2024-06-12 22:29:19 +00:00
# REST API
2021-05-13 20:09:22 +00:00
2020-12-24 22:12:44 +00:00
- [Authentication ](#authentication )
2022-05-02 13:55:27 +00:00
- [Activities ](#activities )
- [Fleet configuration ](#fleet-configuration )
- [File carving ](#file-carving )
2020-12-24 22:12:44 +00:00
- [Hosts ](#hosts )
2021-02-11 16:38:31 +00:00
- [Labels ](#labels )
2023-04-11 13:18:32 +00:00
- [Mobile device management (MDM) ](#mobile-device-management-mdm )
2021-08-25 21:05:48 +00:00
- [Policies ](#policies )
2022-05-02 13:55:27 +00:00
- [Queries ](#queries )
2023-07-31 23:05:16 +00:00
- [Schedule (deprecated) ](#schedule )
2023-08-21 18:47:19 +00:00
- [Scripts ](#scripts )
2022-05-02 13:55:27 +00:00
- [Sessions ](#sessions )
- [Software ](#software )
2021-02-18 20:54:06 +00:00
- [Targets ](#targets )
2021-06-09 23:11:48 +00:00
- [Teams ](#teams )
2021-07-21 17:03:10 +00:00
- [Translator ](#translator )
2022-05-02 13:55:27 +00:00
- [Users ](#users )
Add UUID to Fleet errors and clean up error msgs (#10411)
#8129
Apart from fixing the issue in #8129, this change also introduces UUIDs
to Fleet errors. To be able to match a returned error from the API to a
error in the Fleet logs. See
https://fleetdm.slack.com/archives/C019WG4GH0A/p1677780622769939 for
more context.
Samples with the changes in this PR:
```
curl -k -H "Authorization: Bearer $TEST_TOKEN" -H 'Content-Type:application/json' "https://localhost:8080/api/v1/fleet/sso" -d ''
{
"message": "Bad request",
"errors": [
{
"name": "base",
"reason": "Expected JSON Body"
}
],
"uuid": "a01f6e10-354c-4ff0-b96e-1f64adb500b0"
}
```
```
curl -k -H "Authorization: Bearer $TEST_TOKEN" -H 'Content-Type:application/json' "https://localhost:8080/api/v1/fleet/sso" -d 'asd'
{
"message": "Bad request",
"errors": [
{
"name": "base",
"reason": "json decoder error"
}
],
"uuid": "5f716a64-7550-464b-a1dd-e6a505a9f89d"
}
```
```
curl -k -X GET -H "Authorization: Bearer badtoken" "https://localhost:8080/api/latest/fleet/teams"
{
"message": "Authentication required",
"errors": [
{
"name": "base",
"reason": "Authentication required"
}
],
"uuid": "efe45bc0-f956-4bf9-ba4f-aa9020a9aaaf"
}
```
```
curl -k -X PATCH -H "Authorization: Bearer $TEST_TOKEN" "https://localhost:8080/api/latest/fleet/users/14" -d '{"name": "Manuel2", "password": "what", "new_password": "p4ssw0rd.12345"}'
{
"message": "Authorization header required",
"errors": [
{
"name": "base",
"reason": "Authorization header required"
}
],
"uuid": "57f78cd0-4559-464f-9df7-36c9ef7c89b3"
}
```
```
curl -k -X PATCH -H "Authorization: Bearer $TEST_TOKEN" "https://localhost:8080/api/latest/fleet/users/14" -d '{"name": "Manuel2", "password": "what", "new_password": "p4ssw0rd.12345"}'
{
"message": "Permission Denied",
"uuid": "7f0220ad-6de7-4faf-8b6c-8d7ff9d2ca06"
}
```
- [X] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [X] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)
- ~[ ] Documented any permissions changes~
- ~[ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)~
- ~[ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.~
- [X] Added/updated tests
- [X] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [X] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- ~[ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).~
2023-03-13 16:44:06 +00:00
- [API errors ](#api-responses )
2020-12-24 22:12:44 +00:00
2022-09-22 21:41:57 +00:00
Use the Fleet APIs to automate Fleet.
2020-12-24 22:12:44 +00:00
2022-09-22 21:41:57 +00:00
This page includes a list of available resources and their API routes.
2021-06-28 18:41:01 +00:00
2020-12-24 22:12:44 +00:00
## Authentication
2022-10-05 16:42:45 +00:00
- [Retrieve your API token ](#retrieve-your-api-token )
2021-01-28 23:40:49 +00:00
- [Log in ](#log-in )
- [Log out ](#log-out )
- [Forgot password ](#forgot-password )
- [Change password ](#change-password )
2021-03-09 15:50:48 +00:00
- [Reset password ](#reset-password )
2021-01-28 23:40:49 +00:00
- [Me ](#me )
- [SSO config ](#sso-config )
- [Initiate SSO ](#initiate-sso )
2021-04-29 14:45:43 +00:00
- [SSO callback ](#sso-callback )
2021-01-28 23:40:49 +00:00
2022-10-05 16:42:45 +00:00
### Retrieve your API token
2021-06-18 16:42:20 +00:00
All API requests to the Fleet server require API token authentication unless noted in the documentation. API tokens are tied to your Fleet user account.
2020-12-24 22:12:44 +00:00
2023-09-27 22:53:04 +00:00
To get an API token, retrieve it from "My account" > "Get API token" in the Fleet UI (`/profile`). Or, you can send a request to the [login API endpoint ](#log-in ) to get your token.
2020-12-24 22:12:44 +00:00
2021-02-10 00:38:18 +00:00
Then, use that API token to authenticate all subsequent API requests by sending it in the "Authorization" request header, prefixed with "Bearer ":
2020-12-24 22:12:44 +00:00
2023-09-22 21:57:40 +00:00
```http
2020-12-24 22:12:44 +00:00
Authorization: Bearer < your token >
```
2021-06-24 20:42:29 +00:00
> For SSO users, email/password login is disabled. The API token can instead be retrieved from the "My account" page in the UI (/profile). On this page, choose "Get API token".
2020-12-24 22:12:44 +00:00
### Log in
Authenticates the user with the specified credentials. Use the token returned from this endpoint to authenticate further API requests.
2022-04-14 21:33:52 +00:00
`POST /api/v1/fleet/login`
2020-12-24 22:12:44 +00:00
2021-06-24 20:42:29 +00:00
> This API endpoint is not available to SSO users, since email/password login is disabled for SSO users. To get an API token for an SSO user, you can use the Fleet UI.
2021-06-10 17:54:12 +00:00
2020-12-24 22:12:44 +00:00
#### Parameters
| Name | Type | In | Description |
| -------- | ------ | ---- | --------------------------------------------- |
2021-06-24 20:42:29 +00:00
| email | string | body | **Required** . The user's email. |
2020-12-24 22:12:44 +00:00
| password | string | body | **Required** . The user's plain text password. |
#### Example
2022-04-14 21:33:52 +00:00
`POST /api/v1/fleet/login`
2020-12-24 22:12:44 +00:00
##### Request body
2021-09-16 07:45:14 +00:00
```json
2020-12-24 22:12:44 +00:00
{
2021-06-24 20:42:29 +00:00
"email": "janedoe@example.com",
2021-02-10 00:38:18 +00:00
"password": "VArCjNW7CfsxGp67"
2020-12-24 22:12:44 +00:00
}
```
##### Default response
`Status: 200`
2021-09-10 00:04:58 +00:00
```json
2020-12-24 22:12:44 +00:00
{
"user": {
"created_at": "2020-11-13T22:57:12Z",
"updated_at": "2020-11-13T22:57:12Z",
"id": 1,
2021-06-24 20:42:29 +00:00
"name": "Jane Doe",
2020-12-24 22:12:44 +00:00
"email": "janedoe@example.com",
"enabled": true,
"force_password_reset": false,
"gravatar_url": "",
2021-06-09 23:11:48 +00:00
"sso_enabled": false,
"global_role": "admin",
"teams": []
2020-12-24 22:12:44 +00:00
},
"token": "{your token}"
}
```
2023-09-26 15:33:35 +00:00
##### Authentication failed
`Status: 401 Unauthorized`
```json
{
"message": "Authentication failed",
"errors": [
{
"name": "base",
"reason": "Authentication failed"
}
],
"uuid": "1272014b-902b-4b36-bcdb-75fde5eac1fc"
}
```
##### Too many requests / Rate limiting
`Status: 429 Too Many Requests`
`Header: retry-after: N`
> This response includes a header `retry-after` that indicates how many more seconds you are blocked before you can try again.
```json
{
"message": "limit exceeded, retry after: Ns",
"errors": [
{
"name": "base",
"reason": "limit exceeded, retry after: Ns"
}
]
}
```
2020-12-24 22:12:44 +00:00
---
### Log out
Logs out the authenticated user.
2022-04-14 21:33:52 +00:00
`POST /api/v1/fleet/logout`
2020-12-24 22:12:44 +00:00
#### Example
2022-04-14 21:33:52 +00:00
`POST /api/v1/fleet/logout`
2020-12-24 22:12:44 +00:00
##### Default response
`Status: 200`
---
### Forgot password
2023-04-07 20:32:08 +00:00
Sends a password reset email to the specified email. Requires that SMTP or SES is configured for your Fleet server.
2020-12-24 22:12:44 +00:00
2022-04-14 21:33:52 +00:00
`POST /api/v1/fleet/forgot_password`
2020-12-24 22:12:44 +00:00
#### Parameters
| Name | Type | In | Description |
| ----- | ------ | ---- | ----------------------------------------------------------------------- |
| email | string | body | **Required** . The email of the user requesting the reset password link. |
#### Example
2022-04-14 21:33:52 +00:00
`POST /api/v1/fleet/forgot_password`
2020-12-24 22:12:44 +00:00
##### Request body
2021-09-16 07:45:14 +00:00
```json
2020-12-24 22:12:44 +00:00
{
"email": "janedoe@example.com"
}
```
##### Default response
`Status: 200`
##### Unknown error
`Status: 500`
2021-09-16 07:45:14 +00:00
```json
2020-12-24 22:12:44 +00:00
{
"message": "Unknown Error",
"errors": [
{
"name": "base",
2022-05-09 17:08:37 +00:00
"reason": "email not configured"
2020-12-24 22:12:44 +00:00
}
]
}
```
---
### Change password
2022-04-14 21:33:52 +00:00
`POST /api/v1/fleet/change_password`
2020-12-24 22:12:44 +00:00
Changes the password for the authenticated user.
#### Parameters
| Name | Type | In | Description |
| ------------ | ------ | ---- | -------------------------------------- |
| old_password | string | body | **Required** . The user's old password. |
| new_password | string | body | **Required** . The user's new password. |
#### Example
2022-04-14 21:33:52 +00:00
`POST /api/v1/fleet/change_password`
2020-12-24 22:12:44 +00:00
##### Request body
2021-09-16 07:45:14 +00:00
```json
2020-12-24 22:12:44 +00:00
{
"old_password": "VArCjNW7CfsxGp67",
2021-03-08 16:13:06 +00:00
"new_password": "zGq7mCLA6z4PzArC"
2020-12-24 22:12:44 +00:00
}
```
##### Default response
`Status: 200`
##### Validation failed
`Status: 422 Unprocessable entity`
2021-09-16 07:45:14 +00:00
```json
2020-12-24 22:12:44 +00:00
{
"message": "Validation Failed",
"errors": [
{
"name": "old_password",
"reason": "old password does not match"
}
]
}
```
2021-03-09 15:50:48 +00:00
### Reset password
Resets a user's password. Which user is determined by the password reset token used. The password reset token can be found in the password reset email sent to the desired user.
2022-04-14 21:33:52 +00:00
`POST /api/v1/fleet/reset_password`
2021-03-09 15:50:48 +00:00
#### Parameters
2021-05-13 20:09:22 +00:00
| Name | Type | In | Description |
| ------------------------- | ------ | ---- | ------------------------------------------------------------------------- |
| new_password | string | body | **Required** . The new password. |
| new_password_confirmation | string | body | **Required** . Confirmation for the new password. |
| password_reset_token | string | body | **Required** . The token provided to the user in the password reset email. |
2021-03-09 15:50:48 +00:00
#### Example
2022-04-14 21:33:52 +00:00
`POST /api/v1/fleet/reset_password`
2021-03-09 15:50:48 +00:00
##### Request body
2021-09-16 07:45:14 +00:00
```json
2021-03-09 15:50:48 +00:00
{
2021-09-21 01:59:45 +00:00
"new_password": "abc123",
"new_password_confirmation": "abc123",
2021-03-09 15:50:48 +00:00
"password_reset_token": "UU5EK0JhcVpsRkY3NTdsaVliMEZDbHJ6TWdhK3oxQ1Q="
}
```
##### Default response
`Status: 200`
2020-12-24 22:12:44 +00:00
---
### Me
Retrieves the user data for the authenticated user.
2022-04-14 21:33:52 +00:00
`GET /api/v1/fleet/me`
2020-12-24 22:12:44 +00:00
#### Example
2022-04-14 21:33:52 +00:00
`GET /api/v1/fleet/me`
2020-12-24 22:12:44 +00:00
##### Default response
`Status: 200`
2021-09-16 07:45:14 +00:00
```json
2020-12-24 22:12:44 +00:00
{
"user": {
"created_at": "2020-11-13T22:57:12Z",
"updated_at": "2020-11-16T23:49:41Z",
"id": 1,
2021-06-24 20:42:29 +00:00
"name": "Jane Doe",
2020-12-24 22:12:44 +00:00
"email": "janedoe@example.com",
2021-06-09 23:11:48 +00:00
"global_role": "admin",
2020-12-24 22:12:44 +00:00
"enabled": true,
"force_password_reset": false,
"gravatar_url": "",
2021-06-09 23:11:48 +00:00
"sso_enabled": false,
"teams": []
2020-12-24 22:12:44 +00:00
}
}
```
---
### Perform required password reset
Resets the password of the authenticated user. Requires that `force_password_reset` is set to `true` prior to the request.
2022-04-14 21:33:52 +00:00
`POST /api/v1/fleet/perform_required_password_reset`
2020-12-24 22:12:44 +00:00
#### Example
2022-04-14 21:33:52 +00:00
`POST /api/v1/fleet/perform_required_password_reset`
2020-12-24 22:12:44 +00:00
##### Request body
2021-09-16 07:45:14 +00:00
```json
2020-12-24 22:12:44 +00:00
{
"new_password": "sdPz8CV5YhzH47nK"
}
```
##### Default response
`Status: 200`
2021-09-16 07:45:14 +00:00
```json
2020-12-24 22:12:44 +00:00
{
"user": {
"created_at": "2020-11-13T22:57:12Z",
"updated_at": "2020-11-17T00:09:23Z",
"id": 1,
2021-06-24 20:42:29 +00:00
"name": "Jane Doe",
2020-12-24 22:12:44 +00:00
"email": "janedoe@example.com",
"enabled": true,
"force_password_reset": false,
"gravatar_url": "",
2021-06-09 23:11:48 +00:00
"sso_enabled": false,
"global_role": "admin",
"teams": []
2020-12-24 22:12:44 +00:00
}
}
```
---
### SSO config
Gets the current SSO configuration.
2022-04-14 21:33:52 +00:00
`GET /api/v1/fleet/sso`
2020-12-24 22:12:44 +00:00
#### Example
2022-04-14 21:33:52 +00:00
`GET /api/v1/fleet/sso`
2020-12-24 22:12:44 +00:00
##### Default response
`Status: 200`
2021-09-16 07:45:14 +00:00
```json
2020-12-24 22:12:44 +00:00
{
"settings": {
"idp_name": "IDP Vendor 1",
"idp_image_url": "",
"sso_enabled": false
}
}
```
---
### Initiate SSO
2022-04-14 21:33:52 +00:00
`POST /api/v1/fleet/sso`
2020-12-24 22:12:44 +00:00
#### Parameters
2021-05-13 20:09:22 +00:00
| Name | Type | In | Description |
| --------- | ------ | ---- | --------------------------------------------------------------------------- |
2021-02-25 19:43:15 +00:00
| relay_url | string | body | **Required** . The relative url to be navigated to after successful sign in. |
2020-12-24 22:12:44 +00:00
#### Example
2022-04-14 21:33:52 +00:00
`POST /api/v1/fleet/sso`
2020-12-24 22:12:44 +00:00
##### Request body
2021-09-16 07:45:14 +00:00
```json
2020-12-24 22:12:44 +00:00
{
"relay_url": "/hosts/manage"
}
```
##### Default response
`Status: 200`
##### Unknown error
`Status: 500`
2021-09-16 07:45:14 +00:00
```json
2020-12-24 22:12:44 +00:00
{
"message": "Unknown Error",
"errors": [
{
"name": "base",
"reason": "InitiateSSO getting metadata: Get \"https://idp.example.org/idp-meta.xml\": dial tcp: lookup idp.example.org on [2001:558:feed::1]:53: no such host"
}
]
}
```
2021-04-29 14:45:43 +00:00
### SSO callback
This is the callback endpoint that the identity provider will use to send security assertions to Fleet. This is where Fleet receives and processes the response from the identify provider.
2022-04-14 21:33:52 +00:00
`POST /api/v1/fleet/sso/callback`
2021-04-29 14:45:43 +00:00
#### Parameters
2021-05-13 20:09:22 +00:00
| Name | Type | In | Description |
| ------------ | ------ | ---- | ----------------------------------------------------------- |
2021-04-29 14:45:43 +00:00
| SAMLResponse | string | body | **Required** . The SAML response from the identity provider. |
#### Example
2022-04-14 21:33:52 +00:00
`POST /api/v1/fleet/sso/callback`
2021-04-29 14:45:43 +00:00
##### Request body
2021-09-16 07:45:14 +00:00
```json
2021-04-29 14:45:43 +00:00
{
"SAMLResponse": "< SAML response from IdP > "
}
```
##### Default response
`Status: 200`
2020-12-24 22:12:44 +00:00
---
2022-05-02 13:55:27 +00:00
## Activities
2020-12-24 22:12:44 +00:00
2022-05-02 13:55:27 +00:00
### List activities
2021-06-28 18:41:01 +00:00
2023-07-27 22:40:01 +00:00
Returns a list of the activities that have been performed in Fleet as well as additional metadata.
for pagination. For a comprehensive list of activity types and detailed information, please see the [audit logs ](https://fleetdm.com/docs/using-fleet/audit-activities ) page.
2020-12-24 22:12:44 +00:00
2022-05-02 13:55:27 +00:00
`GET /api/v1/fleet/activities`
2020-12-24 22:12:44 +00:00
2022-05-02 13:55:27 +00:00
#### Parameters
2021-05-26 23:24:12 +00:00
2022-07-25 15:03:27 +00:00
| Name | Type | In | Description |
|:--------------- |:------- |:----- |:------------------------------------------------------------|
2022-05-02 13:55:27 +00:00
| page | integer | query | Page number of the results to fetch. |
| per_page | integer | query | Results per page. |
| order_key | string | query | What to order results by. Can be any column in the `activites` table. |
| order_direction | string | query | **Requires `order_key`** . The direction of the order given the order key. Options include `asc` and `desc` . Default is `asc` . |
2020-12-24 22:12:44 +00:00
#### Example
2022-05-02 13:55:27 +00:00
`GET /api/v1/fleet/activities?page=0&per_page=10&order_key=created_at&order_direction=desc`
2020-12-24 22:12:44 +00:00
2022-05-02 13:55:27 +00:00
##### Default response
2020-12-24 22:12:44 +00:00
2021-09-16 07:45:14 +00:00
```json
2020-12-24 22:12:44 +00:00
{
2022-05-02 13:55:27 +00:00
"activities": [
{
"created_at": "2021-07-30T13:41:07Z",
"id": 24,
"actor_full_name": "name",
"actor_id": 1,
"actor_gravatar": "",
"actor_email": "name@example.com",
"type": "live_query",
"details": {
"targets_count": 231
}
},
{
"created_at": "2021-07-29T15:35:33Z",
"id": 23,
"actor_full_name": "name",
"actor_id": 1,
"actor_gravatar": "",
"actor_email": "name@example.com",
"type": "deleted_multiple_saved_query",
"details": {
"query_ids": [
2,
24,
25
]
}
},
{
"created_at": "2021-07-29T14:40:30Z",
"id": 22,
"actor_full_name": "name",
"actor_id": 1,
"actor_gravatar": "",
"actor_email": "name@example.com",
"type": "created_team",
"details": {
"team_id": 3,
"team_name": "Oranges"
}
},
{
"created_at": "2021-07-29T14:40:27Z",
"id": 21,
"actor_full_name": "name",
"actor_id": 1,
"actor_gravatar": "",
"actor_email": "name@example.com",
"type": "created_team",
"details": {
"team_id": 2,
"team_name": "Apples"
}
},
{
"created_at": "2021-07-27T14:35:08Z",
"id": 20,
"actor_full_name": "name",
"actor_id": 1,
"actor_gravatar": "",
"actor_email": "name@example.com",
"type": "created_pack",
"details": {
"pack_id": 2,
"pack_name": "New pack"
}
},
{
"created_at": "2021-07-27T13:25:21Z",
"id": 19,
"actor_full_name": "name",
"actor_id": 1,
"actor_gravatar": "",
"actor_email": "name@example.com",
"type": "live_query",
"details": {
"targets_count": 14
}
},
{
"created_at": "2021-07-27T13:25:14Z",
"id": 18,
"actor_full_name": "name",
"actor_id": 1,
"actor_gravatar": "",
"actor_email": "name@example.com",
"type": "live_query",
"details": {
"targets_count": 14
}
},
{
"created_at": "2021-07-26T19:28:24Z",
"id": 17,
"actor_full_name": "name",
"actor_id": 1,
"actor_gravatar": "",
"actor_email": "name@example.com",
"type": "live_query",
"details": {
"target_counts": 1
}
},
{
"created_at": "2021-07-26T17:27:37Z",
"id": 16,
"actor_full_name": "name",
"actor_id": 1,
"actor_gravatar": "",
"actor_email": "name@example.com",
"type": "live_query",
"details": {
"target_counts": 14
}
},
{
"created_at": "2021-07-26T17:27:08Z",
"id": 15,
"actor_full_name": "name",
"actor_id": 1,
"actor_gravatar": "",
"actor_email": "name@example.com",
"type": "live_query",
"details": {
"target_counts": 14
}
}
2023-01-18 12:57:11 +00:00
],
"meta": {
"has_next_results": true,
"has_previous_results": false
}
2020-12-24 22:12:44 +00:00
}
2022-05-02 13:55:27 +00:00
2020-12-24 22:12:44 +00:00
```
2022-05-02 13:55:27 +00:00
---
## File carving
- [List carves ](#list-carves )
- [Get carve ](#get-carve )
- [Get carve block ](#get-carve-block )
2024-04-29 16:12:03 +00:00
Fleet supports osquery's file carving functionality as of Fleet 3.3.0. This allows the Fleet server to request files (and sets of files) from Fleet's agent (fleetd), returning the full contents to Fleet.
2022-05-02 13:55:27 +00:00
2022-11-08 08:19:34 +00:00
To initiate a file carve using the Fleet API, you can use the [live query ](#run-live-query ) endpoint to run a query against the `carves` table.
2022-05-02 13:55:27 +00:00
2024-04-25 16:19:33 +00:00
For more information on executing a file carve in Fleet, go to the [File carving with Fleet docs ](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/File-carving.md ).
2022-05-02 13:55:27 +00:00
### List carves
Retrieves a list of the non expired carves. Carve contents remain available for 24 hours after the first data is provided from the osquery client.
`GET /api/v1/fleet/carves`
#### Parameters
2023-11-09 18:26:05 +00:00
| Name | Type | In | Description |
|-----------------|---------|-------|--------------------------------------------------------------------------------------------------------------------------------|
| page | integer | query | Page number of the results to fetch. |
| per_page | integer | query | Results per page. |
| order_key | string | query | What to order results by. Can be any field listed in the `results` array example below. |
2023-10-27 20:13:20 +00:00
| order_direction | string | query | **Requires `order_key`** . The direction of the order given the order key. Valid options are 'asc' or 'desc'. Default is 'asc'. |
2023-11-09 18:26:05 +00:00
| after | string | query | The value to get results after. This needs `order_key` defined, as that's the column that would be used. |
| expired | boolean | query | Include expired carves (default: false) |
2022-05-02 13:55:27 +00:00
#### Example
`GET /api/v1/fleet/carves`
2020-12-24 22:12:44 +00:00
##### Default response
`Status: 200`
2021-09-16 07:45:14 +00:00
```json
2020-12-24 22:12:44 +00:00
{
2022-05-02 13:55:27 +00:00
"carves": [
2020-12-24 22:12:44 +00:00
{
"id": 1,
2022-05-02 13:55:27 +00:00
"created_at": "2021-02-23T22:52:01Z",
"host_id": 7,
"name": "macbook-pro.local-2021-02-23T22:52:01Z-fleet_distributed_query_30",
"block_count": 1,
"block_size": 2000000,
"carve_size": 2048,
"carve_id": "c6958b5f-4c10-4dc8-bc10-60aad5b20dc8",
"request_id": "fleet_distributed_query_30",
"session_id": "065a1dc3-40ad-441c-afff-80c2ad7dac28",
"expired": false,
"max_block": 0
},
{
"id": 2,
"created_at": "2021-02-23T22:53:03Z",
"host_id": 7,
"name": "macbook-pro.local-2021-02-23T22:53:03Z-fleet_distributed_query_31",
"block_count": 2,
"block_size": 2000000,
"carve_size": 3400704,
"carve_id": "2b9170b9-4e11-4569-a97c-2f18d18bec7a",
"request_id": "fleet_distributed_query_31",
"session_id": "f73922ed-40a4-4e98-a50a-ccda9d3eb755",
"expired": false,
2022-12-09 16:21:30 +00:00
"max_block": 1,
"error": "S3 multipart carve upload: EntityTooSmall: Your proposed upload is smaller than the minimum allowed object size"
2021-10-14 16:51:41 +00:00
}
2021-10-20 20:27:33 +00:00
]
2020-12-24 22:12:44 +00:00
}
```
2022-05-02 13:55:27 +00:00
### Get carve
2021-10-07 11:25:35 +00:00
2022-05-02 13:55:27 +00:00
Retrieves the specified carve.
2021-10-07 11:25:35 +00:00
2023-12-08 22:22:20 +00:00
`GET /api/v1/fleet/carves/:id`
2021-10-07 11:25:35 +00:00
2022-05-02 13:55:27 +00:00
#### Parameters
2021-10-07 11:25:35 +00:00
2022-05-02 13:55:27 +00:00
| Name | Type | In | Description |
| ---- | ------- | ---- | ------------------------------------- |
| id | integer | path | **Required.** The desired carve's ID. |
2021-10-07 11:25:35 +00:00
#### Example
2022-05-02 13:55:27 +00:00
`GET /api/v1/fleet/carves/1`
2021-10-07 11:25:35 +00:00
2022-05-02 13:55:27 +00:00
##### Default response
`Status: 200`
2021-10-07 11:25:35 +00:00
```json
{
2022-05-02 13:55:27 +00:00
"carve": {
"id": 1,
"created_at": "2021-02-23T22:52:01Z",
"host_id": 7,
"name": "macbook-pro.local-2021-02-23T22:52:01Z-fleet_distributed_query_30",
"block_count": 1,
"block_size": 2000000,
"carve_size": 2048,
"carve_id": "c6958b5f-4c10-4dc8-bc10-60aad5b20dc8",
"request_id": "fleet_distributed_query_30",
"session_id": "065a1dc3-40ad-441c-afff-80c2ad7dac28",
"expired": false,
"max_block": 0
}
2021-10-07 11:25:35 +00:00
}
```
2022-05-02 13:55:27 +00:00
### Get carve block
Retrieves the specified carve block. This endpoint retrieves the data that was carved.
2023-12-08 22:22:20 +00:00
`GET /api/v1/fleet/carves/:id/block/:block_id`
2022-05-02 13:55:27 +00:00
#### Parameters
| Name | Type | In | Description |
| -------- | ------- | ---- | ------------------------------------------- |
| id | integer | path | **Required.** The desired carve's ID. |
| block_id | integer | path | **Required.** The desired carve block's ID. |
#### Example
`GET /api/v1/fleet/carves/1/block/0`
2021-10-07 11:25:35 +00:00
##### Default response
`Status: 200`
```json
{
2022-05-02 13:55:27 +00:00
"data": "aG9zdHMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA..."
2021-10-07 11:25:35 +00:00
}
```
2022-05-02 13:55:27 +00:00
---
2021-10-07 11:25:35 +00:00
2022-05-02 13:55:27 +00:00
## Fleet configuration
2021-01-26 01:09:11 +00:00
2022-05-02 13:55:27 +00:00
- [Get certificate ](#get-certificate )
- [Get configuration ](#get-configuration )
- [Modify configuration ](#modify-configuration )
- [Get global enroll secrets ](#get-global-enroll-secrets )
- [Modify global enroll secrets ](#modify-global-enroll-secrets )
2024-01-31 23:54:27 +00:00
- [Get team enroll secrets ](#get-team-enroll-secrets )
- [Modify team enroll secrets ](#modify-team-enroll-secrets )
2022-05-02 13:55:27 +00:00
- [Create invite ](#create-invite )
- [List invites ](#list-invites )
- [Delete invite ](#delete-invite )
- [Verify invite ](#verify-invite )
- [Update invite ](#update-invite )
- [Version ](#version )
2021-01-26 01:09:11 +00:00
2022-05-02 13:55:27 +00:00
The Fleet server exposes a handful of API endpoints that handle the configuration of Fleet as well as endpoints that manage invitation and enroll secret operations. All the following endpoints require prior authentication meaning you must first log in successfully before calling any of the endpoints documented below.
### Get certificate
Returns the Fleet certificate.
`GET /api/v1/fleet/config/certificate`
2021-01-26 01:09:11 +00:00
#### Parameters
2022-05-02 13:55:27 +00:00
None.
2021-01-26 01:09:11 +00:00
#### Example
2022-05-02 13:55:27 +00:00
`GET /api/v1/fleet/config/certificate`
2021-01-26 01:09:11 +00:00
##### Default response
`Status: 200`
2021-09-16 07:45:14 +00:00
```json
2021-01-26 01:09:11 +00:00
{
2022-05-02 13:55:27 +00:00
"certificate_chain": < certificate_chain >
2021-01-26 01:09:11 +00:00
}
```
2022-05-02 13:55:27 +00:00
### Get configuration
2021-11-12 11:18:25 +00:00
2022-05-02 13:55:27 +00:00
Returns all information about the Fleet's configuration.
2021-11-12 11:18:25 +00:00
2023-06-09 18:29:11 +00:00
> NOTE: The `agent_options`, `sso_settings` and `smtp_settings` fields are only returned to Global Admin users.
2022-05-02 13:55:27 +00:00
`GET /api/v1/fleet/config`
2021-01-26 01:09:11 +00:00
#### Parameters
2022-05-02 13:55:27 +00:00
None.
2021-01-26 01:09:11 +00:00
#### Example
2022-05-02 13:55:27 +00:00
`GET /api/v1/fleet/config`
2021-01-26 01:09:11 +00:00
##### Default response
`Status: 200`
2021-09-16 07:45:14 +00:00
```json
2021-01-26 01:09:11 +00:00
{
2022-05-02 13:55:27 +00:00
"org_info": {
"org_name": "fleet",
2023-05-15 16:50:07 +00:00
"org_logo_url": "",
"contact_url": "https://fleetdm.com/company/contact"
2022-05-02 13:55:27 +00:00
},
"server_settings": {
"server_url": "https://localhost:8080",
2024-05-30 19:24:19 +00:00
"enable_analytics": true,
2022-05-02 13:55:27 +00:00
"live_query_disabled": false,
2023-10-17 04:34:32 +00:00
"query_reports_disabled": false,
2024-05-30 19:09:25 +00:00
"ai_features_disabled": false
2022-05-02 13:55:27 +00:00
},
"smtp_settings": {
"enable_smtp": false,
"configured": false,
"sender_address": "",
"server": "",
"port": 587,
"authentication_type": "authtype_username_password",
"user_name": "",
"password": "********",
"enable_ssl_tls": true,
"authentication_method": "authmethod_plain",
"domain": "",
"verify_ssl_certs": true,
"enable_start_tls": true
},
"sso_settings": {
"entity_id": "",
"issuer_uri": "",
"idp_image_url": "",
"metadata": "",
"metadata_url": "",
"idp_name": "",
"enable_sso": false,
2022-08-10 18:15:35 +00:00
"enable_sso_idp_login": false,
"enable_jit_provisioning": false
2022-05-02 13:55:27 +00:00
},
"host_expiry_settings": {
"host_expiry_enabled": false,
"host_expiry_window": 0
},
2024-05-30 17:07:38 +00:00
"activity_expiry_settings": {
"activity_expiry_enabled": false,
"activity_expiry_window": 0
},
2022-08-25 16:41:50 +00:00
"features": {
2022-05-02 13:55:27 +00:00
"additional_queries": null
},
2023-01-06 20:44:20 +00:00
"mdm": {
"apple_bm_default_team": "",
2023-01-24 16:20:02 +00:00
"apple_bm_terms_expired": false,
2023-04-25 13:36:01 +00:00
"enabled_and_configured": true,
2023-06-20 18:06:45 +00:00
"windows_enabled_and_configured": true,
2024-06-12 20:45:26 +00:00
"enable_disk_encryption": true,
2023-01-24 16:20:02 +00:00
"macos_updates": {
"minimum_version": "12.3.1",
"deadline": "2022-01-01"
2023-04-25 13:36:01 +00:00
},
2023-12-04 14:50:06 +00:00
"windows_updates": {
"deadline_days": 5,
"grace_period_days": 1
},
2023-04-25 13:36:01 +00:00
"macos_settings": {
2024-06-12 20:45:26 +00:00
"custom_settings": [
{
"path": "path/to/profile1.mobileconfig",
"labels": ["Label 1", "Label 2"]
}
]
2023-04-25 15:16:33 +00:00
},
2023-12-04 13:41:37 +00:00
"windows_settings": {
2024-06-12 20:45:26 +00:00
"custom_settings": [
{
"path": "path/to/profile2.xml",
"labels": ["Label 3", "Label 4"]
}
],
2023-12-04 13:41:37 +00:00
},
2023-10-10 22:00:45 +00:00
"scripts": ["path/to/script.sh"],
2023-04-25 15:16:33 +00:00
"end_user_authentication": {
"entity_id": "",
"issuer_uri": "",
"metadata": "",
"metadata_url": "",
"idp_name": ""
2023-04-25 13:36:01 +00:00
},
2023-05-15 16:50:07 +00:00
"macos_migration": {
"enable": false,
"mode": "voluntary",
"webhook_url": "https://webhook.example.com"
},
2023-04-25 13:36:01 +00:00
"macos_setup": {
"bootstrap_package": "",
2023-05-10 20:22:08 +00:00
"enable_end_user_authentication": false,
2024-04-04 18:38:42 +00:00
"macos_setup_assistant": "path/to/config.json",
"enable_release_device_manually": true
2023-01-24 16:20:02 +00:00
}
2023-01-06 20:44:20 +00:00
},
2022-05-02 13:55:27 +00:00
"agent_options": {
"spec": {
"config": {
"options": {
"pack_delimiter": "/",
"logger_tls_period": 10,
"distributed_plugin": "tls",
"disable_distributed": false,
"logger_tls_endpoint": "/api/v1/osquery/log",
"distributed_interval": 10,
"distributed_tls_max_attempts": 3
},
"decorators": {
"load": [
"SELECT uuid AS host_uuid FROM system_info;",
"SELECT hostname AS hostname FROM system_info;"
]
}
2022-01-26 20:55:07 +00:00
},
2022-10-03 12:29:41 +00:00
"overrides": {},
"command_line_flags": {}
2022-05-02 13:55:27 +00:00
}
},
"license": {
2022-06-29 19:51:14 +00:00
"tier": "free",
"expiration": "0001-01-01T00:00:00Z"
},
2022-05-02 13:55:27 +00:00
"logging": {
"debug": false,
"json": false,
"result": {
"plugin": "firehose",
"config": {
"region": "us-east-1",
"status_stream": "",
"result_stream": "result-topic"
}
2022-01-26 20:55:07 +00:00
},
2022-05-02 13:55:27 +00:00
"status": {
"plugin": "filesystem",
"config": {
"status_log_file": "foo_status",
"result_log_file": "",
"enable_log_rotation": false,
"enable_log_compression": false
}
2022-01-26 20:55:07 +00:00
}
2022-05-02 13:55:27 +00:00
},
"vulnerability_settings": {
"databases_path": ""
},
"webhook_settings": {
"host_status_webhook": {
"enable_host_status_webhook": true,
"destination_url": "https://server.com",
"host_percentage": 5,
"days_count": 7
2022-03-28 15:15:45 +00:00
},
2022-05-02 13:55:27 +00:00
"failing_policies_webhook":{
"enable_failing_policies_webhook":true,
"destination_url": "https://server.com",
"policy_ids": [1, 2, 3],
"host_batch_size": 1000
2022-03-28 15:15:45 +00:00
},
2022-05-02 13:55:27 +00:00
"vulnerabilities_webhook":{
"enable_vulnerabilities_webhook":true,
"destination_url": "https://server.com",
"host_batch_size": 1000
2024-06-13 15:31:56 +00:00
},
"activities_webhook":{
"enable_activities_webhook":true,
"destination_url": "https://server.com"
2022-03-28 15:15:45 +00:00
}
2022-05-02 13:55:27 +00:00
},
"integrations": {
2024-04-12 23:01:52 +00:00
"jira": null,
"google_calendar": [
{
"domain": "example.com",
"api_key_json": {
"type": "service_account",
"project_id": "fleet-in-your-calendar",
"private_key_id": "< private key id > ",
"private_key": "-----BEGIN PRIVATE KEY-----\n< private key > \n-----END PRIVATE KEY-----\n",
"client_email": "fleet-calendar-events@fleet-in-your-calendar.iam.gserviceaccount.com",
"client_id": "< client id > ",
"auth_uri": "https://accounts.google.com/o/oauth2/auth",
"token_uri": "https://oauth2.googleapis.com/token",
"auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
"client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/fleet-calendar-events%40fleet-in-your-calendar.iam.gserviceaccount.com",
"universe_domain": "googleapis.com"
}
}
]
2022-05-02 13:55:27 +00:00
},
"logging": {
"debug": false,
"json": false,
"result": {
"plugin": "filesystem",
"config": {
"status_log_file": "/var/folders/xh/bxm1d2615tv3vrg4zrxq540h0000gn/T/osquery_status",
"result_log_file": "/var/folders/xh/bxm1d2615tv3vrg4zrxq540h0000gn/T/osquery_result",
"enable_log_rotation": false,
"enable_log_compression": false
}
},
"status": {
"plugin": "filesystem",
"config": {
"status_log_file": "/var/folders/xh/bxm1d2615tv3vrg4zrxq540h0000gn/T/osquery_status",
"result_log_file": "/var/folders/xh/bxm1d2615tv3vrg4zrxq540h0000gn/T/osquery_result",
"enable_log_rotation": false,
"enable_log_compression": false
}
}
},
"update_interval": {
"osquery_detail": 3600000000000,
"osquery_policy": 3600000000000
},
"vulnerabilities": {
"cpe_database_url": "",
2024-04-15 15:25:04 +00:00
"disable_schedule": false,
2022-05-02 13:55:27 +00:00
"cve_feed_prefix_url": "",
"databases_path": "",
"disable_data_sync": false,
"periodicity": 3600000000000,
"recent_vulnerability_max_age": 2592000000000000
2021-02-11 16:38:31 +00:00
}
}
```
2022-05-02 13:55:27 +00:00
### Modify configuration
2021-02-11 16:38:31 +00:00
2022-05-02 13:55:27 +00:00
Modifies the Fleet's configuration with the supplied information.
2021-02-11 16:38:31 +00:00
2022-05-02 13:55:27 +00:00
`PATCH /api/v1/fleet/config`
2021-02-11 16:38:31 +00:00
#### Parameters
2022-09-19 17:53:44 +00:00
| Name | Type | In | Description |
| --------------------- | ------- | ---- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| org_name | string | body | _Organization information_ . The organization name. |
| org_logo_url | string | body | _Organization information_ . The URL for the organization logo. |
2023-09-22 22:15:37 +00:00
| org_logo_url_light_background | string | body | _Organization information_ . The URL for the organization logo displayed in Fleet on top of light backgrounds. |
2024-05-30 19:24:19 +00:00
| contact_url | string | body | _Organization information_ . A URL that can be used by end users to contact the organization. |
2022-09-19 17:53:44 +00:00
| server_url | string | body | _Server settings_ . The Fleet server URL. |
2024-05-30 19:24:19 +00:00
| enable_analytics | boolean | body | _Server settings_ . Whether to send anonymous usage statistics. Always enabled for Fleet Premium customers. |
2022-09-19 17:53:44 +00:00
| live_query_disabled | boolean | body | _Server settings_ . Whether the live query capabilities are disabled. |
2024-05-30 19:24:19 +00:00
| query_reports_disabled | boolean | body | _Server settings_ . Whether query report capabilities are disabled. |
2024-05-30 19:09:25 +00:00
| ai_features_disabled | boolean | body | _Server settings_ . Whether AI features are disabled. |
2022-09-19 17:53:44 +00:00
| enable_smtp | boolean | body | _SMTP settings_ . Whether SMTP is enabled for the Fleet app. |
| sender_address | string | body | _SMTP settings_ . The sender email address for the Fleet app. An invitation email is an example of the emails that may use this sender address |
| server | string | body | _SMTP settings_ . The SMTP server for the Fleet app. |
| port | integer | body | _SMTP settings_ . The SMTP port for the Fleet app. |
| authentication_type | string | body | _SMTP settings_ . The authentication type used by the SMTP server. Options include `"authtype_username_and_password"` or `"none"` |
| username_name | string | body | _SMTP settings_ . The username used to authenticate requests made to the SMTP server. |
| password | string | body | _SMTP settings_ . The password used to authenticate requests made to the SMTP server. |
| enable_ssl_tls | boolean | body | _SMTP settings_ . Whether or not SSL and TLS are enabled for the SMTP server. |
| authentication_method | string | body | _SMTP settings_ . The authentication method used to make authenticate requests to SMTP server. Options include `"authmethod_plain"` , `"authmethod_cram_md5"` , and `"authmethod_login"` . |
| domain | string | body | _SMTP settings_ . The domain for the SMTP server. |
| verify_ssl_certs | boolean | body | _SMTP settings_ . Whether or not SSL certificates are verified by the SMTP server. Turn this off (not recommended) if you use a self-signed certificate. |
| enabled_start_tls | boolean | body | _SMTP settings_ . Detects if STARTTLS is enabled in your SMTP server and starts to use it. |
| enabled_sso | boolean | body | _SSO settings_ . Whether or not SSO is enabled for the Fleet application. If this value is true, you must also include most of the SSO settings parameters below. |
| entity_id | string | body | _SSO settings_ . The required entity ID is a URI that you use to identify Fleet when configuring the identity provider. |
| issuer_uri | string | body | _SSO settings_ . The URI you provide here must exactly match the Entity ID field used in the identity provider configuration. |
| idp_image_url | string | body | _SSO settings_ . An optional link to an image such as a logo for the identity provider. |
| metadata | string | body | _SSO settings_ . Metadata provided by the identity provider. Either metadata or a metadata URL must be provided. |
| metadata_url | string | body | _SSO settings_ . A URL that references the identity provider metadata. If available from the identity provider, this is the preferred means of providing metadata. |
| host_expiry_enabled | boolean | body | _Host expiry settings_ . When enabled, allows automatic cleanup of hosts that have not communicated with Fleet in some number of days. |
| host_expiry_window | integer | body | _Host expiry settings_ . If a host has not communicated with Fleet in the specified number of days, it will be removed. |
2024-05-30 17:07:38 +00:00
| activity_expiry_enabled | boolean | body | _Activity expiry settings_ . When enabled, allows automatic cleanup of activities (and associated live query data) older than the specified number of days. |
| activity_expiry_window | integer | body | _Activity expiry settings_ . The number of days to retain activity records, if activity expiry is enabled. |
2022-09-19 17:53:44 +00:00
| agent_options | objects | body | The agent_options spec that is applied to all hosts. In Fleet 4.0.0 the `api/v1/fleet/spec/osquery_options` endpoints were removed. |
| transparency_url | string | body | _Fleet Desktop_ . The URL used to display transparency information to users of Fleet Desktop. **Requires Fleet Premium license** |
| enable_host_status_webhook | boolean | body | _webhook_settings.host_status_webhook settings_. Whether or not the host status webhook is enabled. |
| destination_url | string | body | _webhook_settings.host_status_webhook settings_. The URL to deliver the webhook request to. |
| host_percentage | integer | body | _webhook_settings.host_status_webhook settings_. The minimum percentage of hosts that must fail to check in to Fleet in order to trigger the webhook request. |
| days_count | integer | body | _webhook_settings.host_status_webhook settings_. The minimum number of days that the configured `host_percentage` must fail to check in to Fleet in order to trigger the webhook request. |
| enable_failing_policies_webhook | boolean | body | _webhook_settings.failing_policies_webhook settings_. Whether or not the failing policies webhook is enabled. |
| destination_url | string | body | _webhook_settings.failing_policies_webhook settings_. The URL to deliver the webhook requests to. |
| policy_ids | array | body | _webhook_settings.failing_policies_webhook settings_. List of policy IDs to enable failing policies webhook. |
| host_batch_size | integer | body | _webhook_settings.failing_policies_webhook settings_. Maximum number of hosts to batch on failing policy webhook requests. The default, 0, means no batching (all hosts failing a policy are sent on one request). |
| enable_vulnerabilities_webhook | boolean | body | _webhook_settings.vulnerabilities_webhook settings_. Whether or not the vulnerabilities webhook is enabled. |
| destination_url | string | body | _webhook_settings.vulnerabilities_webhook settings_. The URL to deliver the webhook requests to. |
| host_batch_size | integer | body | _webhook_settings.vulnerabilities_webhook settings_. Maximum number of hosts to batch on vulnerabilities webhook requests. The default, 0, means no batching (all vulnerable hosts are sent on one request). |
2024-06-13 15:31:56 +00:00
| enable_activities_webhook | boolean | body | _webhook_settings.activities_webhook settings_. Whether or not the activity feed webhook is enabled. |
| destination_url | string | body | _webhook_settings.activities_webhook settings_. The URL to deliver the webhook requests to. |
2022-09-19 17:53:44 +00:00
| enable_software_vulnerabilities | boolean | body | _integrations.jira[] settings_ . Whether or not Jira integration is enabled for software vulnerabilities. Only one vulnerability automation can be enabled at a given time (enable_vulnerabilities_webhook and enable_software_vulnerabilities). |
| enable_failing_policies | boolean | body | _integrations.jira[] settings_ . Whether or not Jira integration is enabled for failing policies. Only one failing policy automation can be enabled at a given time (enable_failing_policies_webhook and enable_failing_policies). |
| url | string | body | _integrations.jira[] settings_ . The URL of the Jira server to integrate with. |
| username | string | body | _integrations.jira[] settings_ . The Jira username to use for this Jira integration. |
| api_token | string | body | _integrations.jira[] settings_ . The API token of the Jira username to use for this Jira integration. |
| project_key | string | body | _integrations.jira[] settings_ . The Jira project key to use for this integration. Jira tickets will be created in this project. |
| enable_software_vulnerabilities | boolean | body | _integrations.zendesk[] settings_ . Whether or not Zendesk integration is enabled for software vulnerabilities. Only one vulnerability automation can be enabled at a given time (enable_vulnerabilities_webhook and enable_software_vulnerabilities). |
| enable_failing_policies | boolean | body | _integrations.zendesk[] settings_ . Whether or not Zendesk integration is enabled for failing policies. Only one failing policy automation can be enabled at a given time (enable_failing_policies_webhook and enable_failing_policies). |
| url | string | body | _integrations.zendesk[] settings_ . The URL of the Zendesk server to integrate with. |
| email | string | body | _integrations.zendesk[] settings_ . The Zendesk user email to use for this Zendesk integration. |
| api_token | string | body | _integrations.zendesk[] settings_ . The Zendesk API token to use for this Zendesk integration. |
| group_id | integer | body | _integrations.zendesk[] settings_ . The Zendesk group id to use for this integration. Zendesk tickets will be created in this group. |
2024-04-12 23:01:52 +00:00
| domain | string | body | _integrations.google_calendar[] settings_. The domain for the Google Workspace service account to be used for this calendar integration. |
| api_key_json | object | body | _integrations.google_calendar[] settings_. The private key JSON downloaded when generating the service account API key to be used for this calendar integration. |
2023-01-24 16:20:02 +00:00
| apple_bm_default_team | string | body | _mdm settings_ . The default team to use with Apple Business Manager. **Requires Fleet Premium license** |
2023-06-20 18:06:45 +00:00
| windows_enabled_and_configured | boolean | body | _mdm settings_ . Enables Windows MDM support. |
2023-01-24 16:20:02 +00:00
| minimum_version | string | body | _mdm.macos_updates settings_. Hosts that belong to no team and are enrolled into Fleet's MDM will be nudged until their macOS is at or above this version. **Requires Fleet Premium license** |
| deadline | string | body | _mdm.macos_updates settings_. Hosts that belong to no team and are enrolled into Fleet's MDM won't be able to dismiss the Nudge window once this deadline is past. **Requires Fleet Premium license** |
2023-12-04 14:50:06 +00:00
| deadline_days | integer | body | _mdm.windows_updates settings_. Hosts that belong to no team and are enrolled into Fleet's MDM will have this number of days before updates are installed on Windows. **Requires Fleet Premium license** |
| grace_period_days | integer | body | _mdm.windows_updates settings_. Hosts that belong to no team and are enrolled into Fleet's MDM will have this number of days before Windows restarts to install updates. **Requires Fleet Premium license** |
2023-05-15 16:50:07 +00:00
| enable | boolean | body | _mdm.macos_migration settings_. Whether to enable the end user migration workflow for devices migrating from your old MDM solution. **Requires Fleet Premium license** |
| mode | string | body | _mdm.macos_migration settings_. The end user migration workflow mode for devices migrating from your old MDM solution. Options are `"voluntary"` or `"forced"` . **Requires Fleet Premium license** |
| webhook_url | string | body | _mdm.macos_migration settings_. The webhook url configured to receive requests to unenroll devices migrating from your old MDM solution. **Requires Fleet Premium license** |
2024-02-23 18:54:18 +00:00
| custom_settings | list | body | _mdm.macos_settings settings_. macOS hosts that belong to no team, and are members of specified labels will have custom profiles applied. |
2023-02-28 20:34:46 +00:00
| enable_disk_encryption | boolean | body | _mdm.macos_settings settings_. Hosts that belong to no team and are enrolled into Fleet's MDM will have disk encryption enabled if set to true. **Requires Fleet Premium license** |
2024-02-23 18:54:18 +00:00
| custom_settings | list | body | _mdm.windows_settings settings_. Windows hosts that belong to no team, and are members of specified labels will have custom profiles applied. |
2023-10-10 22:00:45 +00:00
| scripts | list | body | A list of script files to add so they can be executed at a later time. |
2023-10-04 19:39:09 +00:00
| enable_end_user_authentication | boolean | body | _mdm.macos_setup settings_. If set to true, end user authentication will be required during automatic MDM enrollment of new macOS devices. Settings for your IdP provider must also be [configured ](https://fleetdm.com/docs/using-fleet/mdm-macos-setup-experience#end-user-authentication-and-eula ). **Requires Fleet Premium license** |
2022-09-19 17:53:44 +00:00
| additional_queries | boolean | body | Whether or not additional queries are enabled on hosts. |
| force | bool | query | Force apply the agent options even if there are validation errors. |
| dry_run | bool | query | Validate the configuration and return any validation errors, but do not apply the changes. |
2021-02-11 16:38:31 +00:00
2023-09-06 20:09:57 +00:00
Note that when making changes to the `integrations` object, all integrations must be provided (not just the one being modified). This is because the endpoint will consider missing integrations as deleted.
2021-02-11 16:38:31 +00:00
#### Example
2022-05-02 13:55:27 +00:00
`PATCH /api/v1/fleet/config`
2021-02-11 16:38:31 +00:00
##### Request body
2021-09-16 07:45:14 +00:00
```json
2021-02-11 16:38:31 +00:00
{
2022-05-02 13:55:27 +00:00
"org_info": {
"org_name": "Fleet Device Management",
"org_logo_url": "https://fleetdm.com/logo.png"
},
"smtp_settings": {
"enable_smtp": true,
"server": "localhost",
"port": "1025"
2021-02-11 16:38:31 +00:00
}
}
```
##### Default response
`Status: 200`
2021-09-16 07:45:14 +00:00
```json
2021-02-11 16:38:31 +00:00
{
2022-05-02 13:55:27 +00:00
"org_info": {
"org_name": "Fleet Device Management",
2023-05-15 16:50:07 +00:00
"org_logo_url": "https://fleetdm.com/logo.png",
2023-09-22 22:15:37 +00:00
"org_logo_url_light_background": "https://fleetdm.com/logo-light.png",
2023-05-15 16:50:07 +00:00
"contact_url": "https://fleetdm.com/company/contact"
2022-05-02 13:55:27 +00:00
},
"server_settings": {
"server_url": "https://localhost:8080",
2024-05-30 19:24:19 +00:00
"enable_analytics": true,
2023-10-17 04:34:32 +00:00
"live_query_disabled": false,
2024-05-30 19:09:25 +00:00
"query_reports_disabled": false,
"ai_features_disabled": false
2022-05-02 13:55:27 +00:00
},
"smtp_settings": {
"enable_smtp": true,
"configured": true,
"sender_address": "",
"server": "localhost",
"port": 1025,
"authentication_type": "authtype_username_none",
"user_name": "",
"password": "********",
"enable_ssl_tls": true,
"authentication_method": "authmethod_plain",
"domain": "",
"verify_ssl_certs": true,
"enable_start_tls": true
},
"sso_settings": {
"entity_id": "",
"issuer_uri": "",
"idp_image_url": "",
"metadata": "",
"metadata_url": "",
"idp_name": "",
"enable_sso": false
},
"host_expiry_settings": {
"host_expiry_enabled": false,
"host_expiry_window": 0
},
2024-05-30 17:07:38 +00:00
"activity_expiry_settings": {
"activity_expiry_enabled": false,
"activity_expiry_window": 0
},
2022-08-25 16:41:50 +00:00
"features": {
2022-05-02 13:55:27 +00:00
"additional_queries": null
},
"license": {
"tier": "free",
"expiration": "0001-01-01T00:00:00Z"
},
2023-01-06 20:44:20 +00:00
"mdm": {
"apple_bm_default_team": "",
2023-01-24 16:20:02 +00:00
"apple_bm_terms_expired": false,
2023-04-21 16:08:09 +00:00
"apple_bm_enabled_and_configured": false,
2023-02-01 17:47:52 +00:00
"enabled_and_configured": false,
2023-06-20 18:06:45 +00:00
"windows_enabled_and_configured": false,
2024-06-12 20:45:26 +00:00
"enable_disk_encryption": true,
2023-01-24 16:20:02 +00:00
"macos_updates": {
"minimum_version": "12.3.1",
"deadline": "2022-01-01"
2023-02-28 20:34:46 +00:00
},
2023-12-04 14:50:06 +00:00
"windows_updates": {
"deadline_days": 5,
"grace_period_days": 1
},
2023-02-28 20:34:46 +00:00
"macos_settings": {
2024-06-12 20:45:26 +00:00
"custom_settings": [
{
"path": "path/to/profile1.mobileconfig",
"labels": ["Label 1", "Label 2"]
},
{
"path": "path/to/profile2.json",
"labels": ["Label 3", "Label 4"]
},
]
2023-04-25 15:16:33 +00:00
},
2023-12-04 13:41:37 +00:00
"windows_settings": {
2024-06-12 20:45:26 +00:00
"custom_settings": [
{
"path": "path/to/profile3.xml",
"labels": ["Label 1", "Label 2"]
}
]
2023-12-04 13:41:37 +00:00
},
2023-04-25 15:16:33 +00:00
"end_user_authentication": {
"entity_id": "",
"issuer_uri": "",
"metadata": "",
"metadata_url": "",
"idp_name": ""
2023-04-25 13:36:01 +00:00
},
2023-05-15 16:50:07 +00:00
"macos_migration": {
"enable": false,
"mode": "voluntary",
"webhook_url": "https://webhook.example.com"
},
2023-04-25 13:36:01 +00:00
"macos_setup": {
"bootstrap_package": "",
2023-05-10 20:22:08 +00:00
"enable_end_user_authentication": false,
2023-04-25 13:36:01 +00:00
"macos_setup_assistant": "path/to/config.json"
2023-01-24 16:20:02 +00:00
}
2023-01-06 20:44:20 +00:00
},
2022-05-02 13:55:27 +00:00
"agent_options": {
2022-10-03 12:29:41 +00:00
"config": {
"options": {
"pack_delimiter": "/",
"logger_tls_period": 10,
"distributed_plugin": "tls",
"disable_distributed": false,
"logger_tls_endpoint": "/api/v1/osquery/log",
"distributed_interval": 10,
"distributed_tls_max_attempts": 3
2022-05-02 13:55:27 +00:00
},
2022-10-03 12:29:41 +00:00
"decorators": {
"load": [
"SELECT uuid AS host_uuid FROM system_info;",
"SELECT hostname AS hostname FROM system_info;"
]
}
},
"overrides": {},
"command_line_flags": {}
2022-05-02 13:55:27 +00:00
},
2022-10-03 12:29:41 +00:00
"vulnerability_settings": {
2022-05-02 13:55:27 +00:00
"databases_path": ""
},
"webhook_settings": {
"host_status_webhook": {
"enable_host_status_webhook": true,
"destination_url": "https://server.com",
"host_percentage": 5,
"days_count": 7
},
"failing_policies_webhook":{
"enable_failing_policies_webhook":true,
"destination_url": "https://server.com",
"policy_ids": [1, 2, 3],
"host_batch_size": 1000
},
"vulnerabilities_webhook":{
"enable_vulnerabilities_webhook":true,
"destination_url": "https://server.com",
"host_batch_size": 1000
2024-06-13 15:31:56 +00:00
},
"activities_webhook":{
"enable_activities_webhook":true,
"destination_url": "https://server.com"
2022-05-02 13:55:27 +00:00
}
},
"integrations": {
"jira": [
{
"url": "https://jiraserver.com",
"username": "some_user",
"password": "sec4et!",
"project_key": "jira_project",
"enable_software_vulnerabilities": false
}
2024-04-12 23:01:52 +00:00
],
"google_calendar": [
{
"domain": "",
"api_key_json": null
}
2022-05-02 13:55:27 +00:00
]
},
"logging": {
"debug": false,
"json": false,
"result": {
"plugin": "firehose",
"config": {
"region": "us-east-1",
"status_stream": "",
"result_stream": "result-topic"
}
},
"status": {
"plugin": "filesystem",
"config": {
"status_log_file": "foo_status",
"result_log_file": "",
"enable_log_rotation": false,
"enable_log_compression": false
}
}
2021-02-11 16:38:31 +00:00
}
}
```
2022-05-02 13:55:27 +00:00
### Get global enroll secrets
2021-02-11 16:38:31 +00:00
2022-05-02 13:55:27 +00:00
Returns the valid global enroll secrets.
2021-02-11 16:38:31 +00:00
2022-05-02 13:55:27 +00:00
`GET /api/v1/fleet/spec/enroll_secret`
2021-02-11 16:38:31 +00:00
#### Parameters
2022-05-02 13:55:27 +00:00
None.
2021-02-11 16:38:31 +00:00
#### Example
2022-05-02 13:55:27 +00:00
`GET /api/v1/fleet/spec/enroll_secret`
2021-02-11 16:38:31 +00:00
##### Default response
`Status: 200`
2021-09-16 07:45:14 +00:00
```json
2021-02-11 16:38:31 +00:00
{
2022-05-02 13:55:27 +00:00
"spec": {
"secrets": [
{
"secret": "vhPzPOnCMOMoqSrLxKxzSADyqncayacB",
"created_at": "2021-11-12T20:24:57Z"
},
{
"secret": "jZpexWGiXmXaFAKdrdttFHdJBqEnqlVF",
"created_at": "2021-11-12T20:24:57Z"
}
]
}
2021-02-11 16:38:31 +00:00
}
```
2022-05-02 13:55:27 +00:00
### Modify global enroll secrets
2021-02-11 16:38:31 +00:00
2022-05-02 13:55:27 +00:00
Replaces all existing global enroll secrets.
2021-02-11 16:38:31 +00:00
2022-05-02 13:55:27 +00:00
`POST /api/v1/fleet/spec/enroll_secret`
2021-02-11 16:38:31 +00:00
#### Parameters
2022-05-02 13:55:27 +00:00
| Name | Type | In | Description |
| --------- | ------- | ---- | ------------------------------------------------------------------ |
| spec | object | body | **Required** . Attribute "secrets" must be a list of enroll secrets |
2022-05-11 20:29:19 +00:00
2021-02-11 16:38:31 +00:00
#### Example
2022-05-02 13:55:27 +00:00
Replace all global enroll secrets with a new enroll secret.
2021-02-11 16:38:31 +00:00
2022-05-02 13:55:27 +00:00
`POST /api/v1/fleet/spec/enroll_secret`
2021-02-11 16:38:31 +00:00
2022-05-02 13:55:27 +00:00
##### Request body
2021-02-11 16:38:31 +00:00
2021-09-16 07:45:14 +00:00
```json
2021-02-11 16:38:31 +00:00
{
2022-05-02 13:55:27 +00:00
"spec": {
"secrets": [
{
2022-05-09 17:08:37 +00:00
"secret": "KuSkYFsHBQVlaFtqOLwoUIWniHhpvEhP"
2022-05-02 13:55:27 +00:00
}
]
}
2021-02-11 16:38:31 +00:00
}
```
2022-05-02 13:55:27 +00:00
##### Default response
2021-02-11 16:38:31 +00:00
2022-05-02 13:55:27 +00:00
`Status: 200`
2021-02-11 16:38:31 +00:00
2022-05-02 13:55:27 +00:00
```json
{}
```
2021-02-11 16:38:31 +00:00
2022-05-02 13:55:27 +00:00
#### Example
2021-02-11 16:38:31 +00:00
2022-05-02 13:55:27 +00:00
Delete all global enroll secrets.
2021-02-11 16:38:31 +00:00
2022-05-02 13:55:27 +00:00
`POST /api/v1/fleet/spec/enroll_secret`
2021-02-11 16:38:31 +00:00
2022-05-02 13:55:27 +00:00
##### Request body
```json
{
"spec": {
"secrets": []
}
}
```
2021-02-11 16:38:31 +00:00
##### Default response
`Status: 200`
2022-05-02 13:55:27 +00:00
```json
{}
```
2021-02-11 16:38:31 +00:00
2024-01-31 23:54:27 +00:00
### Get team enroll secrets
2021-02-11 16:38:31 +00:00
2022-05-02 13:55:27 +00:00
Returns the valid team enroll secrets.
2021-02-11 16:38:31 +00:00
2023-12-08 22:22:20 +00:00
`GET /api/v1/fleet/teams/:id/secrets`
2021-02-11 16:38:31 +00:00
#### Parameters
2022-05-02 13:55:27 +00:00
None.
2021-02-11 16:38:31 +00:00
#### Example
2022-05-02 13:55:27 +00:00
`GET /api/v1/fleet/teams/1/secrets`
2021-02-11 16:38:31 +00:00
##### Default response
`Status: 200`
2022-05-02 13:55:27 +00:00
```json
{
"secrets": [
{
"created_at": "2021-06-16T22:05:49Z",
"secret": "aFtH2Nq09hrvi73ErlWNQfa7M53D3rPR",
"team_id": 1
}
]
}
```
2021-01-28 23:40:49 +00:00
2020-12-24 22:12:44 +00:00
2024-01-31 23:54:27 +00:00
### Modify team enroll secrets
2020-12-24 22:12:44 +00:00
2022-05-02 13:55:27 +00:00
Replaces all existing team enroll secrets.
2020-12-24 22:12:44 +00:00
2023-12-08 22:22:20 +00:00
`PATCH /api/v1/fleet/teams/:id/secrets`
2020-12-24 22:12:44 +00:00
#### Parameters
2022-05-02 13:55:27 +00:00
| Name | Type | In | Description |
| --------- | ------- | ---- | -------------------------------------- |
| id | integer | path | **Required** . The team's id. |
| secrets | array | body | **Required** . A list of enroll secrets |
2020-12-24 22:12:44 +00:00
#### Example
2022-05-02 13:55:27 +00:00
Replace all of a team's existing enroll secrets with a new enroll secret
`PATCH /api/v1/fleet/teams/2/secrets`
2020-12-24 22:12:44 +00:00
2022-05-02 13:55:27 +00:00
##### Request body
2020-12-24 22:12:44 +00:00
2022-05-02 13:55:27 +00:00
```json
{
"secrets": [
{
2022-05-09 17:08:37 +00:00
"secret": "n07v32y53c237734m3n201153c237"
2022-05-02 13:55:27 +00:00
}
]
}
```
2020-12-24 22:12:44 +00:00
##### Default response
`Status: 200`
2021-09-16 07:45:14 +00:00
```json
2020-12-24 22:12:44 +00:00
{
2022-05-02 13:55:27 +00:00
"secrets": [
2020-12-24 22:12:44 +00:00
{
2022-05-02 13:55:27 +00:00
"secret": "n07v32y53c237734m3n201153c237",
2022-05-09 17:08:37 +00:00
"created_at": "0001-01-01T00:00:00Z"
2020-12-24 22:12:44 +00:00
}
]
}
```
2022-05-02 13:55:27 +00:00
#### Example
2020-12-24 22:12:44 +00:00
2022-05-02 13:55:27 +00:00
Delete all of a team's existing enroll secrets
`PATCH /api/v1/fleet/teams/2/secrets`
##### Request body
2020-12-24 22:12:44 +00:00
2021-09-16 07:45:14 +00:00
```json
2020-12-24 22:12:44 +00:00
{
2022-05-02 13:55:27 +00:00
"secrets": []
2020-12-24 22:12:44 +00:00
}
```
2022-05-02 13:55:27 +00:00
##### Default response
2020-12-24 22:12:44 +00:00
2022-05-02 13:55:27 +00:00
`Status: 200`
2020-12-24 22:12:44 +00:00
2022-05-02 13:55:27 +00:00
```json
{
"secrets": null
}
```
### Create invite
`POST /api/v1/fleet/invites`
2020-12-24 22:12:44 +00:00
#### Parameters
2022-05-02 13:55:27 +00:00
| Name | Type | In | Description |
| ----------- | ------- | ---- | ----------------------------------------------------------------------------------------------------------------------------------------------------- |
| global_role | string | body | Role the user will be granted. Either a global role is needed, or a team role. |
| email | string | body | **Required.** The email of the invited user. This email will receive the invitation link. |
| name | string | body | **Required.** The name of the invited user. |
| sso_enabled | boolean | body | **Required.** Whether or not SSO will be enabled for the invited user. |
2024-04-03 16:48:22 +00:00
| teams | list | body | _Available in Fleet Premium_ . A list of the teams the user is a member of. Each item includes the team's ID and the user's role in the specified team. |
2020-12-24 22:12:44 +00:00
#### Example
2022-05-02 13:55:27 +00:00
##### Request body
2020-12-24 22:12:44 +00:00
2021-09-16 07:45:14 +00:00
```json
2020-12-24 22:12:44 +00:00
{
2022-05-02 13:55:27 +00:00
"email": "john_appleseed@example.com",
"name": "John",
"sso_enabled": false,
"global_role": null,
2021-06-09 23:11:48 +00:00
"teams": [
{
"id": 2,
"role": "observer"
},
{
2022-05-02 13:55:27 +00:00
"id": 3,
"role": "maintainer"
2021-06-09 23:11:48 +00:00
}
]
2020-12-24 22:12:44 +00:00
}
```
2022-05-02 13:55:27 +00:00
`POST /api/v1/fleet/invites`
2020-12-24 22:12:44 +00:00
##### Default response
`Status: 200`
2021-09-16 07:45:14 +00:00
```json
2020-12-24 22:12:44 +00:00
{
2022-05-02 13:55:27 +00:00
"invite": {
2020-12-24 22:12:44 +00:00
"created_at": "0001-01-01T00:00:00Z",
"updated_at": "0001-01-01T00:00:00Z",
2022-05-02 13:55:27 +00:00
"id": 3,
"invited_by": 1,
"email": "john_appleseed@example.com",
"name": "John",
2021-06-09 23:11:48 +00:00
"sso_enabled": false,
2022-05-02 13:55:27 +00:00
"teams": [
{
"id": 10,
"created_at": "0001-01-01T00:00:00Z",
"name": "Apples",
"description": "",
"agent_options": null,
"user_count": 0,
"host_count": 0,
"role": "observer"
},
{
"id": 14,
"created_at": "0001-01-01T00:00:00Z",
"name": "Best of the Best Engineering",
"description": "",
"agent_options": null,
"user_count": 0,
"host_count": 0,
"role": "maintainer"
}
]
2020-12-24 22:12:44 +00:00
}
}
```
2022-05-02 13:55:27 +00:00
### List invites
2020-12-24 22:12:44 +00:00
2022-05-02 13:55:27 +00:00
Returns a list of the active invitations in Fleet.
`GET /api/v1/fleet/invites`
#### Parameters
| Name | Type | In | Description |
| --------------- | ------ | ----- | ----------------------------------------------------------------------------------------------------------------------------- |
| order_key | string | query | What to order results by. Can be any column in the invites table. |
| order_direction | string | query | **Requires `order_key`** . The direction of the order given the order key. Options include `asc` and `desc` . Default is `asc` . |
| query | string | query | Search query keywords. Searchable fields include `name` and `email` . |
#### Example
`GET /api/v1/fleet/invites`
##### Default response
`Status: 200`
2020-12-24 22:12:44 +00:00
2021-09-16 07:45:14 +00:00
```json
2020-12-24 22:12:44 +00:00
{
2022-05-02 13:55:27 +00:00
"invites": [
2020-12-24 22:12:44 +00:00
{
2022-05-02 13:55:27 +00:00
"created_at": "0001-01-01T00:00:00Z",
"updated_at": "0001-01-01T00:00:00Z",
"id": 3,
"email": "john_appleseed@example.com",
"name": "John",
"sso_enabled": false,
"global_role": "admin",
"teams": []
},
{
"created_at": "0001-01-01T00:00:00Z",
"updated_at": "0001-01-01T00:00:00Z",
"id": 4,
"email": "bob_marks@example.com",
"name": "Bob",
"sso_enabled": false,
"global_role": "admin",
"teams": []
2022-10-08 12:57:46 +00:00
}
2020-12-24 22:12:44 +00:00
]
}
```
2022-05-02 13:55:27 +00:00
### Delete invite
2020-12-24 22:12:44 +00:00
2022-05-02 13:55:27 +00:00
Delete the specified invite from Fleet.
2023-12-08 22:22:20 +00:00
`DELETE /api/v1/fleet/invites/:id`
2022-05-02 13:55:27 +00:00
#### Parameters
| Name | Type | In | Description |
| ---- | ------- | ---- | ---------------------------- |
| id | integer | path | **Required.** The user's id. |
#### Example
2023-12-08 22:22:20 +00:00
`DELETE /api/v1/fleet/invites/123`
2022-05-02 13:55:27 +00:00
##### Default response
`Status: 200`
### Verify invite
Verify the specified invite.
2023-12-08 22:22:20 +00:00
`GET /api/v1/fleet/invites/:token`
2022-05-02 13:55:27 +00:00
#### Parameters
| Name | Type | In | Description |
| ----- | ------- | ---- | -------------------------------------- |
| token | integer | path | **Required.** The user's invite token. |
#### Example
2023-12-08 22:22:20 +00:00
`GET /api/v1/fleet/invites/abcdef012456789`
2022-05-02 13:55:27 +00:00
##### Default response
`Status: 200`
2020-12-24 22:12:44 +00:00
2021-09-16 07:45:14 +00:00
```json
2020-12-24 22:12:44 +00:00
{
2022-05-02 13:55:27 +00:00
"invite": {
"created_at": "2021-01-15T00:58:33Z",
"updated_at": "2021-01-15T00:58:33Z",
"id": 4,
"email": "steve@example.com",
"name": "Steve",
"sso_enabled": false,
"global_role": "admin",
"teams": []
2020-12-24 22:12:44 +00:00
}
}
```
2022-05-02 13:55:27 +00:00
##### Not found
2020-12-24 22:12:44 +00:00
2022-05-02 13:55:27 +00:00
`Status: 404`
2020-12-24 22:12:44 +00:00
2022-05-02 13:55:27 +00:00
```json
{
"message": "Resource Not Found",
"errors": [
{
"name": "base",
"reason": "Invite with token < token > was not found in the datastore"
}
]
2020-12-24 22:12:44 +00:00
}
```
2022-05-02 13:55:27 +00:00
### Update invite
2020-12-24 22:12:44 +00:00
2023-12-08 22:22:20 +00:00
`PATCH /api/v1/fleet/invites/:id`
2020-12-24 22:12:44 +00:00
#### Parameters
2022-05-02 13:55:27 +00:00
| Name | Type | In | Description |
| ----------- | ------- | ---- | ----------------------------------------------------------------------------------------------------------------------------------------------------- |
| global_role | string | body | Role the user will be granted. Either a global role is needed, or a team role. |
| email | string | body | The email of the invited user. Updates on the email won't resend the invitation. |
| name | string | body | The name of the invited user. |
| sso_enabled | boolean | body | Whether or not SSO will be enabled for the invited user. |
2024-04-03 16:48:22 +00:00
| teams | list | body | _Available in Fleet Premium_ . A list of the teams the user is a member of. Each item includes the team's ID and the user's role in the specified team. |
2020-12-24 22:12:44 +00:00
#### Example
2022-05-02 13:55:27 +00:00
`PATCH /api/v1/fleet/invites/123`
2020-12-24 22:12:44 +00:00
2021-06-28 18:41:01 +00:00
##### Request body
2020-12-24 22:12:44 +00:00
2021-09-16 07:45:14 +00:00
```json
2020-12-24 22:12:44 +00:00
{
2022-05-02 13:55:27 +00:00
"email": "john_appleseed@example.com",
"name": "John",
"sso_enabled": false,
"global_role": null,
2021-06-09 23:11:48 +00:00
"teams": [
{
2021-06-24 20:42:29 +00:00
"id": 2,
2021-06-28 18:41:01 +00:00
"role": "observer"
2021-06-09 23:11:48 +00:00
},
{
2021-06-24 20:42:29 +00:00
"id": 3,
2021-06-28 18:41:01 +00:00
"role": "maintainer"
2022-05-02 13:55:27 +00:00
}
2021-06-09 23:11:48 +00:00
]
2020-12-24 22:12:44 +00:00
}
```
##### Default response
`Status: 200`
2021-09-16 07:45:14 +00:00
```json
2020-12-24 22:12:44 +00:00
{
2022-05-02 13:55:27 +00:00
"invite": {
2020-12-24 22:12:44 +00:00
"created_at": "0001-01-01T00:00:00Z",
"updated_at": "0001-01-01T00:00:00Z",
2022-05-02 13:55:27 +00:00
"id": 3,
"invited_by": 1,
"email": "john_appleseed@example.com",
"name": "John",
2021-06-09 23:11:48 +00:00
"sso_enabled": false,
"teams": [
{
2022-05-02 13:55:27 +00:00
"id": 10,
"created_at": "0001-01-01T00:00:00Z",
"name": "Apples",
"description": "",
"agent_options": null,
"user_count": 0,
"host_count": 0,
2021-09-21 01:59:45 +00:00
"role": "observer"
2021-06-09 23:11:48 +00:00
},
{
2022-05-02 13:55:27 +00:00
"id": 14,
"created_at": "0001-01-01T00:00:00Z",
"name": "Best of the Best Engineering",
"description": "",
"agent_options": null,
"user_count": 0,
"host_count": 0,
2021-09-21 01:59:45 +00:00
"role": "maintainer"
2022-05-02 13:55:27 +00:00
}
2021-06-09 23:11:48 +00:00
]
2020-12-24 22:12:44 +00:00
}
}
```
2022-05-02 13:55:27 +00:00
### Version
2020-12-24 22:12:44 +00:00
2022-05-02 13:55:27 +00:00
Get version and build information from the Fleet server.
`GET /api/v1/fleet/version`
#### Parameters
None.
#### Example
`GET /api/v1/fleet/version`
##### Default response
`Status: 200`
2020-12-24 22:12:44 +00:00
2021-09-16 07:45:14 +00:00
```json
2020-12-24 22:12:44 +00:00
{
2022-05-02 13:55:27 +00:00
"version": "3.9.0-93-g1b67826f-dirty",
"branch": "version",
"revision": "1b67826fe4bf40b2f45ec53e01db9bf467752e74",
"go_version": "go1.15.7",
"build_date": "2021-03-27T00:28:48Z",
"build_user": "zwass"
2020-12-24 22:12:44 +00:00
}
```
2022-05-02 13:55:27 +00:00
---
2020-12-24 22:12:44 +00:00
2022-05-02 13:55:27 +00:00
## Hosts
2020-12-24 22:12:44 +00:00
2023-01-09 11:55:43 +00:00
- [On the different timestamps in the host data structure ](#on-the-different-timestamps-in-the-host-data-structure )
2022-05-02 13:55:27 +00:00
- [List hosts ](#list-hosts )
- [Count hosts ](#count-hosts )
- [Get hosts summary ](#get-hosts-summary )
- [Get host ](#get-host )
- [Get host by identifier ](#get-host-by-identifier )
2023-09-12 21:13:09 +00:00
- [Get host by device token ](#get-host-by-device-token )
2022-05-02 13:55:27 +00:00
- [Delete host ](#delete-host )
- [Refetch host ](#refetch-host )
- [Transfer hosts to a team ](#transfer-hosts-to-a-team )
- [Transfer hosts to a team by filter ](#transfer-hosts-to-a-team-by-filter )
2024-05-10 21:57:06 +00:00
- [Turn off MDM for a host ](#turn-off-mdm-for-a-host )
2022-05-02 13:55:27 +00:00
- [Bulk delete hosts by filter or ids ](#bulk-delete-hosts-by-filter-or-ids )
2024-03-06 22:34:29 +00:00
- [Get human-device mapping ](#get-human-device-mapping )
- [Update custom human-device mapping ](#update-custom-human-device-mapping )
- [Get host's device health report ](#get-hosts-device-health-report )
2022-11-01 17:22:07 +00:00
- [Get host's mobile device management (MDM) information ](#get-hosts-mobile-device-management-mdm-information )
- [Get mobile device management (MDM) summary ](#get-mobile-device-management-mdm-summary )
2024-02-05 23:37:35 +00:00
- [Get host's mobile device management (MDM) and Munki information ](#get-hosts-mobile-device-management-mdm-and-munki-information )
2022-11-01 17:22:07 +00:00
- [Get aggregated host's mobile device management (MDM) and Munki information ](#get-aggregated-hosts-macadmin-mobile-device-management-mdm-and-munki-information )
2024-02-17 00:40:33 +00:00
- [List host OS versions ](#list-host-os-versions )
- [Get host OS version ](#get-host-os-version )
2024-02-05 23:37:35 +00:00
- [Get host's scripts ](#get-hosts-scripts )
2024-05-23 21:07:07 +00:00
- [Get host's software ](#get-hosts-software )
- [Install software ](#install-software )
2022-05-02 13:55:27 +00:00
- [Get hosts report in CSV ](#get-hosts-report-in-csv )
2023-02-08 23:20:23 +00:00
- [Get host's disk encryption key ](#get-hosts-disk-encryption-key )
2024-02-22 19:06:47 +00:00
- [Lock host ](#lock-host )
- [Unlock host ](#unlock-host )
2024-03-14 18:30:16 +00:00
- [Wipe host ](#wipe-host )
2024-02-05 23:37:35 +00:00
- [Get host's past activity ](#get-hosts-past-activity )
- [Get host's upcoming activity ](#get-hosts-upcoming-activity )
2024-04-25 20:53:01 +00:00
- [Add labels to host ](#add-labels-to-host )
- [Remove labels from host ](#remove-labels-from-host )
2024-02-16 18:21:15 +00:00
- [Live query one host (ad-hoc) ](#live-query-one-host-ad-hoc )
- [Live query host by identifier (ad-hoc) ](#live-query-host-by-identifier-ad-hoc )
2022-05-02 13:55:27 +00:00
2023-01-09 11:55:43 +00:00
### On the different timestamps in the host data structure
2023-01-30 22:40:11 +00:00
Hosts have a set of timestamps usually named with an "_at" suffix, such as created_at, enrolled_at, etc. Before we go
through each of them and what they mean, we need to understand a bit more about how the host data structure is
2023-01-09 11:55:43 +00:00
represented in the database.
2023-01-30 22:40:11 +00:00
The table `hosts` is the main one. It holds the core data for a host. A host doesn't exist if there is no row for it in
2023-01-09 11:55:43 +00:00
this table. This table also holds most of the timestamps, but it doesn't hold all of the host data. This is an important
detail as we'll see below.
2023-01-30 22:40:11 +00:00
There's adjacent tables to this one that usually follow the name convention `host_<extra data descriptor>` . Examples of
this are: `host_additional` that holds additional query results, `host_software` that links a host with many rows from
2023-01-09 11:55:43 +00:00
the `software` table.
- `created_at` : the time the row in the database was created, which usually corresponds to the first enrollment of the host.
- `updated_at` : the last time the row in the database for the `hosts` table was updated.
- `detail_updated_at` : the last time Fleet updated host data, based on the results from the detail queries (this includes updates to host associated tables, e.g. `host_users` ).
- `label_updated_at` : the last time Fleet updated the label membership for the host based on the results from the queries ran.
- `last_enrolled_at` : the last time the host enrolled to Fleet.
- `policy_updated_at` : the last time we updated the policy results for the host based on the queries ran.
- `seen_time` : the last time the host contacted the fleet server, regardless of what operation it was for.
- `software_updated_at` : the last time software changed for the host in any way.
2023-11-15 21:42:57 +00:00
- `last_restarted_at` : the last time that the host was restarted.
2023-01-09 11:55:43 +00:00
2022-05-02 13:55:27 +00:00
### List hosts
`GET /api/v1/fleet/hosts`
2020-12-24 22:12:44 +00:00
#### Parameters
2022-05-02 13:55:27 +00:00
| Name | Type | In | Description |
| ----------------------- | ------- | ----- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| page | integer | query | Page number of the results to fetch. |
| per_page | integer | query | Results per page. |
| order_key | string | query | What to order results by. Can be any column in the hosts table. |
2023-10-06 22:04:33 +00:00
| after | string | query | The value to get results after. This needs `order_key` defined, as that's the column that would be used. **Note:** Use `page` instead of `after` |
| order_direction | string | query | **Requires `order_key`** . The direction of the order given the order key. Options include 'asc' and 'desc'. Default is 'asc'. |
| status | string | query | Indicates the status of the hosts to return. Can either be 'new', 'online', 'offline', 'mia' or 'missing'. |
2024-01-03 22:59:23 +00:00
| query | string | query | Search query keywords. Searchable fields include `hostname` , `hardware_serial` , `uuid` , `ipv4` and the hosts' email addresses (only searched if the query looks like an email address, i.e. contains an '@', no space, etc.). |
2023-10-30 19:41:02 +00:00
| additional_info_filters | string | query | A comma-delimited list of fields to include in each host's `additional` object. See [Configuration files ](https://fleetdm.com/docs/configuration/configuration-files#features-additional-queries ) for how to configure Fleet to collect additional information for each host. Use '*' to get all fields. |
2024-02-08 21:27:38 +00:00
| team_id | integer | query | _Available in Fleet Premium_ . Filters to only include hosts in the specified team. Use `0` to filter by hosts assigned to "No team". |
2022-10-24 12:46:23 +00:00
| policy_id | integer | query | The ID of the policy to filter hosts by. |
2023-10-27 20:13:20 +00:00
| policy_response | string | query | **Requires `policy_id`** . Valid options are 'passing' or 'failing'. |
2024-01-29 23:19:26 +00:00
| software_version_id | integer | query | The ID of the software version to filter hosts by. |
| software_title_id | integer | query | The ID of the software title to filter hosts by. |
2024-05-23 21:07:07 +00:00
| software_status | string | query | The status of the software install to filter hosts by. |
2024-02-17 00:40:33 +00:00
| os_version_id | integer | query | The ID of the operating system version to filter hosts by. |
2022-10-10 11:45:39 +00:00
| os_name | string | query | The name of the operating system to filter hosts by. `os_version` must also be specified with `os_name` |
| os_version | string | query | The version of the operating system to filter hosts by. `os_name` must also be specified with `os_version` |
2024-03-14 18:27:07 +00:00
| vulnerability | string | query | The cve to filter hosts by (including "cve-" prefix, case-insensitive). |
2023-01-03 22:14:18 +00:00
| device_mapping | boolean | query | Indicates whether `device_mapping` should be included for each host. See ["Get host's Google Chrome profiles ](#get-hosts-google-chrome-profiles ) for more information about this feature. |
2022-08-10 19:15:01 +00:00
| mdm_id | integer | query | The ID of the _mobile device management_ (MDM) solution to filter hosts by (that is, filter hosts that use a specific MDM provider and URL). |
2023-03-29 12:30:49 +00:00
| mdm_name | string | query | The name of the _mobile device management_ (MDM) solution to filter hosts by (that is, filter hosts that use a specific MDM provider). |
2023-10-27 20:13:20 +00:00
| mdm_enrollment_status | string | query | The _mobile device management_ (MDM) enrollment status to filter hosts by. Valid options are 'manual', 'automatic', 'enrolled', 'pending', or 'unenrolled'. |
| macos_settings | string | query | Filters the hosts by the status of the _mobile device management_ (MDM) profiles applied to hosts. Valid options are 'verified', 'verifying', 'pending', or 'failed'. **Note: If this filter is used in Fleet Premium without a team ID filter, the results include only hosts that are not assigned to any team.** |
2022-08-29 18:40:16 +00:00
| munki_issue_id | integer | query | The ID of the _munki issue_ (a Munki-reported error or warning message) to filter hosts by (that is, filter hosts that are affected by that corresponding error or warning message). |
2024-04-03 16:48:22 +00:00
| low_disk_space | integer | query | _Available in Fleet Premium_ . Filters the hosts to only include hosts with less GB of disk space available than this value. Must be a number between 1-100. |
2023-11-08 18:04:37 +00:00
| disable_failing_policies| boolean | query | If `true` , hosts will return failing policies as 0 regardless of whether there are any that failed for the host. This is meant to be used when increased performance is needed in exchange for the extra information. |
2023-10-27 20:13:20 +00:00
| macos_settings_disk_encryption | string | query | Filters the hosts by the status of the macOS disk encryption MDM profile on the host. Valid options are 'verified', 'verifying', 'action_required', 'enforcing', 'failed', or 'removing_enforcement'. |
2024-04-03 16:48:22 +00:00
| bootstrap_package | string | query | _Available in Fleet Premium_ . Filters the hosts by the status of the MDM bootstrap package on the host. Valid options are 'installed', 'pending', or 'failed'. |
2023-10-27 20:13:20 +00:00
| os_settings | string | query | Filters the hosts by the status of the operating system settings applied to the hosts. Valid options are 'verified', 'verifying', 'pending', or 'failed'. **Note: If this filter is used in Fleet Premium without a team ID filter, the results include only hosts that are not assigned to any team.** |
| os_settings_disk_encryption | string | query | Filters the hosts by the status of the disk encryption setting applied to the hosts. Valid options are 'verified', 'verifying', 'action_required', 'enforcing', 'failed', or 'removing_enforcement'. **Note: If this filter is used in Fleet Premium without a team ID filter, the results include only hosts that are not assigned to any team.** |
2023-12-15 21:59:45 +00:00
| populate_software | boolean | query | If `true` , the response will include a list of installed software for each host, including vulnerability data. |
2024-03-14 18:07:03 +00:00
| populate_policies | boolean | query | If `true` , the response will include policy data for each host. |
2023-10-06 22:04:33 +00:00
2024-01-29 23:19:26 +00:00
> `software_id` is deprecated as of Fleet 4.42. It is maintained for backwards compatibility. Please use the `software_version_id` instead.
2022-08-10 19:15:01 +00:00
2024-01-29 23:19:26 +00:00
If `software_title_id` is specified, an additional top-level key `"software_title"` is returned with the software title object corresponding to the `software_title_id` . See [List software ](#list-software ) response payload for details about this object.
If `software_version_id` is specified, an additional top-level key `"software"` is returned with the software object corresponding to the `software_version_id` . See [List software versions ](#list-software-versions ) response payload for details about this object.
2020-12-24 22:12:44 +00:00
2024-01-29 23:19:26 +00:00
If `additional_info_filters` is not specified, no `additional` information will be returned.
2022-08-15 16:57:25 +00:00
2022-09-06 14:34:06 +00:00
If `mdm_id` is specified, an additional top-level key `"mobile_device_management_solution"` is returned with the information corresponding to the `mdm_id` .
2022-08-15 16:57:25 +00:00
2023-10-06 22:04:33 +00:00
If `mdm_id` , `mdm_name` , `mdm_enrollment_status` , `os_settings` , or `os_settings_disk_encryption` is specified, then Windows Servers are excluded from the results.
2022-11-08 09:29:40 +00:00
2023-10-06 22:04:33 +00:00
If `munki_issue_id` is specified, an additional top-level key `munki_issue` is returned with the information corresponding to the `munki_issue_id` .
2022-08-29 18:40:16 +00:00
2022-10-25 21:07:22 +00:00
If `after` is being used with `created_at` or `updated_at` , the table must be specified in `order_key` . Those columns become `h.created_at` and `h.updated_at` .
2020-12-24 22:12:44 +00:00
#### Example
2024-03-14 18:07:03 +00:00
`GET /api/v1/fleet/hosts?page=0&per_page=100&order_key=hostname&query=2ce&populate_software=true&populate_policies=true`
2020-12-24 22:12:44 +00:00
##### Request query parameters
2021-09-16 07:45:14 +00:00
```json
2020-12-24 22:12:44 +00:00
{
2022-05-02 13:55:27 +00:00
"page": 0,
"per_page": 100,
2022-05-09 17:08:37 +00:00
"order_key": "hostname"
2020-12-24 22:12:44 +00:00
}
```
##### Default response
`Status: 200`
2021-09-16 07:45:14 +00:00
```json
2020-12-24 22:12:44 +00:00
{
2022-05-02 13:55:27 +00:00
"hosts": [
2020-12-24 22:12:44 +00:00
{
2022-05-02 13:55:27 +00:00
"created_at": "2020-11-05T05:09:44Z",
"updated_at": "2020-11-05T06:03:39Z",
"id": 1,
"detail_updated_at": "2020-11-05T05:09:45Z",
2023-11-15 21:42:57 +00:00
"last_restarted_at": "2020-11-01T03:01:45Z",
2023-01-09 11:55:43 +00:00
"software_updated_at": "2020-11-05T05:09:44Z",
2022-05-02 13:55:27 +00:00
"label_updated_at": "2020-11-05T05:14:51Z",
2023-06-28 17:02:02 +00:00
"policy_updated_at": "2023-06-26T18:33:15Z",
"last_enrolled_at": "2023-02-26T22:33:12Z",
2022-05-02 13:55:27 +00:00
"seen_time": "2020-11-05T06:03:39Z",
"hostname": "2ceca32fe484",
"uuid": "392547dc-0000-0000-a87a-d701ff75bc65",
"platform": "centos",
"osquery_version": "2.7.0",
"os_version": "CentOS Linux 7",
"build": "",
"platform_like": "rhel fedora",
"code_name": "",
"uptime": 8305000000000,
"memory": 2084032512,
"cpu_type": "6",
"cpu_subtype": "142",
"cpu_brand": "Intel(R) Core(TM) i5-8279U CPU @ 2.40GHz",
"cpu_physical_cores": 4,
"cpu_logical_cores": 4,
"hardware_vendor": "",
"hardware_model": "",
"hardware_version": "",
"hardware_serial": "",
"computer_name": "2ceca32fe484",
2022-10-08 12:57:46 +00:00
"display_name": "2ceca32fe484",
2022-05-02 13:55:27 +00:00
"public_ip": "",
"primary_ip": "",
"primary_mac": "",
"distributed_interval": 10,
"config_tls_refresh": 10,
"logger_tls_period": 8,
"additional": {},
"status": "offline",
"display_text": "2ceca32fe484",
"team_id": null,
"team_name": null,
2024-01-11 19:35:56 +00:00
"gigs_disk_space_available": 174.98,
"percent_disk_space_available": 71,
"gigs_total_disk_space": 246,
2024-01-04 18:16:47 +00:00
"pack_stats": [
{
"pack_id": 0,
"pack_name": "Global",
"type": "global",
"query_stats": [
{
"scheduled_query_name": "Get recently added or removed USB drives",
"scheduled_query_id": 5535,
"query_name": "Get recently added or removed USB drives",
"discard_data": false,
"last_fetched": null,
"automations_enabled": false,
"description": "Returns a record every time a USB device is plugged in or removed",
"pack_name": "Global",
"average_memory": 434176,
"denylisted": false,
"executions": 2,
"interval": 86400,
"last_executed": "2023-11-28T00:02:07Z",
"output_size": 891,
"system_time": 10,
"user_time": 6,
"wall_time": 0
}
]
}
],
2022-05-02 13:55:27 +00:00
"issues": {
"failing_policies_count": 2,
"total_issues_count": 2
2022-08-17 19:10:22 +00:00
},
"geolocation": {
"country_iso": "US",
"city_name": "New York",
"geometry": {
"type": "point",
"coordinates": [40.6799, -74.0028]
}
2023-01-16 23:08:24 +00:00
},
2023-01-30 22:40:11 +00:00
"mdm": {
2023-02-08 23:20:23 +00:00
"encryption_key_available": false,
2024-03-21 18:33:35 +00:00
"enrollment_status": "Pending",
"dep_profile_error": true,
"name": "Fleet",
"server_url": "https://example.fleetdm.com/mdm/apple/mdm"
2023-12-15 21:59:45 +00:00
},
"software": [
{
"id": 1,
"name": "glibc",
"version": "2.12",
"source": "rpm_packages",
"generated_cpe": "cpe:2.3:a:gnu:glibc:2.12:*:*:*:*:*:*:*",
"vulnerabilities": [
{
"cve": "CVE-2009-5155",
"details_link": "https://nvd.nist.gov/vuln/detail/CVE-2009-5155",
"cvss_score": 7.5, // Fleet Premium only
"epss_probability": 0.01537, // Fleet Premium only
"cisa_known_exploit": false, // Fleet Premium only
"cve_published": "2022-01-01 12:32:00", // Fleet Premium only
"cve_description": "In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service (assertion failure and application exit) or trigger an incorrect result by attempting a regular-expression match.", // Fleet Premium only
"resolved_in_version": "2.28" // Fleet Premium only
}
],
"installed_paths": ["/usr/lib/some-path-1"]
}
2024-03-14 18:07:03 +00:00
],
"policies": [
{
"id": 1,
"name": "Gatekeeper enabled",
"query": "SELECT 1 FROM gatekeeper WHERE assessments_enabled = 1;",
"description": "Checks if gatekeeper is enabled on macOS devices",
"resolution": "Fix with these steps...",
"platform": "darwin",
"response": "fail",
"critical": false
}
2023-12-15 21:59:45 +00:00
]
2020-12-24 22:12:44 +00:00
}
]
}
```
2023-03-23 00:34:59 +00:00
> Note: the response above assumes a [GeoIP database is configured](https://fleetdm.com/docs/deploying/configuration#geoip), otherwise the `geolocation` object won't be included.
2022-08-17 19:10:22 +00:00
2022-09-06 14:34:06 +00:00
Response payload with the `mdm_id` filter provided:
```json
{
"hosts": [...],
"mobile_device_management_solution": {
"server_url": "http://some.url/mdm",
"name": "MDM Vendor Name",
"id": 999
}
}
```
Response payload with the `munki_issue_id` filter provided:
```json
{
"hosts": [...],
"munki_issue": {
"id": 1,
"name": "Could not retrieve managed install primary manifest",
"type": "error"
}
}
```
2022-05-02 13:55:27 +00:00
### Count hosts
2021-02-25 19:43:15 +00:00
2022-05-02 13:55:27 +00:00
`GET /api/v1/fleet/hosts/count`
2021-02-25 19:43:15 +00:00
2022-05-02 13:55:27 +00:00
#### Parameters
2021-02-25 19:43:15 +00:00
2022-05-02 13:55:27 +00:00
| Name | Type | In | Description |
| ----------------------- | ------- | ----- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| order_key | string | query | What to order results by. Can be any column in the hosts table. |
2023-10-06 22:04:33 +00:00
| order_direction | string | query | **Requires `order_key`** . The direction of the order given the order key. Options include 'asc' and 'desc'. Default is 'asc'. |
2022-10-25 12:17:51 +00:00
| after | string | query | The value to get results after. This needs `order_key` defined, as that's the column that would be used. |
2023-10-06 22:04:33 +00:00
| status | string | query | Indicates the status of the hosts to return. Can either be 'new', 'online', 'offline', 'mia' or 'missing'. |
2024-01-03 22:59:23 +00:00
| query | string | query | Search query keywords. Searchable fields include `hostname` , `hardware_serial` , `uuid` , `ipv4` and the hosts' email addresses (only searched if the query looks like an email address, i.e. contains an '@', no space, etc.). |
2024-04-03 16:48:22 +00:00
| team_id | integer | query | _Available in Fleet Premium_ . Filters the hosts to only include hosts in the specified team. |
2022-10-25 12:17:51 +00:00
| policy_id | integer | query | The ID of the policy to filter hosts by. |
2023-10-27 20:13:20 +00:00
| policy_response | string | query | **Requires `policy_id`** . Valid options are 'passing' or 'failing'. |
2024-01-29 23:19:26 +00:00
| software_version_id | integer | query | The ID of the software version to filter hosts by. |
| software_title_id | integer | query | The ID of the software title to filter hosts by. |
2024-02-17 00:40:33 +00:00
| os_version_id | integer | query | The ID of the operating system version to filter hosts by. |
2022-10-25 12:17:51 +00:00
| os_name | string | query | The name of the operating system to filter hosts by. `os_version` must also be specified with `os_name` |
| os_version | string | query | The version of the operating system to filter hosts by. `os_name` must also be specified with `os_version` |
2024-03-14 18:27:07 +00:00
| vulnerability | string | query | The cve to filter hosts by (including "cve-" prefix, case-insensitive). |
2022-10-25 12:17:51 +00:00
| label_id | integer | query | A valid label ID. Can only be used in combination with `order_key` , `order_direction` , `after` , `status` , `query` and `team_id` . |
2022-08-10 19:15:01 +00:00
| mdm_id | integer | query | The ID of the _mobile device management_ (MDM) solution to filter hosts by (that is, filter hosts that use a specific MDM provider and URL). |
2023-03-29 12:30:49 +00:00
| mdm_name | string | query | The name of the _mobile device management_ (MDM) solution to filter hosts by (that is, filter hosts that use a specific MDM provider). |
2023-10-27 20:13:20 +00:00
| mdm_enrollment_status | string | query | The _mobile device management_ (MDM) enrollment status to filter hosts by. Valid options are 'manual', 'automatic', 'enrolled', 'pending', or 'unenrolled'. |
| macos_settings | string | query | Filters the hosts by the status of the _mobile device management_ (MDM) profiles applied to hosts. Valid options are 'verified', 'verifying', 'pending', or 'failed'. **Note: If this filter is used in Fleet Premium without a team ID filter, the results include only hosts that are not assigned to any team.** |
2022-08-29 18:40:16 +00:00
| munki_issue_id | integer | query | The ID of the _munki issue_ (a Munki-reported error or warning message) to filter hosts by (that is, filter hosts that are affected by that corresponding error or warning message). |
2024-04-03 16:48:22 +00:00
| low_disk_space | integer | query | _Available in Fleet Premium_ . Filters the hosts to only include hosts with less GB of disk space available than this value. Must be a number between 1-100. |
2023-10-27 20:13:20 +00:00
| macos_settings_disk_encryption | string | query | Filters the hosts by the status of the macOS disk encryption MDM profile on the host. Valid options are 'verified', 'verifying', 'action_required', 'enforcing', 'failed', or 'removing_enforcement'. |
2024-04-03 16:48:22 +00:00
| bootstrap_package | string | query | _Available in Fleet Premium_ . Filters the hosts by the status of the MDM bootstrap package on the host. Valid options are 'installed', 'pending', or 'failed'. **Note: If this filter is used in Fleet Premium without a team ID filter, the results include only hosts that are not assigned to any team.** |
2023-10-27 20:13:20 +00:00
| os_settings | string | query | Filters the hosts by the status of the operating system settings applied to the hosts. Valid options are 'verified', 'verifying', 'pending', or 'failed'. **Note: If this filter is used in Fleet Premium without a team ID filter, the results include only hosts that are not assigned to any team.** |
| os_settings_disk_encryption | string | query | Filters the hosts by the status of the disk encryption setting applied to the hosts. Valid options are 'verified', 'verifying', 'action_required', 'enforcing', 'failed', or 'removing_enforcement'. **Note: If this filter is used in Fleet Premium without a team ID filter, the results include only hosts that are not assigned to any team.** |
2021-02-25 19:43:15 +00:00
2022-05-02 13:55:27 +00:00
If `additional_info_filters` is not specified, no `additional` information will be returned.
2021-02-25 19:43:15 +00:00
2023-03-29 12:30:49 +00:00
If `mdm_id` , `mdm_name` or `mdm_enrollment_status` is specified, then Windows Servers are excluded from the results.
2022-11-08 09:29:40 +00:00
2022-05-02 13:55:27 +00:00
#### Example
2021-02-25 19:43:15 +00:00
2022-05-02 13:55:27 +00:00
`GET /api/v1/fleet/hosts/count?page=0&per_page=100&order_key=hostname&query=2ce`
2021-02-25 19:43:15 +00:00
2022-05-02 13:55:27 +00:00
##### Request query parameters
2021-02-25 19:43:15 +00:00
2021-09-16 07:45:14 +00:00
```json
2021-06-09 23:11:48 +00:00
{
2022-05-02 13:55:27 +00:00
"page": 0,
"per_page": 100,
2022-05-09 17:08:37 +00:00
"order_key": "hostname"
2021-06-09 23:11:48 +00:00
}
```
2021-02-25 19:43:15 +00:00
##### Default response
`Status: 200`
2021-09-16 07:45:14 +00:00
```json
2021-06-09 23:11:48 +00:00
{
2022-05-02 13:55:27 +00:00
"count": 123
2021-06-09 23:11:48 +00:00
}
2021-02-25 19:43:15 +00:00
```
2022-05-02 13:55:27 +00:00
### Get hosts summary
2021-02-25 19:43:15 +00:00
2022-05-02 13:55:27 +00:00
Returns the count of all hosts organized by status. `online_count` includes all hosts currently enrolled in Fleet. `offline_count` includes all hosts that haven't checked into Fleet recently. `mia_count` includes all hosts that haven't been seen by Fleet in more than 30 days. `new_count` includes the hosts that have been enrolled to Fleet in the last 24 hours.
2021-02-25 19:43:15 +00:00
2022-05-02 13:55:27 +00:00
`GET /api/v1/fleet/host_summary`
2021-02-25 19:43:15 +00:00
#### Parameters
2022-09-21 19:56:17 +00:00
| Name | Type | In | Description |
| --------------- | ------- | ---- | ------------------------------------------------------------------------------- |
2024-02-28 21:15:10 +00:00
| team_id | integer | query | _Available in Fleet Premium_ . The ID of the team whose host counts should be included. Defaults to all teams. |
2022-09-21 19:56:17 +00:00
| platform | string | query | Platform to filter by when counting. Defaults to all platforms. |
2024-02-28 21:15:10 +00:00
| low_disk_space | integer | query | _Available in Fleet Premium_ . Returns the count of hosts with less GB of disk space available than this value. Must be a number between 1-100. |
2021-02-25 19:43:15 +00:00
#### Example
2022-09-21 19:56:17 +00:00
`GET /api/v1/fleet/host_summary?team_id=1&low_disk_space=32`
2021-02-25 19:43:15 +00:00
##### Default response
`Status: 200`
2021-09-16 07:45:14 +00:00
```json
2021-02-25 19:43:15 +00:00
{
2022-05-02 13:55:27 +00:00
"team_id": 1,
"totals_hosts_count": 2408,
2022-05-10 15:32:55 +00:00
"online_count": 2267,
"offline_count": 141,
"mia_count": 0,
2022-10-08 12:58:27 +00:00
"missing_30_days_count": 0,
2022-05-10 15:32:55 +00:00
"new_count": 0,
"all_linux_count": 1204,
2022-09-21 19:56:17 +00:00
"low_disk_space_count": 12,
2022-05-10 15:32:55 +00:00
"builtin_labels": [
{
"id": 6,
"name": "All Hosts",
"description": "All hosts which have enrolled in Fleet",
"label_type": "builtin"
},
{
"id": 7,
"name": "macOS",
"description": "All macOS hosts",
"label_type": "builtin"
},
{
"id": 8,
"name": "Ubuntu Linux",
"description": "All Ubuntu hosts",
"label_type": "builtin"
},
{
"id": 9,
"name": "CentOS Linux",
"description": "All CentOS hosts",
"label_type": "builtin"
},
{
"id": 10,
"name": "MS Windows",
"description": "All Windows hosts",
"label_type": "builtin"
},
{
"id": 11,
"name": "Red Hat Linux",
"description": "All Red Hat Enterprise Linux hosts",
"label_type": "builtin"
},
{
"id": 12,
"name": "All Linux",
"description": "All Linux distributions",
"label_type": "builtin"
}
2022-05-23 19:35:05 +00:00
],
2022-05-02 13:55:27 +00:00
"platforms": [
{
2023-06-02 14:55:11 +00:00
"platform": "chrome",
"hosts_count": 1234
2022-05-02 13:55:27 +00:00
},
{
"platform": "darwin",
2023-06-02 14:55:11 +00:00
"hosts_count": 1234
},
{
"platform": "rhel",
"hosts_count": 1234
},
{
"platform": "ubuntu",
"hosts_count": 12044
},
{
"platform": "windows",
"hosts_count": 12044
2022-05-02 13:55:27 +00:00
}
2023-06-07 17:29:36 +00:00
2022-10-08 12:57:46 +00:00
]
2021-02-25 19:43:15 +00:00
}
```
2022-05-02 13:55:27 +00:00
### Get host
2021-02-25 19:43:15 +00:00
2022-05-02 13:55:27 +00:00
Returns the information of the specified host.
2021-02-25 19:43:15 +00:00
2023-12-08 22:22:20 +00:00
`GET /api/v1/fleet/hosts/:id`
2021-02-25 19:43:15 +00:00
#### Parameters
2022-05-02 13:55:27 +00:00
| Name | Type | In | Description |
| ---- | ------- | ---- | ---------------------------- |
| id | integer | path | **Required** . The host's id. |
2021-02-25 19:43:15 +00:00
#### Example
2022-05-02 13:55:27 +00:00
`GET /api/v1/fleet/hosts/121`
2021-02-25 19:43:15 +00:00
##### Default response
`Status: 200`
2021-09-16 07:45:14 +00:00
```json
2021-02-25 19:43:15 +00:00
{
2022-05-02 13:55:27 +00:00
"host": {
"created_at": "2021-08-19T02:02:22Z",
"updated_at": "2021-08-19T21:14:58Z",
"software": [
{
"id": 408,
"name": "osquery",
"version": "4.5.1",
"source": "rpm_packages",
2024-01-29 23:19:26 +00:00
"browser": "",
2022-05-02 13:55:27 +00:00
"generated_cpe": "",
2023-05-17 20:53:15 +00:00
"vulnerabilities": null,
"installed_paths": ["/usr/lib/some-path-1"]
2022-05-02 13:55:27 +00:00
},
{
"id": 1146,
"name": "tar",
"version": "1.30",
"source": "rpm_packages",
2024-01-29 23:19:26 +00:00
"browser": "",
2022-05-02 13:55:27 +00:00
"generated_cpe": "",
"vulnerabilities": null
},
{
"id": 321,
"name": "SomeApp.app",
"version": "1.0",
"source": "apps",
2024-01-29 23:19:26 +00:00
"browser": "",
2022-05-02 13:55:27 +00:00
"bundle_identifier": "com.some.app",
"last_opened_at": "2021-08-18T21:14:00Z",
"generated_cpe": "",
2023-05-17 20:53:15 +00:00
"vulnerabilities": null,
"installed_paths": ["/usr/lib/some-path-2"]
2022-05-02 13:55:27 +00:00
}
],
"id": 1,
"detail_updated_at": "2021-08-19T21:07:53Z",
2023-11-15 21:42:57 +00:00
"last_restarted_at": "2020-11-01T03:01:45Z",
2023-01-09 11:55:43 +00:00
"software_updated_at": "2020-11-05T05:09:44Z",
2022-05-02 13:55:27 +00:00
"label_updated_at": "2021-08-19T21:07:53Z",
2023-06-28 17:02:02 +00:00
"policy_updated_at": "2023-06-26T18:33:15Z",
2022-05-02 13:55:27 +00:00
"last_enrolled_at": "2021-08-19T02:02:22Z",
"seen_time": "2021-08-19T21:14:58Z",
"refetch_requested": false,
"hostname": "23cfc9caacf0",
"uuid": "309a4b7d-0000-0000-8e7f-26ae0815ede8",
"platform": "rhel",
2024-04-25 18:26:28 +00:00
"osquery_version": "5.12.0",
"orbit_version": "1.22.0",
"fleet_desktop_version": "1.22.0",
"scripts_enabled": true,
2022-05-02 13:55:27 +00:00
"os_version": "CentOS Linux 8.3.2011",
"build": "",
"platform_like": "rhel",
"code_name": "",
"uptime": 210671000000000,
"memory": 16788398080,
"cpu_type": "x86_64",
"cpu_subtype": "158",
"cpu_brand": "Intel(R) Core(TM) i9-9980HK CPU @ 2.40GHz",
"cpu_physical_cores": 12,
"cpu_logical_cores": 12,
"hardware_vendor": "",
"hardware_model": "",
"hardware_version": "",
"hardware_serial": "",
"computer_name": "23cfc9caacf0",
2022-10-08 12:57:46 +00:00
"display_name": "23cfc9caacf0",
2022-05-02 13:55:27 +00:00
"public_ip": "",
"primary_ip": "172.27.0.6",
"primary_mac": "02:42:ac:1b:00:06",
"distributed_interval": 10,
"config_tls_refresh": 10,
"logger_tls_period": 10,
"team_id": null,
"pack_stats": null,
"team_name": null,
"additional": {},
"gigs_disk_space_available": 46.1,
2024-01-11 19:35:56 +00:00
"percent_disk_space_available": 74,
"gigs_total_disk_space": 160,
2022-11-02 19:44:02 +00:00
"disk_encryption_enabled": true,
2024-04-25 18:20:01 +00:00
"scripts_enabled": true,
2022-05-02 13:55:27 +00:00
"users": [
{
"uid": 0,
"username": "root",
"type": "",
"groupname": "root",
"shell": "/bin/bash"
},
{
"uid": 1,
"username": "bin",
"type": "",
"groupname": "bin",
"shell": "/sbin/nologin"
}
],
"labels": [
{
"created_at": "2021-08-19T02:02:17Z",
"updated_at": "2021-08-19T02:02:17Z",
"id": 6,
"name": "All Hosts",
"description": "All hosts which have enrolled in Fleet",
2022-05-03 14:47:31 +00:00
"query": "SELECT 1;",
2022-05-02 13:55:27 +00:00
"platform": "",
"label_type": "builtin",
"label_membership_type": "dynamic"
},
{
"created_at": "2021-08-19T02:02:17Z",
"updated_at": "2021-08-19T02:02:17Z",
"id": 9,
"name": "CentOS Linux",
"description": "All CentOS hosts",
2022-05-03 14:47:31 +00:00
"query": "SELECT 1 FROM os_version WHERE platform = 'centos' OR name LIKE '%centos%'",
2022-05-02 13:55:27 +00:00
"platform": "",
"label_type": "builtin",
"label_membership_type": "dynamic"
},
{
"created_at": "2021-08-19T02:02:17Z",
"updated_at": "2021-08-19T02:02:17Z",
"id": 12,
"name": "All Linux",
"description": "All Linux distributions",
"query": "SELECT 1 FROM osquery_info WHERE build_platform LIKE '%ubuntu%' OR build_distro LIKE '%centos%';",
"platform": "",
"label_type": "builtin",
"label_membership_type": "dynamic"
}
],
"packs": [],
"status": "online",
"display_text": "23cfc9caacf0",
"policies": [
{
"id": 2,
"name": "SomeQuery2",
2022-05-03 14:47:31 +00:00
"query": "SELECT * FROM bar;",
2022-05-02 13:55:27 +00:00
"description": "this is another query",
"resolution": "fix with these other steps...",
"platform": "darwin",
2022-12-06 14:59:20 +00:00
"response": "fail",
"critical": false
2022-05-02 13:55:27 +00:00
},
{
"id": 3,
"name": "SomeQuery3",
2022-05-03 14:47:31 +00:00
"query": "SELECT * FROM baz;",
2022-05-02 13:55:27 +00:00
"description": "",
"resolution": "",
"platform": "",
2022-12-06 14:59:20 +00:00
"response": "",
"critical": false
2024-01-16 16:23:31 +00:00
},
{
"id": 1,
"name": "SomeQuery",
"query": "SELECT * FROM foo;",
"description": "this is a query",
"resolution": "fix with these steps...",
"platform": "windows,linux",
"response": "pass",
"critical": false
2022-05-02 13:55:27 +00:00
}
],
"issues": {
"failing_policies_count": 2,
"total_issues_count": 2
2022-06-28 18:11:49 +00:00
},
"batteries": [
{
"cycle_count": 999,
2022-07-21 02:16:03 +00:00
"health": "Normal"
2022-06-28 18:11:49 +00:00
}
2022-08-17 19:10:22 +00:00
],
"geolocation": {
"country_iso": "US",
"city_name": "New York",
"geometry": {
"type": "point",
"coordinates": [40.6799, -74.0028]
}
2023-01-16 23:08:24 +00:00
},
2023-01-30 22:40:11 +00:00
"mdm": {
2023-02-08 23:20:23 +00:00
"encryption_key_available": false,
2023-01-30 22:40:11 +00:00
"enrollment_status": null,
2023-02-27 21:40:34 +00:00
"name": "",
2023-03-08 20:42:23 +00:00
"server_url": null,
2024-02-22 19:06:47 +00:00
"device_status": "unlocked",
"pending_action": "",
2023-03-08 20:42:23 +00:00
"macos_settings": {
"disk_encryption": null,
"action_required": null
2023-03-09 15:53:40 +00:00
},
2023-04-22 15:23:38 +00:00
"macos_setup": {
"bootstrap_package_status": "installed",
2023-04-27 15:10:41 +00:00
"detail": "",
"bootstrap_package_name": "test.pkg"
2023-04-22 15:23:38 +00:00
},
2023-10-20 18:55:49 +00:00
"os_settings": {
"disk_encryption": {
"status": null,
"detail": ""
}
},
2023-03-09 15:53:40 +00:00
"profiles": [
{
2024-01-24 17:13:56 +00:00
"profile_uuid": "954ec5ea-a334-4825-87b3-937e7e381f24",
2023-03-09 15:53:40 +00:00
"name": "profile1",
2023-04-24 21:27:15 +00:00
"status": "verifying",
2023-03-09 15:53:40 +00:00
"operation_type": "install",
"detail": ""
}
]
2023-01-30 22:40:11 +00:00
}
2022-05-02 13:55:27 +00:00
}
2021-02-25 19:43:15 +00:00
}
```
2023-03-23 00:34:59 +00:00
> Note: the response above assumes a [GeoIP database is configured](https://fleetdm.com/docs/deploying/configuration#geoip), otherwise the `geolocation` object won't be included.
2022-08-17 19:10:22 +00:00
2023-08-02 23:35:37 +00:00
> Note: `installed_paths` may be blank depending on installer package. For example, on Linux, RPM-installed packages do not provide installed path information.
2024-04-25 18:26:28 +00:00
> Note:
> - `orbit_version: null` means this agent is not a fleetd agent
> - `fleet_desktop_version: null` means this agent is not a fleetd agent, or this agent is version <=1.23.0 which is not collecting the desktop version
> - `fleet_desktop_version: ""` means this agent is a fleetd agent but does not have fleet desktop
> - `scripts_enabled: null` means this agent is not a fleetd agent, or this agent is version <=1.23.0 which is not collecting the scripts enabled info
2022-05-02 13:55:27 +00:00
### Get host by identifier
2021-03-09 15:50:48 +00:00
2024-01-03 22:59:23 +00:00
Returns the information of the host specified using the `uuid` , `hardware_serial` , `osquery_host_id` , `hostname` , or
2024-02-27 14:06:15 +00:00
`node_key` as an identifier.
2024-03-26 16:16:28 +00:00
If `hostname` is specified when there is more than one host with the same hostname, the endpoint returns the first matching host. In Fleet, hostnames are fully qualified domain names (FQDNs).
2021-03-09 15:50:48 +00:00
2023-12-08 22:22:20 +00:00
`GET /api/v1/fleet/hosts/identifier/:identifier`
2021-03-09 15:50:48 +00:00
#### Parameters
2022-05-02 13:55:27 +00:00
| Name | Type | In | Description |
| ---------- | ----------------- | ---- | ----------------------------------------------------------------------------- |
2024-01-03 22:59:23 +00:00
| identifier | integer or string | path | **Required** . The host's `hardware_serial` , `uuid` , `osquery_host_id` , `hostname` , or `node_key` |
2021-03-09 15:50:48 +00:00
#### Example
2022-05-02 13:55:27 +00:00
`GET /api/v1/fleet/hosts/identifier/392547dc-0000-0000-a87a-d701ff75bc65`
2021-03-09 15:50:48 +00:00
##### Default response
`Status: 200`
2021-09-16 07:45:14 +00:00
```json
2021-03-09 15:50:48 +00:00
{
2022-05-02 13:55:27 +00:00
"host": {
2022-10-14 21:22:04 +00:00
"created_at": "2022-02-10T02:29:13Z",
"updated_at": "2022-10-14T17:07:11Z",
"software": [
{
2024-02-23 23:26:39 +00:00
"id": 16923,
"name": "Automat",
"version": "0.8.0",
"source": "python_packages",
"browser": "",
"generated_cpe": "",
"vulnerabilities": null,
"installed_paths": ["/usr/lib/some_path/"]
2022-10-14 21:22:04 +00:00
}
],
"id": 33,
"detail_updated_at": "2022-10-14T17:07:12Z",
"label_updated_at": "2022-10-14T17:07:12Z",
"policy_updated_at": "2022-10-14T17:07:12Z",
"last_enrolled_at": "2022-02-10T02:29:13Z",
2023-01-09 11:55:43 +00:00
"software_updated_at": "2020-11-05T05:09:44Z",
2022-10-14 21:22:04 +00:00
"seen_time": "2022-10-14T17:45:41Z",
"refetch_requested": false,
"hostname": "23cfc9caacf0",
2022-05-02 13:55:27 +00:00
"uuid": "392547dc-0000-0000-a87a-d701ff75bc65",
2022-10-14 21:22:04 +00:00
"platform": "ubuntu",
"osquery_version": "5.5.1",
"os_version": "Ubuntu 20.04.3 LTS",
2022-05-02 13:55:27 +00:00
"build": "",
2022-10-14 21:22:04 +00:00
"platform_like": "debian",
"code_name": "focal",
"uptime": 20807520000000000,
"memory": 1024360448,
"cpu_type": "x86_64",
"cpu_subtype": "63",
"cpu_brand": "DO-Regular",
"cpu_physical_cores": 1,
"cpu_logical_cores": 1,
2022-05-02 13:55:27 +00:00
"hardware_vendor": "",
"hardware_model": "",
"hardware_version": "",
"hardware_serial": "",
2022-10-14 21:22:04 +00:00
"computer_name": "23cfc9caacf0",
"public_ip": "",
"primary_ip": "172.27.0.6",
"primary_mac": "02:42:ac:1b:00:06",
2022-05-02 13:55:27 +00:00
"distributed_interval": 10,
2022-10-14 21:22:04 +00:00
"config_tls_refresh": 60,
"logger_tls_period": 10,
"team_id": 2,
"pack_stats": [
{
"pack_id": 1,
"pack_name": "Global",
"type": "global",
"query_stats": [
{
"scheduled_query_name": "Get running processes (with user_name)",
"scheduled_query_id": 49,
"query_name": "Get running processes (with user_name)",
"pack_name": "Global",
"pack_id": 1,
"average_memory": 260000,
"denylisted": false,
"executions": 1,
"interval": 86400,
"last_executed": "2022-10-14T10:00:01Z",
"output_size": 198,
"system_time": 20,
"user_time": 80,
"wall_time": 0
}
]
}
],
2022-05-02 13:55:27 +00:00
"team_name": null,
2022-10-14 21:22:04 +00:00
"gigs_disk_space_available": 19.29,
"percent_disk_space_available": 74,
2024-01-11 19:35:56 +00:00
"gigs_total_disk_space": 192,
2022-10-14 21:22:04 +00:00
"issues": {
"total_issues_count": 0,
"failing_policies_count": 0
},
"labels": [
2024-02-23 23:26:39 +00:00
{
"created_at": "2021-09-14T05:11:02Z",
"updated_at": "2021-09-14T05:11:02Z",
"id": 12,
"name": "All Linux",
"description": "All Linux distributions",
"query": "SELECT 1 FROM osquery_info WHERE build_platform LIKE '%ubuntu%' OR build_distro LIKE '%centos%';",
"platform": "",
"label_type": "builtin",
"label_membership_type": "dynamic"
}
2022-10-14 21:22:04 +00:00
],
"packs": [
2024-02-23 23:26:39 +00:00
{
"created_at": "2021-09-17T05:28:54Z",
"updated_at": "2021-09-17T05:28:54Z",
"id": 1,
"name": "Global",
"description": "Global pack",
"disabled": false,
"type": "global",
"labels": null,
"label_ids": null,
"hosts": null,
"host_ids": null,
"teams": null,
"team_ids": null
}
2022-10-14 21:22:04 +00:00
],
"policies": [
{
2024-02-23 23:26:39 +00:00
"id": 142,
"name": "Full disk encryption enabled (macOS)",
"query": "SELECT 1 FROM disk_encryption WHERE user_uuid IS NOT '' AND filevault_status = 'on' LIMIT 1;",
"description": "Checks to make sure that full disk encryption (FileVault) is enabled on macOS devices.",
"author_id": 31,
"author_name": "",
"author_email": "",
"team_id": null,
"resolution": "To enable full disk encryption, on the failing device, select System Preferences > Security & Privacy > FileVault > Turn On FileVault.",
"platform": "darwin,linux",
"created_at": "2022-09-02T18:52:19Z",
"updated_at": "2022-09-02T18:52:19Z",
"response": "fail",
"critical": false
}
2022-10-14 21:22:04 +00:00
],
2022-06-28 18:11:49 +00:00
"batteries": [
{
"cycle_count": 999,
2022-07-21 02:16:03 +00:00
"health": "Normal"
2022-06-28 18:11:49 +00:00
}
2022-08-17 19:10:22 +00:00
],
"geolocation": {
"country_iso": "US",
"city_name": "New York",
"geometry": {
"type": "point",
"coordinates": [40.6799, -74.0028]
}
2022-10-14 21:22:04 +00:00
},
"status": "online",
"display_text": "dogfood-ubuntu-box",
2023-01-16 23:08:24 +00:00
"display_name": "dogfood-ubuntu-box",
2023-01-30 22:40:11 +00:00
"mdm": {
2023-02-08 23:20:23 +00:00
"encryption_key_available": false,
2023-01-30 22:40:11 +00:00
"enrollment_status": null,
2023-02-27 21:40:34 +00:00
"name": "",
2023-03-08 20:42:23 +00:00
"server_url": null,
2024-02-22 19:06:47 +00:00
"device_status": "unlocked",
"pending_action": "lock",
2023-03-08 20:42:23 +00:00
"macos_settings": {
"disk_encryption": null,
"action_required": null
2023-03-09 15:53:40 +00:00
},
2023-04-22 15:23:38 +00:00
"macos_setup": {
"bootstrap_package_status": "installed",
"detail": ""
},
2023-10-06 22:04:33 +00:00
"os_settings": {
2023-10-20 18:55:49 +00:00
"disk_encryption": {
"status": null,
"detail": ""
}
2023-10-06 22:04:33 +00:00
},
2023-03-09 15:53:40 +00:00
"profiles": [
{
2024-01-24 17:13:56 +00:00
"profile_uuid": "954ec5ea-a334-4825-87b3-937e7e381f24",
2023-03-09 15:53:40 +00:00
"name": "profile1",
2023-04-24 21:27:15 +00:00
"status": "verifying",
2023-03-09 15:53:40 +00:00
"operation_type": "install",
"detail": ""
}
]
2023-01-30 22:40:11 +00:00
}
2022-05-02 13:55:27 +00:00
}
2021-03-09 15:50:48 +00:00
}
```
2023-03-23 00:34:59 +00:00
> Note: the response above assumes a [GeoIP database is configured](https://fleetdm.com/docs/deploying/configuration#geoip), otherwise the `geolocation` object won't be included.
2022-08-17 19:10:22 +00:00
2023-08-02 23:35:37 +00:00
> Note: `installed_paths` may be blank depending on installer package. For example, on Linux, RPM-installed packages do not provide installed path information.
2023-09-12 21:13:09 +00:00
#### Get host by device token
Returns a subset of information about the host specified by `token` . To get all information about a host, use the "Get host" endpoint [here ](#get-host ).
This is the API route used by the **My device** page in Fleet desktop to display information about the host to the end user.
2023-12-08 22:22:20 +00:00
`GET /api/v1/fleet/device/:token`
2023-09-12 21:13:09 +00:00
##### Parameters
| Name | Type | In | Description |
| ----- | ------ | ---- | ---------------------------------- |
| token | string | path | The device's authentication token. |
##### Example
`GET /api/v1/fleet/device/abcdef012456789`
##### Default response
`Status: 200`
```json
{
"host": {
"created_at": "2021-08-19T02:02:22Z",
"updated_at": "2021-08-19T21:14:58Z",
"software": [
{
"id": 408,
"name": "osquery",
"version": "4.5.1",
"source": "rpm_packages",
2024-01-29 23:19:26 +00:00
"browser": "",
2023-09-12 21:13:09 +00:00
"generated_cpe": "",
"vulnerabilities": null
},
{
"id": 1146,
"name": "tar",
"version": "1.30",
"source": "rpm_packages",
2024-01-29 23:19:26 +00:00
"browser": "",
2023-09-12 21:13:09 +00:00
"generated_cpe": "",
"vulnerabilities": null
},
{
"id": 321,
"name": "SomeApp.app",
"version": "1.0",
"source": "apps",
2024-01-29 23:19:26 +00:00
"browser": "",
2023-09-12 21:13:09 +00:00
"bundle_identifier": "com.some.app",
"last_opened_at": "2021-08-18T21:14:00Z",
"generated_cpe": "",
"vulnerabilities": null
}
],
"id": 1,
"detail_updated_at": "2021-08-19T21:07:53Z",
"label_updated_at": "2021-08-19T21:07:53Z",
"last_enrolled_at": "2021-08-19T02:02:22Z",
"seen_time": "2021-08-19T21:14:58Z",
"refetch_requested": false,
"hostname": "23cfc9caacf0",
"uuid": "309a4b7d-0000-0000-8e7f-26ae0815ede8",
"platform": "rhel",
"osquery_version": "4.5.1",
"os_version": "CentOS Linux 8.3.2011",
"build": "",
"platform_like": "rhel",
"code_name": "",
"uptime": 210671000000000,
"memory": 16788398080,
"cpu_type": "x86_64",
"cpu_subtype": "158",
"cpu_brand": "Intel(R) Core(TM) i9-9980HK CPU @ 2.40GHz",
"cpu_physical_cores": 12,
"cpu_logical_cores": 12,
"hardware_vendor": "",
"hardware_model": "",
"hardware_version": "",
"hardware_serial": "",
"computer_name": "23cfc9caacf0",
"display_name": "23cfc9caacf0",
"public_ip": "",
"primary_ip": "172.27.0.6",
"primary_mac": "02:42:ac:1b:00:06",
"distributed_interval": 10,
"config_tls_refresh": 10,
"logger_tls_period": 10,
"team_id": null,
"pack_stats": null,
"team_name": null,
"additional": {},
"gigs_disk_space_available": 46.1,
2024-01-11 19:35:56 +00:00
"percent_disk_space_available": 74,
"gigs_total_disk_space": 160,
2023-09-12 21:13:09 +00:00
"disk_encryption_enabled": true,
"dep_assigned_to_fleet": false,
"users": [
{
"uid": 0,
"username": "root",
"type": "",
"groupname": "root",
"shell": "/bin/bash"
},
{
"uid": 1,
"username": "bin",
"type": "",
"groupname": "bin",
"shell": "/sbin/nologin"
}
],
"labels": [
{
"created_at": "2021-08-19T02:02:17Z",
"updated_at": "2021-08-19T02:02:17Z",
"id": 6,
"name": "All Hosts",
"description": "All hosts which have enrolled in Fleet",
"query": "SELECT 1;",
"platform": "",
"label_type": "builtin",
"label_membership_type": "dynamic"
},
{
"created_at": "2021-08-19T02:02:17Z",
"updated_at": "2021-08-19T02:02:17Z",
"id": 9,
"name": "CentOS Linux",
"description": "All CentOS hosts",
"query": "SELECT 1 FROM os_version WHERE platform = 'centos' OR name LIKE '%centos%'",
"platform": "",
"label_type": "builtin",
"label_membership_type": "dynamic"
},
{
"created_at": "2021-08-19T02:02:17Z",
"updated_at": "2021-08-19T02:02:17Z",
"id": 12,
"name": "All Linux",
"description": "All Linux distributions",
"query": "SELECT 1 FROM osquery_info WHERE build_platform LIKE '%ubuntu%' OR build_distro LIKE '%centos%';",
"platform": "",
"label_type": "builtin",
"label_membership_type": "dynamic"
}
],
"packs": [],
"status": "online",
"display_text": "23cfc9caacf0",
"batteries": [
{
"cycle_count": 999,
"health": "Good"
}
],
"mdm": {
"encryption_key_available": false,
"enrollment_status": null,
"name": "",
"server_url": null,
"macos_settings": {
"disk_encryption": null,
"action_required": null
},
"macos_setup": {
"bootstrap_package_status": "installed",
"detail": "",
"bootstrap_package_name": "test.pkg"
},
2023-10-06 22:04:33 +00:00
"os_settings": {
2023-10-20 18:55:49 +00:00
"disk_encryption": {
"status": null,
"detail": ""
}
2023-10-06 22:04:33 +00:00
},
2023-09-12 21:13:09 +00:00
"profiles": [
{
2024-01-24 17:13:56 +00:00
"profile_uuid": "954ec5ea-a334-4825-87b3-937e7e381f24",
2023-09-12 21:13:09 +00:00
"name": "profile1",
"status": "verifying",
"operation_type": "install",
"detail": ""
}
]
}
},
"org_logo_url": "https://example.com/logo.jpg",
"license": {
"tier": "free",
"expiration": "2031-01-01T00:00:00Z"
},
"global_config": {
"mdm": {
"enabled_and_configured": false
}
}
}
```
2022-05-02 13:55:27 +00:00
### Delete host
2021-01-26 01:27:24 +00:00
2022-05-02 13:55:27 +00:00
Deletes the specified host from Fleet. Note that a deleted host will fail authentication with the previous node key, and in most osquery configurations will attempt to re-enroll automatically. If the host still has a valid enroll secret, it will re-enroll successfully.
2021-01-26 01:27:24 +00:00
2023-12-08 22:22:20 +00:00
`DELETE /api/v1/fleet/hosts/:id`
2021-01-26 01:27:24 +00:00
#### Parameters
2022-05-02 13:55:27 +00:00
| Name | Type | In | Description |
| ---- | ------- | ---- | ---------------------------- |
| id | integer | path | **Required** . The host's id. |
2021-01-26 01:27:24 +00:00
#### Example
2022-05-02 13:55:27 +00:00
`DELETE /api/v1/fleet/hosts/121`
2021-01-26 01:27:24 +00:00
##### Default response
`Status: 200`
2022-05-02 13:55:27 +00:00
### Refetch host
2021-01-26 01:27:24 +00:00
2022-05-02 13:55:27 +00:00
Flags the host details, labels and policies to be refetched the next time the host checks in for distributed queries. Note that we cannot be certain when the host will actually check in and update the query results. Further requests to the host APIs will indicate that the refetch has been requested through the `refetch_requested` field on the host object.
2021-01-26 01:27:24 +00:00
2023-12-08 22:22:20 +00:00
`POST /api/v1/fleet/hosts/:id/refetch`
2021-01-26 01:27:24 +00:00
#### Parameters
2022-05-02 13:55:27 +00:00
| Name | Type | In | Description |
| ---- | ------- | ---- | ---------------------------- |
| id | integer | path | **Required** . The host's id. |
2021-01-26 01:27:24 +00:00
#### Example
2022-05-02 13:55:27 +00:00
`POST /api/v1/fleet/hosts/121/refetch`
2021-01-26 01:27:24 +00:00
##### Default response
`Status: 200`
2022-05-02 13:55:27 +00:00
### Transfer hosts to a team
2021-01-26 01:27:24 +00:00
2022-05-02 13:55:27 +00:00
_Available in Fleet Premium_
`POST /api/v1/fleet/hosts/transfer`
2021-01-26 01:27:24 +00:00
#### Parameters
2022-05-02 13:55:27 +00:00
| Name | Type | In | Description |
| ------- | ------- | ---- | ----------------------------------------------------------------------- |
| team_id | integer | body | **Required** . The ID of the team you'd like to transfer the host(s) to. |
| hosts | array | body | **Required** . A list of host IDs. |
2021-01-26 01:27:24 +00:00
#### Example
2022-05-02 13:55:27 +00:00
`POST /api/v1/fleet/hosts/transfer`
2021-01-26 01:27:24 +00:00
##### Request body
2021-09-16 07:45:14 +00:00
```json
2021-01-26 01:27:24 +00:00
{
2022-05-02 13:55:27 +00:00
"team_id": 1,
"hosts": [3, 2, 4, 6, 1, 5, 7]
2021-01-26 01:27:24 +00:00
}
```
##### Default response
`Status: 200`
2022-05-02 13:55:27 +00:00
### Transfer hosts to a team by filter
_Available in Fleet Premium_
`POST /api/v1/fleet/hosts/transfer/filter`
#### Parameters
| Name | Type | In | Description |
| ------- | ------- | ---- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| team_id | integer | body | **Required** . The ID of the team you'd like to transfer the host(s) to. |
2024-03-04 20:48:19 +00:00
| filters | object | body | **Required** Contains any of the following four properties: `query` for search query keywords. Searchable fields include `hostname` , `hardware_serial` , `uuid` , and `ipv4` . `status` to indicate the status of the hosts to return. Can either be `new` , `online` , `offline` , `mia` or `missing` . `label_id` to indicate the selected label. `team_id` to indicate the selected team. Note: `label_id` and `status` cannot be used at the same time. |
2022-05-02 13:55:27 +00:00
#### Example
`POST /api/v1/fleet/hosts/transfer/filter`
##### Request body
2021-09-16 07:45:14 +00:00
```json
2021-01-26 01:27:24 +00:00
{
2022-05-02 13:55:27 +00:00
"team_id": 1,
"filters": {
2024-03-04 20:48:19 +00:00
"status": "online",
"team_id": 2,
2021-01-26 01:27:24 +00:00
}
}
```
2022-05-02 13:55:27 +00:00
##### Default response
2021-01-26 01:27:24 +00:00
2022-05-02 13:55:27 +00:00
`Status: 200`
2021-01-26 01:27:24 +00:00
2024-05-10 21:57:06 +00:00
### Turn off MDM for a host
`DELETE /api/v1/fleet/hosts/:id/mdm`
#### Parameters
| Name | Type | In | Description |
| ---- | ------- | ---- | ------------------------------------- |
| id | integer | path | **Required.** The host's ID in Fleet. |
#### Example
`DELETE /api/v1/fleet/hosts/42/mdm`
##### Default response
`Status: 200`
2022-05-02 13:55:27 +00:00
### Bulk delete hosts by filter or ids
`POST /api/v1/fleet/hosts/delete`
2021-01-26 01:27:24 +00:00
#### Parameters
2022-05-02 13:55:27 +00:00
| Name | Type | In | Description |
| ------- | ------- | ---- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| ids | list | body | A list of the host IDs you'd like to delete. If `ids` is specified, `filters` cannot be specified. |
2024-01-03 22:59:23 +00:00
| filters | object | body | Contains any of the following four properties: `query` for search query keywords. Searchable fields include `hostname` , `hardware_serial` , `uuid` , and `ipv4` . `status` to indicate the status of the hosts to return. Can either be `new` , `online` , `offline` , `mia` or `missing` . `label_id` to indicate the selected label. `team_id` to indicate the selected team. If `filters` is specified, `id` cannot be specified. `label_id` and `status` cannot be used at the same time. |
2022-05-02 13:55:27 +00:00
Either ids or filters are required.
Request (`ids` is specified):
```json
{
"ids": [1]
}
```
Request (`filters` is specified):
```json
{
"filters": {
"status": "online",
"label_id": 1,
"team_id": 1,
"query": "abc"
}
}
```
2021-01-26 01:27:24 +00:00
2023-11-06 18:29:43 +00:00
Request (`filters` is specified and empty, to delete all hosts):
```json
{
"filters": {}
}
```
2021-01-26 01:27:24 +00:00
#### Example
2022-05-02 13:55:27 +00:00
`POST /api/v1/fleet/hosts/delete`
2021-01-26 01:27:24 +00:00
##### Request body
2021-09-16 07:45:14 +00:00
```json
2021-01-26 01:27:24 +00:00
{
2022-05-02 13:55:27 +00:00
"filters": {
"status": "online",
"team_id": 1
}
2021-01-26 01:27:24 +00:00
}
```
##### Default response
`Status: 200`
2024-01-10 14:23:56 +00:00
### Get human-device mapping
2022-05-02 13:55:27 +00:00
2024-01-10 22:29:51 +00:00
Returns the end user's email(s) they use to log in to their Identity Provider (IdP) and Google Chrome profile.
Also returns the custom email that's set via the `PUT /api/v1/fleet/hosts/:id/device_mapping` endpoint (docs [here ](#update-custom-human-device-mapping ))
2024-01-10 14:23:56 +00:00
Note that IdP email is only supported on macOS hosts. It's collected once, during automatic enrollment (DEP), only if the end user authenticates with the IdP and the DEP profile has `await_device_configured` set to `true` .
2022-05-02 13:55:27 +00:00
2023-12-08 22:22:20 +00:00
`GET /api/v1/fleet/hosts/:id/device_mapping`
2022-05-02 13:55:27 +00:00
#### Parameters
| Name | Type | In | Description |
| ---------- | ----------------- | ---- | ----------------------------------------------------------------------------- |
| id | integer | path | **Required** . The host's `id` . |
#### Example
`GET /api/v1/fleet/hosts/1/device_mapping`
##### Default response
`Status: 200`
2021-09-16 07:45:14 +00:00
```json
2021-01-26 01:27:24 +00:00
{
2022-05-02 13:55:27 +00:00
"host_id": 1,
"device_mapping": [
2024-01-10 14:23:56 +00:00
{
"email": "user@example.com",
"source": "identity_provider"
},
2022-05-02 13:55:27 +00:00
{
"email": "user@example.com",
"source": "google_chrome_profiles"
2024-01-10 22:29:51 +00:00
},
{
"email": "user@example.com",
"source": "custom"
}
]
}
```
---
### Update custom human-device mapping
`PUT /api/v1/fleet/hosts/:id/device_mapping`
Updates the email for the `custom` data source in the human-device mapping. This source can only have one email.
#### Parameters
| Name | Type | In | Description |
| ---------- | ----------------- | ---- | ----------------------------------------------------------------------------- |
| id | integer | path | **Required** . The host's `id` . |
| email | string | body | **Required** . The custom email. |
#### Example
`PUT /api/v1/fleet/hosts/1/device_mapping`
##### Request body
```json
{
"email": "user@example.com"
}
```
##### Default response
`Status: 200`
```json
{
"host_id": 1,
"device_mapping": [
{
"email": "user@example.com",
"source": "identity_provider"
},
{
"email": "user@example.com",
"source": "google_chrome_profiles"
},
{
"email": "user@example.com",
"source": "custom"
2022-05-02 13:55:27 +00:00
}
]
2021-01-26 01:27:24 +00:00
}
```
2023-12-15 21:57:41 +00:00
### Get host's device health report
Retrieves information about a single host's device health.
This report includes a subset of host vitals, and simplified policy and vulnerable software information. Data is cached to preserve performance. To get all up-to-date information about a host, use the "Get host" endpoint [here ](#get-host ).
`GET /api/v1/fleet/hosts/:id/health`
#### Parameters
| Name | Type | In | Description |
| ---------- | ----------------- | ---- | ----------------------------------------------------------------------------- |
| id | integer | path | **Required** . The host's `id` . |
#### Example
`GET /api/v1/fleet/hosts/1/health`
##### Default response
`Status: 200`
```json
{
"host_id": 1,
"health": {
"updated_at": "2023-09-16T18:52:19Z",
"os_version": "CentOS Linux 8.3.2011",
"disk_encryption_enabled": true,
2024-05-02 21:28:34 +00:00
"failing_policies_count": 1,
"failing_critical_policies_count": 1, // Fleet Premium only
2023-12-15 21:57:41 +00:00
"failing_policies": [
{
"id": 123,
"name": "Google Chrome is up to date",
2024-05-02 21:28:34 +00:00
"critical": true, // Fleet Premium only
"resolution": "Follow the Update Google Chrome instructions here: https://support.google.com/chrome/answer/95414?sjid=6534253818042437614-NA"
2023-12-15 21:57:41 +00:00
}
],
"vulnerable_software": [
{
"id": 321,
"name": "Firefox.app",
"version": "116.0.3",
}
]
}
}
```
2022-05-02 13:55:27 +00:00
---
2021-01-26 01:27:24 +00:00
2022-11-01 17:22:07 +00:00
### Get host's mobile device management (MDM) information
Currently supports Windows and MacOS. On MacOS this requires the [macadmins osquery
extension](https://github.com/macadmins/osquery-extension) which comes bundled
2024-04-29 16:12:03 +00:00
in [Fleet's agent (fleetd) ](https://fleetdm.com/docs/get-started/anatomy#fleetd ).
2022-11-01 17:22:07 +00:00
Retrieves a host's MDM enrollment status and MDM server URL.
2022-12-27 19:22:37 +00:00
If the host exists but is not enrolled to an MDM server, then this API returns `null` .
2023-12-08 22:22:20 +00:00
`GET /api/v1/fleet/hosts/:id/mdm`
2022-11-01 17:22:07 +00:00
#### Parameters
| Name | Type | In | Description |
| ------- | ------- | ---- | -------------------------------------------------------------------------------- |
| id | integer | path | **Required** The id of the host to get the details for |
#### Example
`GET /api/v1/fleet/hosts/32/mdm`
##### Default response
`Status: 200`
```json
{
2023-01-05 21:52:46 +00:00
"enrollment_status": "On (automatic)",
2022-11-01 17:22:07 +00:00
"server_url": "some.mdm.com",
"name": "Some MDM",
"id": 3
}
```
---
### Get mobile device management (MDM) summary
Currently supports Windows and MacOS. On MacOS this requires the [macadmins osquery
extension](https://github.com/macadmins/osquery-extension) which comes bundled
2024-04-29 16:12:03 +00:00
in [Fleet's agent (fleetd) ](https://fleetdm.com/docs/get-started/anatomy#fleetd ).
2022-11-01 17:22:07 +00:00
2022-11-08 09:29:40 +00:00
Retrieves MDM enrollment summary. Windows servers are excluded from the aggregated data.
2022-11-01 17:22:07 +00:00
`GET /api/v1/fleet/hosts/summary/mdm`
#### Parameters
| Name | Type | In | Description |
| -------- | ------- | ----- | -------------------------------------------------------------------------------- |
2024-04-03 16:48:22 +00:00
| team_id | integer | query | _Available in Fleet Premium_ . Filter by team |
2022-11-01 17:22:07 +00:00
| platform | string | query | Filter by platform ("windows" or "darwin") |
2023-03-14 21:01:16 +00:00
A `team_id` of `0` returns the statistics for hosts that are not part of any team. A `null` or missing `team_id` returns statistics for all hosts regardless of the team.
2022-11-01 17:22:07 +00:00
#### Example
`GET /api/v1/fleet/hosts/summary/mdm?team_id=1&platform=windows`
##### Default response
`Status: 200`
```json
{
2022-12-16 21:12:11 +00:00
"counts_updated_at": "2021-03-21T12:32:44Z",
2022-11-01 17:22:07 +00:00
"mobile_device_management_enrollment_status": {
"enrolled_manual_hosts_count": 0,
"enrolled_automated_hosts_count": 2,
"unenrolled_hosts_count": 0,
"hosts_count": 2
},
"mobile_device_management_solution": [
{
"id": 2,
"name": "Solution1",
"server_url": "solution1.com",
"hosts_count": 1
},
{
"id": 3,
"name": "Solution2",
"server_url": "solution2.com",
"hosts_count": 1
}
]
}
```
---
2024-02-05 23:37:35 +00:00
### Get host's mobile device management (MDM) and Munki information
2022-05-02 13:55:27 +00:00
Retrieves a host's MDM enrollment status, MDM server URL, and Munki version.
2023-12-08 22:22:20 +00:00
`GET /api/v1/fleet/hosts/:id/macadmins`
2021-01-26 01:27:24 +00:00
#### Parameters
2022-05-02 13:55:27 +00:00
| Name | Type | In | Description |
| ------- | ------- | ---- | -------------------------------------------------------------------------------- |
| id | integer | path | **Required** The id of the host to get the details for |
2021-01-26 01:27:24 +00:00
#### Example
2022-05-02 13:55:27 +00:00
`GET /api/v1/fleet/hosts/32/macadmins`
##### Default response
`Status: 200`
```json
{
"macadmins": {
"munki": {
"version": "1.2.3"
},
2022-08-29 18:40:16 +00:00
"munki_issues": [
{
"id": 1,
"name": "Could not retrieve managed install primary manifest",
"type": "error",
"created_at": "2022-08-01T05:09:44Z"
},
{
"id": 2,
"name": "Could not process item Figma for optional install. No pkginfo found in catalogs: release",
"type": "warning",
"created_at": "2022-08-01T05:09:44Z"
}
],
2022-05-02 13:55:27 +00:00
"mobile_device_management": {
2023-01-05 21:52:46 +00:00
"enrollment_status": "On (automatic)",
2022-08-10 19:15:01 +00:00
"server_url": "http://some.url/mdm",
"name": "MDM Vendor Name",
"id": 999
2022-05-02 13:55:27 +00:00
}
}
}
```
2021-01-26 01:27:24 +00:00
2022-05-02 13:55:27 +00:00
---
2021-01-26 01:27:24 +00:00
2022-11-01 17:22:07 +00:00
### Get aggregated host's macadmin mobile device management (MDM) and Munki information
2021-01-26 01:27:24 +00:00
2022-05-02 13:55:27 +00:00
Requires the [macadmins osquery
extension](https://github.com/macadmins/osquery-extension) which comes bundled
2024-04-29 16:12:03 +00:00
in [Fleet's agent (fleetd) ](https://fleetdm.com/docs/get-started/anatomy#fleetd ).
2022-05-02 13:55:27 +00:00
Currently supported only on macOS.
2021-01-26 01:27:24 +00:00
2022-05-02 13:55:27 +00:00
Retrieves aggregated host's MDM enrollment status and Munki versions.
2021-01-26 01:27:24 +00:00
2022-05-02 13:55:27 +00:00
`GET /api/v1/fleet/macadmins`
2021-01-26 01:27:24 +00:00
#### Parameters
2022-05-02 13:55:27 +00:00
| Name | Type | In | Description |
| ------- | ------- | ----- | ---------------------------------------------------------------------------------------------------------------- |
2024-04-03 16:48:22 +00:00
| team_id | integer | query | _Available in Fleet Premium_ . Filters the aggregate host information to only include hosts in the specified team. | |
2021-01-26 01:27:24 +00:00
2023-03-14 21:01:16 +00:00
A `team_id` of `0` returns the statistics for hosts that are not part of any team. A `null` or missing `team_id` returns statistics for all hosts regardless of the team.
2021-01-26 01:27:24 +00:00
#### Example
2022-05-02 13:55:27 +00:00
`GET /api/v1/fleet/macadmins`
2021-01-26 01:27:24 +00:00
##### Default response
`Status: 200`
2022-05-02 13:55:27 +00:00
```json
{
"macadmins": {
2022-12-16 21:12:11 +00:00
"counts_updated_at": "2021-03-21T12:32:44Z",
2022-05-02 13:55:27 +00:00
"munki_versions": [
{
"version": "5.5",
"hosts_count": 8360
},
{
"version": "5.4",
"hosts_count": 1700
},
{
"version": "5.3",
"hosts_count": 400
},
{
"version": "5.2.3",
"hosts_count": 112
},
{
"version": "5.2.2",
"hosts_count": 50
}
],
2022-08-29 18:40:16 +00:00
"munki_issues": [
{
"id": 1,
"name": "Could not retrieve managed install primary manifest",
"type": "error",
"hosts_count": 2851
},
{
"id": 2,
"name": "Could not process item Figma for optional install. No pkginfo found in catalogs: release",
"type": "warning",
"hosts_count": 1983
}
],
2022-05-02 13:55:27 +00:00
"mobile_device_management_enrollment_status": {
"enrolled_manual_hosts_count": 124,
2022-08-09 16:34:29 +00:00
"enrolled_automated_hosts_count": 124,
2022-05-02 13:55:27 +00:00
"unenrolled_hosts_count": 112
2022-08-10 19:15:01 +00:00
},
"mobile_device_management_solution": [
{
"id": 1,
"name": "SimpleMDM",
"hosts_count": 8360,
"server_url": "https://a.simplemdm.com/mdm"
},
{
"id": 2,
"name": "Intune",
"hosts_count": 1700,
"server_url": "https://enrollment.manage.microsoft.com"
}
]
2022-05-02 13:55:27 +00:00
}
}
```
2021-01-26 01:27:24 +00:00
2024-05-02 22:08:22 +00:00
### Resend host's configuration profile
Resends a configuration profile for the specified host.
`POST /api/v1/fleet/hosts/:id/configuration_profiles/resend/:profile_uuid`
#### Parameters
| Name | Type | In | Description |
| ---- | ---- | -- | ----------- |
| id | integer | path | **Required.** The host's ID. |
| profile_uuid | string | path | **Required.** The UUID of the configuration profile to resend to the host. |
#### Example
`POST /api/v1/fleet/hosts/233/configuration_profiles/resend/fc14a20-84a2-42d8-9257-a425f62bb54d`
##### Default response
`Status: 202`
2024-02-17 00:40:33 +00:00
### List host OS versions
2021-03-09 15:50:48 +00:00
2022-05-02 13:55:27 +00:00
Retrieves the aggregated host OS versions information.
2021-03-09 15:50:48 +00:00
2022-05-02 13:55:27 +00:00
`GET /api/v1/fleet/os_versions`
2021-03-09 15:50:48 +00:00
#### Parameters
2022-08-12 19:23:25 +00:00
| Name | Type | In | Description |
2022-05-02 13:55:27 +00:00
| --- | --- | --- | --- |
2024-03-14 18:27:07 +00:00
| team_id | integer | query | _Available in Fleet Premium_ . Filters response data to the specified team. |
2022-08-15 16:57:25 +00:00
| platform | string | query | Filters the hosts to the specified platform |
2022-08-22 19:34:00 +00:00
| os_name | string | query | The name of the operating system to filter hosts by. `os_version` must also be specified with `os_name` |
| os_version | string | query | The version of the operating system to filter hosts by. `os_name` must also be specified with `os_version` |
2024-02-17 00:40:33 +00:00
| page | integer | query | Page number of the results to fetch. |
| per_page | integer | query | Results per page. |
| order_key | string | query | What to order results by. Allowed fields are: `hosts_count` . Default is `hosts_count` (descending). |
| order_direction | string | query | **Requires `order_key`** . The direction of the order given the order key. Options include `asc` and `desc` . Default is `asc` . |
2022-08-22 19:34:00 +00:00
2021-03-09 15:50:48 +00:00
##### Default response
`Status: 200`
2021-09-16 07:45:14 +00:00
```json
2021-03-09 15:50:48 +00:00
{
2024-02-17 00:40:33 +00:00
"count": 1
"counts_updated_at": "2023-12-06T22:17:30Z",
2022-05-02 13:55:27 +00:00
"os_versions": [
{
2024-02-17 00:40:33 +00:00
"os_version_id": 123,
"hosts_count": 21,
"name": "Microsoft Windows 11 Pro 23H2 10.0.22621.1234",
"name_only": "Microsoft Windows 11 Pro 23H2",
"version": "10.0.22621.1234",
"platform": "windows",
"generated_cpes": [],
"vulnerabilities": [
{
"cve": "CVE-2022-30190",
"details_link": "https://nvd.nist.gov/vuln/detail/CVE-2022-30190",
"cvss_score": 7.8,// Available in Fleet Premium
"epss_probability": 0.9729,// Available in Fleet Premium
"cisa_known_exploit": false,// Available in Fleet Premium
"cve_published": "2022-06-01T00:15:00Z",// Available in Fleet Premium
"cve_description": "Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability.",// Available in Fleet Premium
"resolved_in_version": ""// Available in Fleet Premium
}
]
2022-10-08 12:57:46 +00:00
}
2024-02-17 00:40:33 +00:00
],
"meta": {
"has_next_results": false,
"has_previous_results": false
}
2021-03-09 15:50:48 +00:00
}
```
2024-02-17 00:40:33 +00:00
OS vulnerability data is currently available for Windows and macOS. For other platforms, `vulnerabilities` will be an empty array:
```json
{
"hosts_count": 1,
"name": "CentOS Linux 7.9.2009",
"name_only": "CentOS",
"version": "7.9.2009",
"platform": "rhel",
"generated_cpes": [],
"vulnerabilities": []
}
```
### Get host OS version
Retrieves information about the specified OS version.
`GET /api/v1/fleet/os_versions/:id`
#### Parameters
| Name | Type | In | Description |
| ---- | ---- | -- | ----------- |
| id | integer | path | **Required.** The OS version's ID. |
##### Default response
`Status: 200`
```json
{
"counts_updated_at": "2023-12-06T22:17:30Z",
"os_version": {
"id": 123,
"hosts_count": 21,
"name": "Microsoft Windows 11 Pro 23H2 10.0.22621.1234",
"name_only": "Microsoft Windows 11 Pro 23H2",
"version": "10.0.22621.1234",
"platform": "windows",
"generated_cpes": [],
"vulnerabilities": [
{
"cve": "CVE-2022-30190",
"details_link": "https://nvd.nist.gov/vuln/detail/CVE-2022-30190",
"cvss_score": 7.8,// Available in Fleet Premium
"epss_probability": 0.9729,// Available in Fleet Premium
"cisa_known_exploit": false,// Available in Fleet Premium
"cve_published": "2022-06-01T00:15:00Z",// Available in Fleet Premium
"cve_description": "Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability.",// Available in Fleet Premium
"resolved_in_version": ""// Available in Fleet Premium
}
]
}
}
```
OS vulnerability data is currently available for Windows and macOS. For other platforms, `vulnerabilities` will be an empty array:
```json
{
"id": 321,
"hosts_count": 1,
"name": "CentOS Linux 7.9.2009",
"name_only": "CentOS",
"version": "7.9.2009",
"platform": "rhel",
"generated_cpes": [],
"vulnerabilities": []
}
```
2024-02-05 23:37:35 +00:00
### Get host's scripts
`GET /api/v1/fleet/hosts/:id/scripts`
#### Parameters
| Name | Type | In | Description |
| ---- | ------- | ---- | ---------------------------- |
| id | integer | path | **Required** . The host's id. |
| page | integer | query | Page number of the results to fetch.|
| per_page | integer | query | Results per page.|
#### Example
`GET /api/v1/fleet/hosts/123/scripts`
##### Default response
`Status: 200`
```json
"scripts": [
{
"script_id": 3,
"name": "remove-zoom-artifacts.sh",
"last_execution": {
"execution_id": "e797d6c6-3aae-11ee-be56-0242ac120002",
"executed_at": "2021-12-15T15:23:57Z",
"status": "error"
}
},
{
"script_id": 5,
"name": "set-timezone.sh",
"last_execution": {
"id": "e797d6c6-3aae-11ee-be56-0242ac120002",
"executed_at": "2021-12-15T15:23:57Z",
"status": "pending"
}
},
{
"script_id": 8,
"name": "uninstall-zoom.sh",
"last_execution": {
"id": "e797d6c6-3aae-11ee-be56-0242ac120002",
"executed_at": "2021-12-15T15:23:57Z",
"status": "ran"
}
}
],
"meta": {
"has_next_results": false,
"has_previous_results": false
}
}
```
2024-05-23 21:07:07 +00:00
### Get host's software
`GET /api/v1/fleet/hosts/:id/software`
#### Parameters
| Name | Type | In | Description |
| ---- | ------- | ---- | ---------------------------- |
| id | integer | path | **Required** . The host's ID. |
| query | string | query | Search query keywords. Searchable fields include `name` . |
| page | integer | query | Page number of the results to fetch.|
| per_page | integer | query | Results per page.|
#### Example
`GET /api/v1/fleet/hosts/123/software`
##### Default response
`Status: 200`
```json
{
"count": 3,
"software": [
{
"id": 121,
"name": "Google Chrome.app",
"package_available_for_install": "GoogleChrome.pkg",
"source": "apps",
"status": "failed",
"last_install": {
"install_uuid": "8bbb8ac2-b254-4387-8cba-4d8a0407368b",
"installed_at": "2024-05-15T15:23:57Z"
},
"installed_versions": [
{
"version": "121.0",
"last_opened_at": "2024-04-01T23:03:07Z",
"vulnerabilities": ["CVE-2023-1234","CVE-2023-4321","CVE-2023-7654"],
"installed_paths": ["/Applications/Google Chrome.app"]
}
]
},
{
"id": 134,
"name": "Falcon.app",
"package_available_for_install": "FalconSensor-6.44.pkg",
"source": "",
"status": null,
"last_install": null,
"installed_versions": [],
},
{
"id": 147,
"name": "Firefox.app",
"package_available_for_install": null,
"source": "apps",
"bundle_identifier": "org.mozilla.firefox",
"status": null,
"last_install": null,
"installed_versions": [
{
"version": "118.0",
"last_opened_at": "2024-04-01T23:03:07Z",
"vulnerabilities": ["CVE-2023-1234"],
"installed_paths": ["/Applications/Firefox.app"]
},
{
"version": "119.0",
"last_opened_at": "2024-04-01T23:03:07Z",
"vulnerabilities": ["CVE-2023-4321","CVE-2023-7654"],
"installed_paths": ["/Downloads/Firefox.app"]
}
]
},
],
"meta": {
"has_next_results": false,
"has_previous_results": false
}
}
```
### Install software
_Available in Fleet Premium._
Install software on a macOS, Windows, or Linux (Ubuntu) host. Software title must have `software_package` added to be installed.
`POST /api/v1/fleet/hosts/:id/software/install/:software_title_id`
#### Parameters
| Name | Type | In | Description |
| --------- | ---------- | ---- | -------------------------------------------- |
| id | integer | path | **Required** . The host's ID. |
| software_title_id | integer | path | **Required** . The software title's ID. |
#### Example
`POST /api/v1/fleet/hosts/123/software/install/3435`
##### Default response
`Status: 202`
2022-05-02 13:55:27 +00:00
### Get hosts report in CSV
2022-01-07 04:51:55 +00:00
2022-05-02 13:55:27 +00:00
Returns the list of hosts corresponding to the search criteria in CSV format, ready for download when
requested by a web browser.
2021-01-26 01:27:24 +00:00
2022-05-02 13:55:27 +00:00
`GET /api/v1/fleet/hosts/report`
2021-01-26 01:27:24 +00:00
#### Parameters
2023-09-26 21:46:38 +00:00
| Name | Type | In | Description |
| ----------------------- | ------- | ----- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| format | string | query | **Required** , must be "csv" (only supported format for now). |
| columns | string | query | Comma-delimited list of columns to include in the report (returns all columns if none is specified). |
| order_key | string | query | What to order results by. Can be any column in the hosts table. |
2023-10-06 22:04:33 +00:00
| order_direction | string | query | **Requires `order_key`** . The direction of the order given the order key. Options include 'asc' and 'desc'. Default is 'asc'. |
| status | string | query | Indicates the status of the hosts to return. Can either be 'new', 'online', 'offline', 'mia' or 'missing'. |
2024-01-03 22:59:23 +00:00
| query | string | query | Search query keywords. Searchable fields include `hostname` , `hardware_serial` , `uuid` , `ipv4` and the hosts' email addresses (only searched if the query looks like an email address, i.e. contains an `@` , no space, etc.). |
2024-04-03 16:48:22 +00:00
| team_id | integer | query | _Available in Fleet Premium_ . Filters the hosts to only include hosts in the specified team. |
2023-09-26 21:46:38 +00:00
| policy_id | integer | query | The ID of the policy to filter hosts by. |
2023-10-27 20:13:20 +00:00
| policy_response | string | query | **Requires `policy_id`** . Valid options are 'passing' or 'failing'. **Note: If `policy_id` is specified _without_ including `policy_response`, this will also return hosts where the policy is not configured to run or failed to run.** |
2024-01-29 23:19:26 +00:00
| software_version_id | integer | query | The ID of the software version to filter hosts by. |
| software_title_id | integer | query | The ID of the software title to filter hosts by. |
2024-02-17 00:40:33 +00:00
| os_version_id | integer | query | The ID of the operating system version to filter hosts by. |
2023-09-26 21:46:38 +00:00
| os_name | string | query | The name of the operating system to filter hosts by. `os_version` must also be specified with `os_name` |
| os_version | string | query | The version of the operating system to filter hosts by. `os_name` must also be specified with `os_version` |
2024-03-14 18:27:07 +00:00
| vulnerability | string | query | The cve to filter hosts by (including "cve-" prefix, case-insensitive). |
2023-09-26 21:46:38 +00:00
| mdm_id | integer | query | The ID of the _mobile device management_ (MDM) solution to filter hosts by (that is, filter hosts that use a specific MDM provider and URL). |
| mdm_name | string | query | The name of the _mobile device management_ (MDM) solution to filter hosts by (that is, filter hosts that use a specific MDM provider). |
2023-10-27 20:13:20 +00:00
| mdm_enrollment_status | string | query | The _mobile device management_ (MDM) enrollment status to filter hosts by. Valid options are 'manual', 'automatic', 'enrolled', 'pending', or 'unenrolled'. |
| macos_settings | string | query | Filters the hosts by the status of the _mobile device management_ (MDM) profiles applied to hosts. Valid options are 'verified', 'verifying', 'pending', or 'failed'. **Note: If this filter is used in Fleet Premium without a team ID filter, the results include only hosts that are not assigned to any team.** |
2023-09-26 21:46:38 +00:00
| munki_issue_id | integer | query | The ID of the _munki issue_ (a Munki-reported error or warning message) to filter hosts by (that is, filter hosts that are affected by that corresponding error or warning message). |
2024-04-03 16:48:22 +00:00
| low_disk_space | integer | query | _Available in Fleet Premium_ . Filters the hosts to only include hosts with less GB of disk space available than this value. Must be a number between 1-100. |
2023-09-26 21:46:38 +00:00
| label_id | integer | query | A valid label ID. Can only be used in combination with `order_key` , `order_direction` , `status` , `query` and `team_id` . |
2024-04-03 16:48:22 +00:00
| bootstrap_package | string | query | _Available in Fleet Premium_ . Filters the hosts by the status of the MDM bootstrap package on the host. Valid options are 'installed', 'pending', or 'failed'. **Note: If this filter is used in Fleet Premium without a team ID filter, the results include only hosts that are not assigned to any team.** |
2023-09-26 14:49:45 +00:00
| disable_failing_policies | boolean | query | If `true` , hosts will return failing policies as 0 (returned as the `issues` column) regardless of whether there are any that failed for the host. This is meant to be used when increased performance is needed in exchange for the extra information. |
2021-01-26 01:27:24 +00:00
2023-03-29 12:30:49 +00:00
If `mdm_id` , `mdm_name` or `mdm_enrollment_status` is specified, then Windows Servers are excluded from the results.
2022-11-08 09:29:40 +00:00
2021-01-26 01:27:24 +00:00
#### Example
2022-05-10 18:25:53 +00:00
`GET /api/v1/fleet/hosts/report?software_id=123&format=csv&columns=hostname,primary_ip,platform`
2021-11-01 15:38:34 +00:00
##### Default response
2021-01-26 01:27:24 +00:00
2022-05-02 13:55:27 +00:00
`Status: 200`
```csv
2024-01-11 19:35:56 +00:00
created_at,updated_at,id,detail_updated_at,label_updated_at,policy_updated_at,last_enrolled_at,seen_time,refetch_requested,hostname,uuid,platform,osquery_version,os_version,build,platform_like,code_name,uptime,memory,cpu_type,cpu_subtype,cpu_brand,cpu_physical_cores,cpu_logical_cores,hardware_vendor,hardware_model,hardware_version,hardware_serial,computer_name,primary_ip_id,primary_ip,primary_mac,distributed_interval,config_tls_refresh,logger_tls_period,team_id,team_name,gigs_disk_space_available,percent_disk_space_available,gigs_total_disk_space,issues,device_mapping,status,display_text
2022-03-15T17:23:56Z,2022-03-15T17:23:56Z,1,2022-03-15T17:23:56Z,2022-03-15T17:23:56Z,2022-03-15T17:23:56Z,2022-03-15T17:23:56Z,2022-03-15T17:23:56Z,false,foo.local0,a4fc55a1-b5de-409c-a2f4-441f564680d3,debian,,,,,,0s,0,,,,0,0,,,,,,,,,0,0,0,,,0,0,0,0,,,,
2022-03-15T17:23:56Z,2022-03-15T17:23:56Z,2,2022-03-15T17:23:56Z,2022-03-15T17:23:56Z,2022-03-15T17:23:56Z,2022-03-15T17:23:56Z,2022-03-15T17:22:56Z,false,foo.local1,689539e5-72f0-4bf7-9cc5-1530d3814660,rhel,,,,,,0s,0,,,,0,0,,,,,,,,,0,0,0,,,0,0,0,0,,,,
2022-03-15T17:23:56Z,2022-03-15T17:23:56Z,3,2022-03-15T17:23:56Z,2022-03-15T17:23:56Z,2022-03-15T17:23:56Z,2022-03-15T17:23:56Z,2022-03-15T17:21:56Z,false,foo.local2,48ebe4b0-39c3-4a74-a67f-308f7b5dd171,linux,,,,,,0s,0,,,,0,0,,,,,,,,,0,0,0,,,0,0,0,0,,,,
2021-01-26 01:27:24 +00:00
```
2023-02-08 23:20:23 +00:00
### Get host's disk encryption key
Retrieves the disk encryption key for a host.
2024-03-21 19:44:23 +00:00
Requires that disk encryption is enforced and the host has MDM turned on.
2024-05-10 21:57:06 +00:00
`GET /api/v1/fleet/hosts/:id/encryption_key`
2023-02-08 23:20:23 +00:00
#### Parameters
| Name | Type | In | Description |
| ---- | ------- | ---- | ------------------------------------------------------------------ |
| id | integer | path | **Required** The id of the host to get the disk encryption key for |
#### Example
2024-05-10 21:57:06 +00:00
`GET /api/v1/fleet/hosts/8/encryption_key`
2023-02-08 23:20:23 +00:00
##### Default response
`Status: 200`
```json
{
"host_id": 8,
"encryption_key": {
"key": "5ADZ-HTZ8-LJJ4-B2F8-JWH3-YPBT",
"updated_at": "2022-12-01T05:31:43Z"
}
}
```
2023-08-21 18:47:19 +00:00
### Get configuration profiles assigned to a host
2023-07-14 15:53:03 +00:00
2024-05-17 16:24:33 +00:00
Requires Fleet's MDM properly [enabled and configured ](https://fleetdm.com/docs/using-fleet/mdm-setup ).
2023-07-14 15:53:03 +00:00
Retrieves a list of the configuration profiles assigned to a host.
2024-05-10 21:57:06 +00:00
`GET /api/v1/fleet/hosts/:id/configuration_profiles`
2023-07-14 15:53:03 +00:00
#### Parameters
| Name | Type | In | Description |
| ---- | ------- | ---- | -------------------------------- |
| id | integer | path | **Required** . The ID of the host |
#### Example
2024-05-10 21:57:06 +00:00
`GET /api/v1/fleet/hosts/8/configuration_profiles`
2023-07-14 15:53:03 +00:00
##### Default response
`Status: 200`
```json
{
"host_id": 8,
"profiles": [
{
2024-01-24 17:13:56 +00:00
"profile_uuid": "bc84dae7-396c-4e10-9d45-5768bce8b8bd",
2023-07-14 15:53:03 +00:00
"team_id": 0,
"name": "Example profile",
"identifier": "com.example.profile",
"created_at": "2023-03-31T00:00:00Z",
"updated_at": "2023-03-31T00:00:00Z",
"checksum": "dGVzdAo="
}
]
}
```
2024-02-22 19:06:47 +00:00
### Lock host
_Available in Fleet Premium_
Sends a command to lock the specified macOS, Linux, or Windows host. The host is locked once it comes online.
To lock a macOS host, the host must have MDM turned on. To lock a Windows or Linux host, the host must have [scripts enabled ](https://fleetdm.com/docs/using-fleet/scripts ).
`POST /api/v1/fleet/hosts/:id/lock`
#### Parameters
| Name | Type | In | Description |
| ---------- | ----------------- | ---- | ----------------------------------------------------------------------------- |
| id | integer | path | **Required** . ID of the host to be locked. |
#### Example
`POST /api/v1/fleet/hosts/123/lock`
##### Default response
`Status: 204`
### Unlock host
_Available in Fleet Premium_
Sends a command to unlock the specified Windows or Linux host, or retrieves the unlock PIN for a macOS host.
To unlock a Windows or Linux host, the host must have [scripts enabled ](https://fleetdm.com/docs/using-fleet/scripts ).
`POST /api/v1/fleet/hosts/:id/unlock`
#### Parameters
| Name | Type | In | Description |
| ---------- | ----------------- | ---- | ----------------------------------------------------------------------------- |
| id | integer | path | **Required** . ID of the host to be unlocked. |
#### Example
`POST /api/v1/fleet/hosts/:id/unlock`
##### Default response (Windows or Linux hosts)
`Status: 204`
##### Default response (macOS hosts)
`Status: 200`
```json
{
"host_id": 8,
"unlock_pin": "123456"
}
```
2024-03-14 18:30:16 +00:00
### Wipe host
Sends a command to wipe the specified macOS, Windows, or Linux host. The host is wiped once it comes online.
To wipe a macOS or Windows host, the host must have MDM turned on. To lock a Linux host, the host must have [scripts enabled ](https://fleetdm.com/docs/using-fleet/scripts ).
`POST /api/v1/fleet/hosts/:id/wipe`
#### Parameters
| Name | Type | In | Description |
| ---------- | ----------------- | ---- | ----------------------------------------------------------------------------- |
| id | integer | path | **Required** . ID of the host to be wiped. |
#### Example
`POST /api/v1/fleet/hosts/123/wipe`
##### Default response
`Status: 204`
2024-02-05 23:37:35 +00:00
### Get host's past activity
2024-03-22 10:42:11 +00:00
`GET /api/v1/fleet/hosts/:id/activities`
2024-02-05 23:37:35 +00:00
#### Parameters
| Name | Type | In | Description |
| ---- | ------- | ---- | ---------------------------- |
2024-03-22 10:42:11 +00:00
| id | integer | path | **Required** . The host's ID. |
2024-02-05 23:37:35 +00:00
| page | integer | query | Page number of the results to fetch.|
| per_page | integer | query | Results per page.|
#### Example
2024-03-22 10:42:11 +00:00
`GET /api/v1/fleet/hosts/12/activities`
2024-02-05 23:37:35 +00:00
##### Default response
`Status: 200`
```json
{
"activities": [
{
"created_at": "2023-07-27T14:35:08Z",
"id": 2,
"actor_full_name": "Anna",
"actor_id": 1,
"actor_gravatar": "",
"actor_email": "anna@example.com",
"type": "ran_script",
"details": {
"host_id": 1,
"host_display_name": "Steve's MacBook Pro",
"script_name": "set-timezones.sh",
"script_execution_id": "d6cffa75-b5b5-41ef-9230-15073c8a88cf",
"async": true
},
},
{
"created_at": "2021-07-27T13:25:21Z",
"id": 1,
"actor_full_name": "Bob",
"actor_id": 2,
"actor_gravatar": "",
"actor_email": "bob@example.com",
"type": "ran_script",
"details": {
"host_id": 1,
"host_display_name": "Steve's MacBook Pro",
"script_name": "",
"script_execution_id": "y3cffa75-b5b5-41ef-9230-15073c8a88cf",
"async": false
},
},
],
"meta": {
"has_next_results": false,
"has_previous_results": false
}
}
```
### Get host's upcoming activity
`GET /api/v1/fleet/hosts/:id/activities/upcoming`
#### Parameters
| Name | Type | In | Description |
| ---- | ------- | ---- | ---------------------------- |
| id | integer | path | **Required** . The host's id. |
| page | integer | query | Page number of the results to fetch.|
| per_page | integer | query | Results per page.|
#### Example
`GET /api/v1/fleet/hosts/12/activities/upcoming`
##### Default response
`Status: 200`
```json
{
"count": 2,
"activities": [
{
"created_at": "2023-07-27T14:35:08Z",
"uuid": "d6cffa75-b5b5-41ef-9230-15073c8a88cf",
"actor_full_name": "Marko",
"actor_id": 1,
"actor_gravatar": "",
"actor_email": "marko@example.com",
"type": "ran_script",
"details": {
"host_id": 1,
"host_display_name": "Steve's MacBook Pro",
"script_name": "set-timezones.sh",
"script_execution_id": "d6cffa75-b5b5-41ef-9230-15073c8a88cf",
"async": true
},
},
{
"created_at": "2021-07-27T13:25:21Z",
"uuid": "y3cffa75-b5b5-41ef-9230-15073c8a88cf",
"actor_full_name": "Rachael",
"actor_id": 1,
"actor_gravatar": "",
"actor_email": "rachael@example.com",
"type": "ran_script",
"details": {
"host_id": 1,
"host_display_name": "Steve's MacBook Pro",
"script_name": "",
"script_execution_id": "y3cffa75-b5b5-41ef-9230-15073c8a88cf",
"async": false
},
},
],
"meta": {
"has_next_results": false,
"has_previous_results": false
}
}
```
2024-04-25 20:53:01 +00:00
### Add labels to host
Adds manual labels to a host.
`POST /api/v1/fleet/hosts/:id/labels`
#### Parameters
| Name | Type | In | Description |
| ---- | ------- | ---- | ---------------------------- |
| labels | list | body | The list of label names to add to the host. |
#### Example
`POST /api/v1/fleet/hosts/12/labels`
##### Request body
```json
{
"labels": ["label1", "label2"]
}
```
##### Default response
`Status: 200`
### Remove labels from host
Removes manual labels from a host.
`DELETE /api/v1/fleet/hosts/:id/labels`
#### Parameters
| Name | Type | In | Description |
| ---- | ------- | ---- | ---------------------------- |
| labels | list | body | The list of label names to delete from the host. |
#### Example
`DELETE /api/v1/fleet/hosts/12/labels`
##### Request body
```json
{
"labels": ["label3", "label4"]
}
```
##### Default response
`Status: 200`
2024-02-16 18:21:15 +00:00
### Live query one host (ad-hoc)
Runs an ad-hoc live query against the specified host and responds with the results.
The live query will stop if the targeted host is offline, or if the query times out. Timeouts happen if the host hasn't responded after the configured `FLEET_LIVE_QUERY_REST_PERIOD` (default 25 seconds) or if the `distributed_interval` agent option (default 10 seconds) is higher than the `FLEET_LIVE_QUERY_REST_PERIOD` .
`POST /api/v1/fleet/hosts/:id/query`
#### Parameters
| Name | Type | In | Description |
|-----------|-------|------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| id | integer | path | **Required** . The target host ID. |
| query | string | body | **Required** . The query SQL. |
#### Example
`POST /api/v1/fleet/hosts/123/query`
##### Request body
```json
{
"query": "SELECT model, vendor FROM usb_devices;"
}
```
##### Default response
`Status: 200`
```json
{
"host_id": 123,
"query": "SELECT model, vendor FROM usb_devices;",
"status": "online", // "online" or "offline"
"error": null,
"rows": [
{
"model": "USB2.0 Hub",
"vendor": "VIA Labs, Inc."
}
]
}
```
Note that if the host is online and the query times out, this endpoint will return an error and `rows` will be `null` . If the host is offline, no error will be returned, and `rows` will be`null`.
### Live query host by identifier (ad-hoc)
Runs an ad-hoc live query against a host identified using `uuid` and responds with the results.
The live query will stop if the targeted host is offline, or if the query times out. Timeouts happen if the host hasn't responded after the configured `FLEET_LIVE_QUERY_REST_PERIOD` (default 25 seconds) or if the `distributed_interval` agent option (default 10 seconds) is higher than the `FLEET_LIVE_QUERY_REST_PERIOD` .
`POST /api/v1/fleet/hosts/identifier/:identifier/query`
#### Parameters
| Name | Type | In | Description |
|-----------|-------|------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| identifier | integer or string | path | **Required** . The host's `hardware_serial` , `uuid` , `osquery_host_id` , `hostname` , or `node_key` . |
| query | string | body | **Required** . The query SQL. |
#### Example
`POST /api/v1/fleet/hosts/identifier/392547dc-0000-0000-a87a-d701ff75bc65/query`
##### Request body
```json
{
"query": "SELECT model, vendor FROM usb_devices;"
}
```
##### Default response
`Status: 200`
```json
{
"host_id": 123,
"query": "SELECT model, vendor FROM usb_devices;",
"status": "online", // "online" or "offline"
"error": null,
"rows": [
{
"model": "USB2.0 Hub",
"vendor": "VIA Labs, Inc."
}
]
}
```
Note that if the host is online and the query times out, this endpoint will return an error and `rows` will be `null` . If the host is offline, no error will be returned, and `rows` will be `null` .
2021-11-01 15:38:34 +00:00
---
2022-05-02 13:55:27 +00:00
## Labels
2021-11-01 15:38:34 +00:00
2024-05-02 21:59:03 +00:00
- [Add label ](#add-label )
- [Update label ](#update-label )
2022-05-02 13:55:27 +00:00
- [Get label ](#get-label )
2022-07-25 15:03:27 +00:00
- [Get labels summary ](#get-labels-summary )
2022-05-02 13:55:27 +00:00
- [List labels ](#list-labels )
- [List hosts in a label ](#list-hosts-in-a-label )
- [Delete label ](#delete-label )
- [Delete label by ID ](#delete-label-by-id )
2021-11-01 15:38:34 +00:00
2024-05-02 21:59:03 +00:00
### Add label
2021-01-26 01:27:24 +00:00
2024-05-02 21:59:03 +00:00
Add a dynamic or manual label.
2021-01-26 01:27:24 +00:00
2022-05-02 13:55:27 +00:00
`POST /api/v1/fleet/labels`
2021-01-26 01:27:24 +00:00
#### Parameters
2022-05-02 13:55:27 +00:00
| Name | Type | In | Description |
| ----------- | ------ | ---- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| name | string | body | **Required** . The label's name. |
| description | string | body | The label's description. |
2024-05-02 21:59:03 +00:00
| query | string | body | The query in SQL syntax used to filter the hosts. Only one of either `query` (to create a dynamic label) or `hosts` (to create a manual label) can be included in the request. |
| hosts | array | body | The list of host identifiers (`hardware_serial`, `uuid` , `osquery_host_id` , `hostname` , or `name` ) the label will apply to. Only one of either `query` (to create a dynamic label) or `hosts` (to create a manual label) can be included in the request. |
2022-05-02 13:55:27 +00:00
| platform | string | body | The specific platform for the label to target. Provides an additional filter. Choices for platform are `darwin` , `windows` , `ubuntu` , and `centos` . All platforms are included by default and this option is represented by an empty string. |
2021-01-26 01:27:24 +00:00
2024-05-02 21:59:03 +00:00
If both `query` and `hosts` aren't specified, a manual label with no hosts will be created.
2021-01-26 01:27:24 +00:00
#### Example
2022-05-02 13:55:27 +00:00
`POST /api/v1/fleet/labels`
##### Request body
```json
{
"name": "Ubuntu hosts",
"description": "Filters ubuntu hosts",
2022-05-03 14:47:31 +00:00
"query": "SELECT 1 FROM os_version WHERE platform = 'ubuntu';",
2022-05-02 13:55:27 +00:00
"platform": ""
}
```
2021-01-26 01:27:24 +00:00
##### Default response
`Status: 200`
2021-09-16 07:45:14 +00:00
```json
2021-01-26 01:27:24 +00:00
{
2022-05-02 13:55:27 +00:00
"label": {
"created_at": "0001-01-01T00:00:00Z",
"updated_at": "0001-01-01T00:00:00Z",
"id": 1,
"name": "Ubuntu hosts",
"description": "Filters ubuntu hosts",
2022-05-03 14:47:31 +00:00
"query": "SELECT 1 FROM os_version WHERE platform = 'ubuntu';",
2022-05-02 13:55:27 +00:00
"label_type": "regular",
"label_membership_type": "dynamic",
"display_text": "Ubuntu hosts",
"count": 0,
"host_ids": null
}
2021-01-26 01:27:24 +00:00
}
```
2024-05-02 21:59:03 +00:00
### Update label
2021-01-26 01:27:24 +00:00
2024-05-02 21:59:03 +00:00
Updates the specified label. Note: Label queries and platforms are immutable. To change these, you must delete the label and create a new label.
2022-05-02 13:55:27 +00:00
2023-12-08 22:22:20 +00:00
`PATCH /api/v1/fleet/labels/:id`
2021-01-26 01:27:24 +00:00
#### Parameters
2022-05-02 13:55:27 +00:00
| Name | Type | In | Description |
| ----------- | ------- | ---- | ----------------------------- |
| id | integer | path | **Required** . The label's id. |
| name | string | body | The label's name. |
| description | string | body | The label's description. |
2024-05-02 21:59:03 +00:00
| hosts | array | body | If updating a manual label: the list of host identifiers (`hardware_serial`, `uuid` , `osquery_host_id` , `hostname` , or `name` ) the label will apply to. |
2021-01-26 01:27:24 +00:00
#### Example
2022-05-02 13:55:27 +00:00
`PATCH /api/v1/fleet/labels/1`
2021-07-19 13:58:41 +00:00
##### Request body
2021-09-16 07:45:14 +00:00
```json
2021-07-19 13:58:41 +00:00
{
2022-05-02 13:55:27 +00:00
"name": "macOS label",
"description": "Now this label only includes macOS machines",
"platform": "darwin"
2021-07-19 13:58:41 +00:00
}
```
##### Default response
`Status: 200`
2021-09-16 07:45:14 +00:00
```json
2021-07-19 13:58:41 +00:00
{
2022-05-02 13:55:27 +00:00
"label": {
2021-07-19 13:58:41 +00:00
"created_at": "0001-01-01T00:00:00Z",
"updated_at": "0001-01-01T00:00:00Z",
"id": 1,
2022-05-02 13:55:27 +00:00
"name": "Ubuntu hosts",
"description": "Filters ubuntu hosts",
2022-05-03 14:47:31 +00:00
"query": "SELECT 1 FROM os_version WHERE platform = 'ubuntu';",
2022-05-02 13:55:27 +00:00
"platform": "darwin",
"label_type": "regular",
"label_membership_type": "dynamic",
"display_text": "Ubuntu hosts",
"count": 0,
"host_ids": null
2021-07-19 13:58:41 +00:00
}
}
```
2022-05-02 13:55:27 +00:00
### Get label
2021-07-19 13:58:41 +00:00
2022-05-02 13:55:27 +00:00
Returns the specified label.
2021-07-19 13:58:41 +00:00
2023-12-08 22:22:20 +00:00
`GET /api/v1/fleet/labels/:id`
2021-07-19 13:58:41 +00:00
#### Parameters
2022-05-02 13:55:27 +00:00
| Name | Type | In | Description |
| ---- | ------- | ---- | ----------------------------- |
| id | integer | path | **Required** . The label's id. |
2021-07-19 13:58:41 +00:00
#### Example
2022-05-02 13:55:27 +00:00
`GET /api/v1/fleet/labels/1`
2021-07-19 13:58:41 +00:00
2022-05-02 13:55:27 +00:00
##### Default response
`Status: 200`
2021-07-19 13:58:41 +00:00
2021-09-16 07:45:14 +00:00
```json
2021-07-19 13:58:41 +00:00
{
2022-05-02 13:55:27 +00:00
"label": {
"created_at": "2021-02-09T22:09:43Z",
"updated_at": "2021-02-09T22:15:58Z",
"id": 12,
"name": "Ubuntu",
"description": "Filters ubuntu hosts",
2022-05-03 14:47:31 +00:00
"query": "SELECT 1 FROM os_version WHERE platform = 'ubuntu';",
2022-05-02 13:55:27 +00:00
"label_type": "regular",
"label_membership_type": "dynamic",
"display_text": "Ubuntu",
"count": 0,
"host_ids": null
}
2021-07-19 13:58:41 +00:00
}
```
2022-06-10 18:29:45 +00:00
### Get labels summary
Returns a list of all the labels in Fleet.
`GET /api/v1/fleet/labels/summary`
#### Example
`GET /api/v1/fleet/labels/summary`
##### Default response
`Status: 200`
```json
{
"labels": [
{
"id": 6,
"name": "All Hosts",
"description": "All hosts which have enrolled in Fleet",
2022-10-08 12:57:46 +00:00
"label_type": "builtin"
2022-06-10 18:29:45 +00:00
},
{
"id": 7,
"name": "macOS",
"description": "All macOS hosts",
2022-10-08 12:57:46 +00:00
"label_type": "builtin"
2022-06-10 18:29:45 +00:00
},
{
"id": 8,
"name": "Ubuntu Linux",
"description": "All Ubuntu hosts",
2022-10-08 12:57:46 +00:00
"label_type": "builtin"
2022-06-10 18:29:45 +00:00
},
{
"id": 9,
"name": "CentOS Linux",
"description": "All CentOS hosts",
2022-10-08 12:57:46 +00:00
"label_type": "builtin"
2022-06-10 18:29:45 +00:00
},
{
"id": 10,
"name": "MS Windows",
"description": "All Windows hosts",
2022-10-08 12:57:46 +00:00
"label_type": "builtin"
}
2022-06-10 18:29:45 +00:00
]
}
```
2022-05-02 13:55:27 +00:00
### List labels
Returns a list of all the labels in Fleet.
`GET /api/v1/fleet/labels`
#### Parameters
2022-08-12 16:21:04 +00:00
| Name | Type | In | Description |
| --------------- | ------- | ----- |------------------------------------- |
| order_key | string | query | What to order results by. Can be any column in the labels table. |
2022-05-02 13:55:27 +00:00
| order_direction | string | query | **Requires `order_key`** . The direction of the order given the order key. Options include `asc` and `desc` . Default is `asc` . |
#### Example
`GET /api/v1/fleet/labels`
2021-07-19 13:58:41 +00:00
##### Default response
`Status: 200`
2021-09-16 07:45:14 +00:00
```json
2021-07-19 13:58:41 +00:00
{
2022-05-02 13:55:27 +00:00
"labels": [
{
"created_at": "2021-02-02T23:55:25Z",
"updated_at": "2021-02-02T23:55:25Z",
"id": 6,
"name": "All Hosts",
"description": "All hosts which have enrolled in Fleet",
2022-05-03 14:47:31 +00:00
"query": "SELECT 1;",
2022-05-02 13:55:27 +00:00
"label_type": "builtin",
"label_membership_type": "dynamic",
"host_count": 7,
"display_text": "All Hosts",
"count": 7,
"host_ids": null
},
{
"created_at": "2021-02-02T23:55:25Z",
"updated_at": "2021-02-02T23:55:25Z",
"id": 7,
"name": "macOS",
"description": "All macOS hosts",
2022-05-03 14:47:31 +00:00
"query": "SELECT 1 FROM os_version WHERE platform = 'darwin';",
2022-05-02 13:55:27 +00:00
"platform": "darwin",
"label_type": "builtin",
"label_membership_type": "dynamic",
"host_count": 1,
"display_text": "macOS",
"count": 1,
"host_ids": null
},
{
"created_at": "2021-02-02T23:55:25Z",
"updated_at": "2021-02-02T23:55:25Z",
"id": 8,
"name": "Ubuntu Linux",
"description": "All Ubuntu hosts",
2022-05-03 14:47:31 +00:00
"query": "SELECT 1 FROM os_version WHERE platform = 'ubuntu';",
2022-05-02 13:55:27 +00:00
"platform": "ubuntu",
"label_type": "builtin",
"label_membership_type": "dynamic",
"host_count": 3,
"display_text": "Ubuntu Linux",
"count": 3,
"host_ids": null
},
{
"created_at": "2021-02-02T23:55:25Z",
"updated_at": "2021-02-02T23:55:25Z",
"id": 9,
"name": "CentOS Linux",
"description": "All CentOS hosts",
2022-05-03 14:47:31 +00:00
"query": "SELECT 1 FROM os_version WHERE platform = 'centos' OR name LIKE '%centos%'",
2022-05-02 13:55:27 +00:00
"label_type": "builtin",
"label_membership_type": "dynamic",
"host_count": 3,
"display_text": "CentOS Linux",
"count": 3,
"host_ids": null
},
{
"created_at": "2021-02-02T23:55:25Z",
"updated_at": "2021-02-02T23:55:25Z",
"id": 10,
"name": "MS Windows",
"description": "All Windows hosts",
2022-05-03 14:47:31 +00:00
"query": "SELECT 1 FROM os_version WHERE platform = 'windows';",
2022-05-02 13:55:27 +00:00
"platform": "windows",
"label_type": "builtin",
"label_membership_type": "dynamic",
"display_text": "MS Windows",
"count": 0,
"host_ids": null
2022-10-08 12:57:46 +00:00
}
2022-05-02 13:55:27 +00:00
]
2021-07-19 13:58:41 +00:00
}
```
2022-05-02 13:55:27 +00:00
### List hosts in a label
2021-08-06 14:19:20 +00:00
2022-05-02 13:55:27 +00:00
Returns a list of the hosts that belong to the specified label.
2021-08-06 14:19:20 +00:00
2023-12-08 22:22:20 +00:00
`GET /api/v1/fleet/labels/:id/hosts`
2021-08-06 14:19:20 +00:00
#### Parameters
2022-10-25 12:17:51 +00:00
| Name | Type | In | Description |
| --------------- | ------- | ----- | ----------------------------------------------------------------------------------------------------------------------------- |
| id | integer | path | **Required** . The label's id. |
| page | integer | query | Page number of the results to fetch. |
| per_page | integer | query | Results per page. |
| order_key | string | query | What to order results by. Can be any column in the hosts table. |
2023-10-06 22:04:33 +00:00
| order_direction | string | query | **Requires `order_key`** . The direction of the order given the order key. Options include 'asc' and 'desc'. Default is 'asc'. |
2022-10-25 12:17:51 +00:00
| after | string | query | The value to get results after. This needs `order_key` defined, as that's the column that would be used. |
2023-10-06 22:04:33 +00:00
| status | string | query | Indicates the status of the hosts to return. Can either be 'new', 'online', 'offline', 'mia' or 'missing'. |
2024-01-03 22:59:23 +00:00
| query | string | query | Search query keywords. Searchable fields include `hostname` , `hardware_serial` , `uuid` , and `ipv4` . |
2024-04-03 16:48:22 +00:00
| team_id | integer | query | _Available in Fleet Premium_ . Filters the hosts to only include hosts in the specified team. |
2022-10-25 12:17:51 +00:00
| disable_failing_policies | boolean | query | If "true", hosts will return failing policies as 0 regardless of whether there are any that failed for the host. This is meant to be used when increased performance is needed in exchange for the extra information. |
2023-03-29 12:30:49 +00:00
| mdm_id | integer | query | The ID of the _mobile device management_ (MDM) solution to filter hosts by (that is, filter hosts that use a specific MDM provider and URL). |
| mdm_name | string | query | The name of the _mobile device management_ (MDM) solution to filter hosts by (that is, filter hosts that use a specific MDM provider). |
2023-10-27 20:13:20 +00:00
| mdm_enrollment_status | string | query | The _mobile device management_ (MDM) enrollment status to filter hosts by. Valid options are 'manual', 'automatic', 'enrolled', 'pending', or 'unenrolled'. |
| macos_settings | string | query | Filters the hosts by the status of the _mobile device management_ (MDM) profiles applied to hosts. Valid options are 'verified', 'verifying', 'pending', or 'failed'. **Note: If this filter is used in Fleet Premium without a team ID filter, the results include only hosts that are not assigned to any team.** |
2024-04-03 16:48:22 +00:00
| low_disk_space | integer | query | _Available in Fleet Premium_ . Filters the hosts to only include hosts with less GB of disk space available than this value. Must be a number between 1-100. |
2023-10-27 20:13:20 +00:00
| macos_settings_disk_encryption | string | query | Filters the hosts by the status of the macOS disk encryption MDM profile on the host. Valid options are 'verified', 'verifying', 'action_required', 'enforcing', 'failed', or 'removing_enforcement'. |
2024-04-03 16:48:22 +00:00
| bootstrap_package | string | query | _Available in Fleet Premium_ . Filters the hosts by the status of the MDM bootstrap package on the host. Valid options are 'installed', 'pending', or 'failed'. **Note: If this filter is used in Fleet Premium without a team ID filter, the results include only hosts that are not assigned to any team.** |
2023-10-27 20:13:20 +00:00
| os_settings | string | query | Filters the hosts by the status of the operating system settings applied to the hosts. Valid options are 'verified', 'verifying', 'pending', or 'failed'. **Note: If this filter is used in Fleet Premium without a team ID filter, the results include only hosts that are not assigned to any team.** |
| os_settings_disk_encryption | string | query | Filters the hosts by the status of the disk encryption setting applied to the hosts. Valid options are 'verified', 'verifying', 'action_required', 'enforcing', 'failed', or 'removing_enforcement'. **Note: If this filter is used in Fleet Premium without a team ID filter, the results include only hosts that are not assigned to any team.** |
2023-03-29 12:30:49 +00:00
2023-10-06 22:04:33 +00:00
If `mdm_id` , `mdm_name` , `mdm_enrollment_status` , `os_settings` , or `os_settings_disk_encryption` is specified, then Windows Servers are excluded from the results.
2023-03-29 12:30:49 +00:00
2021-08-06 14:19:20 +00:00
#### Example
2022-05-02 13:55:27 +00:00
`GET /api/v1/fleet/labels/6/hosts&query=floobar`
2021-08-06 14:19:20 +00:00
##### Default response
`Status: 200`
2021-09-16 07:45:14 +00:00
```json
2021-08-06 14:19:20 +00:00
{
2022-05-02 13:55:27 +00:00
"hosts": [
2021-08-06 14:19:20 +00:00
{
2022-05-02 13:55:27 +00:00
"created_at": "2021-02-03T16:11:43Z",
"updated_at": "2021-02-03T21:58:19Z",
"id": 2,
"detail_updated_at": "2021-02-03T21:58:10Z",
"label_updated_at": "2021-02-03T21:58:10Z",
2023-06-28 17:02:02 +00:00
"policy_updated_at": "2023-06-26T18:33:15Z",
2022-05-02 13:55:27 +00:00
"last_enrolled_at": "2021-02-03T16:11:43Z",
2023-01-09 11:55:43 +00:00
"software_updated_at": "2020-11-05T05:09:44Z",
2022-05-02 13:55:27 +00:00
"seen_time": "2021-02-03T21:58:20Z",
"refetch_requested": false,
"hostname": "floobar42",
"uuid": "a2064cef-0000-0000-afb9-283e3c1d487e",
"platform": "ubuntu",
"osquery_version": "4.5.1",
"os_version": "Ubuntu 20.4.0",
"build": "",
"platform_like": "debian",
"code_name": "",
"uptime": 32688000000000,
"memory": 2086899712,
"cpu_type": "x86_64",
"cpu_subtype": "142",
"cpu_brand": "Intel(R) Core(TM) i5-8279U CPU @ 2.40GHz",
"cpu_physical_cores": 4,
"cpu_logical_cores": 4,
"hardware_vendor": "",
"hardware_model": "",
"hardware_version": "",
"hardware_serial": "",
"computer_name": "e2e7f8d8983d",
2022-10-08 12:57:46 +00:00
"display_name": "e2e7f8d8983d",
2022-05-02 13:55:27 +00:00
"primary_ip": "172.20.0.2",
"primary_mac": "02:42:ac:14:00:02",
"distributed_interval": 10,
"config_tls_refresh": 10,
"logger_tls_period": 10,
"team_id": null,
"pack_stats": null,
"team_name": null,
"status": "offline",
2023-02-27 21:40:34 +00:00
"display_text": "e2e7f8d8983d",
"mdm": {
"encryption_key_available": false,
"enrollment_status": null,
"name": "",
"server_url": null
}
2022-10-08 12:57:46 +00:00
}
2021-08-06 14:19:20 +00:00
]
}
```
2022-05-02 13:55:27 +00:00
### Delete label
2021-08-06 14:19:20 +00:00
2022-05-02 13:55:27 +00:00
Deletes the label specified by name.
2021-08-06 14:19:20 +00:00
2023-12-08 22:22:20 +00:00
`DELETE /api/v1/fleet/labels/:name`
2021-08-06 14:19:20 +00:00
#### Parameters
2022-05-02 13:55:27 +00:00
| Name | Type | In | Description |
| ---- | ------ | ---- | ------------------------------- |
| name | string | path | **Required** . The label's name. |
2021-08-06 14:19:20 +00:00
#### Example
2022-05-02 13:55:27 +00:00
`DELETE /api/v1/fleet/labels/ubuntu_label`
2021-08-06 14:19:20 +00:00
##### Default response
`Status: 200`
2022-05-02 13:55:27 +00:00
### Delete label by ID
2021-08-06 14:19:20 +00:00
2022-05-02 13:55:27 +00:00
Deletes the label specified by ID.
2023-12-08 22:22:20 +00:00
`DELETE /api/v1/fleet/labels/id/:id`
2021-08-06 14:19:20 +00:00
#### Parameters
2022-05-02 13:55:27 +00:00
| Name | Type | In | Description |
| ---- | ------- | ---- | ----------------------------- |
| id | integer | path | **Required** . The label's id. |
2021-08-06 14:19:20 +00:00
#### Example
2022-05-02 13:55:27 +00:00
`DELETE /api/v1/fleet/labels/id/13`
2021-08-06 14:19:20 +00:00
##### Default response
`Status: 200`
2024-05-10 21:57:06 +00:00
---
2023-04-11 13:18:32 +00:00
2024-05-10 21:57:06 +00:00
## OS settings
2023-04-11 13:18:32 +00:00
2024-01-24 17:13:56 +00:00
- [Add custom OS setting (configuration profile) ](#add-custom-os-setting-configuration-profile )
- [List custom OS settings (configuration profiles) ](#list-custom-os-settings-configuration-profiles )
2024-02-01 23:11:11 +00:00
- [Get or download custom OS setting (configuration profile) ](#get-or-download-custom-os-setting-configuration-profile )
2024-01-24 17:13:56 +00:00
- [Delete custom OS setting (configuration profile) ](#delete-custom-os-setting-configuration-profile )
2023-04-11 13:18:32 +00:00
- [Update disk encryption enforcement ](#update-disk-encryption-enforcement )
- [Get disk encryption statistics ](#get-disk-encryption-statistics )
2024-01-24 17:13:56 +00:00
- [Get OS settings status ](#get-os-settings-status )
2024-05-10 21:57:06 +00:00
2023-04-11 13:18:32 +00:00
2024-01-24 17:13:56 +00:00
### Add custom OS setting (configuration profile)
2023-04-11 13:18:32 +00:00
2024-01-30 15:14:48 +00:00
> [Add custom macOS setting](https://github.com/fleetdm/fleet/blob/fleet-v4.40.0/docs/REST%20API/rest-api.md#add-custom-macos-setting-configuration-profile) (`POST /api/v1/fleet/mdm/apple/profiles`) API endpoint is deprecated as of Fleet 4.41. It is maintained for backwards compatibility. Please use the below API endpoint instead.
2023-04-11 13:18:32 +00:00
2024-01-24 17:13:56 +00:00
Add a configuration profile to enforce custom settings on macOS and Windows hosts.
2024-05-10 21:57:06 +00:00
`POST /api/v1/fleet/configuration_profiles`
2023-04-11 13:18:32 +00:00
#### Parameters
2024-01-24 17:13:56 +00:00
| Name | Type | In | Description |
| ------------------------- | -------- | ---- | ------------------------------------------------------------------------------------------------------------- |
2024-05-02 22:33:06 +00:00
| profile | file | form | **Required.** The .mobileconfig and JSON for macOS or XML for Windows file containing the profile. |
2024-04-03 16:48:22 +00:00
| team_id | string | form | _Available in Fleet Premium_ . The team ID for the profile. If specified, the profile is applied to only hosts that are assigned to the specified team. If not specified, the profile is applied to only to hosts that are not assigned to any team. |
2024-05-02 22:33:06 +00:00
| labels | array | form | _Available in Fleet Premium_ . An array of labels to filter hosts in a team (or no team) that should get a profile. |
2023-04-11 13:18:32 +00:00
#### Example
2024-01-24 17:13:56 +00:00
Add a new configuration profile to be applied to macOS hosts
2023-04-11 13:18:32 +00:00
assigned to a team. Note that in this example the form data specifies`team_id` in addition to
`profile` .
2024-05-10 21:57:06 +00:00
`POST /api/v1/fleet/configuration_profiles`
2023-04-11 13:18:32 +00:00
##### Request headers
2023-09-22 21:57:40 +00:00
```http
2023-04-11 13:18:32 +00:00
Content-Length: 850
Content-Type: multipart/form-data; boundary=------------------------f02md47480und42y
```
##### Request body
2023-09-22 21:57:40 +00:00
```http
2023-04-11 13:18:32 +00:00
--------------------------f02md47480und42y
Content-Disposition: form-data; name="team_id"
1
--------------------------f02md47480und42y
2024-02-23 18:54:18 +00:00
Content-Disposition: form-data; name="labels"
Label name 1
--------------------------f02md47480und42y
Content-Disposition: form-data; name="labels"
Label name 2
--------------------------f02md47480und42y
2023-04-11 13:18:32 +00:00
Content-Disposition: form-data; name="profile"; filename="Foo.mobileconfig"
Content-Type: application/octet-stream
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
< plist version = "1.0" >
< dict >
2023-07-27 22:40:01 +00:00
< key > PayloadContent< / key >
< array / >
< key > PayloadDisplayName< / key >
< string > Example profile< / string >
< key > PayloadIdentifier< / key >
< string > com.example.profile< / string >
< key > PayloadType< / key >
< string > Configuration< / string >
< key > PayloadUUID< / key >
< string > 0BBF3E23-7F56-48FC-A2B6-5ACC598A4A69< / string >
< key > PayloadVersion< / key >
< integer > 1< / integer >
2023-04-11 13:18:32 +00:00
< / dict >
< / plist >
--------------------------f02md47480und42y--
```
##### Default response
`Status: 200`
```json
{
2024-01-24 17:13:56 +00:00
"profile_uuid": "954ec5ea-a334-4825-87b3-937e7e381f24"
2023-04-11 13:18:32 +00:00
}
```
###### Additional notes
If the response is `Status: 409 Conflict` , the body may include additional error details in the case
2024-01-24 17:13:56 +00:00
of duplicate payload display name or duplicate payload identifier (macOS profiles).
2023-04-11 13:18:32 +00:00
2024-01-24 17:13:56 +00:00
### List custom OS settings (configuration profiles)
2023-04-11 13:18:32 +00:00
2024-02-23 18:54:18 +00:00
> [List custom macOS settings](https://github.com/fleetdm/fleet/blob/fleet-v4.40.0/docs/REST%20API/rest-api.md#list-custom-macos-settings-configuration-profiles) (`GET /api/v1/fleet/mdm/apple/profiles`) API endpoint is deprecated as of Fleet 4.41. It is maintained for backwards compatibility. Please use the below API endpoint instead.
2023-04-11 13:18:32 +00:00
2023-04-17 15:45:16 +00:00
Get a list of the configuration profiles in Fleet.
2023-04-11 13:18:32 +00:00
For Fleet Premium, the list can
optionally be filtered by team ID. If no team ID is specified, team profiles are excluded from the
results (i.e., only profiles that are associated with "No team" are listed).
2024-05-10 21:57:06 +00:00
`GET /api/v1/fleet/configuration_profiles`
2023-04-11 13:18:32 +00:00
#### Parameters
| Name | Type | In | Description |
| ------------------------- | ------ | ----- | ------------------------------------------------------------------------- |
2024-04-03 16:48:22 +00:00
| team_id | string | query | _Available in Fleet Premium_ . The team id to filter profiles. |
2024-01-24 17:13:56 +00:00
| page | integer | query | Page number of the results to fetch. |
| per_page | integer | query | Results per page. |
2023-04-11 13:18:32 +00:00
#### Example
2024-01-24 17:13:56 +00:00
List all configuration profiles for macOS and Windows hosts enrolled to Fleet's MDM that are not assigned to any team.
2023-04-11 13:18:32 +00:00
2024-05-10 21:57:06 +00:00
`GET /api/v1/fleet/configuration_profiles`
2023-04-11 13:18:32 +00:00
##### Default response
`Status: 200`
```json
{
"profiles": [
{
2024-01-24 17:13:56 +00:00
"profile_uuid": "39f6cbbc-fe7b-4adc-b7a9-542d1af89c63",
2023-07-14 15:53:03 +00:00
"team_id": 0,
2024-01-24 17:13:56 +00:00
"name": "Example macOS profile",
"platform": "darwin",
2023-07-14 15:53:03 +00:00
"identifier": "com.example.profile",
"created_at": "2023-03-31T00:00:00Z",
"updated_at": "2023-03-31T00:00:00Z",
2024-02-23 18:54:18 +00:00
"checksum": "dGVzdAo=",
"labels": [
{
"name": "Label name 1"
}
]
2024-01-24 17:13:56 +00:00
},
{
2024-02-23 23:26:39 +00:00
"profile_uuid": "f5ad01cc-f416-4b5f-88f3-a26da3b56a19",
2024-01-24 17:13:56 +00:00
"team_id": 0,
"name": "Example Windows profile",
"platform": "windows",
"created_at": "2023-04-31T00:00:00Z",
"updated_at": "2023-04-31T00:00:00Z",
2024-02-23 18:54:18 +00:00
"checksum": "aCLemVr)",
"labels": [
{
2024-02-23 23:26:39 +00:00
"name": "Label name 1",
"broken": true
2024-02-23 18:54:18 +00:00
},
{
2024-02-23 23:26:39 +00:00
"name": "Label name 2"
2024-02-23 18:54:18 +00:00
}
]
2023-04-11 13:18:32 +00:00
}
2024-01-24 17:13:56 +00:00
],
"meta": {
"has_next_results": false,
"has_previous_results": false
}
2023-04-11 13:18:32 +00:00
}
```
2024-02-23 19:00:23 +00:00
If one or more assigned labels are deleted the profile is considered broken (`broken: true`). It won’
2024-02-23 18:54:18 +00:00
2024-01-24 17:13:56 +00:00
### Get or download custom OS setting (configuration profile)
2024-01-30 15:14:48 +00:00
> [Download custom macOS setting](https://github.com/fleetdm/fleet/blob/fleet-v4.40.0/docs/REST%20API/rest-api.md#download-custom-macos-setting-configuration-profile) (`GET /api/v1/fleet/mdm/apple/profiles/:profile_id`) API endpoint is deprecated as of Fleet 4.41. It is maintained for backwards compatibility. Please use the API endpoint below instead.
2023-04-11 13:18:32 +00:00
2024-05-10 21:57:06 +00:00
`GET /api/v1/fleet/configuration_profiles/:profile_uuid`
2023-04-11 13:18:32 +00:00
#### Parameters
2024-01-24 17:13:56 +00:00
| Name | Type | In | Description |
| ------------------------- | ------- | ----- | ------------------------------------------------------- |
| profile_uuid | string | url | **Required** The UUID of the profile to download. |
| alt | string | query | If specified and set to "media", downloads the profile. |
2023-04-11 13:18:32 +00:00
2024-01-24 17:13:56 +00:00
#### Example (get a profile metadata)
2024-05-10 21:57:06 +00:00
`GET /api/v1/fleet/configuration_profiles/f663713f-04ee-40f0-a95a-7af428c351a9`
2024-01-24 17:13:56 +00:00
##### Default response
`Status: 200`
```json
{
"profile_uuid": "f663713f-04ee-40f0-a95a-7af428c351a9",
"team_id": 0,
"name": "Example profile",
"platform": "darwin",
"identifier": "com.example.profile",
"created_at": "2023-03-31T00:00:00Z",
"updated_at": "2023-03-31T00:00:00Z",
2024-02-23 18:54:18 +00:00
"checksum": "dGVzdAo=",
"labels": [
{
"name": "Label name 1",
"broken": true
},
{
"name": "Label name 2",
}
]
2024-01-24 17:13:56 +00:00
}
```
#### Example (download a profile)
2023-04-11 13:18:32 +00:00
2024-05-10 21:57:06 +00:00
`GET /api/v1/fleet/configuration_profiles/f663713f-04ee-40f0-a95a-7af428c351a9?alt=media`
2023-04-11 13:18:32 +00:00
##### Default response
`Status: 200`
**Note** To confirm success, it is important for clients to match content length with the response
header (this is done automatically by most clients, including the browser) rather than relying
solely on the response status code returned by this endpoint.
##### Example response headers
2023-09-22 21:57:40 +00:00
```http
2023-07-27 22:40:01 +00:00
Content-Length: 542
Content-Type: application/octet-stream
Content-Disposition: attachment;filename="2023-03-31 Example profile.mobileconfig"
2023-04-11 13:18:32 +00:00
```
###### Example response body
2023-09-22 21:57:40 +00:00
```xml
2023-04-11 13:18:32 +00:00
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
< plist version = "1.0" >
< dict >
2023-07-27 22:40:01 +00:00
< key > PayloadContent< / key >
< array / >
< key > PayloadDisplayName< / key >
< string > Example profile< / string >
< key > PayloadIdentifier< / key >
< string > com.example.profile< / string >
< key > PayloadType< / key >
< string > Configuration< / string >
< key > PayloadUUID< / key >
< string > 0BBF3E23-7F56-48FC-A2B6-5ACC598A4A69< / string >
< key > PayloadVersion< / key >
< integer > 1< / integer >
2023-04-11 13:18:32 +00:00
< / dict >
< / plist >
```
2024-01-24 17:13:56 +00:00
### Delete custom OS setting (configuration profile)
2023-04-11 13:18:32 +00:00
2024-01-30 15:14:48 +00:00
> [Delete custom macOS setting](https://github.com/fleetdm/fleet/blob/fleet-v4.40.0/docs/REST%20API/rest-api.md#delete-custom-macos-setting-configuration-profile) (`DELETE /api/v1/fleet/mdm/apple/profiles/:profile_id`) API endpoint is deprecated as of Fleet 4.41. It is maintained for backwards compatibility. Please use the below API endpoint instead.
2024-01-24 17:13:56 +00:00
2024-05-10 21:57:06 +00:00
`DELETE /api/v1/fleet/configuration_profiles/:profile_uuid`
2023-04-11 13:18:32 +00:00
#### Parameters
| Name | Type | In | Description |
| ------------------------- | ------- | ----- | ------------------------------------------------------------------------- |
2024-01-24 17:13:56 +00:00
| profile_uuid | string | url | **Required** The UUID of the profile to delete. |
2023-04-11 13:18:32 +00:00
#### Example
2024-05-10 21:57:06 +00:00
`DELETE /api/v1/fleet/configuration_profiles/f663713f-04ee-40f0-a95a-7af428c351a9`
2023-04-11 13:18:32 +00:00
##### Default response
`Status: 200`
2024-05-10 21:57:06 +00:00
2023-04-11 13:18:32 +00:00
### Update disk encryption enforcement
2024-05-09 18:57:38 +00:00
> `PATCH /api/v1/fleet/mdm/apple/settings` API endpoint is deprecated as of Fleet 4.45. It is maintained for backward compatibility. Please use the new API endpoint below. See old API endpoint docs [here](https://github.com/fleetdm/fleet/blob/main/docs/REST%20API/rest-api.md?plain=1#L4296C29-L4296C29).
2023-04-11 13:18:32 +00:00
_Available in Fleet Premium_
2024-05-09 18:57:38 +00:00
`POST /api/v1/fleet/disk_encryption`
2023-04-11 13:18:32 +00:00
#### Parameters
| Name | Type | In | Description |
| ------------- | ------ | ---- | -------------------------------------------------------------------------------------- |
| team_id | integer | body | The team ID to apply the settings to. Settings applied to hosts in no team if absent. |
| enable_disk_encryption | boolean | body | Whether disk encryption should be enforced on devices that belong to the team (or no team). |
#### Example
2024-05-09 18:57:38 +00:00
`POST /api/v1/fleet/disk_encryption`
2023-04-11 13:18:32 +00:00
##### Default response
`204`
2024-05-10 21:57:06 +00:00
2023-04-11 13:18:32 +00:00
### Get disk encryption statistics
_Available in Fleet Premium_
2023-10-06 22:04:33 +00:00
Get aggregate status counts of disk encryption enforced on macOS and Windows hosts.
2023-04-11 13:18:32 +00:00
2023-10-10 18:10:24 +00:00
The summary can optionally be filtered by team ID.
2023-04-11 13:18:32 +00:00
2024-05-10 21:57:06 +00:00
`GET /api/v1/fleet/disk_encryption`
2023-04-11 13:18:32 +00:00
#### Parameters
| Name | Type | In | Description |
| ------------------------- | ------ | ----- | ------------------------------------------------------------------------- |
2024-04-03 16:48:22 +00:00
| team_id | string | query | _Available in Fleet Premium_ . The team ID to filter the summary. |
2023-04-11 13:18:32 +00:00
#### Example
2023-10-06 22:04:33 +00:00
Get aggregate disk encryption status counts of macOS and Windows hosts enrolled to Fleet's MDM that are not assigned to any team.
2023-04-11 13:18:32 +00:00
2024-05-10 21:57:06 +00:00
`GET /api/v1/fleet/disk_encryption`
2023-04-11 13:18:32 +00:00
##### Default response
`Status: 200`
```json
{
2023-10-06 22:04:33 +00:00
"verified": {"macos": 123, "windows": 123},
"verifying": {"macos": 123, "windows": 0},
"action_required": {"macos": 123, "windows": 0},
"enforcing": {"macos": 123, "windows": 123},
"failed": {"macos": 123, "windows": 123},
"removing_enforcement": {"macos": 123, "windows": 0},
2023-04-11 13:18:32 +00:00
}
```
2024-05-10 21:57:06 +00:00
2024-01-24 17:13:56 +00:00
### Get OS settings status
2023-04-11 13:18:32 +00:00
2024-01-30 15:14:48 +00:00
> [Get macOS settings statistics](https://github.com/fleetdm/fleet/blob/fleet-v4.40.0/docs/REST%20API/rest-api.md#get-macos-settings-statistics) (`GET /api/v1/fleet/mdm/apple/profiles/summary`) API endpoint is deprecated as of Fleet 4.41. It is maintained for backwards compatibility. Please use the below API endpoint instead.
2023-04-11 13:18:32 +00:00
2024-01-24 17:13:56 +00:00
Get aggregate status counts of all OS settings (configuration profiles and disk encryption) enforced on hosts.
For Fleet Premium users, the counts can
optionally be filtered by `team_id` . If no `team_id` is specified, team profiles are excluded from the results (i.e., only profiles that are associated with "No team" are listed).
2023-04-11 13:18:32 +00:00
2024-05-10 21:57:06 +00:00
`GET /api/v1/fleet/configuration_profiles/summary`
2023-04-11 13:18:32 +00:00
#### Parameters
| Name | Type | In | Description |
| ------------------------- | ------ | ----- | ------------------------------------------------------------------------- |
2024-04-03 16:48:22 +00:00
| team_id | string | query | _Available in Fleet Premium_ . The team ID to filter profiles. |
2023-04-11 13:18:32 +00:00
#### Example
2024-01-24 17:13:56 +00:00
Get aggregate status counts of profiles for to macOS and Windows hosts that are assigned to "No team".
2023-04-11 13:18:32 +00:00
2024-05-10 21:57:06 +00:00
`GET /api/v1/fleet/configuration_profiles/summary`
2023-04-11 13:18:32 +00:00
##### Default response
`Status: 200`
```json
{
2023-06-05 17:05:28 +00:00
"verified": 123,
2023-04-24 21:27:15 +00:00
"verifying": 123,
"failed": 123,
2023-04-11 13:18:32 +00:00
"pending": 123
}
```
2024-05-10 21:57:06 +00:00
---
2023-04-17 15:45:16 +00:00
2024-05-10 21:57:06 +00:00
## Setup experience
2023-04-17 15:45:16 +00:00
2024-05-10 21:57:06 +00:00
- [Set custom MDM setup enrollment profile ](#set-custom-mdm-setup-enrollment-profile )
- [Get custom MDM setup enrollment profile ](#get-custom-mdm-setup-enrollment-profile )
- [Delete custom MDM setup enrollment profile ](#delete-custom-mdm-setup-enrollment-profile )
- [Get manual enrollment profile ](#get-manual-enrollment-profile )
- [Upload a bootstrap package ](#upload-a-bootstrap-package )
- [Get metadata about a bootstrap package ](#get-metadata-about-a-bootstrap-package )
- [Delete a bootstrap package ](#delete-a-bootstrap-package )
- [Download a bootstrap package ](#download-a-bootstrap-package )
- [Get a summary of bootstrap package status ](#get-a-summary-of-bootstrap-package-status )
- [Turn on end user authentication for macOS setup ](#turn-on-end-user-authentication-for-macos-setup )
- [Upload an EULA file ](#upload-an-eula-file )
- [Get metadata about an EULA file ](#get-metadata-about-an-eula-file )
- [Delete an EULA file ](#delete-an-eula-file )
- [Download an EULA file ](#download-an-eula-file )
2023-04-17 15:45:16 +00:00
2023-04-11 13:18:32 +00:00
2023-04-25 13:36:01 +00:00
### Set custom MDM setup enrollment profile
_Available in Fleet Premium_
Sets the custom MDM setup enrollment profile for a team or no team.
2024-05-10 21:57:06 +00:00
`POST /api/v1/fleet/enrollment_profiles/automatic`
2023-04-25 13:36:01 +00:00
#### Parameters
| Name | Type | In | Description |
| ------------------------- | ------ | ----- | ------------------------------------------------------------------------- |
2023-10-10 18:10:24 +00:00
| team_id | integer | json | The team ID this custom enrollment profile applies to, or no team if omitted. |
2023-04-25 13:36:01 +00:00
| name | string | json | The filename of the uploaded custom enrollment profile. |
| enrollment_profile | object | json | The custom enrollment profile's json, as documented in https://developer.apple.com/documentation/devicemanagement/profile. |
#### Example
2024-05-10 21:57:06 +00:00
`POST /api/v1/fleet/enrollment_profiles/automatic`
2023-04-25 13:36:01 +00:00
##### Default response
`Status: 200`
```json
{
"team_id": 123,
"name": "dep_profile.json",
"uploaded_at": "2023-04-04:00:00Z",
"enrollment_profile": {
"is_mandatory": true,
"is_mdm_removable": false
}
}
```
### Get custom MDM setup enrollment profile
_Available in Fleet Premium_
Gets the custom MDM setup enrollment profile for a team or no team.
2024-05-10 21:57:06 +00:00
`GET /api/v1/fleet/enrollment_profiles/automatic`
2023-04-25 13:36:01 +00:00
#### Parameters
| Name | Type | In | Description |
| ------------------------- | ------ | ----- | ------------------------------------------------------------------------- |
2023-10-10 18:10:24 +00:00
| team_id | integer | query | The team ID for which to return the custom enrollment profile, or no team if omitted. |
2023-04-25 13:36:01 +00:00
#### Example
2024-05-10 21:57:06 +00:00
`GET /api/v1/fleet/enrollment_profiles/automatic?team_id=123`
2023-04-25 13:36:01 +00:00
##### Default response
`Status: 200`
```json
{
"team_id": 123,
"name": "dep_profile.json",
"uploaded_at": "2023-04-04:00:00Z",
"enrollment_profile": {
"is_mandatory": true,
"is_mdm_removable": false
}
}
```
### Delete custom MDM setup enrollment profile
_Available in Fleet Premium_
Deletes the custom MDM setup enrollment profile assigned to a team or no team.
2024-05-10 21:57:06 +00:00
`DELETE /api/v1/fleet/enrollment_profiles/automatic`
2023-04-25 13:36:01 +00:00
#### Parameters
| Name | Type | In | Description |
| ------------------------- | ------ | ----- | ------------------------------------------------------------------------- |
2023-10-10 18:10:24 +00:00
| team_id | integer | query | The team ID for which to delete the custom enrollment profile, or no team if omitted. |
2023-04-25 13:36:01 +00:00
#### Example
2024-05-10 21:57:06 +00:00
`DELETE /api/v1/fleet/enrollment_profiles/automatic?team_id=123`
2023-04-25 13:36:01 +00:00
##### Default response
`Status: 204`
2023-04-11 13:18:32 +00:00
2024-05-10 21:57:06 +00:00
### Get manual enrollment profile
2023-04-11 13:18:32 +00:00
2024-06-12 22:29:19 +00:00
Retrieves an unsigned manual enrollment profile for macOS hosts. Install this profile on macOS hosts to turn on MDM features manually.
2023-04-11 13:18:32 +00:00
2024-05-10 21:57:06 +00:00
`GET /api/v1/fleet/enrollment_profiles/manual`
2023-04-11 13:18:32 +00:00
2024-05-10 21:57:06 +00:00
##### Example
2023-04-11 13:18:32 +00:00
2024-05-10 21:57:06 +00:00
`GET /api/v1/fleet/enrollment_profiles/manual`
2023-04-11 13:18:32 +00:00
##### Default response
`Status: 200`
2024-05-10 21:57:06 +00:00
```xml
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
< plist version = "1.0" >
<!-- ... -->
< / plist >
2023-04-11 13:18:32 +00:00
```
2023-04-22 15:23:38 +00:00
### Upload a bootstrap package
_Available in Fleet Premium_
Upload a bootstrap package that will be automatically installed during DEP setup.
2024-05-10 21:57:06 +00:00
`POST /api/v1/fleet/bootstrap`
2023-04-22 15:23:38 +00:00
#### Parameters
| Name | Type | In | Description |
| ------- | ------ | ---- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| package | file | form | **Required** . The bootstrap package installer. It must be a signed `pkg` file. |
2023-10-10 18:10:24 +00:00
| team_id | string | form | The team ID for the package. If specified, the package will be installed to hosts that are assigned to the specified team. If not specified, the package will be installed to hosts that are not assigned to any team. |
2023-04-22 15:23:38 +00:00
#### Example
Upload a bootstrap package that will be installed to macOS hosts enrolled to MDM that are
assigned to a team. Note that in this example the form data specifies `team_id` in addition to
`package` .
2024-05-10 21:57:06 +00:00
`POST /api/v1/fleet/bootstrap`
2023-04-22 15:23:38 +00:00
##### Request headers
2023-09-22 21:57:40 +00:00
```http
2023-04-22 15:23:38 +00:00
Content-Length: 850
Content-Type: multipart/form-data; boundary=------------------------f02md47480und42y
```
##### Request body
2023-09-22 21:57:40 +00:00
```http
2023-04-22 15:23:38 +00:00
--------------------------f02md47480und42y
Content-Disposition: form-data; name="team_id"
1
--------------------------f02md47480und42y
Content-Disposition: form-data; name="package"; filename="bootstrap-package.pkg"
Content-Type: application/octet-stream
< BINARY_DATA >
--------------------------f02md47480und42y--
```
##### Default response
`Status: 200`
2024-05-10 21:57:06 +00:00
2023-04-22 15:23:38 +00:00
### Get metadata about a bootstrap package
_Available in Fleet Premium_
Get information about a bootstrap package that was uploaded to Fleet.
2024-05-10 21:57:06 +00:00
`GET /api/v1/fleet/bootstrap/:team_id/metadata`
2023-04-22 15:23:38 +00:00
#### Parameters
2023-06-07 17:29:36 +00:00
| Name | Type | In | Description |
| ------- | ------ | --- | --------------------------------------------------------------------------------------------------------------------------------------------------------- |
2023-10-10 18:10:24 +00:00
| team_id | string | url | **Required** The team ID for the package. Zero (0) can be specified to get information about the bootstrap package for hosts that don't belong to a team. |
2023-06-07 17:29:36 +00:00
| for_update | boolean | query | If set to `true` , the authorization will be for a `write` action instead of a `read` . Useful for the write-only `gitops` role when requesting the bootstrap metadata to check if the package needs to be replaced. |
2023-04-22 15:23:38 +00:00
#### Example
2024-05-10 21:57:06 +00:00
`GET /api/v1/fleet/bootstrap/0/metadata`
2023-04-22 15:23:38 +00:00
##### Default response
`Status: 200`
```json
{
"name": "bootstrap-package.pkg",
"team_id": 0,
"sha256": "6bebb4433322fd52837de9e4787de534b4089ac645b0692dfb74d000438da4a3",
"token": "AA598E2A-7952-46E3-B89D-526D45F7E233",
"created_at": "2023-04-20T13:02:05Z"
}
```
In the response above:
- `token` is the value you can use to [download a bootstrap package ](#download-a-bootstrap-package )
- `sha256` is the SHA256 digest of the bytes of the bootstrap package file.
2024-05-10 21:57:06 +00:00
2023-04-22 15:23:38 +00:00
### Delete a bootstrap package
_Available in Fleet Premium_
Delete a team's bootstrap package.
2024-05-10 21:57:06 +00:00
`DELETE /api/v1/fleet/bootstrap/:team_id`
2023-04-22 15:23:38 +00:00
#### Parameters
| Name | Type | In | Description |
| ------- | ------ | --- | --------------------------------------------------------------------------------------------------------------------------------------------------------- |
2023-10-10 18:10:24 +00:00
| team_id | string | url | **Required** The team ID for the package. Zero (0) can be specified to get information about the bootstrap package for hosts that don't belong to a team. |
2023-04-22 15:23:38 +00:00
#### Example
2024-05-10 21:57:06 +00:00
`DELETE /api/v1/fleet/bootstrap/1`
2023-04-22 15:23:38 +00:00
##### Default response
`Status: 200`
2024-05-10 21:57:06 +00:00
2023-04-22 15:23:38 +00:00
### Download a bootstrap package
_Available in Fleet Premium_
Download a bootstrap package.
2024-05-10 21:57:06 +00:00
`GET /api/v1/fleet/bootstrap`
2023-04-22 15:23:38 +00:00
#### Parameters
| Name | Type | In | Description |
| ----- | ------ | ----- | ------------------------------------------------ |
| token | string | query | **Required** The token of the bootstrap package. |
#### Example
2024-05-10 21:57:06 +00:00
`GET /api/v1/fleet/bootstrap?token=AA598E2A-7952-46E3-B89D-526D45F7E233`
2023-04-22 15:23:38 +00:00
##### Default response
`Status: 200`
2023-09-22 21:57:40 +00:00
```http
2023-04-22 15:23:38 +00:00
Status: 200
Content-Type: application/octet-stream
Content-Disposition: attachment
Content-Length: < length >
Body: < blob >
```
2023-04-25 13:36:01 +00:00
### Get a summary of bootstrap package status
2023-04-22 15:23:38 +00:00
_Available in Fleet Premium_
Get aggregate status counts of bootstrap packages delivered to DEP enrolled hosts.
2023-10-10 18:10:24 +00:00
The summary can optionally be filtered by team ID.
2023-04-22 15:23:38 +00:00
2024-05-10 21:57:06 +00:00
`GET /api/v1/fleet/bootstrap/summary`
2023-04-22 15:23:38 +00:00
#### Parameters
| Name | Type | In | Description |
| ------------------------- | ------ | ----- | ------------------------------------------------------------------------- |
2023-10-10 18:10:24 +00:00
| team_id | string | query | The team ID to filter the summary. |
2023-04-22 15:23:38 +00:00
#### Example
2024-05-10 21:57:06 +00:00
`GET /api/v1/fleet/bootstrap/summary`
2023-04-22 15:23:38 +00:00
##### Default response
`Status: 200`
```json
{
"installed": 10,
"failed": 1,
"pending": 4
}
```
2023-04-11 13:18:32 +00:00
2023-05-10 20:22:08 +00:00
### Turn on end user authentication for macOS setup
_Available in Fleet Premium_
2024-05-10 21:57:06 +00:00
`PATCH /api/v1/fleet/setup_experience`
2023-05-10 20:22:08 +00:00
#### Parameters
| Name | Type | In | Description |
| ------------- | ------ | ---- | -------------------------------------------------------------------------------------- |
| team_id | integer | body | The team ID to apply the settings to. Settings applied to hosts in no team if absent. |
2024-05-23 15:33:09 +00:00
| enable_end_user_authentication | boolean | body | When enabled, require end users to authenticate with your identity provider (IdP) when they set up their new macOS hosts. |
| enable_release_device_manually | boolean | body | When enabled, you're responsible for sending the DeviceConfigured command.|
2023-05-10 20:22:08 +00:00
#### Example
2024-05-10 21:57:06 +00:00
`PATCH /api/v1/fleet/setup_experience`
2023-05-10 20:22:08 +00:00
##### Request body
```json
{
"team_id": 1,
"enabled_end_user_authentication": true
}
```
##### Default response
`Status: 204`
2023-06-07 17:29:36 +00:00
### Upload an EULA file
2023-05-02 13:09:33 +00:00
_Available in Fleet Premium_
Upload an EULA that will be shown during the DEP flow.
2024-05-10 21:57:06 +00:00
`POST /api/v1/fleet/setup_experience/eula`
2023-05-02 13:09:33 +00:00
#### Parameters
| Name | Type | In | Description |
| ---- | ---- | ---- | ------------------------------------------------- |
| eula | file | form | **Required** . A PDF document containing the EULA. |
#### Example
2024-05-10 21:57:06 +00:00
`POST /api/v1/fleet/setup_experience/eula`
2023-05-02 13:09:33 +00:00
##### Request headers
2023-09-22 21:57:40 +00:00
```http
2023-05-02 13:09:33 +00:00
Content-Length: 850
Content-Type: multipart/form-data; boundary=------------------------f02md47480und42y
```
##### Request body
2023-09-22 21:57:40 +00:00
```http
2023-05-02 13:09:33 +00:00
--------------------------f02md47480und42y
Content-Disposition: form-data; name="eula"; filename="eula.pdf"
Content-Type: application/octet-stream
< BINARY_DATA >
--------------------------f02md47480und42y--
```
##### Default response
`Status: 200`
2024-05-10 21:57:06 +00:00
2023-06-07 17:29:36 +00:00
### Get metadata about an EULA file
2023-05-02 13:09:33 +00:00
_Available in Fleet Premium_
Get information about the EULA file that was uploaded to Fleet. If no EULA was previously uploaded, this endpoint returns a `404` status code.
2024-05-10 21:57:06 +00:00
`GET /api/v1/fleet/setup_experience/eula/metadata`
2023-05-02 13:09:33 +00:00
#### Example
2024-05-10 21:57:06 +00:00
`GET /api/v1/fleet/setup_experience/eula/metadata`
2023-05-02 13:09:33 +00:00
##### Default response
`Status: 200`
```json
{
"name": "eula.pdf",
"token": "AA598E2A-7952-46E3-B89D-526D45F7E233",
"created_at": "2023-04-20T13:02:05Z"
}
```
In the response above:
- `token` is the value you can use to [download an EULA ](#download-an-eula-file )
2024-05-10 21:57:06 +00:00
2023-05-02 13:09:33 +00:00
### Delete an EULA file
_Available in Fleet Premium_
Delete an EULA file.
2024-05-10 21:57:06 +00:00
`DELETE /api/v1/fleet/setup_experience/eula/:token`
2023-05-02 13:09:33 +00:00
#### Parameters
| Name | Type | In | Description |
| ----- | ------ | ----- | ---------------------------------------- |
| token | string | path | **Required** The token of the EULA file. |
#### Example
2024-05-10 21:57:06 +00:00
`DELETE /api/v1/fleet/setup_experience/eula/AA598E2A-7952-46E3-B89D-526D45F7E233`
2023-05-02 13:09:33 +00:00
##### Default response
`Status: 200`
2024-05-10 21:57:06 +00:00
2023-05-02 13:09:33 +00:00
### Download an EULA file
_Available in Fleet Premium_
Download an EULA file
2024-05-10 21:57:06 +00:00
`GET /api/v1/fleet/setup_experience/eula/:token`
2023-05-02 13:09:33 +00:00
#### Parameters
| Name | Type | In | Description |
| ----- | ------ | ----- | ---------------------------------------- |
| token | string | path | **Required** The token of the EULA file. |
#### Example
2024-05-10 21:57:06 +00:00
`GET /api/v1/fleet/setup_experience/eula/AA598E2A-7952-46E3-B89D-526D45F7E233`
2023-05-02 13:09:33 +00:00
##### Default response
`Status: 200`
2023-09-22 21:57:40 +00:00
```http
2023-05-02 13:09:33 +00:00
Status: 200
Content-Type: application/pdf
Content-Disposition: attachment
Content-Length: < length >
Body: < blob >
```
2023-04-11 13:18:32 +00:00
---
2024-05-10 21:57:06 +00:00
## Commands
- [Run custom MDM command ](#run-custom-mdm-command )
- [Get custom MDM command results ](#get-custom-mdm-command-results )
- [List custom MDM commands ](#list-custom-mdm-commands )
### Run custom MDM command
> `POST /api/v1/fleet/mdm/apple/enqueue` API endpoint is deprecated as of Fleet 4.40. It is maintained for backward compatibility. Please use the new API endpoint below. See old API endpoint docs [here](https://github.com/fleetdm/fleet/blob/fleet-v4.39.0/docs/REST%20API/rest-api.md#run-custom-mdm-command).
This endpoint tells Fleet to run a custom MDM command, on the targeted macOS or Windows hosts, the next time they come online.
`POST /api/v1/fleet/commands/run`
#### Parameters
| Name | Type | In | Description |
| ------------------------- | ------ | ----- | ------------------------------------------------------------------------- |
| command | string | json | A Base64 encoded MDM command as described in [Apple's documentation ](https://developer.apple.com/documentation/devicemanagement/commands_and_queries ) or [Windows's documentation ](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-mdm/0353f3d6-dbe2-42b6-b8d5-50db9333bba4 ). Supported formats are standard and raw (unpadded). You can paste your Base64 code to the [online decoder ](https://devpal.co/base64-decode/ ) to check if you're using the valid format. |
| host_uuids | array | json | An array of host UUIDs enrolled in Fleet on which the command should run. |
Note that the `EraseDevice` and `DeviceLock` commands are _available in Fleet Premium_ only.
#### Example
`POST /api/v1/fleet/commands/run`
##### Default response
`Status: 200`
```json
{
"command_uuid": "a2064cef-0000-1234-afb9-283e3c1d487e",
"request_type": "ProfileList"
}
```
### Get custom MDM command results
> `GET /api/v1/fleet/mdm/apple/commandresults` API endpoint is deprecated as of Fleet 4.40. It is maintained for backward compatibility. Please use the new API endpoint below. See old API endpoint docs [here](https://github.com/fleetdm/fleet/blob/fleet-v4.39.0/docs/REST%20API/rest-api.md#get-custom-mdm-command-results).
This endpoint returns the results for a specific custom MDM command.
`GET /api/v1/fleet/commands/results`
#### Parameters
| Name | Type | In | Description |
| ------------------------- | ------ | ----- | ------------------------------------------------------------------------- |
| command_uuid | string | query | The unique identifier of the command. |
#### Example
`GET /api/v1/fleet/commands/results?command_uuid=a2064cef-0000-1234-afb9-283e3c1d487e`
##### Default response
`Status: 200`
```json
{
"results": [
{
"host_uuid": "145cafeb-87c7-4869-84d5-e4118a927746",
"command_uuid": "a2064cef-0000-1234-afb9-283e3c1d487e",
"status": "Acknowledged",
"updated_at": "2023-04-04:00:00Z",
"request_type": "ProfileList",
"hostname": "mycomputer",
"payload": "PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4NCjwhRE9DVFlQRSBwbGlzdCBQVUJMSUMgIi0vL0FwcGxlLy9EVEQgUExJU1QgMS4wLy9FTiIgImh0dHA6Ly93d3cuYXBwbGUuY29tL0RURHMvUHJvcGVydHlMaXN0LTEuMC5kdGQiPg0KPHBsaXN0IHZlcnNpb249IjEuMCI+DQo8ZGljdD4NCg0KCTxrZXk+UGF5bG9hZERlc2NyaXB0aW9uPC9rZXk+DQoJPHN0cmluZz5UaGlzIHByb2ZpbGUgY29uZmlndXJhdGlvbiBpcyBkZXNpZ25lZCB0byBhcHBseSB0aGUgQ0lTIEJlbmNobWFyayBmb3IgbWFjT1MgMTAuMTQgKHYyLjAuMCksIDEwLjE1ICh2Mi4wLjApLCAxMS4wICh2Mi4wLjApLCBhbmQgMTIuMCAodjEuMC4wKTwvc3RyaW5nPg0KCTxrZXk+UGF5bG9hZERpc3BsYXlOYW1lPC9rZXk+DQoJPHN0cmluZz5EaXNhYmxlIEJsdWV0b290aCBzaGFyaW5nPC9zdHJpbmc+DQoJPGtleT5QYXlsb2FkRW5hYmxlZDwva2V5Pg0KCTx0cnVlLz4NCgk8a2V5PlBheWxvYWRJZGVudGlmaWVyPC9rZXk+DQoJPHN0cmluZz5jaXMubWFjT1NCZW5jaG1hcmsuc2VjdGlvbjIuQmx1ZXRvb3RoU2hhcmluZzwvc3RyaW5nPg0KCTxrZXk+UGF5bG9hZFNjb3BlPC9rZXk+DQoJPHN0cmluZz5TeXN0ZW08L3N0cmluZz4NCgk8a2V5PlBheWxvYWRUeXBlPC9rZXk+DQoJPHN0cmluZz5Db25maWd1cmF0aW9uPC9zdHJpbmc+DQoJPGtleT5QYXlsb2FkVVVJRDwva2V5Pg0KCTxzdHJpbmc+NUNFQkQ3MTItMjhFQi00MzJCLTg0QzctQUEyOEE1QTM4M0Q4PC9zdHJpbmc+DQoJPGtleT5QYXlsb2FkVmVyc2lvbjwva2V5Pg0KCTxpbnRlZ2VyPjE8L2ludGVnZXI+DQogICAgPGtleT5QYXlsb2FkUmVtb3ZhbERpc2FsbG93ZWQ8L2tleT4NCiAgICA8dHJ1ZS8+DQoJPGtleT5QYXlsb2FkQ29udGVudDwva2V5Pg0KCTxhcnJheT4NCgkJPGRpY3Q+DQoJCQk8a2V5PlBheWxvYWRDb250ZW50PC9rZXk+DQoJCQk8ZGljdD4NCgkJCQk8a2V5PmNvbS5hcHBsZS5CbHVldG9vdGg8L2tleT4NCgkJCQk8ZGljdD4NCgkJCQkJPGtleT5Gb3JjZWQ8L2tleT4NCgkJCQkJPGFycmF5Pg0KCQkJCQkJPGRpY3Q+DQoJCQkJCQkJPGtleT5tY3hfcHJlZmVyZW5jZV9zZXR0aW5nczwva2V5Pg0KCQkJCQkJCTxkaWN0Pg0KCQkJCQkJCQk8a2V5PlByZWZLZXlTZXJ2aWNlc0VuYWJsZWQ8L2tleT4NCgkJCQkJCQkJPGZhbHNlLz4NCgkJCQkJCQk8L2RpY3Q+DQoJCQkJCQk8L2RpY3Q+DQoJCQkJCTwvYXJyYXk+DQoJCQkJPC9kaWN0Pg0KCQkJPC9kaWN0Pg0KCQkJPGtleT5QYXlsb2FkRGVzY3JpcHRpb248L2tleT4NCgkJCTxzdHJpbmc+RGlzYWJsZXMgQmx1ZXRvb3RoIFNoYXJpbmc8L3N0cmluZz4NCgkJCTxrZXk+UGF5bG9hZERpc3BsYXlOYW1lPC9rZXk+DQoJCQk8c3RyaW5nPkN1c3RvbTwvc3RyaW5nPg0KCQkJPGtleT5QYXlsb2FkRW5hYmxlZDwva2V5Pg0KCQkJPHRydWUvPg0KCQkJPGtleT5QYXlsb2FkSWRlbnRpZmllcjwva2V5Pg0KCQkJPHN0cmluZz4wMjQwREQxQy03MERDLTQ3NjYtOTAxOC0wNDMyMkJGRUVBRDE8L3N0cmluZz4NCgkJCTxrZXk+UGF5bG9hZFR5cGU8L2tleT4NCgkJCTxzdHJpbmc+Y29tLmFwcGxlLk1hbmFnZWRDbGllbnQucHJlZmVyZW5jZXM8L3N0cmluZz4NCgkJCTxrZXk+UGF5bG9hZFVVSUQ8L2tleT4NCgkJCTxzdHJpbmc+MDI0MEREMUMtNzBEQy00NzY2LTkwMTgtMDQzMjJCRkVFQUQxPC9zdHJpbmc+DQoJCQk8a2V5PlBheWxvYWRWZXJzaW9uPC9rZXk+DQoJCQk8aW50ZWdlcj4xPC9pbnRlZ2VyPg0KCQk8L2RpY3Q+DQoJPC9hcnJheT4NCjwvZGljdD4NCjwvcGxpc3Q+",
"result": "PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4NCjwhRE9DVFlQRSBwbGlzdCBQVUJMSUMgIi0vL0FwcGxlLy9EVEQgUExJU1QgMS4wLy9FTiIgImh0dHA6Ly93d3cuYXBwbGUuY29tL0RURHMvUHJvcGVydHlMaXN0LTEuMC5kdGQiPg0KPHBsaXN0IHZlcnNpb249IjEuMCI+DQo8ZGljdD4NCiAgICA8a2V5PkNvbW1hbmRVVUlEPC9rZXk+DQogICAgPHN0cmluZz4wMDAxX0luc3RhbGxQcm9maWxlPC9zdHJpbmc+DQogICAgPGtleT5TdGF0dXM8L2tleT4NCiAgICA8c3RyaW5nPkFja25vd2xlZGdlZDwvc3RyaW5nPg0KICAgIDxrZXk+VURJRDwva2V5Pg0KICAgIDxzdHJpbmc+MDAwMDgwMjAtMDAwOTE1MDgzQzgwMDEyRTwvc3RyaW5nPg0KPC9kaWN0Pg0KPC9wbGlzdD4="
}
]
}
```
> Note: If the server has not yet received a result for a command, it will return an empty object (`{}`).
### List custom MDM commands
> `GET /api/v1/fleet/mdm/apple/commands` API endpoint is deprecated as of Fleet 4.40. It is maintained for backward compatibility. Please use the new API endpoint below. See old API endpoint docs [here](https://github.com/fleetdm/fleet/blob/fleet-v4.39.0/docs/REST%20API/rest-api.md#list-custom-mdm-commands).
This endpoint returns the list of custom MDM commands that have been executed.
`GET /api/v1/fleet/commands`
#### Parameters
| Name | Type | In | Description |
| ------------------------- | ------ | ----- | ------------------------------------------------------------------------- |
| page | integer | query | Page number of the results to fetch. |
| per_page | integer | query | Results per page. |
| order_key | string | query | What to order results by. Can be any field listed in the `results` array example below. |
| order_direction | string | query | **Requires `order_key`** . The direction of the order given the order key. Options include `asc` and `desc` . Default is `asc` . |
#### Example
`GET /api/v1/fleet/commands?per_page=5`
##### Default response
`Status: 200`
```json
{
"results": [
{
"host_uuid": "145cafeb-87c7-4869-84d5-e4118a927746",
"command_uuid": "a2064cef-0000-1234-afb9-283e3c1d487e",
"status": "Acknowledged",
"updated_at": "2023-04-04:00:00Z",
"request_type": "ProfileList",
"hostname": "mycomputer"
},
{
"host_uuid": "322vghee-12c7-8976-83a1-e2118a927342",
"command_uuid": "d76d69b7-d806-45a9-8e49-9d6dc533485c",
"status": "200",
"updated_at": "2023-05-04:00:00Z",
"request_type": "./Device/Vendor/MSFT/Reboot/RebootNow",
"hostname": "myhost"
}
]
}
```
---
## Integrations
- [Get Apple Push Notification service (APNs) ](#get-apple-push-notification-service-apns )
- [Get Apple Business Manager (ABM) ](#get-apple-business-manager-abm )
### Get Apple Push Notification service (APNs)
`GET /api/v1/fleet/apns`
#### Parameters
None.
#### Example
`GET /api/v1/fleet/apns`
##### Default response
`Status: 200`
```json
{
"common_name": "APSP:04u52i98aewuh-xxxx-xxxx-xxxx-xxxx",
"serial_number": "1234567890987654321",
"issuer": "Apple Application Integration 2 Certification Authority",
"renew_date": "2023-09-30T00:00:00Z"
}
```
### Get Apple Business Manager (ABM)
_Available in Fleet Premium_
`GET /api/v1/fleet/abm`
#### Parameters
None.
#### Example
`GET /api/v1/fleet/abm`
##### Default response
`Status: 200`
```json
{
"apple_id": "apple@example.com",
"org_name": "Fleet Device Management",
"mdm_server_url": "https://example.com/mdm/apple/mdm",
"renew_date": "2023-11-29T00:00:00Z",
"default_team": ""
}
```
---
2021-08-25 21:05:48 +00:00
## Policies
- [List policies ](#list-policies )
2023-08-30 22:30:17 +00:00
- [Count policies ](#count-policies )
2021-08-25 21:05:48 +00:00
- [Get policy by ID ](#get-policy-by-id )
- [Add policy ](#add-policy )
- [Remove policies ](#remove-policies )
2021-11-24 17:16:42 +00:00
- [Edit policy ](#edit-policy )
2022-12-16 21:00:54 +00:00
- [Run automation for all failing hosts of a policy ](#run-automation-for-all-failing-hosts-of-a-policy )
2021-08-25 21:05:48 +00:00
2021-11-08 18:57:08 +00:00
Policies are yes or no questions you can ask about your hosts.
2021-08-25 21:05:48 +00:00
Policies in Fleet are defined by osquery queries.
2021-11-08 18:57:08 +00:00
A passing host answers "yes" to a policy if the host returns results for a policy's query.
A failing host answers "no" to a policy if the host does not return results for a policy's query.
2021-08-25 21:05:48 +00:00
2021-11-08 18:57:08 +00:00
For example, a policy might ask “Is Gatekeeper enabled on macOS devices?“ This policy's osquery query might look like the following: `SELECT 1 FROM gatekeeper WHERE assessments_enabled = 1;`
2021-08-25 21:05:48 +00:00
### List policies
2022-04-14 21:33:52 +00:00
`GET /api/v1/fleet/global/policies`
2021-08-25 21:05:48 +00:00
2023-08-30 22:30:17 +00:00
#### Parameters
| Name | Type | In | Description |
| ----------------------- | ------- | ----- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| page | integer | query | Page number of the results to fetch. |
| per_page | integer | query | Results per page.
2021-08-25 21:05:48 +00:00
#### Example
2022-04-14 21:33:52 +00:00
`GET /api/v1/fleet/global/policies`
2021-08-25 21:05:48 +00:00
##### Default response
`Status: 200`
2021-09-16 07:45:14 +00:00
```json
2021-08-25 21:05:48 +00:00
{
"policies": [
{
"id": 1,
2021-11-24 17:16:42 +00:00
"name": "Gatekeeper enabled",
"query": "SELECT 1 FROM gatekeeper WHERE assessments_enabled = 1;",
"description": "Checks if gatekeeper is enabled on macOS devices",
2022-12-06 14:59:20 +00:00
"critical": false,
2021-11-24 17:16:42 +00:00
"author_id": 42,
"author_name": "John",
"author_email": "john@example.com",
2022-03-30 16:38:38 +00:00
"team_id": null,
2021-10-15 10:34:11 +00:00
"resolution": "Resolution steps",
2021-12-06 16:56:28 +00:00
"platform": "darwin",
2022-03-30 16:38:38 +00:00
"created_at": "2021-12-15T15:23:57Z",
"updated_at": "2021-12-15T15:23:57Z",
2021-08-25 21:05:48 +00:00
"passing_host_count": 2000,
2024-01-02 19:41:54 +00:00
"failing_host_count": 300,
"host_count_updated_at": "2023-12-20T15:23:57Z"
2021-08-25 21:05:48 +00:00
},
{
"id": 2,
2021-11-24 17:16:42 +00:00
"name": "Windows machines with encrypted hard disks",
"query": "SELECT 1 FROM bitlocker_info WHERE protection_status = 1;",
"description": "Checks if the hard disk is encrypted on Windows devices",
2022-12-06 14:59:20 +00:00
"critical": true,
2021-11-24 17:16:42 +00:00
"author_id": 43,
"author_name": "Alice",
"author_email": "alice@example.com",
2022-03-30 16:38:38 +00:00
"team_id": null,
2021-12-03 18:33:33 +00:00
"resolution": "Resolution steps",
2021-12-06 16:56:28 +00:00
"platform": "windows",
2022-03-30 16:38:38 +00:00
"created_at": "2021-12-31T14:52:27Z",
"updated_at": "2022-02-10T20:59:35Z",
2021-08-25 21:05:48 +00:00
"passing_host_count": 2300,
2024-01-02 19:41:54 +00:00
"failing_host_count": 0,
"host_count_updated_at": "2023-12-20T15:23:57Z"
2021-08-25 21:05:48 +00:00
}
]
}
```
2023-08-30 22:30:17 +00:00
---
### Count policies
2023-09-05 21:37:43 +00:00
`GET /api/v1/fleet/policies/count`
2023-08-30 22:30:17 +00:00
#### Parameters
| Name | Type | In | Description |
| ------------------ | ------- | ---- | ------------------------------------------------------------------------------------------------------------- |
| query | string | query | Search query keywords. Searchable fields include `name` . |
2023-08-30 22:35:26 +00:00
#### Example
2023-09-05 21:37:43 +00:00
`GET /api/v1/fleet/policies/count`
2023-08-30 22:35:26 +00:00
2023-08-30 22:30:17 +00:00
##### Default response
`Status: 200`
```json
{
"count": 43
}
```
---
2021-08-25 21:05:48 +00:00
### Get policy by ID
2023-12-08 22:22:20 +00:00
`GET /api/v1/fleet/global/policies/:id`
2021-08-25 21:05:48 +00:00
#### Parameters
| Name | Type | In | Description |
| ------------------ | ------- | ---- | ------------------------------------------------------------------------------------------------------------- |
2021-10-15 10:34:11 +00:00
| id | integer | path | **Required.** The policy's ID. |
2021-08-25 21:05:48 +00:00
#### Example
2022-04-14 21:33:52 +00:00
`GET /api/v1/fleet/global/policies/1`
2021-08-25 21:05:48 +00:00
##### Default response
`Status: 200`
2021-09-16 07:45:14 +00:00
```json
2021-08-25 21:05:48 +00:00
{
"policy": {
2022-03-30 16:38:38 +00:00
"id": 1,
"name": "Gatekeeper enabled",
"query": "SELECT 1 FROM gatekeeper WHERE assessments_enabled = 1;",
"description": "Checks if gatekeeper is enabled on macOS devices",
2022-12-06 14:59:20 +00:00
"critical": false,
2022-03-30 16:38:38 +00:00
"author_id": 42,
"author_name": "John",
"author_email": "john@example.com",
"team_id": null,
"resolution": "Resolution steps",
"platform": "darwin",
"created_at": "2021-12-15T15:23:57Z",
"updated_at": "2021-12-15T15:23:57Z",
"passing_host_count": 2000,
2024-01-02 19:41:54 +00:00
"failing_host_count": 300,
"host_count_updated_at": "2023-12-20T15:23:57Z"
2022-03-30 16:38:38 +00:00
}
2021-08-25 21:05:48 +00:00
}
```
### Add policy
2022-04-14 21:33:52 +00:00
`POST /api/v1/fleet/global/policies`
2021-08-25 21:05:48 +00:00
#### Parameters
2021-11-24 17:16:42 +00:00
| Name | Type | In | Description |
| ---------- | ------- | ---- | ------------------------------------ |
2024-06-12 22:30:28 +00:00
| name | string | body | The policy's name. |
| query | string | body | The policy's query in SQL. |
| description | string | body | The policy's description. |
2021-11-24 17:16:42 +00:00
| resolution | string | body | The resolution steps for the policy. |
2021-12-06 16:56:28 +00:00
| platform | string | body | Comma-separated target platforms, currently supported values are "windows", "linux", "darwin". The default, an empty string means target all platforms. |
2023-10-11 22:48:15 +00:00
| critical | boolean | body | _Available in Fleet Premium_ . Mark policy as critical/high impact. |
2021-08-25 21:05:48 +00:00
2023-10-11 22:48:15 +00:00
#### Example (preferred)
2021-11-24 17:16:42 +00:00
2022-04-14 21:33:52 +00:00
`POST /api/v1/fleet/global/policies`
2021-11-24 17:16:42 +00:00
#### Request body
```json
{
"name": "Gatekeeper enabled",
"query": "SELECT 1 FROM gatekeeper WHERE assessments_enabled = 1;",
"description": "Checks if gatekeeper is enabled on macOS devices",
2021-12-03 18:33:33 +00:00
"resolution": "Resolution steps",
2022-12-06 14:59:20 +00:00
"platform": "darwin",
"critical": true
2021-11-24 17:16:42 +00:00
}
```
##### Default response
`Status: 200`
```json
{
"policy": {
"id": 43,
"name": "Gatekeeper enabled",
"query": "SELECT 1 FROM gatekeeper WHERE assessments_enabled = 1;",
"description": "Checks if gatekeeper is enabled on macOS devices",
2022-12-06 14:59:20 +00:00
"critical": true,
2021-11-24 17:16:42 +00:00
"author_id": 42,
"author_name": "John",
"author_email": "john@example.com",
2022-03-30 16:38:38 +00:00
"team_id": null,
2021-11-24 17:16:42 +00:00
"resolution": "Resolution steps",
2021-12-06 16:56:28 +00:00
"platform": "darwin",
2022-03-30 16:38:38 +00:00
"created_at": "2022-03-17T20:15:55Z",
"updated_at": "2022-03-17T20:15:55Z",
2021-11-24 17:16:42 +00:00
"passing_host_count": 0,
2024-01-02 19:41:54 +00:00
"failing_host_count": 0,
"host_count_updated_at": null
2021-11-24 17:16:42 +00:00
}
}
```
2021-08-25 21:05:48 +00:00
### Remove policies
2022-04-14 21:33:52 +00:00
`POST /api/v1/fleet/global/policies/delete`
2021-08-25 21:05:48 +00:00
#### Parameters
| Name | Type | In | Description |
| -------- | ------- | ---- | ------------------------------------------------- |
| ids | list | body | **Required.** The IDs of the policies to delete. |
#### Example
2022-04-14 21:33:52 +00:00
`POST /api/v1/fleet/global/policies/delete`
2021-08-25 21:05:48 +00:00
#### Request body
2021-09-16 07:45:14 +00:00
```json
2021-08-25 21:05:48 +00:00
{
"ids": [ 1 ]
}
```
##### Default response
`Status: 200`
2021-09-16 07:45:14 +00:00
```json
2021-08-25 21:05:48 +00:00
{
"deleted": 1
}
```
2021-11-24 17:16:42 +00:00
### Edit policy
2023-12-08 22:22:20 +00:00
`PATCH /api/v1/fleet/global/policies/:id`
2021-11-24 17:16:42 +00:00
#### Parameters
| Name | Type | In | Description |
| ---------- | ------- | ---- | ------------------------------------ |
| id | integer | path | The policy's ID. |
| name | string | body | The query's name. |
| query | string | body | The query in SQL. |
| description | string | body | The query's description. |
| resolution | string | body | The resolution steps for the policy. |
2022-02-22 18:42:03 +00:00
| platform | string | body | Comma-separated target platforms, currently supported values are "windows", "linux", "darwin". The default, an empty string means target all platforms. |
2024-04-03 16:48:22 +00:00
| critical | boolean | body | _Available in Fleet Premium_ . Mark policy as critical/high impact. |
2021-11-24 17:16:42 +00:00
2023-10-11 22:48:15 +00:00
#### Example
2021-11-24 17:16:42 +00:00
2022-04-14 21:33:52 +00:00
`PATCH /api/v1/fleet/global/policies/42`
2021-11-24 17:16:42 +00:00
##### Request body
```json
{
"name": "Gatekeeper enabled",
"query": "SELECT 1 FROM gatekeeper WHERE assessments_enabled = 1;",
"description": "Checks if gatekeeper is enabled on macOS devices",
2022-12-06 14:59:20 +00:00
"critical": true,
2021-12-03 18:33:33 +00:00
"resolution": "Resolution steps",
2022-02-22 18:42:03 +00:00
"platform": "darwin"
2021-11-24 17:16:42 +00:00
}
```
##### Default response
`Status: 200`
```json
{
"policy": {
"id": 42,
"name": "Gatekeeper enabled",
"query": "SELECT 1 FROM gatekeeper WHERE assessments_enabled = 1;",
"description": "Checks if gatekeeper is enabled on macOS devices",
2022-12-06 14:59:20 +00:00
"critical": true,
2021-11-24 17:16:42 +00:00
"author_id": 43,
"author_name": "John",
"author_email": "john@example.com",
2022-03-30 16:38:38 +00:00
"team_id": null,
2021-11-24 17:16:42 +00:00
"resolution": "Resolution steps",
2021-12-06 16:56:28 +00:00
"platform": "darwin",
2022-03-30 16:38:38 +00:00
"created_at": "2022-03-17T20:15:55Z",
"updated_at": "2022-03-17T20:15:55Z",
2021-11-24 17:16:42 +00:00
"passing_host_count": 0,
2024-01-02 19:41:54 +00:00
"failing_host_count": 0,
"host_count_updated_at": null
2021-11-24 17:16:42 +00:00
}
}
```
2023-10-11 21:49:45 +00:00
### Run automation for all failing hosts of a policy
2022-12-16 21:00:54 +00:00
2023-10-11 21:49:45 +00:00
Triggers [automations ](https://fleetdm.com/docs/using-fleet/automations#policy-automations ) for *all* hosts failing the specified policies, regardless of whether the policies were previously failing on those hosts.
2022-12-16 21:00:54 +00:00
`POST /api/v1/fleet/automations/reset`
#### Parameters
| Name | Type | In | Description |
| ---------- | -------- | ---- | -------------------------------------------------------- |
2023-10-11 21:49:45 +00:00
| policy_ids | list | body | Filters to only run policy automations for the specified policies. |
| team_ids | list | body | _Available in Fleet Premium_ . Filters to only run policy automations for hosts in the specified teams. |
2022-12-16 21:00:54 +00:00
2023-10-11 22:48:15 +00:00
#### Example
2022-12-16 21:00:54 +00:00
`POST /api/v1/fleet/automations/reset`
##### Request body
```json
{
"team_ids": [1],
"policy_ids": [1, 2, 3]
}
```
##### Default response
`Status: 200`
```json
{}
```
2021-08-25 21:05:48 +00:00
---
2024-02-26 22:27:24 +00:00
## Team policies
2021-09-20 14:00:57 +00:00
- [List team policies ](#list-team-policies )
2023-08-30 22:30:17 +00:00
- [Count team policies ](#count-team-policies )
2021-09-20 14:00:57 +00:00
- [Get team policy by ID ](#get-team-policy-by-id )
- [Add team policy ](#add-team-policy )
- [Remove team policies ](#remove-team-policies )
2021-11-24 17:16:42 +00:00
- [Edit team policy ](#edit-team-policy )
2021-09-20 14:00:57 +00:00
_Available in Fleet Premium_
Team policies work the same as policies, but at the team level.
### List team policies
2023-12-08 22:22:20 +00:00
`GET /api/v1/fleet/teams/:id/policies`
2021-09-20 14:00:57 +00:00
#### Parameters
| Name | Type | In | Description |
| ------------------ | ------- | ---- | ------------------------------------------------------------------------------------------------------------- |
2023-12-08 22:22:20 +00:00
| id | integer | path | **Required.** Defines what team ID to operate on |
2024-05-30 17:16:08 +00:00
| merge_inherited | boolean | query | If `true` , will return both team policies **and** inherited ("All teams") policies the `policies` list, and will not return a separate `inherited_policies` list. |
| query | string | query | Search query keywords. Searchable fields include `name` . |
2023-08-30 22:30:17 +00:00
| page | integer | query | Page number of the results to fetch. |
| per_page | integer | query | Results per page. |
2024-05-30 17:16:08 +00:00
#### Example (default usage)
2021-09-20 14:00:57 +00:00
2022-04-14 21:33:52 +00:00
`GET /api/v1/fleet/teams/1/policies`
2021-09-20 14:00:57 +00:00
##### Default response
`Status: 200`
2021-11-24 17:16:42 +00:00
```json
2021-09-20 14:00:57 +00:00
{
"policies": [
{
"id": 1,
2021-11-24 17:16:42 +00:00
"name": "Gatekeeper enabled",
"query": "SELECT 1 FROM gatekeeper WHERE assessments_enabled = 1;",
"description": "Checks if gatekeeper is enabled on macOS devices",
2022-12-06 14:59:20 +00:00
"critical": true,
2021-11-24 17:16:42 +00:00
"author_id": 42,
"author_name": "John",
"author_email": "john@example.com",
"team_id": 1,
"resolution": "Resolution steps",
2021-12-06 16:56:28 +00:00
"platform": "darwin",
2022-03-30 16:38:38 +00:00
"created_at": "2021-12-16T14:37:37Z",
"updated_at": "2021-12-16T16:39:00Z",
2021-09-20 14:00:57 +00:00
"passing_host_count": 2000,
2024-01-02 19:41:54 +00:00
"failing_host_count": 300,
2024-04-12 23:01:52 +00:00
"host_count_updated_at": "2023-12-20T15:23:57Z",
"calendar_events_enabled": true
2021-09-20 14:00:57 +00:00
},
{
"id": 2,
2021-11-24 17:16:42 +00:00
"name": "Windows machines with encrypted hard disks",
"query": "SELECT 1 FROM bitlocker_info WHERE protection_status = 1;",
"description": "Checks if the hard disk is encrypted on Windows devices",
2022-12-06 14:59:20 +00:00
"critical": false,
2021-11-24 17:16:42 +00:00
"author_id": 43,
"author_name": "Alice",
"author_email": "alice@example.com",
"team_id": 1,
2021-12-03 18:33:33 +00:00
"resolution": "Resolution steps",
2021-12-06 16:56:28 +00:00
"platform": "windows",
2022-03-30 16:38:38 +00:00
"created_at": "2021-12-16T14:37:37Z",
"updated_at": "2021-12-16T16:39:00Z",
2021-09-20 14:00:57 +00:00
"passing_host_count": 2300,
2024-01-02 19:41:54 +00:00
"failing_host_count": 0,
2024-04-12 23:01:52 +00:00
"host_count_updated_at": "2023-12-20T15:23:57Z",
"calendar_events_enabled": false
2021-09-20 14:00:57 +00:00
}
2022-10-12 12:35:36 +00:00
],
"inherited_policies": [
{
"id": 136,
"name": "Arbitrary Test Policy (all platforms) (all teams)",
"query": "SELECT 1 FROM osquery_info WHERE 1=1;",
"description": "If you're seeing this, mostly likely this is because someone is testing out failing policies in dogfood. You can ignore this.",
2022-12-06 14:59:20 +00:00
"critical": true,
2022-10-12 12:35:36 +00:00
"author_id": 77,
"author_name": "Test Admin",
"author_email": "test@admin.com",
"team_id": null,
"resolution": "To make it pass, change \"1=0\" to \"1=1\". To make it fail, change \"1=1\" to \"1=0\".",
"platform": "darwin,windows,linux",
"created_at": "2022-08-04T19:30:18Z",
"updated_at": "2022-08-30T15:08:26Z",
"passing_host_count": 10,
2024-01-02 19:41:54 +00:00
"failing_host_count": 9,
"host_count_updated_at": "2023-12-20T15:23:57Z"
2022-10-12 12:35:36 +00:00
}
2021-09-20 14:00:57 +00:00
]
}
```
2024-05-30 17:16:08 +00:00
#### Example (returns single list)
`GET /api/v1/fleet/teams/1/policies?merge_inherited=true`
##### Default response
`Status: 200`
```json
{
"policies": [
{
"id": 1,
"name": "Gatekeeper enabled",
"query": "SELECT 1 FROM gatekeeper WHERE assessments_enabled = 1;",
"description": "Checks if gatekeeper is enabled on macOS devices",
"critical": true,
"author_id": 42,
"author_name": "John",
"author_email": "john@example.com",
"team_id": 1,
"resolution": "Resolution steps",
"platform": "darwin",
"created_at": "2021-12-16T14:37:37Z",
"updated_at": "2021-12-16T16:39:00Z",
"passing_host_count": 2000,
"failing_host_count": 300,
"host_count_updated_at": "2023-12-20T15:23:57Z"
},
{
"id": 2,
"name": "Windows machines with encrypted hard disks",
"query": "SELECT 1 FROM bitlocker_info WHERE protection_status = 1;",
"description": "Checks if the hard disk is encrypted on Windows devices",
"critical": false,
"author_id": 43,
"author_name": "Alice",
"author_email": "alice@example.com",
"team_id": 1,
"resolution": "Resolution steps",
"platform": "windows",
"created_at": "2021-12-16T14:37:37Z",
"updated_at": "2021-12-16T16:39:00Z",
"passing_host_count": 2300,
"failing_host_count": 0,
"host_count_updated_at": "2023-12-20T15:23:57Z"
},
{
"id": 136,
"name": "Arbitrary Test Policy (all platforms) (all teams)",
"query": "SELECT 1 FROM osquery_info WHERE 1=1;",
"description": "If you're seeing this, mostly likely this is because someone is testing out failing policies in dogfood. You can ignore this.",
"critical": true,
"author_id": 77,
"author_name": "Test Admin",
"author_email": "test@admin.com",
"team_id": null,
"resolution": "To make it pass, change \"1=0\" to \"1=1\". To make it fail, change \"1=1\" to \"1=0\".",
"platform": "darwin,windows,linux",
"created_at": "2022-08-04T19:30:18Z",
"updated_at": "2022-08-30T15:08:26Z",
"passing_host_count": 10,
"failing_host_count": 9,
"host_count_updated_at": "2023-12-20T15:23:57Z"
}
]
}
```
2023-08-30 22:30:17 +00:00
### Count team policies
2023-12-08 22:22:20 +00:00
`GET /api/v1/fleet/team/:team_id/policies/count`
2023-08-30 22:30:17 +00:00
#### Parameters
| Name | Type | In | Description |
| ------------------ | ------- | ---- | ------------------------------------------------------------------------------------------------------------- |
2024-02-05 23:37:35 +00:00
| team_id | integer | path | **Required.** Defines what team ID to operate on
2023-08-30 22:30:17 +00:00
| query | string | query | Search query keywords. Searchable fields include `name` . |
2024-05-30 17:16:08 +00:00
| merge_inherited | boolean | query | If `true` , will include inherited ("All teams") policies in the count. |
2023-08-30 22:30:17 +00:00
2023-08-30 22:35:26 +00:00
#### Example
`GET /api/v1/fleet/team/1/policies/count`
2023-08-30 22:30:17 +00:00
##### Default response
`Status: 200`
```json
{
"count": 43
}
```
---
2021-09-20 14:00:57 +00:00
### Get team policy by ID
2023-12-08 22:22:20 +00:00
`GET /api/v1/fleet/teams/:team_id/policies/:policy_id`
2021-09-20 14:00:57 +00:00
#### Parameters
| Name | Type | In | Description |
| ------------------ | ------- | ---- | ------------------------------------------------------------------------------------------------------------- |
2023-12-08 22:22:20 +00:00
| team_id | integer | path | **Required.** Defines what team ID to operate on |
| policy_id | integer | path | **Required.** The policy's ID. |
2021-09-20 14:00:57 +00:00
#### Example
2022-04-14 21:33:52 +00:00
`GET /api/v1/fleet/teams/1/policies/43`
2021-09-20 14:00:57 +00:00
##### Default response
`Status: 200`
2021-11-24 17:16:42 +00:00
```json
2021-09-20 14:00:57 +00:00
{
"policy": {
2021-11-24 17:16:42 +00:00
"id": 43,
"name": "Gatekeeper enabled",
"query": "SELECT 1 FROM gatekeeper WHERE assessments_enabled = 1;",
"description": "Checks if gatekeeper is enabled on macOS devices",
2022-12-06 14:59:20 +00:00
"critical": true,
2021-11-24 17:16:42 +00:00
"author_id": 42,
"author_name": "John",
"author_email": "john@example.com",
"team_id": 1,
"resolution": "Resolution steps",
2021-12-06 16:56:28 +00:00
"platform": "darwin",
2022-03-30 16:38:38 +00:00
"created_at": "2021-12-16T14:37:37Z",
"updated_at": "2021-12-16T16:39:00Z",
2021-11-24 17:16:42 +00:00
"passing_host_count": 0,
2024-01-02 19:41:54 +00:00
"failing_host_count": 0,
2024-04-12 23:01:52 +00:00
"host_count_updated_at": null,
"calendar_events_enabled": true
2021-09-20 14:00:57 +00:00
}
}
```
### Add team policy
2021-11-24 17:16:42 +00:00
The semantics for creating a team policy are the same as for global policies, see [Add policy ](#add-policy ).
2023-12-08 22:22:20 +00:00
`POST /api/v1/fleet/teams/:id/policies`
2021-09-20 14:00:57 +00:00
#### Parameters
2021-11-24 17:16:42 +00:00
| Name | Type | In | Description |
| ---------- | ------- | ---- | ------------------------------------ |
2023-12-08 22:22:20 +00:00
| id | integer | path | Defines what team ID to operate on. |
2024-06-12 22:30:28 +00:00
| name | string | body | The policy's name. |
| query | string | body | The policy's query in SQL. |
| description | string | body | The policy's description. |
2021-11-24 17:16:42 +00:00
| resolution | string | body | The resolution steps for the policy. |
2021-12-06 16:56:28 +00:00
| platform | string | body | Comma-separated target platforms, currently supported values are "windows", "linux", "darwin". The default, an empty string means target all platforms. |
2024-04-03 16:48:22 +00:00
| critical | boolean | body | _Available in Fleet Premium_ . Mark policy as critical/high impact. |
2021-11-24 17:16:42 +00:00
Either `query` or `query_id` must be provided.
2021-09-20 14:00:57 +00:00
#### Example
2022-04-14 21:33:52 +00:00
`POST /api/v1/fleet/teams/1/policies`
2021-09-20 14:00:57 +00:00
2021-11-24 17:16:42 +00:00
##### Request body
2021-09-20 14:00:57 +00:00
2021-11-24 17:16:42 +00:00
```json
2021-09-20 14:00:57 +00:00
{
2021-11-24 17:16:42 +00:00
"name": "Gatekeeper enabled",
"query": "SELECT 1 FROM gatekeeper WHERE assessments_enabled = 1;",
"description": "Checks if gatekeeper is enabled on macOS devices",
2022-12-06 14:59:20 +00:00
"critical": true,
2021-12-03 18:33:33 +00:00
"resolution": "Resolution steps",
2021-12-06 16:56:28 +00:00
"platform": "darwin"
2021-09-20 14:00:57 +00:00
}
```
##### Default response
`Status: 200`
2021-11-24 17:16:42 +00:00
```json
2021-09-20 14:00:57 +00:00
{
"policy": {
2021-11-24 17:16:42 +00:00
"id": 43,
"name": "Gatekeeper enabled",
"query": "SELECT 1 FROM gatekeeper WHERE assessments_enabled = 1;",
"description": "Checks if gatekeeper is enabled on macOS devices",
2022-12-06 14:59:20 +00:00
"critical": true,
2021-11-24 17:16:42 +00:00
"author_id": 42,
"author_name": "John",
"author_email": "john@example.com",
"team_id": 1,
"resolution": "Resolution steps",
2021-12-06 16:56:28 +00:00
"platform": "darwin",
2022-03-30 16:38:38 +00:00
"created_at": "2021-12-16T14:37:37Z",
"updated_at": "2021-12-16T16:39:00Z",
2021-11-24 17:16:42 +00:00
"passing_host_count": 0,
2024-01-02 19:41:54 +00:00
"failing_host_count": 0,
2024-04-12 23:01:52 +00:00
"host_count_updated_at": null,
"calendar_events_enabled": false
2021-11-24 17:16:42 +00:00
}
2021-09-20 14:00:57 +00:00
}
```
### Remove team policies
2023-12-08 22:22:20 +00:00
`POST /api/v1/fleet/teams/:team_id/policies/delete`
2021-09-20 14:00:57 +00:00
#### Parameters
| Name | Type | In | Description |
| -------- | ------- | ---- | ------------------------------------------------- |
2023-12-08 22:22:20 +00:00
| team_id | integer | path | **Required.** Defines what team ID to operate on |
2021-09-20 14:00:57 +00:00
| ids | list | body | **Required.** The IDs of the policies to delete. |
#### Example
2022-04-14 21:33:52 +00:00
`POST /api/v1/fleet/teams/1/policies/delete`
2021-09-20 14:00:57 +00:00
2021-11-24 17:16:42 +00:00
##### Request body
2021-09-20 14:00:57 +00:00
2021-11-24 17:16:42 +00:00
```json
2021-09-20 14:00:57 +00:00
{
"ids": [ 1 ]
}
```
##### Default response
`Status: 200`
2021-11-24 17:16:42 +00:00
```json
2021-09-20 14:00:57 +00:00
{
"deleted": 1
}
```
2021-11-24 17:16:42 +00:00
### Edit team policy
2023-12-08 22:22:20 +00:00
`PATCH /api/v1/fleet/teams/:team_id/policies/:policy_id`
2021-11-24 17:16:42 +00:00
#### Parameters
| Name | Type | In | Description |
| ---------- | ------- | ---- | ------------------------------------ |
| team_id | integer | path | The team's ID. |
| policy_id | integer | path | The policy's ID. |
| name | string | body | The query's name. |
| query | string | body | The query in SQL. |
| description | string | body | The query's description. |
| resolution | string | body | The resolution steps for the policy. |
2022-02-22 18:42:03 +00:00
| platform | string | body | Comma-separated target platforms, currently supported values are "windows", "linux", "darwin". The default, an empty string means target all platforms. |
2024-04-03 16:48:22 +00:00
| critical | boolean | body | _Available in Fleet Premium_ . Mark policy as critical/high impact. |
2024-04-12 23:01:52 +00:00
| calendar_events_enabled | boolean | body | _Available in Fleet Premium_ . Whether to trigger calendar events when policy is failing. |
2021-11-24 17:16:42 +00:00
2023-10-11 22:48:15 +00:00
#### Example
2022-05-02 13:55:27 +00:00
`PATCH /api/v1/fleet/teams/2/policies/42`
##### Request body
```json
{
"name": "Gatekeeper enabled",
"query": "SELECT 1 FROM gatekeeper WHERE assessments_enabled = 1;",
"description": "Checks if gatekeeper is enabled on macOS devices",
2022-12-06 14:59:20 +00:00
"critical": true,
2022-05-02 13:55:27 +00:00
"resolution": "Resolution steps",
"platform": "darwin"
}
```
##### Default response
`Status: 200`
```json
{
"policy": {
"id": 42,
"name": "Gatekeeper enabled",
"query": "SELECT 1 FROM gatekeeper WHERE assessments_enabled = 1;",
"description": "Checks if gatekeeper is enabled on macOS devices",
2022-12-06 14:59:20 +00:00
"critical": true,
2022-05-02 13:55:27 +00:00
"author_id": 43,
"author_name": "John",
"author_email": "john@example.com",
"resolution": "Resolution steps",
"platform": "darwin",
"team_id": 2,
"created_at": "2021-12-16T14:37:37Z",
"updated_at": "2021-12-16T16:39:00Z",
"passing_host_count": 0,
2024-01-02 19:41:54 +00:00
"failing_host_count": 0,
2024-04-12 23:01:52 +00:00
"host_count_updated_at": null,
"calendar_events_enabled": true
2022-05-02 13:55:27 +00:00
}
}
```
---
## Queries
2023-10-30 20:21:43 +00:00
- [List queries ](#list-queries )
2022-05-02 13:55:27 +00:00
- [Get query ](#get-query )
2023-10-12 20:17:41 +00:00
- [Get query report ](#get-query-report )
2023-12-15 18:27:20 +00:00
- [Get query report for one host ](#get-query-report-for-one-host )
2022-05-02 13:55:27 +00:00
- [Create query ](#create-query )
- [Modify query ](#modify-query )
2023-07-31 23:05:16 +00:00
- [Delete query by name ](#delete-query-by-name )
2022-05-02 13:55:27 +00:00
- [Delete query by ID ](#delete-query-by-id )
- [Delete queries ](#delete-queries )
- [Run live query ](#run-live-query )
2023-10-30 20:21:43 +00:00
### List queries
Returns a list of global queries or team queries.
`GET /api/v1/fleet/queries`
#### Parameters
| Name | Type | In | Description |
| --------------- | ------- | ----- | ----------------------------------------------------------------------------------------------------------------------------- |
| order_key | string | query | What to order results by. Can be any column in the queries table. |
| order_direction | string | query | **Requires `order_key`** . The direction of the order given the order key. Options include `asc` and `desc` . Default is `asc` . |
2024-02-28 21:15:10 +00:00
| team_id | integer | query | _Available in Fleet Premium_ . The ID of the parent team for the queries to be listed. When omitted, returns global queries. |
2023-12-15 18:58:06 +00:00
| query | string | query | Search query keywords. Searchable fields include `name` . |
2024-05-30 17:16:08 +00:00
| merge_inherited | boolean | query | _Available in Fleet Premium_ . If `true` , will include global queries in addition to team queries when filtering by `team_id` . (If no `team_id` is provided, this parameter is ignored.)
2023-10-30 20:21:43 +00:00
#### Example
`GET /api/v1/fleet/queries`
##### Default response
`Status: 200`
```json
{
"queries": [
{
"created_at": "2021-01-04T21:19:57Z",
"updated_at": "2021-01-04T21:19:57Z",
"id": 1,
"name": "query1",
"description": "query",
"query": "SELECT * FROM osquery_info",
"team_id": null,
"interval": 3600,
"platform": "darwin,windows,linux",
"min_osquery_version": "",
"automations_enabled": true,
"logging": "snapshot",
"saved": true,
"observer_can_run": true,
"discard_data": false,
"author_id": 1,
"author_name": "noah",
"author_email": "noah@example.com",
"packs": [
{
"created_at": "2021-01-05T21:13:04Z",
"updated_at": "2021-01-07T19:12:54Z",
"id": 1,
"name": "Pack",
"description": "Pack",
"platform": "",
"disabled": true
}
],
"stats": {
"system_time_p50": 1.32,
"system_time_p95": 4.02,
"user_time_p50": 3.55,
"user_time_p95": 3.00,
"total_executions": 3920
}
},
{
"created_at": "2021-01-19T17:08:24Z",
"updated_at": "2021-01-19T17:08:24Z",
"id": 3,
"name": "osquery_schedule",
"description": "Report performance stats for each file in the query schedule.",
"query": "select name, interval, executions, output_size, wall_time, (user_time/executions) as avg_user_time, (system_time/executions) as avg_system_time, average_memory, last_executed from osquery_schedule;",
"team_id": null,
"interval": 3600,
"platform": "",
"version": "",
"automations_enabled": true,
"logging": "differential",
"saved": true,
"observer_can_run": true,
"discard_data": true,
"author_id": 1,
"author_name": "noah",
"author_email": "noah@example.com",
"packs": [
{
"created_at": "2021-01-19T17:08:31Z",
"updated_at": "2021-01-19T17:08:31Z",
"id": 14,
"name": "test_pack",
"description": "",
"platform": "",
"disabled": false
}
],
"stats": {
"system_time_p50": null,
"system_time_p95": null,
"user_time_p50": null,
"user_time_p95": null,
"total_executions": null
}
}
]}
```
2022-05-02 13:55:27 +00:00
### Get query
Returns the query specified by ID.
2023-12-08 22:22:20 +00:00
`GET /api/v1/fleet/queries/:id`
2022-05-02 13:55:27 +00:00
#### Parameters
| Name | Type | In | Description |
| ---- | ------- | ---- | ------------------------------------------ |
| id | integer | path | **Required** . The id of the desired query. |
#### Example
`GET /api/v1/fleet/queries/31`
##### Default response
`Status: 200`
```json
{
"query": {
"created_at": "2021-01-19T17:08:24Z",
"updated_at": "2021-01-19T17:08:24Z",
"id": 31,
"name": "centos_hosts",
"description": "",
"query": "select 1 from os_version where platform = \"centos\";",
2023-07-31 23:05:16 +00:00
"team_id": null,
"interval": 3600,
"platform": "",
"min_osquery_version": "",
"automations_enabled": true,
"logging": "snapshot",
2022-05-02 13:55:27 +00:00
"saved": true,
"observer_can_run": true,
2023-10-17 04:34:32 +00:00
"discard_data": false,
2022-05-02 13:55:27 +00:00
"author_id": 1,
"author_name": "John",
"author_email": "john@example.com",
"packs": [
{
"created_at": "2021-01-19T17:08:31Z",
"updated_at": "2021-01-19T17:08:31Z",
"id": 14,
"name": "test_pack",
"description": "",
"platform": "",
"disabled": false
}
2023-07-31 23:05:16 +00:00
],
"stats": {
"system_time_p50": 1.32,
"system_time_p95": 4.02,
"user_time_p50": 3.55,
"user_time_p95": 3.00,
"total_executions": 3920
}
2022-05-02 13:55:27 +00:00
}
}
```
2023-10-12 20:17:41 +00:00
### Get query report
Returns the query report specified by ID.
2023-12-08 22:22:20 +00:00
`GET /api/v1/fleet/queries/:id/report`
2023-10-12 20:17:41 +00:00
#### Parameters
2023-12-15 18:27:20 +00:00
| Name | Type | In | Description |
| --------- | ------- | ----- | ------------------------------------------ |
| id | integer | path | **Required** . The ID of the desired query. |
2023-10-12 20:17:41 +00:00
#### Example
`GET /api/v1/fleet/queries/31/report`
##### Default response
`Status: 200`
```json
{
"query_id": 31,
"results": [
{
"host_id": 1,
"host_name": "foo",
"last_fetched": "2021-01-19T17:08:31Z",
"columns": {
"model": "USB 2.0 Hub",
"vendor": "VIA Labs, Inc."
}
},
{
"host_id": 1,
"host_name": "foo",
"last_fetched": "2021-01-19T17:08:31Z",
"columns": {
"model": "USB Keyboard",
"vendor": "VIA Labs, Inc."
}
},
{
"host_id": 2,
"host_name": "bar",
"last_fetched": "2021-01-19T17:20:00Z",
"columns": {
"model": "USB Reciever",
"vendor": "Logitech"
}
},
{
"host_id": 2,
"host_name": "bar",
"last_fetched": "2021-01-19T17:20:00Z",
"columns": {
"model": "USB Reciever",
"vendor": "Logitech"
}
},
{
"host_id": 2,
"host_name": "bar",
"last_fetched": "2021-01-19T17:20:00Z",
"columns": {
"model": "Display Audio",
"vendor": "Apple Inc."
}
}
]
}
```
If a query has no results stored, then `results` will be an empty array:
```json
{
"query_id": 32,
"results": []
}
```
2023-10-20 22:34:42 +00:00
> Note: osquery scheduled queries do not return errors, so only non-error results are included in the report. If you suspect a query may be running into errors, you can use the [live query](#run-live-query) endpoint to get diagnostics.
2023-10-12 20:17:41 +00:00
2023-12-15 18:27:20 +00:00
### Get query report for one host
Returns a query report for a single host.
`GET /api/v1/fleet/hosts/:id/queries/:query_id`
#### Parameters
| Name | Type | In | Description |
| --------- | ------- | ----- | ------------------------------------------ |
| id | integer | path | **Required** . The ID of the desired host. |
| query_id | integer | path | **Required** . The ID of the desired query. |
#### Example
`GET /api/v1/fleet/hosts/123/queries/31`
##### Default response
`Status: 200`
```json
{
"query_id": 31,
"host_id": 1,
"host_name": "foo",
"last_fetched": "2021-01-19T17:08:31Z",
"report_clipped": false,
"results": [
{
"columns": {
"model": "USB 2.0 Hub",
"vendor": "VIA Labs, Inc."
}
},
{
"columns": {
"model": "USB Keyboard",
"vendor": "VIA Labs, Inc."
}
},
{
"columns": {
"model": "USB Reciever",
"vendor": "Logitech"
}
}
]
}
```
If a query has no results stored for the specified host, then `results` will be an empty array:
```json
{
"query_id": 31,
"host_id": 1,
"host_name": "foo",
"last_fetched": "2021-01-19T17:08:31Z",
"report_clipped": false,
"results": []
}
```
> Note: osquery scheduled queries do not return errors, so only non-error results are included in the report. If you suspect a query may be running into errors, you can use the [live query](#run-live-query) endpoint to get diagnostics.
2022-05-02 13:55:27 +00:00
### Create query
2023-10-17 04:34:32 +00:00
2023-07-31 23:05:16 +00:00
Creates a global query or team query.
2022-05-02 13:55:27 +00:00
`POST /api/v1/fleet/queries`
#### Parameters
2023-07-31 23:05:16 +00:00
| Name | Type | In | Description |
| ------------------------------- | ------- | ---- | ------------------------------------------------------------------------------------------------------------------------------------------------------ |
| name | string | body | **Required** . The name of the query. |
| query | string | body | **Required** . The query in SQL syntax. |
| description | string | body | The query's description. |
| observer_can_run | bool | body | Whether or not users with the `observer` role can run the query. In Fleet 4.0.0, 3 user roles were introduced (`admin`, `maintainer` , and `observer` ). This field is only relevant for the `observer` role. The `observer_plus` role can run any query and is not limited by this flag (`observer_plus` role was added in Fleet 4.30.0). |
2024-02-28 21:15:10 +00:00
| team_id | integer | body | _Available in Fleet Premium_ . The parent team to which the new query should be added. If omitted, the query will be global. |
2023-07-31 23:05:16 +00:00
| interval | integer | body | The amount of time, in seconds, the query waits before running. Can be set to `0` to never run. Default: 0. |
| platform | string | body | The OS platforms where this query will run (other platforms ignored). Comma-separated string. If omitted, runs on all compatible platforms. |
| min_osquery_version | string | body | The minimum required osqueryd version installed on a host. If omitted, all osqueryd versions are acceptable. |
| automations_enabled | boolean | body | Whether to send data to the configured log destination according to the query's `interval` . |
2023-11-04 01:34:00 +00:00
| logging | string | body | The type of log output for this query. Valid values: `"snapshot"` (default), `"differential"` , or `"differential_ignore_removals"` . |
2023-10-17 04:34:32 +00:00
| discard_data | bool | body | Whether to skip saving the latest query results for each host. Default: `false` . |
2022-05-02 13:55:27 +00:00
#### Example
`POST /api/v1/fleet/queries`
##### Request body
```json
{
"name": "new_query",
2023-07-31 23:05:16 +00:00
"description": "This is a new query.",
"query": "SELECT * FROM osquery_info",
"interval": 3600, // Once per hour
"platform": "darwin,windows,linux",
"min_osquery_version": "",
"automations_enabled": true,
2023-10-17 04:34:32 +00:00
"logging": "snapshot",
"discard_data": false
2022-05-02 13:55:27 +00:00
}
```
##### Default response
`Status: 200`
```json
{
"query": {
"created_at": "0001-01-01T00:00:00Z",
"updated_at": "0001-01-01T00:00:00Z",
"id": 288,
"name": "new_query",
"query": "SELECT * FROM osquery_info",
2023-07-31 23:05:16 +00:00
"description": "This is a new query.",
"team_id": null,
"interval": 3600,
"platform": "darwin,windows,linux",
"min_osquery_version": "",
"automations_enabled": true,
"logging": "snapshot",
2022-05-02 13:55:27 +00:00
"saved": true,
"author_id": 1,
"author_name": "",
"author_email": "",
"observer_can_run": true,
2023-10-17 04:34:32 +00:00
"discard_data": false,
2022-05-02 13:55:27 +00:00
"packs": []
}
}
```
### Modify query
2023-07-31 23:05:16 +00:00
Modifies the query specified by ID.
2022-05-02 13:55:27 +00:00
2023-12-08 22:22:20 +00:00
`PATCH /api/v1/fleet/queries/:id`
2022-05-02 13:55:27 +00:00
#### Parameters
2023-07-31 23:05:16 +00:00
| Name | Type | In | Description |
| --------------------------- | ------- | ---- | ------------------------------------------------------------------------------------------------------------------------------------------------------ |
| id | integer | path | **Required.** The ID of the query. |
| name | string | body | The name of the query. |
| query | string | body | The query in SQL syntax. |
| description | string | body | The query's description. |
| observer_can_run | bool | body | Whether or not users with the `observer` role can run the query. In Fleet 4.0.0, 3 user roles were introduced (`admin`, `maintainer` , and `observer` ). This field is only relevant for the `observer` role. The `observer_plus` role can run any query and is not limited by this flag (`observer_plus` role was added in Fleet 4.30.0). |
| interval | integer | body | The amount of time, in seconds, the query waits before running. Can be set to `0` to never run. Default: 0. |
| platform | string | body | The OS platforms where this query will run (other platforms ignored). Comma-separated string. If set to "", runs on all compatible platforms. |
| min_osquery_version | string | body | The minimum required osqueryd version installed on a host. If omitted, all osqueryd versions are acceptable. |
| automations_enabled | boolean | body | Whether to send data to the configured log destination according to the query's `interval` . |
2023-10-17 04:34:32 +00:00
| logging | string | body | The type of log output for this query. Valid values: `"snapshot"` (default), `"differential"` , or `"differential_ignore_removals"` . |
| discard_data | bool | body | Whether to skip saving the latest query results for each host. |
> Note that any of the following conditions will cause the existing query report to be deleted:
> - Updating the `query` (SQL) field
> - Changing `discard_data` from `false` to `true`
> - Changing `logging` from `"snapshot"` to `"differential"` or `"differential_ignore_removals"`
2022-05-02 13:55:27 +00:00
#### Example
2021-11-24 17:16:42 +00:00
2022-05-02 13:55:27 +00:00
`PATCH /api/v1/fleet/queries/2`
2021-11-24 17:16:42 +00:00
##### Request body
```json
{
2023-07-31 23:05:16 +00:00
"name": "new_title_for_my_query",
"interval": 3600, // Once per hour,
"platform": "",
"min_osquery_version": "",
2023-10-17 04:34:32 +00:00
"automations_enabled": false,
"discard_data": true
2021-11-24 17:16:42 +00:00
}
```
##### Default response
`Status: 200`
```json
{
2022-05-02 13:55:27 +00:00
"query": {
"created_at": "2021-01-22T17:23:27Z",
"updated_at": "2021-01-22T17:23:27Z",
"id": 288,
"name": "new_title_for_my_query",
"description": "This is a new query.",
"query": "SELECT * FROM osquery_info",
2023-07-31 23:05:16 +00:00
"team_id": null,
"interval": 3600,
"platform": "",
"min_osquery_version": "",
"automations_enabled": false,
"logging": "snapshot",
2022-05-02 13:55:27 +00:00
"saved": true,
"author_id": 1,
"author_name": "noah",
"observer_can_run": true,
2023-10-17 04:34:32 +00:00
"discard_data": true,
2022-05-02 13:55:27 +00:00
"packs": []
2021-11-24 17:16:42 +00:00
}
}
```
2023-07-31 23:05:16 +00:00
### Delete query by name
2021-09-20 14:00:57 +00:00
2022-05-02 13:55:27 +00:00
Deletes the query specified by name.
2021-08-02 17:49:51 +00:00
2023-12-08 22:22:20 +00:00
`DELETE /api/v1/fleet/queries/:name`
2021-08-02 17:49:51 +00:00
2022-05-02 13:55:27 +00:00
#### Parameters
2021-08-19 23:22:17 +00:00
2023-07-31 23:05:16 +00:00
| Name | Type | In | Description |
| ---- | ---------- | ---- | ------------------------------------ |
| name | string | path | **Required.** The name of the query. |
2024-02-28 21:15:10 +00:00
| team_id | integer | body | _Available in Fleet Premium_ . The ID of the parent team of the query to be deleted. If omitted, Fleet will search among queries in the global context. |
2021-08-02 17:49:51 +00:00
2022-05-02 13:55:27 +00:00
#### Example
2023-12-08 22:22:20 +00:00
`DELETE /api/v1/fleet/queries/foo`
2022-05-02 13:55:27 +00:00
##### Default response
`Status: 200`
### Delete query by ID
Deletes the query specified by ID.
2023-12-08 22:22:20 +00:00
`DELETE /api/v1/fleet/queries/id/:id`
2021-08-02 17:49:51 +00:00
#### Parameters
2022-05-02 13:55:27 +00:00
| Name | Type | In | Description |
| ---- | ------- | ---- | ---------------------------------- |
| id | integer | path | **Required.** The ID of the query. |
2021-08-02 17:49:51 +00:00
#### Example
2022-05-02 13:55:27 +00:00
`DELETE /api/v1/fleet/queries/id/28`
2021-08-02 17:49:51 +00:00
##### Default response
2022-05-02 13:55:27 +00:00
`Status: 200`
### Delete queries
Deletes the queries specified by ID. Returns the count of queries successfully deleted.
`POST /api/v1/fleet/queries/delete`
#### Parameters
| Name | Type | In | Description |
| ---- | ---- | ---- | ------------------------------------- |
| ids | list | body | **Required.** The IDs of the queries. |
#### Example
`POST /api/v1/fleet/queries/delete`
##### Request body
2021-09-16 07:45:14 +00:00
```json
2021-08-02 17:49:51 +00:00
{
2022-05-02 13:55:27 +00:00
"ids": [
2, 24, 25
2021-08-02 17:49:51 +00:00
]
}
```
2022-05-02 13:55:27 +00:00
##### Default response
2021-08-02 17:49:51 +00:00
2022-05-02 13:55:27 +00:00
`Status: 200`
2021-02-18 20:54:06 +00:00
2022-05-02 13:55:27 +00:00
```json
{
"deleted": 3
}
```
### Run live query
2024-01-11 19:28:48 +00:00
> This updated API endpoint replaced `GET /api/v1/fleet/queries/run` in Fleet 4.43.0, for improved compatibility with many HTTP clients. The [deprecated endpoint](https://github.com/fleetdm/fleet/blob/fleet-v4.42.0/docs/REST%20API/rest-api.md#run-live-query) is maintained for backwards compatibility.
2021-02-18 20:54:06 +00:00
2024-01-11 19:28:48 +00:00
Runs a live query against the specified hosts and responds with the results.
2021-02-18 20:54:06 +00:00
2024-02-16 18:21:15 +00:00
The live query will stop if the request times out. Timeouts happen if targeted hosts haven't responded after the configured `FLEET_LIVE_QUERY_REST_PERIOD` (default 25 seconds) or if the `distributed_interval` agent option (default 10 seconds) is higher than the `FLEET_LIVE_QUERY_REST_PERIOD` .
2021-05-25 04:34:08 +00:00
2024-01-11 19:28:48 +00:00
`POST /api/v1/fleet/queries/:id/run`
2021-02-18 20:54:06 +00:00
#### Parameters
2023-11-07 23:22:55 +00:00
| Name | Type | In | Description |
|-----------|-------|------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------|
2024-01-11 19:28:48 +00:00
| query_id | integer | path | **Required** . The ID of the saved query to run. |
2023-11-07 23:22:55 +00:00
| host_ids | array | body | **Required** . The IDs of the hosts to target. User must be authorized to target all of these hosts. |
2021-02-18 20:54:06 +00:00
#### Example
2024-01-11 19:28:48 +00:00
`POST /api/v1/fleet/queries/123/run`
2021-02-18 20:54:06 +00:00
##### Request body
2021-09-16 07:45:14 +00:00
```json
2021-02-18 20:54:06 +00:00
{
2022-05-02 13:55:27 +00:00
"host_ids": [ 1, 4, 34, 27 ]
2021-02-18 20:54:06 +00:00
}
```
##### Default response
2021-09-16 07:45:14 +00:00
```json
2021-02-18 20:54:06 +00:00
{
2024-01-11 19:28:48 +00:00
"query_id": 123,
"targeted_host_count": 4,
"responded_host_count": 2,
"results": [
2022-05-02 13:55:27 +00:00
{
2024-01-11 19:28:48 +00:00
"host_id": 1,
"rows": [
2022-05-02 13:55:27 +00:00
{
2024-01-11 19:28:48 +00:00
"build_distro": "10.12",
"build_platform": "darwin",
"config_hash": "7bb99fa2c8a998c9459ec71da3a84d66c592d6d3",
"config_valid": "1",
"extensions": "active",
"instance_id": "9a2ec7bf-4946-46ea-93bf-455e0bcbd068",
"pid": "23413",
"platform_mask": "21",
"start_time": "1635194306",
"uuid": "4C182AC7-75F7-5AF4-A74B-1E165ED35742",
"version": "4.9.0",
"watcher": "23412"
2022-05-02 13:55:27 +00:00
}
2024-01-11 19:28:48 +00:00
],
"error": null
},
{
"host_id": 2,
"rows": [],
"error": "no such table: os_version"
2022-05-02 13:55:27 +00:00
}
]
2021-02-18 20:54:06 +00:00
}
```
2023-07-31 23:05:16 +00:00
2021-02-18 20:54:06 +00:00
---
2022-05-02 13:55:27 +00:00
## Schedule
2021-01-15 18:53:34 +00:00
2023-08-21 18:47:19 +00:00
> The schedule API endpoints are deprecated as of Fleet 4.35. They are maintained for backwards compatibility.
2023-07-31 23:05:16 +00:00
> Please use the [queries](#queries) endpoints, which as of 4.35 have attributes such as `interval` and `platform` that enable scheduling.
- [Get schedule (deprecated) ](#get-schedule )
- [Add query to schedule (deprecated) ](#add-query-to-schedule )
- [Edit query in schedule (deprecated) ](#edit-query-in-schedule )
- [Remove query from schedule (deprecated) ](#remove-query-from-schedule )
2023-05-19 18:44:27 +00:00
- [Team schedule ](#team-schedule )
2021-01-28 23:40:49 +00:00
2022-09-22 21:41:57 +00:00
Scheduling queries in Fleet is the best practice for collecting data from hosts.
2021-01-15 18:53:34 +00:00
2022-09-22 21:41:57 +00:00
These API routes let you control your scheduled queries.
2021-01-15 18:53:34 +00:00
2022-05-02 13:55:27 +00:00
### Get schedule
2023-08-21 18:47:19 +00:00
> The schedule API endpoints are deprecated as of Fleet 4.35. They are maintained for backwards compatibility.
2023-07-31 23:05:16 +00:00
> Please use the [queries](#queries) endpoints, which as of 4.35 have attributes such as `interval` and `platform` that enable scheduling.
2022-05-02 13:55:27 +00:00
`GET /api/v1/fleet/global/schedule`
2021-01-15 18:53:34 +00:00
#### Parameters
None.
#### Example
2022-05-02 13:55:27 +00:00
`GET /api/v1/fleet/global/schedule`
2021-01-15 18:53:34 +00:00
##### Default response
`Status: 200`
2021-09-16 07:45:14 +00:00
```json
2021-01-15 18:53:34 +00:00
{
2022-05-02 13:55:27 +00:00
"global_schedule": [
{
"created_at": "0001-01-01T00:00:00Z",
"updated_at": "0001-01-01T00:00:00Z",
"id": 4,
"pack_id": 1,
"name": "arp_cache",
"query_id": 2,
"query_name": "arp_cache",
"query": "select * from arp_cache;",
"interval": 120,
"snapshot": true,
"removed": null,
"platform": "",
"version": "",
"shard": null,
"denylist": null,
"stats": {
"system_time_p50": 1.32,
"system_time_p95": 4.02,
"user_time_p50": 3.55,
"user_time_p95": 3.00,
"total_executions": 3920
}
},
{
"created_at": "0001-01-01T00:00:00Z",
"updated_at": "0001-01-01T00:00:00Z",
"id": 5,
"pack_id": 1,
"name": "disk_encryption",
"query_id": 7,
"query_name": "disk_encryption",
"query": "select * from disk_encryption;",
"interval": 86400,
"snapshot": true,
"removed": null,
"platform": "",
"version": "",
"shard": null,
"denylist": null,
"stats": {
"system_time_p50": 1.32,
"system_time_p95": 4.02,
"user_time_p50": 3.55,
"user_time_p95": 3.00,
"total_executions": 3920
}
}
]
2021-01-15 18:53:34 +00:00
}
```
2022-05-02 13:55:27 +00:00
### Add query to schedule
2021-01-15 18:53:34 +00:00
2023-08-21 18:47:19 +00:00
> The schedule API endpoints are deprecated as of Fleet 4.35. They are maintained for backwards compatibility.
2023-07-31 23:05:16 +00:00
> Please use the [queries](#queries) endpoints, which as of 4.35 have attributes such as `interval` and `platform` that enable scheduling.
2022-05-02 13:55:27 +00:00
`POST /api/v1/fleet/global/schedule`
2021-01-15 18:53:34 +00:00
#### Parameters
2022-05-02 13:55:27 +00:00
| Name | Type | In | Description |
| -------- | ------- | ---- | -------------------------------------------------------------------------------------------------------------------------------- |
| query_id | integer | body | **Required.** The query's ID. |
| interval | integer | body | **Required.** The amount of time, in seconds, the query waits before running. |
| snapshot | boolean | body | **Required.** Whether the queries logs show everything in its current state. |
| removed | boolean | body | Whether "removed" actions should be logged. Default is `null` . |
| platform | string | body | The computer platform where this query will run (other platforms ignored). Empty value runs on all platforms. Default is `null` . |
| shard | integer | body | Restrict this query to a percentage (1-100) of target hosts. Default is `null` . |
| version | string | body | The minimum required osqueryd version installed on a host. Default is `null` . |
2021-01-15 18:53:34 +00:00
#### Example
2022-05-02 13:55:27 +00:00
`POST /api/v1/fleet/global/schedule`
##### Request body
```json
{
"interval": 86400,
"query_id": 2,
"snapshot": true
}
```
2021-01-15 18:53:34 +00:00
##### Default response
`Status: 200`
2021-09-16 07:45:14 +00:00
```json
2021-01-15 18:53:34 +00:00
{
2022-05-02 13:55:27 +00:00
"scheduled": {
"created_at": "0001-01-01T00:00:00Z",
"updated_at": "0001-01-01T00:00:00Z",
"id": 1,
"pack_id": 5,
"name": "arp_cache",
"query_id": 2,
"query_name": "arp_cache",
"query": "select * from arp_cache;",
"interval": 86400,
"snapshot": true,
"removed": null,
"platform": "",
"version": "",
"shard": null,
"denylist": null
2021-10-07 13:19:10 +00:00
}
2021-01-15 18:53:34 +00:00
}
```
2022-09-22 21:41:57 +00:00
> Note that the `pack_id` is included in the response object because Fleet's Schedule feature uses [osquery query packs](https://osquery.readthedocs.io/en/stable/deployment/configuration/#query-packs) under the hood.
2022-05-02 13:55:27 +00:00
### Edit query in schedule
2023-08-21 18:47:19 +00:00
> The schedule API endpoints are deprecated as of Fleet 4.35. They are maintained for backwards compatibility.
2023-07-31 23:05:16 +00:00
> Please use the [queries](#queries) endpoints, which as of 4.35 have attributes such as `interval` and `platform` that enable scheduling.
2023-12-08 22:22:20 +00:00
`PATCH /api/v1/fleet/global/schedule/:id`
2022-05-02 13:55:27 +00:00
#### Parameters
| Name | Type | In | Description |
| -------- | ------- | ---- | ------------------------------------------------------------------------------------------------------------- |
| id | integer | path | **Required.** The scheduled query's ID. |
| interval | integer | body | The amount of time, in seconds, the query waits before running. |
| snapshot | boolean | body | Whether the queries logs show everything in its current state. |
| removed | boolean | body | Whether "removed" actions should be logged. |
| platform | string | body | The computer platform where this query will run (other platforms ignored). Empty value runs on all platforms. |
| shard | integer | body | Restrict this query to a percentage (1-100) of target hosts. |
| version | string | body | The minimum required osqueryd version installed on a host. |
2021-01-15 18:53:34 +00:00
#### Example
2022-05-02 13:55:27 +00:00
`PATCH /api/v1/fleet/global/schedule/5`
2021-01-15 18:53:34 +00:00
##### Request body
2021-09-16 07:45:14 +00:00
```json
2021-01-15 18:53:34 +00:00
{
2022-05-09 17:08:37 +00:00
"interval": 604800
2022-05-02 13:55:27 +00:00
}
```
##### Default response
`Status: 200`
```json
{
"scheduled": {
"created_at": "2021-07-16T14:40:15Z",
"updated_at": "2021-07-16T14:40:15Z",
"id": 5,
"pack_id": 1,
"name": "arp_cache",
"query_id": 2,
"query_name": "arp_cache",
"query": "select * from arp_cache;",
"interval": 604800,
"snapshot": true,
"removed": null,
"platform": "",
"shard": null,
"denylist": null
2021-01-15 18:53:34 +00:00
}
}
```
2022-05-02 13:55:27 +00:00
### Remove query from schedule
2023-08-21 18:47:19 +00:00
> The schedule API endpoints are deprecated as of Fleet 4.35. They are maintained for backwards compatibility.
2023-07-31 23:05:16 +00:00
> Please use the [queries](#queries) endpoints, which as of 4.35 have attributes such as `interval` and `platform` that enable scheduling.
2023-12-08 22:22:20 +00:00
`DELETE /api/v1/fleet/global/schedule/:id`
2022-05-02 13:55:27 +00:00
#### Parameters
None.
#### Example
`DELETE /api/v1/fleet/global/schedule/5`
##### Default response
`Status: 200`
---
### Team schedule
2023-08-21 18:47:19 +00:00
> The schedule API endpoints are deprecated as of Fleet 4.35. They are maintained for backwards compatibility.
2023-07-31 23:05:16 +00:00
> Please use the [queries](#queries) endpoints, which as of 4.35 have attributes such as `interval` and `platform` that enable scheduling.
2022-05-02 13:55:27 +00:00
2023-07-31 23:05:16 +00:00
- [Get team schedule (deprecated) ](#get-team-schedule )
- [Add query to team schedule (deprecated) ](#add-query-to-team-schedule )
- [Edit query in team schedule (deprecated) ](#edit-query-in-team-schedule )
- [Remove query from team schedule (deprecated) ](#remove-query-from-team-schedule )
2022-05-02 13:55:27 +00:00
This allows you to easily configure scheduled queries that will impact a whole team of devices.
#### Get team schedule
2023-08-21 18:47:19 +00:00
> The schedule API endpoints are deprecated as of Fleet 4.35. They are maintained for backwards compatibility.
2023-07-31 23:05:16 +00:00
> Please use the [queries](#queries) endpoints, which as of 4.35 have attributes such as `interval` and `platform` that enable scheduling.
2023-12-08 22:22:20 +00:00
`GET /api/v1/fleet/teams/:id/schedule`
2022-05-02 13:55:27 +00:00
#### Parameters
| Name | Type | In | Description |
| --------------- | ------- | ----- | ----------------------------------------------------------------------------------------------------------------------------- |
| id | integer | path | **Required** . The team's ID. |
| page | integer | query | Page number of the results to fetch. |
| per_page | integer | query | Results per page. |
| order_key | string | query | What to order results by. Can be any column in the `activites` table. |
| order_direction | string | query | **Requires `order_key`** . The direction of the order given the order key. Options include `asc` and `desc` . Default is `asc` . |
#### Example
`GET /api/v1/fleet/teams/2/schedule`
2021-01-15 18:53:34 +00:00
##### Default response
`Status: 200`
2021-09-16 07:45:14 +00:00
```json
2021-01-15 18:53:34 +00:00
{
2022-05-02 13:55:27 +00:00
"scheduled": [
{
"created_at": "0001-01-01T00:00:00Z",
"updated_at": "0001-01-01T00:00:00Z",
"id": 4,
"pack_id": 2,
"name": "arp_cache",
"query_id": 2,
"query_name": "arp_cache",
"query": "select * from arp_cache;",
"interval": 120,
"snapshot": true,
"platform": "",
"version": "",
"removed": null,
"shard": null,
"denylist": null,
"stats": {
"system_time_p50": 1.32,
"system_time_p95": 4.02,
"user_time_p50": 3.55,
"user_time_p95": 3.00,
"total_executions": 3920
2022-03-30 13:10:02 +00:00
}
2022-05-02 13:55:27 +00:00
},
{
"created_at": "0001-01-01T00:00:00Z",
"updated_at": "0001-01-01T00:00:00Z",
"id": 5,
"pack_id": 3,
"name": "disk_encryption",
"query_id": 7,
"query_name": "disk_encryption",
"query": "select * from disk_encryption;",
"interval": 86400,
"snapshot": true,
"removed": null,
"platform": "",
"version": "",
"shard": null,
"denylist": null,
"stats": {
"system_time_p50": 1.32,
"system_time_p95": 4.02,
"user_time_p50": 3.55,
"user_time_p95": 3.00,
"total_executions": 3920
2021-08-13 19:01:53 +00:00
}
2022-05-02 13:55:27 +00:00
}
]
2021-01-15 18:53:34 +00:00
}
```
2022-05-02 13:55:27 +00:00
#### Add query to team schedule
2021-11-15 21:16:06 +00:00
2023-08-21 18:47:19 +00:00
> The schedule API endpoints are deprecated as of Fleet 4.35. They are maintained for backwards compatibility.
2023-07-31 23:05:16 +00:00
> Please use the [queries](#queries) endpoints, which as of 4.35 have attributes such as `interval` and `platform` that enable scheduling.
2023-12-08 22:22:20 +00:00
`POST /api/v1/fleet/teams/:id/schedule`
2021-11-15 21:16:06 +00:00
#### Parameters
2022-05-02 13:55:27 +00:00
| Name | Type | In | Description |
| -------- | ------- | ---- | -------------------------------------------------------------------------------------------------------------------------------- |
| id | integer | path | **Required.** The teams's ID. |
| query_id | integer | body | **Required.** The query's ID. |
| interval | integer | body | **Required.** The amount of time, in seconds, the query waits before running. |
| snapshot | boolean | body | **Required.** Whether the queries logs show everything in its current state. |
| removed | boolean | body | Whether "removed" actions should be logged. Default is `null` . |
| platform | string | body | The computer platform where this query will run (other platforms ignored). Empty value runs on all platforms. Default is `null` . |
| shard | integer | body | Restrict this query to a percentage (1-100) of target hosts. Default is `null` . |
| version | string | body | The minimum required osqueryd version installed on a host. Default is `null` . |
2021-11-15 21:16:06 +00:00
#### Example
2022-05-02 13:55:27 +00:00
`POST /api/v1/fleet/teams/2/schedule`
##### Request body
```json
{
"interval": 86400,
"query_id": 2,
2022-05-09 17:08:37 +00:00
"snapshot": true
2022-05-02 13:55:27 +00:00
}
```
2021-11-15 21:16:06 +00:00
##### Default response
`Status: 200`
```json
{
2022-05-02 13:55:27 +00:00
"scheduled": {
"created_at": "0001-01-01T00:00:00Z",
"updated_at": "0001-01-01T00:00:00Z",
"id": 1,
"pack_id": 5,
"name": "arp_cache",
"query_id": 2,
"query_name": "arp_cache",
"query": "select * from arp_cache;",
"interval": 86400,
"snapshot": true,
"removed": null,
"shard": null,
"denylist": null
}
2021-11-15 21:16:06 +00:00
}
```
2022-05-02 13:55:27 +00:00
#### Edit query in team schedule
2021-11-15 21:16:06 +00:00
2023-08-21 18:47:19 +00:00
> The schedule API endpoints are deprecated as of Fleet 4.35. They are maintained for backwards compatibility.
2023-07-31 23:05:16 +00:00
> Please use the [queries](#queries) endpoints, which as of 4.35 have attributes such as `interval` and `platform` that enable scheduling.
2023-12-08 22:22:20 +00:00
`PATCH /api/v1/fleet/teams/:team_id/schedule/:scheduled_query_id`
2021-11-15 21:16:06 +00:00
#### Parameters
2022-05-02 13:55:27 +00:00
| Name | Type | In | Description |
| ------------------ | ------- | ---- | ------------------------------------------------------------------------------------------------------------- |
| team_id | integer | path | **Required.** The team's ID. |
| scheduled_query_id | integer | path | **Required.** The scheduled query's ID. |
| interval | integer | body | The amount of time, in seconds, the query waits before running. |
| snapshot | boolean | body | Whether the queries logs show everything in its current state. |
| removed | boolean | body | Whether "removed" actions should be logged. |
| platform | string | body | The computer platform where this query will run (other platforms ignored). Empty value runs on all platforms. |
| shard | integer | body | Restrict this query to a percentage (1-100) of target hosts. |
| version | string | body | The minimum required osqueryd version installed on a host. |
2021-11-15 21:16:06 +00:00
2022-05-02 13:55:27 +00:00
#### Example
2021-11-15 21:16:06 +00:00
2022-05-02 13:55:27 +00:00
`PATCH /api/v1/fleet/teams/2/schedule/5`
2021-11-15 21:16:06 +00:00
##### Request body
```json
{
2022-05-09 17:08:37 +00:00
"interval": 604800
2021-11-15 21:16:06 +00:00
}
```
##### Default response
`Status: 200`
2021-11-17 16:26:24 +00:00
```json
2022-05-02 13:55:27 +00:00
{
"scheduled": {
"created_at": "2021-07-16T14:40:15Z",
"updated_at": "2021-07-16T14:40:15Z",
"id": 5,
"pack_id": 1,
"name": "arp_cache",
"query_id": 2,
"query_name": "arp_cache",
"query": "select * from arp_cache;",
"interval": 604800,
"snapshot": true,
"removed": null,
"platform": "",
"shard": null,
"denylist": null
}
}
2021-11-17 16:26:24 +00:00
```
2022-05-02 13:55:27 +00:00
#### Remove query from team schedule
2023-08-21 18:47:19 +00:00
> The schedule API endpoints are deprecated as of Fleet 4.35. They are maintained for backwards compatibility.
2023-07-31 23:05:16 +00:00
> Please use the [queries](#queries) endpoints, which as of 4.35 have attributes such as `interval` and `platform` that enable scheduling.
2023-12-08 22:22:20 +00:00
`DELETE /api/v1/fleet/teams/:team_id/schedule/:scheduled_query_id`
2022-05-02 13:55:27 +00:00
#### Parameters
| Name | Type | In | Description |
| ------------------ | ------- | ---- | --------------------------------------- |
| team_id | integer | path | **Required.** The team's ID. |
| scheduled_query_id | integer | path | **Required.** The scheduled query's ID. |
2021-11-17 16:26:24 +00:00
#### Example
2022-05-02 13:55:27 +00:00
`DELETE /api/v1/fleet/teams/2/schedule/5`
2021-11-17 16:26:24 +00:00
2022-05-02 13:55:27 +00:00
##### Default response
2021-11-17 16:26:24 +00:00
2022-05-02 13:55:27 +00:00
`Status: 200`
---
2023-08-21 18:47:19 +00:00
## Scripts
2023-12-06 17:40:42 +00:00
- [Run script ](#run-script )
2023-10-10 22:00:45 +00:00
- [Get script result ](#get-script-result )
2024-03-25 13:41:12 +00:00
- [Run live script ](#run-live-script )
2024-04-01 21:53:00 +00:00
- [Add script ](#add-script )
- [Delete script ](#delete-script )
2023-10-10 22:00:45 +00:00
- [List scripts ](#list-scripts )
2024-04-01 21:53:00 +00:00
- [Get or download script ](#get-or-download-script )
2023-10-10 22:00:45 +00:00
- [Get script details by host ](#get-script-details-by-host )
2023-08-21 18:47:19 +00:00
2023-12-06 17:40:42 +00:00
### Run script
2023-08-21 18:47:19 +00:00
2024-02-05 23:37:35 +00:00
Run a script on a host.
2023-08-21 18:47:19 +00:00
2024-02-05 23:37:35 +00:00
The script will be added to the host's list of upcoming activities.
2023-08-21 18:47:19 +00:00
2024-02-05 23:37:35 +00:00
The new script will run after other activities finish. Failure of one activity won't cancel other activities.
`POST /api/v1/fleet/scripts/run`
2023-08-21 18:47:19 +00:00
#### Parameters
2024-02-05 23:37:35 +00:00
| Name | Type | In | Description |
| ---- | ------- | ---- | -------------------------------------------- |
| host_id | integer | body | **Required** . The ID of the host to run the script on. |
2023-10-10 22:00:45 +00:00
| script_id | integer | body | The ID of the existing saved script to run. Only one of either `script_id` or `script_contents` can be included in the request; omit this parameter if using `script_contents` . |
| script_contents | string | body | The contents of the script to run. Only one of either `script_id` or `script_contents` can be included in the request; omit this parameter if using `script_id` . |
> Note that if both `script_id` and `script_contents` are included in the request, this endpoint will respond with an error.
2023-08-21 18:47:19 +00:00
#### Example
2024-02-05 23:37:35 +00:00
`POST /api/v1/fleet/scripts/run`
2023-08-21 18:47:19 +00:00
##### Default response
2024-02-05 23:37:35 +00:00
`Status: 202`
2023-08-21 18:47:19 +00:00
```json
{
"host_id": 1227,
2024-02-05 23:37:35 +00:00
"execution_id": "e797d6c6-3aae-11ee-be56-0242ac120002"
2023-08-21 18:47:19 +00:00
}
```
2023-09-06 14:47:25 +00:00
### Get script result
Gets the result of a script that was executed.
#### Parameters
| Name | Type | In | Description |
| ---- | ------ | ---- | -------------------------------------------- |
| execution_id | string | path | **Required** . The execution id of the script. |
#### Example
2023-12-08 22:22:20 +00:00
`GET /api/v1/fleet/scripts/results/:execution_id`
2023-09-06 14:47:25 +00:00
##### Default Response
2024-02-06 22:17:26 +00:00
`Status: 200`
2023-09-06 14:47:25 +00:00
```json
{
"script_contents": "echo 'hello'",
"exit_code": 0,
"output": "hello",
"message": "",
"hostname": "Test Host",
"host_timeout": false,
"host_id": 1,
"execution_id": "e797d6c6-3aae-11ee-be56-0242ac120002",
"runtime": 20
}
```
> Note: `exit_code` can be `null` if Fleet hasn't heard back from the host yet.
2024-02-05 23:37:35 +00:00
### Run live script
2023-10-10 22:00:45 +00:00
2024-02-05 23:37:35 +00:00
Run a live script and get results back (5 minute timeout). Live scripts only runs on the host if it has no other scripts running.
`POST /api/v1/fleet/scripts/run/sync`
#### Parameters
| Name | Type | In | Description |
| ---- | ------- | ---- | -------------------------------------------- |
| host_id | integer | body | **Required** . The host id to run the script on. |
2024-03-21 18:30:48 +00:00
| script_id | integer | body | The ID of the existing saved script to run. Only one of either `script_id` , `script_name` or `script_contents` can be included in the request; omit this parameter if using `script_contents` or `script_name` . |
| script_contents | string | body | The contents of the script to run. Only one of either `script_contents` , `script_id` or `script_name` can be included in the request; omit this parameter if using `script_id` or `script_name` . |
| script_name | string | body | The name of the existing saved script to run. Only one of either `script_name` , `script_id` or `script_contents` can be included in the request; omit this parameter if using `script_contents` or `script_id` . |
| team_id | integer | body | ID of the team the saved script referenced by `script_name` belongs to. Default: `0` (hosts assigned to "No team") |
2024-02-05 23:37:35 +00:00
> Note that if both `script_id` and `script_contents` are included in the request, this endpoint will respond with an error.
#### Example
`POST /api/v1/fleet/scripts/run/sync`
##### Default response
`Status: 200`
```json
{
"host_id": 1227,
"execution_id": "e797d6c6-3aae-11ee-be56-0242ac120002",
"script_contents": "echo 'hello'",
"output": "hello",
"message": "",
"runtime": 1,
"host_timeout": false,
"exit_code": 0
}
```
2024-04-01 21:53:00 +00:00
### Add script
2023-10-10 22:00:45 +00:00
Uploads a script, making it available to run on hosts assigned to the specified team (or no team).
`POST /api/v1/fleet/scripts`
#### Parameters
| Name | Type | In | Description |
| ---- | ------- | ---- | -------------------------------------------- |
| script | file | form | **Required** . The file containing the script. |
2024-02-28 21:15:10 +00:00
| team_id | integer | form | _Available in Fleet Premium_ . The team ID. If specified, the script will only be available to hosts assigned to this team. If not specified, the script will only be available to hosts on **no team** . |
2023-10-10 22:00:45 +00:00
#### Example
`POST /api/v1/fleet/scripts`
##### Request headers
```http
Content-Length: 306
Content-Type: multipart/form-data; boundary=------------------------f02md47480und42y
```
##### Request body
```http
--------------------------f02md47480und42y
Content-Disposition: form-data; name="team_id"
1
--------------------------f02md47480und42y
Content-Disposition: form-data; name="script"; filename="myscript.sh"
Content-Type: application/octet-stream
echo "hello"
--------------------------f02md47480und42y--
```
##### Default response
`Status: 200`
```json
{
"script_id": 1227
}
```
2024-04-01 21:53:00 +00:00
### Delete script
2023-10-10 22:00:45 +00:00
Deletes an existing script.
2023-12-08 22:22:20 +00:00
`DELETE /api/v1/fleet/scripts/:id`
2023-10-10 22:00:45 +00:00
#### Parameters
| Name | Type | In | Description |
| ---- | ------- | ---- | -------------------------------------------- |
| id | integer | path | **Required** . The ID of the script to delete. |
#### Example
`DELETE /api/v1/fleet/scripts/1`
##### Default response
`Status: 204`
### List scripts
`GET /api/v1/fleet/scripts`
#### Parameters
| Name | Type | In | Description |
| --------------- | ------- | ----- | ----------------------------------------------------------------------------------------------------------------------------- |
2024-04-01 21:53:00 +00:00
| team_id | integer | query | _Available in Fleet Premium_ . The ID of the team to filter scripts by. If not specified, it will filter only scripts that are available to hosts with no team. |
2023-10-10 22:00:45 +00:00
| page | integer | query | Page number of the results to fetch. |
| per_page | integer | query | Results per page. |
#### Example
`GET /api/v1/fleet/scripts`
##### Default response
`Status: 200`
```json
{
"scripts": [
{
"id": 1,
"team_id": null,
"name": "script_1.sh",
"created_at": "2023-07-30T13:41:07Z",
"updated_at": "2023-07-30T13:41:07Z"
},
{
"id": 2,
"team_id": null,
"name": "script_2.sh",
"created_at": "2023-08-30T13:41:07Z",
"updated_at": "2023-08-30T13:41:07Z"
}
],
"meta": {
"has_next_results": false,
"has_previous_results": false
}
}
```
2024-04-01 21:53:00 +00:00
### Get or download script
2023-10-10 22:00:45 +00:00
2023-12-08 22:22:20 +00:00
`GET /api/v1/fleet/scripts/:id`
2023-10-10 22:00:45 +00:00
#### Parameters
| Name | Type | In | Description |
| ---- | ------- | ---- | ------------------------------------- |
| id | integer | path | **Required.** The desired script's ID. |
| alt | string | query | If specified and set to "media", downloads the script's contents. |
2024-04-01 21:53:00 +00:00
#### Example (get script)
2023-10-10 22:00:45 +00:00
`GET /api/v1/fleet/scripts/123`
##### Default response
`Status: 200`
```json
{
"id": 123,
"team_id": null,
"name": "script_1.sh",
"created_at": "2023-07-30T13:41:07Z",
"updated_at": "2023-07-30T13:41:07Z"
}
```
2024-04-01 21:53:00 +00:00
#### Example (download script)
2023-10-10 22:00:45 +00:00
`GET /api/v1/fleet/scripts/123?alt=media`
##### Example response headers
```http
Content-Length: 13
Content-Type: application/octet-stream
Content-Disposition: attachment;filename="2023-09-27 script_1.sh"
```
###### Example response body
`Status: 200`
```
echo "hello"
```
2022-05-02 13:55:27 +00:00
## Sessions
- [Get session info ](#get-session-info )
- [Delete session ](#delete-session )
### Get session info
Returns the session information for the session specified by ID.
2023-12-08 22:22:20 +00:00
`GET /api/v1/fleet/sessions/:id`
2022-05-02 13:55:27 +00:00
#### Parameters
| Name | Type | In | Description |
| ---- | ------- | ---- | -------------------------------------------- |
| id | integer | path | **Required** . The ID of the desired session. |
#### Example
`GET /api/v1/fleet/sessions/1`
##### Default response
`Status: 200`
2021-11-17 16:26:24 +00:00
2021-11-15 21:16:06 +00:00
```json
{
2022-05-02 13:55:27 +00:00
"session_id": 1,
"user_id": 1,
"created_at": "2021-03-02T18:41:34Z"
2021-11-15 21:16:06 +00:00
}
```
2022-05-02 13:55:27 +00:00
### Delete session
Deletes the session specified by ID. When the user associated with the session next attempts to access Fleet, they will be asked to log in.
2023-12-08 22:22:20 +00:00
`DELETE /api/v1/fleet/sessions/:id`
2022-05-02 13:55:27 +00:00
#### Parameters
| Name | Type | In | Description |
| ---- | ------- | ---- | -------------------------------------------- |
| id | integer | path | **Required** . The id of the desired session. |
#### Example
`DELETE /api/v1/fleet/sessions/1`
2021-11-17 16:26:24 +00:00
##### Default response
2021-06-16 22:09:49 +00:00
2021-11-17 16:26:24 +00:00
`Status: 200`
2022-05-02 13:55:27 +00:00
---
2021-11-17 16:26:24 +00:00
2022-05-02 13:55:27 +00:00
## Software
2021-06-16 22:09:49 +00:00
2024-05-23 21:07:07 +00:00
- [Add software ](#add-software )
- [Download software ](#download-software )
- [Delete software ](#delete-software )
- [Get installation result ](#get-installation-result )
2024-01-29 23:19:26 +00:00
- [List software ](#list-software )
- [List software versions ](#list-software-versions )
- [Get software ](#get-software )
- [Get software version ](#get-software-version )
2023-06-16 00:03:30 +00:00
2024-05-23 21:07:07 +00:00
### Add software
_Available in Fleet Premium._
Add a software package to install on macOS, Windows, and Linux (Ubuntu) hosts.
`POST /api/v1/fleet/software/package`
#### Parameters
| Name | Type | In | Description |
| ---- | ------- | ---- | -------------------------------------------- |
| software | file | form | **Required** . Installer package file. Supported packages are PKG, MSI, EXE, and DEB. |
| team_id | integer | form | **Required** . The team ID. Adds a software package to the specified team. |
| install_script | string | form | Command that Fleet runs to install software. If not specified Fleet runs [default install command ](#TODO-link-to-docs ) for each package type. |
| pre_install_query | string | form | Query that is pre-install condition. If the query doesn't return any result, Fleet won't proceed to install. |
| post_install_script | string | form | The contents of the script to run after install. If the specified script fails (exit code non-zero) software install will be marked as failed and rolled back. |
#### Example
`POST /api/v1/fleet/software/package`
##### Request header
```http
Content-Length: 8500
Content-Type: multipart/form-data; boundary=------------------------d8c247122f594ba0
```
##### Request body
```http
--------------------------d8c247122f594ba0
Content-Disposition: form-data; name="team_id"
1
--------------------------d8c247122f594ba0
Content-Disposition: form-data; name="install_script"
sudo installer -pkg /temp/FalconSensor-6.44.pkg -target /
--------------------------d8c247122f594ba0
Content-Disposition: form-data; name="pre_install_query"
SELECT 1 FROM macos_profiles WHERE uuid='c9f4f0d5-8426-4eb8-b61b-27c543c9d3db';
--------------------------d8c247122f594ba0
Content-Disposition: form-data; name="post_install_script"
sudo /Applications/Falcon.app/Contents/Resources/falconctl license 0123456789ABCDEFGHIJKLMNOPQRSTUV-WX
--------------------------d8c247122f594ba0
Content-Disposition: form-data; name="software"; filename="FalconSensor-6.44.pkg"
Content-Type: application/octet-stream
< BINARY_DATA >
--------------------------d8c247122f594ba0
```
##### Default response
`Status: 200`
### Download software
_Available in Fleet Premium._
Download a software package.
`GET /api/v1/fleet/software/titles/:software_title_id/package/?alt=media`
#### Parameters
| Name | Type | In | Description |
| ---- | ------- | ---- | -------------------------------------------- |
| software_title_id | integer | path | **Required** . The ID of the software title to download software package.|
| team_id | integer | form | **Required** . The team ID. Downloads a software package added to the specified team. |
| alt | integer | path | **Required** . If specified and set to "media", downloads the specified software package. |
#### Example
`GET /api/v1/fleet/software/titles/123/package?alt=media?team_id=2`
##### Default response
`Status: 200`
```http
Status: 200
Content-Type: application/octet-stream
Content-Disposition: attachment
Content-Length: < length >
Body: < blob >
```
### Delete software
_Available in Fleet Premium._
Delete a software package.
`DELETE /api/v1/fleet/software/titles/:software_title_id/package`
#### Parameters
| Name | Type | In | Description |
| ---- | ------- | ---- | -------------------------------------------- |
| software_title_id | integer | path | **Required** . The ID of the software title for the software package to delete. |
| team_id | integer | query | **Required** . The team ID. Deletes a software package added to the specified team. |
#### Example
`DELETE /api/v1/fleet/software/titles/24/package?team_id=2`
##### Default response
`Status: 204`
### Get installation results
_Available in Fleet Premium._
`GET /api/v1/fleet/software/install/results/:install_uuid`
Get the results of a software installation.
| Name | Type | In | Description |
| ---- | ------- | ---- | -------------------------------------------- |
| install_uuid | string | path | **Required** . The installation UUID of the software.|
#### Example
`GET /api/v1/fleet/software/install/results/b15ce221-e22e-4c6a-afe7-5b3400a017da`
##### Default response
`Status: 200`
```json
{
"install_uuid": "b15ce221-e22e-4c6a-afe7-5b3400a017da",
"software_title": "Falcon.app",
"software_title_id": 8353,
"software_package": "FalconSensor-6.44.pkg",
"host_id": 123,
"host_display_name": "Marko's MacBook Pro",
"status": "failed",
"output": "Installing software...\nError: The operation can’
"pre_install_query_output": "Query returned result\nSuccess",
"post_install_script_output": "Running script...\nExit code: 1 (Failed)\nRolling back software install...\nSuccess"
}
```
2024-01-29 23:19:26 +00:00
### List software
2022-05-02 13:55:27 +00:00
2024-01-29 23:19:26 +00:00
Get a list of all software.
`GET /api/v1/fleet/software/titles`
#### Parameters
| Name | Type | In | Description |
| ----------------------- | ------- | ----- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| page | integer | query | Page number of the results to fetch. |
| per_page | integer | query | Results per page. |
| order_key | string | query | What to order results by. Allowed fields are `name` and `hosts_count` . Default is `hosts_count` (descending). |
| order_direction | string | query | **Requires `order_key`** . The direction of the order given the order key. Options include `asc` and `desc` . Default is `asc` . |
| query | string | query | Search query keywords. Searchable fields include `title` and `cve` . |
2024-04-03 16:48:22 +00:00
| team_id | integer | query | _Available in Fleet Premium_ . Filters the software to only include the software installed on the hosts that are assigned to the specified team. |
2024-01-29 23:19:26 +00:00
| vulnerable | bool | query | If true or 1, only list software that has detected vulnerabilities. Default is `false` . |
2024-05-23 21:07:07 +00:00
| available_for_insall | bool | query | If `true` or `1` , only list software that is available for install (added by the user). Default is `false` . |
2024-01-29 23:19:26 +00:00
#### Example
`GET /api/v1/fleet/software/titles`
##### Default response
`Status: 200`
```json
{
"counts_updated_at": "2022-01-01 12:32:00",
"count": 2,
"software_titles": [
{
"id": 12,
"name": "Firefox.app",
2024-05-23 21:07:07 +00:00
"software_package": "FirefoxInstall.pkg",
2024-01-29 23:19:26 +00:00
"versions_count": 3,
"source": "apps",
"browser": "",
"hosts_count": 48,
"versions": [
{
"id": 123,
"version": "1.12",
"vulnerabilities": ["CVE-2023-1234","CVE-2023-4321","CVE-2023-7654"]
},
{
"id": 124,
"version": "3.4",
"vulnerabilities": ["CVE-2023-1234","CVE-2023-4321","CVE-2023-7654"]
},
{
"id": 12
"version": "1.13",
"vulnerabilities": ["CVE-2023-1234","CVE-2023-4321","CVE-2023-7654"]
}
]
},
{
"id": 22,
"name": "Google Chrome.app",
2024-05-23 21:07:07 +00:00
"software_package": null,
2024-01-29 23:19:26 +00:00
"versions_count": 5,
"source": "apps",
"browser": "",
"hosts_count": 345,
"versions": [
{
"id": 331,
"version": "118.1",
"vulnerabilities": ["CVE-2023-1234"]
},
{
"id": 332,
"version": "119.0",
"vulnerabilities": ["CVE-2023-9876", "CVE-2023-2367"]
},
{
"id": 334,
"version": "119.4",
"vulnerabilities": ["CVE-2023-1133", "CVE-2023-2224"]
},
{
"id": 348,
"version": "121.5",
"vulnerabilities": ["CVE-2023-0987", "CVE-2023-5673", "CVE-2023-1334"]
},
]
},
{
"id": 32,
"name": "1Password –
2024-05-23 21:07:07 +00:00
"software_package": null,
2024-01-29 23:19:26 +00:00
"versions_count": 1,
"source": "chrome_extensions",
"browser": "chrome",
"hosts_count": 345,
"versions": [
{
"id": 4242,
"version": "2.3.7",
"vulnerabilities": []
}
]
}
],
"meta": {
"has_next_results": false,
"has_previous_results": false
}
}
```
### List software versions
Get a list of all software versions.
`GET /api/v1/fleet/software/versions`
2021-06-16 22:09:49 +00:00
#### Parameters
2022-05-20 16:58:40 +00:00
| Name | Type | In | Description |
| ----------------------- | ------- | ----- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| page | integer | query | Page number of the results to fetch. |
| per_page | integer | query | Results per page. |
2023-03-28 20:11:31 +00:00
| order_key | string | query | What to order results by. Allowed fields are `name` , `hosts_count` , `cve_published` , `cvss_score` , `epss_probability` and `cisa_known_exploit` . Default is `hosts_count` (descending). |
2022-05-20 16:58:40 +00:00
| order_direction | string | query | **Requires `order_key`** . The direction of the order given the order key. Options include `asc` and `desc` . Default is `asc` . |
| query | string | query | Search query keywords. Searchable fields include `name` , `version` , and `cve` . |
2024-04-03 16:48:22 +00:00
| team_id | integer | query | _Available in Fleet Premium_ . Filters the software to only include the software installed on the hosts that are assigned to the specified team. |
2022-05-20 16:58:40 +00:00
| vulnerable | bool | query | If true or 1, only list software that has detected vulnerabilities. Default is `false` . |
2021-06-16 22:09:49 +00:00
#### Example
2024-01-29 23:19:26 +00:00
`GET /api/v1/fleet/software/versions`
2021-06-16 22:09:49 +00:00
##### Default response
`Status: 200`
2021-09-16 07:45:14 +00:00
```json
2021-06-16 22:09:49 +00:00
{
2022-05-02 13:55:27 +00:00
"counts_updated_at": "2022-01-01 12:32:00",
2024-01-29 23:19:26 +00:00
"count": 1,
2022-05-02 13:55:27 +00:00
"software": [
{
"id": 1,
2022-05-20 16:58:40 +00:00
"name": "glibc",
"version": "2.12",
"source": "rpm_packages",
2024-01-29 23:19:26 +00:00
"browser": "",
2022-05-20 16:58:40 +00:00
"release": "1.212.el6",
"vendor": "CentOS",
"arch": "x86_64",
"generated_cpe": "cpe:2.3:a:gnu:glibc:2.12:*:*:*:*:*:*:*",
"vulnerabilities": [
{
"cve": "CVE-2009-5155",
"details_link": "https://nvd.nist.gov/vuln/detail/CVE-2009-5155",
"cvss_score": 7.5,
"epss_probability": 0.01537,
2023-03-28 20:11:31 +00:00
"cisa_known_exploit": false,
2023-09-22 20:07:31 +00:00
"cve_published": "2022-01-01 12:32:00",
2023-10-05 18:51:16 +00:00
"cve_description": "In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service (assertion failure and application exit) or trigger an incorrect result by attempting a regular-expression match.",
"resolved_in_version": "2.28"
2022-05-20 16:58:40 +00:00
}
],
"hosts_count": 1
2023-12-08 23:12:24 +00:00
},
{
"id": 2,
"name": "1Password –
2024-01-29 23:19:26 +00:00
"version": "2.10.0",
2023-12-08 23:12:24 +00:00
"source": "chrome_extensions",
"browser": "chrome",
2024-01-29 23:19:26 +00:00
"extension_id": "aeblfdkhhhdcdjpifhhbdiojplfjncoa",
"generated_cpe": "cpe:2.3:a:1password:1password:2.19.0:*:*:*:*:chrome:*:*",
"hosts_count": 345,
"vulnerabilities": null
2022-05-02 13:55:27 +00:00
}
2024-01-29 23:19:26 +00:00
],
"meta": {
"has_next_results": false,
"has_previous_results": false
}
2021-06-16 22:09:49 +00:00
}
```
2024-01-29 23:19:26 +00:00
### Get software
Returns information about the specified software. By default, `versions` are sorted in descending order by the `hosts_count` field.
2021-11-11 16:45:39 +00:00
2024-01-29 23:19:26 +00:00
`GET /api/v1/fleet/software/titles/:id`
2021-11-11 16:45:39 +00:00
#### Parameters
2024-01-29 23:19:26 +00:00
| Name | Type | In | Description |
| ---- | ---- | -- | ----------- |
| id | integer | path | **Required.** The software title's ID. |
2024-03-14 18:27:07 +00:00
| team_id | integer | query | _Available in Fleet Premium_ . Filters response data to the specified team. |
2021-11-11 16:45:39 +00:00
#### Example
2024-01-29 23:19:26 +00:00
`GET /api/v1/fleet/software/titles/12`
2021-11-11 16:45:39 +00:00
##### Default response
`Status: 200`
```json
{
2024-01-29 23:19:26 +00:00
"software_title": {
"id": 12,
"name": "Firefox.app",
2024-05-23 21:07:07 +00:00
"software_package": {
"name": "FalconSensor-6.44.pkg",
"version": "6.44",
"uploaded_at": "2024-04-01T14:22:58Z",
"install_script": "sudo installer -pkg /temp/FalconSensor-6.44.pkg -target /",
"pre_install_query": "SELECT 1 FROM macos_profiles WHERE uuid='c9f4f0d5-8426-4eb8-b61b-27c543c9d3db';",
"post_install_script": "sudo /Applications/Falcon.app/Contents/Resources/falconctl license 0123456789ABCDEFGHIJKLMNOPQRSTUV-WX",
"status": {
"installed": 3,
"pending": 1,
"failed": 2,
}
},
2024-01-29 23:19:26 +00:00
"source": "apps",
"browser": "",
"hosts_count": 48,
"versions": [
{
"id": 123,
"version": "117.0",
"vulnerabilities": ["CVE-2023-1234"],
"hosts_count": 37
},
{
"id": 124,
"version": "116.0",
"vulnerabilities": ["CVE-2023-4321"],
"hosts_count": 7
},
{
"id": 127,
"version": "115.5",
"vulnerabilities": ["CVE-2023-7654"],
"hosts_count": 4
}
]
}
}
```
### Get software version
Returns information about the specified software version.
`GET /api/v1/fleet/software/versions/:id`
#### Parameters
| Name | Type | In | Description |
| ---- | ---- | -- | ----------- |
| id | integer | path | **Required.** The software version's ID. |
2024-03-14 18:27:07 +00:00
| team_id | integer | query | _Available in Fleet Premium_ . Filters response data to the specified team. |
2024-01-29 23:19:26 +00:00
#### Example
`GET /api/v1/fleet/software/versions/12`
##### Default response
`Status: 200`
```json
{
"software": {
"id": 425224,
"name": "Firefox.app",
"version": "117.0",
"bundle_identifier": "org.mozilla.firefox",
"source": "apps",
"browser": "",
"generated_cpe": "cpe:2.3:a:mozilla:firefox:117.0:*:*:*:*:macos:*:*",
"vulnerabilities": [
{
"cve": "CVE-2023-4863",
"details_link": "https://nvd.nist.gov/vuln/detail/CVE-2023-4863",
"cvss_score": 8.8,
"epss_probability": 0.4101,
"cisa_known_exploit": true,
"cve_published": "2023-09-12T15:15:00Z",
"resolved_in_version": ""
},
{
"cve": "CVE-2023-5169",
"details_link": "https://nvd.nist.gov/vuln/detail/CVE-2023-5169",
"cvss_score": 6.5,
"epss_probability": 0.00073,
"cisa_known_exploit": false,
"cve_published": "2023-09-27T15:19:00Z",
"resolved_in_version": "118"
}
]
}
2021-11-11 16:45:39 +00:00
}
```
2024-01-29 23:19:26 +00:00
2024-03-14 18:27:07 +00:00
## Vulnerabilities
- [List vulnerabilities ](#list-vulnerabilities )
- [Get vulnerability ](#get-vulnerability )
### List vulnerabilities
Retrieves a list of all CVEs affecting software and/or OS versions.
`GET /api/v1/fleet/vulnerabilities`
#### Parameters
| Name | Type | In | Description |
| --- | --- | --- | --- |
2024-04-03 16:48:22 +00:00
| team_id | integer | query | _Available in Fleet Premium_ . Filters only include vulnerabilities affecting the specified team. |
2024-03-14 18:27:07 +00:00
| page | integer | query | Page number of the results to fetch. |
| per_page | integer | query | Results per page. |
| order_key | string | query | What to order results by. Allowed fields are: `cve` , `cvss_score` , `epss_probability` , `cve_published` , `created_at` , and `host_count` . Default is `created_at` (descending). |
| order_direction | string | query | **Requires `order_key`** . The direction of the order given the order key. Options include `asc` and `desc` . Default is `asc` . |
| query | string | query | Search query keywords. Searchable fields include `cve` . |
| exploit | boolean | query | _Available in Fleet Premium_ . If `true` , filters to only include vulnerabilities that have been actively exploited in the wild (`cisa_known_exploit: true`). Otherwise, includes vulnerabilities with any `cisa_known_exploit` value. |
##### Default response
`Status: 200`
```json
{
"vulnerabilities": [
{
"cve": "CVE-2022-30190",
"created_at": "2022-06-01T00:15:00Z",
"hosts_count": 1234,
"hosts_count_updated_at": "2023-12-20T15:23:57Z",
"details_link": "https://nvd.nist.gov/vuln/detail/CVE-2022-30190",
"cvss_score": 7.8,// Available in Fleet Premium
"epss_probability": 0.9729,// Available in Fleet Premium
"cisa_known_exploit": false,// Available in Fleet Premium
"cve_published": "2022-06-01T00:15:00Z",// Available in Fleet Premium
"cve_description": "Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability.",// Available in Fleet Premium
}
],
"count": 123,
"counts_updated_at": "2024-02-02T16:40:37Z",
"meta": {
"has_next_results": false,
"has_previous_results": false
}
}
```
### Get vulnerability
Retrieve details about a vulnerability and its affected software and OS versions.
#### Parameters
| Name | Type | In | Description |
| --- | --- | --- | --- |
| cve | string | path | The cve to get information about (including "cve-" prefix, case-insensitive). |
| team_id | integer | query | _Available in Fleet Premium_ . Filters response data to the specified team. |
`GET /api/v1/fleet/vulnerabilities/:cve`
#### Example
`GET /api/v1/fleet/vulnerabilities/cve-2022-30190`
##### Default response
`Status: 200`
```json
"vulnerability": {
"cve": "CVE-2022-30190",
"created_at": "2022-06-01T00:15:00Z",
"hosts_count": 1234,
"hosts_count_updated_at": "2023-12-20T15:23:57Z",
"details_link": "https://nvd.nist.gov/vuln/detail/CVE-2022-30190",
"cvss_score": 7.8,// Available in Fleet Premium
"epss_probability": 0.9729,// Available in Fleet Premium
"cisa_known_exploit": false,// Available in Fleet Premium
"cve_published": "2022-06-01T00:15:00Z",// Available in Fleet Premium
"cve_description": "Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability.",// Available in Fleet Premium
"os_versions" : [
{
"os_version_id": 6,
"hosts_count": 200,
"name": "macOS 14.1.2",
"name_only": "macOS",
"version": "14.1.2",
"platform": "darwin",
"resolved_in_version": "14.2",
"generated_cpes": [
"cpe:2.3:o:apple:macos:*:*:*:*:*:14.2:*:*",
"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:14.2:*:*"
]
}
],
"software": [
{
"id": 2363,
"name": "Docker Desktop",
"version": "4.9.1",
"source": "programs",
"browser": "",
"generated_cpe": "cpe:2.3:a:docker:docker_desktop:4.9.1:*:*:*:*:windows:*:*",
"hosts_count": 50,
"resolved_in_version": "5.0.0"
}
]
}
```
2022-05-02 13:55:27 +00:00
---
2021-11-11 16:45:39 +00:00
2022-05-02 13:55:27 +00:00
## Targets
2021-11-17 16:26:24 +00:00
2022-05-02 13:55:27 +00:00
In Fleet, targets are used to run queries against specific hosts or groups of hosts. Labels are used to create groups in Fleet.
2021-11-17 16:26:24 +00:00
2022-05-02 13:55:27 +00:00
### Search targets
2021-11-17 16:26:24 +00:00
2022-05-02 13:55:27 +00:00
The search targets endpoint returns two lists. The first list includes the possible target hosts in Fleet given the search query provided and the hosts already selected as targets. The second list includes the possible target labels in Fleet given the search query provided and the labels already selected as targets.
2021-11-17 16:26:24 +00:00
2022-05-02 13:55:27 +00:00
The returned lists are filtered based on the hosts the requesting user has access to.
2021-01-15 18:53:34 +00:00
2022-05-02 13:55:27 +00:00
`POST /api/v1/fleet/targets`
2021-01-15 18:53:34 +00:00
#### Parameters
2022-05-02 13:55:27 +00:00
| Name | Type | In | Description |
| -------- | ------- | ---- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| query | string | body | The search query. Searchable items include a host's hostname or IPv4 address and labels. |
| query_id | integer | body | The saved query (if any) that will be run. The `observer_can_run` property on the query and the user's roles effect which targets are included. |
| selected | object | body | The targets already selected. The object includes a `hosts` property which contains a list of host IDs, a `labels` with label IDs and/or a `teams` property with team IDs. |
2021-01-15 18:53:34 +00:00
#### Example
2022-05-02 13:55:27 +00:00
`POST /api/v1/fleet/targets`
2021-01-15 18:53:34 +00:00
##### Request body
2021-09-16 07:45:14 +00:00
```json
2021-01-15 18:53:34 +00:00
{
2022-05-02 13:55:27 +00:00
"query": "172",
"selected": {
"hosts": [],
"labels": [7]
},
"include_observer": true
2021-01-15 18:53:34 +00:00
}
```
##### Default response
2021-09-16 07:45:14 +00:00
```json
2021-01-15 18:53:34 +00:00
{
2022-05-02 13:55:27 +00:00
"targets": {
"hosts": [
2021-06-09 23:11:48 +00:00
{
2022-05-02 13:55:27 +00:00
"created_at": "2021-02-03T16:11:43Z",
"updated_at": "2021-02-03T21:58:19Z",
"id": 3,
"detail_updated_at": "2021-02-03T21:58:10Z",
"label_updated_at": "2021-02-03T21:58:10Z",
2023-07-27 22:40:01 +00:00
"policy_updated_at": "2023-06-26T18:33:15Z",
2022-05-02 13:55:27 +00:00
"last_enrolled_at": "2021-02-03T16:11:43Z",
2023-01-09 11:55:43 +00:00
"software_updated_at": "2020-11-05T05:09:44Z",
2022-05-02 13:55:27 +00:00
"seen_time": "2021-02-03T21:58:20Z",
"hostname": "7a2f41482833",
"uuid": "a2064cef-0000-0000-afb9-283e3c1d487e",
"platform": "rhel",
"osquery_version": "4.5.1",
"os_version": "CentOS 6.10.0",
"build": "",
"platform_like": "rhel",
"code_name": "",
"uptime": 32688000000000,
"memory": 2086899712,
"cpu_type": "x86_64",
"cpu_subtype": "142",
"cpu_brand": "Intel(R) Core(TM) i5-8279U CPU @ 2.40GHz",
"cpu_physical_cores": 4,
"cpu_logical_cores": 4,
"hardware_vendor": "",
"hardware_model": "",
"hardware_version": "",
"hardware_serial": "",
"computer_name": "7a2f41482833",
2022-10-08 12:57:46 +00:00
"display_name": "7a2f41482833",
2022-05-02 13:55:27 +00:00
"primary_ip": "172.20.0.3",
"primary_mac": "02:42:ac:14:00:03",
"distributed_interval": 10,
"config_tls_refresh": 10,
"logger_tls_period": 10,
"additional": {},
"status": "offline",
"display_text": "7a2f41482833"
2021-06-09 23:11:48 +00:00
},
{
2022-05-02 13:55:27 +00:00
"created_at": "2021-02-03T16:11:43Z",
"updated_at": "2021-02-03T21:58:19Z",
"id": 4,
"detail_updated_at": "2021-02-03T21:58:10Z",
"label_updated_at": "2021-02-03T21:58:10Z",
2023-06-28 17:02:02 +00:00
"policy_updated_at": "2023-06-26T18:33:15Z",
2022-05-02 13:55:27 +00:00
"last_enrolled_at": "2021-02-03T16:11:43Z",
2023-01-09 11:55:43 +00:00
"software_updated_at": "2020-11-05T05:09:44Z",
2022-05-02 13:55:27 +00:00
"seen_time": "2021-02-03T21:58:20Z",
"hostname": "78c96e72746c",
"uuid": "a2064cef-0000-0000-afb9-283e3c1d487e",
"platform": "ubuntu",
"osquery_version": "4.5.1",
"os_version": "Ubuntu 16.4.0",
"build": "",
"platform_like": "debian",
"code_name": "",
"uptime": 32688000000000,
"memory": 2086899712,
"cpu_type": "x86_64",
"cpu_subtype": "142",
"cpu_brand": "Intel(R) Core(TM) i5-8279U CPU @ 2.40GHz",
"cpu_physical_cores": 4,
"cpu_logical_cores": 4,
"hardware_vendor": "",
"hardware_model": "",
"hardware_version": "",
"hardware_serial": "",
"computer_name": "78c96e72746c",
2022-10-08 12:57:46 +00:00
"display_name": "78c96e72746c",
2022-05-02 13:55:27 +00:00
"primary_ip": "172.20.0.7",
"primary_mac": "02:42:ac:14:00:07",
"distributed_interval": 10,
"config_tls_refresh": 10,
"logger_tls_period": 10,
"additional": {},
"status": "offline",
"display_text": "78c96e72746c"
}
],
"labels": [
{
"created_at": "2021-02-02T23:55:25Z",
"updated_at": "2021-02-02T23:55:25Z",
"id": 6,
"name": "All Hosts",
"description": "All hosts which have enrolled in Fleet",
2022-05-03 14:47:31 +00:00
"query": "SELECT 1;",
2022-05-02 13:55:27 +00:00
"label_type": "builtin",
"label_membership_type": "dynamic",
"host_count": 5,
"display_text": "All Hosts",
"count": 5
}
],
"teams": [
{
"id": 1,
"created_at": "2021-05-27T20:02:20Z",
"name": "Client Platform Engineering",
2021-08-16 14:30:19 +00:00
"description": "",
"agent_options": null,
2022-05-02 13:55:27 +00:00
"user_count": 4,
"host_count": 2,
"display_text": "Client Platform Engineering",
"count": 2
2021-08-16 14:30:19 +00:00
}
2021-06-09 23:11:48 +00:00
]
2022-05-02 13:55:27 +00:00
},
"targets_count": 1,
"targets_online": 1,
"targets_offline": 0,
"targets_missing_in_action": 0
2021-01-15 18:53:34 +00:00
}
```
2022-05-02 13:55:27 +00:00
---
2021-01-15 18:53:34 +00:00
2022-05-02 13:55:27 +00:00
## Teams
2021-01-15 18:53:34 +00:00
2022-05-02 13:55:27 +00:00
- [List teams ](#list-teams )
- [Get team ](#get-team )
- [Create team ](#create-team )
- [Modify team ](#modify-team )
2022-09-19 17:53:44 +00:00
- [Modify team's agent options ](#modify-teams-agent-options )
2022-05-02 13:55:27 +00:00
- [Delete team ](#delete-team )
2021-01-15 18:53:34 +00:00
2022-05-02 13:55:27 +00:00
### List teams
2021-01-15 18:53:34 +00:00
2022-05-02 13:55:27 +00:00
_Available in Fleet Premium_
`GET /api/v1/fleet/teams`
#### Parameters
| Name | Type | In | Description |
| --------------- | ------- | ----- | ----------------------------------------------------------------------------------------------------------------------------- |
| page | integer | query | Page number of the results to fetch. |
| per_page | integer | query | Results per page. |
| order_key | string | query | What to order results by. Can be any column in the `teams` table. |
| order_direction | string | query | **Requires `order_key`** . The direction of the order given the order key. Options include `asc` and `desc` . Default is `asc` . |
| query | string | query | Search query keywords. Searchable fields include `name` . |
2021-01-15 18:53:34 +00:00
#### Example
2022-05-02 13:55:27 +00:00
`GET /api/v1/fleet/teams`
2021-01-15 18:53:34 +00:00
##### Default response
`Status: 200`
2021-09-16 07:45:14 +00:00
```json
2021-01-15 18:53:34 +00:00
{
2022-05-02 13:55:27 +00:00
"teams": [
2021-01-15 18:53:34 +00:00
{
2022-05-02 13:55:27 +00:00
"id": 1,
"created_at": "2021-07-28T15:58:21Z",
"name": "workstations",
"description": "",
"agent_options": {
"config": {
"options": {
2022-12-09 18:23:08 +00:00
"pack_delimiter": "/",
2022-05-02 13:55:27 +00:00
"logger_tls_period": 10,
"distributed_plugin": "tls",
"disable_distributed": false,
"logger_tls_endpoint": "/api/v1/osquery/log",
"distributed_interval": 10,
"distributed_tls_max_attempts": 3
},
"decorators": {
"load": [
"SELECT uuid AS host_uuid FROM system_info;",
"SELECT hostname AS hostname FROM system_info;"
]
}
},
2022-10-03 12:29:41 +00:00
"overrides": {},
"command_line_flags": {}
2022-05-02 13:55:27 +00:00
},
"user_count": 0,
"host_count": 0,
"secrets": [
{
"secret": "",
"created_at": "2021-07-28T15:58:21Z",
"team_id": 10
}
]
2021-01-15 18:53:34 +00:00
},
{
2022-05-02 13:55:27 +00:00
"id": 2,
"created_at": "2021-08-05T21:41:42Z",
"name": "servers",
"description": "",
"agent_options": {
"spec": {
"config": {
"options": {
2022-12-09 18:23:08 +00:00
"pack_delimiter": "/",
2022-05-02 13:55:27 +00:00
"logger_tls_period": 10,
"distributed_plugin": "tls",
"disable_distributed": false,
"logger_tls_endpoint": "/api/v1/osquery/log",
"distributed_interval": 10,
"distributed_tls_max_attempts": 3
},
"decorators": {
"load": [
"SELECT uuid AS host_uuid FROM system_info;",
"SELECT hostname AS hostname FROM system_info;"
]
}
},
2022-10-03 12:29:41 +00:00
"overrides": {},
"command_line_flags": {}
2022-05-02 13:55:27 +00:00
},
"user_count": 0,
"host_count": 0,
"secrets": [
{
"secret": "+ncixtnZB+IE0OrbrkCLeul3U8LMVITd",
"created_at": "2021-08-05T21:41:42Z",
"team_id": 15
}
]
}
}
2021-01-15 18:53:34 +00:00
]
}
```
2022-05-02 13:55:27 +00:00
### Get team
2021-01-15 18:53:34 +00:00
2022-05-02 13:55:27 +00:00
_Available in Fleet Premium_
2021-01-15 18:53:34 +00:00
2023-12-08 22:22:20 +00:00
`GET /api/v1/fleet/teams/:id`
2021-01-15 18:53:34 +00:00
#### Parameters
2022-09-19 17:53:44 +00:00
| Name | Type | In | Description |
| ---- | ------ | ---- | ------------------------------------ |
| id | integer | path | **Required.** The desired team's ID. |
2021-01-15 18:53:34 +00:00
#### Example
2022-05-02 13:55:27 +00:00
`GET /api/v1/fleet/teams/1`
2021-01-15 18:53:34 +00:00
##### Default response
`Status: 200`
2022-05-02 13:55:27 +00:00
```json
{
"team": {
"name": "Workstations",
"id": 1,
"user_count": 4,
"host_count": 0,
"agent_options": {
2022-10-03 12:29:41 +00:00
"config": {
"options": {
2022-12-09 18:23:08 +00:00
"pack_delimiter": "/",
2022-10-03 12:29:41 +00:00
"logger_tls_period": 10,
"distributed_plugin": "tls",
"disable_distributed": false,
"logger_tls_endpoint": "/api/v1/osquery/log",
"distributed_interval": 10,
"distributed_tls_max_attempts": 3
2022-05-02 13:55:27 +00:00
},
2022-10-03 12:29:41 +00:00
"decorators": {
"load": [
"SELECT uuid AS host_uuid FROM system_info;",
"SELECT hostname AS hostname FROM system_info;"
]
}
},
"overrides": {},
"command_line_flags": {}
2022-05-02 13:55:27 +00:00
},
"webhook_settings": {
"failing_policies_webhook": {
"enable_failing_policies_webhook": false,
"destination_url": "",
"policy_ids": null,
"host_batch_size": 0
}
2023-03-06 14:54:51 +00:00
},
2024-04-12 23:01:52 +00:00
"integrations": {
"google_calendar": {
"enable_calendar_events": true,
"webhook_url": "https://server.com/example"
}
},
2023-03-06 14:54:51 +00:00
"mdm": {
2024-06-12 20:45:26 +00:00
"enable_disk_encryption": true,
2023-04-25 13:36:01 +00:00
"macos_updates": {
"minimum_version": "12.3.1",
"deadline": "2022-01-01"
},
2023-12-04 14:50:06 +00:00
"windows_updates": {
"deadline_days": 5,
"grace_period_days": 1
},
2023-03-06 14:54:51 +00:00
"macos_settings": {
2024-06-12 20:45:26 +00:00
"custom_settings": [
{
"path": "path/to/profile1.mobileconfig",
"labels": ["Label 1", "Label 2"]
}
]
2023-04-25 13:36:01 +00:00
},
2023-12-04 13:41:37 +00:00
"windows_settings": {
2024-06-12 20:45:26 +00:00
"custom_settings": [
{
"path": "path/to/profile2.xml",
"labels": ["Label 3", "Label 4"]
}
],
2023-12-04 13:41:37 +00:00
},
2023-04-25 13:36:01 +00:00
"macos_setup": {
"bootstrap_package": "",
2023-05-10 20:22:08 +00:00
"enable_end_user_authentication": false,
2023-04-25 13:36:01 +00:00
"macos_setup_assistant": "path/to/config.json"
2023-03-06 14:54:51 +00:00
}
2022-05-02 13:55:27 +00:00
}
}
}
```
2021-01-15 18:53:34 +00:00
2022-05-02 13:55:27 +00:00
### Create team
2021-01-15 18:53:34 +00:00
2022-05-02 13:55:27 +00:00
_Available in Fleet Premium_
2021-01-15 18:53:34 +00:00
2022-05-02 13:55:27 +00:00
`POST /api/v1/fleet/teams`
2021-01-15 18:53:34 +00:00
#### Parameters
2022-05-02 13:55:27 +00:00
| Name | Type | In | Description |
| ---- | ------ | ---- | ------------------------------ |
| name | string | body | **Required.** The team's name. |
2021-01-15 18:53:34 +00:00
#### Example
2022-05-02 13:55:27 +00:00
`POST /api/v1/fleet/teams`
2021-01-15 18:53:34 +00:00
2022-05-02 13:55:27 +00:00
##### Request body
2021-01-15 18:53:34 +00:00
2021-09-16 07:45:14 +00:00
```json
2021-01-15 18:53:34 +00:00
{
2022-05-02 13:55:27 +00:00
"name": "workstations"
2021-01-15 18:53:34 +00:00
}
```
2022-05-02 13:55:27 +00:00
##### Default response
2021-01-15 18:53:34 +00:00
2022-05-02 13:55:27 +00:00
`Status: 200`
2021-01-15 18:53:34 +00:00
2021-09-16 07:45:14 +00:00
```json
2021-01-15 18:53:34 +00:00
{
2022-05-02 13:55:27 +00:00
"teams": [
{
"name": "workstations",
"id": 1,
"user_count": 0,
"host_count": 0,
"agent_options": {
2022-10-03 12:29:41 +00:00
"config": {
"options": {
"pack_delimiter": "/",
"logger_tls_period": 10,
"distributed_plugin": "tls",
"disable_distributed": false,
"logger_tls_endpoint": "/api/v1/osquery/log",
"distributed_interval": 10,
"distributed_tls_max_attempts": 3
2022-05-02 13:55:27 +00:00
},
2022-10-03 12:29:41 +00:00
"decorators": {
"load": [
"SELECT uuid AS host_uuid FROM system_info;",
"SELECT hostname AS hostname FROM system_info;"
]
}
},
"overrides": {},
"command_line_flags": {}
2022-05-02 13:55:27 +00:00
},
"webhook_settings": {
"failing_policies_webhook": {
"enable_failing_policies_webhook": false,
"destination_url": "",
"policy_ids": null,
"host_batch_size": 0
}
}
}
]
2021-01-15 18:53:34 +00:00
}
```
2021-03-09 15:50:48 +00:00
2022-05-02 13:55:27 +00:00
### Modify team
2021-11-11 20:33:06 +00:00
2022-05-02 13:55:27 +00:00
_Available in Fleet Premium_
2023-12-08 22:22:20 +00:00
`PATCH /api/v1/fleet/teams/:id`
2021-11-11 20:33:06 +00:00
#### Parameters
2023-01-24 16:20:02 +00:00
| Name | Type | In | Description |
| ------------------------------------------------------- | ------- | ---- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| id | integer | path | **Required.** The desired team's ID. |
| name | string | body | The team's name. |
| host_ids | list | body | A list of hosts that belong to the team. |
2024-02-29 21:07:59 +00:00
| user_ids | list | body | A list of users on the team. |
2023-01-24 16:20:02 +00:00
| webhook_settings | object | body | Webhook settings contains for the team. |
| failing_policies_webhook | object | body | Failing policies webhook settings. |
| enable_failing_policies_webhook | boolean | body | Whether or not the failing policies webhook is enabled. |
| destination_url | string | body | The URL to deliver the webhook requests to. |
| policy_ids | array | body | List of policy IDs to enable failing policies webhook. |
2024-04-10 20:28:17 +00:00
| host_status_webhook | object | body | Host status webhook settings. |
| enable_host_status_webhook | boolean | body | Whether or not the host status webhook is enabled. |
| destination_url | string | body | The URL to deliver the webhook request to. |
| host_percentage | integer | body | The minimum percentage of hosts that must fail to check in to Fleet in order to trigger the webhook request. |
| days_count | integer | body | The minimum number of days that the configured `host_percentage` must fail to check in to Fleet in order to trigger the webhook request. |
2023-01-24 16:20:02 +00:00
| host_batch_size | integer | body | Maximum number of hosts to batch on failing policy webhook requests. The default, 0, means no batching (all hosts failing a policy are sent on one request). |
| integrations | object | body | Integrations settings for the team. Note that integrations referenced here must already exist globally, created by a call to [Modify configuration ](#modify-configuration ). |
| jira | array | body | Jira integrations configuration. |
| url | string | body | The URL of the Jira server to use. |
| project_key | string | body | The project key of the Jira integration to use. Jira tickets will be created in this project. |
| enable_failing_policies | boolean | body | Whether or not that Jira integration is enabled for failing policies. Only one failing policy automation can be enabled at a given time (enable_failing_policies_webhook and enable_failing_policies). |
| zendesk | array | body | Zendesk integrations configuration. |
| url | string | body | The URL of the Zendesk server to use. |
| group_id | integer | body | The Zendesk group id to use. Zendesk tickets will be created in this group. |
2022-06-06 14:41:51 +00:00
| enable_failing_policies | boolean | body | Whether or not that Zendesk integration is enabled for failing policies. Only one failing policy automation can be enabled at a given time (enable_failing_policies_webhook and enable_failing_policies). |
2023-01-24 16:20:02 +00:00
| mdm | object | body | MDM settings for the team. |
2023-11-15 16:58:46 +00:00
| macos_updates | object | body | macOS updates settings. |
2023-01-24 16:20:02 +00:00
| minimum_version | string | body | Hosts that belong to this team and are enrolled into Fleet's MDM will be nudged until their macOS is at or above this version. |
| deadline | string | body | Hosts that belong to this team and are enrolled into Fleet's MDM won't be able to dismiss the Nudge window once this deadline is past. |
2023-12-04 14:50:06 +00:00
| windows_updates | object | body | Windows updates settings. |
| deadline_days | integer | body | Hosts that belong to this team and are enrolled into Fleet's MDM will have this number of days before updates are installed on Windows. |
| grace_period_days | integer | body | Hosts that belong to this team and are enrolled into Fleet's MDM will have this number of days before Windows restarts to install updates. |
2023-11-15 16:58:46 +00:00
| macos_settings | object | body | macOS-specific settings. |
2024-05-02 22:33:06 +00:00
| custom_settings | list | body | The list of objects where each object includes .mobileconfig or JSON file (configuration profile) and label name to apply to macOS hosts that belong to this team and are members of the specified label. |
2023-03-06 14:54:51 +00:00
| enable_disk_encryption | boolean | body | Hosts that belong to this team and are enrolled into Fleet's MDM will have disk encryption enabled if set to true. |
2023-12-04 13:41:37 +00:00
| windows_settings | object | body | Windows-specific settings. |
2024-02-23 18:54:18 +00:00
| custom_settings | list | body | The list of objects where each object includes XML file (configuration profile) and label name to apply to Windows hosts that belong to this team and are members of the specified label. |
2023-11-15 16:58:46 +00:00
| macos_setup | object | body | Setup for automatic MDM enrollment of macOS hosts. |
| enable_end_user_authentication | boolean | body | If set to true, end user authentication will be required during automatic MDM enrollment of new macOS hosts. Settings for your IdP provider must also be [configured ](https://fleetdm.com/docs/using-fleet/mdm-macos-setup-experience#end-user-authentication-and-eula ). |
2024-04-12 23:01:52 +00:00
| integrations | object | body | Integration settings for this team. |
| google_calendar | object | body | Google Calendar integration settings. |
| enable_calendar_events | boolean | body | Whether or not calendar events are enabled for this team. |
| webhook_url | string | body | The URL to send a request to during calendar events, to trigger auto-remediation. |
2024-01-24 19:06:15 +00:00
| host_expiry_settings | object | body | Host expiry settings for the team. |
| host_expiry_enabled | boolean | body | When enabled, allows automatic cleanup of hosts that have not communicated with Fleet in some number of days. When disabled, defaults to the global setting. |
| host_expiry_window | integer | body | If a host has not communicated with Fleet in the specified number of days, it will be removed. |
2023-01-24 16:20:02 +00:00
2024-02-04 20:52:45 +00:00
#### Example (transfer hosts to a team)
2021-11-11 20:33:06 +00:00
2024-02-04 20:52:45 +00:00
`PATCH /api/v1/fleet/teams/1`
2021-11-11 20:33:06 +00:00
##### Request body
```json
{
2024-02-04 20:52:45 +00:00
"host_ids": [3, 6, 7, 8, 9, 20, 32, 44]
2021-11-11 20:33:06 +00:00
}
```
##### Default response
`Status: 200`
```json
{
2022-05-02 13:55:27 +00:00
"team": {
"name": "Workstations",
"id": 1,
"user_count": 4,
2024-02-04 20:52:45 +00:00
"host_count": 8,
2022-05-02 13:55:27 +00:00
"agent_options": {
2022-10-03 12:29:41 +00:00
"config": {
"options": {
2022-12-09 18:23:08 +00:00
"pack_delimiter": "/",
2022-10-03 12:29:41 +00:00
"logger_tls_period": 10,
"distributed_plugin": "tls",
"disable_distributed": false,
"logger_tls_endpoint": "/api/v1/osquery/log",
"distributed_interval": 10,
"distributed_tls_max_attempts": 3
2022-05-02 13:55:27 +00:00
},
2022-10-03 12:29:41 +00:00
"decorators": {
"load": [
"SELECT uuid AS host_uuid FROM system_info;",
"SELECT hostname AS hostname FROM system_info;"
]
}
},
"overrides": {},
"command_line_flags": {}
2022-05-02 13:55:27 +00:00
},
"webhook_settings": {
"failing_policies_webhook": {
"enable_failing_policies_webhook": false,
"destination_url": "",
"policy_ids": null,
"host_batch_size": 0
}
2023-03-06 14:54:51 +00:00
}
2021-11-11 20:33:06 +00:00
}
}
```
2024-02-04 20:52:45 +00:00
### Add users to a team
2021-03-27 01:03:31 +00:00
2024-02-04 20:52:45 +00:00
_Available in Fleet Premium_
`PATCH /api/v1/fleet/teams/:id/users`
#### Parameters
| Name | Type | In | Description |
|------------------|---------|------|----------------------------------------------|
| id | integer | path | **Required.** The desired team's ID. |
| users | string | body | Array of users to add. |
| id | integer | body | The id of the user. |
| role | string | body | The team role that the user will be granted. Options are: "admin", "maintainer", "observer", "observer_plus", and "gitops". |
#### Example
`PATCH /api/v1/fleet/teams/1/users`
2021-03-27 01:03:31 +00:00
2022-05-02 13:55:27 +00:00
##### Request body
2021-03-27 01:03:31 +00:00
2022-05-02 13:55:27 +00:00
```json
{
2024-02-04 20:52:45 +00:00
"users": [
{
"id": 1,
"role": "admin"
},
{
"id": 17,
"role": "observer"
}
]
2022-05-02 13:55:27 +00:00
}
```
2021-03-27 01:03:31 +00:00
##### Default response
`Status: 200`
2021-09-16 07:45:14 +00:00
```json
2021-03-27 01:03:31 +00:00
{
2022-05-02 13:55:27 +00:00
"team": {
"name": "Workstations",
"id": 1,
2024-02-04 20:52:45 +00:00
"user_count": 2,
"host_count": 0,
2022-05-02 13:55:27 +00:00
"agent_options": {
2022-10-03 12:29:41 +00:00
"config": {
"options": {
"pack_delimiter": "/",
"logger_tls_period": 10,
"distributed_plugin": "tls",
"disable_distributed": false,
"logger_tls_endpoint": "/api/v1/osquery/log",
"distributed_interval": 10,
"distributed_tls_max_attempts": 3
2022-05-02 13:55:27 +00:00
},
2022-10-03 12:29:41 +00:00
"decorators": {
"load": [
"SELECT uuid AS host_uuid FROM system_info;",
"SELECT hostname AS hostname FROM system_info;"
]
}
},
"overrides": {},
"command_line_flags": {}
2022-05-02 13:55:27 +00:00
},
"webhook_settings": {
"failing_policies_webhook": {
"enable_failing_policies_webhook": false,
"destination_url": "",
"policy_ids": null,
"host_batch_size": 0
}
2024-02-04 20:52:45 +00:00
},
"mdm": {
2024-06-12 20:45:26 +00:00
"enable_disk_encryption": true,
2024-02-04 20:52:45 +00:00
"macos_updates": {
"minimum_version": "12.3.1",
"deadline": "2022-01-01"
},
"windows_updates": {
"deadline_days": 5,
"grace_period_days": 1
},
"macos_settings": {
2024-06-12 20:45:26 +00:00
"custom_settings": [
{
"path": "path/to/profile1.mobileconfig",
"labels": ["Label 1", "Label 2"]
}
]
2024-02-04 20:52:45 +00:00
},
"windows_settings": {
2024-06-12 20:45:26 +00:00
"custom_settings": [
{
"path": "path/to/profile2.xml",
"labels": ["Label 3", "Label 4"]
}
],
2024-02-04 20:52:45 +00:00
},
"macos_setup": {
"bootstrap_package": "",
"enable_end_user_authentication": false,
"macos_setup_assistant": "path/to/config.json"
}
},
"users": [
{
"created_at": "0001-01-01T00:00:00Z",
"updated_at": "0001-01-01T00:00:00Z",
"id": 1,
"name": "Example User1",
"email": "user1@example.com",
"force_password_reset": false,
"gravatar_url": "",
"sso_enabled": false,
"global_role": null,
"api_only": false,
"teams": null,
"role": "admin"
},
{
"created_at": "0001-01-01T00:00:00Z",
"updated_at": "0001-01-01T00:00:00Z",
"id": 17,
"name": "Example User2",
"email": "user2@example.com",
"force_password_reset": false,
"gravatar_url": "",
"sso_enabled": false,
"global_role": null,
"api_only": false,
"teams": null,
"role": "observer"
}
]
2022-05-02 13:55:27 +00:00
}
2021-03-27 01:03:31 +00:00
}
```
2021-05-13 20:09:22 +00:00
2022-09-19 17:53:44 +00:00
### Modify team's agent options
2021-02-25 19:43:15 +00:00
2022-09-19 17:53:44 +00:00
_Available in Fleet Premium_
2023-12-08 22:22:20 +00:00
`POST /api/v1/fleet/teams/:id/agent_options`
2022-09-19 17:53:44 +00:00
#### Parameters
| Name | Type | In | Description |
| --- | --- | --- | --- |
| id | integer | path | **Required.** The desired team's ID. |
| force | bool | query | Force apply the options even if there are validation errors. |
| dry_run | bool | query | Validate the options and return any validation errors, but do not apply the changes. |
2022-10-26 23:26:49 +00:00
| _JSON data_ | object | body | The JSON to use as agent options for this team. See [Agent options ](https://fleetdm.com/docs/using-fleet/configuration-files#agent-options ) for details. |
2022-09-19 17:53:44 +00:00
#### Example
`POST /api/v1/fleet/teams/1/agent_options`
2021-02-25 19:43:15 +00:00
2022-05-02 13:55:27 +00:00
##### Request body
2021-02-25 19:43:15 +00:00
2022-05-02 13:55:27 +00:00
```json
{
2022-10-03 12:29:41 +00:00
"config": {
"options": {
"pack_delimiter": "/",
"logger_tls_period": 20,
"distributed_plugin": "tls",
"disable_distributed": false,
"logger_tls_endpoint": "/api/v1/osquery/log",
"distributed_interval": 60,
"distributed_tls_max_attempts": 3
},
"decorators": {
"load": [
"SELECT uuid AS host_uuid FROM system_info;",
"SELECT hostname AS hostname FROM system_info;"
]
}
},
"overrides": {},
"command_line_flags": {}
2022-05-02 13:55:27 +00:00
}
```
2021-02-25 19:43:15 +00:00
##### Default response
`Status: 200`
2021-09-16 07:45:14 +00:00
```json
2021-02-25 19:43:15 +00:00
{
2022-05-02 13:55:27 +00:00
"team": {
"name": "Workstations",
"id": 1,
"user_count": 4,
"host_count": 8,
"agent_options": {
2022-10-03 12:29:41 +00:00
"config": {
"options": {
"pack_delimiter": "/",
"logger_tls_period": 20,
"distributed_plugin": "tls",
"disable_distributed": false,
"logger_tls_endpoint": "/api/v1/osquery/log",
"distributed_interval": 60,
"distributed_tls_max_attempts": 3
2022-05-02 13:55:27 +00:00
},
2022-10-03 12:29:41 +00:00
"decorators": {
"load": [
"SELECT uuid AS host_uuid FROM system_info;",
"SELECT hostname AS hostname FROM system_info;"
]
}
},
"overrides": {},
"command_line_flags": {}
2022-05-02 13:55:27 +00:00
},
"webhook_settings": {
"failing_policies_webhook": {
"enable_failing_policies_webhook": false,
"destination_url": "",
"policy_ids": null,
"host_batch_size": 0
}
2021-02-25 19:43:15 +00:00
}
2022-05-02 13:55:27 +00:00
}
2021-02-25 19:43:15 +00:00
}
```
2022-05-02 13:55:27 +00:00
### Delete team
2021-02-25 19:43:15 +00:00
2022-05-02 13:55:27 +00:00
_Available in Fleet Premium_
2021-02-25 19:43:15 +00:00
2023-12-08 22:22:20 +00:00
`DELETE /api/v1/fleet/teams/:id`
2021-02-25 19:43:15 +00:00
#### Parameters
2022-09-19 17:53:44 +00:00
| Name | Type | In | Description |
| ---- | ------ | ---- | ------------------------------------ |
| id | integer | path | **Required.** The desired team's ID. |
2021-02-25 19:43:15 +00:00
#### Example
2022-05-02 13:55:27 +00:00
`DELETE /api/v1/fleet/teams/1`
2021-02-25 19:43:15 +00:00
2022-05-02 13:55:27 +00:00
#### Default response
2021-02-25 19:43:15 +00:00
`Status: 200`
2022-05-02 13:55:27 +00:00
---
2021-02-25 19:43:15 +00:00
2022-05-02 13:55:27 +00:00
## Translator
2021-02-25 19:43:15 +00:00
2022-11-08 09:29:40 +00:00
- [Translate IDs ](#translate-ids )
2022-07-21 21:36:48 +00:00
2022-05-02 13:55:27 +00:00
### Translate IDs
2021-02-25 19:43:15 +00:00
2022-05-02 13:55:27 +00:00
Transforms a host name into a host id. For example, the Fleet UI use this endpoint when sending live queries to a set of hosts.
`POST /api/v1/fleet/translate`
2021-02-25 19:43:15 +00:00
#### Parameters
2022-05-02 13:55:27 +00:00
| Name | Type | In | Description |
| ---- | ----- | ---- | ---------------------------------------- |
| list | array | body | **Required** list of items to translate. |
2021-02-25 19:43:15 +00:00
#### Example
2022-05-02 13:55:27 +00:00
`POST /api/v1/fleet/translate`
##### Request body
```json
{
"list": [
{
"type": "user",
"payload": {
"identifier": "some@email.com"
}
},
{
"type": "label",
"payload": {
"identifier": "labelA"
}
},
{
"type": "team",
"payload": {
"identifier": "team1"
}
},
{
"type": "host",
"payload": {
"identifier": "host-ABC"
}
2022-10-08 12:57:46 +00:00
}
2022-05-02 13:55:27 +00:00
]
}
```
2021-02-25 19:43:15 +00:00
##### Default response
`Status: 200`
2021-09-16 07:45:14 +00:00
```json
2021-02-25 19:43:15 +00:00
{
2022-05-02 13:55:27 +00:00
"list": [
{
"type": "user",
"payload": {
"identifier": "some@email.com",
"id": 32
}
},
{
"type": "label",
"payload": {
"identifier": "labelA",
"id": 1
}
},
{
"type": "team",
"payload": {
"identifier": "team1",
"id": 22
}
},
{
"type": "host",
"payload": {
"identifier": "host-ABC",
"id": 45
}
2022-05-09 17:08:37 +00:00
}
2022-05-02 13:55:27 +00:00
]
2021-02-25 19:43:15 +00:00
}
```
---
2021-06-09 23:11:48 +00:00
2022-05-02 13:55:27 +00:00
## Users
2021-06-09 23:11:48 +00:00
2022-05-02 13:55:27 +00:00
- [List all users ](#list-all-users )
- [Create a user account with an invitation ](#create-a-user-account-with-an-invitation )
- [Create a user account without an invitation ](#create-a-user-account-without-an-invitation )
- [Get user information ](#get-user-information )
- [Modify user ](#modify-user )
- [Delete user ](#delete-user )
- [Require password reset ](#require-password-reset )
- [List a user's sessions ](#list-a-users-sessions )
- [Delete a user's sessions ](#delete-a-users-sessions )
2022-04-26 01:25:12 +00:00
2022-05-02 13:55:27 +00:00
The Fleet server exposes a handful of API endpoints that handles common user management operations. All the following endpoints require prior authentication meaning you must first log in successfully before calling any of the endpoints documented below.
2021-06-09 23:11:48 +00:00
2022-05-02 13:55:27 +00:00
### List all users
2021-06-09 23:11:48 +00:00
2022-05-02 13:55:27 +00:00
Returns a list of all enabled users
`GET /api/v1/fleet/users`
2021-06-09 23:11:48 +00:00
#### Parameters
| Name | Type | In | Description |
| --------------- | ------- | ----- | ----------------------------------------------------------------------------------------------------------------------------- |
2022-05-02 13:55:27 +00:00
| query | string | query | Search query keywords. Searchable fields include `name` and `email` . |
| order_key | string | query | What to order results by. Can be any column in the users table. |
| order_direction | string | query | **Requires `order_key`** . The direction of the order given the order key. Options include `asc` and `desc` . Default is `asc` . |
2021-06-09 23:11:48 +00:00
| page | integer | query | Page number of the results to fetch. |
2022-05-02 13:55:27 +00:00
| query | string | query | Search query keywords. Searchable fields include `name` and `email` . |
2021-06-09 23:11:48 +00:00
| per_page | integer | query | Results per page. |
2024-04-03 16:48:22 +00:00
| team_id | integer | query | _Available in Fleet Premium_ . Filters the users to only include users in the specified team. |
2021-06-09 23:11:48 +00:00
#### Example
2022-05-02 13:55:27 +00:00
`GET /api/v1/fleet/users`
##### Request query parameters
None.
2021-06-09 23:11:48 +00:00
##### Default response
`Status: 200`
2021-09-16 07:45:14 +00:00
```json
2021-06-09 23:11:48 +00:00
{
2022-05-02 13:55:27 +00:00
"users": [
2021-06-09 23:11:48 +00:00
{
2022-05-02 13:55:27 +00:00
"created_at": "2020-12-10T03:52:53Z",
"updated_at": "2020-12-10T03:52:53Z",
2021-10-07 14:40:22 +00:00
"id": 1,
2022-05-02 13:55:27 +00:00
"name": "Jane Doe",
"email": "janedoe@example.com",
"force_password_reset": false,
"gravatar_url": "",
"sso_enabled": false,
"global_role": null,
"api_only": false,
"teams": [
{
"id": 1,
"created_at": "0001-01-01T00:00:00Z",
"name": "workstations",
"description": "",
"role": "admin"
}
]
2021-06-09 23:11:48 +00:00
}
]
}
```
2022-05-02 13:55:27 +00:00
##### Failed authentication
2022-02-04 17:33:22 +00:00
2022-05-02 13:55:27 +00:00
`Status: 401 Authentication Failed`
2022-02-04 17:33:22 +00:00
2022-05-02 13:55:27 +00:00
```json
{
"message": "Authentication Failed",
"errors": [
{
"name": "base",
"reason": "Authentication failed"
}
]
}
```
### Create a user account with an invitation
Creates a user account after an invited user provides registration information and submits the form.
`POST /api/v1/fleet/users`
2022-02-04 17:33:22 +00:00
#### Parameters
2022-05-02 13:55:27 +00:00
| Name | Type | In | Description |
| --------------------- | ------ | ---- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| email | string | body | **Required** . The email address of the user. |
| invite_token | string | body | **Required** . Token provided to the user in the invitation email. |
| name | string | body | **Required** . The name of the user. |
| password | string | body | The password chosen by the user (if not SSO user). |
| password_confirmation | string | body | Confirmation of the password chosen by the user. |
2023-07-27 22:40:01 +00:00
| global_role | string | body | The role assigned to the user. In Fleet 4.0.0, 3 user roles were introduced (`admin`, `maintainer` , and `observer` ). In Fleet 4.30.0 and 4.31.0, the `observer_plus` and `gitops` roles were introduced respectively. If `global_role` is specified, `teams` cannot be specified. For more information, see [manage access ](https://fleetdm.com/docs/using-fleet/manage-access ). |
2024-04-03 16:48:22 +00:00
| teams | array | body | _Available in Fleet Premium_ . The teams and respective roles assigned to the user. Should contain an array of objects in which each object includes the team's `id` and the user's `role` on each team. In Fleet 4.0.0, 3 user roles were introduced (`admin`, `maintainer` , and `observer` ). In Fleet 4.30.0 and 4.31.0, the `observer_plus` and `gitops` roles were introduced respectively. If `teams` is specified, `global_role` cannot be specified. For more information, see [manage access ](https://fleetdm.com/docs/using-fleet/manage-access ). |
2022-02-04 17:33:22 +00:00
#### Example
2022-05-02 13:55:27 +00:00
`POST /api/v1/fleet/users`
##### Request query parameters
```json
{
"email": "janedoe@example.com",
"invite_token": "SjdReDNuZW5jd3dCbTJtQTQ5WjJTc2txWWlEcGpiM3c=",
"name": "janedoe",
"password": "test-123",
"password_confirmation": "test-123",
"teams": [
{
"id": 2,
"role": "observer"
},
{
"id": 4,
"role": "observer"
}
]
}
```
2022-02-04 17:33:22 +00:00
##### Default response
`Status: 200`
```json
{
2022-05-02 13:55:27 +00:00
"user": {
"created_at": "0001-01-01T00:00:00Z",
"updated_at": "0001-01-01T00:00:00Z",
"id": 2,
"name": "janedoe",
"email": "janedoe@example.com",
"enabled": true,
"force_password_reset": false,
"gravatar_url": "",
"sso_enabled": false,
"global_role": "admin",
"teams": []
2022-02-04 17:33:22 +00:00
}
}
```
2022-05-02 13:55:27 +00:00
##### Failed authentication
2021-06-09 23:11:48 +00:00
2022-05-02 13:55:27 +00:00
`Status: 401 Authentication Failed`
2021-06-09 23:11:48 +00:00
2022-05-02 13:55:27 +00:00
```json
{
"message": "Authentication Failed",
"errors": [
{
"name": "base",
"reason": "Authentication failed"
}
]
}
```
##### Expired or used invite code
`Status: 404 Resource Not Found`
```json
{
"message": "Resource Not Found",
"errors": [
{
"name": "base",
"reason": "Invite with token SjdReDNuZW5jd3dCbTJtQTQ5WjJTc2txWWlEcGpiM3c= was not found in the datastore"
}
]
}
```
##### Validation failed
`Status: 422 Validation Failed`
The same error will be returned whenever one of the required parameters fails the validation.
```json
{
"message": "Validation Failed",
"errors": [
{
"name": "name",
"reason": "cannot be empty"
}
]
}
```
### Create a user account without an invitation
Creates a user account without requiring an invitation, the user is enabled immediately.
By default, the user will be forced to reset its password upon first login.
`POST /api/v1/fleet/users/admin`
2021-06-09 23:11:48 +00:00
#### Parameters
2022-05-02 13:55:27 +00:00
| Name | Type | In | Description |
| ----------- | ------- | ---- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| email | string | body | **Required** . The user's email address. |
| name | string | body | **Required** . The user's full name or nickname. |
| password | string | body | The user's password (required for non-SSO users). |
| sso_enabled | boolean | body | Whether or not SSO is enabled for the user. |
| api_only | boolean | body | User is an "API-only" user (cannot use web UI) if true. |
2023-07-27 22:40:01 +00:00
| global_role | string | body | The role assigned to the user. In Fleet 4.0.0, 3 user roles were introduced (`admin`, `maintainer` , and `observer` ). In Fleet 4.30.0 and 4.31.0, the `observer_plus` and `gitops` roles were introduced respectively. If `global_role` is specified, `teams` cannot be specified. For more information, see [manage access ](https://fleetdm.com/docs/using-fleet/manage-access ). |
2022-05-02 13:55:27 +00:00
| admin_forced_password_reset | boolean | body | Sets whether the user will be forced to reset its password upon first login (default=true) |
2024-04-03 16:48:22 +00:00
| teams | array | body | _Available in Fleet Premium_ . The teams and respective roles assigned to the user. Should contain an array of objects in which each object includes the team's `id` and the user's `role` on each team. In Fleet 4.0.0, 3 user roles were introduced (`admin`, `maintainer` , and `observer` ). In Fleet 4.30.0 and 4.31.0, the `observer_plus` and `gitops` roles were introduced respectively. If `teams` is specified, `global_role` cannot be specified. For more information, see [manage access ](https://fleetdm.com/docs/using-fleet/manage-access ). |
2021-06-09 23:11:48 +00:00
#### Example
2022-05-02 13:55:27 +00:00
`POST /api/v1/fleet/users/admin`
2021-06-09 23:11:48 +00:00
##### Request body
2021-09-16 07:45:14 +00:00
```json
2021-06-09 23:11:48 +00:00
{
2022-05-02 13:55:27 +00:00
"name": "Jane Doe",
"email": "janedoe@example.com",
"password": "test-123",
"teams": [
{
"id": 2,
"role": "observer"
},
{
"id": 3,
"role": "maintainer"
2022-10-08 12:57:46 +00:00
}
2022-05-02 13:55:27 +00:00
]
2021-06-09 23:11:48 +00:00
}
```
##### Default response
`Status: 200`
2021-09-16 07:45:14 +00:00
```json
2021-06-09 23:11:48 +00:00
{
2022-05-02 13:55:27 +00:00
"user": {
"created_at": "0001-01-01T00:00:00Z",
"updated_at": "0001-01-01T00:00:00Z",
"id": 5,
"name": "Jane Doe",
"email": "janedoe@example.com",
"enabled": true,
"force_password_reset": false,
"gravatar_url": "",
"sso_enabled": false,
"api_only": false,
"global_role": null,
"teams": [
{
"id": 2,
"role": "observer"
},
{
"id": 3,
"role": "maintainer"
2022-10-08 12:57:46 +00:00
}
2022-05-02 13:55:27 +00:00
]
}
}
```
##### User doesn't exist
`Status: 404 Resource Not Found`
```json
{
"message": "Resource Not Found",
"errors": [
{
"name": "base",
"reason": "User with id=1 was not found in the datastore"
2021-06-09 23:11:48 +00:00
}
]
}
```
2022-05-02 13:55:27 +00:00
### Get user information
2021-06-09 23:11:48 +00:00
2022-05-02 13:55:27 +00:00
Returns all information about a specific user.
2021-06-09 23:11:48 +00:00
2023-12-08 22:22:20 +00:00
`GET /api/v1/fleet/users/:id`
2021-06-09 23:11:48 +00:00
#### Parameters
2022-05-02 13:55:27 +00:00
| Name | Type | In | Description |
| ---- | ------- | ---- | ---------------------------- |
| id | integer | path | **Required** . The user's id. |
2021-06-09 23:11:48 +00:00
2022-05-02 13:55:27 +00:00
#### Example
2021-06-09 23:11:48 +00:00
2022-05-02 13:55:27 +00:00
`GET /api/v1/fleet/users/2`
2021-06-09 23:11:48 +00:00
2022-05-02 13:55:27 +00:00
##### Request query parameters
2021-06-09 23:11:48 +00:00
2021-09-16 07:45:14 +00:00
```json
2021-06-09 23:11:48 +00:00
{
2022-05-02 13:55:27 +00:00
"id": 1
2021-06-09 23:11:48 +00:00
}
```
##### Default response
`Status: 200`
2021-09-16 07:45:14 +00:00
```json
2021-06-09 23:11:48 +00:00
{
2022-05-02 13:55:27 +00:00
"user": {
"created_at": "2020-12-10T05:20:25Z",
"updated_at": "2020-12-10T05:24:27Z",
"id": 2,
"name": "Jane Doe",
"email": "janedoe@example.com",
"force_password_reset": false,
"gravatar_url": "",
"sso_enabled": false,
"global_role": "admin",
"api_only": false,
"teams": []
2021-06-09 23:11:48 +00:00
}
}
```
2022-05-02 13:55:27 +00:00
##### User doesn't exist
2021-06-09 23:11:48 +00:00
2022-05-02 13:55:27 +00:00
`Status: 404 Resource Not Found`
2021-06-09 23:11:48 +00:00
2021-09-16 07:45:14 +00:00
```json
2021-06-09 23:11:48 +00:00
{
2022-05-02 13:55:27 +00:00
"message": "Resource Not Found",
"errors": [
{
"name": "base",
"reason": "User with id=5 was not found in the datastore"
}
]
2021-06-09 23:11:48 +00:00
}
```
2022-05-02 13:55:27 +00:00
### Modify user
2021-06-09 23:11:48 +00:00
2023-12-08 22:22:20 +00:00
`PATCH /api/v1/fleet/users/:id`
2021-06-09 23:11:48 +00:00
2022-05-02 13:55:27 +00:00
#### Parameters
2021-06-09 23:11:48 +00:00
2022-05-02 13:55:27 +00:00
| Name | Type | In | Description |
| ----------- | ------- | ---- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| id | integer | path | **Required** . The user's id. |
| name | string | body | The user's name. |
| position | string | body | The user's position. |
| email | string | body | The user's email. |
| sso_enabled | boolean | body | Whether or not SSO is enabled for the user. |
| api_only | boolean | body | User is an "API-only" user (cannot use web UI) if true. |
| password | string | body | The user's current password, required to change the user's own email or password (not required for an admin to modify another user). |
| new_password| string | body | The user's new password. |
| global_role | string | body | The role assigned to the user. In Fleet 4.0.0, 3 user roles were introduced (`admin`, `maintainer` , and `observer` ). If `global_role` is specified, `teams` cannot be specified. |
2024-04-03 16:48:22 +00:00
| teams | array | body | _Available in Fleet Premium_ . The teams and respective roles assigned to the user. Should contain an array of objects in which each object includes the team's `id` and the user's `role` on each team. In Fleet 4.0.0, 3 user roles were introduced (`admin`, `maintainer` , and `observer` ). If `teams` is specified, `global_role` cannot be specified. |
2021-06-09 23:11:48 +00:00
2022-05-02 13:55:27 +00:00
#### Example
`PATCH /api/v1/fleet/users/2`
2021-06-09 23:11:48 +00:00
##### Request body
2021-09-16 07:45:14 +00:00
```json
2021-06-09 23:11:48 +00:00
{
2022-05-02 13:55:27 +00:00
"name": "Jane Doe",
"global_role": "admin"
2021-06-09 23:11:48 +00:00
}
```
##### Default response
`Status: 200`
2021-09-16 07:45:14 +00:00
```json
2021-06-09 23:11:48 +00:00
{
2022-05-02 13:55:27 +00:00
"user": {
"created_at": "2021-02-03T16:11:06Z",
"updated_at": "2021-02-03T16:11:06Z",
"id": 2,
"name": "Jane Doe",
"email": "janedoe@example.com",
"global_role": "admin",
"force_password_reset": false,
"gravatar_url": "",
"sso_enabled": false,
"api_only": false,
"teams": []
}
}
```
#### Example (modify a user's teams)
`PATCH /api/v1/fleet/users/2`
##### Request body
```json
{
"teams": [
{
"id": 1,
"role": "observer"
2022-03-21 19:16:47 +00:00
},
2022-05-02 13:55:27 +00:00
{
"id": 2,
"role": "maintainer"
2021-06-09 23:11:48 +00:00
}
2022-05-02 13:55:27 +00:00
]
}
```
##### Default response
`Status: 200`
```json
{
"user": {
"created_at": "2021-02-03T16:11:06Z",
"updated_at": "2021-02-03T16:11:06Z",
"id": 2,
"name": "Jane Doe",
"email": "janedoe@example.com",
"enabled": true,
"force_password_reset": false,
"gravatar_url": "",
"sso_enabled": false,
"global_role": "admin",
"teams": [
{
"id": 2,
"role": "observer"
},
{
"id": 3,
"role": "maintainer"
2022-10-08 12:57:46 +00:00
}
2022-05-02 13:55:27 +00:00
]
2021-06-09 23:11:48 +00:00
}
}
```
2022-05-02 13:55:27 +00:00
### Delete user
2021-06-09 23:11:48 +00:00
2022-05-02 13:55:27 +00:00
Delete the specified user from Fleet.
2021-06-09 23:11:48 +00:00
2023-12-08 22:22:20 +00:00
`DELETE /api/v1/fleet/users/:id`
2021-06-09 23:11:48 +00:00
#### Parameters
2022-05-02 13:55:27 +00:00
| Name | Type | In | Description |
| ---- | ------- | ---- | ---------------------------- |
| id | integer | path | **Required** . The user's id. |
2021-06-09 23:11:48 +00:00
#### Example
2022-05-02 13:55:27 +00:00
`DELETE /api/v1/fleet/users/3`
2021-06-09 23:11:48 +00:00
2022-05-02 13:55:27 +00:00
##### Default response
2021-06-09 23:11:48 +00:00
`Status: 200`
2021-07-21 17:03:10 +00:00
2022-05-02 13:55:27 +00:00
### Require password reset
2021-07-21 17:03:10 +00:00
2022-05-02 13:55:27 +00:00
The selected user is logged out of Fleet and required to reset their password during the next attempt to log in. This also revokes all active Fleet API tokens for this user. Returns the user object.
2022-01-18 19:23:20 +00:00
2023-12-08 22:22:20 +00:00
`POST /api/v1/fleet/users/:id/require_password_reset`
2021-07-21 17:03:10 +00:00
#### Parameters
2022-05-02 13:55:27 +00:00
| Name | Type | In | Description |
| ----- | ------- | ---- | ---------------------------------------------------------------------------------------------- |
| id | integer | path | **Required** . The user's id. |
2023-05-17 16:09:31 +00:00
| require | boolean | body | Whether or not the user is required to reset their password during the next attempt to log in. |
2021-07-21 17:03:10 +00:00
#### Example
2023-12-08 22:22:20 +00:00
`POST /api/v1/fleet/users/123/require_password_reset`
2021-07-21 17:03:10 +00:00
##### Request body
2021-09-16 07:45:14 +00:00
```json
2021-07-21 17:03:10 +00:00
{
2022-05-02 13:55:27 +00:00
"require": true
2021-07-21 17:03:10 +00:00
}
```
2021-08-19 23:22:17 +00:00
2021-07-21 17:03:10 +00:00
##### Default response
`Status: 200`
2021-09-16 07:45:14 +00:00
```json
2021-07-21 17:03:10 +00:00
{
2022-05-02 13:55:27 +00:00
"user": {
"created_at": "2021-02-23T22:23:34Z",
"updated_at": "2021-02-23T22:28:52Z",
"id": 2,
"name": "Jane Doe",
"email": "janedoe@example.com",
"force_password_reset": true,
"gravatar_url": "",
"sso_enabled": false,
"global_role": "observer",
"teams": []
}
2021-07-21 17:03:10 +00:00
}
```
2021-09-14 13:58:48 +00:00
2022-05-02 13:55:27 +00:00
### List a user's sessions
2021-09-14 13:58:48 +00:00
2022-05-02 13:55:27 +00:00
Returns a list of the user's sessions in Fleet.
2021-09-14 13:58:48 +00:00
2023-12-08 22:22:20 +00:00
`GET /api/v1/fleet/users/:id/sessions`
2021-09-14 13:58:48 +00:00
#### Parameters
2022-05-02 13:55:27 +00:00
None.
2021-09-14 13:58:48 +00:00
#### Example
2022-05-02 13:55:27 +00:00
`GET /api/v1/fleet/users/1/sessions`
2021-09-14 13:58:48 +00:00
##### Default response
`Status: 200`
2021-09-16 07:45:14 +00:00
```json
2021-09-14 13:58:48 +00:00
{
2022-05-02 13:55:27 +00:00
"sessions": [
{
"session_id": 2,
"user_id": 1,
"created_at": "2021-02-03T16:12:50Z"
},
{
"session_id": 3,
"user_id": 1,
"created_at": "2021-02-09T23:40:23Z"
},
{
"session_id": 6,
"user_id": 1,
"created_at": "2021-02-23T22:23:58Z"
}
]
2021-09-14 13:58:48 +00:00
}
```
2021-12-03 13:54:17 +00:00
2022-05-02 13:55:27 +00:00
### Delete a user's sessions
2021-12-03 13:54:17 +00:00
2022-05-02 13:55:27 +00:00
Deletes the selected user's sessions in Fleet. Also deletes the user's API token.
2023-12-08 22:22:20 +00:00
`DELETE /api/v1/fleet/users/:id/sessions`
2021-12-03 13:54:17 +00:00
#### Parameters
2022-05-02 13:55:27 +00:00
| Name | Type | In | Description |
| ---- | ------- | ---- | ----------------------------------------- |
| id | integer | path | **Required** . The ID of the desired user. |
2021-12-03 13:54:17 +00:00
#### Example
2022-05-02 13:55:27 +00:00
`DELETE /api/v1/fleet/users/1/sessions`
2021-12-03 13:54:17 +00:00
##### Default response
`Status: 200`
2022-05-10 14:44:43 +00:00
## Debug
- [Get a summary of errors ](#get-a-summary-of-errors )
2022-05-17 13:00:47 +00:00
- [Get database information ](#get-database-information )
- [Get profiling information ](#get-profiling-information )
2022-05-10 14:44:43 +00:00
The Fleet server exposes a handful of API endpoints to retrieve debug information about the server itself in order to help troubleshooting. All the following endpoints require prior authentication meaning you must first log in successfully before calling any of the endpoints documented below.
### Get a summary of errors
2022-10-26 23:26:49 +00:00
Returns a set of all the errors that happened in the server during the interval of time defined by the [logging_error_retention_period ](https://fleetdm.com/docs/deploying/configuration#logging-error-retention-period ) configuration.
2022-05-10 14:44:43 +00:00
The server only stores and returns a single instance of each error.
`GET /debug/errors`
#### Parameters
| Name | Type | In | Description |
| ----- | ------- | ----- | --------------------------------------------------------------------------------- |
| flush | boolean | query | Whether or not clear the errors from Redis after reading them. Default is `false` |
#### Example
`GET /debug/errors?flush=true`
##### Default response
`Status: 200`
```json
[
2022-06-28 19:31:14 +00:00
{
2022-06-21 11:43:53 +00:00
"count": "3",
2022-06-28 19:31:14 +00:00
"chain": [
{
2022-06-21 11:43:53 +00:00
"message": "Authorization header required"
},
2022-06-28 19:31:14 +00:00
{
"message": "missing FleetError in chain",
"data": {
"timestamp": "2022-06-03T14:16:01-03:00"
},
"stack": [
"github.com/fleetdm/fleet/v4/server/contexts/ctxerr.Handle (ctxerr.go:262)",
"github.com/fleetdm/fleet/v4/server/service.encodeError (transport_error.go:80)",
"github.com/go-kit/kit/transport/http.Server.ServeHTTP (server.go:124)"
]
}
]
2022-05-10 14:44:43 +00:00
}
]
```
2022-02-23 18:17:55 +00:00
2022-05-17 13:00:47 +00:00
### Get database information
2022-05-20 18:01:54 +00:00
Returns information about the current state of the database; valid keys are:
2022-05-17 13:00:47 +00:00
- `locks` : returns transaction locking information.
- `innodb-status` : returns InnoDB status information.
- `process-list` : returns running processes (queries, etc).
2023-12-08 22:22:20 +00:00
`GET /debug/db/:key`
2022-05-17 13:00:47 +00:00
#### Parameters
None.
### Get profiling information
Returns runtime profiling data of the server in the format expected by `go tools pprof` . The responses are equivalent to those returned by the Go `http/pprof` package.
Valid keys are: `cmdline` , `profile` , `symbol` and `trace` .
2023-12-08 22:22:20 +00:00
`GET /debug/pprof/:key`
2022-05-17 13:00:47 +00:00
#### Parameters
None.
Add UUID to Fleet errors and clean up error msgs (#10411)
#8129
Apart from fixing the issue in #8129, this change also introduces UUIDs
to Fleet errors. To be able to match a returned error from the API to a
error in the Fleet logs. See
https://fleetdm.slack.com/archives/C019WG4GH0A/p1677780622769939 for
more context.
Samples with the changes in this PR:
```
curl -k -H "Authorization: Bearer $TEST_TOKEN" -H 'Content-Type:application/json' "https://localhost:8080/api/v1/fleet/sso" -d ''
{
"message": "Bad request",
"errors": [
{
"name": "base",
"reason": "Expected JSON Body"
}
],
"uuid": "a01f6e10-354c-4ff0-b96e-1f64adb500b0"
}
```
```
curl -k -H "Authorization: Bearer $TEST_TOKEN" -H 'Content-Type:application/json' "https://localhost:8080/api/v1/fleet/sso" -d 'asd'
{
"message": "Bad request",
"errors": [
{
"name": "base",
"reason": "json decoder error"
}
],
"uuid": "5f716a64-7550-464b-a1dd-e6a505a9f89d"
}
```
```
curl -k -X GET -H "Authorization: Bearer badtoken" "https://localhost:8080/api/latest/fleet/teams"
{
"message": "Authentication required",
"errors": [
{
"name": "base",
"reason": "Authentication required"
}
],
"uuid": "efe45bc0-f956-4bf9-ba4f-aa9020a9aaaf"
}
```
```
curl -k -X PATCH -H "Authorization: Bearer $TEST_TOKEN" "https://localhost:8080/api/latest/fleet/users/14" -d '{"name": "Manuel2", "password": "what", "new_password": "p4ssw0rd.12345"}'
{
"message": "Authorization header required",
"errors": [
{
"name": "base",
"reason": "Authorization header required"
}
],
"uuid": "57f78cd0-4559-464f-9df7-36c9ef7c89b3"
}
```
```
curl -k -X PATCH -H "Authorization: Bearer $TEST_TOKEN" "https://localhost:8080/api/latest/fleet/users/14" -d '{"name": "Manuel2", "password": "what", "new_password": "p4ssw0rd.12345"}'
{
"message": "Permission Denied",
"uuid": "7f0220ad-6de7-4faf-8b6c-8d7ff9d2ca06"
}
```
- [X] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [X] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)
- ~[ ] Documented any permissions changes~
- ~[ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)~
- ~[ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.~
- [X] Added/updated tests
- [X] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [X] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- ~[ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).~
2023-03-13 16:44:06 +00:00
## API errors
Fleet returns API errors as a JSON document with the following fields:
- `message` : This field contains the kind of error (bad request error, authorization error, etc.).
- `errors` : List of errors with `name` and `reason` keys.
- `uuid` : Unique identifier for the error. This identifier can be matched to Fleet logs which might contain more information about the cause of the error.
Sample of an error when trying to send an empty body on a request that expects a JSON body:
```sh
$ curl -k -H "Authorization: Bearer $TOKEN" -H 'Content-Type:application/json' "https://localhost:8080/api/v1/fleet/sso" -d ''
```
Response:
```json
{
"message": "Bad request",
"errors": [
{
"name": "base",
"reason": "Expected JSON Body"
}
],
"uuid": "c0532a64-bec2-4cf9-aa37-96fe47ead814"
}
```
2022-05-02 13:55:27 +00:00
---
2023-07-27 22:40:01 +00:00
< meta name = "description" value = "Documentation for Fleet's REST API. See example requests and responses for each API endpoint." >
< meta name = "pageOrderInSection" value = "30" >
