoPath": "prefetch",
+ "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fprefetch.yml&value=name%3A%20prefetch%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table."
+ },
+ {
+ "url": "/tables/privacy_preferences",
+ "title": "privacy_preferences",
+ "htmlId": "table--privacypreferences--927ea3e9b3",
+ "evented": false,
+ "platforms": [
+ "chrome"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "privacy_preferences",
+ "ad_measurement_enabled",
+ "autofill_address_enabled",
+ "autofill_credit_card_enabled",
+ "autofill_enabled",
+ "do_not_track_enabled",
+ "fledge_enabled",
+ "hyperlink_auditing_enabled",
+ "network_prediction_enabled",
+ "privacy_sandbox_enabled",
+ "protected_content_enabled",
+ "referrers_enabled",
+ "safe_browsing_enabled",
+ "safe_browsing_extended_reporting_enabled",
+ "save_passwords_enabled",
+ "search_suggest_enabled",
+ "spelling_service_enabled",
+ "third_party_cookies_allowed",
+ "topics_enabled",
+ "translation_service_enabled",
+ "web_rtc_ip_handling_policy"
+ ],
+ "sectionRelativeRepoPath": "privacy_preferences",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/privacy_preferences.yml"
+ },
+ {
+ "url": "/tables/process_envs",
+ "title": "process_envs",
+ "htmlId": "table--processenvs--586b20fc53",
+ "evented": false,
+ "platforms": [
+ "darwin",
+ "linux"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "process_envs",
+ "key",
+ "pid",
+ "value"
+ ],
+ "sectionRelativeRepoPath": "process_envs",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/process_envs.yml"
+ },
+ {
+ "url": "/tables/process_etw_events",
+ "title": "process_etw_events",
+ "htmlId": "table--processetwevents--61143eacfc",
+ "evented": true,
+ "platforms": [
+ "windows"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "process_etw_events",
+ "cmdline",
+ "datetime",
+ "eid",
+ "exit_code",
+ "flags",
+ "header_pid",
+ "mandatory_label",
+ "parent_process_sequence_number",
+ "path",
+ "pid",
+ "ppid",
+ "process_sequence_number",
+ "session_id",
+ "time",
+ "time_windows",
+ "token_elevation_status",
+ "token_elevation_type",
+ "type",
+ "username"
+ ],
+ "sectionRelativeRepoPath": "process_etw_events",
+ "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fprocess_etw_events.yml&value=name%3A%20process_etw_events%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table."
+ },
+ {
+ "url": "/tables/process_events",
+ "title": "process_events",
+ "htmlId": "table--processevents--6ae8ba2267",
+ "evented": true,
+ "platforms": [
+ "darwin",
+ "linux"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "process_events",
+ "atime",
+ "auid",
+ "btime",
+ "cmdline",
+ "cmdline_size",
+ "ctime",
+ "cwd",
+ "egid",
+ "eid",
+ "env",
+ "env_count",
+ "env_size",
+ "euid",
+ "fsgid",
+ "fsuid",
+ "gid",
+ "mode",
+ "mtime",
+ "overflows",
+ "owner_gid",
+ "owner_uid",
+ "parent",
+ "path",
+ "pid",
+ "sgid",
+ "status",
+ "suid",
+ "syscall",
+ "time",
+ "uid",
+ "uptime"
+ ],
+ "sectionRelativeRepoPath": "process_events",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/process_events.yml"
+ },
+ {
+ "url": "/tables/process_file_events",
+ "title": "process_file_events",
+ "htmlId": "table--processfileevents--67c363ae55",
+ "evented": true,
+ "platforms": [
+ "linux"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "process_file_events",
+ "auid",
+ "cwd",
+ "dest_path",
+ "egid",
+ "eid",
+ "euid",
+ "executable",
+ "fsgid",
+ "fsuid",
+ "gid",
+ "operation",
+ "partial",
+ "path",
+ "pid",
+ "ppid",
+ "sgid",
+ "suid",
+ "time",
+ "uid",
+ "uptime"
+ ],
+ "sectionRelativeRepoPath": "process_file_events",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/process_file_events.yml"
+ },
+ {
+ "url": "/tables/process_memory_map",
+ "title": "process_memory_map",
+ "htmlId": "table--processmemorymap--6bf8d10644",
+ "evented": false,
+ "platforms": [
+ "darwin",
+ "linux",
+ "windows"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "process_memory_map",
+ "device",
+ "end",
+ "inode",
+ "offset",
+ "path",
+ "permissions",
+ "pid",
+ "pseudo",
+ "start"
+ ],
+ "sectionRelativeRepoPath": "process_memory_map",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/process_memory_map.yml"
+ },
+ {
+ "url": "/tables/process_namespaces",
+ "title": "process_namespaces",
+ "htmlId": "table--processnamespaces--d1156621d4",
+ "evented": false,
+ "platforms": [
+ "linux"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "process_namespaces",
+ "cgroup_namespace",
+ "ipc_namespace",
+ "mnt_namespace",
+ "net_namespace",
+ "pid",
+ "pid_namespace",
+ "user_namespace",
+ "uts_namespace"
+ ],
+ "sectionRelativeRepoPath": "process_namespaces",
+ "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fprocess_namespaces.yml&value=name%3A%20process_namespaces%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table."
+ },
+ {
+ "url": "/tables/process_open_files",
+ "title": "process_open_files",
+ "htmlId": "table--processopenfiles--43c8c6bba0",
+ "evented": false,
+ "platforms": [
+ "darwin",
+ "linux"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "process_open_files",
+ "fd",
+ "path",
+ "pid"
+ ],
+ "sectionRelativeRepoPath": "process_open_files",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/process_open_files.yml"
+ },
+ {
+ "url": "/tables/process_open_pipes",
+ "title": "process_open_pipes",
+ "htmlId": "table--processopenpipes--0f49c83994",
+ "evented": false,
+ "platforms": [
+ "linux"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "process_open_pipes",
+ "fd",
+ "inode",
+ "mode",
+ "partner_fd",
+ "partner_mode",
+ "partner_pid",
+ "pid",
+ "type"
+ ],
+ "sectionRelativeRepoPath": "process_open_pipes",
+ "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fprocess_open_pipes.yml&value=name%3A%20process_open_pipes%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table."
+ },
+ {
+ "url": "/tables/process_open_sockets",
+ "title": "process_open_sockets",
+ "htmlId": "table--processopensockets--9dc2c99a67",
+ "evented": false,
+ "platforms": [
+ "darwin",
+ "linux",
+ "windows"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "process_open_sockets",
+ "family",
+ "fd",
+ "local_address",
+ "local_port",
+ "net_namespace",
+ "path",
+ "pid",
+ "protocol",
+ "remote_address",
+ "remote_port",
+ "socket",
+ "state"
+ ],
+ "sectionRelativeRepoPath": "process_open_sockets",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/process_open_sockets.yml"
+ },
+ {
+ "url": "/tables/processes",
+ "title": "processes",
+ "htmlId": "table--processes--3a54ed4992",
+ "evented": false,
+ "platforms": [
+ "darwin",
+ "linux",
+ "windows"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "processes",
+ "cgroup_path",
+ "cmdline",
+ "cpu_subtype",
+ "cpu_type",
+ "cwd",
+ "disk_bytes_read",
+ "disk_bytes_written",
+ "egid",
+ "elapsed_time",
+ "elevated_token",
+ "euid",
+ "gid",
+ "handle_count",
+ "name",
+ "nice",
+ "on_disk",
+ "parent",
+ "path",
+ "percent_processor_time",
+ "pgroup",
+ "pid",
+ "protection_type",
+ "resident_size",
+ "root",
+ "secure_process",
+ "sgid",
+ "start_time",
+ "state",
+ "suid",
+ "system_time",
+ "threads",
+ "total_size",
+ "translated",
+ "uid",
+ "upid",
+ "uppid",
+ "user_time",
+ "virtual_process",
+ "wired_size"
+ ],
+ "sectionRelativeRepoPath": "processes",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/processes.yml"
+ },
+ {
+ "url": "/tables/programs",
+ "title": "programs",
+ "htmlId": "table--programs--f7f76d14a9",
+ "evented": false,
+ "platforms": [
+ "windows"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "programs",
+ "identifying_number",
+ "install_date",
+ "install_location",
+ "install_source",
+ "language",
+ "name",
+ "publisher",
+ "uninstall_string",
+ "version"
+ ],
+ "sectionRelativeRepoPath": "programs",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/programs.yml"
+ },
+ {
+ "url": "/tables/prometheus_metrics",
+ "title": "prometheus_metrics",
+ "htmlId": "table--prometheusmetrics--f6ce409d91",
+ "evented": false,
+ "platforms": [
+ "darwin",
+ "linux"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "prometheus_metrics",
+ "metric_name",
+ "metric_value",
+ "target_name",
+ "timestamp_ms"
+ ],
+ "sectionRelativeRepoPath": "prometheus_metrics",
+ "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fprometheus_metrics.yml&value=name%3A%20prometheus_metrics%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table."
+ },
+ {
+ "url": "/tables/puppet_info",
+ "title": "puppet_info",
+ "htmlId": "table--puppetinfo--ce553a89eb",
+ "evented": false,
+ "platforms": [
+ "darwin",
+ "windows",
+ "linux"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "puppet_info",
+ "cached_catalog_status",
+ "catalog_uuid",
+ "code_id",
+ "configuration_version",
+ "corrective_change",
+ "environment",
+ "host",
+ "kind",
+ "master_used",
+ "noop",
+ "noop_pending",
+ "puppet_version",
+ "report_format",
+ "status",
+ "time",
+ "transaction_completed",
+ "transaction_uuid"
+ ],
+ "sectionRelativeRepoPath": "puppet_info",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/puppet_info.yml"
+ },
+ {
+ "url": "/tables/puppet_logs",
+ "title": "puppet_logs",
+ "htmlId": "table--puppetlogs--c81bf10f91",
+ "evented": false,
+ "platforms": [
+ "darwin",
+ "windows",
+ "linux"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "puppet_logs",
+ "file",
+ "level",
+ "line",
+ "message",
+ "source",
+ "time"
+ ],
+ "sectionRelativeRepoPath": "puppet_logs",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/puppet_logs.yml"
+ },
+ {
+ "url": "/tables/puppet_state",
+ "title": "puppet_state",
+ "htmlId": "table--puppetstate--802f52e922",
+ "evented": false,
+ "platforms": [
+ "darwin",
+ "windows",
+ "linux"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "puppet_state",
+ "change_count",
+ "changed",
+ "corrective_change",
+ "evaluation_time",
+ "failed",
+ "file",
+ "line",
+ "out_of_sync",
+ "out_of_sync_count",
+ "resource",
+ "resource_type",
+ "skipped",
+ "title"
+ ],
+ "sectionRelativeRepoPath": "puppet_state",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/puppet_state.yml"
+ },
+ {
+ "url": "/tables/pwd_policy",
+ "title": "pwd_policy",
+ "htmlId": "table--pwdpolicy--b862a98afa",
+ "evented": false,
+ "platforms": [
+ "darwin"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "pwd_policy",
+ "days_to_expiration",
+ "expires_every_n_days",
+ "history_depth",
+ "max_failed_attempts",
+ "min_mixed_case_characters"
+ ],
+ "sectionRelativeRepoPath": "pwd_policy",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/pwd_policy.yml"
+ },
+ {
+ "url": "/tables/python_packages",
+ "title": "python_packages",
+ "htmlId": "table--pythonpackages--31ae8c2370",
+ "evented": false,
+ "platforms": [
+ "darwin",
+ "linux",
+ "windows"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "python_packages",
+ "author",
+ "directory",
+ "license",
+ "name",
+ "path",
+ "pid_with_namespace",
+ "summary",
+ "version"
+ ],
+ "sectionRelativeRepoPath": "python_packages",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/python_packages.yml"
+ },
+ {
+ "url": "/tables/quicklook_cache",
+ "title": "quicklook_cache",
+ "htmlId": "table--quicklookcache--19ae561620",
+ "evented": false,
+ "platforms": [
+ "darwin"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "quicklook_cache",
+ "cache_path",
+ "fs_id",
+ "hit_count",
+ "icon_mode",
+ "inode",
+ "label",
+ "last_hit_date",
+ "mtime",
+ "path",
+ "rowid",
+ "size",
+ "volume_id"
+ ],
+ "sectionRelativeRepoPath": "quicklook_cache",
+ "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fquicklook_cache.yml&value=name%3A%20quicklook_cache%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table."
+ },
+ {
+ "url": "/tables/registry",
+ "title": "registry",
+ "htmlId": "table--registry--415b2b1c89",
+ "evented": false,
+ "platforms": [
+ "windows"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "registry",
+ "data",
+ "key",
+ "mtime",
+ "name",
+ "path",
+ "type"
+ ],
+ "sectionRelativeRepoPath": "registry",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/registry.yml"
+ },
+ {
+ "url": "/tables/routes",
+ "title": "routes",
+ "htmlId": "table--routes--ed00beba43",
+ "evented": false,
+ "platforms": [
+ "darwin",
+ "linux",
+ "windows"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "routes",
+ "destination",
+ "flags",
+ "gateway",
+ "hopcount",
+ "interface",
+ "metric",
+ "mtu",
+ "netmask",
+ "source",
+ "type"
+ ],
+ "sectionRelativeRepoPath": "routes",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/routes.yml"
+ },
+ {
+ "url": "/tables/rpm_package_files",
+ "title": "rpm_package_files",
+ "htmlId": "table--rpmpackagefiles--96e530c921",
+ "evented": false,
+ "platforms": [
+ "linux"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "rpm_package_files",
+ "groupname",
+ "mode",
+ "package",
+ "path",
+ "sha256",
+ "size",
+ "username"
+ ],
+ "sectionRelativeRepoPath": "rpm_package_files",
+ "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Frpm_package_files.yml&value=name%3A%20rpm_package_files%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table."
+ },
+ {
+ "url": "/tables/rpm_packages",
+ "title": "rpm_packages",
+ "htmlId": "table--rpmpackages--e4da8f9f41",
+ "evented": false,
+ "platforms": [
+ "linux"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "rpm_packages",
+ "arch",
+ "epoch",
+ "install_time",
+ "mount_namespace_id",
+ "name",
+ "package_group",
+ "pid_with_namespace",
+ "release",
+ "sha1",
+ "size",
+ "source",
+ "vendor",
+ "version"
+ ],
+ "sectionRelativeRepoPath": "rpm_packages",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/rpm_packages.yml"
+ },
+ {
+ "url": "/tables/running_apps",
+ "title": "running_apps",
+ "htmlId": "table--runningapps--c9443711d8",
+ "evented": false,
+ "platforms": [
+ "darwin"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "running_apps",
+ "bundle_identifier",
+ "is_active",
+ "pid"
+ ],
+ "sectionRelativeRepoPath": "running_apps",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/running_apps.yml"
+ },
+ {
+ "url": "/tables/safari_extensions",
+ "title": "safari_extensions",
+ "htmlId": "table--safariextensions--75748b2d43",
+ "evented": false,
+ "platforms": [
+ "darwin"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "safari_extensions",
+ "author",
+ "bundle_version",
+ "copyright",
+ "description",
+ "developer_id",
+ "extension_type",
+ "identifier",
+ "name",
+ "path",
+ "sdk",
+ "uid",
+ "update_url",
+ "version"
+ ],
+ "sectionRelativeRepoPath": "safari_extensions",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/safari_extensions.yml"
+ },
+ {
+ "url": "/tables/sandboxes",
+ "title": "sandboxes",
+ "htmlId": "table--sandboxes--c68d00ef55",
+ "evented": false,
+ "platforms": [
+ "darwin"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "sandboxes",
+ "build_id",
+ "bundle_path",
+ "enabled",
+ "label",
+ "path",
+ "user"
+ ],
+ "sectionRelativeRepoPath": "sandboxes",
+ "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fsandboxes.yml&value=name%3A%20sandboxes%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table."
+ },
+ {
+ "url": "/tables/scheduled_tasks",
+ "title": "scheduled_tasks",
+ "htmlId": "table--scheduledtasks--a69b6b604d",
+ "evented": false,
+ "platforms": [
+ "windows"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "scheduled_tasks",
+ "action",
+ "enabled",
+ "hidden",
+ "last_run_code",
+ "last_run_message",
+ "last_run_time",
+ "name",
+ "next_run_time",
+ "path",
+ "state"
+ ],
+ "sectionRelativeRepoPath": "scheduled_tasks",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/scheduled_tasks.yml"
+ },
+ {
+ "url": "/tables/screenlock",
+ "title": "screenlock",
+ "htmlId": "table--screenlock--91a400ed71",
+ "evented": false,
+ "platforms": [
+ "darwin",
+ "chrome"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "screenlock",
+ "enabled",
+ "grace_period"
+ ],
+ "sectionRelativeRepoPath": "screenlock",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/screenlock.yml"
+ },
+ {
+ "url": "/tables/seccomp_events",
+ "title": "seccomp_events",
+ "htmlId": "table--seccompevents--5cf6060bd9",
+ "evented": true,
+ "platforms": [
+ "linux"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "seccomp_events",
+ "arch",
+ "auid",
+ "code",
+ "comm",
+ "compat",
+ "exe",
+ "gid",
+ "ip",
+ "pid",
+ "ses",
+ "sig",
+ "syscall",
+ "time",
+ "uid",
+ "uptime"
+ ],
+ "sectionRelativeRepoPath": "seccomp_events",
+ "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fseccomp_events.yml&value=name%3A%20seccomp_events%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table."
+ },
+ {
+ "url": "/tables/secureboot",
+ "title": "secureboot",
+ "htmlId": "table--secureboot--299ca9c718",
+ "evented": false,
+ "platforms": [
+ "darwin",
+ "linux",
+ "windows"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "secureboot",
+ "description",
+ "kernel_extensions",
+ "mdm_operations",
+ "secure_boot",
+ "secure_mode",
+ "setup_mode"
+ ],
+ "sectionRelativeRepoPath": "secureboot",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/secureboot.yml"
+ },
+ {
+ "url": "/tables/security_profile_info",
+ "title": "security_profile_info",
+ "htmlId": "table--securityprofileinfo--17121d5fa6",
+ "evented": false,
+ "platforms": [
+ "windows"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "security_profile_info",
+ "audit_account_logon",
+ "audit_account_manage",
+ "audit_ds_access",
+ "audit_logon_events",
+ "audit_object_access",
+ "audit_policy_change",
+ "audit_privilege_use",
+ "audit_process_tracking",
+ "audit_system_events",
+ "clear_text_password",
+ "enable_admin_account",
+ "enable_guest_account",
+ "force_logoff_when_expire",
+ "lockout_bad_count",
+ "logon_to_change_password",
+ "lsa_anonymous_name_lookup",
+ "maximum_password_age",
+ "minimum_password_age",
+ "minimum_password_length",
+ "new_administrator_name",
+ "new_guest_name",
+ "password_complexity",
+ "password_history_size"
+ ],
+ "sectionRelativeRepoPath": "security_profile_info",
+ "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fsecurity_profile_info.yml&value=name%3A%20security_profile_info%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table."
+ },
+ {
+ "url": "/tables/selinux_events",
+ "title": "selinux_events",
+ "htmlId": "table--selinuxevents--cfc47c5cc9",
+ "evented": true,
+ "platforms": [
+ "linux"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "selinux_events",
+ "eid",
+ "message",
+ "time",
+ "type",
+ "uptime"
+ ],
+ "sectionRelativeRepoPath": "selinux_events",
+ "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fselinux_events.yml&value=name%3A%20selinux_events%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table."
+ },
+ {
+ "url": "/tables/selinux_settings",
+ "title": "selinux_settings",
+ "htmlId": "table--selinuxsettings--392476076c",
+ "evented": false,
+ "platforms": [
+ "linux"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "selinux_settings",
+ "key",
+ "scope",
+ "value"
+ ],
+ "sectionRelativeRepoPath": "selinux_settings",
+ "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fselinux_settings.yml&value=name%3A%20selinux_settings%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table."
+ },
+ {
+ "url": "/tables/services",
+ "title": "services",
+ "htmlId": "table--services--a7e374154f",
+ "evented": false,
+ "platforms": [
+ "windows"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "services",
+ "description",
+ "display_name",
+ "module_path",
+ "name",
+ "path",
+ "pid",
+ "service_exit_code",
+ "service_type",
+ "start_type",
+ "status",
+ "user_account",
+ "win32_exit_code"
+ ],
+ "sectionRelativeRepoPath": "services",
+ "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fservices.yml&value=name%3A%20services%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table."
+ },
+ {
+ "url": "/tables/shadow",
+ "title": "shadow",
+ "htmlId": "table--shadow--2a5e749131",
+ "evented": false,
+ "platforms": [
+ "linux"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "shadow",
+ "expire",
+ "flag",
+ "hash_alg",
+ "inactive",
+ "last_change",
+ "max",
+ "min",
+ "password_status",
+ "username",
+ "warning"
+ ],
+ "sectionRelativeRepoPath": "shadow",
+ "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fshadow.yml&value=name%3A%20shadow%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table."
+ },
+ {
+ "url": "/tables/shared_folders",
+ "title": "shared_folders",
+ "htmlId": "table--sharedfolders--edd6c29f21",
+ "evented": false,
+ "platforms": [
+ "darwin"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "shared_folders",
+ "name",
+ "path"
+ ],
+ "sectionRelativeRepoPath": "shared_folders",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/shared_folders.yml"
+ },
+ {
+ "url": "/tables/shared_memory",
+ "title": "shared_memory",
+ "htmlId": "table--sharedmemory--4632a169c9",
+ "evented": false,
+ "platforms": [
+ "linux"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "shared_memory",
+ "atime",
+ "attached",
+ "creator_pid",
+ "creator_uid",
+ "ctime",
+ "dtime",
+ "locked",
+ "owner_uid",
+ "permissions",
+ "pid",
+ "shmid",
+ "size",
+ "status"
+ ],
+ "sectionRelativeRepoPath": "shared_memory",
+ "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fshared_memory.yml&value=name%3A%20shared_memory%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table."
+ },
+ {
+ "url": "/tables/shared_resources",
+ "title": "shared_resources",
+ "htmlId": "table--sharedresources--1eedd340fb",
+ "evented": false,
+ "platforms": [
+ "windows"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "shared_resources",
+ "allow_maximum",
+ "description",
+ "install_date",
+ "maximum_allowed",
+ "name",
+ "path",
+ "status",
+ "type",
+ "type_name"
+ ],
+ "sectionRelativeRepoPath": "shared_resources",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/shared_resources.yml"
+ },
+ {
+ "url": "/tables/sharing_preferences",
+ "title": "sharing_preferences",
+ "htmlId": "table--sharingpreferences--435a39048e",
+ "evented": false,
+ "platforms": [
+ "darwin"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "sharing_preferences",
+ "bluetooth_sharing",
+ "content_caching",
+ "disc_sharing",
+ "file_sharing",
+ "internet_sharing",
+ "printer_sharing",
+ "remote_apple_events",
+ "remote_login",
+ "remote_management",
+ "screen_sharing"
+ ],
+ "sectionRelativeRepoPath": "sharing_preferences",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/sharing_preferences.yml"
+ },
+ {
+ "url": "/tables/shell_history",
+ "title": "shell_history",
+ "htmlId": "table--shellhistory--487890df4c",
+ "evented": false,
+ "platforms": [
+ "darwin",
+ "linux"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "shell_history",
+ "command",
+ "history_file",
+ "time",
+ "uid"
+ ],
+ "sectionRelativeRepoPath": "shell_history",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/shell_history.yml"
+ },
+ {
+ "url": "/tables/shellbags",
+ "title": "shellbags",
+ "htmlId": "table--shellbags--ea58c94fcb",
+ "evented": false,
+ "platforms": [
+ "windows"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "shellbags",
+ "accessed_time",
+ "created_time",
+ "mft_entry",
+ "mft_sequence",
+ "modified_time",
+ "path",
+ "sid",
+ "source"
+ ],
+ "sectionRelativeRepoPath": "shellbags",
+ "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fshellbags.yml&value=name%3A%20shellbags%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table."
+ },
+ {
+ "url": "/tables/shimcache",
+ "title": "shimcache",
+ "htmlId": "table--shimcache--78c1808f2a",
+ "evented": false,
+ "platforms": [
+ "windows"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "shimcache",
+ "entry",
+ "execution_flag",
+ "modified_time",
+ "path"
+ ],
+ "sectionRelativeRepoPath": "shimcache",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/shimcache.yml"
+ },
+ {
+ "url": "/tables/signature",
+ "title": "signature",
+ "htmlId": "table--signature--651b5e1a16",
+ "evented": false,
+ "platforms": [
+ "darwin"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "signature",
+ "arch",
+ "authority",
+ "cdhash",
+ "hash_resources",
+ "identifier",
+ "path",
+ "signed",
+ "team_identifier"
+ ],
+ "sectionRelativeRepoPath": "signature",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/signature.yml"
+ },
+ {
+ "url": "/tables/sip_config",
+ "title": "sip_config",
+ "htmlId": "table--sipconfig--72a4d07300",
+ "evented": false,
+ "platforms": [
+ "darwin"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "sip_config",
+ "config_flag",
+ "enabled",
+ "enabled_nvram"
+ ],
+ "sectionRelativeRepoPath": "sip_config",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/sip_config.yml"
+ },
+ {
+ "url": "/tables/smbios_tables",
+ "title": "smbios_tables",
+ "htmlId": "table--smbiostables--14a3086ac5",
+ "evented": false,
+ "platforms": [
+ "darwin",
+ "linux"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "smbios_tables",
+ "description",
+ "handle",
+ "header_size",
+ "md5",
+ "number",
+ "size",
+ "type"
+ ],
+ "sectionRelativeRepoPath": "smbios_tables",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/smbios_tables.yml"
+ },
+ {
+ "url": "/tables/smc_keys",
+ "title": "smc_keys",
+ "htmlId": "table--smckeys--65a180be47",
+ "evented": false,
+ "platforms": [
+ "darwin"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "smc_keys",
+ "hidden",
+ "key",
+ "size",
+ "type",
+ "value"
+ ],
+ "sectionRelativeRepoPath": "smc_keys",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/smc_keys.yml"
+ },
+ {
+ "url": "/tables/sntp_request",
+ "title": "sntp_request",
+ "htmlId": "table--sntprequest--31b3965f95",
+ "evented": false,
+ "platforms": [
+ "darwin",
+ "windows",
+ "linux"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "sntp_request",
+ "clock_offset_ms",
+ "server",
+ "timestamp_ms"
+ ],
+ "sectionRelativeRepoPath": "sntp_request",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/sntp_request.yml"
+ },
+ {
+ "url": "/tables/socket_events",
+ "title": "socket_events",
+ "htmlId": "table--socketevents--45972f7f3b",
+ "evented": true,
+ "platforms": [
+ "darwin",
+ "linux"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "socket_events",
+ "action",
+ "auid",
+ "eid",
+ "family",
+ "fd",
+ "local_address",
+ "local_port",
+ "path",
+ "pid",
+ "protocol",
+ "remote_address",
+ "remote_port",
+ "socket",
+ "status",
+ "success",
+ "time",
+ "uptime"
+ ],
+ "sectionRelativeRepoPath": "socket_events",
+ "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fsocket_events.yml&value=name%3A%20socket_events%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table."
+ },
+ {
+ "url": "/tables/sofa_security_release_info",
+ "title": "sofa_security_release_info",
+ "htmlId": "table--sofasecurityreleaseinfo--b23bdf9329",
+ "evented": false,
+ "platforms": [
+ "darwin"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "sofa_security_release_info",
+ "days_since_previous_release",
+ "os_version",
+ "product_version",
+ "release_date",
+ "security_info",
+ "unique_cves_count",
+ "update_name"
+ ],
+ "sectionRelativeRepoPath": "sofa_security_release_info",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/sofa_security_release_info.yml"
+ },
+ {
+ "url": "/tables/sofa_unpatched_cves",
+ "title": "sofa_unpatched_cves",
+ "htmlId": "table--sofaunpatchedcves--680ab849b7",
+ "evented": false,
+ "platforms": [
+ "darwin"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "sofa_unpatched_cves",
+ "actively_exploited",
+ "cve",
+ "os_version",
+ "patched_version"
+ ],
+ "sectionRelativeRepoPath": "sofa_unpatched_cves",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/sofa_unpatched_cves.yml"
+ },
+ {
+ "url": "/tables/software_update",
+ "title": "software_update",
+ "htmlId": "table--softwareupdate--6cb5e63ee6",
+ "evented": false,
+ "platforms": [
+ "darwin"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "software_update",
+ "software_update_required"
+ ],
+ "sectionRelativeRepoPath": "software_update",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/software_update.yml"
+ },
+ {
+ "url": "/tables/ssh_configs",
+ "title": "ssh_configs",
+ "htmlId": "table--sshconfigs--084b9832a4",
+ "evented": false,
+ "platforms": [
+ "darwin",
+ "linux",
+ "windows"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "ssh_configs",
+ "block",
+ "option",
+ "ssh_config_file",
+ "uid"
+ ],
+ "sectionRelativeRepoPath": "ssh_configs",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/ssh_configs.yml"
+ },
+ {
+ "url": "/tables/startup_items",
+ "title": "startup_items",
+ "htmlId": "table--startupitems--f212a6ad4e",
+ "evented": false,
+ "platforms": [
+ "darwin",
+ "linux",
+ "windows"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "startup_items",
+ "args",
+ "name",
+ "path",
+ "source",
+ "status",
+ "type",
+ "username"
+ ],
+ "sectionRelativeRepoPath": "startup_items",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/startup_items.yml"
+ },
+ {
+ "url": "/tables/sudo_info",
+ "title": "sudo_info",
+ "htmlId": "table--sudoinfo--91f0750d0d",
+ "evented": false,
+ "platforms": [
+ "darwin"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "sudo_info",
+ "json_result"
+ ],
+ "sectionRelativeRepoPath": "sudo_info",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/sudo_info.yml"
+ },
+ {
+ "url": "/tables/sudoers",
+ "title": "sudoers",
+ "htmlId": "table--sudoers--53cbb8caa7",
+ "evented": false,
+ "platforms": [
+ "darwin",
+ "linux"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "sudoers",
+ "header",
+ "rule_details",
+ "source"
+ ],
+ "sectionRelativeRepoPath": "sudoers",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/sudoers.yml"
+ },
+ {
+ "url": "/tables/suid_bin",
+ "title": "suid_bin",
+ "htmlId": "table--suidbin--12efbe4810",
+ "evented": false,
+ "platforms": [
+ "darwin",
+ "linux"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "suid_bin",
+ "groupname",
+ "path",
+ "permissions",
+ "pid_with_namespace",
+ "username"
+ ],
+ "sectionRelativeRepoPath": "suid_bin",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/suid_bin.yml"
+ },
+ {
+ "url": "/tables/syslog_events",
+ "title": "syslog_events",
+ "htmlId": "table--syslogevents--cc5c3d702f",
+ "evented": true,
+ "platforms": [
+ "linux"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "syslog_events",
+ "datetime",
+ "eid",
+ "facility",
+ "host",
+ "message",
+ "severity",
+ "tag",
+ "time"
+ ],
+ "sectionRelativeRepoPath": "syslog_events",
+ "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fsyslog_events.yml&value=name%3A%20syslog_events%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table."
+ },
+ {
+ "url": "/tables/system_controls",
+ "title": "system_controls",
+ "htmlId": "table--systemcontrols--bc070f5bb2",
+ "evented": false,
+ "platforms": [
+ "darwin",
+ "linux"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "system_controls",
+ "config_value",
+ "current_value",
+ "field_name",
+ "name",
+ "oid",
+ "subsystem",
+ "type"
+ ],
+ "sectionRelativeRepoPath": "system_controls",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/system_controls.yml"
+ },
+ {
+ "url": "/tables/system_extensions",
+ "title": "system_extensions",
+ "htmlId": "table--systemextensions--59019bbb28",
+ "evented": false,
+ "platforms": [
+ "darwin"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "system_extensions",
+ "UUID",
+ "bundle_path",
+ "category",
+ "identifier",
+ "mdm_managed",
+ "path",
+ "state",
+ "team",
+ "version"
+ ],
+ "sectionRelativeRepoPath": "system_extensions",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/system_extensions.yml"
+ },
+ {
+ "url": "/tables/system_info",
+ "title": "system_info",
+ "htmlId": "table--systeminfo--4f963da54a",
+ "evented": false,
+ "platforms": [
+ "windows",
+ "darwin",
+ "linux",
+ "chrome"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "system_info",
+ "board_model",
+ "board_serial",
+ "board_vendor",
+ "board_version",
+ "computer_name",
+ "cpu_brand",
+ "cpu_logical_cores",
+ "cpu_microcode",
+ "cpu_physical_cores",
+ "cpu_sockets",
+ "cpu_subtype",
+ "cpu_type",
+ "hardware_model",
+ "hardware_serial",
+ "hardware_vendor",
+ "hardware_version",
+ "hostname",
+ "local_hostname",
+ "physical_memory",
+ "uuid"
+ ],
+ "sectionRelativeRepoPath": "system_info",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/system_info.yml"
+ },
+ {
+ "url": "/tables/system_state",
+ "title": "system_state",
+ "htmlId": "table--systemstate--d1ce3bbb0e",
+ "evented": false,
+ "platforms": [
+ "chrome"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "system_state",
+ "idle_state"
+ ],
+ "sectionRelativeRepoPath": "system_state",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/system_state.yml"
+ },
+ {
+ "url": "/tables/systemd_units",
+ "title": "systemd_units",
+ "htmlId": "table--systemdunits--cc47585fcb",
+ "evented": false,
+ "platforms": [
+ "linux"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "systemd_units",
+ "active_state",
+ "description",
+ "following",
+ "fragment_path",
+ "id",
+ "job_id",
+ "job_path",
+ "job_type",
+ "load_state",
+ "object_path",
+ "source_path",
+ "sub_state",
+ "unit_file_state",
+ "user"
+ ],
+ "sectionRelativeRepoPath": "systemd_units",
+ "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fsystemd_units.yml&value=name%3A%20systemd_units%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table."
+ },
+ {
+ "url": "/tables/tcc_access",
+ "title": "tcc_access",
+ "htmlId": "table--tccaccess--103e029af3",
+ "evented": false,
+ "platforms": [
+ "darwin"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "tcc_access",
+ "auth_reason",
+ "auth_value",
+ "client",
+ "client_type",
+ "indirect_object_identifier",
+ "indirect_object_identifier_type",
+ "last_modified",
+ "policy_id",
+ "service",
+ "source",
+ "uid"
+ ],
+ "sectionRelativeRepoPath": "tcc_access",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/tcc_access.yml"
+ },
+ {
+ "url": "/tables/temperature_sensors",
+ "title": "temperature_sensors",
+ "htmlId": "table--temperaturesensors--952195065c",
+ "evented": false,
+ "platforms": [
+ "darwin"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "temperature_sensors",
+ "celsius",
+ "fahrenheit",
+ "key",
+ "name"
+ ],
+ "sectionRelativeRepoPath": "temperature_sensors",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/temperature_sensors.yml"
+ },
+ {
+ "url": "/tables/time",
+ "title": "time",
+ "htmlId": "table--time--740a172c2f",
+ "evented": false,
+ "platforms": [
+ "darwin",
+ "linux",
+ "windows"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "time",
+ "datetime",
+ "day",
+ "hour",
+ "iso_8601",
+ "local_timezone",
+ "minutes",
+ "month",
+ "seconds",
+ "timestamp",
+ "timezone",
+ "unix_time",
+ "weekday",
+ "win_timestamp",
+ "year"
+ ],
+ "sectionRelativeRepoPath": "time",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/time.yml"
+ },
+ {
+ "url": "/tables/time_machine_backups",
+ "title": "time_machine_backups",
+ "htmlId": "table--timemachinebackups--6a1cb2e696",
+ "evented": false,
+ "platforms": [
+ "darwin"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "time_machine_backups",
+ "backup_date",
+ "destination_id"
+ ],
+ "sectionRelativeRepoPath": "time_machine_backups",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/time_machine_backups.yml"
+ },
+ {
+ "url": "/tables/time_machine_destinations",
+ "title": "time_machine_destinations",
+ "htmlId": "table--timemachinedestinations--8c33b4e082",
+ "evented": false,
+ "platforms": [
+ "darwin"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "time_machine_destinations",
+ "alias",
+ "bytes_available",
+ "bytes_used",
+ "consistency_scan_date",
+ "destination_id",
+ "encryption",
+ "root_volume_uuid"
+ ],
+ "sectionRelativeRepoPath": "time_machine_destinations",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/time_machine_destinations.yml"
+ },
+ {
+ "url": "/tables/tpm_info",
+ "title": "tpm_info",
+ "htmlId": "table--tpminfo--086cc37696",
+ "evented": false,
+ "platforms": [
+ "windows"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "tpm_info",
+ "activated",
+ "enabled",
+ "manufacturer_id",
+ "manufacturer_name",
+ "manufacturer_version",
+ "owned",
+ "physical_presence_version",
+ "product_name",
+ "spec_version"
+ ],
+ "sectionRelativeRepoPath": "tpm_info",
+ "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Ftpm_info.yml&value=name%3A%20tpm_info%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table."
+ },
+ {
+ "url": "/tables/ulimit_info",
+ "title": "ulimit_info",
+ "htmlId": "table--ulimitinfo--9cff90dafb",
+ "evented": false,
+ "platforms": [
+ "darwin",
+ "linux"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "ulimit_info",
+ "hard_limit",
+ "soft_limit",
+ "type"
+ ],
+ "sectionRelativeRepoPath": "ulimit_info",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/ulimit_info.yml"
+ },
+ {
+ "url": "/tables/unified_log",
+ "title": "unified_log",
+ "htmlId": "table--unifiedlog--d971aaf7c9",
+ "evented": false,
+ "platforms": [
+ "darwin"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "unified_log",
+ "activity",
+ "category",
+ "level",
+ "max_rows",
+ "message",
+ "pid",
+ "predicate",
+ "process",
+ "sender",
+ "storage",
+ "subsystem",
+ "tid",
+ "timestamp"
+ ],
+ "sectionRelativeRepoPath": "unified_log",
+ "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Funified_log.yml&value=name%3A%20unified_log%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table."
+ },
+ {
+ "url": "/tables/uptime",
+ "title": "uptime",
+ "htmlId": "table--uptime--542f2cc52b",
+ "evented": false,
+ "platforms": [
+ "darwin",
+ "linux",
+ "windows"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "uptime",
+ "days",
+ "hours",
+ "minutes",
+ "seconds",
+ "total_seconds"
+ ],
+ "sectionRelativeRepoPath": "uptime",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/uptime.yml"
+ },
+ {
+ "url": "/tables/usb_devices",
+ "title": "usb_devices",
+ "htmlId": "table--usbdevices--12892f9cf7",
+ "evented": false,
+ "platforms": [
+ "darwin",
+ "linux"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "usb_devices",
+ "class",
+ "model",
+ "model_id",
+ "protocol",
+ "removable",
+ "serial",
+ "subclass",
+ "usb_address",
+ "usb_port",
+ "vendor",
+ "vendor_id",
+ "version"
+ ],
+ "sectionRelativeRepoPath": "usb_devices",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/usb_devices.yml"
+ },
+ {
+ "url": "/tables/user_events",
+ "title": "user_events",
+ "htmlId": "table--userevents--8aaee70de1",
+ "evented": true,
+ "platforms": [
+ "darwin",
+ "linux"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "user_events",
+ "address",
+ "auid",
+ "eid",
+ "message",
+ "path",
+ "pid",
+ "terminal",
+ "time",
+ "type",
+ "uid",
+ "uptime"
+ ],
+ "sectionRelativeRepoPath": "user_events",
+ "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fuser_events.yml&value=name%3A%20user_events%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table."
+ },
+ {
+ "url": "/tables/user_groups",
+ "title": "user_groups",
+ "htmlId": "table--usergroups--03e0b1a5e7",
+ "evented": false,
+ "platforms": [
+ "darwin",
+ "linux",
+ "windows"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "user_groups",
+ "gid",
+ "uid"
+ ],
+ "sectionRelativeRepoPath": "user_groups",
+ "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fuser_groups.yml&value=name%3A%20user_groups%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table."
+ },
+ {
+ "url": "/tables/user_interaction_events",
+ "title": "user_interaction_events",
+ "htmlId": "table--userinteractionevents--ed2ac5b181",
+ "evented": true,
+ "platforms": [
+ "darwin"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "user_interaction_events",
+ "time"
+ ],
+ "sectionRelativeRepoPath": "user_interaction_events",
+ "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fuser_interaction_events.yml&value=name%3A%20user_interaction_events%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table."
+ },
+ {
+ "url": "/tables/user_login_settings",
+ "title": "user_login_settings",
+ "htmlId": "table--userloginsettings--1abbdf6e57",
+ "evented": false,
+ "platforms": [
+ "darwin"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "user_login_settings",
+ "password_hint_enabled"
+ ],
+ "sectionRelativeRepoPath": "user_login_settings",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/user_login_settings.yml"
+ },
+ {
+ "url": "/tables/user_ssh_keys",
+ "title": "user_ssh_keys",
+ "htmlId": "table--usersshkeys--1ba0f20456",
+ "evented": false,
+ "platforms": [
+ "darwin",
+ "linux",
+ "windows"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "user_ssh_keys",
+ "encrypted",
+ "key_type",
+ "path",
+ "pid_with_namespace",
+ "uid"
+ ],
+ "sectionRelativeRepoPath": "user_ssh_keys",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/user_ssh_keys.yml"
+ },
+ {
+ "url": "/tables/userassist",
+ "title": "userassist",
+ "htmlId": "table--userassist--4e3bbdb293",
+ "evented": false,
+ "platforms": [
+ "windows"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "userassist",
+ "count",
+ "last_execution_time",
+ "path",
+ "sid"
+ ],
+ "sectionRelativeRepoPath": "userassist",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/userassist.yml"
+ },
+ {
+ "url": "/tables/users",
+ "title": "users",
+ "htmlId": "table--users--023e2862dc",
+ "evented": false,
+ "platforms": [
+ "darwin",
+ "windows",
+ "linux",
+ "chrome"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "users",
+ "description",
+ "directory",
+ "email",
+ "gid",
+ "gid_signed",
+ "is_hidden",
+ "pid_with_namespace",
+ "shell",
+ "type",
+ "uid",
+ "uid_signed",
+ "username",
+ "uuid"
+ ],
+ "sectionRelativeRepoPath": "users",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/users.yml"
+ },
+ {
+ "url": "/tables/video_info",
+ "title": "video_info",
+ "htmlId": "table--videoinfo--bcca78a3df",
+ "evented": false,
+ "platforms": [
+ "windows"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "video_info",
+ "color_depth",
+ "driver",
+ "driver_date",
+ "driver_version",
+ "manufacturer",
+ "model",
+ "series",
+ "video_mode"
+ ],
+ "sectionRelativeRepoPath": "video_info",
+ "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fvideo_info.yml&value=name%3A%20video_info%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table."
+ },
+ {
+ "url": "/tables/virtual_memory_info",
+ "title": "virtual_memory_info",
+ "htmlId": "table--virtualmemoryinfo--4c4e71449e",
+ "evented": false,
+ "platforms": [
+ "darwin"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "virtual_memory_info",
+ "active",
+ "anonymous",
+ "compressed",
+ "compressor",
+ "copy",
+ "decompressed",
+ "faults",
+ "file_backed",
+ "free",
+ "inactive",
+ "page_ins",
+ "page_outs",
+ "purgeable",
+ "purged",
+ "reactivated",
+ "speculative",
+ "swap_ins",
+ "swap_outs",
+ "throttled",
+ "uncompressed",
+ "wired",
+ "zero_fill"
+ ],
+ "sectionRelativeRepoPath": "virtual_memory_info",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/virtual_memory_info.yml"
+ },
+ {
+ "url": "/tables/vscode_extensions",
+ "title": "vscode_extensions",
+ "htmlId": "table--vscodeextensions--3122f67e21",
+ "evented": false,
+ "platforms": [
+ "darwin",
+ "linux",
+ "windows"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "vscode_extensions",
+ "installed_at",
+ "name",
+ "path",
+ "prerelease",
+ "publisher",
+ "publisher_id",
+ "uid",
+ "uuid",
+ "version"
+ ],
+ "sectionRelativeRepoPath": "vscode_extensions",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/vscode_extensions.yml"
+ },
+ {
+ "url": "/tables/wifi_networks",
+ "title": "wifi_networks",
+ "htmlId": "table--wifinetworks--196d0fe380",
+ "evented": false,
+ "platforms": [
+ "darwin"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "wifi_networks",
+ "add_reason",
+ "added_at",
+ "auto_join",
+ "auto_login",
+ "captive_login_date",
+ "captive_portal",
+ "disabled",
+ "last_connected",
+ "network_name",
+ "passpoint",
+ "personal_hotspot",
+ "possibly_hidden",
+ "roaming",
+ "roaming_profile",
+ "security_type",
+ "ssid",
+ "temporarily_disabled",
+ "was_captive_network"
+ ],
+ "sectionRelativeRepoPath": "wifi_networks",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/wifi_networks.yml"
+ },
+ {
+ "url": "/tables/wifi_status",
+ "title": "wifi_status",
+ "htmlId": "table--wifistatus--7d5af734ae",
+ "evented": false,
+ "platforms": [
+ "darwin"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "wifi_status",
+ "bssid",
+ "channel",
+ "channel_band",
+ "channel_width",
+ "country_code",
+ "interface",
+ "mode",
+ "network_name",
+ "noise",
+ "rssi",
+ "security_type",
+ "ssid",
+ "transmit_rate"
+ ],
+ "sectionRelativeRepoPath": "wifi_status",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/wifi_status.yml"
+ },
+ {
+ "url": "/tables/wifi_survey",
+ "title": "wifi_survey",
+ "htmlId": "table--wifisurvey--86f4a22532",
+ "evented": false,
+ "platforms": [
+ "darwin"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "wifi_survey",
+ "bssid",
+ "channel",
+ "channel_band",
+ "channel_width",
+ "country_code",
+ "interface",
+ "network_name",
+ "noise",
+ "rssi",
+ "ssid"
+ ],
+ "sectionRelativeRepoPath": "wifi_survey",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/wifi_survey.yml"
+ },
+ {
+ "url": "/tables/winbaseobj",
+ "title": "winbaseobj",
+ "htmlId": "table--winbaseobj--0e0dd909ed",
+ "evented": false,
+ "platforms": [
+ "windows"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "winbaseobj",
+ "object_name",
+ "object_type",
+ "session_id"
+ ],
+ "sectionRelativeRepoPath": "winbaseobj",
+ "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fwinbaseobj.yml&value=name%3A%20winbaseobj%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table."
+ },
+ {
+ "url": "/tables/windows_crashes",
+ "title": "windows_crashes",
+ "htmlId": "table--windowscrashes--3bcda23e6b",
+ "evented": false,
+ "platforms": [
+ "windows"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "windows_crashes",
+ "build_number",
+ "command_line",
+ "crash_path",
+ "current_directory",
+ "datetime",
+ "exception_address",
+ "exception_code",
+ "exception_message",
+ "machine_name",
+ "major_version",
+ "minor_version",
+ "module",
+ "path",
+ "pid",
+ "process_uptime",
+ "registers",
+ "stack_trace",
+ "tid",
+ "type",
+ "username",
+ "version"
+ ],
+ "sectionRelativeRepoPath": "windows_crashes",
+ "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fwindows_crashes.yml&value=name%3A%20windows_crashes%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table."
+ },
+ {
+ "url": "/tables/windows_eventlog",
+ "title": "windows_eventlog",
+ "htmlId": "table--windowseventlog--c368bc9838",
+ "evented": false,
+ "platforms": [
+ "windows"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "windows_eventlog",
+ "channel",
+ "computer_name",
+ "data",
+ "datetime",
+ "eventid",
+ "keywords",
+ "level",
+ "pid",
+ "provider_guid",
+ "provider_name",
+ "task",
+ "tid",
+ "time_range",
+ "timestamp",
+ "xpath"
+ ],
+ "sectionRelativeRepoPath": "windows_eventlog",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/windows_eventlog.yml"
+ },
+ {
+ "url": "/tables/windows_events",
+ "title": "windows_events",
+ "htmlId": "table--windowsevents--b4aae30966",
+ "evented": true,
+ "platforms": [
+ "windows"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "windows_events",
+ "computer_name",
+ "data",
+ "datetime",
+ "eid",
+ "eventid",
+ "keywords",
+ "level",
+ "provider_guid",
+ "provider_name",
+ "source",
+ "task",
+ "time"
+ ],
+ "sectionRelativeRepoPath": "windows_events",
+ "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fwindows_events.yml&value=name%3A%20windows_events%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table."
+ },
+ {
+ "url": "/tables/windows_firewall_rules",
+ "title": "windows_firewall_rules",
+ "htmlId": "table--windowsfirewallrules--54886746d8",
+ "evented": false,
+ "platforms": [
+ "windows"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "windows_firewall_rules",
+ "action",
+ "app_name",
+ "direction",
+ "enabled",
+ "grouping",
+ "icmp_types_codes",
+ "local_addresses",
+ "local_ports",
+ "name",
+ "profile_domain",
+ "profile_private",
+ "profile_public",
+ "protocol",
+ "remote_addresses",
+ "remote_ports",
+ "service_name"
+ ],
+ "sectionRelativeRepoPath": "windows_firewall_rules",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/windows_firewall_rules.yml"
+ },
+ {
+ "url": "/tables/windows_optional_features",
+ "title": "windows_optional_features",
+ "htmlId": "table--windowsoptionalfeatures--7fc389462f",
+ "evented": false,
+ "platforms": [
+ "windows"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "windows_optional_features",
+ "caption",
+ "name",
+ "state",
+ "statename"
+ ],
+ "sectionRelativeRepoPath": "windows_optional_features",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/windows_optional_features.yml"
+ },
+ {
+ "url": "/tables/windows_search",
+ "title": "windows_search",
+ "htmlId": "table--windowssearch--3bc557a530",
+ "evented": false,
+ "platforms": [
+ "windows"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "windows_search",
+ "additional_properties",
+ "date_created",
+ "date_modified",
+ "max_results",
+ "name",
+ "owner",
+ "path",
+ "properties",
+ "query",
+ "size",
+ "sort",
+ "type"
+ ],
+ "sectionRelativeRepoPath": "windows_search",
+ "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fwindows_search.yml&value=name%3A%20windows_search%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table."
+ },
+ {
+ "url": "/tables/windows_security_center",
+ "title": "windows_security_center",
+ "htmlId": "table--windowssecuritycenter--8c6fbc78cd",
+ "evented": false,
+ "platforms": [
+ "windows"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "windows_security_center",
+ "antispyware",
+ "antivirus",
+ "autoupdate",
+ "firewall",
+ "internet_settings",
+ "user_account_control",
+ "windows_security_center_service"
+ ],
+ "sectionRelativeRepoPath": "windows_security_center",
+ "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fwindows_security_center.yml&value=name%3A%20windows_security_center%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table."
+ },
+ {
+ "url": "/tables/windows_security_products",
+ "title": "windows_security_products",
+ "htmlId": "table--windowssecurityproducts--f74ebb0ecc",
+ "evented": false,
+ "platforms": [
+ "windows"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "windows_security_products",
+ "name",
+ "remediation_path",
+ "signatures_up_to_date",
+ "state",
+ "state_timestamp",
+ "type"
+ ],
+ "sectionRelativeRepoPath": "windows_security_products",
+ "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fwindows_security_products.yml&value=name%3A%20windows_security_products%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table."
+ },
+ {
+ "url": "/tables/windows_update_history",
+ "title": "windows_update_history",
+ "htmlId": "table--windowsupdatehistory--ef7bb6c2c1",
+ "evented": false,
+ "platforms": [
+ "windows"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "windows_update_history",
+ "client_app_id",
+ "date",
+ "description",
+ "hresult",
+ "operation",
+ "result_code",
+ "server_selection",
+ "service_id",
+ "support_url",
+ "title",
+ "update_id",
+ "update_revision"
+ ],
+ "sectionRelativeRepoPath": "windows_update_history",
+ "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fwindows_update_history.yml&value=name%3A%20windows_update_history%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table."
+ },
+ {
+ "url": "/tables/windows_updates",
+ "title": "windows_updates",
+ "htmlId": "table--windowsupdates--aa61957cff",
+ "evented": false,
+ "platforms": [
+ "windows"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "windows_updates",
+ "fullkey",
+ "is_default",
+ "key",
+ "locale",
+ "parent",
+ "query",
+ "value"
+ ],
+ "sectionRelativeRepoPath": "windows_updates",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/windows_updates.yml"
+ },
+ {
+ "url": "/tables/wmi_bios_info",
+ "title": "wmi_bios_info",
+ "htmlId": "table--wmibiosinfo--e665577f28",
+ "evented": false,
+ "platforms": [
+ "windows"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "wmi_bios_info",
+ "name",
+ "value"
+ ],
+ "sectionRelativeRepoPath": "wmi_bios_info",
+ "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fwmi_bios_info.yml&value=name%3A%20wmi_bios_info%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table."
+ },
+ {
+ "url": "/tables/wmi_cli_event_consumers",
+ "title": "wmi_cli_event_consumers",
+ "htmlId": "table--wmiclieventconsumers--d43fbe70e9",
+ "evented": false,
+ "platforms": [
+ "windows"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "wmi_cli_event_consumers",
+ "class",
+ "command_line_template",
+ "executable_path",
+ "name",
+ "relative_path"
+ ],
+ "sectionRelativeRepoPath": "wmi_cli_event_consumers",
+ "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fwmi_cli_event_consumers.yml&value=name%3A%20wmi_cli_event_consumers%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table."
+ },
+ {
+ "url": "/tables/wmi_event_filters",
+ "title": "wmi_event_filters",
+ "htmlId": "table--wmieventfilters--04ba1150eb",
+ "evented": false,
+ "platforms": [
+ "windows"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "wmi_event_filters",
+ "class",
+ "name",
+ "query",
+ "query_language",
+ "relative_path"
+ ],
+ "sectionRelativeRepoPath": "wmi_event_filters",
+ "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fwmi_event_filters.yml&value=name%3A%20wmi_event_filters%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table."
+ },
+ {
+ "url": "/tables/wmi_filter_consumer_binding",
+ "title": "wmi_filter_consumer_binding",
+ "htmlId": "table--wmifilterconsumerbinding--c53468b489",
+ "evented": false,
+ "platforms": [
+ "windows"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "wmi_filter_consumer_binding",
+ "class",
+ "consumer",
+ "filter",
+ "relative_path"
+ ],
+ "sectionRelativeRepoPath": "wmi_filter_consumer_binding",
+ "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fwmi_filter_consumer_binding.yml&value=name%3A%20wmi_filter_consumer_binding%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table."
+ },
+ {
+ "url": "/tables/wmi_script_event_consumers",
+ "title": "wmi_script_event_consumers",
+ "htmlId": "table--wmiscripteventconsumers--9275e5f795",
+ "evented": false,
+ "platforms": [
+ "windows"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "wmi_script_event_consumers",
+ "class",
+ "name",
+ "relative_path",
+ "script_file_name",
+ "script_text",
+ "scripting_engine"
+ ],
+ "sectionRelativeRepoPath": "wmi_script_event_consumers",
+ "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fwmi_script_event_consumers.yml&value=name%3A%20wmi_script_event_consumers%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table."
+ },
+ {
+ "url": "/tables/xprotect_entries",
+ "title": "xprotect_entries",
+ "htmlId": "table--xprotectentries--82da15dfc5",
+ "evented": false,
+ "platforms": [
+ "darwin"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "xprotect_entries",
+ "filename",
+ "filetype",
+ "identity",
+ "launch_type",
+ "name",
+ "optional",
+ "uses_pattern"
+ ],
+ "sectionRelativeRepoPath": "xprotect_entries",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/xprotect_entries.yml"
+ },
+ {
+ "url": "/tables/xprotect_meta",
+ "title": "xprotect_meta",
+ "htmlId": "table--xprotectmeta--d9c759b143",
+ "evented": false,
+ "platforms": [
+ "darwin"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "xprotect_meta",
+ "developer_id",
+ "identifier",
+ "min_version",
+ "type"
+ ],
+ "sectionRelativeRepoPath": "xprotect_meta",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/xprotect_meta.yml"
+ },
+ {
+ "url": "/tables/xprotect_reports",
+ "title": "xprotect_reports",
+ "htmlId": "table--xprotectreports--ed058eba3f",
+ "evented": false,
+ "platforms": [
+ "darwin"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "xprotect_reports",
+ "name",
+ "time",
+ "user_action"
+ ],
+ "sectionRelativeRepoPath": "xprotect_reports",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/xprotect_reports.yml"
+ },
+ {
+ "url": "/tables/yara",
+ "title": "yara",
+ "htmlId": "table--yara--f7412a4474",
+ "evented": false,
+ "platforms": [
+ "darwin",
+ "linux",
+ "windows"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "yara",
+ "count",
+ "matches",
+ "path",
+ "pid_with_namespace",
+ "sig_group",
+ "sigfile",
+ "sigrule",
+ "sigurl",
+ "strings",
+ "tags"
+ ],
+ "sectionRelativeRepoPath": "yara",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/yara.yml"
+ },
+ {
+ "url": "/tables/yara_events",
+ "title": "yara_events",
+ "htmlId": "table--yaraevents--a3df07297e",
+ "evented": true,
+ "platforms": [
+ "darwin",
+ "linux",
+ "windows"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "yara_events",
+ "action",
+ "category",
+ "count",
+ "eid",
+ "matches",
+ "strings",
+ "tags",
+ "target_path",
+ "time",
+ "transaction_id"
+ ],
+ "sectionRelativeRepoPath": "yara_events",
+ "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fyara_events.yml&value=name%3A%20yara_events%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table."
+ },
+ {
+ "url": "/tables/ycloud_instance_metadata",
+ "title": "ycloud_instance_metadata",
+ "htmlId": "table--ycloudinstancemetadata--91cc1e1945",
+ "evented": false,
+ "platforms": [
+ "darwin",
+ "linux",
+ "windows"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "ycloud_instance_metadata",
+ "cloud_id",
+ "description",
+ "folder_id",
+ "hostname",
+ "instance_id",
+ "metadata_endpoint",
+ "name",
+ "serial_port_enabled",
+ "ssh_public_key",
+ "zone"
+ ],
+ "sectionRelativeRepoPath": "ycloud_instance_metadata",
+ "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fycloud_instance_metadata.yml&value=name%3A%20ycloud_instance_metadata%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table."
+ },
+ {
+ "url": "/tables/yum_sources",
+ "title": "yum_sources",
+ "htmlId": "table--yumsources--866cfa7193",
+ "evented": false,
+ "platforms": [
+ "linux"
+ ],
+ "keywordsForSyntaxHighlighting": [
+ "yum_sources",
+ "baseurl",
+ "enabled",
+ "gpgcheck",
+ "gpgkey",
+ "mirrorlist",
+ "name",
+ "pid_with_namespace"
+ ],
+ "sectionRelativeRepoPath": "yum_sources",
+ "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/yum_sources.yml"
+ }
+ ],
+ "rituals": {
+ "handbook/demand/demand.rituals.yml": [
+ {
+ "task": "Refresh event calendar",
+ "startedOn": "2023-12-31",
+ "frequency": "Quarterly",
+ "description": "https://fleetdm.com/handbook/demand#refresh-event-calendar",
+ "moreInfoUrl": "https://fleetdm.com/handbook/demand#refresh-event-calendar",
+ "dri": "Drew-P-drawers"
+ },
+ {
+ "task": "Prioritize for next sprint",
+ "startedOn": "2023-09-04",
+ "frequency": "Triweekly",
+ "description": "Using your departmental kanban board, prioritize and finalize next sprint's goals for your team by draging the appropriate issues to the top of the 'Not yet' column.",
+ "moreInfoUrl": "https://fleetdm.com/handbook/company/why-this-way#why-make-work-visible",
+ "dri": "mikermcneil",
+ "autoIssue": {
+ "labels": [
+ "#g-demand"
+ ],
+ "repo": "confidential"
+ }
+ },
+ {
+ "task": "Settle event strategy",
+ "startedOn": "2024-01-02",
+ "frequency": "Quarterly (first Tuesday)",
+ "description": "https://fleetdm.com/handbook/demand#settle-event-strategy",
+ "moreInfoUrl": "https://fleetdm.com/handbook/demand#settle-event-strategy",
+ "dri": "Drew-P-drawers"
+ },
+ {
+ "task": "🫧 Pipeline sync",
+ "startedOn": "2024-08-29",
+ "frequency": "Weekly",
+ "description": "Allign with CRO and AEs on pipeline processes and incoming leads",
+ "moreInfoUrl": "",
+ "dri": "Drew-P-drawers"
+ },
+ {
+ "task": "Optimize ads",
+ "startedOn": "2024-02-26",
+ "frequency": "Weekly",
+ "description": "Remove all but the top 5 perfoming ads in each evergreen campaign. Make sure ABM campaigns are using top performing evergreen ads.",
+ "moreInfoUrl": "https://fleetdm.com/handbook/demand#optimize-ads-through-experimentation",
+ "dri": "Drew-P-drawers"
+ },
+ {
+ "task": "Process pending swag requests from the website",
+ "startedOn": "2023-09-20",
+ "frequency": "Weekly",
+ "description": "Complete draft orders.",
+ "moreInfoUrl": "https://fleetdm.com/handbook/demand#process-pending-swag-requests-from-the-website",
+ "dri": "Drew-P-drawers"
+ },
+ {
+ "task": "Engage with the community",
+ "startedOn": "2023-09-20",
+ "frequency": "Daily",
+ "description": "Find relevant conversations with the community and contribute",
+ "moreInfoUrl": "https://fleetdm.com/handbook/demand#engage-with-the-community",
+ "dri": "Drew-P-drawers"
+ },
+ {
+ "task": "Publish ☁️🌈 Sprint demos",
+ "startedOn": "2023-11-03",
+ "frequency": "Triweekly",
+ "description": "Every release cycle, upload the ☁️🌈 Sprint demos video to YouTube",
+ "moreInfoUrl": "https://fleetdm.com/handbook/demand#upload-to-youtube",
+ "dri": "Drew-P-drawers"
+ },
+ {
+ "task": "Measure intent signals",
+ "startedOn": "2024-08-09",
+ "frequency": "Daily",
+ "description": "Measure intent signals and update SalesForce",
+ "moreInfoUrl": "https://fleetdm.com/handbook/demand#measure-intent-signals",
+ "dri": "Drew-P-drawers"
+ },
+ {
+ "task": "Research accounts",
+ "startedOn": "2024-08-09",
+ "frequency": "Daily",
+ "description": "Research SalesForce accounts and begin ABM ads",
+ "moreInfoUrl": "https://fleetdm.com/handbook/demand#warm-up-actions",
+ "dri": "Drew-P-drawers"
+ }
+ ],
+ "handbook/customer-success/customer-success.rituals.yml": [
+ {
+ "task": "Prioritize for next sprint",
+ "startedOn": "2023-09-04",
+ "frequency": "Triweekly",
+ "description": "Using your departmental kanban board, prioritize and finalize next sprint's goals for your team by draging the appropriate issues to the top of the 'Not yet' column.",
+ "moreInfoUrl": "https://fleetdm.com/handbook/company/why-this-way#why-make-work-visible",
+ "dri": "zayhanlon",
+ "autoIssue": {
+ "labels": [
+ "#g-customer-success"
+ ],
+ "repo": "confidential"
+ }
+ },
+ {
+ "task": "Process new requests",
+ "startedOn": "2023-09-04",
+ "frequency": "Daily",
+ "description": "Prioritize all new requests including issues and PRs within one business day.",
+ "moreInfoUrl": "https://fleetdm.com/handbook/company/communications#process-new-requests",
+ "dri": "zayhanlon"
+ },
+ {
+ "task": "Overnight customer feedback",
+ "startedOn": "2024-02-08",
+ "frequency": "Daily",
+ "description": "Respond to messages and alerts",
+ "moreInfoUrl": "https://fleetdm.com/handbook/customer-success#respond-to-messages-and-alerts",
+ "dri": "ksatter"
+ },
+ {
+ "task": "Monitor customer Slack channels ",
+ "startedOn": "2024-02-08",
+ "frequency": "Daily",
+ "description": "Continuously monitor Slack for customer feedback, feature requests, reported bugs, etc., and respond in less than an hour.",
+ "moreInfoUrl": "https://fleetdm.com/handbook/company/communications#customer-support-service-level-agreements-slas",
+ "dri": "ksatter"
+ },
+ {
+ "task": "Follow-up on unresolved customer questions and concerns",
+ "startedOn": "2024-02-08",
+ "frequency": "Daily",
+ "description": "Follow-up with and tag appropriate personnel on customer issues and bugs in progress and items that remain unresolved.",
+ "moreInfoUrl": "https://fleetdm.com/handbook/company/communications#customer-support-service-level-agreements-slas",
+ "dri": "ksatter"
+ },
+ {
+ "task": "Prepare for customer voice",
+ "startedOn": "2024-02-23",
+ "frequency": "Weekly",
+ "description": "Prepare and review the health and latest updates from Fleet's key customers and active proof of concepts (POCs).",
+ "moreInfoUrl": "",
+ "dri": "patagonia121"
+ },
+ {
+ "task": "Prepare customer requests for feature fest",
+ "startedOn": "2024-02-12",
+ "frequency": "Triweekly",
+ "description": "Check-in before the 🗣️ Product Feature Requests meeting to make sure that all information necessary has been gathered before presenting customer requests and feedback to the Product team.",
+ "moreInfoUrl": "",
+ "dri": "nonpunctual"
+ },
+ {
+ "task": "Present customer requests at feature fest",
+ "startedOn": "2024-02-15",
+ "frequency": "Triweekly",
+ "description": "Present and advocate for requests and ideas brought to Fleet's attention by customers that are interesting from a product perspective.",
+ "moreInfoUrl": "",
+ "dri": "nonpunctual"
+ },
+ {
+ "task": "Communicate release notes to stakeholders",
+ "startedOn": "2024-02-21",
+ "frequency": "Triweekly",
+ "description": "Update customers on new features and resolved bugs in an upcoming release.",
+ "moreInfoUrl": "",
+ "dri": "patagonia121"
+ },
+ {
+ "task": "Upgrade Managed Cloud",
+ "startedOn": "2024-02-08",
+ "frequency": "Weekly",
+ "description": "Upgrade each Managed Cloud instance to the latest version of Fleet",
+ "moreInfoUrl": "https://github.com/fleetdm/fleet/releases",
+ "dri": "rfairburn"
+ }
+ ],
+ "handbook/digital-experience/digital-experience.rituals.yml": [
+ {
+ "task": "Complete Digital Experience KPIs",
+ "startedOn": "2024-08-30",
+ "frequency": "Weekly",
+ "description": "Complete Digital Experience KPIs for this week",
+ "moreInfoUrl": "https://docs.google.com/spreadsheets/d/1Hso0LxqwrRVINCyW_n436bNHmoqhoLhC8bcbvLPOs9A/edit?gid=0#gid=0&range=DB1",
+ "dri": "SFriendLee",
+ "autoIssue": {
+ "labels": [
+ "#g-digital-experience"
+ ],
+ "repo": "fleet"
+ }
+ },
+ {
+ "task": "Prep 1:1s for OKR planning",
+ "startedOn": "2024-09-09",
+ "frequency": "Monthly",
+ "description": "Add ”DISCUSS: Mike: Expectations of OKR planning“ to each e-group member's 1:1 document",
+ "moreInfoUrl": "https://docs.google.com/spreadsheets/d/1Hso0LxqwrRVINCyW_n436bNHmoqhoLhC8bcbvLPOs9A/edit",
+ "dri": "SFriendLee",
+ "autoIssue": {
+ "labels": [
+ "#g-digital-experience"
+ ],
+ "repo": "fleet"
+ }
+ },
+ {
+ "task": "Check browser compatibility for fleetdm.com",
+ "startedOn": "2024-03-06",
+ "frequency": "Monthly",
+ "description": "Use Browserstack to manually QA pages on fleetdm.com in each of the earliest supported browser versions",
+ "moreInfoUrl": "https://fleetdm.com/handbook/digital-experience#check-browser-compatibility-for-fleetdm-com",
+ "dri": "eashaw",
+ "autoIssue": {
+ "labels": [
+ "#g-digital-experience"
+ ],
+ "repo": "fleet"
+ }
+ },
+ {
+ "task": "Regenerate messaging framework",
+ "startedOn": "2024-07-15",
+ "frequency": "Quarterly",
+ "description": "Run through the entire website in `?utm_content=clear` mode and build a fresh outline of the headings to make sure they all still make sense.",
+ "moreInfoUrl": "",
+ "dri": "mike-j-thomas"
+ },
+ {
+ "task": "Check brand fronts are up to date",
+ "startedOn": "2024-08-01",
+ "frequency": "Quarterly",
+ "description": "Check all brand fronts for consistancy and update as needed with the current product pitch and graphics.",
+ "moreInfoUrl": "https://fleetdm.com/handbook/digital-experience#update-a-company-brand-front",
+ "dri": "mike-j-thomas"
+ },
+ {
+ "task": "Check production dependencies of fleetdm.com",
+ "startedOn": "2023-11-10",
+ "frequency": "Weekly",
+ "description": "Check for vulnerabilities on the production dependencies of fleetdm.com.",
+ "moreInfoUrl": "https://fleetdm.com/handbook/digital-experience#check-production-dependencies-of-fleetdm-com",
+ "dri": "eashaw",
+ "autoIssue": {
+ "labels": [
+ "#g-digital-experience"
+ ],
+ "repo": "fleet"
+ }
+ },
+ {
+ "task": "Check osquery Slack invitation",
+ "startedOn": "2023-11-10",
+ "frequency": "Monthly",
+ "description": "Check the osquery Slack invitation that is linked to from Fleet and the Fleet website to make sure it is valid.",
+ "moreInfoUrl": "https://fleetdm.com/slack",
+ "dri": "eashaw",
+ "autoIssue": {
+ "labels": [
+ "#g-digital-experience"
+ ],
+ "repo": "fleet"
+ }
+ },
+ {
+ "task": "Prepare for CEO office minutes",
+ "startedOn": "2023-12-18",
+ "frequency": "Daily",
+ "description": "Prepare the CEO office minutes calendar event and meeting agenda",
+ "moreInfoUrl": "https://fleetdm.com/handbook/digital-experience#prepare-for-ceo-office-minutes",
+ "dri": "SFriendLee"
+ },
+ {
+ "task": "Prioritize for next sprint",
+ "startedOn": "2023-08-09",
+ "frequency": "Triweekly",
+ "description": "Using your departmental kanban board, prioritize and finalize next sprint's goals for your team by draging the appropriate issues to the top of the 'Not yet' column.",
+ "moreInfoUrl": "https://fleetdm.com/handbook/company/why-this-way#why-make-work-visible",
+ "dri": "sampfluger88",
+ "autoIssue": {
+ "labels": [
+ "#g-digital-experience"
+ ],
+ "repo": "confidential"
+ }
+ },
+ {
+ "task": "Process the CEO's inbox",
+ "startedOn": "2023-07-29",
+ "frequency": "Daily ⏰",
+ "description": "Process the CEO's inbox",
+ "moreInfoUrl": "https://fleetdm.com/handbook/digital-experience#process-the-ceos-email",
+ "dri": "SFriendLee"
+ },
+ {
+ "task": "Process all \"New requests\" on the #g-digital-experience kanban board",
+ "startedOn": "2023-07-29",
+ "frequency": "Daily ⏰",
+ "description": "Process and prioritize all new issues and PRs",
+ "moreInfoUrl": "https://fleetdm.com/handbook/digital-experience#process-new-requests-from-the-g-ceo-kanban-board",
+ "dri": "sampfluger88"
+ },
+ {
+ "task": "Process the CEO's calendar",
+ "startedOn": "2023-07-29",
+ "frequency": "Daily ⏰",
+ "description": "Process the CEO's calendar",
+ "moreInfoUrl": "https://fleetdm.com/handbook/digital-experience#process-the-ceos-calendar",
+ "dri": "SFriendLee"
+ },
+ {
+ "task": "Send weekly update",
+ "startedOn": "2023-09-15",
+ "frequency": "Weekly",
+ "description": "Send weekly update",
+ "moreInfoUrl": "https://fleetdm.com/handbook/digital-experience#send-the-weekly-update",
+ "dri": "SFriendLee",
+ "autoIssue": {
+ "labels": [
+ "#g-digital-experience"
+ ],
+ "repo": "confidential"
+ }
+ },
+ {
+ "task": "Process and backup E-group agenda",
+ "startedOn": "2023-09-20",
+ "frequency": "Weekly",
+ "description": "Process and backup E-group agenda",
+ "moreInfoUrl": "https://fleetdm.com/handbook/digital-experience#process-and-backup-sid-agenda",
+ "dri": "SFriendLee",
+ "autoIssue": {
+ "labels": [
+ "#g-digital-experience"
+ ],
+ "repo": "confidential"
+ }
+ },
+ {
+ "task": "Process and backup Sid agenda",
+ "startedOn": "2023-09-25",
+ "frequency": "Monthly",
+ "description": "Process and backup Sid agenda",
+ "moreInfoUrl": "https://fleetdm.com/handbook/digital-experience#process-and-backup-e-group-agenda",
+ "dri": "SFriendLee",
+ "autoIssue": {
+ "labels": [
+ "#g-digital-experience"
+ ],
+ "repo": "confidential"
+ }
+ },
+ {
+ "task": "Share recording of all hands meeting",
+ "startedOn": "2023-07-01",
+ "frequency": "Monthly",
+ "description": "Sharing the all hands recording",
+ "moreInfoUrl": "https://fleetdm.com/handbook/digital-experience#share-recording-of-all-hands-meeting",
+ "dri": "SFriendLee",
+ "autoIssue": {
+ "labels": [
+ "#g-digital-experience"
+ ],
+ "repo": "confidential"
+ }
+ },
+ {
+ "task": "Prepare all hands deck",
+ "startedOn": "2023-07-01",
+ "frequency": "Monthly",
+ "description": "Preparing the all hands deck",
+ "moreInfoUrl": "https://fleetdm.com/handbook/digital-experience#preparing-for-the-all-hands",
+ "dri": "sampfluger88",
+ "autoIssue": {
+ "labels": [
+ "#g-digital-experience"
+ ],
+ "repo": "confidential"
+ }
+ },
+ {
+ "task": "Prepare board deck",
+ "startedOn": "2023-09-25",
+ "frequency": "Quarterly",
+ "description": "Prepare slide deck for the next board meeting",
+ "dri": "sampfluger88"
+ },
+ {
+ "task": "Process CEO GitHub review requests, mentions, and outstanding PRs",
+ "startedOn": "2023-07-29",
+ "frequency": "Daily",
+ "description": "Filter all action items from CEO's GitHub notifications",
+ "dri": "SFriendLee"
+ },
+ {
+ "task": "Check LinkedIn for unread messages",
+ "startedOn": "2023-09-25",
+ "frequency": "Daily",
+ "description": "Prevent connections from slipping through the cracks",
+ "moreInfoUrl": "https://fleetdm.com/handbook/digital-experience#check-linkedin-for-unread-messages",
+ "dri": "SFriendLee"
+ },
+ {
+ "task": "Downgrade unused license seats",
+ "startedOn": "2024-03-31",
+ "frequency": "Quarterly",
+ "description": "Downgrade unused or questionable license seats on the first Wednesday of every quarter",
+ "moreInfoUrl": "https://fleetdm.com/handbook/digital-experience#downgrade-an-unused-license-seat",
+ "dri": "sampfluger88"
+ },
+ {
+ "task": "Communicate Fleet's potential energy to stakeholders",
+ "startedOn": "2024-05-01",
+ "frequency": "Monthly",
+ "description": "Via hand or automation, send a monthly update email to all investors that hold 4% equity or greater in Fleet who have opted in to receive emails on the company's progress.",
+ "moreInfoUrl": "https://fleetdm.com/handbook/digital-experience#communicate-fleets-potential-energy-to-stakeholders",
+ "dri": "sampfluger88",
+ "autoIssue": {
+ "labels": [
+ "#g-digital-experience"
+ ],
+ "repo": "confidential"
+ }
+ },
+ {
+ "task": "Vanta check",
+ "startedOn": "2024-04-01",
+ "frequency": "Monthly",
+ "description": "Look for any new actions in Vanta due in the upcoming months and create issues to ensure they're done on time.",
+ "moreInfoUrl": null,
+ "dri": "sampfluger88",
+ "autoIssue": {
+ "labels": [
+ "#g-digital-experience"
+ ],
+ "repo": "confidential"
+ }
+ },
+ {
+ "task": "Recognize and benchmark workiversaries",
+ "startedOn": "2024-07-15",
+ "frequency": "Bimonthly",
+ "description": "Identify workiversaries coming up in the next two months and follow the steps to ensure they're recognized and benchmarked",
+ "moreInfoUrl": "https://fleetdm.com/handbook/digital-experience#recognize-employee-workiversaries",
+ "dri": "sampfluger88"
+ },
+ {
+ "task": "Quarterly grants",
+ "startedOn": "2024-02-01",
+ "frequency": "Quarterly",
+ "description": "Create the equity grants GitHub issue and walk through the steps.",
+ "moreInfoUrl": "https://fleetdm.com/handbook/digital-experience#grant-equity",
+ "dri": "hollidayn"
+ },
+ {
+ "task": "Change password of \"Integrations admin\" Salesforce account",
+ "startedOn": "2024-09-10",
+ "frequency": "Quarterly",
+ "description": "Log into the \"Integrations admin\" account in Salesforce and change the password to prevent a password change being required by Salesforce.",
+ "moreInfoUrl": "https://fleetdm.com/handbook/digital-experience#change-the-integrations-admin-salesforce-account-password",
+ "dri": "eashaw"
+ }
+ ],
+ "handbook/finance/finance.rituals.yml": [
+ {
+ "task": "Communicate the status of customer financial actions",
+ "startedOn": "2024-02-12",
+ "frequency": "Weekly",
+ "description": "At the start of every week, check the Salesforce reports for past due invoices, non-invoiced opportunities, and past due renewals. Report findings to in the `#g-sales` channel.",
+ "moreInfoUrl": "https://fleetdm.com/handbook/finance#communicate-the-status-of-customer-financial-actions",
+ "dri": "ireedy",
+ "autoIssue": {
+ "labels": [
+ "#g-finance"
+ ],
+ "repo": "confidential"
+ }
+ },
+ {
+ "task": "AP invoice monitoring",
+ "startedOn": "2024-04-01",
+ "frequency": "Weekly",
+ "description": "Look for new accounts payable invoices and make sure that Fleet's suppliers are paid.",
+ "moreInfoUrl": "https://fleetdm.com/handbook/finance#process-a-new-vendor-invoice",
+ "dri": "ireedy",
+ "autoIssue": {
+ "labels": [
+ "#g-finance"
+ ],
+ "repo": "confidential"
+ }
+ },
+ {
+ "task": "Complete Finance KPI inputs",
+ "startedOn": "2024-02-16",
+ "frequency": "Weekly",
+ "description": "Create the weekly team KPI issue, complete the finance update.",
+ "moreInfoUrl": "https://fleetdm.com/handbook/finance#update-weekly-kpis",
+ "dri": "ireedy",
+ "autoIssue": {
+ "labels": [
+ "#g-finance"
+ ],
+ "repo": "confidential"
+ }
+ },
+ {
+ "task": "Key review prep",
+ "startedOn": "2024-02-14",
+ "frequency": "Triweekly",
+ "description": "Prepare for this sprint's Key review meeting.",
+ "moreInfoUrl": "https://fleetdm.com/handbook/company/leadership#key-reviews",
+ "dri": "jostableford",
+ "autoIssue": {
+ "labels": [
+ "#g-finance"
+ ],
+ "repo": "confidential"
+ }
+ },
+ {
+ "task": "Prioritize for next sprint",
+ "startedOn": "2023-08-09",
+ "frequency": "Triweekly",
+ "description": "Using your departmental kanban board, prioritize and finalize next sprint's goals for your team by draging the appropriate issues to the top of the 'Not yet' column.",
+ "moreInfoUrl": "https://fleetdm.com/handbook/company/why-this-way#why-make-work-visible",
+ "dri": "jostableford",
+ "autoIssue": {
+ "labels": [
+ "#g-finance"
+ ],
+ "repo": "confidential"
+ }
+ },
+ {
+ "task": "Reconcile monthly recurring expenses",
+ "startedOn": "2024-02-28",
+ "frequency": "Monthly",
+ "description": "Each month, update the inputs in “The numbers” spreadsheet to reflect the actuals for recurring non-personnel spend, and identify any unexpected increase or decrease in spend.",
+ "moreInfoUrl": "https://fleetdm.com/handbook/finance#reconcile-monthly-recurring-expenses",
+ "dri": "jostableford",
+ "autoIssue": {
+ "labels": [
+ "#g-finance"
+ ],
+ "repo": "confidential"
+ }
+ },
+ {
+ "task": "Monthly accounting",
+ "startedOn": "2024-02-28",
+ "frequency": "Monthly",
+ "description": "Create the monthly close GitHub issue and walk through the steps. This process includes fulfilling the monthly reporting requirement for SVB.",
+ "moreInfoUrl": "https://fleetdm.com/handbook/finance#process-monthly-accounting",
+ "dri": "ireedy",
+ "autoIssue": {
+ "labels": [
+ "#g-finance"
+ ],
+ "repo": "confidential"
+ }
+ },
+ {
+ "task": "Run regular payroll",
+ "startedOn": "2024-02-24",
+ "frequency": "Monthly",
+ "description": "Verify auto-populated payroll for all full time employees is accurate, and approve for processing.",
+ "moreInfoUrl": "https://fleetdm.com/handbook/finance#run-payroll",
+ "dri": "jostableford",
+ "autoIssue": {
+ "labels": [
+ "#g-finance"
+ ],
+ "repo": "confidential"
+ }
+ },
+ {
+ "task": "Monthly mail review",
+ "startedOn": "2024-04-15",
+ "frequency": "Monthly",
+ "description": "Review and clear mail incurring storage fees",
+ "moreInfoUrl": null,
+ "dri": "ireedy",
+ "autoIssue": {
+ "labels": [
+ "#g-finance"
+ ],
+ "repo": "confidential"
+ }
+ },
+ {
+ "task": "Run US contractor payroll",
+ "startedOn": "2024-02-28",
+ "frequency": "Monthly",
+ "description": "Manually process US contractor payroll by verifying and syncing time contractor worked, then processing payment.",
+ "moreInfoUrl": "https://fleetdm.com/handbook/finance#run-us-contractor-payroll",
+ "dri": "jostableford",
+ "autoIssue": {
+ "labels": [
+ "#g-finance"
+ ],
+ "repo": "confidential"
+ }
+ },
+ {
+ "task": "Run US commission payroll",
+ "startedOn": "2024-01-31",
+ "frequency": "Monthly",
+ "description": "Verify closed-won deal amounts, use commission calculators to determine commissions owed, and process payroll.",
+ "moreInfoUrl": "https://fleetdm.com/handbook/finance#run-us-commission-payroll",
+ "dri": "jostableford",
+ "autoIssue": {
+ "labels": [
+ "#g-finance"
+ ],
+ "repo": "confidential"
+ }
+ },
+ {
+ "task": "Run bonus payroll",
+ "startedOn": "2024-01-31",
+ "frequency": "Quarterly",
+ "description": "Verify completion of any objective or outcome based bonus plans, and process payroll.",
+ "moreInfoUrl": "https://fleetdm.com/handbook/finance#run-us-commission-payroll",
+ "dri": "jostableford"
+ },
+ {
+ "task": "Review state filings for the previous quarter",
+ "startedOn": "2024-07-19",
+ "frequency": "Quarterly",
+ "description": "Verify that state filings have been successfully submitted for the previous quarter",
+ "moreInfoUrl": "https://fleetdm.com/handbook/finance#review-state-employment-tax-filings-for-the-previous-quarter",
+ "dri": "ireedy"
+ },
+ {
+ "task": "Investor reporting",
+ "startedOn": "2024-03-31",
+ "frequency": "Quarterly",
+ "description": "Provide updated metrics for CRV in Chronograph.",
+ "moreInfoUrl": "https://fleetdm.com/handbook/finance#report-quarterly-numbers-in-chronograph",
+ "dri": "ireedy"
+ },
+ {
+ "task": "Quartlery finance check",
+ "startedOn": "2024-03-31",
+ "frequency": "Quarterly",
+ "description": "Every quarter, we check Quickbooks Online (QBO) for discrepancies and follow up with accounting providers for any quirks found.",
+ "moreInfoUrl": "https://fleetdm.com/handbook/finance#check-finances-for-quirks",
+ "dri": "jostableford"
+ },
+ {
+ "task": "Deliver annual report for venture line",
+ "startedOn": "2024-12-01",
+ "frequency": "Annually",
+ "description": "Within 60 days of the new year, provide financial statements to SVB, along with board-approved projections for the new year",
+ "moreInfoUrl": "https://fleetdm.com/handbook/finance#deliver-annual-report-for-venture-line",
+ "dri": "jostableford"
+ },
+ {
+ "task": "Tax preparation",
+ "startedOn": "2024-02-01",
+ "frequency": "Annually",
+ "description": "Provide information to tax team with Deloitte and assist with filing and paying state and federal returns",
+ "moreInfoUrl": null,
+ "dri": "jostableford"
+ }
+ ],
+ "handbook/engineering/engineering.rituals.yml": [
+ {
+ "task": "Pull request review",
+ "startedOn": "2023-08-09",
+ "frequency": "Daily",
+ "description": "Engineers go through pull requests for which their review has been requested.",
+ "moreInfoUrl": "https://fleetdm.com/handbook/company/why-this-way#why-make-work-visible",
+ "dri": "lukeheath"
+ },
+ {
+ "task": "Engineering group discussions",
+ "startedOn": "2023-08-09",
+ "frequency": "Daily",
+ "description": "Engineers go through pull requests for which their review has been requested.",
+ "moreInfoUrl": null,
+ "dri": "lukeheath"
+ },
+ {
+ "task": "Oncall handoff",
+ "startedOn": "2023-08-09",
+ "frequency": "Weekly",
+ "description": "Hand off the oncall engineering responsibilities to the next oncall engineer.",
+ "moreInfoUrl": null,
+ "dri": "lukeheath"
+ },
+ {
+ "task": "Vulnerability alerts (fleetdm.com)",
+ "startedOn": "2023-08-09",
+ "frequency": "Weekly",
+ "description": "Review and remediate or dismiss vulnerability alerts for the fleetdm.com codebase on GitHub.",
+ "moreInfoUrl": "https://github.com/fleetdm/fleet/security",
+ "dri": "eashaw"
+ },
+ {
+ "task": "Vulnerability alerts (frontend)",
+ "startedOn": "2023-08-09",
+ "frequency": "Weekly",
+ "description": "Review and remediate or dismiss vulnerability alerts for the Fleet frontend codebase (and related JS) on GitHub.",
+ "moreInfoUrl": "https://github.com/fleetdm/fleet/security",
+ "dri": "lukeheath"
+ },
+ {
+ "task": "Vulnerability alerts (backend)",
+ "startedOn": "2023-08-09",
+ "frequency": "Weekly",
+ "description": "Review and remediate or dismiss vulnerability alerts for the Fleet backend codebase (and all Go code) on GitHub.",
+ "moreInfoUrl": "https://github.com/fleetdm/fleet/security",
+ "dri": "lukeheath"
+ },
+ {
+ "task": "Release candidate ritual",
+ "startedOn": "2023-08-09",
+ "frequency": "Triweekly",
+ "description": "Go through the process of creating a release candidate.",
+ "moreInfoUrl": "https://github.com/fleetdm/fleet/blob/main/tools/release/README.md#minor-release-typically-end-of-sprint",
+ "dri": "lukeheath"
+ },
+ {
+ "task": "Release ritual",
+ "startedOn": "2023-08-09",
+ "frequency": "Triweekly",
+ "description": "Go through the process of releasing the next iteration of Fleet.",
+ "moreInfoUrl": "https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Releasing-Fleet.md",
+ "dri": "lukeheath"
+ },
+ {
+ "task": "Create patch release branch",
+ "startedOn": "2023-08-09",
+ "frequency": "Every patch release",
+ "description": "Go through the process of creating a patch release branch, cherry picking commits, and pushing the branch to github.com/fleetdm/fleet.",
+ "moreInfoUrl": "https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Releasing-Fleet.md#patch-releases",
+ "dri": "lukeheath"
+ },
+ {
+ "task": "Bug review",
+ "startedOn": "2023-08-09",
+ "frequency": "Weekly",
+ "description": "Review bugs that are in QA's inbox.",
+ "moreInfoUrl": "https://www.fleetdm.com/handbook/company/product-groups#inbox",
+ "dri": "xpkoala"
+ },
+ {
+ "task": "QA report",
+ "startedOn": "2023-08-09",
+ "frequency": "Triweekly",
+ "description": "Every release cycle, on the Monday of release week, update the DRI for the release ritual on status of testing.",
+ "moreInfoUrl": null,
+ "dri": "xpkoala"
+ },
+ {
+ "task": "Release QA",
+ "startedOn": "2023-08-09",
+ "frequency": "Triweekly",
+ "description": "Every release cycle, by end of day Friday of release week, move all issues to the ”✅ Ready for release” column on the #g-mdm and #g-endpoint-ops sprint boards.",
+ "moreInfoUrl": null,
+ "dri": "xpkoala"
+ },
+ {
+ "task": "Check ongoing events",
+ "startedOn": "2024-02-09",
+ "frequency": "Daily",
+ "description": "Check event issues and complete steps.",
+ "moreInfoUrl": "https://fleetdm.com/handbook/engineering#book-an-event",
+ "dri": "spokanemac"
+ }
+ ],
+ "handbook/sales/sales.rituals.yml": [
+ {
+ "task": "Close leads contacted ≥7 days ago",
+ "startedOn": "2024-07-05",
+ "frequency": "Daily",
+ "description": "Close all of your leads in the 'Attempted to contact' stage and which have been there for 7 or more days. If follow-up is appropriate, and won't be bothersome, it can be done after closing the lead. (A new lead can always be opened for the contact later.)",
+ "moreInfoUrl": "",
+ "dri": "Every AE"
+ },
+ {
+ "task": "Prioritize for next sprint",
+ "startedOn": "2023-09-04",
+ "frequency": "Triweekly",
+ "description": "Using your departmental kanban board, prioritize and finalize next sprint's goals for your team by draging the appropriate issues to the top of the 'Not yet' column.",
+ "moreInfoUrl": "https://fleetdm.com/handbook/company/why-this-way#why-make-work-visible",
+ "dri": "alexmitchelliii",
+ "autoIssue": {
+ "labels": [
+ "#g-sales"
+ ],
+ "repo": "confidential"
+ }
+ },
+ {
+ "task": "g-sales standup",
+ "startedOn": "2023-09-04",
+ "frequency": "Daily",
+ "description": "Review progress on priorities for Sprint. Discuss previous day accomplishments, goals for today and any blockers.",
+ "moreInfoUrl": "https://fleetdm.com/handbook/company/why-this-way#why-make-work-visible",
+ "dri": "alexmitchelliii"
+ },
+ {
+ "task": "Opportunity pipeline review",
+ "startedOn": "2023-09-04",
+ "frequency": "Weekly",
+ "description": "Review status of sales opportunities and discuss next steps.",
+ "moreInfoUrl": "https://fleetdm.com/handbook/customers#review-rep-activity",
+ "dri": "alexmitchelliii",
+ "autoIssue": {
+ "labels": [
+ "#g-sales"
+ ],
+ "repo": "confidential"
+ }
+ },
+ {
+ "task": "Review rep activity",
+ "startedOn": "2023-09-18",
+ "frequency": "Monthly",
+ "description": "https://fleetdm.com/handbook/customers#review-rep-activity",
+ "moreInfoUrl": "https://fleetdm.com/handbook/customers#review-rep-activity",
+ "dri": "alexmitchelliii"
+ }
+ ],
+ "handbook/product-design/product-design.rituals.yml": [
+ {
+ "task": "Design sprint review",
+ "startedOn": "2024-03-07",
+ "frequency": "Triweekly",
+ "description": "Clear out the drafting board of all issues that are not estimated but leave the items we want to take in the next sprint on the drafting board. Record the number of dropped stories for KPIs (all user stories that did not meet the 3 week drafting timeline).",
+ "moreInfoUrl": null,
+ "dri": "noahtalerman"
+ },
+ {
+ "task": "🎁 Feature fest",
+ "startedOn": "2024-03-07",
+ "frequency": "Triweekly",
+ "description": "We make a decision regarding which customer and community feature requests can be committed to in the next six weeks.",
+ "moreInfoUrl": "https://fleetdm.com/handbook/company/product-groups#feature-fest",
+ "dri": "noahtalerman"
+ },
+ {
+ "task": "Design sprint kickoff",
+ "startedOn": "2024-03-07",
+ "frequency": "Triweekly",
+ "description": "Add stories prioritized during Feature fest to Drafting board, assign stories to product designers, and align on priorities.",
+ "moreInfoUrl": null,
+ "dri": "noahtalerman"
+ },
+ {
+ "task": "Sprint kickoff review",
+ "startedOn": "2024-03-07",
+ "frequency": "Triweekly",
+ "description": "Identify stories that did not make it into this sprint and remove them from the board. Notify relevant requesters/stakeholders. Ensure bugs have been effectively prioritized across teams. Recommend highlights for next release notes. Record the number of drops for KPI reporting. Consider product group staffing. Are we scheduling what we prioritized? Did we finish what we scheduled in the sprint? (Look at org chart.)",
+ "moreInfoUrl": null,
+ "dri": "noahtalerman"
+ },
+ {
+ "task": "🦢🗣 Design review",
+ "startedOn": "2024-03-07",
+ "frequency": "Daily",
+ "description": "On Mondays, contributors present wireframes in 'Feedback' mode and anyone can give feedback. 'Final review' mode during all other days and only Head of Product Design + CTO + Product Designers give feedback.",
+ "moreInfoUrl": "https://fleetdm.com/handbook/company/product-groups#design-reviews",
+ "dri": "noahtalerman"
+ },
+ {
+ "task": "🦢🔄 Product design sync",
+ "startedOn": "2023-07-11",
+ "frequency": "Weekly",
+ "description": "Weekly time to chat about product design work (design reviews, conventions & best practices, using Figma, etc.)",
+ "moreInfoUrl": "https://docs.google.com/document/d/1GDEcXuTUjHI2CD9Jqega_GyF9DL6-PBmcyJpj55Lmos/edit",
+ "dri": "noahtalerman"
+ },
+ {
+ "task": "🦢🗣 Product office hours",
+ "startedOn": "2023-07-11",
+ "frequency": "Weekly",
+ "description": "Head of Product Design + any other contributors who would like to attend. 30 minutes reserved to talk about any product.",
+ "moreInfoUrl": "https://docs.google.com/document/d/1Znyp2a9qcM9JdYHrzLudvcPwEdhnCg7RiKi22s8yGWw/edit",
+ "dri": "noahtalerman"
+ },
+ {
+ "task": "Maintenance",
+ "startedOn": "2024-03-01",
+ "frequency": "Weekly",
+ "description": "Head of Product Design checks the latest versions of relevant platforms, updates the maintenance tracker, and notifies the #g-mdm and #g-endpoint-ops Slack channel.",
+ "moreInfoUrl": null,
+ "dri": "noahtalerman"
+ },
+ {
+ "task": "Product confirm and celebrate",
+ "startedOn": "2024-02-27",
+ "frequency": "Weekly",
+ "description": "Review user stories we shipped but haven't closed/ Confirm all the loose ends are tied up: docs, internal and external comms, guides, pricing page, transparency page, user permissions.",
+ "moreInfoUrl": null,
+ "dri": "noahtalerman"
+ },
+ {
+ "task": "Pre-sprint prioritization",
+ "startedOn": "2024-02-27",
+ "frequency": "Triweekly",
+ "description": "Discuss what stories weren't completed in the previous sprint. Record the number of stories in KPIs. Align on priorities for upcoming sprint.",
+ "dri": "noahtalerman"
+ }
+ ]
+ },
+ "testimonials": [
+ {
+ "quote": "Yes Sir. Great tools for the everyday open-source geeks 💯",
+ "quoteAuthorName": "Alvaro Gutierrez",
+ "quoteAuthorProfileImageFilename": "testimonial-authour-alvaro-gutierrez-100x100@2x.png",
+ "quoteLinkUrl": "https://www.linkedin.com/in/aantoniogutierrez/",
+ "quoteAuthorJobTitle": "Technology Evangelist",
+ "productCategories": [
+ "Endpoint operations"
+ ]
+ },
+ {
+ "quote": "Fleet / osquery are some of my favorite open source detection tooling.",
+ "quoteAuthorName": "Joe Pistone",
+ "quoteAuthorProfileImageFilename": "testimonial-author-joe-pistone-100x100@2x.png",
+ "quoteLinkUrl": "https://www.linkedin.com/in/josephpistone/",
+ "quoteAuthorJobTitle": "Manager, Security Operations",
+ "productCategories": [
+ "Endpoint operations"
+ ]
+ },
+ {
+ "quote": "I had to answer some really complex questions for a compliance audit, and I was able to do it in about 15 minutes by munging some data together via a few queries into a csv. It took me longer to remember how to use `xsv` than to actually put together the report. If you aren't using osquery in your environment, you should be.",
+ "quoteAuthorName": "Charles Zaffery",
+ "quoteAuthorProfileImageFilename": "testimonial-author-charles-zaffery-48x48@2x.png",
+ "quoteLinkUrl": "https://www.linkedin.com/in/charleszaffery/",
+ "quoteAuthorJobTitle": "Principle Computer Janitor",
+ "productCategories": [
+ "Vulnerability management"
+ ]
+ },
+ {
+ "quote": "The visibility down into the assets covered by the agent is phenomenal. Fleet has become the central source for a lot of things.",
+ "quoteAuthorName": "Andre Shields",
+ "quoteAuthorProfileImageFilename": "testimonial-author-andre-shields-48x48@2x.png",
+ "quoteLinkUrl": "https://www.linkedin.com/in/andre-shields/",
+ "quoteAuthorJobTitle": "Staff Cybersecurity Engineer, Vulnerability Management",
+ "youtubeVideoUrl": "https://www.youtube.com/watch?v=siXy9aanOu4",
+ "productCategories": [
+ "Endpoint operations",
+ "Vulnerability management"
+ ],
+ "videoIdForEmbed": "siXy9aanOu4"
+ },
+ {
+ "quote": "I love the steady and consistent delivery of features that help teams work how they want to work, not how your product dictates they work.",
+ "quoteImageFilename": "social-proof-logo-atlassian-192x32@2x.png",
+ "quoteLinkUrl": "https://www.linkedin.com/in/danielgrzelak/",
+ "quoteAuthorName": "Dan Grzelak",
+ "quoteAuthorProfileImageFilename": "testimonial-author-daniel-grzelak-48x48@2x.png",
+ "quoteAuthorJobTitle": "Security Chief of Staff",
+ "productCategories": [
+ "Endpoint operations",
+ "Vulnerability management",
+ "Device management"
+ ],
+ "imageHeight": 32
+ },
+ {
+ "quote": "We can build it exactly the way we want it. Which is just not possible on other platforms.",
+ "quoteAuthorName": "Austin Anderson",
+ "quoteAuthorProfileImageFilename": "testimonial-author-austin-anderson-48x48@2x.png",
+ "quoteAuthorJobTitle": "Cybersecurity team senior manager",
+ "quoteLinkUrl": "https://www.linkedin.com/in/austin-anderson-73172185/",
+ "youtubeVideoUrl": "https://www.youtube.com/watch?v=G5Ry_vQPaYc",
+ "productCategories": [
+ "Endpoint operations",
+ "Vulnerability management"
+ ],
+ "videoIdForEmbed": "G5Ry_vQPaYc"
+ },
+ {
+ "quote": "Exciting. This is a team that listens to feedback.",
+ "quoteImageFilename": "social-proof-logo-uber-71x32@2x.png",
+ "quoteLinkUrl": "https://www.linkedin.com/in/eriknicolasgomez/",
+ "quoteAuthorName": "Erik Gomez",
+ "quoteAuthorProfileImageFilename": "testimonial-author-erik-gomez-48x48@2x.png",
+ "quoteAuthorJobTitle": "Staff Client Platform Engineer",
+ "productCategories": [
+ "Endpoint operations",
+ "Device management"
+ ],
+ "imageHeight": 32
+ },
+ {
+ "quote": "Context is king for device data, and Fleet provides a way to surface that information to our other teams and partners.",
+ "quoteAuthorName": "Nick Fohs",
+ "quoteAuthorProfileImageFilename": "testimonial-author-nick-fohs-24x24@2x.png",
+ "quoteLinkUrl": "https://www.linkedin.com/in/nickfohs/",
+ "quoteAuthorJobTitle": "Systems and infrastructure manager",
+ "youtubeVideoUrl": "https://www.youtube.com/watch?v=fs5ULAR4e4A",
+ "productCategories": [
+ "Endpoint operations",
+ "Device management",
+ "Vulnerability management"
+ ],
+ "videoIdForEmbed": "fs5ULAR4e4A"
+ },
+ {
+ "quote": "Keeping up with the latest issues in endpoint security is a never-ending task, because engineers have to regularly ensure every laptop and server is still sufficiently patched and securely configured. The problem is, software vendors release new versions all the time, and no matter how much you lock it down, end users find ways to change things.",
+ "quoteImageFilename": "social-proof-logo-lyft-47x32@2x.png",
+ "quoteLinkUrl": "https://www.linkedin.com/in/nwaisman/",
+ "quoteAuthorName": "Nico Waisman",
+ "quoteAuthorProfileImageFilename": "testimonial-author-nico-waisman-48x48@2x.png",
+ "quoteAuthorJobTitle": "CISO of Lyft",
+ "productCategories": [
+ "Endpoint operations",
+ "Vulnerability management"
+ ],
+ "imageHeight": 32
+ },
+ {
+ "quote": "Having the freedom to take full advantage of the product is one of the reasons why I always support open-source products with a commercially-backed company, like Fleet.",
+ "quoteImageFilename": "social-proof-logo-lyft-47x32@2x.png",
+ "quoteLinkUrl": "https://www.linkedin.com/posts/nwaisman_movingtofleet-activity-7156319785981509632-bk_W",
+ "quoteAuthorName": "Nico Waisman",
+ "quoteAuthorProfileImageFilename": "testimonial-author-nico-waisman-48x48@2x.png",
+ "quoteAuthorJobTitle": "CISO of Lyft",
+ "productCategories": [
+ "Device management"
+ ],
+ "imageHeight": 32
+ },
+ {
+ "quote": "Fleet has been highly effective for our needs. We appreciate your team for always being so open to hearing our feedback.",
+ "quoteAuthorName": "Kenny Botelho",
+ "quoteAuthorProfileImageFilename": "testimonial-author-kenny-botelho-48x48@2x.png",
+ "quoteAuthorJobTitle": "Client Platform IT Engineer / Leader",
+ "quoteLinkUrl": "https://www.linkedin.com/in/kennybotelho/",
+ "productCategories": [
+ "Endpoint operations",
+ "Device management"
+ ]
+ },
+ {
+ "quote": "Mad props to how easy making a deploy pkg of the agent was. I wish everyone made stuff that easy.",
+ "quoteImageFilename": "social-proof-logo-stripe-67x32@2x.png",
+ "quoteAuthorName": "Wes Whetstone",
+ "quoteAuthorProfileImageFilename": "testimonial-author-wes-whetstone-48x48@2x.png",
+ "quoteLinkUrl": "https://www.linkedin.com/in/jckwhet/",
+ "quoteAuthorJobTitle": "Staff CPE at Stripe",
+ "productCategories": [
+ "Endpoint operations",
+ "Device management"
+ ],
+ "imageHeight": 32
+ },
+ {
+ "quote": "Fleet’s come a long way - to now being the top open-source osquery manager.",
+ "quoteImageFilename": "social-proof-logo-atlassian-192x32@2x.png",
+ "quoteLinkUrl": "https://www.linkedin.com/in/bshak/",
+ "quoteAuthorName": "Brendan Shaklovitz",
+ "quoteAuthorProfileImageFilename": "testimonial-author-brendan-shaklovitz-48x48@2x.png",
+ "quoteAuthorJobTitle": "Senior SRE",
+ "productCategories": [
+ "Endpoint operations"
+ ],
+ "imageHeight": 32
+ },
+ {
+ "quote": "It’s great to see the new release of Fleet containing some really cool new features that make osquery much more usable in practical environments. I’m really impressed with the work that Zach Wasserman and the crew are doing at Fleet.",
+ "quoteImageFilename": "social-proof-logo-osquery-124x32@2x.png",
+ "quoteLinkUrl": "https://www.linkedin.com/in/marpaia/",
+ "quoteAuthorName": "Mike Arpaia",
+ "quoteAuthorProfileImageFilename": "testimonial-author-mike-arpaia-48x48@2x.png",
+ "quoteAuthorJobTitle": "Creator of osquery",
+ "productCategories": [
+ "Endpoint operations"
+ ],
+ "imageHeight": 32
+ },
+ {
+ "quote": "Osquery is one of the best tools out there and Fleet makes it even better. Highly recommend it if you want to monitor, detect and investigate threats on a scale and also for infra/sys admin. I have used it on 15k servers and it’s really scalable.",
+ "quoteImageFilename": "social-proof-logo-salesforce-48x32@2x.png",
+ "quoteLinkUrl": "https://www.linkedin.com/in/anelshaer/",
+ "quoteAuthorName": "Ahmed Elshaer",
+ "quoteAuthorProfileImageFilename": "testimonial-author-ahmed-elshaer-48x48@2x.png",
+ "quoteAuthorJobTitle": "DFIR, Blue Teaming, SecOps",
+ "productCategories": [
+ "Endpoint operations"
+ ],
+ "imageHeight": 32
+ },
+ {
+ "quote": "With the power of osquery, you need a scalable & resilient platform to manage your workloads. Fleet is the \"just right\" open-source, enterprise grade solution.",
+ "quoteImageFilename": "social-proof-logo-comcast-91x32@2x.png",
+ "quoteLinkUrl": "https://www.linkedin.com/in/abubakar-yousafzai-b7213659/",
+ "quoteAuthorName": "Abubakar Yousafzai",
+ "quoteAuthorProfileImageFilename": "testimonial-author-abubakar-yousafzai-48x48@2x.png",
+ "quoteAuthorJobTitle": "Security Software Development & Engineering",
+ "productCategories": [
+ "Endpoint operations"
+ ],
+ "imageHeight": 32
+ },
+ {
+ "quote": "One of the best teams out there to go work for and help shape security platforms.",
+ "quoteImageFilename": "social-proof-logo-deloitte-130x32@2x.png",
+ "quoteLinkUrl": "https://www.linkedin.com/in/neondhruv/",
+ "quoteAuthorName": "Dhruv Majumdar",
+ "quoteAuthorProfileImageFilename": "testimonial-author-dhruv-majumdar-48x48@2x.png",
+ "quoteAuthorJobTitle": "Director Of Cyber Risk & Advisory",
+ "productCategories": [
+ "Vulnerability management",
+ "Endpoint operations"
+ ],
+ "imageHeight": 32
+ },
+ {
+ "quote": "Fleet has such a huge amount of use cases. My goal was to get telemetry on endpoints, but then our IR team, our TBM team, and multiple other folks in security started heavily utilizing the system in ways I didn’t expect. It spread so naturally, even our corporate and infrastructure teams want to run it.",
+ "quoteAuthorName": "Charles Zaffery",
+ "quoteLinkUrl": "https://www.linkedin.com/in/charleszaffery/",
+ "quoteAuthorJobTitle": "Principle computer janitor",
+ "quoteAuthorProfileImageFilename": "testimonial-author-charles-zaffery-48x48@2x.png",
+ "youtubeVideoUrl": "https://www.youtube.com/watch?v=nRbZJflWqCo",
+ "productCategories": [
+ "Endpoint operations"
+ ],
+ "videoIdForEmbed": "nRbZJflWqCo"
+ },
+ {
+ "quote": "I don't want one bad actor to brick my fleet, I want them to make a pull request first.",
+ "quoteAuthorName": "Matt Carr",
+ "quoteAuthorJobTitle": "CPE manager",
+ "quoteAuthorProfileImageFilename": "testimonial-author-matt-carr-48x48@2x.png",
+ "quoteLinkUrl": "https://www.linkedin.com/in/mathewcarr/",
+ "productCategories": [
+ "Device management"
+ ]
+ },
+ {
+ "quote": "I wanted an easy way to control osquery configurations, and I wanted to stream data as fast as possible into Snowflake. No other solution jumped out to solve those things except for Fleet.",
+ "quoteAuthorName": "Tom Larkin",
+ "quoteAuthorJobTitle": "IT Engineering Manager",
+ "quoteAuthorProfileImageFilename": "testimonial-author-tom-larkin-48x48@2x.png",
+ "quoteLinkUrl": "https://www.linkedin.com/in/thlarkin/",
+ "youtubeVideoUrl": "https://www.youtube.com/watch?v=nkjg_hNe86Q",
+ "productCategories": [
+ "Endpoint operations"
+ ],
+ "videoIdForEmbed": "nkjg_hNe86Q"
+ },
+ {
+ "quote": "Something I really appreciate about working with you guys is that it doesn't feel like I'm talking to a vendor. It actually feels like I'm talking to my team, and I really appreciate it.",
+ "quoteImageFilename": "social-proof-logo-deloitte-130x32@2x.png",
+ "quoteLinkUrl": "https://www.linkedin.com/in/cmajumdar/",
+ "quoteAuthorName": "Chandra Majumdar",
+ "quoteAuthorProfileImageFilename": "testimonial-author-chandra-majumdar-48x48@2x.png",
+ "quoteAuthorJobTitle": "Partner - Cyber and Strategic Risk",
+ "productCategories": [
+ "Vulnerability management",
+ "Endpoint operations"
+ ],
+ "imageHeight": 32
+ },
+ {
+ "quote": "This is not just production osquery, but actually a way bigger opportunity than even something like Airwatch or Jamf.",
+ "quoteImageFilename": "logo-flock-safety-907x132@2x.png",
+ "quoteLinkUrl": "https://www.linkedin.com/in/mrerictan/",
+ "quoteAuthorName": "Eric Tan",
+ "quoteAuthorProfileImageFilename": "testimonial-author-eric-tan-99x99@2x.png",
+ "quoteAuthorJobTitle": "CIO & Chief Security Officer at Flock Safety",
+ "productCategories": [
+ "Device management",
+ "Endpoint operations"
+ ],
+ "imageHeight": 132
+ }
+ ],
+ "openPositions": [
+ {
+ "jobTitle": "🚀 Software Engineer",
+ "url": "/handbook/company/open-positions/software-engineer"
+ },
+ {
+ "jobTitle": "🐋 Account Executive",
+ "url": "/handbook/company/open-positions/account-executive"
+ }
+ ],
+ "compiledPagePartialsAppPath": "views/partials/built-from-markdown"
}
}
diff --git a/website/api/controllers/articles/view-basic-article.js b/website/api/controllers/articles/view-basic-article.js
index 17b997f5f7c0..6648cebc580e 100644
--- a/website/api/controllers/articles/view-basic-article.js
+++ b/website/api/controllers/articles/view-basic-article.js
@@ -86,6 +86,7 @@ module.exports = {
pageImageForMeta: thisPage.meta.articleImageUrl || undefined,
articleCategorySlug,
currentSection,
+ algoliaPublicKey: sails.config.custom.algoliaPublicKey,
};
}
diff --git a/website/api/controllers/deliver-contact-form-message.js b/website/api/controllers/deliver-contact-form-message.js
index ea5d6251ec61..37e5693f5c0e 100644
--- a/website/api/controllers/deliver-contact-form-message.js
+++ b/website/api/controllers/deliver-contact-form-message.js
@@ -66,26 +66,9 @@ module.exports = {
throw 'invalidEmailDomain';
}
- // await sails.helpers.http.post(sails.config.custom.slackWebhookUrlForContactForm, {
- // text: `New contact form message: (Remember: we have to email back; can't just reply to this thread.) cc @sales `+
- // `Name: ${firstName + ' ' + lastName}, Email: ${emailAddress}, Message: ${message ? message : 'No message.'}`
- // });
-
- await sails.helpers.sendTemplateEmail.with({
- to: sails.config.custom.fromEmailAddress,
- replyTo: {
- name: firstName + ' '+ lastName,
- emailAddress: emailAddress,
- },
- subject: 'New contact form message',
- layout: false,
- template: 'email-contact-form',
- templateData: {
- emailAddress,
- firstName,
- lastName,
- message,
- },
+ await sails.helpers.http.post(sails.config.custom.slackWebhookUrlForContactForm, {
+ text: `New contact form message: (Remember: we have to email back; can't just reply to this thread.)`+
+ `Name: ${firstName + ' ' + lastName}, Email: ${emailAddress}, Message: ${message ? message : 'No message.'}`
});
sails.helpers.salesforce.updateOrCreateContactAndAccount.with({
diff --git a/website/api/controllers/save-questionnaire-progress.js b/website/api/controllers/save-questionnaire-progress.js
index 4e3beddf0e7f..62faf3792994 100644
--- a/website/api/controllers/save-questionnaire-progress.js
+++ b/website/api/controllers/save-questionnaire-progress.js
@@ -147,7 +147,7 @@ module.exports = {
let thirtyDaysFromNowAt = Date.now() + (1000 * 60 * 60 * 24 * 30);
let trialLicenseKeyForThisUser = await sails.helpers.createLicenseKey.with({
numberOfHosts: 10,
- organization: this.req.me.organization,
+ organization: this.req.me.organization ? this.req.me.organization : 'Fleet Premium trial',
expiresAt: thirtyDaysFromNowAt,
});
// Save the trial license key to the DB record for this user.
diff --git a/website/assets/images/articles/automatic-software-install-add-software.png b/website/assets/images/articles/automatic-software-install-add-software.png
new file mode 100644
index 000000000000..4fdd54fe6488
Binary files /dev/null and b/website/assets/images/articles/automatic-software-install-add-software.png differ
diff --git a/website/assets/images/articles/automatic-software-install-install-software.png b/website/assets/images/articles/automatic-software-install-install-software.png
new file mode 100644
index 000000000000..5e0aaef0b19e
Binary files /dev/null and b/website/assets/images/articles/automatic-software-install-install-software.png differ
diff --git a/website/assets/images/articles/automatic-software-install-policies-manage.png b/website/assets/images/articles/automatic-software-install-policies-manage.png
new file mode 100644
index 000000000000..862c98eb151b
Binary files /dev/null and b/website/assets/images/articles/automatic-software-install-policies-manage.png differ
diff --git a/website/assets/images/articles/automatic-software-install-top-image.png b/website/assets/images/articles/automatic-software-install-top-image.png
new file mode 100644
index 000000000000..ed188acd17ee
Binary files /dev/null and b/website/assets/images/articles/automatic-software-install-top-image.png differ
diff --git a/website/assets/images/articles/automatic-software-install-workflow.png b/website/assets/images/articles/automatic-software-install-workflow.png
new file mode 100644
index 000000000000..10dd582e13d9
Binary files /dev/null and b/website/assets/images/articles/automatic-software-install-workflow.png differ
diff --git a/website/assets/images/articles/fleet-4.57.0-1600x900@2x.png b/website/assets/images/articles/fleet-4.57.0-1600x900@2x.png
new file mode 100644
index 000000000000..ec48ddd12ae9
Binary files /dev/null and b/website/assets/images/articles/fleet-4.57.0-1600x900@2x.png differ
diff --git a/website/assets/images/cta-thumbnail-psystage-4-has-use-case-128x128@2x.png b/website/assets/images/cta-thumbnail-psystage-4-has-use-case-128x128@2x.png
index 29347073c01c..c00066c4087d 100644
Binary files a/website/assets/images/cta-thumbnail-psystage-4-has-use-case-128x128@2x.png and b/website/assets/images/cta-thumbnail-psystage-4-has-use-case-128x128@2x.png differ
diff --git a/website/assets/js/pages/articles/basic-article.page.js b/website/assets/js/pages/articles/basic-article.page.js
index 29112e45acba..8a1564366605 100644
--- a/website/assets/js/pages/articles/basic-article.page.js
+++ b/website/assets/js/pages/articles/basic-article.page.js
@@ -25,6 +25,20 @@ parasails.registerPage('basic-article', {
let startValue = parseInt(ol.getAttribute('start'), 10) - 1;
ol.style.counterReset = 'custom-counter ' + startValue;
});
+ if(this.algoliaPublicKey) {// Note: Docsearch will only be enabled if sails.config.custom.algoliaPublicKey is set. If the value is undefined, the handbook search will be disabled.
+ docsearch({
+ appId: 'NZXAYZXDGH',
+ apiKey: this.algoliaPublicKey,
+ indexName: 'fleetdm',
+ container: '#docsearch-query',
+ placeholder: 'Search',
+ debug: false,
+ clickAnalytics: true,
+ searchParameters: {
+ facetFilters: ['section:docs']
+ },
+ });
+ }
},
// ╦╔╗╔╔╦╗╔═╗╦═╗╔═╗╔═╗╔╦╗╦╔═╗╔╗╔╔═╗
diff --git a/website/assets/js/pages/contact.page.js b/website/assets/js/pages/contact.page.js
index 36571b672ac9..c7595825ca62 100644
--- a/website/assets/js/pages/contact.page.js
+++ b/website/assets/js/pages/contact.page.js
@@ -50,8 +50,8 @@ parasails.registerPage('contact', {
if(this.formToShow === 'contact'){
this.formToDisplay = this.formToShow;
} else if(!this.primaryBuyingSituation){
- // Default to contact form for users who have no primaryBuyingSituation set.
- this.formToDisplay = 'contact';
+ // Otherwise, default to the formToShow value from the page's controller.
+ this.formToDisplay = this.formToShow;
}
if(this.primaryBuyingSituation){ // If the user has a priamry buying situation set in their sesssion, pre-fill the form.
// Note: this will be overriden if the user is logged in and has a primaryBuyingSituation set in the database.
diff --git a/website/assets/resources/install-fleetctl.sh b/website/assets/resources/install-fleetctl.sh
index 08fb7273854a..5f5d4a2774b4 100644
--- a/website/assets/resources/install-fleetctl.sh
+++ b/website/assets/resources/install-fleetctl.sh
@@ -28,8 +28,8 @@ version_gt() {
OS="$(uname -s)"
case "${OS}" in
- Linux*) OS='linux';;
- Darwin*) OS='macos';;
+ Linux*) OS='linux' OS_DISPLAY_NAME='Linux';;
+ Darwin*) OS='macos' OS_DISPLAY_NAME='macOS';;
*) echo "Unsupported operating system: ${OS}"; exit 1;;
esac
@@ -41,7 +41,7 @@ mkdir -p "${FLEETCTL_INSTALL_DIR}"
DOWNLOAD_URL="https://github.com/fleetdm/fleet/releases/download/fleet-v${latest_strippedVersion}/fleetctl_v${latest_strippedVersion}_${OS}.tar.gz"
# Download the latest version of fleetctl and extract it.
-echo "Downloading fleetctl ${latest_strippedVersion} for ${OS}..."
+echo "Downloading fleetctl ${latest_strippedVersion} for ${OS_DISPLAY_NAME}..."
curl -sSL "$DOWNLOAD_URL" | tar -xz -C "$FLEETCTL_INSTALL_DIR" --strip-components=1 fleetctl_v"${latest_strippedVersion}"_${OS}/
echo "fleetctl installed successfully in ${FLEETCTL_INSTALL_DIR}"
echo
diff --git a/website/assets/styles/pages/articles/basic-article.less b/website/assets/styles/pages/articles/basic-article.less
index 12c5f77ea0b8..ad7025156098 100644
--- a/website/assets/styles/pages/articles/basic-article.less
+++ b/website/assets/styles/pages/articles/basic-article.less
@@ -10,8 +10,126 @@
width: 100%;
}
+ [purpose='breadcrumbs-and-search'] {
+ padding-top: 64px;
+ max-width: 1072px;
+ margin: auto;
+ font-size: 14px;
+ [purpose='breadcrumbs'] {
+ margin-right: 24px;
+ }
+ [purpose='search'] {
+ // Note: We're using classes here to override the default Docsearch styles;
+ button {
+ width: 100%;
+ cursor: text;
+ margin: 0;
+ }
+ .DocSearch-Button {
+ border-top-left-radius: 6px;
+ border-bottom-left-radius: 6px;
+ border-top-right-radius: 6px;
+ border-bottom-right-radius: 6px;
+ border: 1px solid @core-fleet-black-25;
+ background-color: #FFF;
+ padding: 6px;
+ height: 36px;
+ margin: 0;
+ width: 256px;
+ }
+ .DocSearch-Button:hover {
+ box-shadow: none;
+ border: 1px solid @core-fleet-black-25;
+ color: @core-fleet-black-50;
+ }
+ .DocSearch-Search-Icon {
+ margin-left: 10px;
+ height: 16px;
+ width: 16px;
+ color: @core-fleet-black-50;
+ stroke-width: 3px;
+ }
+ .DocSearch-Button-Keys {
+ display: none;
+ }
+ .input-group:focus-within {
+ border: 1px solid @core-vibrant-blue;
+ }
+ .DocSearch-Button-Placeholder {
+ font-size: 16px;
+ font-weight: 400;
+ padding-left: 12px;
+ }
+ [purpose='disabled-search'] {
+ input {
+ padding-top: 6px;
+ padding-bottom: 6px;
+ border: none;
+ } &::placeholder {
+ font-size: 16px;
+ line-height: 24px;
+ color: #8B8FA2;
+ }
+ .input-group {
+ border-top-left-radius: 6px;
+ border-bottom-left-radius: 6px;
+ border-top-right-radius: 6px;
+ border-bottom-right-radius: 6px;
+ border: 1px solid @core-fleet-black-25;
+ background: #FFF;
+ }
+ .input-group:focus-within {
+ border: 1px solid @core-vibrant-blue;
+ }
+ .form-control {
+ border-radius: 6px;
+ padding: 6px;
+ height: 36px;
+ margin: 0;
+ width: 212px;
+ }
+ .docsearch-input:focus-visible {
+ outline: none;
+ }
+ .ds-input:focus {
+ outline: rgba(0, 0, 0, 0);
+ }
+ .input-group-text {
+ color: @core-fleet-black-50;
+ }
+ .form-control {
+ height: 36px;
+ padding: 0px;
+ font-size: 16px;
+ } &:focus {
+ border: none;
+ }
+ }
+ }
+
+ [purpose='breadcrumbs-category'] {
+ color: #8B8FA2;
+ text-transform: capitalize;
+ margin-right: 8px;
+ &:hover {
+ color: #192147;
+ text-decoration: none;
+ }
+ }
+ [purpose='breadcrumbs-title'] {
+ margin-left: 8px;
+ }
+
+ }
+ [purpose='article-container'] {
+ max-width: 800px;
+ margin: auto;
+ display: flex;
+ flex-direction: column;
+
+ }
[purpose='article-title'] {
- padding-top: 80px;
+ padding-top: 64px;
margin-bottom: 28px;
h1 {
margin-bottom: 4px;
@@ -107,8 +225,8 @@
}
}
[purpose='article-content'] {
- padding-top: 24px;
- padding-bottom: 24px;
+ padding-top: 40px;
+ padding-bottom: 40px;
word-wrap: break-word;
h1:first-of-type {
display: none;
@@ -126,8 +244,13 @@
padding: 24px 0px 16px 0px;
}
a {
- color: @core-vibrant-blue;
+ color: @core-fleet-black-75;
word-break: break-word;
+ text-decoration: underline;
+ text-underline-offset: 2px;
+ &:hover {
+ color: @core-fleet-black-75;
+ }
}
h2 {
font-size: 24px;
@@ -429,6 +552,18 @@
[purpose='article-content'] {
padding-bottom: 0px;
}
+ [purpose='breadcrumbs-and-search'] {
+ [purpose='breadcrumbs'] {
+ margin-bottom: 24px;
+ margin-right: auto;
+ }
+ [purpose='search'] {
+ width: 100%;
+ .DocSearch-Button {
+ width: 100%;
+ }
+ }
+ }
}
@media (max-width: 769px) {
@@ -449,6 +584,10 @@
margin-bottom: 16px;
}
}
+ [purpose='breadcrumbs-and-search'] {
+ padding-top: 32px;
+
+ }
}
@media (max-width: 576px) {
diff --git a/website/config/routes.js b/website/config/routes.js
index 2252a7072945..496eaf759781 100644
--- a/website/config/routes.js
+++ b/website/config/routes.js
@@ -324,6 +324,7 @@ module.exports.routes = {
'GET /use-cases/get-and-stay-compliant-across-your-devices-with-fleet': '/securing/get-and-stay-compliant-across-your-devices-with-fleet',
'GET /use-cases/import-and-export-queries-and-packs-in-fleet': '/guides/import-and-export-queries-and-packs-in-fleet',
'GET /guides/import-and-export-queries-and-packs-in-fleet': '/guides/import-and-export-queries-in-fleet',
+ 'GET /guides/deploy-security-agents': '/guides/deploy-software-packages',
'GET /use-cases/locate-assets-with-osquery': '/guides/locate-assets-with-osquery',
'GET /use-cases/osquery-a-tool-to-easily-ask-questions-about-operating-systems': '/guides/osquery-a-tool-to-easily-ask-questions-about-operating-systems',
'GET /use-cases/osquery-consider-joining-against-the-users-table': '/guides/osquery-consider-joining-against-the-users-table',
@@ -352,6 +353,11 @@ module.exports.routes = {
'GET /device-management/fleet-user-stories-wayfair': '/success-stories/fleet-user-stories-wayfair',
'GET /handbook/security': '/handbook/digital-experience/security',
'GET /handbook/security/security-policies':'/handbook/digital-experience/security-policies#information-security-policy-and-acceptable-use-policy',// « reasoning: https://github.com/fleetdm/fleet/pull/9624
+ 'GET /handbook/business-operations/security-policies':'/handbook/digital-experience/security-policies',
+ 'GET /handbook/business-operations/application-security': '/handbook/digital-experience/application-security',
+ 'GET /handbook/business-operations/security-audits': '/handbook/digital-experience/security-audits',
+ 'GET /handbook/business-operations/security': '/handbook/digital-experience/security',
+ 'GET /handbook/business-operations/vendor-questionnaires': '/handbook/digital-experience/vendor-questionnaires',
'GET /handbook/handbook': '/handbook/company/handbook',
'GET /handbook/company/development-groups': '/handbook/company/product-groups',
'GET /docs/using-fleet/mdm-macos-settings': '/docs/using-fleet/mdm-custom-macos-settings',
@@ -559,7 +565,16 @@ module.exports.routes = {
'GET /learn-more-about/host-identifiers': '/docs/rest-api/rest-api#get-host-by-identifier',
'GET /learn-more-about/uninstall-fleetd': '/docs/using-fleet/faq#how-can-i-uninstall-fleetd',
'GET /learn-more-about/vulnerability-processing': '/docs/using-fleet/vulnerability-processing',
+ 'GET /learn-more-about/dep-profile': 'https://developer.apple.com/documentation/devicemanagement/define_a_profile',
+ 'GET /learn-more-about/apple-business-manager-tokens-api': '/docs/rest-api/rest-api#list-apple-business-manager-abm-tokens',
+ 'GET /learn-more-about/apple-business-manager-teams-api': 'https://github.com/fleetdm/fleet/blob/main/docs/Contributing/API-for-contributors.md#update-abm-tokens-teams',
+ 'GET /learn-more-about/apple-business-manager-gitops': '/docs/using-fleet/gitops#apple-business-manager',
'GET /learn-more-about/s3-bootstrap-package': '/docs/configuration/fleet-server-configuration#s-3-software-installers-bucket',
+ 'GET /learn-more-about/policy-automation-install-software': '/guides/automatic-software-install-in-fleet',
+ 'GET /learn-more-about/exe-install-scripts': '/guides/exe-install-scripts',
+ 'GET /learn-more-about/install-scripts': '/guides/deploy-software-packages#install-script',
+ 'GET /learn-more-about/uninstall-scripts': '/guides/deploy-software-packages#uninstall-script',
+ 'GET /learn-more-about/read-package-version': '/guides/deploy-software-packages##add-a-software-package-to-a-team',
// Sitemap
// =============================================================================================================
diff --git a/website/views/layouts/layout.ejs b/website/views/layouts/layout.ejs
index 702ba0d5f58c..c8a438213faf 100644
--- a/website/views/layouts/layout.ejs
+++ b/website/views/layouts/layout.ejs
@@ -169,7 +169,7 @@
Docs
REST API
Guides
- <%= ['eo-it', 'mdm'].includes(primaryBuyingSituation) ? 'Device health checks' : 'Built-in queries' %>
+ Built-in queries
Data tables
SUPPORT
[Zach Wasserman](https://www.linkedin.com/in/zacharywasserman/) _([@zwass](https://github.com/zwass))_
[Allen Houchins](https://www.linkedin.com/in/allenhouchins/) _([@allenhouchins](https://github.com/allenhouchins))_
[Harrison Ravazzolo](https://www.linkedin.com/in/harrison-ravazzolo/) _([@harrisonravazzolo](https://github.com/harrisonravazzolo))_ | Channel Sales | [Tom Ostertag](https://www.linkedin.com/in/tom-ostertag-77212791/) _([@tomostertag](https://github.com/TomOstertag))_ -| Account Executive (AE) | [Patricia Ambrus](https://www.linkedin.com/in/pambrus/) _([@ambrusps](https://github.com/ambrusps))_
[Anthony Snyder](https://www.linkedin.com/in/anthonysnyder8/) _([@anthonysnyder8](https://github.com/AnthonySnyder8))_
[Paul Tardif](https://www.linkedin.com/in/paul-t-750833/) _([@phtardif1](https://github.com/phtardif1))_ +| Account Executive (AE) | [Patricia Ambrus](https://www.linkedin.com/in/pambrus/) _([@ambrusps](https://github.com/ambrusps))_
[Anthony Snyder](https://www.linkedin.com/in/anthonysnyder8/) _([@anthonysnyder8](https://github.com/AnthonySnyder8))_
[Paul Tardif](https://www.linkedin.com/in/paul-t-750833/) _([@phtardif1](https://github.com/phtardif1))_
[Kendra McKeever](https://www.linkedin.com/in/kendramckeever/) _([@KendraAtFleet](https://github.com/KendraAtFleet))_ ## Contact us diff --git a/infrastructure/dogfood/terraform/aws/variables.tf b/infrastructure/dogfood/terraform/aws/variables.tf index db7a79e5e140..2020de2f8306 100644 --- a/infrastructure/dogfood/terraform/aws/variables.tf +++ b/infrastructure/dogfood/terraform/aws/variables.tf @@ -56,7 +56,7 @@ variable "database_name" { variable "fleet_image" { description = "the name of the container image to run" - default = "fleetdm/fleet:v4.56.0" + default = "fleetdm/fleet:v4.57.0" } variable "software_inventory" { diff --git a/infrastructure/dogfood/terraform/gcp/variables.tf b/infrastructure/dogfood/terraform/gcp/variables.tf index ba81f4af537b..906a58c153f8 100644 --- a/infrastructure/dogfood/terraform/gcp/variables.tf +++ b/infrastructure/dogfood/terraform/gcp/variables.tf @@ -68,7 +68,7 @@ variable "redis_mem" { } variable "image" { - default = "fleetdm/fleet:v4.56.0" + default = "fleetdm/fleet:v4.57.0" } variable "software_installers_bucket_name" { diff --git a/infrastructure/loadtesting/terraform/ecs.tf b/infrastructure/loadtesting/terraform/ecs.tf index cce392657a78..2327c2787b78 100644 --- a/infrastructure/loadtesting/terraform/ecs.tf +++ b/infrastructure/loadtesting/terraform/ecs.tf @@ -203,7 +203,11 @@ resource "aws_ecs_task_definition" "backend" { { name = "FLEET_OSQUERY_ASYNC_HOST_REDIS_SCAN_KEYS_COUNT" value = "10000" - } + }, + { + name = "FLEET_S3_SOFTWARE_INSTALLERS_BUCKET" + value = aws_s3_bucket.software_installers.bucket + }, ], local.additional_env_vars) } ]) @@ -329,18 +333,18 @@ resource "aws_appautoscaling_policy" "ecs_policy_cpu" { resource "random_password" "fleet_server_private_key" { length = 32 special = true -} - -resource "aws_secretsmanager_secret" "fleet_server_private_key" { +} + +resource "aws_secretsmanager_secret" "fleet_server_private_key" { name = "${terraform.workspace}-fleet-server-private-key" recovery_window_in_days = "0" lifecycle { create_before_destroy = true } -} - +} + resource "aws_secretsmanager_secret_version" "fleet_server_private_key" { secret_id = aws_secretsmanager_secret.fleet_server_private_key.id secret_string = random_password.fleet_server_private_key.result -} +} diff --git a/infrastructure/loadtesting/terraform/rds.tf b/infrastructure/loadtesting/terraform/rds.tf index 87dea8134898..b70d4de1cfca 100644 --- a/infrastructure/loadtesting/terraform/rds.tf +++ b/infrastructure/loadtesting/terraform/rds.tf @@ -26,10 +26,10 @@ module "aurora_mysql" { #tfsec:ignore:aws-rds-enable-performance-insights-encryp source = "terraform-aws-modules/rds-aurora/aws" version = "7.7.1" - name = "${local.name}-mysql" - engine = "aurora-mysql" - engine_version = "8.0.mysql_aurora.3.05.2" - instance_class = var.db_instance_type + name = "${local.name}-mysql" + engine = "aurora-mysql" + engine_version = "8.0.mysql_aurora.3.05.2" + instance_class = var.db_instance_type instances = { one = {} diff --git a/infrastructure/loadtesting/terraform/s3.tf b/infrastructure/loadtesting/terraform/s3.tf new file mode 100644 index 000000000000..ca15b37dba49 --- /dev/null +++ b/infrastructure/loadtesting/terraform/s3.tf @@ -0,0 +1,46 @@ +data "aws_iam_policy_document" "software_installers" { + statement { + actions = [ + "s3:GetObject*", + "s3:PutObject*", + "s3:ListBucket*", + "s3:ListMultipartUploadParts*", + "s3:DeleteObject", + "s3:CreateMultipartUpload", + "s3:AbortMultipartUpload", + "s3:ListMultipartUploadParts", + "s3:GetBucketLocation" + ] + resources = [aws_s3_bucket.software_installers.arn, "${aws_s3_bucket.software_installers.arn}/*"] + } +} + +resource "aws_iam_policy" "software_installers" { + policy = data.aws_iam_policy_document.software_installers.json +} + +resource "aws_iam_role_policy_attachment" "software_installers" { + policy_arn = aws_iam_policy.software_installers.arn + role = aws_iam_role.main.name +} + +resource "aws_s3_bucket" "software_installers" { #tfsec:ignore:aws-s3-encryption-customer-key:exp:2022-07-01 #tfsec:ignore:aws-s3-enable-versioning #tfsec:ignore:aws-s3-enable-bucket-logging:exp:2022-06-15 + bucket_prefix = terraform.workspace +} + +resource "aws_s3_bucket_server_side_encryption_configuration" "software_installers" { + bucket = aws_s3_bucket.software_installers.bucket + rule { + apply_server_side_encryption_by_default { + sse_algorithm = "aws:kms" + } + } +} + +resource "aws_s3_bucket_public_access_block" "software_installers" { + bucket = aws_s3_bucket.software_installers.id + block_public_acls = true + block_public_policy = true + ignore_public_acls = true + restrict_public_buckets = true +} diff --git a/it-and-security/default.yml b/it-and-security/default.yml index 52baadb564d1..9b60ffb92cd7 100644 --- a/it-and-security/default.yml +++ b/it-and-security/default.yml @@ -1,27 +1,5 @@ agent_options: path: ./lib/agent-options.yml -controls: - enable_disk_encryption: true - macos_migration: - enable: true - mode: voluntary - webhook_url: $DOGFOOD_MACOS_MIGRATION_WEBHOOK_URL - macos_settings: - custom_settings: null - macos_setup: - bootstrap_package: "" - enable_end_user_authentication: false - macos_setup_assistant: null - macos_updates: - deadline: "2023-06-13" - minimum_version: 13.4.1 - windows_enabled_and_configured: true - windows_settings: - custom_settings: [] - windows_updates: - deadline_days: 3 - grace_period_days: 2 - scripts: [] org_settings: features: enable_host_users: true @@ -90,4 +68,3 @@ org_settings: policies: queries: - path: ./lib/collect-fleetd-update-channels.queries.yml -software: diff --git a/it-and-security/lib/configuration-profiles/macos-ensure-show-status-bar-is-enabled.mobileconfig b/it-and-security/lib/configuration-profiles/macos-ensure-show-status-bar-is-enabled.mobileconfig new file mode 100644 index 000000000000..393f4ffbb544 --- /dev/null +++ b/it-and-security/lib/configuration-profiles/macos-ensure-show-status-bar-is-enabled.mobileconfig @@ -0,0 +1,37 @@ + + +
diff --git a/website/views/pages/articles/basic-article.ejs b/website/views/pages/articles/basic-article.ejs
index bbcd597ebfad..e72f85219d13 100644
--- a/website/views/pages/articles/basic-article.ejs
+++ b/website/views/pages/articles/basic-article.ejs
@@ -1,32 +1,60 @@
-
-
-
- <%=thisPage.meta.articleTitle %>
-{{articleSubtitle}}
-
-
- ![The author's GitHub profile picture]()
-
<%=thisPage.meta.authorFullName %>
+
+
+
-
+
+
-
-
+ {{thisPage.meta.articleTitle}}
+
Edit page
+
- <%- partial(path.relative(path.dirname(__filename), path.resolve( sails.config.appPath, path.join(sails.config.builtStaticContent.compiledPagePartialsAppPath, thisPage.htmlId)))) %>
-
- -
-
Get started
-
-
- Start now
-
- Talk to us
+
diff --git a/website/views/pages/pricing.ejs b/website/views/pages/pricing.ejs
index fe1865886a5e..0a739c7529a7 100644
--- a/website/views/pages/pricing.ejs
+++ b/website/views/pages/pricing.ejs
@@ -380,7 +380,7 @@
+
+
+
+
+ <%=thisPage.meta.articleTitle %>
+{{articleSubtitle}}
+
+ <%- partial(path.relative(path.dirname(__filename), path.resolve( sails.config.appPath, path.join(sails.config.builtStaticContent.compiledPagePartialsAppPath, thisPage.htmlId)))) %>
+
+ +
+
Get started
+
+
+ Start now
+
+ Talk to us
+
-
Couldn’t find an answer? Message us.
+Couldn’t find an answer? Talk to us.