fleet/docs/Using Fleet/Automations.md

# Automations

You can configure Fleet to trigger automations that reserve time in your end users' calendars (maintenance windows), send webhooks, or to create tickets.

To learn how to use Fleet's maintenance windows, head to this [article](https://fleetdm.com/announcements/fleet-in-your-calendar-introducing-maintenance-windows). 

## Activity automations

Activity automations are triggered when an activity happens in Fleet (queries, scripts, logins, etc). See a list of all activities [here](https://fleetdm.com/docs/using-fleet/audit-logs).

You can automatically send activites to a webhook URL or a [log destination](https://fleetdm.com/docs/configuration/fleet-server-configuration#external-activity-audit-logging).

## Policy automations

Policy automations are triggered if a policy is newly failing on at least one host.

> Note that a policy is "newly failing" if a host updated its response from "no response" to "failing" or from "passing" to "failing."

Fleet checks whether to trigger policy automations once per day by default.

For webhooks, if a policy is newly failing on more than one host during the same period, a separate webhook request is triggered for each host by default.

For tickets, a single ticket is created per newly failed policy (i.e., multiple tickets are not created if a policy is newly failing on more than one host during the same period).

## Vulnerability automations

Vulnerability automations are triggered if Fleet detects a new vulnerability (CVE) on at least one host. 

> Note that Fleet treats a CVE as "new" if it was published within the preceding 30 days by default. This setting can be changed through the [`recent_vulnerability_max_age` configuration option](https://fleetdm.com/docs/deploying/configuration#recent-vulnerability-max-age).

Fleet checks whether to trigger vulnerability automations once per hour by default. This period can be changed through the [`vulnerabilities_periodicity` configuration option](https://fleetdm.com/docs/deploying/configuration#periodicity). 

Once a CVE has been detected on any host, automations are not triggered if the CVE is detected on other hosts in subsequent periods. If the CVE has been remediated on all hosts, an automation may be triggered if the CVE is detected subsequently so long as the CVE is treated as "new" by Fleet. 

For webhooks, if a new CVE is detected on more than one host during the same period that the initial detection occurred, a separate webhook request is triggered for each host by default.

## Host status automations

Host status automations send a webhook request if a configured percentage of hosts have not checked in to Fleet for a configured number of days.

Fleet sends these webhook requests once per day by default.

<meta name="pageOrderInSection" value="1509">
<meta name="description" value="Configure Fleet automations to trigger webhooks or create tickets in Jira and Zendesk for vulnerability, policy, and host status events.">
<meta name="navSection" value="Device management">
Add "Automations" documentation page (#3537) - Add "Automations" documentation page to document the available automations in Fleet - Update the "Vulnerability processing" documentation - Update the "REST API" documentation 2021-12-30 22:50:27 +00:00			`# Automations`

Update docs: Maintenance windows (Fleet in your calendar) (#19232) Doc updates for the "Maintenance windows (Fleet in your calendar)" story (#17230) 2024-05-23 21:07:53 +00:00			`You can configure Fleet to trigger automations that reserve time in your end users' calendars (maintenance windows), send webhooks, or to create tickets.`
Add "Automations" documentation page (#3537) - Add "Automations" documentation page to document the available automations in Fleet - Update the "Vulnerability processing" documentation - Update the "REST API" documentation 2021-12-30 22:50:27 +00:00
Update docs: Maintenance windows (Fleet in your calendar) (#19232) Doc updates for the "Maintenance windows (Fleet in your calendar)" story (#17230) 2024-05-23 21:07:53 +00:00			`To learn how to use Fleet's maintenance windows, head to this [article](https://fleetdm.com/announcements/fleet-in-your-calendar-introducing-maintenance-windows).`
Add "Automations" documentation page (#3537) - Add "Automations" documentation page to document the available automations in Fleet - Update the "Vulnerability processing" documentation - Update the "REST API" documentation 2021-12-30 22:50:27 +00:00
Update docs: Webhooks for global activity (#19863) Docs for the "Webhooks for global activity feed" story (#14722) - Add item to permissions table - Clean up and simplify Audit logs top section. It's a reference page - Link to Audit logs reference from Automations page 2024-06-26 20:48:58 +00:00			`## Activity automations`

			`Activity automations are triggered when an activity happens in Fleet (queries, scripts, logins, etc). See a list of all activities [here](https://fleetdm.com/docs/using-fleet/audit-logs).`

			`You can automatically send activites to a webhook URL or a [log destination](https://fleetdm.com/docs/configuration/fleet-server-configuration#external-activity-audit-logging).`

Update docs: Maintenance windows (Fleet in your calendar) (#19232) Doc updates for the "Maintenance windows (Fleet in your calendar)" story (#17230) 2024-05-23 21:07:53 +00:00			`## Policy automations`
Add "Automations" documentation page (#3537) - Add "Automations" documentation page to document the available automations in Fleet - Update the "Vulnerability processing" documentation - Update the "REST API" documentation 2021-12-30 22:50:27 +00:00
Update docs: Maintenance windows (Fleet in your calendar) (#19232) Doc updates for the "Maintenance windows (Fleet in your calendar)" story (#17230) 2024-05-23 21:07:53 +00:00			`Policy automations are triggered if a policy is newly failing on at least one host.`
Add "Automations" documentation page (#3537) - Add "Automations" documentation page to document the available automations in Fleet - Update the "Vulnerability processing" documentation - Update the "REST API" documentation 2021-12-30 22:50:27 +00:00
Update docs: Maintenance windows (Fleet in your calendar) (#19232) Doc updates for the "Maintenance windows (Fleet in your calendar)" story (#17230) 2024-05-23 21:07:53 +00:00			`> Note that a policy is "newly failing" if a host updated its response from "no response" to "failing" or from "passing" to "failing."`
Add "Automations" documentation page (#3537) - Add "Automations" documentation page to document the available automations in Fleet - Update the "Vulnerability processing" documentation - Update the "REST API" documentation 2021-12-30 22:50:27 +00:00
Docs: GitOps reference (#19740) Docs for Fleet's best practice GitOps: #13643 (also #17043) 2024-07-02 15:11:43 +00:00			`Fleet checks whether to trigger policy automations once per day by default.`
Add "Automations" documentation page (#3537) - Add "Automations" documentation page to document the available automations in Fleet - Update the "Vulnerability processing" documentation - Update the "REST API" documentation 2021-12-30 22:50:27 +00:00
Docs: GitOps reference (#19740) Docs for Fleet's best practice GitOps: #13643 (also #17043) 2024-07-02 15:11:43 +00:00			`For webhooks, if a policy is newly failing on more than one host during the same period, a separate webhook request is triggered for each host by default.`
Add "Automations" documentation page (#3537) - Add "Automations" documentation page to document the available automations in Fleet - Update the "Vulnerability processing" documentation - Update the "REST API" documentation 2021-12-30 22:50:27 +00:00
Update docs: Maintenance windows (Fleet in your calendar) (#19232) Doc updates for the "Maintenance windows (Fleet in your calendar)" story (#17230) 2024-05-23 21:07:53 +00:00			`For tickets, a single ticket is created per newly failed policy (i.e., multiple tickets are not created if a policy is newly failing on more than one host during the same period).`
Update documentation for ticket destinations and Fleet Desktop (#6251) * Add policy automations to docs and Fleet Desktop * Update docs/Using-Fleet/Adding-hosts.md Co-authored-by: Desmi-Dizney <99777687+Desmi-Dizney@users.noreply.github.com> * Update docs/Using-Fleet/Automations.md Co-authored-by: Desmi-Dizney <99777687+Desmi-Dizney@users.noreply.github.com> Co-authored-by: Desmi-Dizney <99777687+Desmi-Dizney@users.noreply.github.com> 2022-06-27 21:25:17 +00:00
Update docs: Maintenance windows (Fleet in your calendar) (#19232) Doc updates for the "Maintenance windows (Fleet in your calendar)" story (#17230) 2024-05-23 21:07:53 +00:00			`## Vulnerability automations`
Update documentation for automations (#8084) 2022-10-07 17:24:24 +00:00
Update docs: Maintenance windows (Fleet in your calendar) (#19232) Doc updates for the "Maintenance windows (Fleet in your calendar)" story (#17230) 2024-05-23 21:07:53 +00:00			`Vulnerability automations are triggered if Fleet detects a new vulnerability (CVE) on at least one host.`
Add docs for Fleet Desktop and integrations (#6053) - Add "Fleet Desktop" section to "Adding hosts" doc page - Add instructions to add Jira or Zendesk integration to "Vulnerability automations" section in the "Automations" doc page 2022-06-07 15:38:28 +00:00
Update docs: Maintenance windows (Fleet in your calendar) (#19232) Doc updates for the "Maintenance windows (Fleet in your calendar)" story (#17230) 2024-05-23 21:07:53 +00:00			> Note that Fleet treats a CVE as "new" if it was published within the preceding 30 days by default. This setting can be changed through the [`recent_vulnerability_max_age` configuration option](https://fleetdm.com/docs/deploying/configuration#recent-vulnerability-max-age).
Add vulnerability automations to "Automations" docs (#4130) 2022-02-14 02:12:51 +00:00
Update docs: Maintenance windows (Fleet in your calendar) (#19232) Doc updates for the "Maintenance windows (Fleet in your calendar)" story (#17230) 2024-05-23 21:07:53 +00:00			Fleet checks whether to trigger vulnerability automations once per hour by default. This period can be changed through the [`vulnerabilities_periodicity` configuration option](https://fleetdm.com/docs/deploying/configuration#periodicity).
Add vulnerability automations to "Automations" docs (#4130) 2022-02-14 02:12:51 +00:00
Update docs: Maintenance windows (Fleet in your calendar) (#19232) Doc updates for the "Maintenance windows (Fleet in your calendar)" story (#17230) 2024-05-23 21:07:53 +00:00			`Once a CVE has been detected on any host, automations are not triggered if the CVE is detected on other hosts in subsequent periods. If the CVE has been remediated on all hosts, an automation may be triggered if the CVE is detected subsequently so long as the CVE is treated as "new" by Fleet.`
Add vulnerability automations to "Automations" docs (#4130) 2022-02-14 02:12:51 +00:00
Docs: GitOps reference (#19740) Docs for Fleet's best practice GitOps: #13643 (also #17043) 2024-07-02 15:11:43 +00:00			`For webhooks, if a new CVE is detected on more than one host during the same period that the initial detection occurred, a separate webhook request is triggered for each host by default.`
Update documentation for ticket destinations and Fleet Desktop (#6251) * Add policy automations to docs and Fleet Desktop * Update docs/Using-Fleet/Adding-hosts.md Co-authored-by: Desmi-Dizney <99777687+Desmi-Dizney@users.noreply.github.com> * Update docs/Using-Fleet/Automations.md Co-authored-by: Desmi-Dizney <99777687+Desmi-Dizney@users.noreply.github.com> Co-authored-by: Desmi-Dizney <99777687+Desmi-Dizney@users.noreply.github.com> 2022-06-27 21:25:17 +00:00
Add "Automations" documentation page (#3537) - Add "Automations" documentation page to document the available automations in Fleet - Update the "Vulnerability processing" documentation - Update the "REST API" documentation 2021-12-30 22:50:27 +00:00			`## Host status automations`

Docs: GitOps reference (#19740) Docs for Fleet's best practice GitOps: #13643 (also #17043) 2024-07-02 15:11:43 +00:00			`Host status automations send a webhook request if a configured percentage of hosts have not checked in to Fleet for a configured number of days.`
Add "Automations" documentation page (#3537) - Add "Automations" documentation page to document the available automations in Fleet - Update the "Vulnerability processing" documentation - Update the "REST API" documentation 2021-12-30 22:50:27 +00:00
Docs: GitOps reference (#19740) Docs for Fleet's best practice GitOps: #13643 (also #17043) 2024-07-02 15:11:43 +00:00			`Fleet sends these webhook requests once per day by default.`
Add "Automations" documentation page (#3537) - Add "Automations" documentation page to document the available automations in Fleet - Update the "Vulnerability processing" documentation - Update the "REST API" documentation 2021-12-30 22:50:27 +00:00
Update docs: Maintenance windows (Fleet in your calendar) (#19232) Doc updates for the "Maintenance windows (Fleet in your calendar)" story (#17230) 2024-05-23 21:07:53 +00:00			`<meta name="pageOrderInSection" value="1509">`
Website: Add meta descriptions to Fleet documentation. (#12586) #11986 Changes: - Added meta descriptions to Fleet documentation pages. --------- Co-authored-by: Rachael Shaw <r@rachael.wtf> 2023-07-13 16:57:17 +00:00			`<meta name="description" value="Configure Fleet automations to trigger webhooks or create tickets in Jira and Zendesk for vulnerability, policy, and host status events.">`
Update docs: Maintenance windows (Fleet in your calendar) (#19232) Doc updates for the "Maintenance windows (Fleet in your calendar)" story (#17230) 2024-05-23 21:07:53 +00:00			`<meta name="navSection" value="Device management">`