From 2708988446ee28dbdf9aa5f1f97c7af92b678bf7 Mon Sep 17 00:00:00 2001 From: RachelElysia <71795832+RachelElysia@users.noreply.github.com> Date: Fri, 20 Sep 2024 07:50:10 -0700 Subject: [PATCH 01/18] Fleet UI: Fix observer persisting host_id when querying host from host details page (#22249) --- changes/20959-query-host-flow-fix-observer | 1 + .../QueryDetailsPage/QueryDetailsPage.tsx | 15 +++++++++++++-- frontend/pages/queries/edit/EditQueryPage.tsx | 9 ++++++++- frontend/router/paths.ts | 17 +++++++++++++---- 4 files changed, 35 insertions(+), 7 deletions(-) create mode 100644 changes/20959-query-host-flow-fix-observer diff --git a/changes/20959-query-host-flow-fix-observer b/changes/20959-query-host-flow-fix-observer new file mode 100644 index 0000000000..f1db67c3e9 --- /dev/null +++ b/changes/20959-query-host-flow-fix-observer @@ -0,0 +1 @@ +- Fix UI flow for observers to easily query hosts from the host details page diff --git a/frontend/pages/queries/details/QueryDetailsPage/QueryDetailsPage.tsx b/frontend/pages/queries/details/QueryDetailsPage/QueryDetailsPage.tsx index 42a2413c99..cdaec1aebd 100644 --- a/frontend/pages/queries/details/QueryDetailsPage/QueryDetailsPage.tsx +++ b/frontend/pages/queries/details/QueryDetailsPage/QueryDetailsPage.tsx @@ -49,7 +49,12 @@ interface IQueryDetailsPageProps { params: Params; location: { pathname: string; - query: { team_id?: string; order_key?: string; order_direction?: string }; + query: { + team_id?: string; + order_key?: string; + order_direction?: string; + host_id?: string; + }; search: string; }; } @@ -67,6 +72,12 @@ const QueryDetailsPage = ({ } const queryParams = location.query; + // Present when observer is redirected from host details > query + // since observer does not have access to edit page + const hostId = queryParams?.host_id + ? parseInt(queryParams.host_id, 10) + : undefined; + const { currentTeamId } = useTeamIdParam({ location, router, @@ -295,7 +306,7 @@ const QueryDetailsPage = ({ onClick={() => { queryId && router.push( - PATHS.LIVE_QUERY(queryId, currentTeamId) + PATHS.LIVE_QUERY(queryId, currentTeamId, hostId) ); }} disabled={isLiveQueryDisabled} diff --git a/frontend/pages/queries/edit/EditQueryPage.tsx b/frontend/pages/queries/edit/EditQueryPage.tsx index addfd6b061..d2bc087b60 100644 --- a/frontend/pages/queries/edit/EditQueryPage.tsx +++ b/frontend/pages/queries/edit/EditQueryPage.tsx @@ -208,7 +208,14 @@ const EditQueryPage = ({ queryId > 0 && !canEditExistingQuery ) { - router.push(PATHS.QUERY_DETAILS(queryId)); + // Reroute to query report page still maintains query params for live query purposes + const baseUrl = PATHS.QUERY_DETAILS(queryId); + const queryParams = buildQueryStringFromParams({ + host_id: location.query.host_id, + team_id: location.query.team_id, + }); + + router.push(queryParams ? `${baseUrl}?${queryParams}` : baseUrl); } }, [queryId, isTeamMaintainerOrTeamAdmin, isStoredQueryLoading]); diff --git a/frontend/router/paths.ts b/frontend/router/paths.ts index faaa9f35b7..1db857b432 100644 --- a/frontend/router/paths.ts +++ b/frontend/router/paths.ts @@ -1,3 +1,5 @@ +import { buildQueryStringFromParams } from "utilities/url"; + import { IPolicy } from "../interfaces/policy"; import URL_PREFIX from "./url_prefix"; @@ -95,10 +97,17 @@ export default { teamId ? `?team_id=${teamId}` : "" }`; }, - LIVE_QUERY: (queryId: number | null, teamId?: number): string => { - return `${URL_PREFIX}/queries/${queryId || "new"}/live${ - teamId ? `?team_id=${teamId}` : "" - }`; + LIVE_QUERY: ( + queryId: number | null, + teamId?: number, + hostId?: number + ): string => { + const baseUrl = `${URL_PREFIX}/queries/${queryId || "new"}/live`; + const queryParams = buildQueryStringFromParams({ + team_id: teamId, + host_id: hostId, + }); + return queryParams ? `${baseUrl}?${queryParams}` : baseUrl; }, QUERY_DETAILS: (queryId: number, teamId?: number): string => { return `${URL_PREFIX}/queries/${queryId}${ From 8d664bd4564abb7e3f8f005f15a4e26f9a27be9e Mon Sep 17 00:00:00 2001 From: Lucas Manuel Rodriguez Date: Fri, 20 Sep 2024 11:55:47 -0300 Subject: [PATCH 02/18] Make software batch endpoint asynchronous (#22258) #22069 API changes: https://github.com/fleetdm/fleet/pull/22259 QAd by applying 10 pieces of software on a team, which took 3+ minutes in total (which, before these changes was timing out at 100s.) With this approach, a GitOps CI run timing out might leave the background process running (which will eventually be applied to the database). The team discussed and agreed that we can fix this edge case later. - [X] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [X] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [X] Added/updated tests - [X] Manual QA for all new/changed functionality --- changes/22069-gitops-async-software-batch | 1 + cmd/fleet/serve.go | 2 + cmd/fleetctl/get_test.go | 4 +- cmd/fleetctl/gitops_test.go | 82 ++++- ee/server/service/mdm_external_test.go | 1 + ee/server/service/service.go | 3 + ee/server/service/software_installers.go | 291 +++++++++++++----- server/datastore/mysql/software_installers.go | 39 +-- .../mysql/software_installers_test.go | 24 +- server/fleet/datastore.go | 3 +- server/fleet/service.go | 26 +- server/mock/datastore_mock.go | 16 +- server/service/client_software.go | 33 +- server/service/client_teams.go | 7 +- server/service/handler.go | 3 + server/service/integration_enterprise_test.go | 181 +++++++++-- .../redis_key_value/redis_key_value.go | 58 ++++ .../redis_key_value/redis_key_value_test.go | 92 ++++++ server/service/software_installers.go | 49 ++- server/service/testing_utils.go | 9 + 20 files changed, 763 insertions(+), 161 deletions(-) create mode 100644 changes/22069-gitops-async-software-batch create mode 100644 server/service/redis_key_value/redis_key_value.go create mode 100644 server/service/redis_key_value/redis_key_value_test.go diff --git a/changes/22069-gitops-async-software-batch b/changes/22069-gitops-async-software-batch new file mode 100644 index 0000000000..35f0652fe2 --- /dev/null +++ b/changes/22069-gitops-async-software-batch @@ -0,0 +1 @@ +* Modified `POST /api/latest/fleet/software/batch` endpoint to be asynchronous and added a new endpoint `GET /api/latest/fleet/software/batch/{request_uuid}` to retrieve the result of the batch upload. diff --git a/cmd/fleet/serve.go b/cmd/fleet/serve.go index caf72413da..eda0660a73 100644 --- a/cmd/fleet/serve.go +++ b/cmd/fleet/serve.go @@ -49,6 +49,7 @@ import ( "github.com/fleetdm/fleet/v4/server/pubsub" "github.com/fleetdm/fleet/v4/server/service" "github.com/fleetdm/fleet/v4/server/service/async" + "github.com/fleetdm/fleet/v4/server/service/redis_key_value" "github.com/fleetdm/fleet/v4/server/service/redis_lock" "github.com/fleetdm/fleet/v4/server/service/redis_policy_set" "github.com/fleetdm/fleet/v4/server/sso" @@ -798,6 +799,7 @@ the way that the Fleet server works. softwareInstallStore, bootstrapPackageStore, distributedLock, + redis_key_value.New(redisPool), ) if err != nil { initFatal(err, "initial Fleet Premium service") diff --git a/cmd/fleetctl/get_test.go b/cmd/fleetctl/get_test.go index e775f4ea5f..f39ff1cd55 100644 --- a/cmd/fleetctl/get_test.go +++ b/cmd/fleetctl/get_test.go @@ -2320,8 +2320,8 @@ func TestGetTeamsYAMLAndApply(t *testing.T) { declaration.DeclarationUUID = uuid.NewString() return declaration, nil } - ds.BatchSetSoftwareInstallersFunc = func(ctx context.Context, tmID *uint, installers []*fleet.UploadSoftwareInstallerPayload) ([]fleet.SoftwarePackageResponse, error) { - return nil, nil + ds.BatchSetSoftwareInstallersFunc = func(ctx context.Context, tmID *uint, installers []*fleet.UploadSoftwareInstallerPayload) error { + return nil } actualYaml := runAppForTest(t, []string{"get", "teams", "--yaml"}) diff --git a/cmd/fleetctl/gitops_test.go b/cmd/fleetctl/gitops_test.go index 64cb9fda19..b934961559 100644 --- a/cmd/fleetctl/gitops_test.go +++ b/cmd/fleetctl/gitops_test.go @@ -182,7 +182,8 @@ func TestGitOpsBasicGlobalPremium(t *testing.T) { license := &fleet.LicenseInfo{Tier: fleet.TierPremium, Expiration: time.Now().Add(24 * time.Hour)} _, ds := runServerWithMockedDS( t, &service.TestServerOpts{ - License: license, + License: license, + KeyValueStore: newMemKeyValueStore(), }, ) @@ -229,7 +230,10 @@ func TestGitOpsBasicGlobalPremium(t *testing.T) { ds.NewJobFunc = func(ctx context.Context, job *fleet.Job) (*fleet.Job, error) { return &fleet.Job{}, nil } - ds.BatchSetSoftwareInstallersFunc = func(ctx context.Context, teamID *uint, installers []*fleet.UploadSoftwareInstallerPayload) ([]fleet.SoftwarePackageResponse, error) { + ds.BatchSetSoftwareInstallersFunc = func(ctx context.Context, teamID *uint, installers []*fleet.UploadSoftwareInstallerPayload) error { + return nil + } + ds.GetSoftwareInstallersFunc = func(ctx context.Context, tmID uint) ([]fleet.SoftwarePackageResponse, error) { return nil, nil } @@ -285,7 +289,8 @@ func TestGitOpsBasicTeam(t *testing.T) { license := &fleet.LicenseInfo{Tier: fleet.TierPremium, Expiration: time.Now().Add(24 * time.Hour)} _, ds := runServerWithMockedDS( t, &service.TestServerOpts{ - License: license, + License: license, + KeyValueStore: newMemKeyValueStore(), }, ) @@ -373,7 +378,10 @@ func TestGitOpsBasicTeam(t *testing.T) { ds.DeleteMDMAppleDeclarationByNameFunc = func(ctx context.Context, teamID *uint, name string) error { return nil } - ds.BatchSetSoftwareInstallersFunc = func(ctx context.Context, teamID *uint, installers []*fleet.UploadSoftwareInstallerPayload) ([]fleet.SoftwarePackageResponse, error) { + ds.BatchSetSoftwareInstallersFunc = func(ctx context.Context, teamID *uint, installers []*fleet.UploadSoftwareInstallerPayload) error { + return nil + } + ds.GetSoftwareInstallersFunc = func(ctx context.Context, tmID uint) ([]fleet.SoftwarePackageResponse, error) { return nil, nil } ds.ApplyEnrollSecretsFunc = func(ctx context.Context, teamID *uint, secrets []*fleet.EnrollSecret) error { @@ -644,6 +652,7 @@ func TestGitOpsFullTeam(t *testing.T) { MDMPusher: mockPusher{}, FleetConfig: &fleetCfg, NoCacheDatastore: true, + KeyValueStore: newMemKeyValueStore(), }, ) @@ -804,8 +813,11 @@ func TestGitOpsFullTeam(t *testing.T) { return nil } var appliedSoftwareInstallers []*fleet.UploadSoftwareInstallerPayload - ds.BatchSetSoftwareInstallersFunc = func(ctx context.Context, teamID *uint, installers []*fleet.UploadSoftwareInstallerPayload) ([]fleet.SoftwarePackageResponse, error) { + ds.BatchSetSoftwareInstallersFunc = func(ctx context.Context, teamID *uint, installers []*fleet.UploadSoftwareInstallerPayload) error { appliedSoftwareInstallers = installers + return nil + } + ds.GetSoftwareInstallersFunc = func(ctx context.Context, tmID uint) ([]fleet.SoftwarePackageResponse, error) { return nil, nil } ds.SetTeamVPPAppsFunc = func(ctx context.Context, teamID *uint, adamIDs []fleet.VPPAppTeam) error { @@ -937,7 +949,8 @@ func TestGitOpsBasicGlobalAndTeam(t *testing.T) { license := &fleet.LicenseInfo{Tier: fleet.TierPremium, Expiration: time.Now().Add(24 * time.Hour)} _, ds := runServerWithMockedDS( t, &service.TestServerOpts{ - License: license, + License: license, + KeyValueStore: newMemKeyValueStore(), }, ) @@ -1055,7 +1068,10 @@ func TestGitOpsBasicGlobalAndTeam(t *testing.T) { savedTeam = team return team, nil } - ds.BatchSetSoftwareInstallersFunc = func(ctx context.Context, teamID *uint, installers []*fleet.UploadSoftwareInstallerPayload) ([]fleet.SoftwarePackageResponse, error) { + ds.BatchSetSoftwareInstallersFunc = func(ctx context.Context, teamID *uint, installers []*fleet.UploadSoftwareInstallerPayload) error { + return nil + } + ds.GetSoftwareInstallersFunc = func(ctx context.Context, tmID uint) ([]fleet.SoftwarePackageResponse, error) { return nil, nil } ds.ListSoftwareTitlesFunc = func(ctx context.Context, opt fleet.SoftwareTitleListOptions, tmFilter fleet.TeamFilter) ([]fleet.SoftwareTitleListResult, int, *fleet.PaginationMetadata, error) { @@ -1201,7 +1217,8 @@ func TestGitOpsBasicGlobalAndNoTeam(t *testing.T) { license := &fleet.LicenseInfo{Tier: fleet.TierPremium, Expiration: time.Now().Add(24 * time.Hour)} _, ds := runServerWithMockedDS( t, &service.TestServerOpts{ - License: license, + License: license, + KeyValueStore: newMemKeyValueStore(), }, ) // Mock appConfig @@ -1317,7 +1334,10 @@ func TestGitOpsBasicGlobalAndNoTeam(t *testing.T) { savedTeam = team return team, nil } - ds.BatchSetSoftwareInstallersFunc = func(ctx context.Context, teamID *uint, installers []*fleet.UploadSoftwareInstallerPayload) ([]fleet.SoftwarePackageResponse, error) { + ds.BatchSetSoftwareInstallersFunc = func(ctx context.Context, teamID *uint, installers []*fleet.UploadSoftwareInstallerPayload) error { + return nil + } + ds.GetSoftwareInstallersFunc = func(ctx context.Context, tmID uint) ([]fleet.SoftwarePackageResponse, error) { return nil, nil } ds.ListSoftwareTitlesFunc = func(ctx context.Context, opt fleet.SoftwareTitleListOptions, tmFilter fleet.TeamFilter) ([]fleet.SoftwareTitleListResult, int, *fleet.PaginationMetadata, error) { @@ -1634,9 +1654,9 @@ func TestGitOpsTeamSofwareInstallers(t *testing.T) { file string wantErr string }{ - {"testdata/gitops/team_software_installer_not_found.yml", "Please make sure that URLs are publicy accessible to the internet."}, + {"testdata/gitops/team_software_installer_not_found.yml", "Please make sure that URLs are reachable from your Fleet server."}, {"testdata/gitops/team_software_installer_unsupported.yml", "The file should be .pkg, .msi, .exe or .deb."}, - {"testdata/gitops/team_software_installer_too_large.yml", "The maximum file size is 500 MB"}, + {"testdata/gitops/team_software_installer_too_large.yml", "The maximum file size is 500 MiB"}, {"testdata/gitops/team_software_installer_valid.yml", ""}, {"testdata/gitops/team_software_installer_valid_apply.yml", ""}, {"testdata/gitops/team_software_installer_pre_condition_multiple_queries.yml", "should have only one query."}, @@ -1668,10 +1688,13 @@ func TestGitOpsTeamSoftwareInstallersQueryEnv(t *testing.T) { t.Setenv("QUERY_VAR", "IT_WORKS") - ds.BatchSetSoftwareInstallersFunc = func(ctx context.Context, tmID *uint, installers []*fleet.UploadSoftwareInstallerPayload) ([]fleet.SoftwarePackageResponse, error) { + ds.BatchSetSoftwareInstallersFunc = func(ctx context.Context, tmID *uint, installers []*fleet.UploadSoftwareInstallerPayload) error { if installers[0].PreInstallQuery != "select IT_WORKS" { - return nil, fmt.Errorf("Missing env var, got %s", installers[0].PreInstallQuery) + return fmt.Errorf("Missing env var, got %s", installers[0].PreInstallQuery) } + return nil + } + ds.GetSoftwareInstallersFunc = func(ctx context.Context, tmID uint) ([]fleet.SoftwarePackageResponse, error) { return nil, nil } @@ -1686,9 +1709,9 @@ func TestGitOpsNoTeamSoftwareInstallers(t *testing.T) { noTeamFile string wantErr string }{ - {"testdata/gitops/no_team_software_installer_not_found.yml", "Please make sure that URLs are publicy accessible to the internet."}, + {"testdata/gitops/no_team_software_installer_not_found.yml", "Please make sure that URLs are reachable from your Fleet server."}, {"testdata/gitops/no_team_software_installer_unsupported.yml", "The file should be .pkg, .msi, .exe or .deb."}, - {"testdata/gitops/no_team_software_installer_too_large.yml", "The maximum file size is 500 MB"}, + {"testdata/gitops/no_team_software_installer_too_large.yml", "The maximum file size is 500 MiB"}, {"testdata/gitops/no_team_software_installer_valid.yml", ""}, {"testdata/gitops/no_team_software_installer_pre_condition_multiple_queries.yml", "should have only one query."}, {"testdata/gitops/no_team_software_installer_pre_condition_not_found.yml", "no such file or directory"}, @@ -2050,6 +2073,7 @@ func setupFullGitOpsPremiumServer(t *testing.T) (*mock.Store, **fleet.AppConfig, FleetConfig: &fleetCfg, License: license, NoCacheDatastore: true, + KeyValueStore: newMemKeyValueStore(), }, ) @@ -2181,7 +2205,10 @@ func setupFullGitOpsPremiumServer(t *testing.T) (*mock.Store, **fleet.AppConfig, declaration.DeclarationUUID = uuid.NewString() return declaration, nil } - ds.BatchSetSoftwareInstallersFunc = func(ctx context.Context, teamID *uint, installers []*fleet.UploadSoftwareInstallerPayload) ([]fleet.SoftwarePackageResponse, error) { + ds.BatchSetSoftwareInstallersFunc = func(ctx context.Context, teamID *uint, installers []*fleet.UploadSoftwareInstallerPayload) error { + return nil + } + ds.GetSoftwareInstallersFunc = func(ctx context.Context, tmID uint) ([]fleet.SoftwarePackageResponse, error) { return nil, nil } @@ -2890,3 +2917,26 @@ software: }) } } + +type memKeyValueStore struct { + m map[string]string +} + +func newMemKeyValueStore() *memKeyValueStore { + return &memKeyValueStore{ + m: make(map[string]string), + } +} + +func (m *memKeyValueStore) Set(ctx context.Context, key string, value string, expireTime time.Duration) error { + m.m[key] = value + return nil +} + +func (m *memKeyValueStore) Get(ctx context.Context, key string) (*string, error) { + v, ok := m.m[key] + if !ok { + return nil, nil + } + return &v, nil +} diff --git a/ee/server/service/mdm_external_test.go b/ee/server/service/mdm_external_test.go index 1d92d1ce3b..760d046c9c 100644 --- a/ee/server/service/mdm_external_test.go +++ b/ee/server/service/mdm_external_test.go @@ -109,6 +109,7 @@ func setupMockDatastorePremiumService(t testing.TB) (*mock.Store, *eeservice.Ser nil, nil, nil, + nil, ) if err != nil { panic(err) diff --git a/ee/server/service/service.go b/ee/server/service/service.go index 7ef6f8b8a5..fb66f21136 100644 --- a/ee/server/service/service.go +++ b/ee/server/service/service.go @@ -30,6 +30,7 @@ type Service struct { softwareInstallStore fleet.SoftwareInstallerStore bootstrapPackageStore fleet.MDMBootstrapPackageStore distributedLock fleet.Lock + keyValueStore fleet.KeyValueStore } func NewService( @@ -46,6 +47,7 @@ func NewService( softwareInstallStore fleet.SoftwareInstallerStore, bootstrapPackageStore fleet.MDMBootstrapPackageStore, distributedLock fleet.Lock, + keyValueStore fleet.KeyValueStore, ) (*Service, error) { authorizer, err := authz.NewAuthorizer() if err != nil { @@ -67,6 +69,7 @@ func NewService( softwareInstallStore: softwareInstallStore, bootstrapPackageStore: bootstrapPackageStore, distributedLock: distributedLock, + keyValueStore: keyValueStore, } // Override methods that can't be easily overriden via diff --git a/ee/server/service/software_installers.go b/ee/server/service/software_installers.go index 5a1d679106..ac4461a592 100644 --- a/ee/server/service/software_installers.go +++ b/ee/server/service/software_installers.go @@ -14,6 +14,7 @@ import ( "path/filepath" "regexp" "strings" + "time" "github.com/fleetdm/fleet/v4/pkg/file" "github.com/fleetdm/fleet/v4/pkg/fleethttp" @@ -24,6 +25,7 @@ import ( "github.com/fleetdm/fleet/v4/server/fleet" "github.com/fleetdm/fleet/v4/server/mdm/apple/vpp" "github.com/fleetdm/fleet/v4/server/ptr" + "github.com/go-kit/log" kitlog "github.com/go-kit/log" "github.com/go-kit/log/level" "github.com/google/uuid" @@ -1112,13 +1114,21 @@ func (svc *Service) addMetadataToSoftwarePayload(ctx context.Context, payload *f return meta.Extension, nil } -const maxInstallerSizeBytes int64 = 1024 * 1024 * 500 +const ( + maxInstallerSizeBytes int64 = 1024 * 1024 * 500 + batchSoftwarePrefix = "software_batch_" +) func (svc *Service) BatchSetSoftwareInstallers( ctx context.Context, tmName string, payloads []fleet.SoftwareInstallerPayload, dryRun bool, -) ([]fleet.SoftwarePackageResponse, error) { +) (string, error) { if err := svc.authz.Authorize(ctx, &fleet.Team{}, fleet.ActionRead); err != nil { - return nil, err + return "", err + } + + vc, ok := viewer.FromContext(ctx) + if !ok { + return "", fleet.ErrNoContext } var teamID *uint @@ -1127,32 +1137,153 @@ func (svc *Service) BatchSetSoftwareInstallers( if err != nil { // If this is a dry run, the team may not have been created yet if dryRun && fleet.IsNotFound(err) { - return nil, nil + return "", nil } - return nil, err + return "", err } teamID = &tm.ID } if err := svc.authz.Authorize(ctx, &fleet.SoftwareInstaller{TeamID: teamID}, fleet.ActionWrite); err != nil { - return nil, ctxerr.Wrap(ctx, err, "validating authorization") + return "", ctxerr.Wrap(ctx, err, "validating authorization") } + // Verify payloads first, to prevent starting the download+upload process if the data is invalid. for _, payload := range payloads { if len(payload.URL) > fleet.SoftwareInstallerURLMaxLength { - return nil, fleet.NewInvalidArgumentError( + return "", fleet.NewInvalidArgumentError( "software.url", "software URL is too long, must be less than 256 characters", ) } + if _, err := url.ParseRequestURI(payload.URL); err != nil { + return "", fleet.NewInvalidArgumentError( + "software.url", + fmt.Sprintf("Couldn't edit software. URL (%q) is invalid", payload.URL), + ) + } } - vc, ok := viewer.FromContext(ctx) - if !ok { - return nil, fleet.ErrNoContext + // keyExpireTime is the current maximum time supported for retrieving + // the result of a software by batch operation. + const keyExpireTime = 24 * time.Hour + + requestUUID := uuid.NewString() + if err := svc.keyValueStore.Set(ctx, batchSoftwarePrefix+requestUUID, batchSetProcessing, keyExpireTime); err != nil { + return "", ctxerr.Wrapf(ctx, err, "failed to set key as %s", batchSetProcessing) } - g, workerCtx := errgroup.WithContext(ctx) + svc.logger.Log( + "msg", "software batch start", + "request_uuid", requestUUID, + "team_id", teamID, + "payloads", len(payloads), + ) + + go svc.softwareBatchUpload( + requestUUID, + teamID, + vc.UserID(), + payloads, + dryRun, + ) + + return requestUUID, nil +} + +const ( + batchSetProcessing = "processing" + batchSetCompleted = "completed" + batchSetFailedPrefix = "failed:" +) + +func (svc *Service) softwareBatchUpload( + requestUUID string, + teamID *uint, + userID uint, + payloads []fleet.SoftwareInstallerPayload, + dryRun bool, +) { + var batchErr error + + // We do not use the request ctx on purpose because this method runs in the background. + ctx := context.Background() + + defer func(start time.Time) { + status := batchSetCompleted + if batchErr != nil { + status = fmt.Sprintf("%s%s", batchSetFailedPrefix, batchErr) + } + logger := log.With(svc.logger, + "request_uuid", requestUUID, + "team_id", teamID, + "payloads", len(payloads), + "status", status, + "took", time.Since(start), + ) + logger.Log("msg", "software batch done") + // Give 10m for the client to read the result (it overrides the previos expiration time). + if err := svc.keyValueStore.Set(ctx, batchSoftwarePrefix+requestUUID, status, 10*time.Minute); err != nil { + logger.Log("msg", "failed to set result", "err", err) + } + }(time.Now()) + + downloadURLFn := func(ctx context.Context, url string) (http.Header, []byte, error) { + client := fleethttp.NewClient() + client.Transport = fleethttp.NewSizeLimitTransport(maxInstallerSizeBytes) + + req, err := http.NewRequestWithContext(ctx, http.MethodGet, url, nil) + if err != nil { + return nil, nil, fmt.Errorf("creating request for URL %q: %w", url, err) + } + + resp, err := client.Do(req) + if err != nil { + var maxBytesErr *http.MaxBytesError + if errors.Is(err, fleethttp.ErrMaxSizeExceeded) || errors.As(err, &maxBytesErr) { + return nil, nil, fleet.NewInvalidArgumentError( + "software.url", + fmt.Sprintf("Couldn't edit software. URL (%q). The maximum file size is %d MiB", url, maxInstallerSizeBytes/(1024*1024)), + ) + } + + return nil, nil, fmt.Errorf("performing request for URL %q: %w", url, err) + } + defer resp.Body.Close() + + if resp.StatusCode == http.StatusNotFound { + return nil, nil, fleet.NewInvalidArgumentError( + "software.url", + fmt.Sprintf("Couldn't edit software. URL (%q) returned \"Not Found\". Please make sure that URLs are reachable from your Fleet server.", url), + ) + } + + // Allow all 2xx and 3xx status codes in this pass. + if resp.StatusCode >= 400 { + return nil, nil, fleet.NewInvalidArgumentError( + "software.url", + fmt.Sprintf("Couldn't edit software. URL (%q) received response status code %d.", url, resp.StatusCode), + ) + } + + bodyBytes, err := io.ReadAll(resp.Body) + if err != nil { + // the max size error can be received either at client.Do or here when + // reading the body if it's caught via a limited body reader. + var maxBytesErr *http.MaxBytesError + if errors.Is(err, fleethttp.ErrMaxSizeExceeded) || errors.As(err, &maxBytesErr) { + return nil, nil, fleet.NewInvalidArgumentError( + "software.url", + fmt.Sprintf("Couldn't edit software. URL (%q). The maximum file size is %d MiB", url, maxInstallerSizeBytes/(1024*1024)), + ) + } + return nil, nil, fmt.Errorf("reading installer %q contents: %w", url, err) + } + + return resp.Header, bodyBytes, nil + } + + var g errgroup.Group g.SetLimit(3) // critical to avoid data race, the slice is pre-allocated and each // goroutine only writes to its index. @@ -1162,63 +1293,9 @@ func (svc *Service) BatchSetSoftwareInstallers( i, p := i, p g.Go(func() error { - // validate the URL before doing the request - _, err := url.ParseRequestURI(p.URL) + headers, bodyBytes, err := downloadURLFn(ctx, p.URL) if err != nil { - return fleet.NewInvalidArgumentError( - "software.url", - fmt.Sprintf("Couldn't edit software. URL (%q) is invalid", p.URL), - ) - } - client := fleethttp.NewClient() - client.Transport = fleethttp.NewSizeLimitTransport(maxInstallerSizeBytes) - - req, err := http.NewRequestWithContext(workerCtx, http.MethodGet, p.URL, nil) - if err != nil { - return ctxerr.Wrapf(ctx, err, "creating request for URL %s", p.URL) - } - - resp, err := client.Do(req) - if err != nil { - var maxBytesErr *http.MaxBytesError - if errors.Is(err, fleethttp.ErrMaxSizeExceeded) || errors.As(err, &maxBytesErr) { - return fleet.NewInvalidArgumentError( - "software.url", - fmt.Sprintf("Couldn't edit software. URL (%q). The maximum file size is %d MB", p.URL, maxInstallerSizeBytes/(1024*1024)), - ) - } - - return ctxerr.Wrapf(ctx, err, "performing request for URL %s", p.URL) - } - defer resp.Body.Close() - - if resp.StatusCode == http.StatusNotFound { - return fleet.NewInvalidArgumentError( - "software.url", - fmt.Sprintf("Couldn't edit software. URL (%q) doesn't exist. Please make sure that URLs are publicy accessible to the internet.", p.URL), - ) - } - - // Allow all 2xx and 3xx status codes in this pass. - if resp.StatusCode > 400 { - return fleet.NewInvalidArgumentError( - "software.url", - fmt.Sprintf("Couldn't edit software. URL (%q) received response status code %d.", p.URL, resp.StatusCode), - ) - } - - bodyBytes, err := io.ReadAll(resp.Body) - if err != nil { - // the max size error can be received either at client.Do or here when - // reading the body if it's caught via a limited body reader. - var maxBytesErr *http.MaxBytesError - if errors.Is(err, fleethttp.ErrMaxSizeExceeded) || errors.As(err, &maxBytesErr) { - return fleet.NewInvalidArgumentError( - "software.url", - fmt.Sprintf("Couldn't edit software. URL (%q). The maximum file size is %d MB", p.URL, maxInstallerSizeBytes/(1024*1024)), - ) - } - return ctxerr.Wrapf(ctx, err, "reading installer %q contents", p.URL) + return err } installer := &fleet.UploadSoftwareInstallerPayload{ @@ -1229,13 +1306,13 @@ func (svc *Service) BatchSetSoftwareInstallers( UninstallScript: p.UninstallScript, InstallerFile: bytes.NewReader(bodyBytes), SelfService: p.SelfService, - UserID: vc.UserID(), + UserID: userID, URL: p.URL, } // set the filename before adding metadata, as it is used as fallback var filename string - cdh, ok := resp.Header["Content-Disposition"] + cdh, ok := headers["Content-Disposition"] if ok && len(cdh) > 0 { _, params, err := mime.ParseMediaType(cdh[0]) if err == nil { @@ -1273,30 +1350,88 @@ func (svc *Service) BatchSetSoftwareInstallers( } if err := g.Wait(); err != nil { - // NOTE: intentionally not wrapping to avoid polluting user - // errors. - return nil, err + // NOTE: intentionally not wrapping to avoid polluting user errors. + batchErr = err + return } if dryRun { - return nil, nil + return } for _, payload := range installers { if err := svc.storeSoftware(ctx, payload); err != nil { - return nil, ctxerr.Wrap(ctx, err, "storing software installer") + batchErr = fmt.Errorf("storing software installer %q: %w", payload.Filename, err) + return } } - insertedSoftwareInstallers, err := svc.ds.BatchSetSoftwareInstallers(ctx, teamID, installers) - if err != nil { - return nil, ctxerr.Wrap(ctx, err, "batch set software installers") + if err := svc.ds.BatchSetSoftwareInstallers(ctx, teamID, installers); err != nil { + batchErr = fmt.Errorf("batch set software installers: %w", err) + return } // Note: per @noahtalerman we don't want activity items for CLI actions // anymore, so that's intentionally skipped. +} - return insertedSoftwareInstallers, nil +func (svc *Service) GetBatchSetSoftwareInstallersResult(ctx context.Context, tmName string, requestUUID string, dryRun bool) (string, string, []fleet.SoftwarePackageResponse, error) { + // We've already authorized in the POST /api/latest/fleet/software/batch, + // but adding it here so we don't need to worry about a special case endpoint. + if err := svc.authz.Authorize(ctx, &fleet.Team{}, fleet.ActionRead); err != nil { + return "", "", nil, err + } + + result, err := svc.keyValueStore.Get(ctx, batchSoftwarePrefix+requestUUID) + if err != nil { + return "", "", nil, ctxerr.Wrap(ctx, err, "failed to get result") + } + if result == nil { + return "", "", nil, ctxerr.Wrap(ctx, notFoundError{}, "request_uuid not found") + } + + switch { + case *result == batchSetCompleted: + if dryRun { + return fleet.BatchSetSoftwareInstallersStatusCompleted, "", nil, nil + } // this will fall through to retrieving software packages if not a dry run. + case *result == batchSetProcessing: + return fleet.BatchSetSoftwareInstallersStatusProcessing, "", nil, nil + case strings.HasPrefix(*result, batchSetFailedPrefix): + message := strings.TrimPrefix(*result, batchSetFailedPrefix) + return fleet.BatchSetSoftwareInstallersStatusFailed, message, nil, nil + default: + return "", "", nil, ctxerr.New(ctx, "invalid status") + } + + var ( + teamID uint // GetSoftwareInstallers uses 0 for "No team" + ptrTeamID *uint // Authorize uses *uint for "No team" teamID + ) + if tmName != "" { + team, err := svc.ds.TeamByName(ctx, tmName) + if err != nil { + return "", "", nil, ctxerr.Wrap(ctx, err, "load team by name") + } + teamID = team.ID + ptrTeamID = &team.ID + } + + // We've already authorized in the POST /api/latest/fleet/software/batch, + // but adding it here so we don't need to worry about a special case endpoint. + // + // We use fleet.ActionWrite because this method is the counterpart of the POST + // /api/latest/fleet/software/batch. + if err := svc.authz.Authorize(ctx, &fleet.SoftwareInstaller{TeamID: ptrTeamID}, fleet.ActionWrite); err != nil { + return "", "", nil, ctxerr.Wrap(ctx, err, "validating authorization") + } + + softwarePackages, err := svc.ds.GetSoftwareInstallers(ctx, teamID) + if err != nil { + return "", "", nil, ctxerr.Wrap(ctx, err, "get software installers") + } + + return fleet.BatchSetSoftwareInstallersStatusCompleted, "", softwarePackages, nil } func (svc *Service) SelfServiceInstallSoftwareTitle(ctx context.Context, host *fleet.Host, softwareTitleID uint) error { diff --git a/server/datastore/mysql/software_installers.go b/server/datastore/mysql/software_installers.go index 5aa7a2f11d..7d7f0169e3 100644 --- a/server/datastore/mysql/software_installers.go +++ b/server/datastore/mysql/software_installers.go @@ -768,7 +768,7 @@ func (ds *Datastore) CleanupUnusedSoftwareInstallers(ctx context.Context, softwa return ctxerr.Wrap(ctx, err, "cleanup unused software installers") } -func (ds *Datastore) BatchSetSoftwareInstallers(ctx context.Context, tmID *uint, installers []*fleet.UploadSoftwareInstallerPayload) ([]fleet.SoftwarePackageResponse, error) { +func (ds *Datastore) BatchSetSoftwareInstallers(ctx context.Context, tmID *uint, installers []*fleet.UploadSoftwareInstallerPayload) error { const upsertSoftwareTitles = ` INSERT INTO software_titles (name, source, browser) @@ -878,23 +878,12 @@ ON DUPLICATE KEY UPDATE url = VALUES(url) ` - const loadInsertedSoftwareInstallers = ` -SELECT - team_id, - title_id, - url -FROM - software_installers -WHERE global_or_team_id = ? -` - // use a team id of 0 if no-team var globalOrTeamID uint if tmID != nil { globalOrTeamID = *tmID } - var insertedSoftwareInstallers []fleet.SoftwarePackageResponse if err := ds.withRetryTxx(ctx, func(tx sqlx.ExtContext) error { // if no installers are provided, just delete whatever was in // the table @@ -1040,15 +1029,11 @@ WHERE global_or_team_id = ? } } - if err := sqlx.SelectContext(ctx, tx, &insertedSoftwareInstallers, loadInsertedSoftwareInstallers, globalOrTeamID); err != nil { - return ctxerr.Wrap(ctx, err, "load inserted software installers") - } - return nil }); err != nil { - return nil, err + return err } - return insertedSoftwareInstallers, nil + return nil } func (ds *Datastore) HasSelfServiceSoftwareInstallers(ctx context.Context, hostPlatform string, hostTeamID *uint) (bool, error) { @@ -1135,3 +1120,21 @@ func (ds *Datastore) UpdateSoftwareInstallerWithoutPackageIDs(ctx context.Contex } return nil } + +func (ds *Datastore) GetSoftwareInstallers(ctx context.Context, teamID uint) ([]fleet.SoftwarePackageResponse, error) { + const loadInsertedSoftwareInstallers = ` +SELECT + team_id, + title_id, + url +FROM + software_installers +WHERE global_or_team_id = ? +` + var softwarePackages []fleet.SoftwarePackageResponse + // Using ds.writer(ctx) on purpose because this method is to be called after applying software. + if err := sqlx.SelectContext(ctx, ds.writer(ctx), &softwarePackages, loadInsertedSoftwareInstallers, teamID); err != nil { + return nil, ctxerr.Wrap(ctx, err, "get software installers") + } + return softwarePackages, nil +} diff --git a/server/datastore/mysql/software_installers_test.go b/server/datastore/mysql/software_installers_test.go index 862d70063a..178b858071 100644 --- a/server/datastore/mysql/software_installers_test.go +++ b/server/datastore/mysql/software_installers_test.go @@ -630,11 +630,15 @@ func testBatchSetSoftwareInstallers(t *testing.T, ds *Datastore) { } // batch set with everything empty - softwareInstallers, err := ds.BatchSetSoftwareInstallers(ctx, &team.ID, nil) + err = ds.BatchSetSoftwareInstallers(ctx, &team.ID, nil) + require.NoError(t, err) + softwareInstallers, err := ds.GetSoftwareInstallers(ctx, team.ID) require.NoError(t, err) require.Empty(t, softwareInstallers) assertSoftware(nil) - softwareInstallers, err = ds.BatchSetSoftwareInstallers(ctx, &team.ID, []*fleet.UploadSoftwareInstallerPayload{}) + err = ds.BatchSetSoftwareInstallers(ctx, &team.ID, []*fleet.UploadSoftwareInstallerPayload{}) + require.NoError(t, err) + softwareInstallers, err = ds.GetSoftwareInstallers(ctx, team.ID) require.NoError(t, err) require.Empty(t, softwareInstallers) assertSoftware(nil) @@ -642,7 +646,7 @@ func testBatchSetSoftwareInstallers(t *testing.T, ds *Datastore) { // add a single installer ins0 := "installer0" ins0File := bytes.NewReader([]byte("installer0")) - softwareInstallers, err = ds.BatchSetSoftwareInstallers(ctx, &team.ID, []*fleet.UploadSoftwareInstallerPayload{{ + err = ds.BatchSetSoftwareInstallers(ctx, &team.ID, []*fleet.UploadSoftwareInstallerPayload{{ InstallScript: "install", InstallerFile: ins0File, StorageID: ins0, @@ -656,6 +660,8 @@ func testBatchSetSoftwareInstallers(t *testing.T, ds *Datastore) { URL: "https://example.com", }}) require.NoError(t, err) + softwareInstallers, err = ds.GetSoftwareInstallers(ctx, team.ID) + require.NoError(t, err) require.Len(t, softwareInstallers, 1) require.NotNil(t, softwareInstallers[0].TeamID) require.Equal(t, team.ID, *softwareInstallers[0].TeamID) @@ -668,7 +674,7 @@ func testBatchSetSoftwareInstallers(t *testing.T, ds *Datastore) { // add a new installer + ins0 installer ins1 := "installer1" ins1File := bytes.NewReader([]byte("installer1")) - softwareInstallers, err = ds.BatchSetSoftwareInstallers(ctx, &team.ID, []*fleet.UploadSoftwareInstallerPayload{ + err = ds.BatchSetSoftwareInstallers(ctx, &team.ID, []*fleet.UploadSoftwareInstallerPayload{ { InstallScript: "install", InstallerFile: ins0File, @@ -698,6 +704,8 @@ func testBatchSetSoftwareInstallers(t *testing.T, ds *Datastore) { }, }) require.NoError(t, err) + softwareInstallers, err = ds.GetSoftwareInstallers(ctx, team.ID) + require.NoError(t, err) require.Len(t, softwareInstallers, 2) require.NotNil(t, softwareInstallers[0].TitleID) require.NotNil(t, softwareInstallers[0].TeamID) @@ -713,7 +721,7 @@ func testBatchSetSoftwareInstallers(t *testing.T, ds *Datastore) { }) // remove ins0 - softwareInstallers, err = ds.BatchSetSoftwareInstallers(ctx, &team.ID, []*fleet.UploadSoftwareInstallerPayload{ + err = ds.BatchSetSoftwareInstallers(ctx, &team.ID, []*fleet.UploadSoftwareInstallerPayload{ { InstallScript: "install", PostInstallScript: "post-install", @@ -728,6 +736,8 @@ func testBatchSetSoftwareInstallers(t *testing.T, ds *Datastore) { }, }) require.NoError(t, err) + softwareInstallers, err = ds.GetSoftwareInstallers(ctx, team.ID) + require.NoError(t, err) require.Len(t, softwareInstallers, 1) require.NotNil(t, softwareInstallers[0].TitleID) require.NotNil(t, softwareInstallers[0].TeamID) @@ -737,7 +747,9 @@ func testBatchSetSoftwareInstallers(t *testing.T, ds *Datastore) { }) // remove everything - softwareInstallers, err = ds.BatchSetSoftwareInstallers(ctx, &team.ID, []*fleet.UploadSoftwareInstallerPayload{}) + err = ds.BatchSetSoftwareInstallers(ctx, &team.ID, []*fleet.UploadSoftwareInstallerPayload{}) + require.NoError(t, err) + softwareInstallers, err = ds.GetSoftwareInstallers(ctx, team.ID) require.NoError(t, err) require.Empty(t, softwareInstallers) assertSoftware([]fleet.SoftwareTitle{}) diff --git a/server/fleet/datastore.go b/server/fleet/datastore.go index 9f9a9de504..99b2cdb7d2 100644 --- a/server/fleet/datastore.go +++ b/server/fleet/datastore.go @@ -1711,7 +1711,8 @@ type Datastore interface { CleanupUnusedSoftwareInstallers(ctx context.Context, softwareInstallStore SoftwareInstallerStore, removeCreatedBefore time.Time) error // BatchSetSoftwareInstallers sets the software installers for the given team or no team. - BatchSetSoftwareInstallers(ctx context.Context, tmID *uint, installers []*UploadSoftwareInstallerPayload) ([]SoftwarePackageResponse, error) + BatchSetSoftwareInstallers(ctx context.Context, tmID *uint, installers []*UploadSoftwareInstallerPayload) error + GetSoftwareInstallers(ctx context.Context, tmID uint) ([]SoftwarePackageResponse, error) // HasSelfServiceSoftwareInstallers returns true if self-service software installers are available for the team or globally. HasSelfServiceSoftwareInstallers(ctx context.Context, platform string, teamID *uint) (bool, error) diff --git a/server/fleet/service.go b/server/fleet/service.go index 8599e464e1..24756ebb6d 100644 --- a/server/fleet/service.go +++ b/server/fleet/service.go @@ -643,9 +643,15 @@ type Service interface { // GetSoftwareInstallResults gets the results for a particular software install attempt. GetSoftwareInstallResults(ctx context.Context, installUUID string) (*HostSoftwareInstallerResult, error) - // BatchSetSoftwareInstallers replaces the software installers for a specified team. - // Returns the metadata of inserted software installers. - BatchSetSoftwareInstallers(ctx context.Context, tmName string, payloads []SoftwareInstallerPayload, dryRun bool) ([]SoftwarePackageResponse, error) + // BatchSetSoftwareInstallers asynchronously replaces the software installers for a specified team. + // Returns a request UUID that can be used to track an ongoing batch request (with GetBatchSetSoftwareInstallersResult). + BatchSetSoftwareInstallers(ctx context.Context, tmName string, payloads []SoftwareInstallerPayload, dryRun bool) (string, error) + // GetBatchSetSoftwareInstallersResult polls for the status of a batch-apply started by BatchSetSoftwareInstallers. + // Return values: + // - 'status': status of the batch-apply which can be "processing", "completed" or "failed". + // - 'message': which contains error information when the status is "failed". + // - 'packages': Contains the list of the applied software packages (when status is "completed"). This is always empty for a dry run. + GetBatchSetSoftwareInstallersResult(ctx context.Context, tmName string, requestUUID string, dryRun bool) (status string, message string, packages []SoftwarePackageResponse, err error) // SelfServiceInstallSoftwareTitle installs a software title // initiated by the user @@ -1120,3 +1126,17 @@ type Service interface { // CalendarWebhook handles incoming calendar callback requests. CalendarWebhook(ctx context.Context, eventUUID string, channelID string, resourceState string) error } + +type KeyValueStore interface { + Set(ctx context.Context, key string, value string, expireTime time.Duration) error + Get(ctx context.Context, key string) (*string, error) +} + +const ( + // BatchSetSoftwareInstallerStatusProcessing is the value returned for an ongoing BatchSetSoftwareInstallers operation. + BatchSetSoftwareInstallersStatusProcessing = "processing" + // BatchSetSoftwareInstallerStatusCompleted is the value returned for a completed BatchSetSoftwareInstallers operation. + BatchSetSoftwareInstallersStatusCompleted = "completed" + // BatchSetSoftwareInstallerStatusFailed is the value returned for a failed BatchSetSoftwareInstallers operation. + BatchSetSoftwareInstallersStatusFailed = "failed" +) diff --git a/server/mock/datastore_mock.go b/server/mock/datastore_mock.go index bc009c4ea3..a592559bdf 100644 --- a/server/mock/datastore_mock.go +++ b/server/mock/datastore_mock.go @@ -1070,7 +1070,9 @@ type GetSoftwareInstallResultsFunc func(ctx context.Context, resultsUUID string) type CleanupUnusedSoftwareInstallersFunc func(ctx context.Context, softwareInstallStore fleet.SoftwareInstallerStore, removeCreatedBefore time.Time) error -type BatchSetSoftwareInstallersFunc func(ctx context.Context, tmID *uint, installers []*fleet.UploadSoftwareInstallerPayload) ([]fleet.SoftwarePackageResponse, error) +type BatchSetSoftwareInstallersFunc func(ctx context.Context, tmID *uint, installers []*fleet.UploadSoftwareInstallerPayload) error + +type GetSoftwareInstallersFunc func(ctx context.Context, tmID uint) ([]fleet.SoftwarePackageResponse, error) type HasSelfServiceSoftwareInstallersFunc func(ctx context.Context, platform string, teamID *uint) (bool, error) @@ -2667,6 +2669,9 @@ type DataStore struct { BatchSetSoftwareInstallersFunc BatchSetSoftwareInstallersFunc BatchSetSoftwareInstallersFuncInvoked bool + GetSoftwareInstallersFunc GetSoftwareInstallersFunc + GetSoftwareInstallersFuncInvoked bool + HasSelfServiceSoftwareInstallersFunc HasSelfServiceSoftwareInstallersFunc HasSelfServiceSoftwareInstallersFuncInvoked bool @@ -6369,13 +6374,20 @@ func (s *DataStore) CleanupUnusedSoftwareInstallers(ctx context.Context, softwar return s.CleanupUnusedSoftwareInstallersFunc(ctx, softwareInstallStore, removeCreatedBefore) } -func (s *DataStore) BatchSetSoftwareInstallers(ctx context.Context, tmID *uint, installers []*fleet.UploadSoftwareInstallerPayload) ([]fleet.SoftwarePackageResponse, error) { +func (s *DataStore) BatchSetSoftwareInstallers(ctx context.Context, tmID *uint, installers []*fleet.UploadSoftwareInstallerPayload) error { s.mu.Lock() s.BatchSetSoftwareInstallersFuncInvoked = true s.mu.Unlock() return s.BatchSetSoftwareInstallersFunc(ctx, tmID, installers) } +func (s *DataStore) GetSoftwareInstallers(ctx context.Context, tmID uint) ([]fleet.SoftwarePackageResponse, error) { + s.mu.Lock() + s.GetSoftwareInstallersFuncInvoked = true + s.mu.Unlock() + return s.GetSoftwareInstallersFunc(ctx, tmID) +} + func (s *DataStore) HasSelfServiceSoftwareInstallers(ctx context.Context, platform string, teamID *uint) (bool, error) { s.mu.Lock() s.HasSelfServiceSoftwareInstallersFuncInvoked = true diff --git a/server/service/client_software.go b/server/service/client_software.go index 413e6dc7e9..60a0911093 100644 --- a/server/service/client_software.go +++ b/server/service/client_software.go @@ -1,7 +1,10 @@ package service import ( + "errors" + "fmt" "net/url" + "time" "github.com/fleetdm/fleet/v4/server/fleet" ) @@ -29,14 +32,38 @@ func (c *Client) ListSoftwareTitles(query string) ([]fleet.SoftwareTitleListResu } func (c *Client) ApplyNoTeamSoftwareInstallers(softwareInstallers []fleet.SoftwareInstallerPayload, opts fleet.ApplySpecOptions) ([]fleet.SoftwarePackageResponse, error) { - verb, path := "POST", "/api/latest/fleet/software/batch" query, err := url.ParseQuery(opts.RawQuery()) if err != nil { return nil, err } + return c.applySoftwareInstallers(softwareInstallers, query, opts.DryRun) +} + +func (c *Client) applySoftwareInstallers(softwareInstallers []fleet.SoftwareInstallerPayload, query url.Values, dryRun bool) ([]fleet.SoftwarePackageResponse, error) { + path := "/api/latest/fleet/software/batch" var resp batchSetSoftwareInstallersResponse - if err := c.authenticatedRequestWithQuery(map[string]interface{}{"software": softwareInstallers}, verb, path, &resp, query.Encode()); err != nil { + if err := c.authenticatedRequestWithQuery(map[string]interface{}{"software": softwareInstallers}, "POST", path, &resp, query.Encode()); err != nil { return nil, err } - return resp.Packages, nil + if dryRun && resp.RequestUUID == "" { + return nil, nil + } + + requestUUID := resp.RequestUUID + for { + var resp batchSetSoftwareInstallersResultResponse + if err := c.authenticatedRequestWithQuery(nil, "GET", path+"/"+requestUUID, &resp, query.Encode()); err != nil { + return nil, err + } + switch { + case resp.Status == fleet.BatchSetSoftwareInstallersStatusProcessing: + time.Sleep(5 * time.Second) + case resp.Status == fleet.BatchSetSoftwareInstallersStatusFailed: + return nil, errors.New(resp.Message) + case resp.Status == fleet.BatchSetSoftwareInstallersStatusCompleted: + return resp.Packages, nil + default: + return nil, fmt.Errorf("unknown status: %q", resp.Status) + } + } } diff --git a/server/service/client_teams.go b/server/service/client_teams.go index 5c5180a6b7..5d541e903c 100644 --- a/server/service/client_teams.go +++ b/server/service/client_teams.go @@ -94,17 +94,12 @@ func (c *Client) ApplyTeamScripts(tmName string, scripts []fleet.ScriptPayload, } func (c *Client) ApplyTeamSoftwareInstallers(tmName string, softwareInstallers []fleet.SoftwareInstallerPayload, opts fleet.ApplySpecOptions) ([]fleet.SoftwarePackageResponse, error) { - verb, path := "POST", "/api/latest/fleet/software/batch" query, err := url.ParseQuery(opts.RawQuery()) if err != nil { return nil, err } query.Add("team_name", tmName) - var resp batchSetSoftwareInstallersResponse - if err := c.authenticatedRequestWithQuery(map[string]interface{}{"software": softwareInstallers}, verb, path, &resp, query.Encode()); err != nil { - return nil, err - } - return resp.Packages, nil + return c.applySoftwareInstallers(softwareInstallers, query, opts.DryRun) } func (c *Client) ApplyTeamAppStoreAppsAssociation(tmName string, vppBatchPayload []fleet.VPPBatchPayload, opts fleet.ApplySpecOptions) error { diff --git a/server/service/handler.go b/server/service/handler.go index 21bdd2f7ed..7012393952 100644 --- a/server/service/handler.go +++ b/server/service/handler.go @@ -381,7 +381,10 @@ func attachFleetAPIRoutes(r *mux.Router, svc fleet.Service, config config.FleetC ue.DELETE("/api/_version_/fleet/software/titles/{title_id:[0-9]+}/available_for_install", deleteSoftwareInstallerEndpoint, deleteSoftwareInstallerRequest{}) ue.GET("/api/_version_/fleet/software/install/{install_uuid}/results", getSoftwareInstallResultsEndpoint, getSoftwareInstallResultsRequest{}) + // POST /api/_version_/fleet/software/batch is asynchronous, meaning it will start the process of software download+upload in the background + // and will return a request UUID to be used in GET /api/_version_/fleet/software/batch/{request_uuid} to query for the status of the operation. ue.POST("/api/_version_/fleet/software/batch", batchSetSoftwareInstallersEndpoint, batchSetSoftwareInstallersRequest{}) + ue.GET("/api/_version_/fleet/software/batch/{request_uuid}", batchSetSoftwareInstallersResultEndpoint, batchSetSoftwareInstallersResultRequest{}) // App store software ue.GET("/api/_version_/fleet/software/app_store_apps", getAppStoreAppsEndpoint, getAppStoreAppsRequest{}) diff --git a/server/service/integration_enterprise_test.go b/server/service/integration_enterprise_test.go index 9255e95bef..cb2a979668 100644 --- a/server/service/integration_enterprise_test.go +++ b/server/service/integration_enterprise_test.go @@ -10903,6 +10903,10 @@ func (s *integrationEnterpriseTestSuite) TestBatchSetSoftwareInstallers() { // create an HTTP server to host the software installer handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + if r.URL.Path != "/ruby.deb" { + w.WriteHeader(http.StatusNotFound) + return + } file, err := os.Open(filepath.Join("testdata", "software-installers", "ruby.deb")) require.NoError(t, err) defer file.Close() @@ -10914,11 +10918,28 @@ func (s *integrationEnterpriseTestSuite) TestBatchSetSoftwareInstallers() { srv := httptest.NewServer(handler) t.Cleanup(srv.Close) - // do a request with a valid URL + // do a request with a URL that returns a 404. softwareToInstall = []fleet.SoftwareInstallerPayload{ - {URL: srv.URL}, + {URL: srv.URL + "/not_found.pkg"}, } - s.Do("POST", "/api/latest/fleet/software/batch", batchSetSoftwareInstallersRequest{Software: softwareToInstall}, http.StatusOK, "team_name", tm.Name) + var batchResponse batchSetSoftwareInstallersResponse + s.DoJSON("POST", "/api/latest/fleet/software/batch", batchSetSoftwareInstallersRequest{Software: softwareToInstall}, http.StatusOK, &batchResponse, "team_name", tm.Name) + message := waitBatchSetSoftwareInstallersFailed(t, s, tm.Name, batchResponse.RequestUUID) + require.NotEmpty(t, message) + require.Contains(t, message, fmt.Sprintf("validation failed: software.url Couldn't edit software. URL (\"%s/not_found.pkg\") returned \"Not Found\". Please make sure that URLs are reachable from your Fleet server.", srv.URL)) + + // do a request with a valid URL + rubyURL := srv.URL + "/ruby.deb" + softwareToInstall = []fleet.SoftwareInstallerPayload{ + {URL: rubyURL}, + } + s.DoJSON("POST", "/api/latest/fleet/software/batch", batchSetSoftwareInstallersRequest{Software: softwareToInstall}, http.StatusOK, &batchResponse, "team_name", tm.Name) + packages := waitBatchSetSoftwareInstallersCompleted(t, s, tm.Name, batchResponse.RequestUUID) + require.Len(t, packages, 1) + require.NotNil(t, packages[0].TitleID) + require.Equal(t, rubyURL, packages[0].URL) + require.NotNil(t, packages[0].TeamID) + require.Equal(t, tm.ID, *packages[0].TeamID) // TODO(roberto): test with a variety of response codes @@ -10929,7 +10950,7 @@ func (s *integrationEnterpriseTestSuite) TestBatchSetSoftwareInstallers() { require.Len(t, titlesResp.SoftwareTitles, 1) // Check that the URL is set to software installers uploaded via batch. require.NotNil(t, titlesResp.SoftwareTitles[0].SoftwarePackage.PackageURL) - require.Equal(t, srv.URL, *titlesResp.SoftwareTitles[0].SoftwarePackage.PackageURL) + require.Equal(t, rubyURL, *titlesResp.SoftwareTitles[0].SoftwarePackage.PackageURL) // check that platform is set when the installer is created mysql.ExecAdhocSQL(t, s.ds, func(q sqlx.ExtContext) error { @@ -10942,14 +10963,26 @@ func (s *integrationEnterpriseTestSuite) TestBatchSetSoftwareInstallers() { }) // same payload doesn't modify anything - s.Do("POST", "/api/latest/fleet/software/batch", batchSetSoftwareInstallersRequest{Software: softwareToInstall}, http.StatusOK, "team_name", tm.Name) + s.DoJSON("POST", "/api/latest/fleet/software/batch", batchSetSoftwareInstallersRequest{Software: softwareToInstall}, http.StatusOK, &batchResponse, "team_name", tm.Name) + packages = waitBatchSetSoftwareInstallersCompleted(t, s, tm.Name, batchResponse.RequestUUID) + require.Len(t, packages, 1) + require.NotNil(t, packages[0].TitleID) + require.Equal(t, rubyURL, packages[0].URL) + require.NotNil(t, packages[0].TeamID) + require.Equal(t, tm.ID, *packages[0].TeamID) newTitlesResp := listSoftwareTitlesResponse{} s.DoJSON("GET", "/api/v1/fleet/software/titles", nil, http.StatusOK, &newTitlesResp, "available_for_install", "true", "team_id", strconv.Itoa(int(tm.ID))) require.Equal(t, titlesResp, newTitlesResp) // setting self-service to true updates the software title metadata softwareToInstall[0].SelfService = true - s.Do("POST", "/api/latest/fleet/software/batch", batchSetSoftwareInstallersRequest{Software: softwareToInstall}, http.StatusOK, "team_name", tm.Name) + s.DoJSON("POST", "/api/latest/fleet/software/batch", batchSetSoftwareInstallersRequest{Software: softwareToInstall}, http.StatusOK, &batchResponse, "team_name", tm.Name) + packages = waitBatchSetSoftwareInstallersCompleted(t, s, tm.Name, batchResponse.RequestUUID) + require.Len(t, packages, 1) + require.NotNil(t, packages[0].TitleID) + require.Equal(t, rubyURL, packages[0].URL) + require.NotNil(t, packages[0].TeamID) + require.Equal(t, tm.ID, *packages[0].TeamID) newTitlesResp = listSoftwareTitlesResponse{} s.DoJSON("GET", "/api/v1/fleet/software/titles", nil, http.StatusOK, &newTitlesResp, "available_for_install", "true", "team_id", strconv.Itoa(int(tm.ID))) titlesResp.SoftwareTitles[0].SoftwarePackage.SelfService = ptr.Bool(true) @@ -10957,7 +10990,9 @@ func (s *integrationEnterpriseTestSuite) TestBatchSetSoftwareInstallers() { // empty payload cleans the software items softwareToInstall = []fleet.SoftwareInstallerPayload{} - s.Do("POST", "/api/latest/fleet/software/batch", batchSetSoftwareInstallersRequest{Software: softwareToInstall}, http.StatusOK, "team_name", tm.Name) + s.DoJSON("POST", "/api/latest/fleet/software/batch", batchSetSoftwareInstallersRequest{Software: softwareToInstall}, http.StatusOK, &batchResponse, "team_name", tm.Name) + packages = waitBatchSetSoftwareInstallersCompleted(t, s, tm.Name, batchResponse.RequestUUID) + require.Empty(t, packages) titlesResp = listSoftwareTitlesResponse{} s.DoJSON("GET", "/api/v1/fleet/software/titles", nil, http.StatusOK, &titlesResp, "available_for_install", "true", "team_id", strconv.Itoa(int(tm.ID))) require.Equal(t, 0, titlesResp.Count) @@ -10967,9 +11002,14 @@ func (s *integrationEnterpriseTestSuite) TestBatchSetSoftwareInstallers() { // Do a request with a valid URL with no team ////////////////////////// softwareToInstall = []fleet.SoftwareInstallerPayload{ - {URL: srv.URL}, + {URL: rubyURL}, } - s.Do("POST", "/api/latest/fleet/software/batch", batchSetSoftwareInstallersRequest{Software: softwareToInstall}, http.StatusOK) + s.DoJSON("POST", "/api/latest/fleet/software/batch", batchSetSoftwareInstallersRequest{Software: softwareToInstall}, http.StatusOK, &batchResponse) + packages = waitBatchSetSoftwareInstallersCompleted(t, s, "", batchResponse.RequestUUID) + require.Len(t, packages, 1) + require.NotNil(t, packages[0].TitleID) + require.Equal(t, rubyURL, packages[0].URL) + require.Nil(t, packages[0].TeamID) // check the application status on team 0 titlesResp = listSoftwareTitlesResponse{} @@ -10978,14 +11018,24 @@ func (s *integrationEnterpriseTestSuite) TestBatchSetSoftwareInstallers() { require.Len(t, titlesResp.SoftwareTitles, 1) // same payload doesn't modify anything - s.Do("POST", "/api/latest/fleet/software/batch", batchSetSoftwareInstallersRequest{Software: softwareToInstall}, http.StatusOK) + s.DoJSON("POST", "/api/latest/fleet/software/batch", batchSetSoftwareInstallersRequest{Software: softwareToInstall}, http.StatusOK, &batchResponse) + packages = waitBatchSetSoftwareInstallersCompleted(t, s, "", batchResponse.RequestUUID) + require.Len(t, packages, 1) + require.NotNil(t, packages[0].TitleID) + require.Equal(t, rubyURL, packages[0].URL) + require.Nil(t, packages[0].TeamID) newTitlesResp = listSoftwareTitlesResponse{} s.DoJSON("GET", "/api/v1/fleet/software/titles", nil, http.StatusOK, &newTitlesResp, "available_for_install", "true", "team_id", strconv.Itoa(int(0))) require.Equal(t, titlesResp, newTitlesResp) // setting self-service to true updates the software title metadata softwareToInstall[0].SelfService = true - s.Do("POST", "/api/latest/fleet/software/batch", batchSetSoftwareInstallersRequest{Software: softwareToInstall}, http.StatusOK) + s.DoJSON("POST", "/api/latest/fleet/software/batch", batchSetSoftwareInstallersRequest{Software: softwareToInstall}, http.StatusOK, &batchResponse) + packages = waitBatchSetSoftwareInstallersCompleted(t, s, "", batchResponse.RequestUUID) + require.Len(t, packages, 1) + require.NotNil(t, packages[0].TitleID) + require.Equal(t, rubyURL, packages[0].URL) + require.Nil(t, packages[0].TeamID) newTitlesResp = listSoftwareTitlesResponse{} s.DoJSON("GET", "/api/v1/fleet/software/titles", nil, http.StatusOK, &newTitlesResp, "available_for_install", "true", "team_id", strconv.Itoa(int(0))) titlesResp.SoftwareTitles[0].SoftwarePackage.SelfService = ptr.Bool(true) @@ -10993,13 +11043,50 @@ func (s *integrationEnterpriseTestSuite) TestBatchSetSoftwareInstallers() { // empty payload cleans the software items softwareToInstall = []fleet.SoftwareInstallerPayload{} - s.Do("POST", "/api/latest/fleet/software/batch", batchSetSoftwareInstallersRequest{Software: softwareToInstall}, http.StatusOK) + s.DoJSON("POST", "/api/latest/fleet/software/batch", batchSetSoftwareInstallersRequest{Software: softwareToInstall}, http.StatusOK, &batchResponse) + packages = waitBatchSetSoftwareInstallersCompleted(t, s, "", batchResponse.RequestUUID) + require.Empty(t, packages) titlesResp = listSoftwareTitlesResponse{} s.DoJSON("GET", "/api/v1/fleet/software/titles", nil, http.StatusOK, &titlesResp, "available_for_install", "true", "team_id", strconv.Itoa(int(0))) require.Equal(t, 0, titlesResp.Count) require.Len(t, titlesResp.SoftwareTitles, 0) } +func waitBatchSetSoftwareInstallersCompleted(t *testing.T, s *integrationEnterpriseTestSuite, teamName string, requestUUID string) []fleet.SoftwarePackageResponse { + timeout := time.After(1 * time.Minute) + for { + var batchResultResponse batchSetSoftwareInstallersResultResponse + s.DoJSON("GET", "/api/latest/fleet/software/batch/"+requestUUID, nil, http.StatusOK, &batchResultResponse, "team_name", teamName) + if batchResultResponse.Status == fleet.BatchSetSoftwareInstallersStatusCompleted { + return batchResultResponse.Packages + } + select { + case <-timeout: + t.Fatalf("timeout: %s, %s", teamName, requestUUID) + case <-time.After(500 * time.Millisecond): + // OK, continue + } + } +} + +func waitBatchSetSoftwareInstallersFailed(t *testing.T, s *integrationEnterpriseTestSuite, teamName string, requestUUID string) string { + timeout := time.After(1 * time.Minute) + for { + var batchResultResponse batchSetSoftwareInstallersResultResponse + s.DoJSON("GET", "/api/latest/fleet/software/batch/"+requestUUID, nil, http.StatusOK, &batchResultResponse, "team_name", teamName) + if batchResultResponse.Status == fleet.BatchSetSoftwareInstallersStatusFailed { + require.Empty(t, batchResultResponse.Packages) + return batchResultResponse.Message + } + select { + case <-timeout: + t.Fatalf("timeout: %s, %s", teamName, requestUUID) + case <-time.After(500 * time.Millisecond): + // OK, continue + } + } +} + func (s *integrationEnterpriseTestSuite) TestBatchSetSoftwareInstallersSideEffects() { t := s.T() @@ -11030,7 +11117,14 @@ func (s *integrationEnterpriseTestSuite) TestBatchSetSoftwareInstallersSideEffec softwareToInstall := []fleet.SoftwareInstallerPayload{ {URL: srv.URL}, } - s.Do("POST", "/api/latest/fleet/software/batch", batchSetSoftwareInstallersRequest{Software: softwareToInstall}, http.StatusOK, "team_name", tm.Name) + var batchResponse batchSetSoftwareInstallersResponse + s.DoJSON("POST", "/api/latest/fleet/software/batch", batchSetSoftwareInstallersRequest{Software: softwareToInstall}, http.StatusOK, &batchResponse, "team_name", tm.Name) + packages := waitBatchSetSoftwareInstallersCompleted(t, s, tm.Name, batchResponse.RequestUUID) + require.Len(t, packages, 1) + require.NotNil(t, packages[0].TitleID) + require.NotNil(t, packages[0].TeamID) + require.Equal(t, tm.ID, *packages[0].TeamID) + require.Equal(t, srv.URL, packages[0].URL) titlesResp := listSoftwareTitlesResponse{} s.DoJSON("GET", "/api/v1/fleet/software/titles", nil, http.StatusOK, &titlesResp, "available_for_install", "true", "team_id", strconv.Itoa(int(tm.ID))) titleResponse := getSoftwareTitleResponse{} @@ -11068,7 +11162,13 @@ func (s *integrationEnterpriseTestSuite) TestBatchSetSoftwareInstallersSideEffec // Switch self-service flag softwareToInstall[0].SelfService = true - s.Do("POST", "/api/latest/fleet/software/batch", batchSetSoftwareInstallersRequest{Software: softwareToInstall}, http.StatusOK, "team_name", tm.Name) + s.DoJSON("POST", "/api/latest/fleet/software/batch", batchSetSoftwareInstallersRequest{Software: softwareToInstall}, http.StatusOK, &batchResponse, "team_name", tm.Name) + packages = waitBatchSetSoftwareInstallersCompleted(t, s, tm.Name, batchResponse.RequestUUID) + require.Len(t, packages, 1) + require.NotNil(t, packages[0].TitleID) + require.NotNil(t, packages[0].TeamID) + require.Equal(t, tm.ID, *packages[0].TeamID) + require.Equal(t, srv.URL, packages[0].URL) newTitlesResp := listSoftwareTitlesResponse{} s.DoJSON("GET", "/api/v1/fleet/software/titles", nil, http.StatusOK, &newTitlesResp, "available_for_install", "true", "team_id", strconv.Itoa(int(tm.ID))) require.Equal(t, true, *newTitlesResp.SoftwareTitles[0].SoftwarePackage.SelfService) @@ -11082,7 +11182,13 @@ func (s *integrationEnterpriseTestSuite) TestBatchSetSoftwareInstallersSideEffec withUpdatedPreinstallQuery := []fleet.SoftwareInstallerPayload{ {URL: srv.URL, PreInstallQuery: "SELECT * FROM os_version"}, } - s.Do("POST", "/api/latest/fleet/software/batch", batchSetSoftwareInstallersRequest{Software: withUpdatedPreinstallQuery}, http.StatusOK, "team_name", tm.Name) + s.DoJSON("POST", "/api/latest/fleet/software/batch", batchSetSoftwareInstallersRequest{Software: withUpdatedPreinstallQuery}, http.StatusOK, &batchResponse, "team_name", tm.Name) + packages = waitBatchSetSoftwareInstallersCompleted(t, s, tm.Name, batchResponse.RequestUUID) + require.Len(t, packages, 1) + require.NotNil(t, packages[0].TitleID) + require.NotNil(t, packages[0].TeamID) + require.Equal(t, tm.ID, *packages[0].TeamID) + require.Equal(t, srv.URL, packages[0].URL) titleResponse = getSoftwareTitleResponse{} s.DoJSON("GET", fmt.Sprintf("/api/v1/fleet/software/titles/%d", newTitlesResp.SoftwareTitles[0].ID), nil, http.StatusOK, &titleResponse, "team_id", strconv.Itoa(int(tm.ID))) require.Equal(t, "SELECT * FROM os_version", titleResponse.SoftwareTitle.SoftwarePackage.PreInstallQuery) @@ -11119,7 +11225,13 @@ func (s *integrationEnterpriseTestSuite) TestBatchSetSoftwareInstallersSideEffec withUpdatedInstallScript := []fleet.SoftwareInstallerPayload{ {URL: srv.URL, InstallScript: "apt install ruby"}, } - s.Do("POST", "/api/latest/fleet/software/batch", batchSetSoftwareInstallersRequest{Software: withUpdatedInstallScript}, http.StatusOK, "team_name", tm.Name) + s.DoJSON("POST", "/api/latest/fleet/software/batch", batchSetSoftwareInstallersRequest{Software: withUpdatedInstallScript}, http.StatusOK, &batchResponse, "team_name", tm.Name) + packages = waitBatchSetSoftwareInstallersCompleted(t, s, tm.Name, batchResponse.RequestUUID) + require.Len(t, packages, 1) + require.NotNil(t, packages[0].TitleID) + require.NotNil(t, packages[0].TeamID) + require.Equal(t, tm.ID, *packages[0].TeamID) + require.Equal(t, srv.URL, packages[0].URL) // ensure install count is the same, and uploaded_at hasn't changed s.DoJSON("GET", fmt.Sprintf("/api/v1/fleet/software/titles/%d", newTitlesResp.SoftwareTitles[0].ID), nil, http.StatusOK, &titleResponse, "team_id", strconv.Itoa(int(tm.ID))) @@ -11134,7 +11246,13 @@ func (s *integrationEnterpriseTestSuite) TestBatchSetSoftwareInstallersSideEffec trailer = " " // add a character to the response for the installer HTTP call to ensure the file hashes differently // update package - s.Do("POST", "/api/latest/fleet/software/batch", batchSetSoftwareInstallersRequest{Software: withUpdatedInstallScript}, http.StatusOK, "team_name", tm.Name) + s.DoJSON("POST", "/api/latest/fleet/software/batch", batchSetSoftwareInstallersRequest{Software: withUpdatedInstallScript}, http.StatusOK, &batchResponse, "team_name", tm.Name) + packages = waitBatchSetSoftwareInstallersCompleted(t, s, tm.Name, batchResponse.RequestUUID) + require.Len(t, packages, 1) + require.NotNil(t, packages[0].TitleID) + require.NotNil(t, packages[0].TeamID) + require.Equal(t, tm.ID, *packages[0].TeamID) + require.Equal(t, srv.URL, packages[0].URL) // ensure install count is zeroed and uploaded_at HAS changed s.DoJSON("GET", fmt.Sprintf("/api/v1/fleet/software/titles/%d", newTitlesResp.SoftwareTitles[0].ID), nil, http.StatusOK, &titleResponse, "team_id", strconv.Itoa(int(tm.ID))) @@ -11198,7 +11316,15 @@ func (s *integrationEnterpriseTestSuite) TestBatchSetSoftwareInstallersWithPolic URL: srv.URL + "/ruby.deb", }, } - s.Do("POST", "/api/latest/fleet/software/batch", batchSetSoftwareInstallersRequest{Software: softwareToInstall}, http.StatusOK, "team_name", team1.Name) + var batchResponse batchSetSoftwareInstallersResponse + s.DoJSON("POST", "/api/latest/fleet/software/batch", batchSetSoftwareInstallersRequest{Software: softwareToInstall}, http.StatusOK, &batchResponse, "team_name", team1.Name) + packages := waitBatchSetSoftwareInstallersCompleted(t, s, team1.Name, batchResponse.RequestUUID) + require.Len(t, packages, 1) + require.NotNil(t, packages[0].TitleID) + require.NotNil(t, packages[0].TeamID) + require.Equal(t, team1.ID, *packages[0].TeamID) + require.Equal(t, srv.URL+"/ruby.deb", packages[0].URL) + // team2 has dummy_installer.pkg and ruby.deb. softwareToInstall = []fleet.SoftwareInstallerPayload{ { @@ -11208,7 +11334,20 @@ func (s *integrationEnterpriseTestSuite) TestBatchSetSoftwareInstallersWithPolic URL: srv.URL + "/ruby.deb", }, } - s.Do("POST", "/api/latest/fleet/software/batch", batchSetSoftwareInstallersRequest{Software: softwareToInstall}, http.StatusOK, "team_name", team2.Name) + s.DoJSON("POST", "/api/latest/fleet/software/batch", batchSetSoftwareInstallersRequest{Software: softwareToInstall}, http.StatusOK, &batchResponse, "team_name", team2.Name) + packages = waitBatchSetSoftwareInstallersCompleted(t, s, team2.Name, batchResponse.RequestUUID) + sort.Slice(packages, func(i, j int) bool { + return packages[i].URL < packages[j].URL + }) + require.Len(t, packages, 2) + require.NotNil(t, packages[0].TitleID) + require.NotNil(t, packages[0].TeamID) + require.Equal(t, team2.ID, *packages[0].TeamID) + require.Equal(t, srv.URL+"/dummy_installer.pkg", packages[0].URL) + require.NotNil(t, packages[1].TitleID) + require.NotNil(t, packages[1].TeamID) + require.Equal(t, team2.ID, *packages[1].TeamID) + require.Equal(t, srv.URL+"/ruby.deb", packages[1].URL) // Associate ruby.deb to policy1Team1. resp := listSoftwareTitlesResponse{} @@ -11238,7 +11377,9 @@ func (s *integrationEnterpriseTestSuite) TestBatchSetSoftwareInstallersWithPolic // Get rid of all installers in team1. softwareToInstall = []fleet.SoftwareInstallerPayload{} - s.Do("POST", "/api/latest/fleet/software/batch", batchSetSoftwareInstallersRequest{Software: softwareToInstall}, http.StatusOK, "team_name", team1.Name) + s.DoJSON("POST", "/api/latest/fleet/software/batch", batchSetSoftwareInstallersRequest{Software: softwareToInstall}, http.StatusOK, &batchResponse, "team_name", team1.Name) + packages = waitBatchSetSoftwareInstallersCompleted(t, s, team1.Name, batchResponse.RequestUUID) + require.Len(t, packages, 0) // policy1Team1 should not be associated to any installer. policy1Team1, err = s.ds.Policy(ctx, policy1Team1.ID) diff --git a/server/service/redis_key_value/redis_key_value.go b/server/service/redis_key_value/redis_key_value.go new file mode 100644 index 0000000000..010c24c19c --- /dev/null +++ b/server/service/redis_key_value/redis_key_value.go @@ -0,0 +1,58 @@ +// Package redis_key_value implements a most basic SET & GET key/value store +// where both the key and the value are strings. +package redis_key_value + +import ( + "context" + "errors" + "time" + + "github.com/fleetdm/fleet/v4/server/contexts/ctxerr" + "github.com/fleetdm/fleet/v4/server/datastore/redis" + "github.com/fleetdm/fleet/v4/server/fleet" + redigo "github.com/gomodule/redigo/redis" +) + +// RedisKeyValue is a basic key/value store with SET and GET operations +// Items are removed via expiration (defined in the SET operation). +type RedisKeyValue struct { + pool fleet.RedisPool + testPrefix string // for tests, the key prefix to use to avoid conflicts +} + +// New creates a new RedisKeyValue store. +func New(pool fleet.RedisPool) *RedisKeyValue { + return &RedisKeyValue{pool: pool} +} + +// prefix is used to not collide with other key domains (like live queries or calendar locks). +const prefix = "key_value_" + +// Set creates or overrides the given key with the given value. +// Argument expireTime is used to set the expiration of the item +// (when updating, the expiration of the item is updated). +func (r *RedisKeyValue) Set(ctx context.Context, key string, value string, expireTime time.Duration) error { + conn := redis.ConfigureDoer(r.pool, r.pool.Get()) + defer conn.Close() + + if _, err := redigo.String(conn.Do("SET", r.testPrefix+prefix+key, value, "PX", expireTime.Milliseconds())); err != nil { + return ctxerr.Wrap(ctx, err, "redis failed to set") + } + return nil +} + +// Get returns the value for a given key. +// It returns (nil, nil) if the key doesn't exist. +func (r *RedisKeyValue) Get(ctx context.Context, key string) (*string, error) { + conn := redis.ConfigureDoer(r.pool, r.pool.Get()) + defer conn.Close() + + res, err := redigo.String(conn.Do("GET", r.testPrefix+prefix+key)) + if errors.Is(err, redigo.ErrNil) { + return nil, nil + } + if err != nil { + return nil, ctxerr.Wrap(ctx, err, "redis failed to get") + } + return &res, nil +} diff --git a/server/service/redis_key_value/redis_key_value_test.go b/server/service/redis_key_value/redis_key_value_test.go new file mode 100644 index 0000000000..5f410e4a49 --- /dev/null +++ b/server/service/redis_key_value/redis_key_value_test.go @@ -0,0 +1,92 @@ +package redis_key_value + +import ( + "context" + "testing" + "time" + + "github.com/fleetdm/fleet/v4/server/datastore/redis/redistest" + "github.com/fleetdm/fleet/v4/server/fleet" + "github.com/fleetdm/fleet/v4/server/test" + "github.com/stretchr/testify/require" +) + +func TestRedisKeyValue(t *testing.T) { + for _, f := range []func(*testing.T, *RedisKeyValue){ + testSetGet, + } { + t.Run(test.FunctionName(f), func(t *testing.T) { + t.Run("standalone", func(t *testing.T) { + kv := setupRedis(t, false, false) + f(t, kv) + }) + t.Run("cluster", func(t *testing.T) { + kv := setupRedis(t, true, true) + f(t, kv) + }) + }) + } +} + +func setupRedis(t testing.TB, cluster, redir bool) *RedisKeyValue { + pool := redistest.SetupRedis(t, t.Name(), cluster, redir, true) + return newRedisKeyValueForTest(t, pool) +} + +type testName interface { + Name() string +} + +func newRedisKeyValueForTest(t testName, pool fleet.RedisPool) *RedisKeyValue { + return &RedisKeyValue{ + pool: pool, + testPrefix: t.Name() + ":", + } +} + +func testSetGet(t *testing.T, kv *RedisKeyValue) { + ctx := context.Background() + + result, err := kv.Get(ctx, "foo") + require.NoError(t, err) + require.Nil(t, result) + + err = kv.Set(ctx, "foo", "bar", 5*time.Second) + require.NoError(t, err) + + result, err = kv.Get(ctx, "foo") + require.NoError(t, err) + require.NotNil(t, result) + require.Equal(t, "bar", *result) + + err = kv.Set(ctx, "foo", "zoo", 5*time.Second) + require.NoError(t, err) + + result, err = kv.Get(ctx, "foo") + require.NoError(t, err) + require.NotNil(t, result) + require.Equal(t, "zoo", *result) + + err = kv.Set(ctx, "boo", "bar", 2*time.Second) + require.NoError(t, err) + result, err = kv.Get(ctx, "boo") + require.NoError(t, err) + require.NotNil(t, result) + require.Equal(t, "bar", *result) + + time.Sleep(3 * time.Second) + result, err = kv.Get(ctx, "boo") + require.NoError(t, err) + require.Nil(t, result) + + // Updating an item, updates the expiration time. + err = kv.Set(ctx, "test", "foo", 2*time.Second) + require.NoError(t, err) + err = kv.Set(ctx, "test", "foo", 10*time.Second) + require.NoError(t, err) + time.Sleep(5 * time.Second) + result, err = kv.Get(ctx, "test") + require.NoError(t, err) + require.NotNil(t, result) + require.Equal(t, "foo", *result) +} diff --git a/server/service/software_installers.go b/server/service/software_installers.go index 0542d769c8..b10b6a6f4c 100644 --- a/server/service/software_installers.go +++ b/server/service/software_installers.go @@ -546,27 +546,64 @@ type batchSetSoftwareInstallersRequest struct { } type batchSetSoftwareInstallersResponse struct { - Packages []fleet.SoftwarePackageResponse `json:"packages"` - Err error `json:"error,omitempty"` + RequestUUID string `json:"request_uuid"` + Err error `json:"error,omitempty"` } func (r batchSetSoftwareInstallersResponse) error() error { return r.Err } func batchSetSoftwareInstallersEndpoint(ctx context.Context, request interface{}, svc fleet.Service) (errorer, error) { req := request.(*batchSetSoftwareInstallersRequest) - packages, err := svc.BatchSetSoftwareInstallers(ctx, req.TeamName, req.Software, req.DryRun) + requestUUID, err := svc.BatchSetSoftwareInstallers(ctx, req.TeamName, req.Software, req.DryRun) if err != nil { return batchSetSoftwareInstallersResponse{Err: err}, nil } - return batchSetSoftwareInstallersResponse{Packages: packages}, nil + return batchSetSoftwareInstallersResponse{RequestUUID: requestUUID}, nil } -func (svc *Service) BatchSetSoftwareInstallers(ctx context.Context, tmName string, payloads []fleet.SoftwareInstallerPayload, dryRun bool) ([]fleet.SoftwarePackageResponse, error) { +func (svc *Service) BatchSetSoftwareInstallers(ctx context.Context, tmName string, payloads []fleet.SoftwareInstallerPayload, dryRun bool) (string, error) { // skipauth: No authorization check needed due to implementation returning // only license error. svc.authz.SkipAuthorization(ctx) - return nil, fleet.ErrMissingLicense + return "", fleet.ErrMissingLicense +} + +type batchSetSoftwareInstallersResultRequest struct { + RequestUUID string `url:"request_uuid"` + TeamName string `query:"team_name,optional"` + DryRun bool `query:"dry_run,optional"` // if true, apply validation but do not save changes +} + +type batchSetSoftwareInstallersResultResponse struct { + Status string `json:"status"` + Message string `json:"message"` + Packages []fleet.SoftwarePackageResponse `json:"packages"` + + Err error `json:"error,omitempty"` +} + +func (r batchSetSoftwareInstallersResultResponse) error() error { return r.Err } + +func batchSetSoftwareInstallersResultEndpoint(ctx context.Context, request interface{}, svc fleet.Service) (errorer, error) { + req := request.(*batchSetSoftwareInstallersResultRequest) + status, message, packages, err := svc.GetBatchSetSoftwareInstallersResult(ctx, req.TeamName, req.RequestUUID, req.DryRun) + if err != nil { + return batchSetSoftwareInstallersResultResponse{Err: err}, nil + } + return batchSetSoftwareInstallersResultResponse{ + Status: status, + Message: message, + Packages: packages, + }, nil +} + +func (svc *Service) GetBatchSetSoftwareInstallersResult(ctx context.Context, tmName string, requestUUID string, dryRun bool) (string, string, []fleet.SoftwarePackageResponse, error) { + // skipauth: No authorization check needed due to implementation returning + // only license error. + svc.authz.SkipAuthorization(ctx) + + return "", "", nil, fleet.ErrMissingLicense } ////////////////////////////////////////////////////////////////////////////// diff --git a/server/service/testing_utils.go b/server/service/testing_utils.go index 674f6c4441..7e5937c56c 100644 --- a/server/service/testing_utils.go +++ b/server/service/testing_utils.go @@ -34,6 +34,7 @@ import ( "github.com/fleetdm/fleet/v4/server/ptr" "github.com/fleetdm/fleet/v4/server/service/async" "github.com/fleetdm/fleet/v4/server/service/mock" + "github.com/fleetdm/fleet/v4/server/service/redis_key_value" "github.com/fleetdm/fleet/v4/server/service/redis_lock" "github.com/fleetdm/fleet/v4/server/sso" "github.com/fleetdm/fleet/v4/server/test" @@ -72,6 +73,7 @@ func newTestServiceWithConfig(t *testing.T, ds fleet.Datastore, fleetConfig conf softwareInstallStore fleet.SoftwareInstallerStore bootstrapPackageStore fleet.MDMBootstrapPackageStore distributedLock fleet.Lock + keyValueStore fleet.KeyValueStore ) if len(opts) > 0 { if opts[0].Clock != nil { @@ -79,6 +81,10 @@ func newTestServiceWithConfig(t *testing.T, ds fleet.Datastore, fleetConfig conf } } + if len(opts) > 0 && opts[0].KeyValueStore != nil { + keyValueStore = opts[0].KeyValueStore + } + task := async.NewTask(ds, nil, c, config.OsqueryConfig{}) if len(opts) > 0 { if opts[0].Task != nil { @@ -99,6 +105,7 @@ func newTestServiceWithConfig(t *testing.T, ds fleet.Datastore, fleetConfig conf ssoStore = sso.NewSessionStore(opts[0].Pool) profMatcher = apple_mdm.NewProfileMatcher(opts[0].Pool) distributedLock = redis_lock.NewLock(opts[0].Pool) + keyValueStore = redis_key_value.New(opts[0].Pool) } if opts[0].ProfileMatcher != nil { profMatcher = opts[0].ProfileMatcher @@ -203,6 +210,7 @@ func newTestServiceWithConfig(t *testing.T, ds fleet.Datastore, fleetConfig conf softwareInstallStore, bootstrapPackageStore, distributedLock, + keyValueStore, ) if err != nil { panic(err) @@ -317,6 +325,7 @@ type TestServerOpts struct { NoCacheDatastore bool SoftwareInstallStore fleet.SoftwareInstallerStore BootstrapPackageStore fleet.MDMBootstrapPackageStore + KeyValueStore fleet.KeyValueStore } func RunServerForTestsWithDS(t *testing.T, ds fleet.Datastore, opts ...*TestServerOpts) (map[string]fleet.User, *httptest.Server) { From 92d3b708d7114f2f86ce080e9c5131aba13ff39e Mon Sep 17 00:00:00 2001 From: Brock Walters <153771548+nonpunctual@users.noreply.github.com> Date: Fri, 20 Sep 2024 13:04:37 -0400 Subject: [PATCH 03/18] Update discovering-chrome-ai-using-fleet.md (#22268) It's 1 letter. I waited days to do this. :) --- articles/discovering-chrome-ai-using-fleet.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/articles/discovering-chrome-ai-using-fleet.md b/articles/discovering-chrome-ai-using-fleet.md index 126894c565..3c39b370b3 100644 --- a/articles/discovering-chrome-ai-using-fleet.md +++ b/articles/discovering-chrome-ai-using-fleet.md @@ -50,7 +50,7 @@ In this case, `jq` is used to locate and read the value of the `tab_organization ### Step 3: Query the JSON file with Fleet -To detect Chrome AI features in Fleet, use SQL query like the following: +To detect Chrome AI features in Fleet, use a SQL query like the following: ``` SELECT fullkey,path FROM parse_json WHERE path LIKE '/Users/%/Library/Application Support/Google/Chrome/Default/Preferences' AND fullkey='optimization_guide/tab_organization_setting_state'; From eeb0579763dcc048bc62d051ea7fbbc1f2a80372 Mon Sep 17 00:00:00 2001 From: Noah Talerman <47070608+noahtalerman@users.noreply.github.com> Date: Fri, 20 Sep 2024 13:16:41 -0400 Subject: [PATCH 04/18] Dogfood: remove "Explore data (fleetdm.com)" team (#22246) --- it-and-security/lib/explore-data.queries.yml | 3210 ------------------ it-and-security/teams/explore-data.yml | 44 - 2 files changed, 3254 deletions(-) delete mode 100644 it-and-security/lib/explore-data.queries.yml delete mode 100644 it-and-security/teams/explore-data.yml diff --git a/it-and-security/lib/explore-data.queries.yml b/it-and-security/lib/explore-data.queries.yml deleted file mode 100644 index deb070644d..0000000000 --- a/it-and-security/lib/explore-data.queries.yml +++ /dev/null @@ -1,3210 +0,0 @@ -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - account_policy_data' - observer_can_run: false - platform: "" - query: SELECT * FROM account_policy_data; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - ad_config' - observer_can_run: false - platform: "" - query: SELECT * FROM ad_config; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - alf' - observer_can_run: false - platform: "" - query: SELECT * FROM alf; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - alf_exceptions' - observer_can_run: false - platform: "" - query: SELECT * FROM alf_exceptions; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - alf_explicit_auths' - observer_can_run: false - platform: "" - query: SELECT * FROM alf_explicit_auths; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - apfs_physical_stores' - observer_can_run: false - platform: "" - query: SELECT * FROM apfs_physical_stores; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - apfs_volumes' - observer_can_run: false - platform: "" - query: SELECT * FROM apfs_volumes; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - app_icons' - observer_can_run: false - platform: "" - query: SELECT * FROM app_icons; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - app_schemes' - observer_can_run: false - platform: "" - query: SELECT * FROM app_schemes; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - apparmor_events' - observer_can_run: false - platform: "" - query: SELECT * FROM apparmor_events; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - apparmor_profiles' - observer_can_run: false - platform: "" - query: SELECT * FROM apparmor_profiles; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - appcompat_shims' - observer_can_run: false - platform: "" - query: SELECT * FROM appcompat_shims; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - apps' - observer_can_run: false - platform: "" - query: SELECT * FROM apps; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - apt_sources' - observer_can_run: false - platform: "" - query: SELECT * FROM apt_sources; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - arp_cache' - observer_can_run: false - platform: "" - query: SELECT * FROM arp_cache; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - asl' - observer_can_run: false - platform: "" - query: SELECT * FROM asl; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - atom_packages' - observer_can_run: false - platform: "" - query: SELECT * FROM atom_packages; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - augeas' - observer_can_run: false - platform: "" - query: SELECT * FROM augeas; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - authdb' - observer_can_run: false - platform: "" - query: SELECT * FROM authdb; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - authenticode' - observer_can_run: false - platform: "" - query: SELECT * FROM authenticode; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - authorization_mechanisms' - observer_can_run: false - platform: "" - query: SELECT * FROM authorization_mechanisms; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - authorizations' - observer_can_run: false - platform: "" - query: SELECT * FROM authorizations; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - authorized_keys' - observer_can_run: false - platform: "" - query: SELECT * FROM authorized_keys; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - autoexec' - observer_can_run: false - platform: "" - query: SELECT * FROM autoexec; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - azure_instance_metadata' - observer_can_run: false - platform: "" - query: SELECT * FROM azure_instance_metadata; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - azure_instance_tags' - observer_can_run: false - platform: "" - query: SELECT * FROM azure_instance_tags; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - background_activities_moderator' - observer_can_run: false - platform: "" - query: SELECT * FROM background_activities_moderator; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - battery' - observer_can_run: false - platform: "" - query: SELECT * FROM battery; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - bitlocker_info' - observer_can_run: false - platform: "" - query: SELECT * FROM bitlocker_info; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - block_devices' - observer_can_run: false - platform: "" - query: SELECT * FROM block_devices; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - bpf_process_events' - observer_can_run: false - platform: "" - query: SELECT * FROM bpf_process_events; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - bpf_socket_events' - observer_can_run: false - platform: "" - query: SELECT * FROM bpf_socket_events; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - carbon_black_info' - observer_can_run: false - platform: "" - query: SELECT * FROM carbon_black_info; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - carves' - observer_can_run: false - platform: "" - query: SELECT * FROM carves; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - certificates' - observer_can_run: false - platform: "" - query: SELECT * FROM certificates; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - chassis_info' - observer_can_run: false - platform: "" - query: SELECT * FROM chassis_info; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - chocolatey_packages' - observer_can_run: false - platform: "" - query: SELECT * FROM chocolatey_packages; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - chrome_extension_content_scripts' - observer_can_run: false - platform: "" - query: SELECT * FROM chrome_extension_content_scripts; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - chrome_extensions' - observer_can_run: false - platform: "" - query: SELECT * FROM chrome_extensions; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - cis_audit' - observer_can_run: false - platform: "" - query: SELECT * FROM cis_audit; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - connected_displays' - observer_can_run: false - platform: "" - query: SELECT * FROM connected_displays; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - connectivity' - observer_can_run: false - platform: "" - query: SELECT * FROM connectivity; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - corestorage_logical_volume_families' - observer_can_run: false - platform: "" - query: SELECT * FROM corestorage_logical_volume_families; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - corestorage_logical_volumes' - observer_can_run: false - platform: "" - query: SELECT * FROM corestorage_logical_volumes; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - cpu_info' - observer_can_run: false - platform: "" - query: SELECT * FROM cpu_info; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - cpu_time' - observer_can_run: false - platform: "" - query: SELECT * FROM cpu_time; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - cpuid' - observer_can_run: false - platform: "" - query: SELECT * FROM cpuid; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - crashes' - observer_can_run: false - platform: "" - query: SELECT * FROM crashes; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - crontab' - observer_can_run: false - platform: "" - query: SELECT * FROM crontab; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - cryptoinfo' - observer_can_run: false - platform: "" - query: SELECT * FROM cryptoinfo; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - cryptsetup_status' - observer_can_run: false - platform: "" - query: SELECT * FROM cryptsetup_status; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - csrutil_info' - observer_can_run: false - platform: "" - query: SELECT * FROM csrutil_info; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - cups_destinations' - observer_can_run: false - platform: "" - query: SELECT * FROM cups_destinations; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - cups_jobs' - observer_can_run: false - platform: "" - query: SELECT * FROM cups_jobs; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - curl' - observer_can_run: false - platform: "" - query: SELECT * FROM curl; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - curl_certificate' - observer_can_run: false - platform: "" - query: SELECT * FROM curl_certificate; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - deb_packages' - observer_can_run: false - platform: "" - query: SELECT * FROM deb_packages; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - default_environment' - observer_can_run: false - platform: "" - query: SELECT * FROM default_environment; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - device_file' - observer_can_run: false - platform: "" - query: SELECT * FROM device_file; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - device_firmware' - observer_can_run: false - platform: "" - query: SELECT * FROM device_firmware; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - device_hash' - observer_can_run: false - platform: "" - query: SELECT * FROM device_hash; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - device_partitions' - observer_can_run: false - platform: "" - query: SELECT * FROM device_partitions; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - disk_encryption' - observer_can_run: false - platform: "" - query: SELECT * FROM disk_encryption; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - disk_events' - observer_can_run: false - platform: "" - query: SELECT * FROM disk_events; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - disk_info' - observer_can_run: false - platform: "" - query: SELECT * FROM disk_info; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - dns_cache' - observer_can_run: false - platform: "" - query: SELECT * FROM dns_cache; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - dns_resolvers' - observer_can_run: false - platform: "" - query: SELECT * FROM dns_resolvers; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - docker_container_envs' - observer_can_run: false - platform: "" - query: SELECT * FROM docker_container_envs; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - docker_container_fs_changes' - observer_can_run: false - platform: "" - query: SELECT * FROM docker_container_fs_changes; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - docker_container_labels' - observer_can_run: false - platform: "" - query: SELECT * FROM docker_container_labels; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - docker_container_mounts' - observer_can_run: false - platform: "" - query: SELECT * FROM docker_container_mounts; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - docker_container_networks' - observer_can_run: false - platform: "" - query: SELECT * FROM docker_container_networks; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - docker_container_ports' - observer_can_run: false - platform: "" - query: SELECT * FROM docker_container_ports; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - docker_container_processes' - observer_can_run: false - platform: "" - query: SELECT * FROM docker_container_processes; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - docker_container_stats' - observer_can_run: false - platform: "" - query: SELECT * FROM docker_container_stats; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - docker_containers' - observer_can_run: false - platform: "" - query: SELECT * FROM docker_containers; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - docker_image_history' - observer_can_run: false - platform: "" - query: SELECT * FROM docker_image_history; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - docker_image_labels' - observer_can_run: false - platform: "" - query: SELECT * FROM docker_image_labels; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - docker_image_layers' - observer_can_run: false - platform: "" - query: SELECT * FROM docker_image_layers; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - docker_images' - observer_can_run: false - platform: "" - query: SELECT * FROM docker_images; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - docker_info' - observer_can_run: false - platform: "" - query: SELECT * FROM docker_info; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - docker_network_labels' - observer_can_run: false - platform: "" - query: SELECT * FROM docker_network_labels; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - docker_networks' - observer_can_run: false - platform: "" - query: SELECT * FROM docker_networks; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - docker_version' - observer_can_run: false - platform: "" - query: SELECT * FROM docker_version; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - docker_volume_labels' - observer_can_run: false - platform: "" - query: SELECT * FROM docker_volume_labels; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - docker_volumes' - observer_can_run: false - platform: "" - query: SELECT * FROM docker_volumes; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - drivers' - observer_can_run: false - platform: "" - query: SELECT * FROM drivers; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - dscl' - observer_can_run: false - platform: "" - query: SELECT * FROM dscl; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - ec2_instance_metadata' - observer_can_run: false - platform: "" - query: SELECT * FROM ec2_instance_metadata; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - ec2_instance_tags' - observer_can_run: false - platform: "" - query: SELECT * FROM ec2_instance_tags; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - es_process_events' - observer_can_run: false - platform: "" - query: SELECT * FROM es_process_events; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - es_process_file_events' - observer_can_run: false - platform: "" - query: SELECT * FROM es_process_file_events; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - etc_hosts' - observer_can_run: false - platform: "" - query: SELECT * FROM etc_hosts; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - etc_protocols' - observer_can_run: false - platform: "" - query: SELECT * FROM etc_protocols; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - etc_services' - observer_can_run: false - platform: "" - query: SELECT * FROM etc_services; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - event_taps' - observer_can_run: false - platform: "" - query: SELECT * FROM event_taps; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - extended_attributes' - observer_can_run: false - platform: "" - query: SELECT * FROM extended_attributes; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - falcon_kernel_check' - observer_can_run: false - platform: "" - query: SELECT * FROM falcon_kernel_check; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - falconctl_options' - observer_can_run: false - platform: "" - query: SELECT * FROM falconctl_options; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - fan_speed_sensors' - observer_can_run: false - platform: "" - query: SELECT * FROM fan_speed_sensors; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - file' - observer_can_run: false - platform: "" - query: SELECT * FROM file; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - file_events' - observer_can_run: false - platform: "" - query: SELECT * FROM file_events; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - file_lines' - observer_can_run: false - platform: "" - query: SELECT * FROM file_lines; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - filevault_prk' - observer_can_run: false - platform: "" - query: SELECT * FROM filevault_prk; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - filevault_status' - observer_can_run: false - platform: "" - query: SELECT * FROM filevault_status; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - filevault_users' - observer_can_run: false - platform: "" - query: SELECT * FROM filevault_users; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - find_cmd' - observer_can_run: false - platform: "" - query: SELECT * FROM find_cmd; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - firefox_addons' - observer_can_run: false - platform: "" - query: SELECT * FROM firefox_addons; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - firefox_preferences' - observer_can_run: false - platform: "" - query: SELECT * FROM firefox_preferences; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - firmware_eficheck_integrity_check' - observer_can_run: false - platform: "" - query: SELECT * FROM firmware_eficheck_integrity_check; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - firmwarepasswd' - observer_can_run: false - platform: "" - query: SELECT * FROM firmwarepasswd; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - gatekeeper' - observer_can_run: false - platform: "" - query: SELECT * FROM gatekeeper; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - gatekeeper_approved_apps' - observer_can_run: false - platform: "" - query: SELECT * FROM gatekeeper_approved_apps; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - geolocation' - observer_can_run: false - platform: "" - query: SELECT * FROM geolocation; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - google_chrome_profiles' - observer_can_run: false - platform: "" - query: SELECT * FROM google_chrome_profiles; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - groups' - observer_can_run: false - platform: "" - query: SELECT * FROM groups; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - hardware_events' - observer_can_run: false - platform: "" - query: SELECT * FROM hardware_events; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - hash' - observer_can_run: false - platform: "" - query: SELECT * FROM hash; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - homebrew_packages' - observer_can_run: false - platform: "" - query: SELECT * FROM homebrew_packages; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - hvci_status' - observer_can_run: false - platform: "" - query: SELECT * FROM hvci_status; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - ibridge_info' - observer_can_run: false - platform: "" - query: SELECT * FROM ibridge_info; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - icloud_private_relay' - observer_can_run: false - platform: "" - query: SELECT * FROM icloud_private_relay; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - ie_extensions' - observer_can_run: false - platform: "" - query: SELECT * FROM ie_extensions; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - intel_me_info' - observer_can_run: false - platform: "" - query: SELECT * FROM intel_me_info; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - interface_addresses' - observer_can_run: false - platform: "" - query: SELECT * FROM interface_addresses; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - interface_details' - observer_can_run: false - platform: "" - query: SELECT * FROM interface_details; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - interface_ipv6' - observer_can_run: false - platform: "" - query: SELECT * FROM interface_ipv6; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - iokit_devicetree' - observer_can_run: false - platform: "" - query: SELECT * FROM iokit_devicetree; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - iokit_registry' - observer_can_run: false - platform: "" - query: SELECT * FROM iokit_registry; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - ioreg' - observer_can_run: false - platform: "" - query: SELECT * FROM ioreg; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - kernel_extensions' - observer_can_run: false - platform: "" - query: SELECT * FROM kernel_extensions; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - kernel_info' - observer_can_run: false - platform: "" - query: SELECT * FROM kernel_info; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - kernel_keys' - observer_can_run: false - platform: "" - query: SELECT * FROM kernel_keys; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - kernel_modules' - observer_can_run: false - platform: "" - query: SELECT * FROM kernel_modules; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - kernel_panics' - observer_can_run: false - platform: "" - query: SELECT * FROM kernel_panics; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - keychain_acls' - observer_can_run: false - platform: "" - query: SELECT * FROM keychain_acls; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - keychain_items' - observer_can_run: false - platform: "" - query: SELECT * FROM keychain_items; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - known_hosts' - observer_can_run: false - platform: "" - query: SELECT * FROM known_hosts; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - kva_speculative_info' - observer_can_run: false - platform: "" - query: SELECT * FROM kva_speculative_info; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - last' - observer_can_run: false - platform: "" - query: SELECT * FROM last; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - launchd' - observer_can_run: false - platform: "" - query: SELECT * FROM launchd; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - launchd_overrides' - observer_can_run: false - platform: "" - query: SELECT * FROM launchd_overrides; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - listening_ports' - observer_can_run: false - platform: "" - query: SELECT * FROM listening_ports; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - load_average' - observer_can_run: false - platform: "" - query: SELECT * FROM load_average; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - location_services' - observer_can_run: false - platform: "" - query: SELECT * FROM location_services; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - logged_in_users' - observer_can_run: false - platform: "" - query: SELECT * FROM logged_in_users; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - logical_drives' - observer_can_run: false - platform: "" - query: SELECT * FROM logical_drives; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - logon_sessions' - observer_can_run: false - platform: "" - query: SELECT * FROM logon_sessions; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - lxd_certificates' - observer_can_run: false - platform: "" - query: SELECT * FROM lxd_certificates; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - lxd_cluster' - observer_can_run: false - platform: "" - query: SELECT * FROM lxd_cluster; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - lxd_cluster_members' - observer_can_run: false - platform: "" - query: SELECT * FROM lxd_cluster_members; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - lxd_images' - observer_can_run: false - platform: "" - query: SELECT * FROM lxd_images; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - lxd_instance_config' - observer_can_run: false - platform: "" - query: SELECT * FROM lxd_instance_config; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - lxd_instance_devices' - observer_can_run: false - platform: "" - query: SELECT * FROM lxd_instance_devices; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - lxd_instances' - observer_can_run: false - platform: "" - query: SELECT * FROM lxd_instances; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - lxd_networks' - observer_can_run: false - platform: "" - query: SELECT * FROM lxd_networks; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - lxd_storage_pools' - observer_can_run: false - platform: "" - query: SELECT * FROM lxd_storage_pools; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - macadmins_unified_log' - observer_can_run: false - platform: "" - query: SELECT * FROM macadmins_unified_log; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - macos_profiles' - observer_can_run: false - platform: "" - query: SELECT * FROM macos_profiles; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - macos_rsr' - observer_can_run: false - platform: "" - query: SELECT * FROM macos_rsr; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - magic' - observer_can_run: false - platform: "" - query: SELECT * FROM magic; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - managed_policies' - observer_can_run: false - platform: "" - query: SELECT * FROM managed_policies; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - md_devices' - observer_can_run: false - platform: "" - query: SELECT * FROM md_devices; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - md_drives' - observer_can_run: false - platform: "" - query: SELECT * FROM md_drives; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - md_personalities' - observer_can_run: false - platform: "" - query: SELECT * FROM md_personalities; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - mdfind' - observer_can_run: false - platform: "" - query: SELECT * FROM mdfind; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - mdls' - observer_can_run: false - platform: "" - query: SELECT * FROM mdls; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - mdm' - observer_can_run: false - platform: "" - query: SELECT * FROM mdm; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - mdm_bridge' - observer_can_run: false - platform: "" - query: SELECT * FROM mdm_bridge; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - memory_array_mapped_addresses' - observer_can_run: false - platform: "" - query: SELECT * FROM memory_array_mapped_addresses; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - memory_arrays' - observer_can_run: false - platform: "" - query: SELECT * FROM memory_arrays; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - memory_device_mapped_addresses' - observer_can_run: false - platform: "" - query: SELECT * FROM memory_device_mapped_addresses; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - memory_devices' - observer_can_run: false - platform: "" - query: SELECT * FROM memory_devices; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - memory_error_info' - observer_can_run: false - platform: "" - query: SELECT * FROM memory_error_info; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - memory_info' - observer_can_run: false - platform: "" - query: SELECT * FROM memory_info; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - memory_map' - observer_can_run: false - platform: "" - query: SELECT * FROM memory_map; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - mounts' - observer_can_run: false - platform: "" - query: SELECT * FROM mounts; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - msr' - observer_can_run: false - platform: "" - query: SELECT * FROM msr; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - munki_info' - observer_can_run: false - platform: "" - query: SELECT * FROM munki_info; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - munki_installs' - observer_can_run: false - platform: "" - query: SELECT * FROM munki_installs; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - network_interfaces' - observer_can_run: false - platform: "" - query: SELECT * FROM network_interfaces; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - nfs_shares' - observer_can_run: false - platform: "" - query: SELECT * FROM nfs_shares; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - npm_packages' - observer_can_run: false - platform: "" - query: SELECT * FROM npm_packages; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - ntdomains' - observer_can_run: false - platform: "" - query: SELECT * FROM ntdomains; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - ntfs_acl_permissions' - observer_can_run: false - platform: "" - query: SELECT * FROM ntfs_acl_permissions; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - ntfs_journal_events' - observer_can_run: false - platform: "" - query: SELECT * FROM ntfs_journal_events; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - nvram' - observer_can_run: false - platform: "" - query: SELECT * FROM nvram; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - nvram_info' - observer_can_run: false - platform: "" - query: SELECT * FROM nvram_info; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - oem_strings' - observer_can_run: false - platform: "" - query: SELECT * FROM oem_strings; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - office_mru' - observer_can_run: false - platform: "" - query: SELECT * FROM office_mru; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - orbit_info' - observer_can_run: false - platform: "" - query: SELECT * FROM orbit_info; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - os_version' - observer_can_run: false - platform: "" - query: SELECT * FROM os_version; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - osquery_events' - observer_can_run: false - platform: "" - query: SELECT * FROM osquery_events; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - osquery_extensions' - observer_can_run: false - platform: "" - query: SELECT * FROM osquery_extensions; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - osquery_flags' - observer_can_run: false - platform: "" - query: SELECT * FROM osquery_flags; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - osquery_info' - observer_can_run: false - platform: "" - query: SELECT * FROM osquery_info; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - osquery_packs' - observer_can_run: false - platform: "" - query: SELECT * FROM osquery_packs; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - osquery_registry' - observer_can_run: false - platform: "" - query: SELECT * FROM osquery_registry; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - osquery_schedule' - observer_can_run: false - platform: "" - query: SELECT * FROM osquery_schedule; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - package_bom' - observer_can_run: false - platform: "" - query: SELECT * FROM package_bom; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - package_install_history' - observer_can_run: false - platform: "" - query: SELECT * FROM package_install_history; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - package_receipts' - observer_can_run: false - platform: "" - query: SELECT * FROM package_receipts; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - password_policy' - observer_can_run: false - platform: "" - query: SELECT * FROM password_policy; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - patches' - observer_can_run: false - platform: "" - query: SELECT * FROM patches; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - pci_devices' - observer_can_run: false - platform: "" - query: SELECT * FROM pci_devices; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - physical_disk_performance' - observer_can_run: false - platform: "" - query: SELECT * FROM physical_disk_performance; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - pipes' - observer_can_run: false - platform: "" - query: SELECT * FROM pipes; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - platform_info' - observer_can_run: false - platform: "" - query: SELECT * FROM platform_info; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - plist' - observer_can_run: false - platform: "" - query: SELECT * FROM plist; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - pmset' - observer_can_run: false - platform: "" - query: SELECT * FROM pmset; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - portage_keywords' - observer_can_run: false - platform: "" - query: SELECT * FROM portage_keywords; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - portage_packages' - observer_can_run: false - platform: "" - query: SELECT * FROM portage_packages; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - portage_use' - observer_can_run: false - platform: "" - query: SELECT * FROM portage_use; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - power_sensors' - observer_can_run: false - platform: "" - query: SELECT * FROM power_sensors; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - powershell_events' - observer_can_run: false - platform: "" - query: SELECT * FROM powershell_events; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - preferences' - observer_can_run: false - platform: "" - query: SELECT * FROM preferences; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - prefetch' - observer_can_run: false - platform: "" - query: SELECT * FROM prefetch; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - privacy_preferences' - observer_can_run: false - platform: "" - query: SELECT * FROM privacy_preferences; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - process_envs' - observer_can_run: false - platform: "" - query: SELECT * FROM process_envs; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - process_etw_events' - observer_can_run: false - platform: "" - query: SELECT * FROM process_etw_events; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - process_events' - observer_can_run: false - platform: "" - query: SELECT * FROM process_events; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - process_file_events' - observer_can_run: false - platform: "" - query: SELECT * FROM process_file_events; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - process_memory_map' - observer_can_run: false - platform: "" - query: SELECT * FROM process_memory_map; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - process_namespaces' - observer_can_run: false - platform: "" - query: SELECT * FROM process_namespaces; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - process_open_files' - observer_can_run: false - platform: "" - query: SELECT * FROM process_open_files; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - process_open_pipes' - observer_can_run: false - platform: "" - query: SELECT * FROM process_open_pipes; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - process_open_sockets' - observer_can_run: false - platform: "" - query: SELECT * FROM process_open_sockets; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - processes' - observer_can_run: false - platform: "" - query: SELECT * FROM processes; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - programs' - observer_can_run: false - platform: "" - query: SELECT * FROM programs; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - prometheus_metrics' - observer_can_run: false - platform: "" - query: SELECT * FROM prometheus_metrics; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - puppet_info' - observer_can_run: false - platform: "" - query: SELECT * FROM puppet_info; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - puppet_logs' - observer_can_run: false - platform: "" - query: SELECT * FROM puppet_logs; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - puppet_state' - observer_can_run: false - platform: "" - query: SELECT * FROM puppet_state; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - pwd_policy' - observer_can_run: false - platform: "" - query: SELECT * FROM pwd_policy; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - python_packages' - observer_can_run: false - platform: "" - query: SELECT * FROM python_packages; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - quicklook_cache' - observer_can_run: false - platform: "" - query: SELECT * FROM quicklook_cache; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - registry' - observer_can_run: false - platform: "" - query: SELECT * FROM registry; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - routes' - observer_can_run: false - platform: "" - query: SELECT * FROM routes; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - rpm_package_files' - observer_can_run: false - platform: "" - query: SELECT * FROM rpm_package_files; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - rpm_packages' - observer_can_run: false - platform: "" - query: SELECT * FROM rpm_packages; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - running_apps' - observer_can_run: false - platform: "" - query: SELECT * FROM running_apps; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - safari_extensions' - observer_can_run: false - platform: "" - query: SELECT * FROM safari_extensions; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - sandboxes' - observer_can_run: false - platform: "" - query: SELECT * FROM sandboxes; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - scheduled_tasks' - observer_can_run: false - platform: "" - query: SELECT * FROM scheduled_tasks; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - screenlock' - observer_can_run: false - platform: "" - query: SELECT * FROM screenlock; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - seccomp_events' - observer_can_run: false - platform: "" - query: SELECT * FROM seccomp_events; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - secureboot' - observer_can_run: false - platform: "" - query: SELECT * FROM secureboot; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - security_profile_info' - observer_can_run: false - platform: "" - query: SELECT * FROM security_profile_info; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - selinux_events' - observer_can_run: false - platform: "" - query: SELECT * FROM selinux_events; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - selinux_settings' - observer_can_run: false - platform: "" - query: SELECT * FROM selinux_settings; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - services' - observer_can_run: false - platform: "" - query: SELECT * FROM services; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - shadow' - observer_can_run: false - platform: "" - query: SELECT * FROM shadow; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - shared_folders' - observer_can_run: false - platform: "" - query: SELECT * FROM shared_folders; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - shared_memory' - observer_can_run: false - platform: "" - query: SELECT * FROM shared_memory; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - shared_resources' - observer_can_run: false - platform: "" - query: SELECT * FROM shared_resources; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - sharing_preferences' - observer_can_run: false - platform: "" - query: SELECT * FROM sharing_preferences; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - shell_history' - observer_can_run: false - platform: "" - query: SELECT * FROM shell_history; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - shellbags' - observer_can_run: false - platform: "" - query: SELECT * FROM shellbags; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - shimcache' - observer_can_run: false - platform: "" - query: SELECT * FROM shimcache; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - signature' - observer_can_run: false - platform: "" - query: SELECT * FROM signature; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - sip_config' - observer_can_run: false - platform: "" - query: SELECT * FROM sip_config; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - smbios_tables' - observer_can_run: false - platform: "" - query: SELECT * FROM smbios_tables; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - smc_keys' - observer_can_run: false - platform: "" - query: SELECT * FROM smc_keys; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - sntp_request' - observer_can_run: false - platform: "" - query: SELECT * FROM sntp_request; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - socket_events' - observer_can_run: false - platform: "" - query: SELECT * FROM socket_events; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - software_update' - observer_can_run: false - platform: "" - query: SELECT * FROM software_update; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - ssh_configs' - observer_can_run: false - platform: "" - query: SELECT * FROM ssh_configs; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - startup_items' - observer_can_run: false - platform: "" - query: SELECT * FROM startup_items; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - sudo_info' - observer_can_run: false - platform: "" - query: SELECT * FROM sudo_info; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - sudoers' - observer_can_run: false - platform: "" - query: SELECT * FROM sudoers; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - suid_bin' - observer_can_run: false - platform: "" - query: SELECT * FROM suid_bin; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - syslog_events' - observer_can_run: false - platform: "" - query: SELECT * FROM syslog_events; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - system_controls' - observer_can_run: false - platform: "" - query: SELECT * FROM system_controls; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - system_extensions' - observer_can_run: false - platform: "" - query: SELECT * FROM system_extensions; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - system_info' - observer_can_run: false - platform: "" - query: SELECT * FROM system_info; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - system_state' - observer_can_run: false - platform: "" - query: SELECT * FROM system_state; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - systemd_units' - observer_can_run: false - platform: "" - query: SELECT * FROM systemd_units; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - temperature_sensors' - observer_can_run: false - platform: "" - query: SELECT * FROM temperature_sensors; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - time' - observer_can_run: false - platform: "" - query: SELECT * FROM time; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - time_machine_backups' - observer_can_run: false - platform: "" - query: SELECT * FROM time_machine_backups; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - time_machine_destinations' - observer_can_run: false - platform: "" - query: SELECT * FROM time_machine_destinations; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - tpm_info' - observer_can_run: false - platform: "" - query: SELECT * FROM tpm_info; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - ulimit_info' - observer_can_run: false - platform: "" - query: SELECT * FROM ulimit_info; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - unified_log' - observer_can_run: false - platform: "" - query: SELECT * FROM unified_log; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - uptime' - observer_can_run: false - platform: "" - query: SELECT * FROM uptime; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - usb_devices' - observer_can_run: false - platform: "" - query: SELECT * FROM usb_devices; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - user_events' - observer_can_run: false - platform: "" - query: SELECT * FROM user_events; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - user_groups' - observer_can_run: false - platform: "" - query: SELECT * FROM user_groups; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - user_interaction_events' - observer_can_run: false - platform: "" - query: SELECT * FROM user_interaction_events; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - user_login_settings' - observer_can_run: false - platform: "" - query: SELECT * FROM user_login_settings; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - user_ssh_keys' - observer_can_run: false - platform: "" - query: SELECT * FROM user_ssh_keys; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - userassist' - observer_can_run: false - platform: "" - query: SELECT * FROM userassist; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - users' - observer_can_run: false - platform: "" - query: SELECT * FROM users; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - video_info' - observer_can_run: false - platform: "" - query: SELECT * FROM video_info; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - virtual_memory_info' - observer_can_run: false - platform: "" - query: SELECT * FROM virtual_memory_info; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - wifi_networks' - observer_can_run: false - platform: "" - query: SELECT * FROM wifi_networks; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - wifi_status' - observer_can_run: false - platform: "" - query: SELECT * FROM wifi_status; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - wifi_survey' - observer_can_run: false - platform: "" - query: SELECT * FROM wifi_survey; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - winbaseobj' - observer_can_run: false - platform: "" - query: SELECT * FROM winbaseobj; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - windows_crashes' - observer_can_run: false - platform: "" - query: SELECT * FROM windows_crashes; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - windows_eventlog' - observer_can_run: false - platform: "" - query: SELECT * FROM windows_eventlog; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - windows_events' - observer_can_run: false - platform: "" - query: SELECT * FROM windows_events; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - windows_firewall_rules' - observer_can_run: false - platform: "" - query: SELECT * FROM windows_firewall_rules; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - windows_optional_features' - observer_can_run: false - platform: "" - query: SELECT * FROM windows_optional_features; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - windows_search' - observer_can_run: false - platform: "" - query: SELECT * FROM windows_search; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - windows_security_center' - observer_can_run: false - platform: "" - query: SELECT * FROM windows_security_center; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - windows_security_products' - observer_can_run: false - platform: "" - query: SELECT * FROM windows_security_products; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - windows_update_history' - observer_can_run: false - platform: "" - query: SELECT * FROM windows_update_history; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - windows_updates' - observer_can_run: false - platform: "" - query: SELECT * FROM windows_updates; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - wmi_bios_info' - observer_can_run: false - platform: "" - query: SELECT * FROM wmi_bios_info; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - wmi_cli_event_consumers' - observer_can_run: false - platform: "" - query: SELECT * FROM wmi_cli_event_consumers; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - wmi_event_filters' - observer_can_run: false - platform: "" - query: SELECT * FROM wmi_event_filters; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - wmi_filter_consumer_binding' - observer_can_run: false - platform: "" - query: SELECT * FROM wmi_filter_consumer_binding; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - wmi_script_event_consumers' - observer_can_run: false - platform: "" - query: SELECT * FROM wmi_script_event_consumers; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - xprotect_entries' - observer_can_run: false - platform: "" - query: SELECT * FROM xprotect_entries; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - xprotect_meta' - observer_can_run: false - platform: "" - query: SELECT * FROM xprotect_meta; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - xprotect_reports' - observer_can_run: false - platform: "" - query: SELECT * FROM xprotect_reports; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - yara' - observer_can_run: false - platform: "" - query: SELECT * FROM yara; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - yara_events' - observer_can_run: false - platform: "" - query: SELECT * FROM yara_events; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - ycloud_instance_metadata' - observer_can_run: false - platform: "" - query: SELECT * FROM ycloud_instance_metadata; -- automations_enabled: true - description: "" - discard_data: false - interval: 3600 - logging: snapshot - min_osquery_version: "" - name: '[Explore data] - yum_sources' - observer_can_run: false - platform: "" - query: SELECT * FROM yum_sources; diff --git a/it-and-security/teams/explore-data.yml b/it-and-security/teams/explore-data.yml deleted file mode 100644 index eecc64965d..0000000000 --- a/it-and-security/teams/explore-data.yml +++ /dev/null @@ -1,44 +0,0 @@ -name: "Explore data (fleetdm.com)" -team_settings: - features: - enable_host_users: true - enable_software_inventory: true - host_expiry_settings: - host_expiry_enabled: false - host_expiry_window: 0 - secrets: - - secret: $DOGFOOD_EXPLORE_DATA_ENROLL_SECRET -agent_options: - config: - decorators: - load: - - SELECT uuid AS host_uuid FROM system_info; - - SELECT hostname AS hostname FROM system_info; - options: - disable_distributed: false - distributed_interval: 5 - distributed_plugin: tls - distributed_tls_max_attempts: 3 - logger_tls_endpoint: /api/v1/osquery/log - pack_delimiter: / -controls: - enable_disk_encryption: false - macos_settings: - custom_settings: - macos_setup: - bootstrap_package: null - enable_end_user_authentication: false - macos_setup_assistant: null - macos_updates: - deadline: null - minimum_version: null - windows_settings: - custom_settings: null - windows_updates: - deadline_days: null - grace_period_days: null - scripts: -policies: -queries: - - path: ../lib/explore-data.queries.yml -software: From 16777830643af7252f5a6e82b8a842dc9f523b23 Mon Sep 17 00:00:00 2001 From: Noah Talerman <47070608+noahtalerman@users.noreply.github.com> Date: Fri, 20 Sep 2024 13:21:52 -0400 Subject: [PATCH 05/18] GitOps & API design: Add multiple Apple Business Manager and Volume Purchasing Program connections (#21043) GitOps and API changes for the following story: - #9956 DONE: - ~~Contributor API endpoints to support best practice GitOps (`fleetctl gitops`) and backwards compatibility GitOps (`fleetctl apply`)~~ - https://github.com/fleetdm/fleet/pull/21043#issuecomment-2338218929 --------- Co-authored-by: Martin Angers Co-authored-by: Dante Catalfamo <43040593+dantecatalfamo@users.noreply.github.com> Co-authored-by: Marko Lisica <83164494+marko-lisica@users.noreply.github.com> Co-authored-by: George Karr Co-authored-by: Gabriel Hernandez Co-authored-by: Rachael Shaw --- docs/Configuration/yaml-files.md | 34 ++- docs/Contributing/API-for-contributors.md | 282 +++++++++++++++++++++- docs/REST API/rest-api.md | 94 ++++++-- website/config/routes.js | 3 + 4 files changed, 381 insertions(+), 32 deletions(-) diff --git a/docs/Configuration/yaml-files.md b/docs/Configuration/yaml-files.md index 937408ec2c..f66c79f1e7 100644 --- a/docs/Configuration/yaml-files.md +++ b/docs/Configuration/yaml-files.md @@ -585,16 +585,44 @@ Can only be configured for all teams (`org_settings`). #### mdm -The `mdm` section lets you enable MDM features in Fleet. +##### apple_business_manager -- `apple_bm_default_team` - is name of the team that macOS hosts in Apple Business Manager automatically enroll to when they're first set up. If empty, hosts will enroll to "No team" (default: `""`). +- `organization_name` is the organization name associated with the Apple Business Manager account. +- `macos_team` is the team where macOS hosts are automatically added when they appear in Apple Business Manager. +- `ios_team` is the the team where iOS hosts are automatically added when they appear in Apple Business Manager. +- `ipados_team` is the team where iPadOS hosts are automatically added when they appear in Apple Business Manager. ##### Example ```yaml org_settings: mdm: - apple_bm_default_team: "Workstations" # Available in Fleet Premium + apple_business_manager: # Available in Fleet Premium + - organization_name: Fleet Device Management Inc. + macos_team: "💻 Workstations" + ios_team: "📱🏢 Company-owned iPhones" + ipados_team: "🔳🏢 Company-owned iPads" +``` + +> Apple Business Manager settings can only be configured for all teams (`org_settings`). + +##### volume_purchasing_program + +- `location` is the name of the location in the Apple Business Manager account. +- `teams` is a list of team names. If you choose specific teams, App Store apps in this VPP account will only be available to install on hosts in these teams. If not specified, App Store apps are available to install on hosts in all teams. + +##### Example + +```yaml +org_settings: + mdm: + volume_purchasing_program: # Available in Fleet Premium + - location: Fleet Device Management Inc. + teams: + - "💻 Workstations" + - "💻🐣 Workstations (canary)" + - "📱🏢 Company-owned iPhones" + - "🔳🏢 Company-owned iPads" ``` Can only be configured for all teams (`org_settings`). diff --git a/docs/Contributing/API-for-contributors.md b/docs/Contributing/API-for-contributors.md index 3e75c98e58..ec39149199 100644 --- a/docs/Contributing/API-for-contributors.md +++ b/docs/Contributing/API-for-contributors.md @@ -531,9 +531,15 @@ The MDM endpoints exist to support the related command-line interface sub-comman - [Generate Apple Business Manager public key (ADE)](#generate-apple-business-manager-public-key-ade) - [Request Certificate Signing Request (CSR)](#request-certificate-signing-request-csr) - [Upload APNS certificate](#upload-apns-certificate) -- [Upload ABM Token](#upload-abm-token) +- [Add ABM token](#add-abm-token) - [Turn off Apple MDM](#turn-off-apple-mdm) -- [Disable automatic enrollment (ADE)](#disable-automatic-enrollment-ade) +- [Update ABM token's teams](#update-abm-tokens-teams) +- [Renew ABM token](#renew-abm-token) +- [Delete ABM token](#delete-abm-token) +- [Add VPP token](#add-VPP-token) +- [Update VPP token's teams](#update-vpp-tokens-teams) +- [Renew VPP token](#renew-vpp-token) +- [Delete VPP token](#delete-vpp-token) - [Batch-apply MDM custom settings](#batch-apply-mdm-custom-settings) - [Initiate SSO during DEP enrollment](#initiate-sso-during-dep-enrollment) - [Complete SSO during DEP enrollment](#complete-sso-during-dep-enrollment) @@ -620,9 +626,9 @@ Content-Type: application/octet-stream `Status: 200` -### Upload ABM Token +### Add ABM token -`POST /api/v1/fleet/mdm/apple/abm_token` +`POST /api/v1/fleet/abm_tokens` #### Parameters @@ -632,7 +638,7 @@ Content-Type: application/octet-stream #### Example -`POST /api/v1/fleet/mdm/apple/abm_token` +`POST /api/v1/fleet/abm_tokens` ##### Request header @@ -653,11 +659,23 @@ Content-Type: application/octet-stream --------------------------f02md47480und42y ``` - ##### Default response `Status: 200` +```json +"abm_token": { + "id": 1, + "apple_id": "apple@example.com", + "org_name": "Fleet Device Management Inc.", + "mdm_server_url": "https://example.com/mdm/apple/mdm", + "renew_date": "2024-10-20T00:00:00Z", + "terms_expired": false, + "macos_team": null, + "ios_team": null, + "ipados_team": null +} +``` ### Turn off Apple MDM @@ -671,19 +689,265 @@ Content-Type: application/octet-stream `Status: 204` +### Update ABM token's teams -### Disable automatic enrollment (ADE) +`PATCH /api/v1/fleet/abm_tokens/:id/teams` -`DELETE /api/v1/fleet/mdm/apple/abm_token` +#### Parameters + +| Name | Type | In | Description | +| ---- | ---- | -- | ----------- | +| id | integer | path | *Required* The ABM token's ID | +| macos_team_id | integer | body | macOS hosts are automatically added to this team in Fleet when they appear in Apple Business Manager. If not specified, defaults to "No team" | +| ios_team_id | integer | body | iOS hosts are automatically added to this team in Fleet when they appear in Apple Business Manager. If not specified, defaults to "No team" | +| ipados_team_id | integer | body | iPadOS hosts are automatically added to this team in Fleet when they appear in Apple Business Manager. If not specified, defaults to "No team" | #### Example -`DELETE /api/v1/fleet/mdm/apple/abm_token` +`PATCH /api/v1/fleet/abm_tokens/1/teams` + +##### Request body + +```json +{ + "macos_team_id": 1, + "ios_team_id": 2, + "ipados_team_id": 3 +} +``` + +##### Default response + +`Status: 200` + +```json +"abm_token": { + "id": 1, + "apple_id": "apple@example.com", + "org_name": "Fleet Device Management Inc.", + "mdm_server_url": "https://example.com/mdm/apple/mdm", + "renew_date": "2024-11-29T00:00:00Z", + "terms_expired": false, + "macos_team": 1, + "ios_team": 2, + "ipados_team": 3 +} +``` + +### Renew ABM token + +`PATCH /api/v1/fleet/abm_tokens/:id/renew` + +#### Parameters + +| Name | Type | In | Description | +| ---- | ---- | -- | ----------- | +| id | integer | path | *Required* The ABM token's ID | + +#### Example + +`PATCH /api/v1/fleet/abm_tokens/1/renew` + +##### Request header + +```http +Content-Length: 850 +Content-Type: multipart/form-data; boundary=------------------------f02md47480und42y +``` + +##### Request body + +```http +--------------------------f02md47480und42y +Content-Disposition: form-data; name="token"; filename="server_token_abm.p7m" +Content-Type: application/octet-stream + + + +--------------------------f02md47480und42y +``` + +##### Default response + +`Status: 200` + +```json +"abm_token": { + "id": 1, + "apple_id": "apple@example.com", + "org_name": "Fleet Device Management Inc.", + "mdm_server_url": "https://example.com/mdm/apple/mdm", + "renew_date": "2025-10-20T00:00:00Z", + "terms_expired": false, + "macos_team": null, + "ios_team": null, + "ipados_team": null +} +``` + +### Delete ABM token + +`DELETE /api/v1/fleet/abm_tokens/:id` + +#### Parameters + +| Name | Type | In | Description | +| ---- | ---- | -- | ----------- | +| id | integer | path | *Required* The ABM token's ID | + +#### Example + +`DELETE /api/v1/fleet/abm_tokens/1` ##### Default response `Status: 204` +### Add VPP token + +`POST /api/v1/fleet/vpp_tokens` + +#### Parameters + +| Name | Type | In | Description | +| ---- | ---- | -- | ----------- | +| token | file | form | *Required* The file containing the content token (.vpptoken) from Apple Business Manager | + +#### Example + +`POST /api/v1/fleet/vpp_tokens` + +##### Request header + +```http +Content-Length: 850 +Content-Type: multipart/form-data; boundary=------------------------f02md47480und42y +``` + +##### Request body + +```http +--------------------------f02md47480und42y +Content-Disposition: form-data; name="token"; filename="sToken_for_Acme.vpptoken" +Content-Type: application/octet-stream + +--------------------------f02md47480und42y +``` + +##### Default response + +`Status: 200` + +```json +"vpp_token": { + "id": 1, + "org_name": "Fleet Device Management Inc.", + "location": "https://example.com/mdm/apple/mdm", + "renew_date": "2024-10-20T00:00:00Z", + "terms_expired": false, + "teams": null +} +``` + +### Update VPP token's teams + +`PATCH /api/v1/fleet/vpp_tokens/:id/teams` + +#### Parameters + +| Name | Type | In | Description | +| ---- | ---- | -- | ----------- | +| id | integer | path | *Required* The ABM token's ID | +| team_ids | list | body | If you choose specific teams, App Store apps in this VPP account will only be available to install on hosts in these teams. If not specified, defaults to all teams. | + +#### Example + +`PATCH /api/v1/fleet/vpp_tokens/1/teams` + +##### Request body + +```json +{ + "team_ids": [1, 2, 3] +} +``` + +##### Default response + +`Status: 200` + +```json +"vpp_token": { + "id": 1, + "org_name": "Fleet Device Management Inc.", + "location": "https://example.com/mdm/apple/mdm", + "renew_date": "2024-10-20T00:00:00Z", + "terms_expired": false, + "teams": [1, 2, 3] +} +``` + +### Renew VPP token + +`PATCH /api/v1/fleet/vpp_tokens/:id/renew` + +#### Parameters + +| Name | Type | In | Description | +| ---- | ---- | -- | ----------- | +| id | integer | path | *Required* The VPP token's ID | + +##### Request header + +```http +Content-Length: 850 +Content-Type: multipart/form-data; boundary=------------------------f02md47480und42y +``` + +##### Request body + +```http +--------------------------f02md47480und42y +Content-Disposition: form-data; name="token"; filename="sToken_for_Acme.vpptoken" +Content-Type: application/octet-stream + + + +--------------------------f02md47480und42y +``` + +##### Default response + +`Status: 200` + +```json +"vpp_token": { + "id": 1, + "org_name": "Fleet Device Management Inc.", + "location": "https://example.com/mdm/apple/mdm", + "renew_date": "2025-10-20T00:00:00Z", + "terms_expired": false, + "teams": [1, 2, 3] +} +``` + +### Delete VPP token + +`DELETE /api/v1/fleet/vpp_token/:id` + +#### Parameters + +| Name | Type | In | Description | +| ---- | ---- | -- | ----------- | +| id | integer | path | *Required* The VPP token's ID | + +#### Example + +`DELETE /api/v1/fleet/vpp_tokens/1` + +##### Default response + +`Status: 204` ### Batch-apply MDM custom settings diff --git a/docs/REST API/rest-api.md b/docs/REST API/rest-api.md index e31703b6fb..c160aac679 100644 --- a/docs/REST API/rest-api.md +++ b/docs/REST API/rest-api.md @@ -878,9 +878,6 @@ None. "additional_queries": null }, "mdm": { - "apple_bm_default_team": "", - "apple_bm_terms_expired": false, - "enabled_and_configured": true, "windows_enabled_and_configured": true, "enable_disk_encryption": true, "macos_updates": { @@ -1170,9 +1167,6 @@ Modifies the Fleet's configuration with the supplied information. "expiration": "0001-01-01T00:00:00Z" }, "mdm": { - "apple_bm_default_team": "", - "apple_bm_terms_expired": false, - "apple_bm_enabled_and_configured": false, "enabled_and_configured": false, "windows_enabled_and_configured": false, "enable_disk_encryption": true, @@ -1694,7 +1688,6 @@ _Available in Fleet Premium._ | Name | Type | Description | | --------------------- | ------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| apple_bm_default_team | string | _Available in Fleet Premium._ The default team to use with Apple Business Manager. | | windows_enabled_and_configured | boolean | Enables Windows MDM support. | | enable_disk_encryption | boolean | _Available in Fleet Premium._ Hosts that belong to no team will have disk encryption enabled if set to true. | | macos_updates | object | See [`mdm.macos_updates`](#mdm-macos-updates). | @@ -1811,7 +1804,6 @@ _Available in Fleet Premium._ ```json { "mdm": { - "apple_bm_default_team": "", "windows_enabled_and_configured": false, "enable_disk_encryption": true, "macos_updates": { @@ -6261,8 +6253,8 @@ This endpoint returns the list of custom MDM commands that have been executed. ## Integrations - [Get Apple Push Notification service (APNs)](#get-apple-push-notification-service-apns) -- [Get Apple Business Manager (ABM)](#get-apple-business-manager-abm) -- [Get Volume Purchasing Program (VPP)](#get-volume-purchasing-program-vpp) +- [List Apple Business Manager (ABM) tokens](#list-apple-business-manager-abm-tokens) +- [List Volume Purchasing Program (VPP) tokens](#list-volume-purchasing-program-vpp-tokens) ### Get Apple Push Notification service (APNs) @@ -6289,11 +6281,11 @@ None. } ``` -### Get Apple Business Manager (ABM) +### List Apple Business Manager (ABM) tokens _Available in Fleet Premium_ -`GET /api/v1/fleet/abm` +`GET /api/v1/fleet/abm_tokens` #### Parameters @@ -6301,20 +6293,82 @@ None. #### Example -`GET /api/v1/fleet/abm` +`GET /api/v1/fleet/abm_tokens` ##### Default response `Status: 200` ```json -{ - "apple_id": "apple@example.com", - "org_name": "Fleet Device Management", - "mdm_server_url": "https://example.com/mdm/apple/mdm", - "renew_date": "2023-11-29T00:00:00Z", - "default_team": "" -} +"abm_tokens": [ + { + "id": 1, + "apple_id": "apple@example.com", + "org_name": "Fleet Device Management Inc.", + "mdm_server_url": "https://example.com/mdm/apple/mdm", + "renew_date": "2023-11-29T00:00:00Z", + "terms_expired": false, + "macos_team": { + "name": "💻 Workstations", + "id" 1 + }, + "ios_team": { + "name": "📱🏢 Company-owned iPhones", + "id": 2 + }, + "ipados_team": { + "name": "🔳🏢 Company-owned iPads", + "id": 3 + } + } +] +``` + +### List Volume Purchasing Program (VPP) tokens + +_Available in Fleet Premium_ + +`GET /api/v1/fleet/vpp_tokens` + +#### Parameters + +None. + +#### Example + +`GET /api/v1/fleet/vpp_tokens` + +##### Default response + +`Status: 200` + +```json +"vpp_tokens": [ + { + "id": 1, + "org_name": "Fleet Device Management Inc.", + "location": "https://example.com/mdm/apple/mdm", + "renew_date": "2023-11-29T00:00:00Z", + "teams": [ + { + "name": "💻 Workstations", + "id": 1 + }, + { + "name": "💻🐣 Workstations (canary)", + "id": 2 + }, + { + "name": "📱🏢 Company-owned iPhones", + "id": 3 + }, + { + "name": "🔳🏢 Company-owned iPads", + "id" 4 + } + ], + } +] ``` Get Volume Purchasing Program (VPP) diff --git a/website/config/routes.js b/website/config/routes.js index 2252a70729..8c9991200f 100644 --- a/website/config/routes.js +++ b/website/config/routes.js @@ -559,6 +559,9 @@ module.exports.routes = { 'GET /learn-more-about/host-identifiers': '/docs/rest-api/rest-api#get-host-by-identifier', 'GET /learn-more-about/uninstall-fleetd': '/docs/using-fleet/faq#how-can-i-uninstall-fleetd', 'GET /learn-more-about/vulnerability-processing': '/docs/using-fleet/vulnerability-processing', + 'GET /learn-more-about/apple-business-manager-tokens-api': '/docs/rest-api/rest-api#list-apple-business-manager-abm-tokens', + 'GET /learn-more-about/apple-business-manager-teams-api': 'https://github.com/fleetdm/fleet/blob/main/docs/Contributing/API-for-contributors.md#update-abm-tokens-teams', + 'GET /learn-more-about/apple-business-manager-gitops': '/docs/using-fleet/gitops#apple-business-manager', 'GET /learn-more-about/s3-bootstrap-package': '/docs/configuration/fleet-server-configuration#s-3-software-installers-bucket', // Sitemap From 84473c273502a42483ec79555f6fe80d0f269c64 Mon Sep 17 00:00:00 2001 From: Jahziel Villasana-Espinoza Date: Fri, 20 Sep 2024 15:39:16 -0400 Subject: [PATCH 06/18] feat: update MDM migration guide with new UX (#22128) > Related issue: #22097 # Checklist for submitter If some of the following don't apply, delete the relevant line. - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Manual QA for all new/changed functionality --------- Co-authored-by: spokanemac Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com> Co-authored-by: Noah Talerman Co-authored-by: JD --- articles/mdm-migration.md | 205 +- changes/22097-mdm-migration-guide | 1 + website/.sailsrc | 17395 ++++++++++++++++++++++++++++ 3 files changed, 17451 insertions(+), 150 deletions(-) create mode 100644 changes/22097-mdm-migration-guide diff --git a/articles/mdm-migration.md b/articles/mdm-migration.md index ce24ab283a..b28f6febd0 100644 --- a/articles/mdm-migration.md +++ b/articles/mdm-migration.md @@ -6,186 +6,103 @@ This guide provides instructions for migrating devices from your current MDM sol ## Requirements - - A [deployed Fleet instance](https://fleetdm.com/docs/deploy/deploy-fleet) - Fleet is connected to Apple Push Notification service (APNs) and Apple Business Manager (ABM). [See macOS MDM setup](https://fleetdm.com/guides/macos-mdm-setup) +## Migrate hosts -## Migrate manually enrolled hosts +To migrate hosts, we will do the following steps: -1. [Enroll](https://fleetdm.com/guides/enroll-hosts) your hosts to Fleet with [Fleetd and Fleet Desktop](https://fleetdm.com/guides/enroll-hosts#fleet-desktop) +1. Enroll hosts to Fleet +2. Assign hosts in Apple Business Manager (ABM) to Fleet +3. Choose migration workflow and migrate hosts + +### Step 1: enroll hosts to Fleet + +1. First, enroll your hosts to Fleet by installing Fleet's agent (fleetd). Learn how [here](https://fleetdm.com/guides/enroll-hosts). 2. Ensure your end users have access to an admin account on their Mac. End users won't be able to migrate on their own if they have a standard account. -3. In your old MDM solution, unenroll the hosts to be migrated. MacOS does not allow multiple MDMs to be installed at once. -4. Send [these guided instructions](#how-to-turn-on-mdm) to your end users to complete the final few steps via Fleet Desktop. - * Note that there will be a gap in MDM coverage between when the host is unenrolled from the old MDM and when the host turns on MDM in Fleet. -### End user experience +### Step 2: assign hosts in Apple Business Manager (ABM) to Fleet -1. On their **My device** page, once an end user's device is unenrolled from the old MDM solution, the end user will be given the option to manually download the MDM enrollment profile. - -2. Once downloaded, the user will receive a system notification that the Device Enrollment profile needs to be installed in their **System Settings > Profiles** section. - -3. After installation, the MDM enrollment profile can be removed by the end user at any time. +1. In ABM, unassign your hosts from your current MDM solution by selecting **Devices** and then selecting **All Devices**. Then, select **Edit** next to **Edit MDM Server**, select **Unassign from the current MDM**, and select **Continue**. -### How to turn on MDM +2. Assign these hosts to Fleet: select **Devices** and then select **All Devices**. Then, select **Edit** next to **Edit MDM Server**, select **Assign to the following MDM:**, select your Fleet server in the dropdown, and select **Continue**. -1. Select the Fleet icon in your menu bar and select **My device**. - -![Fleet icon in menu bar](https://raw.githubusercontent.com/fleetdm/fleet/main/website/assets/images/articles/fleet-desktop-says-hello-world-cover-1600x900@2x.jpg) - -2. On your **My device** page, select the **Turn on MDM** button in the yellow banner and follow the instructions. - - If you don’t see the yellow banner or the **Turn on MDM** button, select the purple **Refetch** button at the top of the page. - - If you still don't see the **Turn on MDM** button or the **My device** page presents you with an error, please contact your IT administrator. - -My device page - turn on MDM - -## Migrate automatically enrolled (ADE) hosts - -> Automatic enrollment is available in Fleet Premium or Ultimate - -To migrate automatically enrolled hosts, we will do the following steps: - -1. Prepare to migrate hosts -2. Choose migration workflow and migrate hosts - -### Step 1: prepare to migrate hosts - -1. Connect Fleet to Apple Business Manager (ABM). Learn how [here](https://fleetdm.com/guides/macos-mdm-setup#apple-business-manager-abm). -2. [Enroll](https://fleetdm.com/guides/enroll-hosts) your hosts to Fleet with [Fleetd and Fleet Desktop](https://fleetdm.com/guides/enroll-hosts#fleet-desktop) -3. Ensure your end users have access to an admin account on their Mac. End users won't be able to migrate on their own if they have a standard account. -4. Migrate your hosts to Fleet in ABM: - 1. In ABM, unassign the existing hosts' MDM server from the old MDM solution: In ABM, select **Devices** and then select **All Devices**. Then, select **Edit** next to **Edit MDM Server**, select **Unassign from the current MDM**, and select **Continue**. - 2. In ABM, assign these hosts' MDM server to Fleet: In ABM, select **Devices** and then select **All Devices**. Then, select **Edit** next to **Edit MDM Server**, select **Assign to the following MDM:**, select your Fleet server in the dropdown, and select **Continue**. - -### Step 2: choose migration workflow and migrate hosts +### Step 3: choose migration workflow and migrate hosts There are two migration workflows in Fleet: default and end user. The default migration workflow requires that the IT admin unenrolls hosts from the old MDM solution before the end user can complete migration. This will result in a gap in MDM coverage until the end user completes migration. -The end user migration workflow allows the end user to kick-off migration by unenrolling from the old MDM solution on their own. Once the user is unenrolled, they're prompted to turn on MDM features in Fleet. This reduces the gap in MDM coverage. - -Configuring the end user migration workflow requires a few additional steps. +The end user migration workflow allows the user to kick off migration by unenrolling from the old MDM solution on their own. Once the user is unenrolled, they're prompted to turn on MDM features in Fleet, reducing the gap in MDM coverage. #### Default workflow -1. In your old MDM solution, unenroll the hosts to be migrated. MacOS does not allow multiple MDMs to be installed at once. - -2. Send [these guided instructions](#how-to-turn-on-mdm-default) to your end users to complete the final few steps via Fleet Desktop. - * Note that there will be a gap in MDM coverage between when the host is unenrolled from the old MDM and when the host turns on MDM in Fleet. - -##### End user experience - -1. The end user will receive a "Device Enrollment: <organization> can automatically configure your Mac." system notification within the macOS Notifications Center. - -2. After the end user clicks on the system notification, macOS will open the **System Setting > Profiles** and ask the user to "Allow Device Enrollment: <organization> can automatically configure your Mac based on settings provided by your System Administrator." - -3. If the end user does not install the profile, the system notification will continue to prompt the end user until the setting has been allowed. - -4. Once this setting has been approved, the MDM enrollment profile cannot be removed by the end user. - -##### How to turn on MDM (default) - -1. Select the Fleet icon in your menu bar and select **My device**. - -![Fleet icon in menu bar](https://raw.githubusercontent.com/fleetdm/fleet/main/website/assets/images/articles/fleet-desktop-says-hello-world-cover-1600x900@2x.jpg) - -2. On your **My device** page, select the **Turn on MDM** button in the yellow banner and follow the instructions. - * If you don’t see the yellow banner or the **Turn on MDM** button, select the purple **Refetch** button at the top of the page. - * If you still don't see the **Turn on MDM** button or the **My device** page presents you with an error, please contact your IT administrator. +End user experience: +- After a host is unenrolled from your current MDM solution, the end user will be prompted with Apple's **Remote Management** full-screen popup if the host is assigned to Fleet in ABM. +macOS Remote Management popup +- If the host is not assigned to Fleet in ABM (manual enrollment), the end user will be given the option to download the MDM enrollment profile on their **My device page**. +Fleet icon in menu bar My device page - turn on MDM +Configuration: + +- To kick off the default workflow, unenroll the hosts to be migrated in your current MDM solution. MacOS does not allow a host to be connected to multiple MDM solutions at once. + #### End user workflow -> Available in Fleet Premium or Ultimate +> Available in Fleet Premium -The end user migration workflow is supported for automatically enrolled (ADE) hosts. +End user experience: -To watch a GIF that walks through the end user experience during the migration workflow, in the Fleet UI, head to **Settings > Integrations > Mobile device management (MDM)**, and scroll down to the **End user migration workflow** section. +- To watch an animation of the end user experience during the migration workflow, head to **Settings > Integrations > Mobile device management (MDM)** in the Fleet UI, and scroll down to the **End user migration workflow** section. -In Fleet, you can configure the end user workflow using the Fleet UI or fleetctl command-line tool. +Configuration: -Fleet UI: +- In Fleet, you can configure the end user workflow using the Fleet UI, Fleet API, or Fleet's GitOps workflow. +- After configuring the end user workflow, instruct your end users to select the Fleet icon in their menu bar, select **Migrate to Fleet** and follow the on-screen instructions to migrate to Fleet. + +- Fleet UI: 1. Select the avatar on the right side of the top navigation and select **Settings > Integrations > Mobile device management (MDM)**. - 2. Scroll down to the **End user migration workflow** section and select the toggle to enable the workflow. - -3. Under **Mode** choose a mode and enter the webhook URL for you automation tool (ex. Tines) under **Webhook URL** and select **Save**. - -4. During the end user migration workflow, an end user's device will have their selected system theme (light or dark) applied. If your logo is not easy to see on both light and dark backgrounds, you can optionally set a logo for each theme: -Head to **Settings** > **Organization settings** > -**Organization info**, add URLs to your logos in the **Organization avatar URL (for dark backgrounds)** and **Organization avatar URL (for light backgrounds)** fields, and select **Save**. - -fleetctl CLI: - -1. Create `fleet-config.yaml` file or add to your existing `config` YAML file: - -```yaml -apiVersion: v1 -kind: config -spec: - mdm: - macos_migration: - enable: true - mode: "voluntary" - webhook_url: "https://example.com" - ... -``` - -2. Fill in the above keys under the `mdm.macos_migration` key. - -To learn about each option, in the Fleet UI, select the avatar on the right side of the top navigation, select **Settings > Integrations > Mobile device management (MDM)**, and scroll down to the **End user migration workflow** section. - -3. During the end user migration workflow, the window will show the Fleet logo on top of a dark and light background (appearance configured by end user). - -If want to add a your organization's logo, you can optionally set a logo for each background: - -```yaml -apiVersion: v1 -kind: config -spec: - org_info: - org_logo_url: https://fleetdm.com/images/press-kit/fleet-blue-logo.png - org_logo_url_light_background: https://fleetdm.com/images/press-kit/fleet-white-logo.png - ... -``` - -Add URLs to your logos that are visible on a dark background and light background in the `org_logo_url` and `org_logo_url_light_background` keys respectively. If you only set a logo for one, the Fleet logo will be used for the other. - -4. Run the fleetctl `apply -f fleet-config.yml` command to add your configuration. - -5. Confirm that your configuration was saved by running `fleetctl get config`. - -6. Send [these guided instructions](#how-to-turn-on-mdm-end-user) to your end users to complete the final few steps via Fleet Desktop. - -##### How to turn on MDM (end user) - -1. Select the Fleet icon in your menu bar and select **Migrate to Fleet**. - -2. Select **Start** in the **Migrate to Fleet** popup. - -2. On your **My device** page, select the **Turn on MDM** button in the yellow banner and follow the instructions. - * If you don’t see the yellow banner or the **Turn on MDM** button, select the purple **Refetch** button at the top of the page. - * If you still don't see the **Turn on MDM** button or the **My device** page presents you with an error, please contact your IT administrator. +3. Under **Mode**, choose a mode, enter the webhook URL for your automation tool (e.g., Tines) under **Webhook URL**, and select **Save**. +4. During the end user migration workflow, an end user's device will have its selected system theme (light or dark) applied. If your logo is not easy to see on both light and dark backgrounds, you can optionally set a logo for each theme: +Head to **Settings** > **Organization settings** > **Organization info**, add URLs to your logos in the **Organization avatar URL (for dark backgrounds)** and **Organization avatar URL (for light backgrounds)** fields, and select **Save**. +- Fleet API: API documentation is [here](https://fleetdm.com/docs/rest-api/rest-api#mdm-macos-migration) +- GitOps: + - To manage macOS MDM migration configuration using Fleet's best practice GitOps, check out the `macos_migration` key in the [GitOps reference documentation](https://fleetdm.com/docs/configuration/yaml-files#macos-migration). + - To manage your organization's logo for dark and light backgrounds using Fleet's best practice GitOps, check out the `org_info` key in the [GitOps reference documentation](https://fleetdm.com/docs/configuration/yaml-files#org-info). ## Check migration progress -To see a report of which hosts have successfully migrated to Fleet, have MDM features off, or are still enrolled to your old MDM solution head to the **Dashboard** page by clicking the icon on the left side of the top navigation bar. +To see a report of which hosts have successfully migrated to Fleet, have MDM features off, or are still enrolled to your old MDM solution head to the **Dashboard** page by clicking the icon on the left side of the top navigation bar. -Then, scroll down to the **Mobile device management (MDM)** section. +Then, scroll down to the **Mobile device management (MDM)** section of the Dashboard. You'll see a breakdown of which hosts have successfully migrated to Fleet, which have MDM features disabled, and which are still enrolled in the previous MDM solution. ## FileVault recovery keys _Available in Fleet Premium_ -When migrating from a previous MDM, end users need to restart or logout of their device to escrow FileVault keys to Fleet. The **My device** page in Fleet Desktop will present users with instructions to reset their key. +When migrating from a previous MDM, end users must restart or log out of their device to escrow FileVault keys to Fleet. The **My device** page in Fleet Desktop will present users with instructions on how to reset their key. -To start, enforce FileVault (disk encryption) and escrow in Fleet. Learn how [here](https://fleetdm.com/guides/enforce-disk-encryption). +To start, enforce FileVault disk encryption and escrow recovery keys in Fleet. Learn how [here](https://fleetdm.com/guides/enforce-disk-encryption). After turning on disk encryption in Fleet, share [these guided instructions](#how-to-turn-on-disk-encryption) with your end users. +### How to turn on disk encryption + +1. Select the Fleet icon in your menu bar and select **My device**. + +![Fleet icon in menu bar](https://raw.githubusercontent.com/fleetdm/fleet/main/website/assets/images/articles/fleet-desktop-says-hello-world-cover-1600x900@2x.jpg) + +2. On your **My device** page, follow the disk encryption instructions in the yellow banner. + - If you don’t see the yellow banner, select the purple **Refetch** button at the top of the page. + - If you still don't see the yellow banner after a couple minutes or if the **My device** page presents you with an error, please contact your IT administrator. + +My device page - turn on disk encryption + ## Activation Lock In Fleet, the [Activation Lock](https://support.apple.com/en-us/HT208987) feature is disabled by default for automatically enrolled (ADE) hosts. @@ -194,21 +111,9 @@ In 2024, Apple added the ability to manage activation lock in Apple Business Man If a device is not available in ABM and has Activation Lock enabled, we recommend asking the end user to follow these instructions to disable Activation Lock before migrating the device to Fleet: https://support.apple.com/en-us/HT208987. -This is because if the Activation Lock is enabled, you will need the Activation Lock bypass code to successfully wipe and reuse the Mac. +If the Activation Lock is enabled, you will need the Activation Lock bypass code to wipe and reuse the Mac successfully. However, Activation Lock bypass codes can only be retrieved from the Mac up to 30 days after the device is enrolled. This means that when migrating from your old MDM solution, it’s likely that you’ll be unable to retrieve the Activation Lock bypass code. - -### How to turn on disk encryption - -1. Select the Fleet icon in your menu bar and select **My device**. - -![Fleet icon in menu bar](https://raw.githubusercontent.com/fleetdm/fleet/main/website/assets/images/articles/fleet-desktop-says-hello-world-cover-1600x900@2x.jpg) - -2. On your **My device** page, follow the disk encryption instructions in the yellow banner. - - If you don’t see the yellow banner, select the purple **Refetch** button at the top of the page. - - If you still don't see the yellow banner after a couple minutes or if the **My device** page presents you with an error, please contact your IT administrator. - -My device page - turn on disk encryption diff --git a/changes/22097-mdm-migration-guide b/changes/22097-mdm-migration-guide new file mode 100644 index 0000000000..0177cf49b6 --- /dev/null +++ b/changes/22097-mdm-migration-guide @@ -0,0 +1 @@ +- Updates the guide for MDM migration to include the new UX in fleetd. \ No newline at end of file diff --git a/website/.sailsrc b/website/.sailsrc index 391fdf869c..0cd59c0714 100644 --- a/website/.sailsrc +++ b/website/.sailsrc @@ -7,5 +7,17400 @@ "_generatedWith": { "sails": "1.2.5", "sails-generate": "2.0.0" + }, + "builtStaticContent": { + "queries": [ + { + "name": "Get OpenSSL versions", + "platform": "linux", + "description": "Retrieves the OpenSSL version.", + "query": "SELECT name AS name, version AS version, 'deb_packages' AS source FROM deb_packages WHERE name LIKE 'openssl%' UNION SELECT name AS name, version AS version, 'apt_sources' AS source FROM apt_sources WHERE name LIKE 'openssl%' UNION SELECT name AS name, version AS version, 'rpm_packages' AS source FROM rpm_packages WHERE name LIKE 'openssl%';", + "purpose": "Informational", + "tags": [ + "inventory" + ], + "contributors": [ + { + "name": "zwass", + "handle": "zwass", + "avatarUrl": "https://placekitten.com/200/200", + "htmlUrl": "https://github.com/zwass" + } + ], + "kind": "query", + "slug": "get-open-ssl-versions", + "resolution": "N/A", + "requiresMdm": false + }, + { + "name": "Get authorized SSH keys", + "platform": "darwin, linux", + "description": "Presence of authorized SSH keys may be unusual on laptops. Could be completely normal on servers, but may be worth auditing for unusual keys and/or changes.", + "query": "SELECT username, authorized_keys. * FROM users CROSS JOIN authorized_keys USING (uid);", + "purpose": "Informational", + "remediation": "Check out the linked table (https://github.com/fleetdm/fleet/blob/32b4d53e7f1428ce43b0f9fa52838cbe7b413eed/handbook/queries/detect-hosts-with-high-severity-vulnerable-versions-of-openssl.md#table-of-vulnerable-openssl-versions) to determine if the installed version is a high severity vulnerability and view the corresponding CVE(s)", + "tags": [ + "built-in", + "ssh" + ], + "contributors": [ + { + "name": "mike-j-thomas", + "handle": "mike-j-thomas", + "avatarUrl": "https://placekitten.com/200/200", + "htmlUrl": "https://github.com/mike-j-thomas" + } + ], + "kind": "query", + "slug": "get-authorized-ssh-keys", + "resolution": "N/A", + "requiresMdm": false + }, + { + "name": "Get authorized keys for Domain Joined Accounts", + "platform": "darwin, linux", + "description": "List authorized_keys for each user on the system.", + "query": "SELECT * FROM users CROSS JOIN authorized_keys USING(uid) WHERE username IN (SELECT distinct(username) FROM last);", + "purpose": "Informational", + "tags": [ + "active directory", + "ssh" + ], + "contributors": [ + { + "name": "anelshaer", + "handle": "anelshaer", + "avatarUrl": "https://placekitten.com/200/200", + "htmlUrl": "https://github.com/anelshaer" + } + ], + "kind": "query", + "slug": "get-authorized-keys-for-domain-joined-accounts", + "resolution": "N/A", + "requiresMdm": false + }, + { + "name": "Get crashes", + "platform": "darwin", + "description": "Retrieve application, system, and mobile app crash logs.", + "query": "SELECT uid, datetime, responsible, exception_type, identifier, version, crash_path FROM users CROSS JOIN crashes USING (uid);", + "purpose": "Informational", + "tags": [ + "troubleshooting" + ], + "contributors": [ + { + "name": "zwass", + "handle": "zwass", + "avatarUrl": "https://placekitten.com/200/200", + "htmlUrl": "https://github.com/zwass" + } + ], + "kind": "query", + "slug": "get-crashes", + "resolution": "N/A", + "requiresMdm": false + }, + { + "name": "Get installed Chrome Extensions", + "platform": "darwin, linux, windows", + "description": "List installed Chrome Extensions for all users.", + "query": "SELECT * FROM users CROSS JOIN chrome_extensions USING (uid);", + "purpose": "Informational", + "tags": [ + "browser", + "built-in", + "inventory" + ], + "contributors": [ + { + "name": "zwass", + "handle": "zwass", + "avatarUrl": "https://placekitten.com/200/200", + "htmlUrl": "https://github.com/zwass" + } + ], + "kind": "query", + "slug": "get-installed-chrome-extensions", + "resolution": "N/A", + "requiresMdm": false + }, + { + "name": "Get installed Linux software", + "platform": "linux", + "description": "Get all software installed on a Linux computer, including browser plugins and installed packages. Note that this does not include other running processes in the processes table.", + "query": "SELECT name AS name, version AS version, 'Package (APT)' AS type, 'apt_sources' AS source FROM apt_sources UNION SELECT name AS name, version AS version, 'Package (deb)' AS type, 'deb_packages' AS source FROM deb_packages UNION SELECT package AS name, version AS version, 'Package (Portage)' AS type, 'portage_packages' AS source FROM portage_packages UNION SELECT name AS name, version AS version, 'Package (RPM)' AS type, 'rpm_packages' AS source FROM rpm_packages UNION SELECT name AS name, '' AS version, 'Package (YUM)' AS type, 'yum_sources' AS source FROM yum_sources UNION SELECT name AS name, version AS version, 'Package (NPM)' AS type, 'npm_packages' AS source FROM npm_packages UNION SELECT name AS name, version AS version, 'Package (Python)' AS type, 'python_packages' AS source FROM python_packages;", + "purpose": "Informational", + "tags": [ + "inventory", + "built-in" + ], + "contributors": [ + { + "name": "zwass", + "handle": "zwass", + "avatarUrl": "https://placekitten.com/200/200", + "htmlUrl": "https://github.com/zwass" + } + ], + "kind": "query", + "slug": "get-installed-linux-software", + "resolution": "N/A", + "requiresMdm": false + }, + { + "name": "Get installed macOS software", + "platform": "darwin", + "description": "Get all software installed on a macOS computer, including apps, browser plugins, and installed packages. Note that this does not include other running processes in the processes table.", + "query": "SELECT name AS name, bundle_short_version AS version, 'Application (macOS)' AS type, 'apps' AS source FROM apps UNION SELECT name AS name, version AS version, 'Package (Python)' AS type, 'python_packages' AS source FROM python_packages UNION SELECT name AS name, version AS version, 'Browser plugin (Chrome)' AS type, 'chrome_extensions' AS source FROM chrome_extensions UNION SELECT name AS name, version AS version, 'Browser plugin (Firefox)' AS type, 'firefox_addons' AS source FROM firefox_addons UNION SELECT name As name, version AS version, 'Browser plugin (Safari)' AS type, 'safari_extensions' AS source FROM safari_extensions UNION SELECT name AS name, version AS version, 'Package (Homebrew)' AS type, 'homebrew_packages' AS source FROM homebrew_packages;", + "purpose": "Informational", + "tags": [ + "inventory", + "built-in" + ], + "contributors": [ + { + "name": "zwass", + "handle": "zwass", + "avatarUrl": "https://placekitten.com/200/200", + "htmlUrl": "https://github.com/zwass" + } + ], + "kind": "query", + "slug": "get-installed-mac-os-software", + "resolution": "N/A", + "requiresMdm": false + }, + { + "name": "Get installed Safari extensions", + "platform": "darwin", + "description": "Retrieves the list of installed Safari Extensions for all users in the target system.", + "query": "SELECT safari_extensions.* FROM users join safari_extensions USING (uid);", + "purpose": "Informational", + "tags": [ + "browser", + "built-in", + "inventory" + ], + "contributors": [ + { + "name": "zwass", + "handle": "zwass", + "avatarUrl": "https://placekitten.com/200/200", + "htmlUrl": "https://github.com/zwass" + } + ], + "kind": "query", + "slug": "get-installed-safari-extensions", + "resolution": "N/A", + "requiresMdm": false + }, + { + "name": "Get installed Windows software", + "platform": "windows", + "description": "Get all software installed on a Windows computer, including programs, browser plugins, and installed packages. Note that this does not include other running processes in the processes table.", + "query": "SELECT name AS name, version AS version, 'Program (Windows)' AS type, 'programs' AS source FROM programs UNION SELECT name AS name, version AS version, 'Package (Python)' AS type, 'python_packages' AS source FROM python_packages UNION SELECT name AS name, version AS version, 'Browser plugin (IE)' AS type, 'ie_extensions' AS source FROM ie_extensions UNION SELECT name AS name, version AS version, 'Browser plugin (Chrome)' AS type, 'chrome_extensions' AS source FROM chrome_extensions UNION SELECT name AS name, version AS version, 'Browser plugin (Firefox)' AS type, 'firefox_addons' AS source FROM firefox_addons UNION SELECT name AS name, version AS version, 'Package (Chocolatey)' AS type, 'chocolatey_packages' AS source FROM chocolatey_packages;", + "purpose": "Informational", + "tags": [ + "inventory", + "built-in" + ], + "contributors": [ + { + "name": "zwass", + "handle": "zwass", + "avatarUrl": "https://placekitten.com/200/200", + "htmlUrl": "https://github.com/zwass" + } + ], + "kind": "query", + "slug": "get-installed-windows-software", + "resolution": "N/A", + "requiresMdm": false + }, + { + "name": "Get laptops with failing batteries", + "platform": "darwin", + "description": "Lists all laptops with under-performing or failing batteries.", + "query": "SELECT * FROM battery WHERE health != 'Good' AND condition NOT IN ('', 'Normal');", + "purpose": "Informational", + "tags": [ + "troubleshooting", + "hardware", + "inventory" + ], + "contributors": [ + { + "name": "zwass", + "handle": "zwass", + "avatarUrl": "https://placekitten.com/200/200", + "htmlUrl": "https://github.com/zwass" + } + ], + "kind": "query", + "slug": "get-laptops-with-failing-batteries", + "resolution": "N/A", + "requiresMdm": false + }, + { + "name": "Get current users with active shell/console on the system", + "platform": "darwin, linux, windows", + "description": "Get current users with active shell/console on the system and associated process", + "query": "SELECT user,host,time, p.name, p.cmdline, p.cwd, p.root FROM logged_in_users liu, processes p WHERE liu.pid = p.pid and liu.type='user' and liu.user <> '' ORDER BY time;", + "purpose": "Informational", + "tags": [ + "hunting", + "built-in" + ], + "contributors": [ + { + "name": "anelshaer", + "handle": "anelshaer", + "avatarUrl": "https://placekitten.com/200/200", + "htmlUrl": "https://github.com/anelshaer" + } + ], + "kind": "query", + "slug": "get-current-users-with-active-shell-console-on-the-system", + "resolution": "N/A", + "requiresMdm": false + }, + { + "name": "Get unencrypted SSH keys for local accounts", + "platform": "darwin, linux, windows", + "description": "Identify SSH keys created without a passphrase which can be used in Lateral Movement (MITRE. TA0008)", + "query": "SELECT uid, username, description, path, encrypted FROM users CROSS JOIN user_ssh_keys using (uid) WHERE encrypted=0;", + "purpose": "Informational", + "tags": [ + "inventory", + "compliance", + "ssh", + "built-in" + ], + "remediation": "First, make the user aware about the impact of SSH keys. Then rotate the unencrypted keys detected.", + "contributors": [ + { + "name": "anelshaer", + "handle": "anelshaer", + "avatarUrl": "https://placekitten.com/200/200", + "htmlUrl": "https://github.com/anelshaer" + } + ], + "kind": "query", + "slug": "get-unencrypted-ssh-keys-for-local-accounts", + "resolution": "N/A", + "requiresMdm": false + }, + { + "name": "Get unencrypted SSH keys for domain-joined accounts", + "platform": "darwin, linux, windows", + "description": "Identify SSH keys created without a passphrase which can be used in Lateral Movement (MITRE. TA0008)", + "query": "SELECT uid, username, description, path, encrypted FROM users CROSS JOIN user_ssh_keys using (uid) WHERE encrypted=0 and username in (SELECT distinct(username) FROM last);", + "purpose": "Informational", + "tags": [ + "inventory", + "compliance", + "ssh", + "active directory" + ], + "remediation": "First, make the user aware about the impact of SSH keys. Then rotate the unencrypted keys detected.", + "contributors": [ + { + "name": "anelshaer", + "handle": "anelshaer", + "avatarUrl": "https://placekitten.com/200/200", + "htmlUrl": "https://github.com/anelshaer" + } + ], + "kind": "query", + "slug": "get-unencrypted-ssh-keys-for-domain-joined-accounts", + "resolution": "N/A", + "requiresMdm": false + }, + { + "name": "Get dynamic linker hijacking on Linux (MITRE. T1574.006)", + "platform": "linux", + "description": "Detect any processes that run with LD_PRELOAD environment variable", + "query": "SELECT env.pid, env.key, env.value, p.name,p.path, p.cmdline, p.cwd FROM process_envs env join processes p USING (pid) WHERE key='LD_PRELOAD';", + "purpose": "Informational", + "tags": [ + "hunting", + "attack", + "t1574" + ], + "remediation": "Identify the process/binary detected and confirm with the system's owner.", + "contributors": [ + { + "name": "anelshaer", + "handle": "anelshaer", + "avatarUrl": "https://placekitten.com/200/200", + "htmlUrl": "https://github.com/anelshaer" + } + ], + "kind": "query", + "slug": "get-dynamic-linker-hijacking-on-linux-mitre-t-1574-006", + "resolution": "N/A", + "requiresMdm": false + }, + { + "name": "Get dynamic linker hijacking on macOS (MITRE. T1574.006)", + "platform": "darwin", + "description": "Detect any processes that run with DYLD_INSERT_LIBRARIES environment variable", + "query": "SELECT env.pid, env.key, env.value, p.name,p.path, p.cmdline, p.cwd FROM process_envs env join processes p USING (pid) WHERE key='DYLD_INSERT_LIBRARIES';", + "purpose": "Informational", + "tags": [ + "hunting", + "attack", + "t1574" + ], + "remediation": "Identify the process/binary detected and confirm with the system's owner.", + "contributors": [ + { + "name": "anelshaer", + "handle": "anelshaer", + "avatarUrl": "https://placekitten.com/200/200", + "htmlUrl": "https://github.com/anelshaer" + } + ], + "kind": "query", + "slug": "get-dynamic-linker-hijacking-on-mac-os-mitre-t-1574-006", + "resolution": "N/A", + "requiresMdm": false + }, + { + "name": "Get etc hosts entries", + "platform": "darwin, linux", + "description": "Line-parsed /etc/hosts", + "query": "SELECT * FROM etc_hosts WHERE address not in ('127.0.0.1', '::1');", + "purpose": "informational", + "tags": [ + "hunting", + "inventory" + ], + "contributors": [ + { + "name": "anelshaer", + "handle": "anelshaer", + "avatarUrl": "https://placekitten.com/200/200", + "htmlUrl": "https://github.com/anelshaer" + } + ], + "kind": "query", + "slug": "get-etc-hosts-entries", + "resolution": "N/A", + "requiresMdm": false + }, + { + "name": "Get network interfaces", + "platform": "darwin, linux, windows", + "description": "Network interfaces MAC address", + "query": "SELECT a.interface, a.address, d.mac FROM interface_addresses a JOIN interface_details d USING (interface) WHERE address not in ('127.0.0.1', '::1');", + "purpose": "informational", + "tags": [ + "hunting", + "inventory" + ], + "contributors": [ + { + "name": "anelshaer", + "handle": "anelshaer", + "avatarUrl": "https://placekitten.com/200/200", + "htmlUrl": "https://github.com/anelshaer" + } + ], + "kind": "query", + "slug": "get-network-interfaces", + "resolution": "N/A", + "requiresMdm": false + }, + { + "name": "Get local user accounts", + "platform": "darwin, linux, windows", + "description": "Local user accounts (including domain accounts that have logged on locally (Windows)).", + "query": "SELECT uid, gid, username, description, directory, shell FROM users;", + "purpose": "informational", + "tags": [ + "hunting", + "inventory" + ], + "contributors": [ + { + "name": "anelshaer", + "handle": "anelshaer", + "avatarUrl": "https://placekitten.com/200/200", + "htmlUrl": "https://github.com/anelshaer" + } + ], + "kind": "query", + "slug": "get-local-user-accounts", + "resolution": "N/A", + "requiresMdm": false + }, + { + "name": "Get active user accounts on servers", + "platform": "linux", + "description": "Domain Joined environments normally have root or other service only accounts and users are SSH-ing using their Domain Accounts.", + "query": "SELECT * FROM shadow WHERE password_status='active' and username!='root';", + "purpose": "informational", + "tags": [ + "hunting", + "inventory", + "active directory" + ], + "contributors": [ + { + "name": "anelshaer", + "handle": "anelshaer", + "avatarUrl": "https://placekitten.com/200/200", + "htmlUrl": "https://github.com/anelshaer" + } + ], + "kind": "query", + "slug": "get-active-user-accounts-on-servers", + "resolution": "N/A", + "requiresMdm": false + }, + { + "name": "Get Nmap scanner", + "platform": "darwin, linux, windows", + "description": "Get Nmap scanner process, as well as its user, parent, and process details.", + "query": "SELECT p.pid, name, p.path, cmdline, cwd, start_time, parent, (SELECT name FROM processes WHERE pid=p.parent) AS parent_name, (SELECT username FROM users WHERE uid=p.uid) AS username FROM processes as p WHERE cmdline like 'nmap%';", + "purpose": "Informational", + "tags": [ + "hunting", + "attack", + "t1046" + ], + "contributors": [ + { + "name": "anelshaer", + "handle": "anelshaer", + "avatarUrl": "https://placekitten.com/200/200", + "htmlUrl": "https://github.com/anelshaer" + } + ], + "kind": "query", + "slug": "get-nmap-scanner", + "resolution": "N/A", + "requiresMdm": false + }, + { + "name": "Get Docker contained processes on a system", + "platform": "darwin, linux", + "description": "Docker containers Processes, can be used on normal systems or a kubenode.", + "query": "SELECT c.id, c.name, c.image, c.image_id, c.command, c.created, c.state, c.status, p.cmdline FROM docker_containers c CROSS JOIN docker_container_processes p using(id);", + "purpose": "Informational", + "tags": [ + "built-in", + "containers", + "inventory" + ], + "contributors": [ + { + "name": "anelshaer", + "handle": "anelshaer", + "avatarUrl": "https://placekitten.com/200/200", + "htmlUrl": "https://github.com/anelshaer" + } + ], + "kind": "query", + "slug": "get-docker-contained-processes-on-a-system", + "resolution": "N/A", + "requiresMdm": false + }, + { + "name": "Get Windows print spooler remote code execution vulnerability", + "platform": "windows", + "description": "Detects devices that are potentially vulnerable to CVE-2021-1675 because the print spooler service is not disabled.", + "query": "SELECT CASE cnt WHEN 2 THEN \"TRUE\" ELSE \"FALSE\" END \"Vulnerable\" FROM (SELECT name start_type, COUNT(name) AS cnt FROM services WHERE name = 'NTDS' or (name = 'Spooler' and start_type <> 'DISABLED')) WHERE cnt = 2;", + "purpose": "Informational", + "tags": [ + "vulnerability" + ], + "contributors": [ + { + "name": "maravedi", + "handle": "maravedi", + "avatarUrl": "https://placekitten.com/200/200", + "htmlUrl": "https://github.com/maravedi" + } + ], + "kind": "query", + "slug": "get-windows-print-spooler-remote-code-execution-vulnerability", + "resolution": "N/A", + "requiresMdm": false + }, + { + "name": "Get local users and their privileges", + "platform": "darwin, linux, windows", + "description": "Collects the local user accounts and their respective user group.", + "query": "SELECT uid, username, type, groupname FROM users u JOIN groups g ON g.gid = u.gid;", + "purpose": "informational", + "tags": [ + "inventory" + ], + "contributors": [ + { + "name": "noahtalerman", + "handle": "noahtalerman", + "avatarUrl": "https://placekitten.com/200/200", + "htmlUrl": "https://github.com/noahtalerman" + } + ], + "kind": "query", + "slug": "get-local-users-and-their-privileges", + "resolution": "N/A", + "requiresMdm": false + }, + { + "name": "Get processes that no longer exist on disk", + "platform": "linux, darwin, windows", + "description": "Lists all processes of which the binary which launched them no longer exists on disk. Attackers often delete files from disk after launching a process to mask presence.", + "query": "SELECT name, path, pid FROM processes WHERE on_disk = 0;", + "purpose": "Incident response", + "tags": [ + "hunting", + "built-in" + ], + "contributors": [ + { + "name": "alphabrevity", + "handle": "alphabrevity", + "avatarUrl": "https://placekitten.com/200/200", + "htmlUrl": "https://github.com/alphabrevity" + } + ], + "kind": "query", + "slug": "get-processes-that-no-longer-exist-on-disk", + "resolution": "N/A", + "requiresMdm": false + }, + { + "name": "Get user files matching a specific hash", + "platform": "darwin, linux", + "description": "Looks for specific hash in the Users/ directories for files that are less than 50MB (osquery file size limitation.)", + "query": "SELECT path, sha256 FROM hash WHERE path IN (SELECT path FROM file WHERE size < 50000000 AND path LIKE '/Users/%/Documents/%%') AND sha256 = '16d28cd1d78b823c4f961a6da78d67a8975d66cde68581798778ed1f98a56d75';", + "purpose": "Informational", + "tags": [ + "hunting", + "built-in" + ], + "contributors": [ + { + "name": "alphabrevity", + "handle": "alphabrevity", + "avatarUrl": "https://placekitten.com/200/200", + "htmlUrl": "https://github.com/alphabrevity" + } + ], + "kind": "query", + "slug": "get-user-files-matching-a-specific-hash", + "resolution": "N/A", + "requiresMdm": false + }, + { + "name": "Get local administrator accounts on macOS", + "platform": "darwin", + "description": "The query allows you to check macOS systems for local administrator accounts.", + "query": "SELECT uid, username, type FROM users u JOIN groups g ON g.gid = u.gid;", + "purpose": "Informational", + "tags": [ + "hunting", + "inventory" + ], + "contributors": [ + { + "name": "alphabrevity", + "handle": "alphabrevity", + "avatarUrl": "https://placekitten.com/200/200", + "htmlUrl": "https://github.com/alphabrevity" + } + ], + "kind": "query", + "slug": "get-local-administrator-accounts-on-mac-os", + "resolution": "N/A", + "requiresMdm": false + }, + { + "name": "Get all listening ports, by process", + "platform": "linux, darwin, windows", + "description": "List ports that are listening on all interfaces, along with the process to which they are attached.", + "query": "SELECT lp.address, lp.pid, lp.port, lp.protocol, p.name, p.path, p.cmdline FROM listening_ports lp JOIN processes p ON lp.pid = p.pid WHERE lp.address = \"0.0.0.0\";", + "purpose": "Informational", + "tags": [ + "hunting", + "network" + ], + "contributors": [ + { + "name": "alphabrevity", + "handle": "alphabrevity", + "avatarUrl": "https://placekitten.com/200/200", + "htmlUrl": "https://github.com/alphabrevity" + } + ], + "kind": "query", + "slug": "get-all-listening-ports-by-process", + "resolution": "N/A", + "requiresMdm": false + }, + { + "name": "Get whether TeamViewer is installed/running", + "platform": "windows", + "description": "Looks for the TeamViewer service running on machines. This is often used when attackers gain access to a machine, running TeamViewer to allow them to access a machine.", + "query": "SELECT display_name,status,s.pid,p.path FROM services AS s JOIN processes AS p USING(pid) WHERE s.name LIKE \"%teamviewer%\";", + "purpose": "Informational", + "tags": [ + "hunting", + "inventory" + ], + "contributors": [ + { + "name": "alphabrevity", + "handle": "alphabrevity", + "avatarUrl": "https://placekitten.com/200/200", + "htmlUrl": "https://github.com/alphabrevity" + } + ], + "kind": "query", + "slug": "get-whether-team-viewer-is-installed-running", + "resolution": "N/A", + "requiresMdm": false + }, + { + "name": "Get malicious Python backdoors", + "platform": "darwin, linux, windows", + "description": "Watches for the backdoored Python packages installed on the system. See (http://www.nbu.gov.sk/skcsirt-sa-20170909-pypi/index.html)", + "query": "SELECT CASE cnt WHEN 0 THEN \"NONE_INSTALLED\" ELSE \"INSTALLED\" END AS \"Malicious Python Packages\", package_name, package_version FROM (SELECT COUNT(name) AS cnt, name AS package_name, version AS package_version, path AS package_path FROM python_packages WHERE package_name IN ('acquisition', 'apidev-coop', 'bzip', 'crypt', 'django-server', 'pwd', 'setup-tools', 'telnet', 'urlib3', 'urllib'));", + "purpose": "Informational", + "tags": [ + "hunting", + "inventory", + "malware" + ], + "contributors": [ + { + "name": "alphabrevity", + "handle": "alphabrevity", + "avatarUrl": "https://placekitten.com/200/200", + "htmlUrl": "https://github.com/alphabrevity" + } + ], + "kind": "query", + "slug": "get-malicious-python-backdoors", + "resolution": "N/A", + "requiresMdm": false + }, + { + "name": "Check for artifacts of the Floxif trojan", + "platform": "windows", + "description": "Checks for artifacts from the Floxif trojan on Windows machines.", + "query": "SELECT * FROM registry WHERE path LIKE 'HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Piriform\\\\Agomo%';", + "purpose": "Informational", + "tags": [ + "hunting", + "malware" + ], + "contributors": [ + { + "name": "micheal-o", + "handle": "micheal-o", + "avatarUrl": "https://placekitten.com/200/200", + "htmlUrl": "https://github.com/micheal-o" + } + ], + "kind": "query", + "slug": "check-for-artifacts-of-the-floxif-trojan", + "resolution": "N/A", + "requiresMdm": false + }, + { + "name": "Get Shimcache table", + "platform": "windows", + "description": "Returns forensic data showing evidence of likely file execution, in addition to the last modified timestamp of the file, order of execution, full file path order of execution, and the order in which files were executed.", + "query": "select * from Shimcache", + "purpose": "Informational", + "tags": [ + "hunting" + ], + "contributors": [ + { + "name": "puffyCid", + "handle": "puffyCid", + "avatarUrl": "https://placekitten.com/200/200", + "htmlUrl": "https://github.com/puffyCid" + } + ], + "kind": "query", + "slug": "get-shimcache-table", + "resolution": "N/A", + "requiresMdm": false + }, + { + "name": "Get running docker containers", + "platform": "darwin, linux", + "description": "Returns the running Docker containers", + "query": "SELECT id, name, image, image_id, state, status FROM docker_containers WHERE state = \"running\";", + "purpose": "Informational", + "tags": [ + "containers", + "inventory" + ], + "contributors": [ + { + "name": "DominusKelvin", + "handle": "DominusKelvin", + "avatarUrl": "https://placekitten.com/200/200", + "htmlUrl": "https://github.com/DominusKelvin" + } + ], + "kind": "query", + "slug": "get-running-docker-containers", + "resolution": "N/A", + "requiresMdm": false + }, + { + "name": "Get applications hogging memory", + "platform": "darwin, linux, windows", + "description": "Returns top 10 applications or processes hogging memory the most.", + "query": "SELECT pid, name, ROUND((total_size * '10e-7'), 2) AS memory_used FROM processes ORDER BY total_size DESC LIMIT 10;", + "purpose": "Informational", + "tags": [ + "troubleshooting" + ], + "contributors": [ + { + "name": "DominusKelvin", + "handle": "DominusKelvin", + "avatarUrl": "https://placekitten.com/200/200", + "htmlUrl": "https://github.com/DominusKelvin" + } + ], + "kind": "query", + "slug": "get-applications-hogging-memory", + "resolution": "N/A", + "requiresMdm": false + }, + { + "name": "Get servers with root login in the last 24 hours", + "platform": "darwin, linux, windows", + "description": "Returns servers with root login in the last 24 hours and the time the users were logged in.", + "query": "SELECT * FROM last WHERE username = \"root\" AND time > (( SELECT unix_time FROM time ) - 86400 );", + "purpose": "Informational", + "tags": [ + "hunting" + ], + "contributors": [ + { + "name": "DominusKelvin", + "handle": "DominusKelvin", + "avatarUrl": "https://placekitten.com/200/200", + "htmlUrl": "https://github.com/DominusKelvin" + } + ], + "kind": "query", + "slug": "get-servers-with-root-login-in-the-last-24-hours", + "resolution": "N/A", + "requiresMdm": false + }, + { + "name": "Detect active processes with Log4j running", + "platform": "darwin, linux", + "description": "Returns a list of active processes and the Jar paths which are using Log4j. Version numbers are usually within the Jar filename. Note: This query is resource intensive and has caused problems on systems with limited swap space. Test on some systems before running this widely.", + "query": "WITH target_jars AS (\n SELECT DISTINCT path\n FROM (\n WITH split(word, str) AS(\n SELECT '', cmdline || ' '\n FROM processes\n UNION ALL\n SELECT substr(str, 0, instr(str, ' ')), substr(str, instr(str, ' ') + 1)\n FROM split\n WHERE str != '')\n SELECT word AS path\n FROM split\n WHERE word LIKE '%.jar'\n UNION ALL\n SELECT path\n FROM process_open_files\n WHERE path LIKE '%.jar'\n )\n)\nSELECT path, matches\nFROM yara\nWHERE path IN (SELECT path FROM target_jars)\n AND count > 0\n AND sigrule IN (\n 'rule log4jJndiLookup {\n strings:\n $jndilookup = \"JndiLookup\"\n condition:\n $jndilookup\n }',\n 'rule log4jJavaClass {\n strings:\n $javaclass = \"org/apache/logging/log4j\"\n condition:\n $javaclass\n }'\n );\n", + "purpose": "Detection", + "tags": [ + "vulnerability" + ], + "contributors": [ + { + "name": "zwass", + "handle": "zwass", + "avatarUrl": "https://placekitten.com/200/200", + "htmlUrl": "https://github.com/zwass" + }, + { + "name": "tgauda", + "handle": "tgauda", + "avatarUrl": "https://placekitten.com/200/200", + "htmlUrl": "https://github.com/tgauda" + } + ], + "kind": "query", + "slug": "detect-active-processes-with-log-4-j-running", + "resolution": "N/A", + "requiresMdm": false + }, + { + "name": "Get applications that were opened within the last 24 hours", + "platform": "darwin", + "description": "Returns applications that were opened within the last 24 hours starting with the last opened application.", + "query": "SELECT * FROM apps WHERE last_opened_time > (( SELECT unix_time FROM time ) - 86400 ) ORDER BY last_opened_time DESC;", + "purpose": "Informational", + "tags": [ + "inventory" + ], + "contributors": [ + { + "name": "DominusKelvin", + "handle": "DominusKelvin", + "avatarUrl": "https://placekitten.com/200/200", + "htmlUrl": "https://github.com/DominusKelvin" + } + ], + "kind": "query", + "slug": "get-applications-that-were-opened-within-the-last-24-hours", + "resolution": "N/A", + "requiresMdm": false + }, + { + "name": "Get applications that are not in the Applications directory", + "platform": "darwin", + "description": "Returns applications that are not in the `/Applications` directory", + "query": "SELECT * FROM apps WHERE path NOT LIKE '/Applications/%';", + "purpose": "Informational", + "tags": [ + "hunting", + "inventory" + ], + "contributors": [ + { + "name": "DominusKelvin", + "handle": "DominusKelvin", + "avatarUrl": "https://placekitten.com/200/200", + "htmlUrl": "https://github.com/DominusKelvin" + } + ], + "kind": "query", + "slug": "get-applications-that-are-not-in-the-applications-directory", + "resolution": "N/A", + "requiresMdm": false + }, + { + "name": "Get subscription-based applications that have not been opened for the last 30 days", + "platform": "darwin", + "description": "Returns applications that are subscription-based and have not been opened for the last 30 days. You can replace the list of applications with those specific to your use case.", + "query": "SELECT * FROM apps WHERE path LIKE '/Applications/%' AND name IN (\"Photoshop.app\", \"Adobe XD.app\", \"Sketch.app\", \"Illustrator.app\") AND last_opened_time < (( SELECT unix_time FROM time ) - 2592000000000 );", + "purpose": "Informational", + "tags": [ + "inventory" + ], + "contributors": [ + { + "name": "DominusKelvin", + "handle": "DominusKelvin", + "avatarUrl": "https://placekitten.com/200/200", + "htmlUrl": "https://github.com/DominusKelvin" + } + ], + "kind": "query", + "slug": "get-subscription-based-applications-that-have-not-been-opened-for-the-last-30-days", + "resolution": "N/A", + "requiresMdm": false + }, + { + "name": "Get operating system information", + "platform": "darwin, windows, linux", + "description": "Returns the operating system name and version on the device.", + "query": "SELECT name, version FROM os_version;", + "purpose": "Informational", + "tags": [ + "inventory", + "built-in" + ], + "contributors": [ + { + "name": "noahtalerman", + "handle": "noahtalerman", + "avatarUrl": "https://placekitten.com/200/200", + "htmlUrl": "https://github.com/noahtalerman" + } + ], + "kind": "query", + "slug": "get-operating-system-information", + "resolution": "N/A", + "requiresMdm": false + }, + { + "name": "Gatekeeper enabled (macOS)", + "query": "SELECT 1 FROM gatekeeper WHERE assessments_enabled = 1;", + "description": "Checks to make sure that the Gatekeeper feature is enabled on macOS devices. Gatekeeper tries to ensure only trusted software is run on a mac machine.", + "resolution": "To enable Gatekeeper, on the failing device, run the following command in the Terminal app: /usr/sbin/spctl --master-enable.", + "tags": [ + "compliance", + "hardening", + "built-in", + "cis", + "cis2.5.2.1" + ], + "platform": "darwin", + "contributors": [ + { + "name": "groob", + "handle": "groob", + "avatarUrl": "https://placekitten.com/200/200", + "htmlUrl": "https://github.com/groob" + } + ], + "kind": "policy", + "slug": "gatekeeper-enabled-mac-os", + "requiresMdm": false, + "critical": true + }, + { + "name": "Full disk encryption enabled (Windows)", + "query": "SELECT 1 FROM bitlocker_info WHERE drive_letter='C:' AND protection_status=1;", + "description": "Checks to make sure that full disk encryption is enabled on Windows devices.", + "resolution": "To get additional information, run the following osquery query on the failing device: SELECT * FROM bitlocker_info. In the query results, if protection_status is 2, then the status cannot be determined. If it is 0, it is considered unprotected. Use the additional results (percent_encrypted, conversion_status, etc.) to help narrow down the specific reason why Windows considers the volume unprotected.", + "platform": "windows", + "tags": [ + "compliance", + "hardening", + "built-in" + ], + "contributors": [ + { + "name": "defensivedepth", + "handle": "defensivedepth", + "avatarUrl": "https://placekitten.com/200/200", + "htmlUrl": "https://github.com/defensivedepth" + } + ], + "kind": "policy", + "slug": "full-disk-encryption-enabled-windows", + "requiresMdm": false, + "critical": true + }, + { + "name": "Full disk encryption enabled (macOS)", + "query": "SELECT 1 FROM disk_encryption WHERE user_uuid IS NOT \"\" AND filevault_status = 'on' LIMIT 1;", + "description": "Checks to make sure that full disk encryption (FileVault) is enabled on macOS devices.", + "resolution": "To enable full disk encryption, on the failing device, select System Preferences > Security & Privacy > FileVault > Turn On FileVault.", + "tags": [ + "compliance", + "hardening", + "built-in", + "cis", + "cis2.5.1.1" + ], + "platform": "darwin", + "contributors": [ + { + "name": "groob", + "handle": "groob", + "avatarUrl": "https://placekitten.com/200/200", + "htmlUrl": "https://github.com/groob" + } + ], + "kind": "policy", + "slug": "full-disk-encryption-enabled-mac-os", + "requiresMdm": false, + "critical": true + }, + { + "name": "Full disk encryption enabled (Linux)", + "query": "SELECT 1 FROM disk_encryption WHERE encrypted=1 AND name LIKE '/dev/dm-1';", + "description": "Checks if the root drive is encrypted. There are many ways to encrypt Linux systems. This is the default on distributions such as Ubuntu.", + "resolution": "Ensure the image deployed to your Linux workstation includes full disk encryption.", + "platform": "linux", + "tags": [ + "compliance", + "hardening", + "built-in" + ], + "contributors": [ + { + "name": "GuillaumeRoss", + "handle": "GuillaumeRoss", + "avatarUrl": "https://placekitten.com/200/200", + "htmlUrl": "https://github.com/GuillaumeRoss" + } + ], + "kind": "policy", + "slug": "full-disk-encryption-enabled-linux", + "requiresMdm": false, + "critical": true + }, + { + "name": "System Integrity Protection enabled (macOS)", + "query": "SELECT 1 FROM sip_config WHERE config_flag = 'sip' AND enabled = 1;", + "description": "Checks to make sure that the System Integrity Protection feature is enabled.", + "resolution": "To enable System Integrity Protection, on the failing device, run the following command in the Terminal app: /usr/sbin/spctl --master-enable.", + "tags": [ + "compliance", + "malware", + "hardening", + "built-in", + "cis", + "cis5.1.2" + ], + "platform": "darwin", + "contributors": [ + { + "name": "groob", + "handle": "groob", + "avatarUrl": "https://placekitten.com/200/200", + "htmlUrl": "https://github.com/groob" + } + ], + "kind": "policy", + "slug": "system-integrity-protection-enabled-mac-os", + "requiresMdm": false + }, + { + "name": "Automatic login disabled (macOS)", + "query": "SELECT 1 FROM managed_policies WHERE domain = 'com.apple.loginwindow' AND name = 'com.apple.login.mcx.DisableAutoLoginClient' AND value = 1 LIMIT 1;", + "description": "Checks that a mobile device management (MDM) solution configures the Mac to prevent login in without a password.", + "resolution": "Contact your IT administrator to ensure your Mac is receiving a profile that disables automatic login.", + "tags": [ + "compliance", + "hardening", + "built-in" + ], + "platform": "darwin", + "contributors": [ + { + "name": "groob", + "handle": "groob", + "avatarUrl": "https://placekitten.com/200/200", + "htmlUrl": "https://github.com/groob" + } + ], + "kind": "policy", + "slug": "automatic-login-disabled-mac-os", + "requiresMdm": true, + "critical": true + }, + { + "name": "Secure keyboard entry for Terminal application enabled (macOS)", + "query": "SELECT 1 FROM managed_policies WHERE domain = 'com.apple.Terminal' AND name = 'SecureKeyboardEntry' AND value = 1 LIMIT 1;", + "description": "Checks that a mobile device management (MDM) solution configures the Mac to enabled secure keyboard entry for the Terminal application.", + "resolution": "Contact your IT administrator to ensure your Mac is receiving a profile that enables secure keyboard entry for the Terminal application.", + "tags": [ + "compliance", + "hardening", + "built-in" + ], + "platform": "darwin", + "contributors": [ + { + "name": "groob", + "handle": "groob", + "avatarUrl": "https://placekitten.com/200/200", + "htmlUrl": "https://github.com/groob" + } + ], + "kind": "policy", + "slug": "secure-keyboard-entry-for-terminal-application-enabled-mac-os", + "requiresMdm": true + }, + { + "name": "Get built-in antivirus status on macOS", + "platform": "darwin", + "query": "SELECT path, value AS version FROM plist WHERE (key = 'CFBundleShortVersionString' AND path = '/Library/Apple/System/Library/CoreServices/MRT.app/Contents/Info.plist') OR (key = 'CFBundleShortVersionString' AND path = '/Library/Apple/System/Library/CoreServices/XProtect.bundle/Contents/Info.plist');", + "description": "Reads the version numbers from the Malware Removal Tool (MRT) and built-in antivirus (XProtect) plists", + "purpose": "Informational", + "tags": [ + "compliance", + "malware", + "hardening", + "built-in" + ], + "contributors": [ + { + "name": "GuillaumeRoss", + "handle": "GuillaumeRoss", + "avatarUrl": "https://placekitten.com/200/200", + "htmlUrl": "https://github.com/GuillaumeRoss" + } + ], + "kind": "query", + "slug": "get-built-in-antivirus-status-on-mac-os", + "resolution": "N/A", + "requiresMdm": false + }, + { + "name": "Get antivirus status from the Windows Security Center", + "platform": "windows", + "query": "SELECT antivirus, signatures_up_to_date from windows_security_center CROSS JOIN windows_security_products WHERE type = 'Antivirus';", + "description": "Selects the antivirus and signatures status from Windows Security Center.", + "purpose": "Informational", + "tags": [ + "compliance", + "malware", + "hardening", + "built-in" + ], + "contributors": [ + { + "name": "GuillaumeRoss", + "handle": "GuillaumeRoss", + "avatarUrl": "https://placekitten.com/200/200", + "htmlUrl": "https://github.com/GuillaumeRoss" + } + ], + "kind": "query", + "slug": "get-antivirus-status-from-the-windows-security-center", + "resolution": "N/A", + "requiresMdm": false + }, + { + "name": "Get antivirus (ClamAV/clamd) and updater (freshclam) process status", + "platform": "linux", + "query": "SELECT pid, state, cmdline, name FROM processes WHERE name='clamd' OR name='freshclam';", + "description": "Selects the clamd and freshclam processes to ensure AV and its updater are running", + "purpose": "Informational", + "tags": [ + "compliance", + "malware", + "hardening", + "built-in" + ], + "contributors": [ + { + "name": "GuillaumeRoss", + "handle": "GuillaumeRoss", + "avatarUrl": "https://placekitten.com/200/200", + "htmlUrl": "https://github.com/GuillaumeRoss" + } + ], + "kind": "query", + "slug": "get-antivirus-clam-av-clamd-and-updater-freshclam-process-status", + "resolution": "N/A", + "requiresMdm": false + }, + { + "name": "Antivirus healthy (macOS)", + "query": "SELECT score FROM (SELECT case when COUNT(*) = 2 then 1 ELSE 0 END AS score FROM plist WHERE (key = 'CFBundleShortVersionString' AND path = '/Library/Apple/System/Library/CoreServices/XProtect.bundle/Contents/Info.plist' AND value>=2162) OR (key = 'CFBundleShortVersionString' AND path = '/Library/Apple/System/Library/CoreServices/MRT.app/Contents/Info.plist' and value>=1.93)) WHERE score == 1;", + "description": "Checks the version of Malware Removal Tool (MRT) and the built-in macOS AV (Xprotect). Replace version numbers with the latest version regularly.", + "resolution": "To enable automatic security definition updates, on the failing device, select System Preferences > Software Update > Advanced > Turn on Install system data files and security updates.", + "tags": [ + "compliance", + "malware", + "hardening", + "built-in", + "template" + ], + "platform": "darwin", + "contributors": [ + { + "name": "GuillaumeRoss", + "handle": "GuillaumeRoss", + "avatarUrl": "https://placekitten.com/200/200", + "htmlUrl": "https://github.com/GuillaumeRoss" + } + ], + "kind": "policy", + "slug": "antivirus-healthy-mac-os", + "requiresMdm": false + }, + { + "name": "Antivirus healthy (Windows)", + "query": "SELECT 1 from windows_security_center wsc CROSS JOIN windows_security_products wsp WHERE antivirus = 'Good' AND type = 'Antivirus' AND signatures_up_to_date=1;", + "description": "Checks the status of antivirus and signature updates from the Windows Security Center.", + "resolution": "Ensure Windows Defender or your third-party antivirus is running, up to date, and visible in the Windows Security Center.", + "tags": [ + "compliance", + "malware", + "hardening", + "built-in" + ], + "platform": "windows", + "contributors": [ + { + "name": "GuillaumeRoss", + "handle": "GuillaumeRoss", + "avatarUrl": "https://placekitten.com/200/200", + "htmlUrl": "https://github.com/GuillaumeRoss" + } + ], + "kind": "policy", + "slug": "antivirus-healthy-windows", + "requiresMdm": false + }, + { + "name": "Antivirus healthy (Linux)", + "query": "SELECT score FROM (SELECT case when COUNT(*) = 2 then 1 ELSE 0 END AS score FROM processes WHERE (name = 'clamd') OR (name = 'freshclam')) WHERE score == 1;", + "description": "Checks that both ClamAV's daemon and its updater service (freshclam) are running.", + "resolution": "Ensure ClamAV and Freshclam are installed and running.", + "tags": [ + "compliance", + "malware", + "hardening", + "built-in" + ], + "platform": "linux", + "contributors": [ + { + "name": "GuillaumeRoss", + "handle": "GuillaumeRoss", + "avatarUrl": "https://placekitten.com/200/200", + "htmlUrl": "https://github.com/GuillaumeRoss" + } + ], + "kind": "policy", + "slug": "antivirus-healthy-linux", + "requiresMdm": false + }, + { + "name": "MDM enrolled (macOS)", + "query": "SELECT 1 from mdm WHERE enrolled='true';", + "description": "Required: osquery deployed with Orbit, or manual installation of macadmins/osquery-extension. Checks that a mac is enrolled to MDM. Add a AND on identity_certificate_uuid to check for a specific MDM.", + "resolution": "Enroll device to MDM", + "tags": [ + "compliance", + "hardening", + "built-in" + ], + "platform": "darwin", + "contributors": [ + { + "name": "GuillaumeRoss", + "handle": "GuillaumeRoss", + "avatarUrl": "https://placekitten.com/200/200", + "htmlUrl": "https://github.com/GuillaumeRoss" + } + ], + "kind": "policy", + "slug": "mdm-enrolled-mac-os", + "requiresMdm": false, + "critical": true + }, + { + "name": "Docker application is up to date or not present (macOS)", + "query": "SELECT 1 WHERE EXISTS (SELECT 1 FROM apps a1 WHERE a1.bundle_identifier = 'com.electron.dockerdesktop' AND a1.bundle_short_version>='4.6.1') OR NOT EXISTS (SELECT 1 FROM apps a2 WHERE a2.bundle_identifier = 'com.electron.dockerdesktop');", + "description": "Checks if the application (Docker Desktop example) is installed and up to date, or not installed. Fails if the application is installed and on a lower version. You can copy this query and replace the bundle_identifier and bundle_version values to apply the same type of policy to other applications.", + "resolution": "Update Docker or remove it if not used.", + "tags": [ + "inventory", + "vulnerability", + "built-in" + ], + "platform": "darwin", + "contributors": [ + { + "name": "GuillaumeRoss", + "handle": "GuillaumeRoss", + "avatarUrl": "https://placekitten.com/200/200", + "htmlUrl": "https://github.com/GuillaumeRoss" + } + ], + "kind": "policy", + "slug": "docker-application-is-up-to-date-or-not-present-mac-os", + "requiresMdm": false + }, + { + "name": "SSH keys encrypted", + "query": "SELECT 1 WHERE NOT EXISTS (SELECT 1 FROM users CROSS JOIN user_ssh_keys USING (uid) WHERE encrypted='0');", + "description": "Required: osquery must have Full Disk Access. Policy passes if all keys are encrypted, including if no keys are present.", + "resolution": "Use this command to encrypt existing SSH keys by providing the path to the file: ssh-keygen -o -p -f /path/to/file", + "tags": [ + "compliance", + "ssh", + "built-in" + ], + "contributors": [ + { + "name": "GuillaumeRoss", + "handle": "GuillaumeRoss", + "avatarUrl": "https://placekitten.com/200/200", + "htmlUrl": "https://github.com/GuillaumeRoss" + } + ], + "platform": "darwin,linux,windows", + "kind": "policy", + "slug": "ssh-keys-encrypted", + "requiresMdm": false + }, + { + "name": "Suspicious autostart (Windows)", + "query": "SELECT 1 WHERE NOT EXISTS (SELECT 1 FROM startup_items WHERE path = \"regsvr32\" AND args LIKE \"%http%\");", + "description": "Checks for an autostart that is attempting to load a dynamic link library (DLL) from the internet.", + "resolution": "Remove the suspicious startup entry.", + "tags": [ + "malware", + "hunting" + ], + "platform": "windows", + "contributors": [ + { + "name": "kswagler-rh", + "handle": "kswagler-rh", + "avatarUrl": "https://placekitten.com/200/200", + "htmlUrl": "https://github.com/kswagler-rh" + } + ], + "kind": "policy", + "slug": "suspicious-autostart-windows", + "requiresMdm": false + }, + { + "name": "Firewall enabled (macOS)", + "query": "SELECT 1 FROM alf WHERE global_state >= 1;", + "description": "Checks if the firewall is enabled.", + "resolution": "In System Preferences, open Security & Privacy, navigate to the Firewall tab and click Turn On Firewall.", + "tags": [ + "hardening", + "compliance", + "built-in", + "cis", + "cis2.5.2.2" + ], + "platform": "darwin", + "contributors": [ + { + "name": "GuillaumeRoss", + "handle": "GuillaumeRoss", + "avatarUrl": "https://placekitten.com/200/200", + "htmlUrl": "https://github.com/GuillaumeRoss" + } + ], + "kind": "policy", + "slug": "firewall-enabled-mac-os", + "requiresMdm": false + }, + { + "name": "Screen lock enabled (macOS)", + "query": "SELECT 1 FROM managed_policies WHERE name='askForPassword' AND value='1';", + "description": "Checks that a mobile device management (MDM) solution configures the Mac to enable screen lock.", + "resolution": "Contact your IT administrator to ensure your Mac is receiving a profile that enables screen lock.", + "tags": [ + "compliance", + "hardening", + "built-in" + ], + "platform": "darwin", + "contributors": [ + { + "name": "GuillaumeRoss", + "handle": "GuillaumeRoss", + "avatarUrl": "https://placekitten.com/200/200", + "htmlUrl": "https://github.com/GuillaumeRoss" + } + ], + "kind": "policy", + "slug": "screen-lock-enabled-mac-os", + "requiresMdm": true + }, + { + "name": "Screen lock enabled (Windows)", + "query": "SELECT 1 FROM registry WHERE path = 'HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\InactivityTimeoutSecs' AND CAST(data as INTEGER) <= 1800;", + "description": "Checks if the screen lock is enabled and configured to lock the system within 30 minutes or less.", + "resolution": "Contact your IT administrator to enable the Interactive Logon: Machine inactivity limit setting with a value of 1800 seconds or lower.", + "tags": [ + "compliance", + "hardening", + "built-in" + ], + "platform": "windows", + "contributors": [ + { + "name": "GuillaumeRoss", + "handle": "GuillaumeRoss", + "avatarUrl": "https://placekitten.com/200/200", + "htmlUrl": "https://github.com/GuillaumeRoss" + } + ], + "kind": "policy", + "slug": "screen-lock-enabled-windows", + "requiresMdm": false + }, + { + "name": "Password requires 10 or more characters (macOS)", + "query": "SELECT 1 FROM (SELECT cast(lengthtxt as integer(2)) minlength FROM (SELECT SUBSTRING(length, 1, 2) AS lengthtxt FROM (SELECT policy_description, policy_identifier, split(policy_content, '{', 1) AS length FROM password_policy WHERE policy_identifier LIKE '%minLength')) WHERE minlength >= 10);", + "description": "Checks that the password policy requires at least 10 characters. Requires osquery 5.4.0 or newer.", + "resolution": "Contact your IT administrator to make sure your Mac is receiving configuration profiles for password length.", + "platform": "darwin", + "tags": [ + "compliance", + "hardening", + "built-in", + "cis", + "cis5.2.2" + ], + "contributors": [ + { + "name": "GuillaumeRoss", + "handle": "GuillaumeRoss", + "avatarUrl": "https://placekitten.com/200/200", + "htmlUrl": "https://github.com/GuillaumeRoss" + } + ], + "kind": "policy", + "slug": "password-requires-10-or-more-characters-mac-os", + "requiresMdm": false + }, + { + "name": "Operating system up to date (macOS)", + "query": "SELECT 1 FROM os_version WHERE version >= '14.1.1';", + "description": "Checks that the operating system is up to date.", + "resolution": "From the Apple menu () in the corner of your screen choose System Preferences. Then select Software Update and select Upgrade Now. You might be asked to restart or enter your password.", + "tags": [ + "compliance", + "cis", + "template", + "cis1.1" + ], + "platform": "darwin", + "contributors": [ + { + "name": "GuillaumeRoss", + "handle": "GuillaumeRoss", + "avatarUrl": "https://placekitten.com/200/200", + "htmlUrl": "https://github.com/GuillaumeRoss" + } + ], + "kind": "policy", + "slug": "operating-system-up-to-date-mac-os", + "requiresMdm": false, + "critical": true + }, + { + "name": "Automatic updates enabled (macOS)", + "query": "SELECT 1 FROM managed_policies WHERE domain='com.apple.SoftwareUpdate' AND name='AutomaticCheckEnabled' AND value=1 LIMIT 1;", + "description": "Checks that a mobile device management (MDM) solution configures the Mac to automatically check for updates.", + "resolution": "Contact your IT administrator to ensure your Mac is receiving a profile that enables automatic updates.", + "tags": [ + "compliance", + "cis", + "cis1.2" + ], + "platform": "darwin", + "contributors": [ + { + "name": "GuillaumeRoss", + "handle": "GuillaumeRoss", + "avatarUrl": "https://placekitten.com/200/200", + "htmlUrl": "https://github.com/GuillaumeRoss" + } + ], + "kind": "policy", + "slug": "automatic-updates-enabled-mac-os", + "requiresMdm": true + }, + { + "name": "Automatic update downloads enabled (macOS)", + "query": "SELECT 1 FROM managed_policies WHERE domain='com.apple.SoftwareUpdate' AND name='AutomaticDownload' AND value=1 LIMIT 1;", + "description": "Checks that a mobile device management (MDM) solution configures the Mac to automatically download updates.", + "resolution": "Contact your IT administrator to ensure your Mac is receiving a profile that enables automatic update downloads.", + "tags": [ + "compliance", + "cis", + "cis1.3" + ], + "platform": "darwin", + "contributors": [ + { + "name": "GuillaumeRoss", + "handle": "GuillaumeRoss", + "avatarUrl": "https://placekitten.com/200/200", + "htmlUrl": "https://github.com/GuillaumeRoss" + } + ], + "kind": "policy", + "slug": "automatic-update-downloads-enabled-mac-os", + "requiresMdm": true + }, + { + "name": "Automatic installation of application updates is enabled (macOS)", + "query": "SELECT 1 FROM managed_policies WHERE domain='com.apple.SoftwareUpdate' AND name='AutomaticallyInstallAppUpdates' AND value=1 LIMIT 1;", + "description": "Checks that a mobile device management (MDM) solution configures the Mac to automatically install updates to App Store applications.", + "resolution": "Contact your IT administrator to ensure your Mac is receiving a profile that enables automatic installation of application updates.", + "tags": [ + "compliance", + "cis", + "cis1.4" + ], + "platform": "darwin", + "contributors": [ + { + "name": "GuillaumeRoss", + "handle": "GuillaumeRoss", + "avatarUrl": "https://placekitten.com/200/200", + "htmlUrl": "https://github.com/GuillaumeRoss" + } + ], + "kind": "policy", + "slug": "automatic-installation-of-application-updates-is-enabled-mac-os", + "requiresMdm": true + }, + { + "name": "Automatic security and data file updates is enabled (macOS)", + "query": "SELECT 1 FROM managed_policies WHERE domain='com.apple.SoftwareUpdate' AND name='CriticalUpdateInstall' AND value=1 LIMIT 1;", + "description": "Checks that a mobile device management (MDM) solution configures the Mac to automatically download updates to built-in macOS security tools such as malware removal tools.", + "resolution": "Contact your IT administrator to ensure your Mac is receiving a profile that enables automatic security and data update installation.", + "tags": [ + "compliance", + "cis", + "cis1.5" + ], + "platform": "darwin", + "contributors": [ + { + "name": "GuillaumeRoss", + "handle": "GuillaumeRoss", + "avatarUrl": "https://placekitten.com/200/200", + "htmlUrl": "https://github.com/GuillaumeRoss" + } + ], + "kind": "policy", + "slug": "automatic-security-and-data-file-updates-is-enabled-mac-os", + "requiresMdm": true + }, + { + "name": "Automatic installation of operating system updates is enabled (macOS)", + "query": "SELECT 1 FROM managed_policies WHERE domain='com.apple.SoftwareUpdate' AND name='AutomaticallyInstallMacOSUpdates' AND value=1 LIMIT 1;", + "description": "Checks that a mobile device management (MDM) solution configures the Mac to automatically install operating system updates.", + "resolution": "Contact your IT administrator to ensure your Mac is receiving a profile that enables automatic installation of operating system updates.", + "tags": [ + "compliance", + "cis", + "cis1.6" + ], + "platform": "darwin", + "contributors": [ + { + "name": "GuillaumeRoss", + "handle": "GuillaumeRoss", + "avatarUrl": "https://placekitten.com/200/200", + "htmlUrl": "https://github.com/GuillaumeRoss" + } + ], + "kind": "policy", + "slug": "automatic-installation-of-operating-system-updates-is-enabled-mac-os", + "requiresMdm": true + }, + { + "name": "Time and date are configured to be updated automatically (macOS)", + "query": "SELECT 1 FROM managed_policies WHERE domain='com.apple.applicationaccess' AND name='forceAutomaticDateAndTime' AND value=1 LIMIT 1;", + "description": "Checks that a mobile device management (MDM) solution configures the Mac to automatically update the time and date.", + "resolution": "Contact your IT administrator to ensure your Mac is receiving a profile that enables automatic time and date configuration.", + "tags": [ + "compliance", + "cis", + "cis2.2.1" + ], + "platform": "darwin", + "contributors": [ + { + "name": "GuillaumeRoss", + "handle": "GuillaumeRoss", + "avatarUrl": "https://placekitten.com/200/200", + "htmlUrl": "https://github.com/GuillaumeRoss" + } + ], + "kind": "policy", + "slug": "time-and-date-are-configured-to-be-updated-automatically-mac-os", + "requiresMdm": true + }, + { + "name": "Lock screen after inactivity of 20 minutes or less (macOS)", + "query": "SELECT 1 WHERE EXISTS (SELECT CAST(value as integer(4)) valueint from managed_policies WHERE domain = 'com.apple.screensaver' AND name = 'askForPasswordDelay' AND valueint <= 60 LIMIT 1) AND EXISTS (SELECT CAST(value as integer(4)) valueint from managed_policies WHERE domain = 'com.apple.screensaver' AND name = 'idleTime' AND valueint <= 1140 LIMIT 1) AND EXISTS (SELECT 1 from managed_policies WHERE domain='com.apple.screensaver' AND name='askForPassword' AND value=1 LIMIT 1);", + "description": "Checks that a mobile device management (MDM) solution configures the Mac to lock the screen after 20 minutes or less.", + "resolution": "Contact your IT administrator to ensure your Mac is receiving a profile that enables the screen saver after inactivity of 20 minutes or less.", + "tags": [ + "compliance", + "cis", + "cis2.3.1", + "cis5.8" + ], + "platform": "darwin", + "contributors": [ + { + "name": "GuillaumeRoss", + "handle": "GuillaumeRoss", + "avatarUrl": "https://placekitten.com/200/200", + "htmlUrl": "https://github.com/GuillaumeRoss" + } + ], + "kind": "policy", + "slug": "lock-screen-after-inactivity-of-20-minutes-or-less-mac-os", + "requiresMdm": true + }, + { + "name": "Internet sharing is blocked (macOS)", + "query": "SELECT 1 FROM managed_policies WHERE domain='com.apple.MCX' AND name='forceInternetSharingOff' AND value='1' LIMIT 1;", + "description": "Checks that a mobile device management (MDM) solution configures the Mac to prevent Internet sharing.", + "resolution": "Contact your IT administrator to ensure your Mac is receiving a profile that prevents Internet sharing.", + "tags": [ + "compliance", + "cis", + "cis2.4.2" + ], + "platform": "darwin", + "contributors": [ + { + "name": "GuillaumeRoss", + "handle": "GuillaumeRoss", + "avatarUrl": "https://placekitten.com/200/200", + "htmlUrl": "https://github.com/GuillaumeRoss" + } + ], + "kind": "policy", + "slug": "internet-sharing-is-blocked-mac-os", + "requiresMdm": true + }, + { + "name": "Content caching is disabled (macOS)", + "query": "SELECT 1 FROM managed_policies WHERE domain='com.apple.applicationaccess' AND name='allowContentCaching' AND value='0' LIMIT 1;", + "description": "Checks that a mobile device management (MDM) solution configures the Mac to disable content caching.", + "resolution": "Contact your IT administrator to ensure your Mac is receiving a profile that disables content caching.", + "tags": [ + "compliance", + "cis", + "cis2.4.10" + ], + "platform": "darwin", + "contributors": [ + { + "name": "GuillaumeRoss", + "handle": "GuillaumeRoss", + "avatarUrl": "https://placekitten.com/200/200", + "htmlUrl": "https://github.com/GuillaumeRoss" + } + ], + "kind": "policy", + "slug": "content-caching-is-disabled-mac-os", + "requiresMdm": true + }, + { + "name": "Ad tracking is limited (macOS)", + "query": "SELECT 1 FROM managed_policies WHERE domain='com.apple.AdLib' AND name='forceLimitAdTracking' AND value='1' LIMIT 1;", + "description": "Checks that a mobile device management (MDM) solution configures the Mac to limit advertisement tracking.", + "resolution": "Contact your IT administrator to ensure your Mac is receiving a profile that disables advertisement tracking.", + "tags": [ + "compliance", + "cis", + "cis2.5.6" + ], + "platform": "darwin", + "contributors": [ + { + "name": "GuillaumeRoss", + "handle": "GuillaumeRoss", + "avatarUrl": "https://placekitten.com/200/200", + "htmlUrl": "https://github.com/GuillaumeRoss" + } + ], + "kind": "policy", + "slug": "ad-tracking-is-limited-mac-os", + "requiresMdm": true + }, + { + "name": "iCloud Desktop and Document sync is disabled (macOS)", + "query": "SELECT 1 FROM managed_policies WHERE domain='com.apple.icloud.managed' AND name='DisableCloudSync' AND value='1' LIMIT 1;", + "description": "Checks that a mobile device management (MDM) solution configures the Mac to prevent iCloud Desktop and Documents sync.", + "resolution": "Contact your IT administrator to ensure your Mac is receiving a profile to prevent iCloud Desktop and Documents sync.", + "tags": [ + "compliance", + "cis", + "cis2.6.1.4" + ], + "platform": "darwin", + "contributors": [ + { + "name": "GuillaumeRoss", + "handle": "GuillaumeRoss", + "avatarUrl": "https://placekitten.com/200/200", + "htmlUrl": "https://github.com/GuillaumeRoss" + } + ], + "kind": "policy", + "slug": "i-cloud-desktop-and-document-sync-is-disabled-mac-os", + "requiresMdm": true + }, + { + "name": "Firewall logging is enabled (macOS)", + "query": "SELECT 1 FROM managed_policies WHERE domain='com.apple.security.firewall' AND name='EnableLogging' AND value='1' LIMIT 1;", + "description": "Checks that a mobile device management (MDM) solution configures the Mac to log firewall activity.", + "resolution": "Contact your IT administrator to ensure your Mac is receiving a profile that enables firewall logging.", + "tags": [ + "compliance", + "cis", + "cis3.6" + ], + "platform": "darwin", + "contributors": [ + { + "name": "GuillaumeRoss", + "handle": "GuillaumeRoss", + "avatarUrl": "https://placekitten.com/200/200", + "htmlUrl": "https://github.com/GuillaumeRoss" + } + ], + "kind": "policy", + "slug": "firewall-logging-is-enabled-mac-os", + "requiresMdm": true + }, + { + "name": "Guest account disabled (macOS)", + "query": "SELECT 1 FROM managed_policies WHERE domain='com.apple.loginwindow' AND name='DisableGuestAccount' AND value='1' LIMIT 1;", + "description": "Checks that a mobile device management (MDM) solution configures the Mac to prevent the use of a guest account.", + "resolution": "Contact your IT administrator to ensure your Mac is receiving a profile that disables the guest account.", + "tags": [ + "compliance", + "cis", + "cis6.1.3" + ], + "platform": "darwin", + "contributors": [ + { + "name": "GuillaumeRoss", + "handle": "GuillaumeRoss", + "avatarUrl": "https://placekitten.com/200/200", + "htmlUrl": "https://github.com/GuillaumeRoss" + } + ], + "kind": "policy", + "slug": "guest-account-disabled-mac-os", + "requiresMdm": true + }, + { + "name": "Guest access to shared folders is disabled (macOS)", + "query": "SELECT 1 FROM managed_policies WHERE domain='com.apple.AppleFileServer' AND name='guestAccess' AND value='0' LIMIT 1;", + "description": "Checks that a mobile device management (MDM) solution configures the Mac to prevent guest access to shared folders.", + "resolution": "Contact your IT administrator to ensure your Mac is receiving a profile that prevents guest access to shared folders.", + "tags": [ + "compliance", + "cis", + "cis6.1.4" + ], + "platform": "darwin", + "contributors": [ + { + "name": "GuillaumeRoss", + "handle": "GuillaumeRoss", + "avatarUrl": "https://placekitten.com/200/200", + "htmlUrl": "https://github.com/GuillaumeRoss" + } + ], + "kind": "policy", + "slug": "guest-access-to-shared-folders-is-disabled-mac-os", + "requiresMdm": true + }, + { + "name": "No 1Password emergency kit stored in desktop, documents, or downloads folders (macOS)", + "query": "SELECT 1 WHERE NOT EXISTS (SELECT 1 FROM file WHERE filename LIKE '%Emergency Kit%.pdf' AND (path LIKE '/Users/%/Desktop/%' OR path LIKE '/Users/%/Documents/%' OR path LIKE '/Users/%/Downloads/%' OR path LIKE '/Users/Shared/%'));", + "description": "Looks for PDF files with file names typically used by 1Password for emergency recovery kits. To protect the performance of your devices, the search is one level deep and limited to the Desktop, Documents, Downloads, and Shared folders.", + "resolution": "Delete 1Password emergency kits from your computer, and empty the trash. 1Password emergency kits should only be printed and stored in a physically secure location.", + "platform": "darwin", + "tags": [ + "compliance", + "built-in" + ], + "contributors": [ + { + "name": "nonpunctual", + "handle": "nonpunctual", + "avatarUrl": "https://placekitten.com/200/200", + "htmlUrl": "https://github.com/nonpunctual" + } + ], + "kind": "policy", + "slug": "no-1-password-emergency-kit-stored-in-desktop-documents-or-downloads-folders-mac-os", + "requiresMdm": false + }, + { + "name": "Discover TLS certificates", + "platform": "linux, windows, darwin", + "description": "Retrieves metadata about TLS certificates for servers listening on the local machine. Enables mTLS adoption analysis and cert expiration notifications.", + "query": "SELECT * FROM curl_certificate WHERE hostname IN (SELECT DISTINCT 'localhost:'||port FROM listening_ports WHERE protocol=6 AND address!='127.0.0.1' AND address!='::1');", + "purpose": "Informational", + "tags": [ + "network", + "tls" + ], + "contributors": [ + { + "name": "nabilschear", + "handle": "nabilschear", + "avatarUrl": "https://placekitten.com/200/200", + "htmlUrl": "https://github.com/nabilschear" + } + ], + "kind": "query", + "slug": "discover-tls-certificates", + "resolution": "N/A", + "requiresMdm": false + }, + { + "name": "Discover Python Packages from Running Python Interpreters", + "platform": "linux, darwin", + "description": "Attempt to discover Python environments (in cwd, path to the python binary, and process command line) from running python interpreters and collect Python packages from those environments.", + "query": "SELECT * FROM python_packages WHERE directory IN (SELECT DISTINCT directory FROM (SELECT SUBSTR(path,0,INSTR(path,'/bin/'))||'/lib' AS directory FROM processes WHERE path LIKE '%/bin/%' AND path LIKE '%python%' UNION SELECT SUBSTR(cmdline,0,INSTR(cmdline,'/bin/'))||'/lib' AS directory FROM processes WHERE cmdline LIKE '%python%' AND cmdline LIKE '%/bin/%' AND path LIKE '%python%' UNION SELECT cwd||'/lib' AS directory FROM processes WHERE path LIKE '%python%'));", + "purpose": "Informational", + "tags": [ + "compliance", + "hunting" + ], + "contributors": [ + { + "name": "nabilschear", + "handle": "nabilschear", + "avatarUrl": "https://placekitten.com/200/200", + "htmlUrl": "https://github.com/nabilschear" + } + ], + "kind": "query", + "slug": "discover-python-packages-from-running-python-interpreters", + "resolution": "N/A", + "requiresMdm": false + }, + { + "name": "Identify the default mail, http and ftp applications", + "platforms": "macOS", + "platform": "darwin", + "description": "Lists the currently enabled applications configured to handle mailto, http and ftp schemes.", + "query": "SELECT * FROM app_schemes WHERE (scheme='mailto' OR scheme='http' OR scheme='ftp') AND enabled='1';", + "purpose": "Informational", + "tags": [ + "compliance", + "hunting" + ], + "contributors": [ + { + "name": "brunerd", + "handle": "brunerd", + "avatarUrl": "https://placekitten.com/200/200", + "htmlUrl": "https://github.com/brunerd" + } + ], + "kind": "query", + "slug": "identify-the-default-mail-http-and-ftp-applications", + "resolution": "N/A", + "requiresMdm": false + }, + { + "name": "Firewall enabled, domain profile (Windows)", + "query": "SELECT 1 FROM registry WHERE path LIKE 'HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\WindowsFirewall\\DomainProfile\\EnableFirewall' AND CAST(data as integer) = 1;", + "description": "Checks if a Group Policy configures the computer to enable the domain profile for Windows Firewall. The domain profile applies to networks where the host system can authenticate to a domain controller. Some auditors requires that this setting is configured by a Group Policy.", + "resolution": "Contact your IT administrator to ensure your computer is receiving a Group Policy that enables the domain profile for Windows Firewall.", + "platforms": "Windows", + "tags": [ + "compliance", + "cis", + "cis9.1.1" + ], + "platform": "windows", + "contributors": [ + { + "name": "defensivedepth", + "handle": "defensivedepth", + "avatarUrl": "https://placekitten.com/200/200", + "htmlUrl": "https://github.com/defensivedepth" + } + ], + "kind": "policy", + "slug": "firewall-enabled-domain-profile-windows", + "requiresMdm": false + }, + { + "name": "Firewall enabled, private profile (Windows)", + "query": "SELECT 1 FROM registry WHERE path LIKE 'HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\WindowsFirewall\\PrivateProfile\\EnableFirewall' AND CAST(data as integer) = 1;", + "description": "Checks if a Group Policy configures the computer to enable the private profile for Windows Firewall. The private profile applies to networks where the host system is connected to a private or home network. Some auditors requires that this setting is configured by a Group Policy.", + "resolution": "Contact your IT administrator to ensure your computer is receiving a Group Policy that enables the private profile for Windows Firewall.", + "platforms": "Windows", + "tags": [ + "compliance", + "cis", + "cis9.2.1" + ], + "platform": "windows", + "contributors": [ + { + "name": "defensivedepth", + "handle": "defensivedepth", + "avatarUrl": "https://placekitten.com/200/200", + "htmlUrl": "https://github.com/defensivedepth" + } + ], + "kind": "policy", + "slug": "firewall-enabled-private-profile-windows", + "requiresMdm": false + }, + { + "name": "Firewall enabled, public profile (Windows)", + "query": "SELECT 1 FROM registry WHERE path LIKE 'HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\WindowsFirewall\\PublicProfile\\EnableFirewall' AND CAST(data as integer) = 1;", + "description": "Checks if a Group Policy configures the computer to enable the public profile for Windows Firewall. The public profile applies to networks where the host system is connected to public networks such as Wi-Fi hotspots at coffee shops and airports. Some auditors requires that this setting is configured by a Group Policy.", + "resolution": "Contact your IT administrator to ensure your computer is receiving a Group Policy that enables the public profile for Windows Firewall.", + "platforms": "Windows", + "tags": [ + "compliance", + "cis", + "cis9.3.1" + ], + "platform": "windows", + "contributors": [ + { + "name": "defensivedepth", + "handle": "defensivedepth", + "avatarUrl": "https://placekitten.com/200/200", + "htmlUrl": "https://github.com/defensivedepth" + } + ], + "kind": "policy", + "slug": "firewall-enabled-public-profile-windows", + "requiresMdm": false + }, + { + "name": "SMBv1 client driver disabled (Windows)", + "query": "SELECT 1 FROM windows_optional_features WHERE name = 'SMB1Protocol-Client' AND state != 1;", + "description": "Checks that the SMBv1 client is disabled.", + "resolution": "Contact your IT administrator to discuss disabling SMBv1 on your system.", + "platforms": "Windows", + "tags": [ + "compliance", + "cis", + "cis18.3.2", + "built-in" + ], + "platform": "windows", + "contributors": [ + { + "name": "defensivedepth", + "handle": "defensivedepth", + "avatarUrl": "https://placekitten.com/200/200", + "htmlUrl": "https://github.com/defensivedepth" + } + ], + "kind": "policy", + "slug": "sm-bv-1-client-driver-disabled-windows", + "requiresMdm": false + }, + { + "name": "SMBv1 server disabled (Windows)", + "query": "SELECT 1 FROM windows_optional_features WHERE name = 'SMB1Protocol-Server' AND state != 1", + "description": "Checks that the SMBv1 server is disabled.", + "resolution": "Contact your IT administrator to discuss disabling SMBv1 on your system.", + "platforms": "Windows", + "tags": [ + "compliance", + "cis", + "cis18.3.3", + "built-in" + ], + "platform": "windows", + "contributors": [ + { + "name": "defensivedepth", + "handle": "defensivedepth", + "avatarUrl": "https://placekitten.com/200/200", + "htmlUrl": "https://github.com/defensivedepth" + } + ], + "kind": "policy", + "slug": "sm-bv-1-server-disabled-windows", + "requiresMdm": false + }, + { + "name": "Link-Local Multicast Name Resolution (LLMNR) disabled (Windows)", + "query": "SELECT 1 FROM registry WHERE path LIKE 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\DNSClient\\EnableMulticast' AND CAST(data as integer) = 0;", + "description": "Checks if a Group Policy configures the computer to disable LLMNR. Disabling LLMNR can prevent malicious actors from gaining access to the computer's credentials. Some auditors require that this setting is configured by a Group Policy.", + "resolution": "Contact your IT administrator to ensure your computer is receiving a Group Policy that disables LLMNR on your system.", + "platforms": "Windows", + "tags": [ + "compliance", + "cis", + "cis18.5.4.2" + ], + "platform": "windows", + "contributors": [ + { + "name": "defensivedepth", + "handle": "defensivedepth", + "avatarUrl": "https://placekitten.com/200/200", + "htmlUrl": "https://github.com/defensivedepth" + } + ], + "kind": "policy", + "slug": "link-local-multicast-name-resolution-llmnr-disabled-windows", + "requiresMdm": false + }, + { + "name": "Automatic updates enabled (Windows)", + "query": "SELECT 1 FROM registry WHERE path LIKE 'HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\WindowsUpdate\\AU\\NoAutoUpdate' AND CAST(data as integer) = 0;", + "description": "Checks if a Group Policy configures the computer to enable Automatic Updates. When enabled, the computer downloads and installs security and other important updates automatically. Some auditors require that this setting is configured by a Group Policy.", + "resolution": "Contact your IT administrator to ensure your computer is receiving a Group policy that enables Automatic Updates.", + "platforms": "Windows", + "tags": [ + "compliance", + "cis", + "cis18.9.108.2.1" + ], + "platform": "windows", + "contributors": [ + { + "name": "defensivedepth", + "handle": "defensivedepth", + "avatarUrl": "https://placekitten.com/200/200", + "htmlUrl": "https://github.com/defensivedepth" + } + ], + "kind": "policy", + "slug": "automatic-updates-enabled-windows", + "requiresMdm": false + }, + { + "name": "Identify Apple development secrets (macOS)", + "query": "SELECT * FROM keychain_items WHERE label LIKE '%ABCDEFG%';", + "description": "Identifies certificates associated with Apple development signing and notarization. Replace ABCDEFG with your company's identifier.", + "resolution": "Ensure your official Apple builds, signing and notarization happen on a centralized system, and remove these certificates from workstations.", + "tags": [ + "compliance", + "inventory", + "built-in" + ], + "platform": "darwin", + "contributors": [ + { + "name": "GuillaumeRoss", + "handle": "GuillaumeRoss", + "avatarUrl": "https://placekitten.com/200/200", + "htmlUrl": "https://github.com/GuillaumeRoss" + } + ], + "kind": "policy", + "slug": "identify-apple-development-secrets-mac-os", + "requiresMdm": false + }, + { + "name": "Geolocate via ipapi.co", + "platform": "darwin, linux, windows", + "description": "Geolocate a host using the [ipapi.co](https://ipapi.co) in an emergency. Requires the curl table. [Learn more](https://fleetdm.com/guides/locate-assets-with-osquery).", + "query": "SELECT JSON_EXTRACT(result, '$.ip') AS ip, JSON_EXTRACT(result, '$.city') AS city, JSON_EXTRACT(result, '$.region') AS region, JSON_EXTRACT(result, '$.country') AS country, JSON_EXTRACT(result, '$.latitude') AS latitude, JSON_EXTRACT(result, '$.longitude') AS longitude FROM curl WHERE url = 'http://ipapi.co/json';", + "purpose": "inventory", + "tags": [ + "inventory" + ], + "contributors": [ + { + "name": "zwass", + "handle": "zwass", + "avatarUrl": "https://placekitten.com/200/200", + "htmlUrl": "https://github.com/zwass" + } + ], + "kind": "query", + "slug": "geolocate-via-ipapi-co", + "resolution": "N/A", + "requiresMdm": false + }, + { + "name": "Get Crowdstrike Falcon network content filter status", + "platform": "darwin", + "description": "Get the status of the Crowdstrike Falcon network content filter (as in \"System Settings\" > \"Network > \"Filters\").", + "query": "/* Load up the plist */ WITH extensions_plist AS (SELECT *, rowid FROM plist WHERE path = '/Library/Preferences/com.apple.networkextension.plist') /* Find the first \"Enabled\" key after the key indicating the crowdstrike app */ SELECT value AS enabled FROM extensions_plist WHERE subkey = 'Enabled' AND rowid > (SELECT rowid FROM extensions_plist WHERE value = 'com.crowdstrike.falcon.App') LIMIT 1;", + "purpose": "Informational", + "tags": [ + "crowdstrike", + "plist", + "network", + "content filter" + ], + "contributors": [ + { + "name": "zwass", + "handle": "zwass", + "avatarUrl": "https://placekitten.com/200/200", + "htmlUrl": "https://github.com/zwass" + } + ], + "kind": "query", + "slug": "get-crowdstrike-falcon-network-content-filter-status", + "resolution": "N/A", + "requiresMdm": false + }, + { + "name": "Get a list of Visual Studio Code extensions", + "platform": "darwin, linux, windows", + "description": "Get a list of installed VS Code extensions (requires osquery > 5.11.0).", + "query": "SELECT u.username, vs.* FROM users u CROSS JOIN vscode_extensions vs USING (uid);\n", + "purpose": "Informational", + "tags": [ + "inventory" + ], + "contributors": [ + { + "name": "lucasmrod", + "handle": "lucasmrod", + "avatarUrl": "https://placekitten.com/200/200", + "htmlUrl": "https://github.com/lucasmrod" + }, + { + "name": "sharon-fdm", + "handle": "sharon-fdm", + "avatarUrl": "https://placekitten.com/200/200", + "htmlUrl": "https://github.com/sharon-fdm" + }, + { + "name": "zwass", + "handle": "zwass", + "avatarUrl": "https://placekitten.com/200/200", + "htmlUrl": "https://github.com/zwass" + } + ], + "kind": "query", + "slug": "get-a-list-of-visual-studio-code-extensions", + "resolution": "N/A", + "requiresMdm": false + }, + { + "name": "List osquery table names", + "platform": "darwin, linux, windows", + "description": "List all table names in the schema of the currently installed version of osquery", + "query": "SELECT DISTINCT name FROM osquery_registry;", + "purpose": "Informational", + "tags": [ + "fleet", + "osquery", + "table", + "schema" + ], + "contributors": [ + { + "name": "nonpunctual", + "handle": "nonpunctual", + "avatarUrl": "https://placekitten.com/200/200", + "htmlUrl": "https://github.com/nonpunctual" + } + ], + "kind": "query", + "slug": "list-osquery-table-names", + "resolution": "N/A", + "requiresMdm": false + } + ], + "queryLibraryYmlRepoPath": "docs/01-Using-Fleet/standard-query-library/standard-query-library.yml", + "pricingTable": [ + { + "industryName": "Managed cloud", + "description": "Have Fleet host it for you (currently only available for customers with 700+ hosts. PS. Wish we could host for you? We're working on it! Please let us know if you know of a good partner. In the meantime, join fleetdm.com/support and we're happy to help you deploy Fleet yourself.)", + "pricingTableCategories": [ + "Deployment" + ], + "productCategories": [ + "Endpoint operations", + "Device management", + "Vulnerability management" + ], + "tier": "Premium", + "jamfProHasFeature": "yes", + "jamfProtectHasFeature": "yes", + "name": "Managed cloud" + }, + { + "industryName": "Self-hosted", + "friendlyName": "Host it yourself", + "description": "Deploy Fleet anywhere and host it yourself, even in air-gapped environments except where technologically impossible.", + "pricingTableCategories": [ + "Deployment" + ], + "documentationUrl": "https://fleetdm.com/docs/deploy/introduction", + "productCategories": [ + "Endpoint operations", + "Device management", + "Vulnerability management" + ], + "tier": "Free", + "jamfProHasFeature": "yes", + "jamfProtectHasFeature": "no", + "buzzwords": [ + "Self-hosted" + ], + "name": "Self-hosted" + }, + { + "industryName": "Multi-tenancy", + "description": "For managed service providers to use a single instance of Fleet for multiple customers.", + "documentationUrl": "https://github.com/fleetdm/fleet/issues/9956", + "productCategories": [ + "Device management" + ], + "pricingTableCategories": [ + "Deployment" + ], + "usualDepartment": "IT", + "buzzwords": [ + "OEM", + "Private label", + "House brand", + "Clear label", + "Multi-tenancy" + ], + "tier": "Premium", + "name": "Multi-tenancy" + }, + { + "industryName": "Deployment tools", + "description": "Pre-built Terraform modules and Helm charts to help you get up and running.", + "documentationUrl": "https://fleetdm.com/docs/deploy/introduction", + "usualDepartment": "IT", + "tier": "Free", + "jamfProHasFeature": "no", + "jamfProtectHasFeature": "no", + "productCategories": [ + "Endpoint operations" + ], + "pricingTableCategories": [ + "Deployment" + ], + "name": "Deployment tools" + }, + { + "industryName": "Private update registry", + "friendlyName": "Update agents from a secret URL", + "description": "Load agent code from a secret URL that you manage.", + "documentationUrl": "https://fleetdm.com/docs/using-fleet/update-agents", + "tier": "Premium", + "jamfProHasFeature": "no", + "jamfProtectHasFeature": "no", + "productCategories": [ + "Endpoint operations" + ], + "pricingTableCategories": [ + "Configuration" + ], + "usualDepartment": "Security", + "name": "Private update registry" + }, + { + "industryName": "Control agent versions", + "description": "Manage agents remotely by setting different versions per-baseline.", + "documentationUrl": "https://fleetdm.com/docs/configuration/agent-configuration#configure-fleetd-update-channels", + "tier": "Premium", + "jamfProHasFeature": "no", + "jamfProtectHasFeature": "no", + "productCategories": [ + "Endpoint operations" + ], + "pricingTableCategories": [ + "Configuration" + ], + "usualDepartment": "IT", + "waysToUse": [ + { + "description": "Supply-chain Levels for Software Artifacts (SLSA) attestations for the fleetd binary artifacts and server container image to enable verification that the binaries are built and uploaded using GitHub Actions from the Fleet repository at a particular commit SHA coming soon (2024-12-31)." + }, + { + "moreInfoUrl": "https://github.com/fleetdm/fleet/issues/20219" + } + ], + "name": "Control agent versions" + }, + { + "industryName": "Command line tool (CLI)", + "friendlyName": "fleetctl", + "documentationUrl": "https://fleetdm.com/docs/using-fleet/fleetctl-cli", + "productCategories": [ + "Endpoint operations", + "Device management" + ], + "pricingTableCategories": [ + "Configuration" + ], + "usualDepartment": "IT", + "tier": "Free", + "jamfProHasFeature": "yes", + "jamfProtectHasFeature": "yes", + "name": "Command line tool (CLI)" + }, + { + "industryName": "GitOps", + "friendlyName": "Manage endpoints in git", + "documentationUrl": "https://github.com/fleetdm/fleet-gitops", + "description": "Fork the best practices GitHub repo and use the included GitHub Actions to quickly automate Fleet console and configuration workflow management.", + "productCategories": [ + "Endpoint operations", + "Device management", + "Vulnerability management" + ], + "pricingTableCategories": [ + "Configuration" + ], + "usualDepartment": "IT", + "tier": "Free", + "jamfProHasFeature": "yes", + "jamfProtectHasFeature": "yes", + "demos": { + "description": "A top savings and investment company wanted workflows and automation so that one bad actor can't brick their fleet. This way, they have to make a pull request first.", + "quote": "I don't want one bad actor to brick my fleet. I want them to make a pull request first.", + "moreInfoUrl": "https://docs.google.com/document/d/1hAQL6P--Tt3syq1MTRONAxhQA_2Vjt3oOJJt_O4xbiE/edit?disco=AAABAVnYvns&usp_dm=true#heading=h.7en766pueek4" + }, + "name": "GitOps" + }, + { + "industryName": "Two-factor authentication", + "moreInfoUrl": "https://github.com/fleetdm/fleet/issues/5478", + "productCategories": [ + "Endpoint operations", + "Device management", + "Vulnerability management" + ], + "pricingTableCategories": [ + "Configuration" + ], + "usualDepartment": "IT", + "tier": "Free", + "jamfProHasFeature": "yes", + "jamfProtectHasFeature": "yes", + "waysToUse": [ + { + "description": "Enforce two-factor authentication when logging in to Fleet for added security." + } + ], + "comingSoonOn": "2024-12-31", + "name": "Two-factor authentication", + "comingSoon": true + }, + { + "industryName": "Role-based access control", + "documentationUrl": "https://fleetdm.com/docs/using-fleet/manage-access#manage-access", + "productCategories": [ + "Endpoint operations", + "Device management", + "Vulnerability management" + ], + "pricingTableCategories": [ + "Configuration" + ], + "usualDepartment": "IT", + "tier": "Premium", + "jamfProHasFeature": "yes", + "jamfProtectHasFeature": "yes", + "name": "Role-based access control" + }, + { + "industryName": "Audit logging", + "description": "Log all activity, including queries, scripts, access, etc.", + "documentationUrl": "https://fleetdm.com/docs/rest-api/rest-api#list-activities", + "productCategories": [ + "Endpoint operations", + "Device management" + ], + "pricingTableCategories": [ + "Configuration" + ], + "tier": "Premium", + "jamfProHasFeature": "yes", + "jamfProtectHasFeature": "yes", + "usualDepartment": "Security", + "waysToUse": [ + { + "description": "Export activity of Fleet admins to your SIEM or data lake" + } + ], + "name": "Audit logging" + }, + { + "industryName": "Scope transparency", + "description": "Let end users see the source code for exactly how they are being monitored, and set clear expectations about what is and isn’t acceptable use of work computers.", + "tier": "Free", + "documentationUrl": "https://fleetdm.com/transparency", + "productCategories": [ + "Endpoint operations" + ], + "pricingTableCategories": [ + "Configuration" + ], + "name": "Scope transparency" + }, + { + "industryName": "Cross-platform MDM support", + "description": "macOS, Windows, and Linux.", + "documentationUrl": "https://fleetdm.com/announcements/fleet-introduces-windows-mdm", + "tier": "Premium", + "jamfProHasFeature": "appleOnly", + "jamfProtectHasFeature": "no", + "usualDepartment": "IT", + "productCategories": [ + "Device management" + ], + "pricingTableCategories": [ + "Devices" + ], + "name": "Cross-platform MDM support" + }, + { + "industryName": "MDM migration", + "description": "Easily move your devices from your current MDM solution to Fleet.", + "tier": "Premium", + "jamfProHasFeature": "yes", + "jamfProtectHasFeature": "no", + "documentationUrl": "https://fleetdm.com/docs/using-fleet/mdm-migration-guide", + "usualDepartment": "IT", + "productCategories": [ + "Device management" + ], + "pricingTableCategories": [ + "Devices" + ], + "name": "MDM migration" + }, + { + "industryName": "Zero-touch setup", + "description": "Zero-touch setup for macOS, iOS/iPadOS, and Windows.", + "documentationUrl": "https://fleetdm.com/docs/using-fleet/mdm-macos-setup-experience", + "tier": "Premium", + "jamfProHasFeature": "appleOnly", + "jamfProtectHasFeature": "no", + "usualDepartment": "IT", + "productCategories": [ + "Device management" + ], + "pricingTableCategories": [ + "Devices" + ], + "waysToUse": [ + { + "description": "Ship a macOS, iOS, or iPadOS device to the end user's home and have them automatically enroll to Fleet during out-of-the-box setup." + }, + { + "description": "Ship a Windows workstation to the end user's home and have them automatically enroll to Fleet during out-of-the-box setup." + }, + { + "description": "Customize the out-of-the-box setup experience for your end users." + }, + { + "description": "Install a bootstrap package to run custom scripts during the setup experience. Store the bootstrap package outside the Fleet database coming soon (2024-09-15)", + "moreInfoUrl": "https://github.com/fleetdm/fleet/issues/19037" + }, + { + "description": "Require end users to authenticate with your identity provider (IdP) and agree to an end user license agreement (EULA) before they can use their new workstation" + } + ], + "name": "Zero-touch setup" + }, + { + "industryName": "Bring your own device (BYOD) enrollment", + "description": "BYOD enrollment for macOS, iOS/iPadOS (coming soon), Windows, and Android (coming soon) devices.", + "documentationUrl": "https://fleetdm.com/guides/sysadmin-diaries-device-enrollment#byod-enrollment", + "tier": "Free", + "jamfProHasFeature": "yes", + "jamfProtectHasFeature": "no", + "usualDepartment": "IT", + "productCategories": [ + "Device management" + ], + "pricingTableCategories": [ + "Devices" + ], + "waysToUse": [ + { + "description": "Support ACME as a protocol for MDM certificate generation. Coming soon (2024-12-31)", + "moreInfoUrl": "https://github.com/fleetdm/fleet/issues/15611" + } + ], + "name": "Bring your own device (BYOD) enrollment" + }, + { + "industryName": "User account sync", + "description": "Sync user accounts via Okta, AD, or any IDP.", + "documentationUrl": "https://fleetdm.com/docs/using-fleet/mdm-macos-setup-experience", + "productCategories": [ + "Endpoint operations", + "Device management", + "Vulnerability management" + ], + "pricingTableCategories": [ + "Devices" + ], + "usualDepartment": "IT", + "tier": "Premium", + "jamfProHasFeature": "yes", + "jamfProtectHasFeature": "yes", + "waysToUse": [ + { + "description": "Automatically set admin access to Fleet based on your IDP" + } + ], + "name": "User account sync" + }, + { + "industryName": "Human-endpoint mapping", + "friendlyName": "See who logs in on every computer", + "description": "Identify who logs in to any system, including login history and current sessions. Look up any host by the email address of the person using it.", + "documentationUrl": "https://fleetdm.com/docs/rest-api/rest-api#get-hosts-google-chrome-profiles", + "screenshotSrc": null, + "tier": "Free", + "jamfProHasFeature": "yes", + "jamfProtectHasFeature": "yes", + "productCategories": [ + "Endpoint operations" + ], + "pricingTableCategories": [ + "Devices" + ], + "usualDepartment": "IT", + "buzzwords": [ + "Device users", + "human-to-device mapping" + ], + "dri": "mikermcneil", + "demos": [ + { + "description": "Security engineers at a top gaming company wanted to get demographics off their macOS, Windows, and Linux machines about who the user is and who's logged in.", + "moreInfoUrl": "https://docs.google.com/document/d/1qFYtMoKh3zyERLhbErJOEOo2me6Bc7KOOkjKn482Sqc/edit" + }, + { + "description": "Data engineers at a top biotech corporation needed to know who is logged into their devices.", + "quote": "So we don't know exactly what's going on after we deploy the device, we know that they are compliant with the security because we are running these stuff, but we don't know certainly who is running, who is logging in the device?", + "moreInfoUrl": "https://docs.google.com/document/d/17MNI5ykzlFjdVmQ8SPMrT1oR_hY_vkYAJx31F7l7Pv8/edit#heading=h.7en766pueek4" + } + ], + "waysToUse": [ + { + "description": "Look up computer by ActiveDirectory account" + }, + { + "description": "Find device by Google Chrome user" + }, + { + "description": "Identify who logs in to any system, including login history and current sessions." + }, + { + "description": "Look up any host by the email address of the person using it." + }, + { + "description": "Check user login history", + "moreInfoUrl": "https://www.lepide.com/how-to/audit-who-logged-into-a-computer-and-when.html#:~:text=To%20find%20out%20the%20details,logs%20in%20%E2%80%9CWindows%20Logs%E2%80%9D." + }, + { + "description": "See currently logged in users", + "moreInfoUrl": "https://www.top-password.com/blog/see-currently-logged-in-users-in-windows/" + }, + { + "description": "Get demographics off of our machines about who the user is and who's logged in", + "moreInfoUrl": "https://docs.google.com/document/d/1qFYtMoKh3zyERLhbErJOEOo2me6Bc7KOOkjKn482Sqc/edit" + }, + { + "description": "See what servers someone is logged-in on", + "moreInfoUrl": "https://community.spiceworks.com/topic/138171-is-there-a-way-to-see-what-servers-someone-is-logged-in-on" + } + ], + "name": "Human-endpoint mapping" + }, + { + "industryName": "Device inventory", + "description": "Includes a list of all devices and all hardware and software attributes for each device.", + "documentationUrl": "https://fleetdm.com/docs/using-fleet/understanding-host-vitals", + "moreInfoUrl": "https://github.com/fleetdm/fleet/issues/14415", + "tier": "Free", + "jamfProHasFeature": "yes", + "jamfProtectHasFeature": "yes", + "usualDepartment": "IT", + "productCategories": [ + "Endpoint operations", + "Device management", + "Vulnerability management" + ], + "pricingTableCategories": [ + "Devices" + ], + "waysToUse": [ + { + "description": "Implement software inventory recommendations from the SANS 20 / CIS 18.", + "moreInfoUrl": "https://docs.google.com/document/d/1E6EQMMqrsRc6Z3YsR6Q33OaF9eAa8zLNaz4K2YzFdyo/edit#heading=h.7en766pueek4" + }, + { + "description": "View a list of all hardware attributes of a device.", + "moreInfoUrl": "https://fleetdm.com/tables/system_info" + }, + { + "description": "View a list of all software and their versions installed on all your hosts.", + "moreInfoUrl": "https://fleetdm.com/docs/get-started/anatomy#software-library" + }, + { + "description": "View a list of software rolled up by title.", + "moreInfoUrl": "https://github.com/fleetdm/fleet/issues/14674" + }, + { + "description": "Implement hardware and infrastructure inventory recommendations from the SANS 20 / CIS 18.", + "moreInfoUrl": "https://docs.google.com/document/d/1E6EQMMqrsRc6Z3YsR6Q33OaF9eAa8zLNaz4K2YzFdyo/edit#heading=h.7en766pueek4" + } + ], + "name": "Device inventory" + }, + { + "industryName": "Search inventory", + "description": "Search devices by IP, serial, hostname, and UUID.", + "documentationUrl": "https://fleetdm.com/docs/using-fleet/learn-how-to-use-fleet#how-to-ask-questions-about-your-device", + "productCategories": [ + "Endpoint operations", + "Device management" + ], + "pricingTableCategories": [ + "Devices" + ], + "usualDepartment": "IT", + "tier": "Free", + "jamfProHasFeature": "yes", + "jamfProtectHasFeature": "yes", + "name": "Search inventory" + }, + { + "industryName": "Targeted device scoping", + "description": "Organize devices with Teams and Labels.", + "documentationUrl": "https://fleetdm.com/guides/managing-labels-in-fleet", + "tier": "Premium", + "jamfProHasFeature": "yes", + "jamfProtectHasFeature": "yes", + "usualDepartment": "IT", + "productCategories": [ + "Device management" + ], + "pricingTableCategories": [ + "Devices" + ], + "name": "Targeted device scoping" + }, + { + "industryName": "Enforce disk encryption", + "description": "Encrypt system drives on macOS and Windows computers, manage escrowed encryption keys, and report on disk encryption status (FileVault, BitLocker).", + "documentationUrl": "https://fleetdm.com/docs/using-fleet/mdm-disk-encryption", + "friendlyName": "Ensure hard disks are encrypted", + "productCategories": [ + "Device management" + ], + "pricingTableCategories": [ + "Devices" + ], + "usualDepartment": "Security", + "tier": "Premium", + "jamfProHasFeature": "appleOnly", + "jamfProtectHasFeature": "no", + "waysToUse": [ + { + "description": "Report on disk encryption status" + }, + { + "description": "Encrypt hard disks on macOS with FileVault" + }, + { + "description": "Escrow FileVault keys on macOS" + }, + { + "description": "Encrypt hard disks on Windows with BitLocker." + } + ], + "name": "Enforce disk encryption" + }, + { + "industryName": "Enforce operating system (OS) updates", + "description": "Keep operating systems up to date for macOS, iOS/iPadOS, Windows, and Android (coming soon) devices.", + "documentationUrl": "https://fleetdm.com/docs/using-fleet/mdm-macos-updates", + "tier": "Premium", + "jamfProHasFeature": "yes", + "jamfProtectHasFeature": "no", + "usualDepartment": "IT", + "productCategories": [ + "Device management", + "Vulnerability management" + ], + "pricingTableCategories": [ + "Devices" + ], + "waysToUse": [ + { + "description": "Enforce macOS updates via Nudge." + }, + { + "description": "Progressively enhance from Nudge to DDM-based OS updates.", + "moreInfoUrl": "https://github.com/fleetdm/fleet/issues/17295" + }, + { + "description": "Automatically update Windows after the end user reaches a deadline." + } + ], + "name": "Enforce operating system (OS) updates" + }, + { + "industryName": "Enforce OS settings", + "description": "MDM support for macOS, iOS/iPadOS, Windows, and Android (coming soon) devices. Management support for Linux.", + "documentationUrl": "https://fleetdm.com/docs/using-fleet/mdm-custom-os-settings", + "usualDepartment": "IT", + "tier": "Free", + "jamfProHasFeature": "yes", + "jamfProtectHasFeature": "no", + "waysToUse": [ + { + "description": "Deploy configuration profiles on macOS and Windows and verify that they're installed.", + "moreInfoUrl": "https://github.com/fleetdm/fleet/issues/13281" + }, + { + "description": "Deploy custom declaration (DDM) profiles on macOS.", + "moreInfoUrl": "https://github.com/fleetdm/fleet/issues/14550" + }, + { + "description": "Target profiles to specific hosts using SQL.", + "moreInfoUrl": "https://github.com/fleetdm/fleet/issues/17315" + }, + { + "description": "Automatically re-deploy configuration profiles when they're not installed." + }, + { + "description": "Deploy configuration profiles on iOS/iPadOS." + }, + { + "description": "See a list of the upcoming MDM commands and scripts in unified queue. Coming soon (2024-07-15)", + "moreInfoUrl": "https://github.com/fleetdm/fleet/issues/15920" + }, + { + "description": "Send MDM commands to tell end users to update their OS.", + "moreInfoUrl": "https://developer.apple.com/documentation/devicemanagement/schedule_an_os_update" + }, + { + "description": "Configure agent options remotely, over the air. (Includes osquery config, and osquery startup flags.).", + "moreInfoUrl": "https://fleetdm.com/docs/configuration/agent-configuration" + } + ], + "productCategories": [ + "Device management" + ], + "pricingTableCategories": [ + "Devices" + ], + "name": "Enforce OS settings" + }, + { + "industryName": "Declarative Device Management (DDM) support for configuration profiles", + "description": "Full support for Apple DDM configuration profiles.", + "documentationUrl": "https://fleetdm.com/docs/using-fleet/mdm-os-updates#macos", + "tier": "Free", + "jamfProHasFeature": "cloudOnly", + "jamfProtectHasFeature": "cloudOnly", + "usualDepartment": "IT", + "productCategories": [ + "Device management" + ], + "pricingTableCategories": [ + "Devices" + ], + "name": "Declarative Device Management (DDM) support for configuration profiles" + }, + { + "industryName": "Device health", + "friendlyName": "Automate device health", + "description": "Automatically report system health issues using webhooks or integrations, to notify or quarantine outdated or misconfigured systems that are at higher risk of vulnerabilities or theft.", + "documentationUrl": "https://fleetdm.com/docs/using-fleet/automations#automations", + "screenshotSrc": null, + "tier": "Free", + "jamfProHasFeature": "no", + "jamfProtectHasFeature": "yes", + "productCategories": [ + "Device management", + "Endpoint operations" + ], + "pricingTableCategories": [ + "Devices" + ], + "usualDepartment": "IT", + "dri": "mikermcneil", + "demos": [ + { + "description": "A large tech company used the Fleet API to block access to corporate apps for outdated operating system versions with certain \"celebrity\" vulnerabilities.", + "quote": null, + "moreInfoUrl": "https://play.goconsensus.com/s4e490bb9" + } + ], + "buzzwords": [ + "Device trust", + "Zero trust", + "Layer 7 device trust", + "Beyondcorp", + "Device attestation", + "Conditional access" + ], + "waysToUse": [ + { + "description": "Automatically manage the behavior of endpoints that are at higher risk of vulnerabilities or data loss due to their configuration or patch level." + }, + { + "description": "Block access to corporate apps for users whose devices with unexpected settings, like disabled screen lock, passwords that are too short, unencrypted hard disks, and more" + }, + { + "description": "Quickly implement conditional access based on device health using osquery and a simple device health REST API.", + "moreInfoUrl": "https://github.com/fleetdm/fleet/issues/14920" + }, + { + "description": "Control and restore access to applications by automatically restricting access when devices do not meet particular security requirements.", + "moreInfoUrl": "https://duo.com/docs/device-health" + }, + { + "description": "Control which laptop and desktop devices can access corporate apps and websites based on what vulnerabilities it might be exposed to based on how the device is configured, whether it's up to date, its MDM enrollment status, and anything else you can build in a SQL query of Fleet's 300 data tables representing information about enrolled host systems. Coming soon (2024-09-30).", + "moreInfoUrl": "https://github.com/fleetdm/fleet/issues/16236" + }, + { + "description": "Implement multivariate device trust", + "moreInfoUrl": "https://youtu.be/5sFOdpMLXQg?feature=shared&t=1445" + }, + { + "description": "Implement your own version of Google's zero trust model (BeyondCorp)", + "moreInfoUrl": "https://cloud.google.com/beyondcorp" + }, + { + "description": "Get endpoint data into ServiceNow and make your asset management teams happy", + "moreInfoUrl": "https://www.youtube.com/watch?v=aVbU6_9JoM0" + }, + { + "description": "Monitor devices that don't meet your organization's custom security policies" + }, + { + "description": "Quickly report your posture and vulnerabilities to auditors, showing remediation status and timing." + }, + { + "description": "Keep your devices compliant with customizable baselines, or use common benchmarks like CIS." + }, + { + "description": "Discover security misconfigurations that increase attack surface." + }, + { + "description": "Detect suspcious services listening on open ports that should not be connected to the internet, such as Remote Desktop Protocol (RDP).", + "moreInfoUrl": "https://paraflare.com/articles/vulnerability-management-via-osquery/#:~:text=WHERE%20statename%20%3D%20%E2%80%9CEnabled%E2%80%9D-,OPEN%20SOCKETS,-Lastly%2C%20an%20examination" + }, + { + "description": "Discover potentially unwanted programs that increase attack surface.", + "moreInfoUrl": "https://paraflare.com/articles/vulnerability-management-via-osquery/" + }, + { + "description": "Detect self-signed certifcates" + }, + { + "description": "Detect legacy protocols with safer versions", + "moreInfoUrl": "https://paraflare.com/articles/vulnerability-management-via-osquery/#:~:text=WHERE%20self_signed%20%3D%201%3B-,LEGACY%20PROTOCOLS,-This%20section%20will" + }, + { + "description": "Detect exposed secrets on the command line", + "moreInfoUrl": "https://paraflare.com/articles/vulnerability-management-via-osquery/#:~:text=WDigest%20is%20disabled.-,EXPOSED%20SECRETS,-Often%2C%20to%20create" + }, + { + "description": "Detect and surface issues with devices" + }, + { + "description": "Share device health reports" + }, + { + "description": "Align endpoints with your security policies", + "moreInfoUrl": "https://www.axonius.com/use-cases/cmdb-reconciliation" + }, + { + "description": "Maximize security control coverage" + }, + { + "description": "Uncover gaps in security policies, configurations, and hygiene", + "moreInfoUrl": "https://www.axonius.com/use-cases/coverage-gap-discovery" + }, + { + "description": "Automatically apply security policies to protect endpoints against attack." + }, + { + "description": "Surface security issues in all your deployed endpoints even data centers and factories." + }, + { + "description": "Continually validate controls and policies" + }, + { + "description": "Block access to corporate apps if your end users are failing a specific number of critical policies.", + "moreInfoUrl": "https://github.com/fleetdm/fleet/issues/16206" + } + ], + "name": "Device health" + }, + { + "industryName": "Application deployment", + "description": "Deploy applications and security agents on macOS, iOS/iPadOS, Linux, Windows, and Android (coming soon) devices. Additionally, install macOS and iOS/iPadOS apps from the App Store (coming soon).", + "tier": "Premium", + "jamfProHasFeature": "appleOnly", + "jamfProtectHasFeature": "no", + "isExperimental": "yes", + "usualDepartment": "IT", + "productCategories": [ + "Device management" + ], + "pricingTableCategories": [ + "Devices" + ], + "moreInfoUrl": "https://github.com/fleetdm/fleet/issues/18867", + "waysToUse": [ + { + "description": "Easily configure and install SentinelOne, Crowdstrike, and other security tools.", + "moreInfoUrl": "https://github.com/fleetdm/fleet/issues/14921" + }, + { + "description": "Offer licenses for Photoshop and other App Sore apps for your end users." + }, + { + "description": "iOS/iPadOS coming soon (2024-08-11).", + "moreInfoUrl": "https://github.com/fleetdm/fleet/issues/14899" + } + ], + "name": "Application deployment" + }, + { + "industryName": "Self-service application installation", + "description": "Allow end users to install apps through Fleet Desktop for macOS, Linux, and Windows.", + "tier": "Premium", + "jamfProHasFeature": "yes", + "jamfProtectHasFeature": "no", + "isExperimental": "yes", + "usualDepartment": "IT", + "productCategories": [ + "Device management" + ], + "pricingTableCategories": [ + "Devices" + ], + "moreInfoUrl": "https://github.com/fleetdm/fleet/issues/17587", + "waysToUse": [ + { + "description": "Build scripts for Ansible deployments", + "moreInfoUrl": "https://www.youtube.com/watch?v=qflUfLQCnwY&list=PL6-FgoWOoK2YUR4ADGsxTSL3onb-GzCnM&index=4" + }, + { + "description": "Deploy osquery to macOS via Jamf", + "moreInfoUrl": "https://www.youtube.com/watch?v=qflUfLQCnwY&list=PL6-FgoWOoK2YUR4ADGsxTSL3onb-GzCnM&index=4" + }, + { + "description": "Package osquery for Linux servers via Workspace One and Windows servers via group policies", + "moreInfoUrl": "https://www.youtube.com/watch?v=qflUfLQCnwY&list=PL6-FgoWOoK2YUR4ADGsxTSL3onb-GzCnM&index=4" + } + ], + "name": "Self-service application installation" + }, + { + "industryName": "Application management", + "description": "Manage updates and patches for apps on macOS, Windows, and Linux computers.", + "tier": "Premium", + "jamfProHasFeature": "appleOnly", + "jamfProtectHasFeature": "no", + "comingSoonOn": "2024-08-25", + "usualDepartment": "IT", + "productCategories": [ + "Device management" + ], + "pricingTableCategories": [ + "Devices" + ], + "moreInfoUrl": "https://github.com/fleetdm/fleet/issues/18865", + "name": "Application management", + "comingSoon": true + }, + { + "industryName": "Script execution", + "friendlyName": "Safely execute custom scripts (macOS, Windows, and Linux)", + "description": "Deploy and execute custom scripts using a REST API, and manage your library of scripts in the UI or a git repo.", + "documentationUrl": "https://fleetdm.com/docs/using-fleet/scripts", + "tier": "Free", + "jamfProHasFeature": "yes", + "jamfProtectHasFeature": "no", + "dri": "mikermcneil", + "usualDepartment": "IT", + "productCategories": [ + "Endpoint operations", + "Device management" + ], + "pricingTableCategories": [ + "Devices" + ], + "demos": [ + { + "description": "A large tech company used scripts to fix issues with their security and compliance agents on workstations." + } + ], + "buzzwords": [ + "Remote script execution", + "PowerShell scripts", + "Bash scripts" + ], + "waysToUse": [ + { + "description": "Execute custom macOS scripts (client platform engineering)", + "moreInfoUrl": "https://www.hexnode.com/blogs/executing-custom-mac-scripts-via-mdm/" + }, + { + "description": "Execute custom Windows scripts (client platform engineering)", + "moreInfoUrl": "https://www.hexnode.com/blogs/executing-custom-windows-scripts-via-mdm/" + }, + { + "description": "Use PowerShell scripts on Windows devices", + "moreInfoUrl": "https://learn.microsoft.com/en-us/mem/intune/apps/intune-management-extension" + }, + { + "description": "Run PowerShell scripts for remediations (security engineering)", + "moreInfoUrl": "https://learn.microsoft.com/en-us/mem/intune/fundamentals/powershell-scripts-remediation" + }, + { + "description": "Download and run remediation scripts", + "moreInfoUrl": "https://help.zscaler.com/deception/downloading-and-running-remediation-script" + }, + { + "description": "Deploy custom scripts", + "moreInfoUrl": "https://scalefusion.com/custom-scripting" + }, + { + "description": "Run scripts on online/offline hosts", + "moreInfoUrl": "https://github.com/fleetdm/fleet/issues/15529" + }, + { + "description": "Only maintainers and admins can run scripts.", + "moreInfoUrl": "https://github.com/fleetdm/fleet/issues/19055" + } + ], + "name": "Script execution" + }, + { + "industryName": "Device remediation", + "description": "Use Fleet Policies to detect the device state. Automate remediations for issues or allow users to remediate problems in self-service.", + "documentationUrl": "https://fleetdm.com/securing/end-user-self-remediation", + "tier": "Premium", + "jamfProHasFeature": "yes", + "jamfProtectHasFeature": "no", + "usualDepartment": "IT", + "productCategories": [ + "Device management", + "Vulnerability management" + ], + "pricingTableCategories": [ + "Devices" + ], + "waysToUse": [ + { + "description": "Send software vulnerability emails to end users to encourage self-remediation." + } + ], + "name": "Device remediation" + }, + { + "industryName": "Maintenance windows", + "friendlyName": "Fleet in your calendar", + "description": "Create a calendar event to auto-remediate failing policies when your end users are free.", + "documentationUrl": "https://github.com/fleetdm/fleet/issues/17230", + "tier": "Premium", + "jamfProHasFeature": "no", + "jamfProtectHasFeature": "no", + "isExperimental": "yes", + "productCategories": [ + "Device management", + "Endpoint operations" + ], + "pricingTableCategories": [ + "Devices" + ], + "name": "Maintenance windows" + }, + { + "industryName": "Send lock and wipe commands", + "description": "Secure your devices with remote lock and wipe commands if lost or stolen.", + "documentationUrl": "https://fleetdm.com/docs/using-fleet/mdm-commands", + "waysToUse": [ + { + "description": "High-level remote lock for macOS, Windows, and Linux.", + "moreInfoUrl": "https://github.com/fleetdm/fleet/issues/9949" + }, + { + "description": "High-level remote wipe for macOS, Windows, and Linux.", + "moreInfoUrl": "https://github.com/fleetdm/fleet/issues/9951" + } + ], + "tier": "Premium", + "jamfProHasFeature": "appleOnly", + "jamfProtectHasFeature": "no", + "usualDepartment": "IT", + "productCategories": [ + "Device management" + ], + "pricingTableCategories": [ + "Devices" + ], + "name": "Send lock and wipe commands" + }, + { + "industryName": "Queries", + "description": "Scheduled or saved queries with optional AI-generated descriptions, and, live queries for real-time data collection.", + "documentationUrl": "https://fleetdm.com/docs/using-fleet/fleet-ui", + "tier": "Free", + "jamfProHasFeature": "no", + "jamfProtectHasFeature": "no", + "productCategories": [ + "Endpoint operations", + "Device management", + "Vulnerability management" + ], + "pricingTableCategories": [ + "Devices" + ], + "usualDepartment": "IT", + "demos": [ + { + "description": "A top financial services company needed to set up rolling deployments for changes to osquery agents running on their production servers.", + "moreInfoUrl": "https://docs.google.com/document/d/1UdzZMyBLbs9SUXfSXN2x2wZQCbjZZUetYlNWH6-ryqQ/edit#heading=h.2lh6ehprpvl6" + } + ], + "name": "Queries" + }, + { + "industryName": "Query performance monitoring", + "documentationUrl": "https://fleetdm.com/docs/get-started/faq#will-fleet-slow-down-my-servers-what-about-my-employee-laptops", + "tier": "Free", + "jamfProHasFeature": "no", + "jamfProtectHasFeature": "no", + "productCategories": [ + "Endpoint operations" + ], + "pricingTableCategories": [ + "Devices" + ], + "demos": [ + { + "description": "A top software company needed to understand the performance impact of osquery queries before running them on all of their production Linux servers.", + "moreInfoUrl": "https://docs.google.com/document/d/1WzMc8GJCRU6tTBb6gLsSTzFysqtXO8CtP2sXMPKgYSk/edit?disco=AAAA6xuVxGg" + }, + { + "description": "A top software company wanted to detect regressions when adding/changing queries and fail builds if queries were too expensive.", + "moreInfoUrl": "https://docs.google.com/document/d/1WzMc8GJCRU6tTBb6gLsSTzFysqtXO8CtP2sXMPKgYSk/edit?disco=AAAA6xuVxGg" + } + ], + "waysToUse": [ + { + "description": "Monitor performance for automated queries." + }, + { + "description": "Monitor performance for live queries.", + "moreInfoUrl": "https://github.com/fleetdm/fleet/issues/467" + } + ], + "name": "Query performance monitoring" + }, + { + "industryName": "Custom tables", + "friendlyName": "Add tables to osquery with extensions", + "description": "Create your own osquery tables, extensions & automatic table configurations or disable existing tables to maintain PII or privacy.", + "documentationUrl": "https://fleetdm.com/docs/configuration/agent-configuration#extensions", + "moreInfoUrl": "https://github.com/trailofbits/osquery-extensions/blob/3df2b72ad78549e25344c79dbc9bce6808c4d92a/README.md#extensions", + "tier": "Premium", + "jamfProHasFeature": "no", + "jamfProtectHasFeature": "no", + "productCategories": [ + "Endpoint operations" + ], + "pricingTableCategories": [ + "Devices" + ], + "usualDepartment": "IT", + "name": "Custom tables" + }, + { + "industryName": "Remote settings", + "description": "Configure agent options remotely, over the air. (Includes osquery config, and osquery startup flags.).", + "documentationUrl": "https://fleetdm.com/docs/configuration/agent-configuration", + "moreInfoUrl": "https://github.com/fleetdm/fleet/issues/13825", + "tier": "Free", + "jamfProHasFeature": "no", + "jamfProtectHasFeature": "no", + "productCategories": [ + "Endpoint operations" + ], + "pricingTableCategories": [ + "Devices" + ], + "usualDepartment": "Security", + "name": "Remote settings" + }, + { + "industryName": "Teams", + "friendlyName": "Manage different endpoints differently", + "documentationUrl": "https://fleetdm.com/docs/using-fleet/segment-hosts", + "description": "Teams are what Fleet calls baselines, kinda like security groups or images. Every host in a team matches the same baseline, with minor exceptions. This makes it faster and less risky to maintain computers, leading to faster timelines and fewer tickets.", + "tier": "Premium", + "jamfProHasFeature": "yes", + "jamfProtectHasFeature": "yes", + "productCategories": [ + "Endpoint operations", + "Device management", + "Vulnerability management" + ], + "pricingTableCategories": [ + "Devices" + ], + "waysToUse": [ + { + "description": "Automate remediation for different applications with different security postures (cloud security engineering)" + } + ], + "name": "Teams" + }, + { + "industryName": "Labels", + "documentationUrl": "https://fleetdm.com/docs/rest-api/rest-api#add-label", + "friendlyName": "Filter hosts using SQL", + "productCategories": [ + "Endpoint operations", + "Device management", + "Vulnerability management" + ], + "pricingTableCategories": [ + "Devices" + ], + "usualDepartment": "IT", + "tier": "Free", + "jamfProHasFeature": "no", + "jamfProtectHasFeature": "no", + "name": "Labels" + }, + { + "industryName": "Policies", + "description": "A policy is a specific “yes” or “no” query. Use policies to manage security compliance in your organization.", + "documentationUrl": "https://fleetdm.com/docs/using-fleet/fleet-ui", + "tier": "Free", + "jamfProHasFeature": "yes", + "jamfProtectHasFeature": "no", + "productCategories": [ + "Endpoint operations", + "Device management", + "Vulnerability management" + ], + "pricingTableCategories": [ + "Devices" + ], + "usualDepartment": "IT", + "demos": [ + { + "description": "A top financial services company needed to set up rolling deployments for changes to osquery agents running on their production servers.", + "moreInfoUrl": "https://docs.google.com/document/d/1UdzZMyBLbs9SUXfSXN2x2wZQCbjZZUetYlNWH6-ryqQ/edit#heading=h.2lh6ehprpvl6" + } + ], + "waysToUse": [ + { + "description": "Trigger a workflow based on a failing policy", + "moreInfoUrl": "https://fleetdm.com/docs/using-fleet/automations#policy-automations" + } + ], + "name": "Policies" + }, + { + "industryName": "File integrity monitoring (FIM)", + "friendlyName": "Detect changes to critical files", + "description": "Specify files to monitor for changes or deletions, then log those events to your SIEM or data lake, including key information such as filepath and checksum.", + "documentationUrl": "https://fleetdm.com/guides/osquery-evented-tables-overview#file-integrity-monitoring-fim", + "screenshotSrc": "", + "tier": "Free", + "jamfProHasFeature": "no", + "jamfProtectHasFeature": "yes", + "usualDepartment": "Security", + "productCategories": [ + "Endpoint operations" + ], + "pricingTableCategories": [ + "Devices" + ], + "dri": "mikermcneil", + "demos": [ + { + "description": "A top gaming company needed a way to monitor critical files on production Debian servers.", + "quote": "The FIM features are kind of a top priority.", + "moreInfoUrl": "https://docs.google.com/document/d/1pE9U-1E4YDiy6h4TorszrTOiFAauFiORikSUFUqW7Pk/edit" + } + ], + "buzzwords": [ + "File integrity monitoring (FIM)", + "Host-based intrusion detection system (HIDS)", + "Anomaly detection" + ], + "waysToUse": [ + { + "description": "Monitor critical files on production Debian servers" + }, + { + "description": "Detect anomalous filesystem activity", + "moreInfoUrl": "https://www.beyondtrust.com/resources/glossary/file-integrity-monitoring" + }, + { + "description": "Detect unintended changes", + "moreInfoUrl": "https://www.beyondtrust.com/resources/glossary/file-integrity-monitoring" + }, + { + "description": "Verify update status and monitor system health", + "moreInfoUrl": "https://www.beyondtrust.com/resources/glossary/file-integrity-monitoring" + }, + { + "description": "Meet compliance mandates", + "moreInfoUrl": "https://www.beyondtrust.com/resources/glossary/file-integrity-monitoring" + } + ], + "name": "File integrity monitoring (FIM)" + }, + { + "industryName": "File carving", + "description": "Write the results of complex queries to AWS S3.", + "documentationUrl": "https://fleetdm.com/docs/configuration/fleet-server-configuration#s-3-file-carving-backend", + "tier": "Free", + "jamfProHasFeature": "no", + "jamfProtectHasFeature": "no", + "usualDepartment": "Security", + "productCategories": [ + "Endpoint operations" + ], + "pricingTableCategories": [ + "Devices" + ], + "name": "File carving" + }, + { + "industryName": "Binary authorization", + "friendlyName": "Restrict what programs can run, and what files running programs can access.", + "description": null, + "documentationUrl": null, + "tier": "Free", + "jamfProHasFeature": "yes", + "jamfProtectHasFeature": "yes", + "dri": "mikermcneil", + "usualDepartment": "Security", + "productCategories": [ + "Endpoint operations" + ], + "pricingTableCategories": [ + "Devices" + ], + "comingSoonOn": "2025-06-30", + "buzzwords": [ + "Mandatory Access Control (MAC)", + "Privilege confinement", + "Binary authorization", + "Santa", + "Binary allowlisting", + "Binary whitelisting" + ], + "demos": [ + { + "description": null, + "moreInfoUrl": null + } + ], + "waysToUse": [ + { + "description": "Confine programs to a limited set of resources." + }, + { + "description": "Report on AppArmor events", + "moreInfoUrl": "https://fleetdm.com/tables/apparmor_events" + }, + { + "description": "Confine programs according to a set of rules that specify which files a program can access.", + "moreInfoUrl": "https://wiki.debian.org/AppArmor" + }, + { + "description": "Proactively protect the system against both known and unknown vulnerabilities." + } + ], + "name": "Binary authorization", + "comingSoon": true + }, + { + "industryName": "Reporting", + "description": "Generate reports based on searchable device attributes", + "documentationUrl": "https://fleetdm.com/docs/rest-api/rest-api#get-query-report", + "productCategories": [ + "Endpoint operations", + "Device management", + "Vulnerability management" + ], + "pricingTableCategories": [ + "Devices" + ], + "usualDepartment": "IT", + "tier": "Premium", + "jamfProHasFeature": "yes", + "jamfProtectHasFeature": "yes", + "name": "Reporting" + }, + { + "industryName": "Incident response", + "friendlyName": "Interrogate hosts in real time", + "description": "Live query, triage, figuring out scope of impact, remediate using scripts or MDM commands (e.g. remote wipe), and quarantine or reimage using other systems and APIs (e.g. remove from network, decommission container)", + "documentationUrl": "https://fleetdm.com/securing/how-osquery-can-help-cyber-responders#simplifying-endpoint-visibility-with-osquery-and-fleet", + "tier": "Free", + "jamfProHasFeature": "yes", + "jamfProtectHasFeature": "yes", + "dri": "mikermcneil", + "usualDepartment": "Security", + "productCategories": [ + "Endpoint operations" + ], + "pricingTableCategories": [ + "Devices" + ], + "buzzwords": [], + "demos": [ + { + "description": null, + "moreInfoUrl": null + } + ], + "waysToUse": [ + { + "description": null + } + ], + "name": "Incident response" + }, + { + "industryName": "Custom logging", + "description": "Flexible, configurable logging destinations (AWS Kinesis, Lambda, GCP, Kafka).", + "documentationUrl": "https://fleetdm.com/docs/using-fleet/log-destinations#log-destinations", + "tier": "Free", + "jamfProHasFeature": "yes", + "jamfProtectHasFeature": "yes", + "usualDepartment": "Security", + "productCategories": [ + "Endpoint operations" + ], + "pricingTableCategories": [ + "Devices" + ], + "buzzwords": [ + "Real-time export", + "Ship logs" + ], + "name": "Custom logging" + }, + { + "industryName": "Malware detection (YARA/custom IoCs)", + "friendlyName": "Scan files for zero days and malware signatures", + "description": "Use YARA signatures to report and trigger automations when zero days, malware, or unexpected files are detected on a host.", + "documentationUrl": "https://fleetdm.com/tables/yara", + "tier": "Free", + "jamfProHasFeature": "no", + "jamfProtectHasFeature": "yes", + "dri": "mikermcneil", + "usualDepartment": "Security", + "productCategories": [ + "Endpoint operations", + "Vulnerability management" + ], + "pricingTableCategories": [ + "Devices" + ], + "buzzwords": [ + "YARA scanning", + "Cyber Threat Intelligence (CTI)", + "Indicators of compromise (IOCs)", + "Antivirus (AV)", + "Endpoint protection platform (EPP)", + "Endpoint detection and response (EDR)", + "Malware detection", + "Signature-based malware detection", + "Malware scanning", + "Malware analysis", + "Anomaly detection" + ], + "demos": [ + { + "description": "A top media company used Fleet policies with YARA rules to continuously scan host filesystems for malware signatures provided by internal and external threat intelligence teams.", + "moreInfoUrl": null + } + ], + "waysToUse": [ + { + "description": "Detect suspicious bytecode in JAR files" + }, + { + "description": "Identify suspicious patterns in binaries using YARA signatures" + }, + { + "description": "Continuously scan host filesystems for malware signatures.", + "moreInfoUrl": "https://yara.readthedocs.io/en/stable/writingrules.html" + }, + { + "description": "Monitor for relevent filesystem changes (YARA events) and on-demand YARA signature scans.", + "moreInfoUrl": "https://osquery.readthedocs.io/en/stable/deployment/yara/" + }, + { + "description": "Use YARA for malware detection", + "moreInfoUrl": "https://www.cisa.gov/sites/default/files/FactSheets/NCCIC%20ICS_FactSheet_YARA_S508C.pdf" + }, + { + "description": "Scan for indicators of compromise (IoC) for common malware.", + "moreInfoUrl": "https://github.com/Cisco-Talos/osquery_queries" + }, + { + "description": "Analyze malware using data from osquery, such as endpoint certificates and launch daemons (launchd).", + "moreInfoUrl": "https://medium.com/hackernoon/malware-analysis-using-osquery-part-3-9dc805b67d16" + }, + { + "description": "Detect persistent malware (e.g. WireLurker) in endpoints by generating simple policies that search for their static indicators of compromise (IoCs).", + "moreInfoUrl": "https://osquery.readthedocs.io/en/stable/deployment/anomaly-detection/" + }, + { + "description": "Run a targeted YARA scan with osquery as a lightweight approach to scan anything on a host filesystem, with minimal performance impact. Unlike full system YARA scans which consume considerable CPU resources, an equivalent YARA scan targeted in Fleet can be 8x cheaper (CPU %).", + "moreInfoUrl": "https://www.tripwire.com/state-of-security/signature-socket-based-malware-detection-osquery-yara" + } + ], + "name": "Malware detection (YARA/custom IoCs)" + }, + { + "industryName": "Continuous scanning", + "friendlyName": "Detect vulnerable software", + "documentationUrl": "https://fleetdm.com/vulnerability-management", + "productCategories": [ + "Vulnerability management" + ], + "pricingTableCategories": [ + "Devices" + ], + "usualDepartment": "Security", + "tier": "Free", + "jamfProHasFeature": "no", + "jamfProtectHasFeature": "yes", + "buzzwords": [ + "Stakeholder-specific vulnerability categorization (SSVC)", + "Continuous scanning", + "Continuous vulnerability scanning", + "Risk-based vulnerability management" + ], + "waysToUse": [ + { + "description": "Use an SSVC decision tree model to prioritize relevant vulnerabilities into four possible decisions: \"Track\", \"Track*\", \"Attend\", and \"Act\".", + "moreInfoUrl": "https://www.cisa.gov/stakeholder-specific-vulnerability-categorization-ssvc" + }, + { + "description": "Balint Fazakas: I think what offers a better use of CVSS if you break it down to vectors. You may find that a DoS (High Availability Impact) not as relevant for you, or equally a vulnerability requiring user interaction has a very low likelihood of exploit in another scenario. If you want to fine tune your SSVC, it worth using the vectors you care about instead of the score itself. But ultimately you would want to read the description of the vulnerabilities to determine the risk they are posing to your environment. SSVC can assist you to do that in a more efficient way.", + "moreInfoUrl": "https://www.linkedin.com/feed/update/urn:li:activity:7162614115025215488?commentUrn=urn%3Ali%3Acomment%3A%28activity%3A7162614115025215488%2C7162681703918985216%29&dashCommentUrn=urn%3Ali%3Afsd_comment%3A%287162681703918985216%2Curn%3Ali%3Aactivity%3A7162614115025215488%29" + }, + { + "description": "Melissa Bischoping: CVSS is never enough to contextualize the urgency or risk of a vulnerability in your environment. It is one metric that needs to be part of an overall risk calculus, but a CVSS of 6 can be a greater threat in your organization than a CVSS of 10 based on the environmental variables and mitigations. Only two 10.0s here, but several lower severity that are resulting in high-impact breaches. Getting a handle on managing that public facing infrastructure and being able to rapidly patch the apps and devices with such exposure needs to be part of an overall plan, but must go hand in hand with mitigations and layers of a zero trust design. CVSS isn’t the sole determination of risk, it’s only one partial piece of data to understand the impact of a vulnerability if exploited.", + "moreInfoUrl": "https://www.linkedin.com/feed/update/urn:li:activity:7162614115025215488?commentUrn=urn%3Ali%3Acomment%3A%28activity%3A7162614115025215488%2C7162629486344159232%29&dashCommentUrn=urn%3Ali%3Afsd_comment%3A%287162629486344159232%2Curn%3Ali%3Aactivity%3A7162614115025215488%29" + } + ], + "demos": [ + { + "description": "A top gaming company wanted to replace Qualys for infrastructure vulnerability detection.", + "quote": "So we have some stuff today through Qualys, but it's just not very good. A lot of it is...it's just really noisy. I'm trying to find out specifically, actually what packages are installed where, and then the ability to live query them.", + "moreInfoUrl": "https://docs.google.com/document/d/1JWtRsW1FUTCkZEESJj9-CvXjLXK4219by-C6vvVVyBY/edit" + }, + { + "description": "One of the world's largest, top transportation companies uses Fleet's API to email relevant, actually-installed vulnerabilities to responsible teams so they can fix them.", + "moreInfoUrl": "https://docs.google.com/document/d/1oeCmT077o_5nxzLhnxs7kcg_4Qn1Pn1F5zx10nQOAp8/edit" + } + ], + "name": "Continuous scanning" + }, + { + "industryName": "Vulnerability scores", + "friendlyName": "EPSS and CVSS", + "documentationUrl": "https://fleetdm.com/vulnerability-management", + "tier": "Premium", + "jamfProHasFeature": "no", + "jamfProtectHasFeature": "yes", + "usualDepartment": "Security", + "productCategories": [ + "Vulnerability management" + ], + "pricingTableCategories": [ + "Devices" + ], + "buzzwords": [ + "Risk scores", + "Cyber risk", + "Risk reduction", + "Security operations effectiveness", + "Peer benchmarking", + "Security program effectiveness", + "Risk-based exposure scoring", + "Threat context", + "Cyber exposure", + "Exposure quantification and benchmarking", + "Optimize security investments", + "Vulnerability assessment" + ], + "demos": [ + { + "description": "Fleet enables a more modern, threat-first prioritization approach to vulnerability management.", + "quote": "In reality, across our inventory of devices, it's unlikely to ever be exploited. I'd rather do that legwork on my team and then go and ask and prioritize work on these infrastructure teams that are already busy with things that could or could not be vulnerable. Being able to be more exact allows us to go to these teams less, which saves everybody time.", + "moreInfoUrl": "https://www.youtube.com/watch?v=G5Ry_vQPaYc&t=131s" + } + ], + "waysToUse": [ + { + "description": "By leveraging EPSS (Exploit Prediction Scoring System), security professionals gain insight on the true risk behind rated CVEs." + }, + { + "description": "An Introduction to EPSS, The Exploit Prediction Scoring System" + }, + { + "moreInfoUrl": "https://www.youtube.com/watch?v=vw1RlZCSRcQ" + }, + { + "description": "By extracting metadata from the National Vulnerability Database (NVD) and Microsoft Security Response Center (MSRC), we can determine which version of software is no longer vulnerable." + } + ], + "name": "Vulnerability scores" + }, + { + "industryName": "CISA KEVs", + "description": "Known exploited vulnerabilities", + "documentationUrl": "https://fleetdm.com/vulnerability-management", + "tier": "Premium", + "jamfProHasFeature": "no", + "jamfProtectHasFeature": "yes", + "usualDepartment": "Security", + "productCategories": [ + "Vulnerability management" + ], + "pricingTableCategories": [ + "Devices" + ], + "demos": [ + { + "description": null, + "moreInfoUrl": null + } + ], + "waysToUse": [ + { + "description": "Help teams work on vulnerabilities that have actually been exploited (CISA KEVs) or have a high probability of being exploited (EPSS), or whatever is important in your environment." + }, + { + "description": "Use CISA KEVs for vulnerability management" + }, + { + "moreInfoUrl": "https://www.youtube.com/watch?v=Z3mw2oxssYk" + } + ], + "name": "CISA KEVs" + }, + { + "industryName": "Asset discovery", + "documentationUrl": null, + "tier": "Premium", + "comingSoonOn": "2025-06-30", + "usualDepartment": "Security", + "productCategories": [ + "Vulnerability management" + ], + "pricingTableCategories": [ + "Devices" + ], + "name": "Asset discovery", + "comingSoon": true + }, + { + "industryName": "REST API", + "friendlyName": "Automate any feature", + "description": null, + "productCategories": [ + "Endpoint operations", + "Device management", + "Vulnerability management" + ], + "pricingTableCategories": [ + "Integrations" + ], + "usualDepartment": "IT", + "documentationUrl": "https://fleetdm.com/docs/rest-api/rest-api", + "screenshotSrc": null, + "tier": "Free", + "jamfProHasFeature": "yes", + "jamfProtectHasFeature": "yes", + "dri": "rachaelshaw", + "name": "REST API" + }, + { + "industryName": "Webhooks", + "friendlyName": "Automations", + "documentationUrl": "https://fleetdm.com/docs/using-fleet/automations#automations", + "productCategories": [ + "Endpoint operations", + "Device management", + "Vulnerability management" + ], + "pricingTableCategories": [ + "Integrations" + ], + "usualDepartment": "IT", + "tier": "Free", + "jamfProHasFeature": "yes", + "jamfProtectHasFeature": "yes", + "name": "Webhooks" + }, + { + "industryName": "Grant API-only access", + "description": "Grant API-only access to accounts exclusively for automation.", + "documentationUrl": "https://fleetdm.com/docs/using-fleet/fleetctl-cli#using-fleetctl-with-an-api-only-user", + "productCategories": [ + "Endpoint operations" + ], + "pricingTableCategories": [ + "Integrations" + ], + "tier": "Free", + "jamfProHasFeature": "yes", + "jamfProtectHasFeature": "yes", + "name": "Grant API-only access" + }, + { + "industryName": "Single sign on", + "description": "SSO, SAML", + "documentationUrl": "https://fleetdm.com/docs/deploy/single-sign-on-sso#single-sign-on-sso", + "productCategories": [ + "Endpoint operations", + "Device management", + "Vulnerability management" + ], + "pricingTableCategories": [ + "Integrations" + ], + "usualDepartment": "IT", + "tier": "Free", + "jamfProHasFeature": "yes", + "jamfProtectHasFeature": "yes", + "name": "Single sign on" + }, + { + "industryName": "Automatic user creation (JIT, SCIM)", + "description": "Auto-create and manipulate Fleet users from Okta, etc with just-in-time (JIT) provisioning.", + "documentationUrl": "https://fleetdm.com/docs/deploy/single-sign-on-sso#just-in-time-jit-user-provisioning", + "productCategories": [ + "Endpoint operations", + "Device management", + "Vulnerability management" + ], + "pricingTableCategories": [ + "Integrations" + ], + "usualDepartment": "IT", + "tier": "Premium", + "jamfProHasFeature": "yes", + "jamfProtectHasFeature": "no", + "name": "Automatic user creation (JIT, SCIM)" + }, + { + "industryName": "Third-party automation", + "friendlyName": "Borrow off-the-shelf tactics from the community", + "documentationUrl": "https://fleetdm.com/integrations", + "productCategories": [ + "Endpoint operations", + "Device management", + "Vulnerability management" + ], + "pricingTableCategories": [ + "Integrations" + ], + "usualDepartment": "IT", + "description": "Plug Fleet into other frameworks and tools like Tines, Snowflake, Terraform, Chronicle, Jira, Zendesk, etc", + "moreInfoUrl": "https://fleetdm.com/integrations", + "tier": "Free", + "jamfProHasFeature": "yes", + "jamfProtectHasFeature": "yes", + "waysToUse": [ + { + "description": "(ActiveDirectory) Know who opened your computer and check their device posture before you let them log into anything." + }, + { + "description": "(Ansible) Easily issue MDM commands and standardize data across operating systems." + }, + { + "description": "(AWS) Deploy your own self-managed Fleet in any AWS environment in minutes." + }, + { + "description": "(Azure) Deploy your own self-managed Fleet in the Microsoft Cloud in minutes." + }, + { + "description": "(Chef) Easily issue MDM commands and standardize data across operating systems." + }, + { + "description": "(Elastic) Ingest osquery data and monitor for important changes or events." + }, + { + "description": "(GitHub) Version control using git, enabling collaboration and a GitOps workflow." + }, + { + "description": "(GitLab) Version control using git, enabling collaboration and a GitOps workflow." + }, + { + "description": "(Chronicle) Ingest osquery data and monitor for important changes or events." + }, + { + "description": "(Google Cloud) Deploy your own self-managed Fleet in any GCP environment in minutes." + }, + { + "description": "(Munki) Easily issue MDM commands and standardize data across operating systems." + }, + { + "description": "(Okta) Know who opened your computer and check their device posture before you let them log into anything." + }, + { + "description": "(Snowflake) Ingest osquery data and monitor for important changes or events." + }, + { + "description": "(Splunk) Ingest osquery data and monitor for important changes or events." + }, + { + "description": "(Tines) Build custom workflows that trigger in various situations." + }, + { + "description": "(Webhooks) Configure automations that send webhooks to specific URLs when Fleet detects changes to host, policy, and CVE statuses." + }, + { + "description": "(Zendesk) Automatically create Zendesk tickets in various situations." + }, + { + "description": "(Jira) Automatically create Jira tickets in various situations, including exporting vulnerabilities to Jira and syncing tickets." + } + ], + "buzzwords": [ + "Snowflake", + "Okta", + "Tines", + "Splunk", + "Elastic", + "AWS", + "ActiveDirectory", + "Ansible", + "GitHub", + "GitLab", + "Chronicle", + "Google Cloud", + "Munki", + "Vanta", + "Chef", + "Zendesk", + "Jira" + ], + "name": "Third-party automation" + }, + { + "industryName": "Third-party orchestration", + "friendlyName": "Borrow off-the-shelf tactics from legendary brands", + "documentationUrl": "https://fleetdm.com/integrations", + "description": "Plug Fleet into other frameworks and tools like Puppet, Vanta, etc.", + "productCategories": [ + "Endpoint operations", + "Device management", + "Vulnerability management" + ], + "pricingTableCategories": [ + "Integrations" + ], + "usualDepartment": "IT", + "moreInfoUrl": "https://fleetdm.com/integrations", + "tier": "Premium", + "waysToUse": [ + { + "description": "(Vanta) Trigger a workflow based on a failing policy." + }, + { + "description": "(Puppet) Easily issue MDM commands, standardize data across operating systems, and map macOS+Windows settings to computers with the Puppet module." + }, + { + "description": "(Torq) Build custom workflows that trigger in various situations." + }, + { + "description": "(Custom IdP) Manage access to Fleet single sign-on (SSO) through any IdP (using SAML)." + } + ], + "buzzwords": [ + "Vanta", + "Puppet", + "Custom IdP" + ], + "name": "Third-party orchestration" + }, + { + "industryName": "Munki compatibility + visibility", + "tier": "Premium", + "jamfProHasFeature": "yes", + "jamfProtectHasFeature": "yes", + "usualDepartment": "IT", + "productCategories": [ + "Device management" + ], + "pricingTableCategories": [ + "Integrations" + ], + "name": "Munki compatibility + visibility" + }, + { + "industryName": "Open-source issue tracker (GitHub)", + "documentationUrl": "https://fleetdm.com/support", + "productCategories": [ + "Endpoint operations", + "Device management", + "Vulnerability management" + ], + "pricingTableCategories": [ + "Support" + ], + "tier": "Free", + "jamfProHasFeature": "no", + "jamfProtectHasFeature": "no", + "name": "Open-source issue tracker (GitHub)" + }, + { + "industryName": "Community Slack channel", + "documentationUrl": "https://fleetdm.com/support", + "productCategories": [ + "Endpoint operations", + "Device management", + "Vulnerability management" + ], + "pricingTableCategories": [ + "Support" + ], + "tier": "Free", + "jamfProHasFeature": "yes", + "jamfProtectHasFeature": "yes", + "name": "Community Slack channel" + }, + { + "industryName": "Unlimited email support (confidential)", + "documentationUrl": "https://fleetdm.com/support", + "productCategories": [ + "Endpoint operations", + "Device management", + "Vulnerability management" + ], + "pricingTableCategories": [ + "Support" + ], + "tier": "Premium", + "jamfProHasFeature": "yes", + "jamfProtectHasFeature": "yes", + "name": "Unlimited email support (confidential)" + }, + { + "industryName": "Phone and video call support", + "documentationUrl": "https://fleetdm.com/support", + "productCategories": [ + "Endpoint operations", + "Device management", + "Vulnerability management" + ], + "pricingTableCategories": [ + "Support" + ], + "tier": "Premium", + "jamfProHasFeature": "no", + "jamfProtectHasFeature": "no", + "name": "Phone and video call support" + } + ], + "markdownPages": [ + { + "url": "/docs", + "title": "Readme.md", + "lastModifiedAt": 1726839803427, + "htmlId": "docs--readme--51292620cf", + "docNavCategory": "Uncategorized", + "sectionRelativeRepoPath": "README.md", + "meta": {} + }, + { + "url": "/docs/rest-api/rest-api", + "title": "REST API", + "lastModifiedAt": 1726839804830, + "htmlId": "docs--rest-api--aa8babd202", + "pageOrderInSectionPath": 30, + "docNavCategory": "Uncategorized", + "sectionRelativeRepoPath": "REST API/rest-api.md", + "meta": { + "description": "Documentation for Fleet's REST API. See example requests and responses for each API endpoint." + } + }, + { + "url": "/docs/configuration/agent-configuration", + "title": "Agent configuration", + "lastModifiedAt": 1726839804835, + "htmlId": "docs--agent-configuration--ac988306ab", + "pageOrderInSectionPath": 300, + "docNavCategory": "Uncategorized", + "sectionRelativeRepoPath": "Configuration/agent-configuration.md", + "meta": { + "description": "Learn how to use configuration files and the fleetctl command line tool to configure agent options." + } + }, + { + "url": "/docs/configuration", + "title": "Configuration", + "lastModifiedAt": 1726839804836, + "htmlId": "docs--readme--71f5513034", + "docNavCategory": "Uncategorized", + "sectionRelativeRepoPath": "Configuration/README.md", + "meta": {} + }, + { + "url": "/docs/configuration/fleet-server-configuration", + "title": "Fleet server configuration", + "lastModifiedAt": 1726839804850, + "htmlId": "docs--fleet-server-configu--51d934dc8a", + "pageOrderInSectionPath": 100, + "docNavCategory": "Uncategorized", + "sectionRelativeRepoPath": "Configuration/fleet-server-configuration.md", + "meta": { + "description": "This page includes resources for configuring the Fleet binary, managing osquery configurations, and running with systemd." + } + }, + { + "url": "/docs/configuration/yaml-files", + "title": "YAML files", + "lastModifiedAt": 1726839804856, + "htmlId": "docs--yaml-files--1c08b93d5e", + "pageOrderInSectionPath": 1500, + "docNavCategory": "Uncategorized", + "sectionRelativeRepoPath": "Configuration/yaml-files.md", + "meta": { + "description": "Reference documentation for Fleet's GitOps workflow. See examples and configuration options." + } + }, + { + "url": "/docs/rest-api", + "title": "REST API", + "lastModifiedAt": 1726839804857, + "htmlId": "docs--readme--1c430dc120", + "docNavCategory": "Uncategorized", + "sectionRelativeRepoPath": "REST API/README.md", + "meta": {} + }, + { + "url": "/docs/deploy/reference-architectures", + "title": "Reference architectures", + "lastModifiedAt": 1726839804860, + "htmlId": "docs--reference-architectu--1e6f63e559", + "pageOrderInSectionPath": 400, + "docNavCategory": "Uncategorized", + "sectionRelativeRepoPath": "Deploy/Reference-Architectures.md", + "meta": { + "description": "An opinionated view of running Fleet in a production environment, and configuration strategies to enable high availability." + } + }, + { + "url": "/docs/deploy", + "title": "Deploy", + "lastModifiedAt": 1726839804861, + "htmlId": "docs--readme--926e990cf4", + "docNavCategory": "Uncategorized", + "sectionRelativeRepoPath": "Deploy/README.md", + "meta": { + "description": "An overview of the deployment documentation for Fleet." + } + }, + { + "url": "/docs/deploy/deploy-fleet", + "title": "Deploy Fleet", + "lastModifiedAt": 1726839804863, + "htmlId": "docs--deploy-fleet--82212f6ffe", + "pageOrderInSectionPath": 100, + "docNavCategory": "Uncategorized", + "sectionRelativeRepoPath": "Deploy/deploy-fleet.md", + "meta": { + "description": "Learn how to easily deploy Fleet on Render or AWS with Terraform." + } + }, + { + "url": "/docs/deploy/single-sign-on-sso", + "title": "Single sign-on (SSO)", + "lastModifiedAt": 1726839804865, + "htmlId": "docs--single-sign-on-sso--89a4f43390", + "pageOrderInSectionPath": 200, + "docNavCategory": "Uncategorized", + "sectionRelativeRepoPath": "Deploy/single-sign-on-sso.md", + "meta": { + "description": "Learn how to configure single sign-on (SSO)" + } + }, + { + "url": "/docs/get-started/faq", + "title": "FAQ", + "lastModifiedAt": 1726839804868, + "htmlId": "docs--faq--abab6eff91", + "docNavCategory": "Uncategorized", + "sectionRelativeRepoPath": "Get started/FAQ.md", + "meta": { + "description": "Commonly asked questions and answers about deployment from the Fleet community." + } + }, + { + "url": "/docs/get-started", + "title": "Get started", + "lastModifiedAt": 1726839804869, + "htmlId": "docs--readme--3568e93d97", + "docNavCategory": "Uncategorized", + "sectionRelativeRepoPath": "Get started/README.md", + "meta": {} + }, + { + "url": "/docs/get-started/anatomy", + "title": "Anatomy", + "lastModifiedAt": 1726839804869, + "htmlId": "docs--anatomy--1f83ca9de5", + "pageOrderInSectionPath": 200, + "docNavCategory": "Uncategorized", + "sectionRelativeRepoPath": "Get started/anatomy.md", + "meta": {} + }, + { + "url": "/docs/get-started/why-fleet", + "title": "Why Fleet", + "lastModifiedAt": 1726839804870, + "htmlId": "docs--why-fleet--9ea776ea58", + "pageOrderInSectionPath": 100, + "docNavCategory": "Uncategorized", + "sectionRelativeRepoPath": "Get started/why-fleet.md", + "meta": {} + }, + { + "url": "/docs/deploy/upgrading-fleet", + "title": "Upgrading Fleet", + "lastModifiedAt": 1726839804871, + "htmlId": "docs--upgrading-fleet--a39ae08550", + "pageOrderInSectionPath": 300, + "docNavCategory": "Uncategorized", + "sectionRelativeRepoPath": "Deploy/Upgrading-Fleet.md", + "meta": { + "description": "Learn how to upgrade your Fleet instance to the latest version." + } + }, + { + "url": "/docs/get-started/tutorials-and-guides", + "title": "Tutorials and guides", + "lastModifiedAt": 1726839804872, + "htmlId": "docs--tutorials-and-guides--27a7cc6bcf", + "pageOrderInSectionPath": 300, + "docNavCategory": "Uncategorized", + "sectionRelativeRepoPath": "Get started/tutorials-and-guides.md", + "meta": { + "description": "Links to deployment tutorials and guides for using Fleet." + } + }, + { + "url": "/docs/using-fleet", + "title": "Using Fleet", + "lastModifiedAt": 1726839804873, + "htmlId": "docs--readme--d3ac87c2d1", + "docNavCategory": "Uncategorized", + "sectionRelativeRepoPath": "Using Fleet/README.md", + "meta": {} + }, + { + "url": "/handbook", + "title": "Readme.md", + "lastModifiedAt": 1726839804876, + "htmlId": "handbook--readme--58c6582576", + "sectionRelativeRepoPath": "README.md", + "meta": { + "maintainedBy": "mikermcneil" + }, + "linksForHandbookIndex": [ + { + "headingText": "Introduction", + "hashLink": "/handbook#introduction" + } + ] + }, + { + "url": "/handbook/company", + "title": "🔭 Company", + "lastModifiedAt": 1726839804878, + "htmlId": "handbook--readme--e464663acc", + "sectionRelativeRepoPath": "company/README.md", + "meta": { + "maintainedBy": "mikermcneil" + }, + "linksForHandbookIndex": [ + { + "headingText": "Purpose", + "hashLink": "/handbook/company#purpose" + }, + { + "headingText": "Culture", + "hashLink": "/handbook/company#culture" + }, + { + "headingText": "Open positions", + "hashLink": "/handbook/company#open-positions" + }, + { + "headingText": "Values", + "hashLink": "/handbook/company#values" + }, + { + "headingText": "History", + "hashLink": "/handbook/company#history" + }, + { + "headingText": "Org chart", + "hashLink": "/handbook/company#org-chart" + }, + { + "headingText": "Advisors", + "hashLink": "/handbook/company#advisors" + } + ] + }, + { + "url": "/handbook/company/handbook", + "title": "Handbook", + "lastModifiedAt": 1726839804879, + "htmlId": "handbook--handbook--9ae510ce56", + "sectionRelativeRepoPath": "company/handbook.md", + "meta": { + "maintainedBy": "mike-j-thomas" + }, + "linksForHandbookIndex": [ + { + "headingText": "Contributing to the handbook", + "hashLink": "/handbook/company/handbook#contributing-to-the-handbook" + } + ] + }, + { + "url": "/handbook/company/communications", + "title": "🛰️ Communications", + "lastModifiedAt": 1726839804891, + "htmlId": "handbook--communications--f0d5a4a053", + "sectionRelativeRepoPath": "company/communications.md", + "meta": { + "maintainedBy": "mikermcneil" + }, + "linksForHandbookIndex": [ + { + "headingText": "All hands", + "hashLink": "/handbook/company/communications#all-hands" + }, + { + "headingText": "Strategy", + "hashLink": "/handbook/company/communications#strategy" + }, + { + "headingText": "Directly responsible individuals (DRIs)", + "hashLink": "/handbook/company/communications#directly-responsible-individuals-dr-is" + }, + { + "headingText": "Tech stack admins", + "hashLink": "/handbook/company/communications#tech-stack-admins" + }, + { + "headingText": "Fleetdm.com", + "hashLink": "/handbook/company/communications#fleetdm-com" + }, + { + "headingText": "Marketing programs", + "hashLink": "/handbook/company/communications#marketing-programs" + }, + { + "headingText": "Meetings", + "hashLink": "/handbook/company/communications#meetings" + }, + { + "headingText": "Skip-level 1:1 meetings ", + "hashLink": "/handbook/company/communications#skip-level-1-1-meetings" + }, + { + "headingText": "Zoom", + "hashLink": "/handbook/company/communications#zoom" + }, + { + "headingText": "Levels of confidentiality", + "hashLink": "/handbook/company/communications#levels-of-confidentiality" + }, + { + "headingText": "Google Drive", + "hashLink": "/handbook/company/communications#google-drive" + }, + { + "headingText": "Email relays", + "hashLink": "/handbook/company/communications#email-relays" + }, + { + "headingText": "Slack", + "hashLink": "/handbook/company/communications#slack" + }, + { + "headingText": "GitHub", + "hashLink": "/handbook/company/communications#git-hub" + }, + { + "headingText": "High priority user stories and bugs", + "hashLink": "/handbook/company/communications#high-priority-user-stories-and-bugs" + }, + { + "headingText": "Figma", + "hashLink": "/handbook/company/communications#figma" + }, + { + "headingText": "Spending company money", + "hashLink": "/handbook/company/communications#spending-company-money" + }, + { + "headingText": "Travel", + "hashLink": "/handbook/company/communications#travel" + }, + { + "headingText": "SOC 2", + "hashLink": "/handbook/company/communications#soc-2" + }, + { + "headingText": "Vendor questionnaires ", + "hashLink": "/handbook/company/communications#vendor-questionnaires" + }, + { + "headingText": "Getting a contract signed", + "hashLink": "/handbook/company/communications#getting-a-contract-signed" + }, + { + "headingText": "Getting a contract reviewed", + "hashLink": "/handbook/company/communications#getting-a-contract-reviewed" + }, + { + "headingText": "Trust", + "hashLink": "/handbook/company/communications#trust" + }, + { + "headingText": "Benefits", + "hashLink": "/handbook/company/communications#benefits" + }, + { + "headingText": "Compensation", + "hashLink": "/handbook/company/communications#compensation" + }, + { + "headingText": "Team member onboarding", + "hashLink": "/handbook/company/communications#team-member-onboarding" + }, + { + "headingText": "Performance feedback", + "hashLink": "/handbook/company/communications#performance-feedback" + }, + { + "headingText": "Equipment", + "hashLink": "/handbook/company/communications#equipment" + }, + { + "headingText": "Writing", + "hashLink": "/handbook/company/communications#writing" + }, + { + "headingText": "Writing in Fleet-flavored Markdown", + "hashLink": "/handbook/company/communications#writing-in-fleet-flavored-markdown" + }, + { + "headingText": "Things", + "hashLink": "/handbook/company/communications#things" + }, + { + "headingText": "Commonly used terms", + "hashLink": "/handbook/company/communications#commonly-used-terms" + } + ] + }, + { + "url": "/handbook/company/leadership", + "title": "🛠️ Leadership", + "lastModifiedAt": 1726839804898, + "htmlId": "handbook--leadership--7d8a02ee64", + "sectionRelativeRepoPath": "company/leadership.md", + "meta": { + "maintainedBy": "mikermcneil" + }, + "linksForHandbookIndex": [ + { + "headingText": "CEO flaws", + "hashLink": "/handbook/company/leadership#ceo-flaws" + }, + { + "headingText": "Contact the CEO", + "hashLink": "/handbook/company/leadership#contact-the-ceo" + }, + { + "headingText": "CEO responsibilities", + "hashLink": "/handbook/company/leadership#ceo-responsibilities" + }, + { + "headingText": "Outline of departmental page structure", + "hashLink": "/handbook/company/leadership#outline-of-departmental-page-structure" + }, + { + "headingText": "Key reviews", + "hashLink": "/handbook/company/leadership#key-reviews" + }, + { + "headingText": "Hiring", + "hashLink": "/handbook/company/leadership#hiring" + }, + { + "headingText": "CEO shadow program", + "hashLink": "/handbook/company/leadership#ceo-shadow-program" + }, + { + "headingText": "Tracking hours", + "hashLink": "/handbook/company/leadership#tracking-hours" + }, + { + "headingText": "Communicating departures", + "hashLink": "/handbook/company/leadership#communicating-departures" + }, + { + "headingText": "Changing someone's position", + "hashLink": "/handbook/company/leadership#changing-someone-s-position" + }, + { + "headingText": "Delivering performance feedback", + "hashLink": "/handbook/company/leadership#delivering-performance-feedback" + } + ] + }, + { + "url": "/handbook/company/product-groups", + "title": "🛩️ Product groups", + "lastModifiedAt": 1726839804907, + "htmlId": "handbook--product-groups--44ec471e19", + "sectionRelativeRepoPath": "company/product-groups.md", + "meta": { + "maintainedBy": "lukeheath" + }, + "linksForHandbookIndex": [ + { + "headingText": "Product roadmap", + "hashLink": "/handbook/company/product-groups#product-roadmap" + }, + { + "headingText": "What are product groups?", + "hashLink": "/handbook/company/product-groups#what-are-product-groups" + }, + { + "headingText": "Current product groups", + "hashLink": "/handbook/company/product-groups#current-product-groups" + }, + { + "headingText": "Making changes", + "hashLink": "/handbook/company/product-groups#making-changes" + }, + { + "headingText": "Outages", + "hashLink": "/handbook/company/product-groups#outages" + }, + { + "headingText": "Scaling Fleet", + "hashLink": "/handbook/company/product-groups#scaling-fleet" + }, + { + "headingText": "Load testing", + "hashLink": "/handbook/company/product-groups#load-testing" + }, + { + "headingText": "Version support", + "hashLink": "/handbook/company/product-groups#version-support" + }, + { + "headingText": "Release testing", + "hashLink": "/handbook/company/product-groups#release-testing" + }, + { + "headingText": "Feature fest", + "hashLink": "/handbook/company/product-groups#feature-fest" + }, + { + "headingText": "Quality", + "hashLink": "/handbook/company/product-groups#quality" + }, + { + "headingText": "How to reach the developer on-call", + "hashLink": "/handbook/company/product-groups#how-to-reach-the-developer-on-call" + }, + { + "headingText": "Wireframes", + "hashLink": "/handbook/company/product-groups#wireframes" + }, + { + "headingText": "Meetings", + "hashLink": "/handbook/company/product-groups#meetings" + }, + { + "headingText": "Development best practices", + "hashLink": "/handbook/company/product-groups#development-best-practices" + }, + { + "headingText": "Product design conventions", + "hashLink": "/handbook/company/product-groups#product-design-conventions" + }, + { + "headingText": "Scrum at Fleet", + "hashLink": "/handbook/company/product-groups#scrum-at-fleet" + }, + { + "headingText": "Sprints", + "hashLink": "/handbook/company/product-groups#sprints" + }, + { + "headingText": "Outside contributions", + "hashLink": "/handbook/company/product-groups#outside-contributions" + } + ] + }, + { + "url": "/handbook/company/why-this-way", + "title": "💭 Why this way?", + "lastModifiedAt": 1726839804912, + "htmlId": "handbook--why-this-way--52ff9aa8d3", + "sectionRelativeRepoPath": "company/why-this-way.md", + "meta": { + "maintainedBy": "mikermcneil" + }, + "linksForHandbookIndex": [ + { + "headingText": "Why open source?", + "hashLink": "/handbook/company/why-this-way#why-open-source" + }, + { + "headingText": "Why handbook-first strategy?", + "hashLink": "/handbook/company/why-this-way#why-handbook-first-strategy" + }, + { + "headingText": "Why read documentation?", + "hashLink": "/handbook/company/why-this-way#why-read-documentation" + }, + { + "headingText": "Why the emphasis on training?", + "hashLink": "/handbook/company/why-this-way#why-the-emphasis-on-training" + }, + { + "headingText": "Why direct responsibility?", + "hashLink": "/handbook/company/why-this-way#why-direct-responsibility" + }, + { + "headingText": "Why do we use a wireframe-first approach?", + "hashLink": "/handbook/company/why-this-way#why-do-we-use-a-wireframe-first-approach" + }, + { + "headingText": "Why do we use one repo?", + "hashLink": "/handbook/company/why-this-way#why-do-we-use-one-repo" + }, + { + "headingText": "Why not continuously generate REST API reference docs from javadoc-style code comments?", + "hashLink": "/handbook/company/why-this-way#why-not-continuously-generate-rest-api-reference-docs-from-javadoc-style-code-comments" + }, + { + "headingText": "Why group Slack channels?", + "hashLink": "/handbook/company/why-this-way#why-group-slack-channels" + }, + { + "headingText": "Why make work visible?", + "hashLink": "/handbook/company/why-this-way#why-make-work-visible" + }, + { + "headingText": "Why agile?", + "hashLink": "/handbook/company/why-this-way#why-agile" + }, + { + "headingText": "Why a three-week cadence?", + "hashLink": "/handbook/company/why-this-way#why-a-three-week-cadence" + }, + { + "headingText": "Why spend so much energy responding to every potential production incident?", + "hashLink": "/handbook/company/why-this-way#why-spend-so-much-energy-responding-to-every-potential-production-incident" + }, + { + "headingText": "Why make it obvious when stuff breaks?", + "hashLink": "/handbook/company/why-this-way#why-make-it-obvious-when-stuff-breaks" + }, + { + "headingText": "Why keep issue templates simple?", + "hashLink": "/handbook/company/why-this-way#why-keep-issue-templates-simple" + }, + { + "headingText": "Why spend less?", + "hashLink": "/handbook/company/why-this-way#why-spend-less" + }, + { + "headingText": "Why don't we sell like everyone else?", + "hashLink": "/handbook/company/why-this-way#why-don-t-we-sell-like-everyone-else" + }, + { + "headingText": "Why does Fleet support query packs?", + "hashLink": "/handbook/company/why-this-way#why-does-fleet-support-query-packs" + }, + { + "headingText": "Why does Fleet use sentence case?", + "hashLink": "/handbook/company/why-this-way#why-does-fleet-use-sentence-case" + }, + { + "headingText": "Why not use superlatives?", + "hashLink": "/handbook/company/why-this-way#why-not-use-superlatives" + }, + { + "headingText": "Why does Fleet use \"MDM on/off\" instead of \"MDM enrolled/unenrolled\"?", + "hashLink": "/handbook/company/why-this-way#why-does-fleet-use-mdm-on-off-instead-of-mdm-enrolled-unenrolled" + }, + { + "headingText": "Why not mention the CEO in Slack threads?", + "hashLink": "/handbook/company/why-this-way#why-not-mention-the-ceo-in-slack-threads" + } + ] + }, + { + "url": "/handbook/customer-success", + "title": "🌦️ Customer Success", + "lastModifiedAt": 1726839804915, + "htmlId": "handbook--readme--f00a4291b8", + "sectionRelativeRepoPath": "customer-success/README.md", + "meta": { + "maintainedBy": "zayhanlon" + }, + "linksForHandbookIndex": [ + { + "headingText": "Team", + "hashLink": "/handbook/customer-success#team" + }, + { + "headingText": "Contact us", + "hashLink": "/handbook/customer-success#contact-us" + }, + { + "headingText": "Responsibilities", + "hashLink": "/handbook/customer-success#responsibilities" + }, + { + "headingText": "Rituals", + "hashLink": "/handbook/customer-success#rituals" + } + ] + }, + { + "url": "/handbook/engineering/debugging", + "title": "Debugging", + "lastModifiedAt": 1726839804916, + "htmlId": "handbook--debugging--72906ebdd6", + "sectionRelativeRepoPath": "engineering/Debugging.md", + "meta": { + "maintainedBy": "lukeheath", + "description": "A guide to triaging and diagnosing issues in Fleet." + }, + "linksForHandbookIndex": [ + { + "headingText": "Goals of this guide", + "hashLink": "/handbook/engineering/debugging#goals-of-this-guide" + }, + { + "headingText": "Basic data that is needed", + "hashLink": "/handbook/engineering/debugging#basic-data-that-is-needed" + }, + { + "headingText": "Triaging the issue", + "hashLink": "/handbook/engineering/debugging#triaging-the-issue" + } + ] + }, + { + "url": "/handbook/engineering/load-testing", + "title": "Load testing", + "lastModifiedAt": 1726839804917, + "htmlId": "handbook--load-testing--5fd9ee04e0", + "sectionRelativeRepoPath": "engineering/Load-testing.md", + "meta": { + "maintainedBy": "lukeheath", + "description": "This page outlines the most recent results of a semi-annual load test of the Fleet server." + }, + "linksForHandbookIndex": [ + { + "headingText": "Test parameters", + "hashLink": "/handbook/engineering/load-testing#test-parameters" + }, + { + "headingText": "Results", + "hashLink": "/handbook/engineering/load-testing#results" + }, + { + "headingText": "How we are simulating osquery", + "hashLink": "/handbook/engineering/load-testing#how-we-are-simulating-osquery" + }, + { + "headingText": "Infrastructure setup", + "hashLink": "/handbook/engineering/load-testing#infrastructure-setup" + }, + { + "headingText": "Limitations", + "hashLink": "/handbook/engineering/load-testing#limitations" + } + ] + }, + { + "url": "/handbook/engineering", + "title": "🚀 Engineering", + "lastModifiedAt": 1726839804924, + "htmlId": "handbook--readme--777ccc3e11", + "sectionRelativeRepoPath": "engineering/README.md", + "meta": { + "maintainedBy": "lukeheath" + }, + "linksForHandbookIndex": [ + { + "headingText": "Team", + "hashLink": "/handbook/engineering#team" + }, + { + "headingText": "Contact us", + "hashLink": "/handbook/engineering#contact-us" + }, + { + "headingText": "Responsibilities", + "hashLink": "/handbook/engineering#responsibilities" + }, + { + "headingText": "Rituals", + "hashLink": "/handbook/engineering#rituals" + } + ] + }, + { + "url": "/handbook/engineering/scaling-fleet", + "title": "Scaling Fleet", + "lastModifiedAt": 1726839804925, + "htmlId": "handbook--scaling-fleet--7496895e6e", + "sectionRelativeRepoPath": "engineering/scaling-fleet.md", + "meta": { + "maintainedBy": "lukeheath" + } + }, + { + "url": "/handbook/finance", + "title": "💸 Finance", + "lastModifiedAt": 1726839804931, + "htmlId": "handbook--readme--adb6ad624d", + "sectionRelativeRepoPath": "finance/README.md", + "meta": { + "maintainedBy": "jostableford" + }, + "linksForHandbookIndex": [ + { + "headingText": "Team", + "hashLink": "/handbook/finance#team" + }, + { + "headingText": "Contact us", + "hashLink": "/handbook/finance#contact-us" + }, + { + "headingText": "Responsibilities", + "hashLink": "/handbook/finance#responsibilities" + }, + { + "headingText": "Rituals", + "hashLink": "/handbook/finance#rituals" + } + ] + }, + { + "url": "/handbook/demand", + "title": "🫧 Demand", + "lastModifiedAt": 1726839804935, + "htmlId": "handbook--readme--5f95cdc89d", + "sectionRelativeRepoPath": "demand/README.md", + "meta": { + "maintainedBy": "Drew-P-Drawers" + }, + "linksForHandbookIndex": [ + { + "headingText": "Team", + "hashLink": "/handbook/demand#team" + }, + { + "headingText": "Contact us", + "hashLink": "/handbook/demand#contact-us" + }, + { + "headingText": "Responsibilities", + "hashLink": "/handbook/demand#responsibilities" + }, + { + "headingText": "Rituals", + "hashLink": "/handbook/demand#rituals" + } + ] + }, + { + "url": "/handbook/product-design", + "title": "🦢 Product design", + "lastModifiedAt": 1726839804937, + "htmlId": "handbook--readme--5ce44066f3", + "sectionRelativeRepoPath": "product-design/README.md", + "meta": { + "maintainedBy": "noahtalerman" + }, + "linksForHandbookIndex": [ + { + "headingText": "Team", + "hashLink": "/handbook/product-design#team" + }, + { + "headingText": "Contact us", + "hashLink": "/handbook/product-design#contact-us" + }, + { + "headingText": "Responsibilities", + "hashLink": "/handbook/product-design#responsibilities" + }, + { + "headingText": "Rituals", + "hashLink": "/handbook/product-design#rituals" + } + ] + }, + { + "url": "/handbook/digital-experience/application-security", + "title": "Application security", + "lastModifiedAt": 1726839804939, + "htmlId": "handbook--application-security--60a7adaa5a", + "sectionRelativeRepoPath": "digital-experience/application-security.md", + "meta": { + "description": "Explore Fleet's application security practices, including secure coding, SQL injection prevention, authentication, data encryption, access controls, and more.", + "maintainedBy": "hollidayn" + } + }, + { + "url": "/handbook/digital-experience", + "title": "🌐 Digital Experience", + "lastModifiedAt": 1726839804945, + "htmlId": "handbook--readme--7c78659bd2", + "sectionRelativeRepoPath": "digital-experience/README.md", + "meta": { + "maintainedBy": "Sampfluger88" + }, + "linksForHandbookIndex": [ + { + "headingText": "Team", + "hashLink": "/handbook/digital-experience#team" + }, + { + "headingText": "Contact us", + "hashLink": "/handbook/digital-experience#contact-us" + }, + { + "headingText": "Responsibilities", + "hashLink": "/handbook/digital-experience#responsibilities" + }, + { + "headingText": "Rituals", + "hashLink": "/handbook/digital-experience#rituals" + } + ] + }, + { + "url": "/handbook/digital-experience/security-audits", + "title": "Security audits", + "lastModifiedAt": 1726839804948, + "htmlId": "handbook--security-audits--b0d65992c5", + "sectionRelativeRepoPath": "digital-experience/security-audits.md", + "meta": { + "description": "Explanations of the latest external security audits performed on Fleet software.", + "maintainedBy": "hollidayn" + }, + "linksForHandbookIndex": [ + { + "headingText": "June 2024 penetration testing of Fleet 4.50.1", + "hashLink": "/handbook/digital-experience/security-audits#june-2024-penetration-testing-of-fleet-4-50-1" + }, + { + "headingText": "June 2023 penetration testing of Fleet 4.32 ", + "hashLink": "/handbook/digital-experience/security-audits#june-2023-penetration-testing-of-fleet-4-32" + }, + { + "headingText": "April 2022 penetration testing of Fleet 4.12 ", + "hashLink": "/handbook/digital-experience/security-audits#april-2022-penetration-testing-of-fleet-4-12" + }, + { + "headingText": "August 2021 security of Orbit auto-updater", + "hashLink": "/handbook/digital-experience/security-audits#august-2021-security-of-orbit-auto-updater" + } + ] + }, + { + "url": "/handbook/digital-experience/security-policies", + "title": "📜 Security policies", + "lastModifiedAt": 1726839804955, + "htmlId": "handbook--security-policies--96158a5cf6", + "sectionRelativeRepoPath": "digital-experience/security-policies.md", + "meta": { + "maintainedBy": "jostableford" + }, + "linksForHandbookIndex": [ + { + "headingText": "Information security policy and acceptable use policy", + "hashLink": "/handbook/digital-experience/security-policies#information-security-policy-and-acceptable-use-policy" + }, + { + "headingText": "Access control policy", + "hashLink": "/handbook/digital-experience/security-policies#access-control-policy" + }, + { + "headingText": "Asset management policy", + "hashLink": "/handbook/digital-experience/security-policies#asset-management-policy" + }, + { + "headingText": "Business continuity and disaster recovery policy", + "hashLink": "/handbook/digital-experience/security-policies#business-continuity-and-disaster-recovery-policy" + }, + { + "headingText": "Data management policy", + "hashLink": "/handbook/digital-experience/security-policies#data-management-policy" + }, + { + "headingText": "Encryption policy", + "hashLink": "/handbook/digital-experience/security-policies#encryption-policy" + }, + { + "headingText": "Human resources security policy", + "hashLink": "/handbook/digital-experience/security-policies#human-resources-security-policy" + }, + { + "headingText": "Incident response policy", + "hashLink": "/handbook/digital-experience/security-policies#incident-response-policy" + }, + { + "headingText": "Network and system hardening standards", + "hashLink": "/handbook/digital-experience/security-policies#network-and-system-hardening-standards" + }, + { + "headingText": "Operations security and change management policy", + "hashLink": "/handbook/digital-experience/security-policies#operations-security-and-change-management-policy" + }, + { + "headingText": "Risk management policy", + "hashLink": "/handbook/digital-experience/security-policies#risk-management-policy" + }, + { + "headingText": "Secure software development and product security policy ", + "hashLink": "/handbook/digital-experience/security-policies#secure-software-development-and-product-security-policy" + }, + { + "headingText": "Security policy management policy", + "hashLink": "/handbook/digital-experience/security-policies#security-policy-management-policy" + }, + { + "headingText": "Third-party management policy", + "hashLink": "/handbook/digital-experience/security-policies#third-party-management-policy" + }, + { + "headingText": "Anti-corruption policy", + "hashLink": "/handbook/digital-experience/security-policies#anti-corruption-policy" + } + ] + }, + { + "url": "/handbook/digital-experience/vendor-questionnaires", + "title": "📃 Vendor questionnaires", + "lastModifiedAt": 1726839804956, + "htmlId": "handbook--vendor-questionnaire--46cac642a1", + "sectionRelativeRepoPath": "digital-experience/vendor-questionnaires.md", + "meta": { + "maintainedBy": "dherder" + }, + "linksForHandbookIndex": [ + { + "headingText": "Scoping", + "hashLink": "/handbook/digital-experience/vendor-questionnaires#scoping" + }, + { + "headingText": "Application security", + "hashLink": "/handbook/digital-experience/vendor-questionnaires#application-security" + }, + { + "headingText": "Data security", + "hashLink": "/handbook/digital-experience/vendor-questionnaires#data-security" + }, + { + "headingText": "Service monitoring and logging", + "hashLink": "/handbook/digital-experience/vendor-questionnaires#service-monitoring-and-logging" + }, + { + "headingText": "Encryption and key management", + "hashLink": "/handbook/digital-experience/vendor-questionnaires#encryption-and-key-management" + }, + { + "headingText": "Governance and risk management", + "hashLink": "/handbook/digital-experience/vendor-questionnaires#governance-and-risk-management" + }, + { + "headingText": "Business continuity", + "hashLink": "/handbook/digital-experience/vendor-questionnaires#business-continuity" + }, + { + "headingText": "Network security", + "hashLink": "/handbook/digital-experience/vendor-questionnaires#network-security" + }, + { + "headingText": "Privacy", + "hashLink": "/handbook/digital-experience/vendor-questionnaires#privacy" + }, + { + "headingText": "Sub-processors", + "hashLink": "/handbook/digital-experience/vendor-questionnaires#sub-processors" + } + ] + }, + { + "url": "/handbook/digital-experience/security", + "title": "Security", + "lastModifiedAt": 1726839804965, + "htmlId": "handbook--security--585b03364d", + "sectionRelativeRepoPath": "digital-experience/security.md", + "meta": { + "maintainedBy": "hollidayn" + }, + "linksForHandbookIndex": [ + { + "headingText": "Security policies", + "hashLink": "/handbook/digital-experience/security#security-policies" + }, + { + "headingText": "Account recovery process", + "hashLink": "/handbook/digital-experience/security#account-recovery-process" + }, + { + "headingText": "How we protect end-user devices", + "hashLink": "/handbook/digital-experience/security#how-we-protect-end-user-devices" + }, + { + "headingText": "Hardware security keys", + "hashLink": "/handbook/digital-experience/security#hardware-security-keys" + }, + { + "headingText": "GitHub security", + "hashLink": "/handbook/digital-experience/security#git-hub-security" + }, + { + "headingText": "Google Workspace security", + "hashLink": "/handbook/digital-experience/security#google-workspace-security" + }, + { + "headingText": "Vulnerability management", + "hashLink": "/handbook/digital-experience/security#vulnerability-management" + }, + { + "headingText": "Trust report", + "hashLink": "/handbook/digital-experience/security#trust-report" + }, + { + "headingText": "Securtiy audits", + "hashLink": "/handbook/digital-experience/security#securtiy-audits" + }, + { + "headingText": "Application security", + "hashLink": "/handbook/digital-experience/security#application-security" + } + ] + }, + { + "url": "/handbook/sales", + "title": "🐋 Sales", + "lastModifiedAt": 1726839804968, + "htmlId": "handbook--readme--4fe57c451a", + "sectionRelativeRepoPath": "sales/README.md", + "meta": { + "maintainedBy": "alexmitchelliii" + }, + "linksForHandbookIndex": [ + { + "headingText": "Team", + "hashLink": "/handbook/sales#team" + }, + { + "headingText": "Contact us", + "hashLink": "/handbook/sales#contact-us" + }, + { + "headingText": "Responsibilities", + "hashLink": "/handbook/sales#responsibilities" + }, + { + "headingText": "Rituals", + "hashLink": "/handbook/sales#rituals" + } + ] + }, + { + "url": "/engineering/tips-for-github-actions-usability", + "title": "Tips for github actions usability", + "lastModifiedAt": 1726839804972, + "htmlId": "articles--4-tips-for-github-ac--c93d8d672b", + "sectionRelativeRepoPath": "4-tips-for-github-actions-usability.md", + "meta": { + "category": "engineering", + "authorGitHubUsername": "zwass", + "authorFullName": "Zach Wasserman", + "publishedOn": "2022-01-03", + "articleTitle": "4 tips for GitHub Actions usability (+2 bonus tips for debugging)", + "articleImageUrl": "/images/articles/4-tips-for-github-actions-usability-cover-1600x900@2x.jpg" + } + }, + { + "url": "/guides/apple-developer-certificates-on-linux-for-configuration-profile-signing", + "title": "Apple developer certificates on linux for configuration profile signing", + "lastModifiedAt": 1726839804973, + "htmlId": "articles--apple-developer-cert--3d7bfdf01f", + "sectionRelativeRepoPath": "apple-developer-certificates-on-linux-for-configuration-profile-signing.md", + "meta": { + "articleTitle": "Apple developer certificates on Linux for configuration profile signing", + "authorFullName": "Brock Walters", + "authorGitHubUsername": "nonpunctual", + "category": "guides", + "publishedOn": "2024-03-06", + "articleImageUrl": "/images/articles/apple-developer-certificates-on-linux-for-configuration-profile-signing-1600x900@2x.png", + "description": "This guide walks through the process of adding an Apple signing certificate to a Linux host." + } + }, + { + "url": "/announcements/a-new-fleet", + "title": "A new Fleet", + "lastModifiedAt": 1726839804974, + "htmlId": "articles--a-new-fleet--0c5af0e434", + "sectionRelativeRepoPath": "a-new-fleet.md", + "meta": { + "category": "announcements", + "authorGitHubUsername": "zwass", + "authorFullName": "Zach Wasserman", + "publishedOn": "2020-01-05", + "articleTitle": "A new Fleet", + "articleImageUrl": "/images/articles/a-new-fleet-cover-700x340@2x.jpeg" + } + }, + { + "url": "/securing/apply-byod-to-soothe-supply-chain-pain", + "title": "Apply byod to soothe supply chain pain", + "lastModifiedAt": 1726839804976, + "htmlId": "articles--apply-byod-to-soothe--866604b091", + "sectionRelativeRepoPath": "apply-byod-to-soothe-supply-chain-pain.md", + "meta": { + "category": "security", + "authorGitHubUsername": "GuillaumeRoss", + "authorFullName": "Guillaume Ross", + "publishedOn": "2022-02-10", + "articleTitle": "Apply BYOD to soothe supply chain pain", + "articleImageUrl": "/images/articles/apply-byod-to-soothe-supply-chain-pain-cover-1600x900@2x.jpg" + } + }, + { + "url": "/guides/automations", + "title": "Automations", + "lastModifiedAt": 1726839804976, + "htmlId": "articles--automations--ff5e8024a5", + "sectionRelativeRepoPath": "automations.md", + "meta": { + "category": "guides", + "authorGitHubUsername": "noahtalerman", + "authorFullName": "Noah Talerman", + "publishedOn": "2024-07-03", + "articleTitle": "Automations", + "description": "Configure Fleet automations to trigger webhooks or create tickets in Jira and Zendesk for vulnerability, policy, and host status events." + } + }, + { + "url": "/guides/building-webhook-flows-with-fleet-and-tines", + "title": "Building webhook flows with Fleet and tines", + "lastModifiedAt": 1726839804978, + "htmlId": "articles--building-webhook-flo--3ffb4a9791", + "sectionRelativeRepoPath": "building-webhook-flows-with-fleet-and-tines.md", + "meta": { + "articleTitle": "Building webhook flows with Fleet and Tines", + "authorFullName": "Victor Lyuboslavsky", + "authorGitHubUsername": "getvictor", + "category": "guides", + "publishedOn": "2024-05-30", + "articleImageUrl": "/images/articles/building-webhook-flows-with-fleet-and-tines-1600x900@2x.png", + "description": "A guide to workflows using Tines and Fleet via webhook to update outdated OS versions." + } + }, + { + "url": "/guides/building-an-effective-dashboard-with-fleet-rest-api-flask-and-plotly", + "title": "Building an effective dashboard with Fleet REST API flask and plotly", + "lastModifiedAt": 1726839804979, + "htmlId": "articles--building-an-effectiv--d3c30b5cf6", + "sectionRelativeRepoPath": "building-an-effective-dashboard-with-fleet-rest-api-flask-and-plotly.md", + "meta": { + "articleTitle": "Building an effective dashboard with Fleet's REST API, Flask, and Plotly: A step-by-step guide", + "authorFullName": "Dave Herder", + "authorGitHubUsername": "dherder", + "category": "guides", + "publishedOn": "2023-05-22", + "articleImageUrl": "/images/articles/building-an-effective-dashboard-with-fleet-rest-api-flask-and-plotly@2x.jpg", + "description": "Step-by-step guide on building a dynamic dashboard with Fleet's REST API, Flask, and Plotly. Master data visualization with open-source tools!" + } + }, + { + "url": "/guides/certificates-in-fleetd", + "title": "Certificates in fleetd", + "lastModifiedAt": 1726839804980, + "htmlId": "articles--certificates-in-flee--f860411dcf", + "sectionRelativeRepoPath": "certificates-in-fleetd.md", + "meta": { + "articleTitle": "Certificates in fleetd", + "authorFullName": "Lucas Manuel Rodriguez", + "authorGitHubUsername": "lucasmrod", + "category": "guides", + "publishedOn": "2024-07-09", + "articleImageUrl": "/images/articles/apple-developer-certificates-on-linux-for-configuration-profile-signing-1600x900@2x.png", + "description": "TLS certificates in fleetd" + } + }, + { + "url": "/guides/chrome-os", + "title": "Chrome os", + "lastModifiedAt": 1726839804981, + "htmlId": "articles--chrome-os--8f9e4f0cca", + "sectionRelativeRepoPath": "chrome-os.md", + "meta": { + "category": "guides", + "authorGitHubUsername": "zhumo", + "authorFullName": "Mo Zhu", + "publishedOn": "2023-11-21", + "articleTitle": "ChromeOS", + "description": "Learn about ChromeOS and Fleet." + } + }, + { + "url": "/guides/catch-missed-authorization-checks-during-software-development", + "title": "Catch missed authorization checks during software development", + "lastModifiedAt": 1726839804981, + "htmlId": "articles--catch-missed-authori--74d449dae1", + "sectionRelativeRepoPath": "catch-missed-authorization-checks-during-software-development.md", + "meta": { + "articleTitle": "Catch missed authorization checks during software development", + "authorFullName": "Victor Lyuboslavsky", + "authorGitHubUsername": "getvictor", + "category": "guides", + "publishedOn": "2023-12-04", + "description": "How to perform authorization checks in a golang codebase for cybersecurity" + } + }, + { + "url": "/guides/cis-benchmarks", + "title": "Cis benchmarks", + "lastModifiedAt": 1726839804982, + "htmlId": "articles--cis-benchmarks--c493697884", + "sectionRelativeRepoPath": "cis-benchmarks.md", + "meta": { + "category": "guides", + "authorGitHubUsername": "lucasmrod", + "authorFullName": "Lucas Rodriguez", + "publishedOn": "2024-04-02", + "articleTitle": "CIS Benchmarks", + "description": "Read about how Fleet's implementation of CIS Benchmarks offers consensus-based cybersecurity guidance." + } + }, + { + "url": "/announcements/comparative-look-at-ws1-and-fleet", + "title": "Comparative look at ws1 and Fleet", + "lastModifiedAt": 1726839804983, + "htmlId": "articles--comparative-look-at---d3aff5bdd7", + "sectionRelativeRepoPath": "comparative-look-at-ws1-and-fleet.md", + "meta": { + "category": "announcements", + "authorFullName": "JD Strong", + "authorGitHubUsername": "spokanemac", + "publishedOn": "2024-02-01", + "articleTitle": "A comparative look at VMware Workspace ONE and Fleet Device Management", + "articleImageUrl": "/images/articles/comparative-look-at-ws1-and-fleet-1600x900@2x.png" + } + }, + { + "url": "/guides/config-less-fleetd-agent-deployment", + "title": "Config less fleetd agent deployment", + "lastModifiedAt": 1726839804984, + "htmlId": "articles--config-less-fleetd-a--e5546949d5", + "sectionRelativeRepoPath": "config-less-fleetd-agent-deployment.md", + "meta": { + "articleTitle": "Config-less fleetd agent deployment", + "authorFullName": "Noah Talerman", + "authorGitHubUsername": "noahtalerman", + "category": "guides", + "publishedOn": "2024-01-31", + "articleImageUrl": "/images/articles/config-less-fleetd-agent-deployment-1600x900@2x.png", + "description": "Config-less `fleetd` agent deployment" + } + }, + { + "url": "/guides/configuring-default-teams-for-devices-in-fleet", + "title": "Configuring default teams for devices in Fleet", + "lastModifiedAt": 1726839804985, + "htmlId": "articles--configuring-default---d9b024f2b7", + "sectionRelativeRepoPath": "configuring-default-teams-for-devices-in-fleet.md", + "meta": { + "articleTitle": "Configuring default teams for macOS, iOS, and iPadOS devices in Fleet", + "authorFullName": "JD Strong", + "authorGitHubUsername": "spokanemac", + "category": "guides", + "publishedOn": "2024-09-12", + "description": "This guide will walk you through configuring default teams for devices using the Fleet web UI." + } + }, + { + "url": "/guides/converting-unix-timestamps-with-osquery", + "title": "Converting unix timestamps with osquery", + "lastModifiedAt": 1726839804986, + "htmlId": "articles--converting-unix-time--ace81a16aa", + "sectionRelativeRepoPath": "converting-unix-timestamps-with-osquery.md", + "meta": { + "category": "guides", + "authorFullName": "Mike Thomas", + "authorGitHubUsername": "mike-j-thomas", + "publishedOn": "2021-06-15", + "articleTitle": "Converting unix timestamps with osquery", + "articleImageUrl": "/images/articles/converting-unix-timestamps-with-osquery-cover-800x450@2x.jpeg" + } + }, + { + "url": "/guides/correlate-network-connections-with-community-id-in-osquery", + "title": "Correlate network connections with community id in osquery", + "lastModifiedAt": 1726839804987, + "htmlId": "articles--correlate-network-co--10ea0b1641", + "sectionRelativeRepoPath": "correlate-network-connections-with-community-id-in-osquery.md", + "meta": { + "category": "guides", + "authorFullName": "Zach Wasserman", + "authorGitHubUsername": "zwass", + "publishedOn": "2021-06-02", + "articleTitle": "Correlate network connections with community ID in osquery.", + "articleImageUrl": "/images/articles/correlate-network-connections-with-community-id-in-osquery-cover-800x502@2x.jpeg" + } + }, + { + "url": "/guides/custom-os-settings", + "title": "Custom os settings", + "lastModifiedAt": 1726839804988, + "htmlId": "articles--custom-os-settings--5e97a43205", + "sectionRelativeRepoPath": "custom-os-settings.md", + "meta": { + "category": "guides", + "authorGitHubUsername": "noahtalerman", + "authorFullName": "Noah Talerman", + "publishedOn": "2024-07-27", + "articleTitle": "Custom OS settings", + "description": "Learn how to enforce custom settings on macOS and Window hosts using Fleet's configuration profiles." + } + }, + { + "url": "/announcements/debunk-the-cross-platform-myth", + "title": "Debunk the cross platform myth", + "lastModifiedAt": 1726839804989, + "htmlId": "articles--debunk-the-cross-pla--d46aac3cb4", + "sectionRelativeRepoPath": "debunk-the-cross-platform-myth.md", + "meta": { + "category": "announcements", + "authorFullName": "Mike McNeil", + "authorGitHubUsername": "mikermcneil", + "publishedOn": "2024-08-27", + "articleTitle": "Debunk the cross-platform myth", + "description": "Debunk the cross-platform myth with MDM" + } + }, + { + "url": "/guides/delivering-data-to-snowflake-from-fleet-and-osquery", + "title": "Delivering data to snowflake from Fleet and osquery", + "lastModifiedAt": 1726839804991, + "htmlId": "articles--delivering-data-to-s--9677bbe81b", + "sectionRelativeRepoPath": "delivering-data-to-snowflake-from-fleet-and-osquery.md", + "meta": { + "category": "guides", + "authorGitHubUsername": "t-lark", + "authorFullName": "Tom Larkin", + "publishedOn": "2022-02-01", + "articleTitle": "Delivering data to Snowflake from Fleet and osquery.", + "articleImageUrl": "/images/articles/delivering-data-to-snowflake-from-fleet-and-osquery-cover-1600x900@2x.jpg" + } + }, + { + "url": "/guides/deploy-fleet-on-aws-ecs", + "title": "Deploy Fleet on aws ecs", + "lastModifiedAt": 1726839804992, + "htmlId": "articles--deploy-fleet-on-aws---ca8c5b2fc4", + "sectionRelativeRepoPath": "deploy-fleet-on-aws-ecs.md", + "meta": { + "articleTitle": "Deploy Fleet on AWS ECS", + "authorGitHubUsername": "edwardsb", + "authorFullName": "Ben Edwards", + "publishedOn": "2021-10-06", + "category": "guides", + "articleImageUrl": "/images/articles/deploy-fleet-on-aws-ecs-800x450@2x.png", + "description": "Information for deploying Fleet on AWS ECS." + } + }, + { + "url": "/guides/deploy-fleet-on-aws-with-terraform", + "title": "Deploy Fleet on aws with terraform", + "lastModifiedAt": 1726839804993, + "htmlId": "articles--deploy-fleet-on-aws---8b2a9168ab", + "sectionRelativeRepoPath": "deploy-fleet-on-aws-with-terraform.md", + "meta": { + "articleTitle": "Deploy Fleet on AWS with Terraform", + "authorGitHubUsername": "edwardsb", + "authorFullName": "Ben Edwards", + "publishedOn": "2021-11-30", + "category": "guides", + "articleImageUrl": "/images/articles/deploy-fleet-on-aws-with-terraform-800x450@2x.png", + "description": "Learn how to deploy Fleet on AWS." + } + }, + { + "url": "/guides/deploy-fleet-on-centos", + "title": "Deploy Fleet on centos", + "lastModifiedAt": 1726839804994, + "htmlId": "articles--deploy-fleet-on-cent--4841e96234", + "sectionRelativeRepoPath": "deploy-fleet-on-centos.md", + "meta": { + "articleTitle": "Deploy Fleet on CentOS", + "authorGitHubUsername": "marpaia", + "authorFullName": "Mike Arpaia", + "publishedOn": "2017-09-22", + "category": "guides", + "articleImageUrl": "/images/articles/deploy-fleet-on-centos-800x450@2x.png", + "description": "A guide to deploy Fleet on CentOS." + } + }, + { + "url": "/guides/deploy-fleet-on-cloudgov", + "title": "Deploy Fleet on cloudgov", + "lastModifiedAt": 1726839804995, + "htmlId": "articles--deploy-fleet-on-clou--ecdaaf656b", + "sectionRelativeRepoPath": "deploy-fleet-on-cloudgov.md", + "meta": { + "articleTitle": "Deploy Fleet on Cloud.gov", + "authorGitHubUsername": "JJediny", + "authorFullName": "John Jediny", + "publishedOn": "2022-09-08", + "category": "guides", + "articleImageUrl": "/images/articles/deploy-fleet-on-cloudgov-800x450@2x.png", + "description": "Information for deploying Fleet on Cloud.gov." + } + }, + { + "url": "/guides/deploy-fleet-on-hetzner-cloud", + "title": "Deploy Fleet on hetzner cloud", + "lastModifiedAt": 1726839804999, + "htmlId": "articles--deploy-fleet-on-hetz--ab40dd3e5f", + "sectionRelativeRepoPath": "deploy-fleet-on-hetzner-cloud.md", + "meta": { + "articleTitle": "Deploy Fleet on Hetzner Cloud", + "authorGitHubUsername": "ksatter", + "authorFullName": "Kathy Satterlee", + "publishedOn": "2022-06-27", + "category": "guides", + "articleImageUrl": "/images/articles/deploy-fleet-on-hetzner-cloud-800x450@2x.png", + "description": "Learn how to deploy Fleet on Hetzner Cloud using cloud-init and Docker." + } + }, + { + "url": "/guides/deploy-fleet-on-kubernetes", + "title": "Deploy Fleet on kubernetes", + "lastModifiedAt": 1726839805000, + "htmlId": "articles--deploy-fleet-on-kube--b62fcc97c7", + "sectionRelativeRepoPath": "deploy-fleet-on-kubernetes.md", + "meta": { + "articleTitle": "Deploy Fleet on Kubernetes", + "authorGitHubUsername": "marpaia", + "authorFullName": "Mike Arpaia", + "publishedOn": "2017-11-18", + "category": "guides", + "articleImageUrl": "/images/articles/deploy-fleet-on-kubernetes-800x450@2x.png", + "description": "Learn how to deploy Fleet on Kubernetes." + } + }, + { + "url": "/guides/deploy-fleet-on-render", + "title": "Deploy Fleet on render", + "lastModifiedAt": 1726839805001, + "htmlId": "articles--deploy-fleet-on-rend--175bce353f", + "sectionRelativeRepoPath": "deploy-fleet-on-render.md", + "meta": { + "articleTitle": "Deploy Fleet on Render", + "authorGitHubUsername": "edwardsb", + "authorFullName": "Ben Edwards", + "publishedOn": "2021-11-21", + "category": "guides", + "articleImageUrl": "/images/articles/deploy-fleet-on-render-800x450@2x.png", + "description": "Learn how to deploy Fleet on Render." + } + }, + { + "url": "/guides/deploy-fleet-on-ubuntu-with-elastic", + "title": "Deploy Fleet on ubuntu with elastic", + "lastModifiedAt": 1726839805004, + "htmlId": "articles--deploy-fleet-on-ubun--db33029e1f", + "sectionRelativeRepoPath": "deploy-fleet-on-ubuntu-with-elastic.md", + "meta": { + "articleTitle": "Deploy Fleet on Ubuntu", + "authorGitHubUsername": "defensivedepth", + "authorFullName": "Josh Brower", + "publishedOn": "2024-06-12", + "category": "guides", + "description": "A guide to deploy Fleet and Elastic on Ubuntu.", + "articleImageUrl": "/images/articles/deploy-fleet-on-ubuntu-with-elastic-1600x900@2x.png" + } + }, + { + "url": "/guides/deploy-security-agents", + "title": "Deploy security agents", + "lastModifiedAt": 1726839805005, + "htmlId": "articles--deploy-security-agen--a3a93c715b", + "sectionRelativeRepoPath": "deploy-security-agents.md", + "meta": { + "articleTitle": "Deploy security agents", + "authorFullName": "Roberto Dip", + "authorGitHubUsername": "roperzh", + "category": "guides", + "publishedOn": "2024-08-05", + "articleImageUrl": "/images/articles/deploy-security-agents-1600x900@2x.png", + "description": "This guide will walk you through adding software to Fleet." + } + }, + { + "url": "/securing/detect-log4j-with-osquery-and-fleet", + "title": "Detect log4j with osquery and Fleet", + "lastModifiedAt": 1726839805006, + "htmlId": "articles--detect-log4j-with-os--812eb5ba15", + "sectionRelativeRepoPath": "detect-log4j-with-osquery-and-fleet.md", + "meta": { + "category": "security", + "authorFullName": "Zach Wasserman", + "authorGitHubUsername": "zwass", + "publishedOn": "2021-12-15", + "articleTitle": "Detect Log4j with osquery (and Fleet)", + "articleImageUrl": "/images/articles/detect-log4j-with-osquery-and-fleet-1600x900@2x.jpg" + } + }, + { + "url": "/guides/discovering-chrome-ai-using-fleet", + "title": "Discovering chrome ai using Fleet", + "lastModifiedAt": 1726839805007, + "htmlId": "articles--discovering-chrome-a--4de87d4fb6", + "sectionRelativeRepoPath": "discovering-chrome-ai-using-fleet.md", + "meta": { + "articleTitle": "Discovering Chrome AI using Fleet", + "authorFullName": "Brock Walters", + "authorGitHubUsername": "nonpunctual", + "category": "guides", + "publishedOn": "2024-09-06", + "articleImageUrl": "/images/articles/discovering-chrome-ai-using-fleet-1600x900@2x.jpg", + "description": "Use Fleet to detect and monitor settings enabled in Google Chrome by querying Chrome's preferences JSON file." + } + }, + { + "url": "/guides/discovering-geacon-using-fleet", + "title": "Discovering geacon using Fleet", + "lastModifiedAt": 1726839805008, + "htmlId": "articles--discovering-geacon-u--bab06239aa", + "sectionRelativeRepoPath": "discovering-geacon-using-fleet.md", + "meta": { + "articleTitle": "Discovering Geacon using Fleet", + "authorFullName": "JD Strong", + "authorGitHubUsername": "spokanemac", + "category": "guides", + "publishedOn": "2023-05-18", + "articleImageUrl": "/images/articles/discovering-geacon-using-fleet-1600x900@2x.jpg", + "description": "Enterprise security teams can use Fleet to identify and locate Geacon payloads and protect their macOS devices from this threat." + } + }, + { + "url": "/guides/discovering-xz-vulnerability-with-fleet", + "title": "Discovering xz vulnerability with Fleet", + "lastModifiedAt": 1726839805010, + "htmlId": "articles--discovering-xz-vulne--0a7dc5a7f8", + "sectionRelativeRepoPath": "discovering-xz-vulnerability-with-fleet.md", + "meta": { + "articleTitle": "Discovering xz vulnerability with Fleet", + "authorFullName": "Brock Walters", + "authorGitHubUsername": "nonpunctual", + "category": "guides", + "publishedOn": "2024-06-03", + "articleImageUrl": "/images/articles/discovering-geacon-using-fleet-1600x900@2x.jpg", + "description": "Discover and create a comprehensive end-to-end remediation workflow for the xz vulnerability (CVE-2024-3094) with Fleet." + } + }, + { + "url": "/securing/does-osquery-violate-the-new-york-employee-monitoring-law", + "title": "Does osquery violate the new york employee monitoring law", + "lastModifiedAt": 1726839805011, + "htmlId": "articles--does-osquery-violate--fcac4cc8a5", + "sectionRelativeRepoPath": "does-osquery-violate-the-new-york-employee-monitoring-law.md", + "meta": { + "category": "security", + "authorFullName": "JD Strong", + "authorGitHubUsername": "spokanemac", + "publishedOn": "2023-04-18", + "articleTitle": "Does osquery violate the New York employee monitoring law?" + } + }, + { + "url": "/guides/downgrade-fleet", + "title": "Downgrade Fleet", + "lastModifiedAt": 1726839805012, + "htmlId": "articles--downgrade-fleet--76de2fe679", + "sectionRelativeRepoPath": "downgrade-fleet.md", + "meta": { + "category": "guides", + "authorGitHubUsername": "eashaw", + "authorFullName": "Eric Shaw", + "publishedOn": "2024-01-09", + "articleTitle": "Downgrade from Fleet Premium", + "description": "Learn how to downgrade from Fleet Premium." + } + }, + { + "url": "/guides/driving-company-culture-through-ai-haiku-poetry", + "title": "Driving company culture through ai haiku poetry", + "lastModifiedAt": 1726839805013, + "htmlId": "articles--driving-company-cult--52db9708d4", + "sectionRelativeRepoPath": "driving-company-culture-through-ai-haiku-poetry.md", + "meta": { + "articleTitle": "Driving company culture through AI haiku poetry", + "authorFullName": "Luke Heath", + "authorGitHubUsername": "lukeheath", + "category": "guides", + "publishedOn": "2024-04-17", + "articleImageUrl": "/images/articles/driving-company-culture-through-ai-haiku-poetry-1600x900@2x.png", + "description": "Code and verse entwine, Silicon sparks, haikus shine, Art meets design line." + } + }, + { + "url": "/securing/ebpf-the-future-of-osquery-on-linux", + "title": "Ebpf the future of osquery on linux", + "lastModifiedAt": 1726839805014, + "htmlId": "articles--ebpf-the-future-of-o--cd30e84170", + "sectionRelativeRepoPath": "ebpf-the-future-of-osquery-on-linux.md", + "meta": { + "category": "security", + "authorGitHubUsername": "zwass", + "authorFullName": "Zach Wasserman", + "publishedOn": "2021-01-25", + "articleTitle": "eBPF & the future of osquery on Linux", + "articleImageUrl": "/images/articles/ebpf-the-future-of-osquery-on-linux-cover-700x394@2x.png" + } + }, + { + "url": "/announcements/embracing-the-future-declarative-device-management", + "title": "Embracing the future declarative device management", + "lastModifiedAt": 1726839805015, + "htmlId": "articles--embracing-the-future--b3151457e1", + "sectionRelativeRepoPath": "embracing-the-future-declarative-device-management.md", + "meta": { + "category": "announcements", + "authorGitHubUsername": "spokanemac", + "authorFullName": "JD Strong", + "publishedOn": "2023-07-06", + "articleTitle": "Embracing the future: Declarative Device Management", + "articleImageUrl": "/images/articles/embracing-the-future-declarative-device-management@2x.png", + "description": "Explore the transformative impact of Declarative Device Management (DDM), Fleet, and osquery for MacAdmins." + } + }, + { + "url": "/securing/end-user-self-remediation", + "title": "End user self remediation", + "lastModifiedAt": 1726839805016, + "htmlId": "articles--end-user-self-remedi--1ebc67c784", + "sectionRelativeRepoPath": "end-user-self-remediation.md", + "meta": { + "category": "security", + "authorFullName": "Chris McGillicuddy", + "authorGitHubUsername": "chris-mcgillicuddy", + "publishedOn": "2022-12-15", + "articleTitle": "End-user self remediation: empower your employees to fix security issues with Fleet" + } + }, + { + "url": "/announcements/endpoint-managements-crucial-role-in-healthcare", + "title": "Endpoint managements crucial role in healthcare", + "lastModifiedAt": 1726839805017, + "htmlId": "articles--endpoint-managements--ec90fcd20a", + "sectionRelativeRepoPath": "endpoint-managements-crucial-role-in-healthcare.md", + "meta": { + "category": "announcements", + "authorFullName": "Alex Mitchell", + "authorGitHubUsername": "alexmitchelliii", + "publishedOn": "2024-05-24", + "articleTitle": "Endpoint management's crucial role in healthcare", + "articleImageUrl": "/images/articles/endpoint-managements-crucial-role-in-healthcare-1600x900@2x.png", + "description": "Discover how robust endpoint management is essential for securing healthcare data, ensuring compliance, and building patient trust." + } + }, + { + "url": "/guides/enforce-disk-encryption", + "title": "Enforce disk encryption", + "lastModifiedAt": 1726839805018, + "htmlId": "articles--enforce-disk-encrypt--0ab61200c1", + "sectionRelativeRepoPath": "enforce-disk-encryption.md", + "meta": { + "category": "guides", + "authorGitHubUsername": "noahtalerman", + "authorFullName": "Noah Talerman", + "publishedOn": "2024-08-14", + "articleTitle": "Enforce disk encryption", + "description": "Learn how to enforce disk encryption on macOS and Windows hosts and manage encryption keys with Fleet Premium." + } + }, + { + "url": "/guides/enforce-os-updates", + "title": "Enforce os updates", + "lastModifiedAt": 1726839805019, + "htmlId": "articles--enforce-os-updates--0ddd6f9117", + "sectionRelativeRepoPath": "enforce-os-updates.md", + "meta": { + "category": "guides", + "authorGitHubUsername": "noahtalerman", + "authorFullName": "Noah Talerman", + "publishedOn": "2024-08-10", + "articleTitle": "Enforce OS updates", + "description": "Learn how to manage OS updates on macOS, Windows, iOS, and iPadOS devices." + } + }, + { + "url": "/announcements/enhancing-fleets-vulnerability-management-with-vulncheck-integration", + "title": "Enhancing fleets vulnerability management with vulncheck integration", + "lastModifiedAt": 1726839805020, + "htmlId": "articles--enhancing-fleets-vul--3cc4d5cb3a", + "sectionRelativeRepoPath": "enhancing-fleets-vulnerability-management-with-vulncheck-integration.md", + "meta": { + "category": "announcements", + "authorFullName": "JD Strong", + "authorGitHubUsername": "spokanemac", + "publishedOn": "2024-04-23", + "articleTitle": "Enhancing Fleet's vulnerability management with VulnCheck integration", + "articleImageUrl": "/images/articles/enhancing-fleets-vulnerability-management-with-vulncheck-integration-1600x900@2x.png" + } + }, + { + "url": "/announcements/enhancing-k-12-cybersecurity-with-fcc-funds-and-fleet", + "title": "Enhancing k 12 cybersecurity with fcc funds and Fleet", + "lastModifiedAt": 1726839805021, + "htmlId": "articles--enhancing-k-12-cyber--90c76b24ef", + "sectionRelativeRepoPath": "enhancing-k-12-cybersecurity-with-fcc-funds-and-fleet.md", + "meta": { + "category": "announcements", + "authorFullName": "Alex Mitchell", + "authorGitHubUsername": "alexmitchelliii", + "publishedOn": "2024-07-25", + "articleTitle": "Enhancing K-12 cybersecurity with FCC funds and Fleet", + "articleImageUrl": "/images/articles/enhancing-k-12-cybersecurity-with-fcc-funds-and-fleet-1600x900@2x.png" + } + }, + { + "url": "/guides/enroll-hosts", + "title": "Enroll hosts", + "lastModifiedAt": 1726839805023, + "htmlId": "articles--enroll-hosts--72fecd86ff", + "sectionRelativeRepoPath": "enroll-hosts.md", + "meta": { + "category": "guides", + "authorGitHubUsername": "noahtalerman", + "authorFullName": "Noah Talerman", + "publishedOn": "2024-08-08", + "articleTitle": "Enroll hosts", + "description": "Learn how to enroll hosts to Fleet." + } + }, + { + "url": "/guides/enrolling-a-digital-ocean-droplet-on-a-fleet-instance", + "title": "Enrolling a digital ocean droplet on a Fleet instance", + "lastModifiedAt": 1726839805025, + "htmlId": "articles--enrolling-a-digital---6fbc5a61b0", + "sectionRelativeRepoPath": "enrolling-a-digital-ocean-droplet-on-a-fleet-instance.md", + "meta": { + "category": "guides", + "authorGitHubUsername": "DominusKelvin", + "authorFullName": "Kelvin Omereshone", + "publishedOn": "2022-05-26", + "articleTitle": "Enrolling a DigitalOcean Droplet on a Fleet instance", + "articleImageUrl": "/images/articles/enrolling-a-digitalocean-droplet-server-on-a-fleet-instance-cover-1600x900@2x.jpg" + } + }, + { + "url": "/podcasts/expeditioners-bradley-chambers", + "title": "Expeditioners bradley chambers", + "lastModifiedAt": 1726839805026, + "htmlId": "articles--expeditioners-bradle--434ed8f62f", + "sectionRelativeRepoPath": "expeditioners-bradley-chambers.md", + "meta": { + "category": "podcasts", + "authorGitHubUsername": "zwass", + "authorFullName": "Zach Wasserman", + "publishedOn": "2023-07-20", + "articleTitle": "ExpedITioners podcast with Bradley Chambers", + "articleImageUrl": "/images/articles/expeditioners-podcast-ep1-1600x900@2x.png" + } + }, + { + "url": "/podcasts/expeditioners-charles-edge", + "title": "Expeditioners charles edge", + "lastModifiedAt": 1726839805027, + "htmlId": "articles--expeditioners-charle--078e2e677d", + "sectionRelativeRepoPath": "expeditioners-charles-edge.md", + "meta": { + "category": "podcasts", + "authorGitHubUsername": "zwass", + "authorFullName": "Zach Wasserman", + "publishedOn": "2023-10-23", + "articleTitle": "ExpedITioners podcast with Charles Edge", + "articleImageUrl": "/images/articles/expeditioners-podcast-ep5-1600x900@2x.jpg" + } + }, + { + "url": "/podcasts/expeditioners-huxley-barbee", + "title": "Expeditioners huxley barbee", + "lastModifiedAt": 1726839805027, + "htmlId": "articles--expeditioners-huxley--59793f39c1", + "sectionRelativeRepoPath": "expeditioners-huxley-barbee.md", + "meta": { + "category": "podcasts", + "authorGitHubUsername": "zwass", + "authorFullName": "Zach Wasserman", + "publishedOn": "2024-01-30", + "articleTitle": "ExpedITioners podcast with Huxley Barbee", + "articleImageUrl": "/images/articles/expeditioners-podcast-ep8-1600x900@2x.jpg" + } + }, + { + "url": "/podcasts/expeditioners-jeff-chao", + "title": "Expeditioners jeff chao", + "lastModifiedAt": 1726839805028, + "htmlId": "articles--expeditioners-jeff-c--69f6b2fce1", + "sectionRelativeRepoPath": "expeditioners-jeff-chao.md", + "meta": { + "category": "podcasts", + "authorGitHubUsername": "zwass", + "authorFullName": "Zach Wasserman", + "publishedOn": "2023-11-15", + "articleTitle": "ExpedITioners podcast with Jeff Chao", + "articleImageUrl": "/images/articles/expeditioners-podcast-ep6-1600x900@2x.jpg" + } + }, + { + "url": "/podcasts/expeditioners-john-reynolds", + "title": "Expeditioners john reynolds", + "lastModifiedAt": 1726839805029, + "htmlId": "articles--expeditioners-john-r--2abfb47f0e", + "sectionRelativeRepoPath": "expeditioners-john-reynolds.md", + "meta": { + "category": "podcasts", + "authorGitHubUsername": "zwass", + "authorFullName": "Zach Wasserman", + "publishedOn": "2023-09-21", + "articleTitle": "ExpedITioners podcast with John Reynolds", + "articleImageUrl": "/images/articles/expeditioners-podcast-ep4-1600x900@2x.jpg" + } + }, + { + "url": "/podcasts/expeditioners-niels-hofmans", + "title": "Expeditioners niels hofmans", + "lastModifiedAt": 1726839805030, + "htmlId": "articles--expeditioners-niels---d1c8e645af", + "sectionRelativeRepoPath": "expeditioners-niels-hofmans.md", + "meta": { + "category": "podcasts", + "authorGitHubUsername": "zwass", + "authorFullName": "Zach Wasserman", + "publishedOn": "2023-08-22", + "articleTitle": "ExpedITioners podcast with Niels Hofmans", + "articleImageUrl": "/images/articles/expeditioners-podcast-ep2-1600x900@2x.jpg" + } + }, + { + "url": "/podcasts/expeditioners-podcast-with-marcus-ransom", + "title": "Expeditioners podcast with marcus ransom", + "lastModifiedAt": 1726839805031, + "htmlId": "articles--expeditioners-podcas--98c32a782f", + "sectionRelativeRepoPath": "expeditioners-podcast-with-marcus-ransom.md", + "meta": { + "category": "podcasts", + "authorGitHubUsername": "zwass", + "authorFullName": "Zach Wasserman", + "publishedOn": "2023-12-11", + "articleTitle": "ExpedITioners podcast with Marcus Ransom", + "articleImageUrl": "/images/articles/expeditioners-podcast-ep7-1600x900@2x.jpg" + } + }, + { + "url": "/podcasts/expeditioners-rich-trouton", + "title": "Expeditioners rich trouton", + "lastModifiedAt": 1726839805032, + "htmlId": "articles--expeditioners-rich-t--c394f4ba38", + "sectionRelativeRepoPath": "expeditioners-rich-trouton.md", + "meta": { + "category": "podcasts", + "authorGitHubUsername": "zwass", + "authorFullName": "Zach Wasserman", + "publishedOn": "2023-08-31", + "articleTitle": "ExpedITioners podcast with Rich Trouton", + "articleImageUrl": "/images/articles/expeditioners-podcast-ep3-1600x900@2x.jpg" + } + }, + { + "url": "/guides/filtering-software-by-vulnerability", + "title": "Filtering software by vulnerability", + "lastModifiedAt": 1726839805033, + "htmlId": "articles--filtering-software-b--900d8b7307", + "sectionRelativeRepoPath": "filtering-software-by-vulnerability.md", + "meta": { + "articleTitle": "Filtering software by vulnerability in Fleet", + "authorFullName": "Tim Lee", + "authorGitHubUsername": "mostlikelee", + "category": "guides", + "publishedOn": "2024-08-30", + "articleImageUrl": "/images/articles/discovering-geacon-using-fleet-1600x900@2x.jpg", + "description": "Filter software by vulnerability in Fleet to prioritize critical patches and enhance your organization's security posture." + } + }, + { + "url": "/releases/fleet-3.10.0", + "title": "Fleet 3.10.0", + "lastModifiedAt": 1726839805034, + "htmlId": "articles--fleet-3100--09d2002dcd", + "sectionRelativeRepoPath": "fleet-3.10.0.md", + "meta": { + "category": "releases", + "authorFullName": "Noah Talerman", + "authorGitHubUsername": "noahtalerman", + "publishedOn": "2021-04-01", + "articleTitle": "Fleet 3.10.0 released with agent auto-updates beta", + "articleImageUrl": "/images/articles/fleet-3.10.0-cover-1600x900@2x.jpg" + } + }, + { + "url": "/releases/fleet-3.11.0", + "title": "Fleet 3.11.0", + "lastModifiedAt": 1726839805035, + "htmlId": "articles--fleet-3110--ad56a464f5", + "sectionRelativeRepoPath": "fleet-3.11.0.md", + "meta": { + "category": "releases", + "authorFullName": "Noah Talerman", + "authorGitHubUsername": "noahtalerman", + "publishedOn": "2021-04-29", + "articleTitle": "Fleet 3.11.0 released with software inventory", + "articleImageUrl": "/images/articles/fleet-3.11.0-cover-1600x900@2x.jpg" + } + }, + { + "url": "/releases/fleet-3.12.0", + "title": "Fleet 3.12.0", + "lastModifiedAt": 1726839805036, + "htmlId": "articles--fleet-3120--8f3c795b51", + "sectionRelativeRepoPath": "fleet-3.12.0.md", + "meta": { + "category": "releases", + "authorFullName": "Noah Talerman", + "authorGitHubUsername": "noahtalerman", + "publishedOn": "2021-05-20", + "articleTitle": "Fleet 3.12.0", + "articleImageUrl": "/images/articles/fleet-3.12.0-cover-1600x900@2x.jpg" + } + }, + { + "url": "/releases/fleet-3.5.0", + "title": "Fleet 3.5.0", + "lastModifiedAt": 1726839805037, + "htmlId": "articles--fleet-350--0912885a04", + "sectionRelativeRepoPath": "fleet-3.5.0.md", + "meta": { + "category": "releases", + "authorFullName": "Noah Talerman", + "authorGitHubUsername": "noahtalerman", + "publishedOn": "2020-12-12", + "articleTitle": "Fleet 3.5.0", + "articleImageUrl": "/images/articles/fleet-3.5.0-cover-1600x900@2x.jpg" + } + }, + { + "url": "/releases/fleet-3.6.0", + "title": "Fleet 3.6.0", + "lastModifiedAt": 1726839805039, + "htmlId": "articles--fleet-360--b415aaaf59", + "sectionRelativeRepoPath": "fleet-3.6.0.md", + "meta": { + "category": "releases", + "authorFullName": "Noah Talerman", + "authorGitHubUsername": "noahtalerman", + "publishedOn": "2021-01-09", + "articleTitle": "Fleet 3.6.0", + "articleImageUrl": "/images/articles/fleet-3.6.0-cover-1600x900@2x.jpg" + } + }, + { + "url": "/releases/fleet-3.13.0", + "title": "Fleet 3.13.0", + "lastModifiedAt": 1726839805041, + "htmlId": "articles--fleet-3130--6a4b26ee04", + "sectionRelativeRepoPath": "fleet-3.13.0.md", + "meta": { + "category": "releases", + "authorFullName": "Noah Talerman", + "authorGitHubUsername": "noahtalerman", + "publishedOn": "2021-06-04", + "articleTitle": "Fleet 3.13.0", + "articleImageUrl": "/images/articles/fleet-3.13.0-cover-1600x900@2x.jpg" + } + }, + { + "url": "/releases/fleet-3.7.1", + "title": "Fleet 3.7.1", + "lastModifiedAt": 1726839805042, + "htmlId": "articles--fleet-371--a3099c00cb", + "sectionRelativeRepoPath": "fleet-3.7.1.md", + "meta": { + "category": "releases", + "authorFullName": "Noah Talerman", + "authorGitHubUsername": "noahtalerman", + "publishedOn": "2021-02-04", + "articleTitle": "Fleet 3.7.1", + "articleImageUrl": "/images/articles/fleet-3.7.1-cover-1600x900@2x.jpg" + } + }, + { + "url": "/releases/fleet-3.8.0", + "title": "Fleet 3.8.0", + "lastModifiedAt": 1726839805042, + "htmlId": "articles--fleet-380--681019a9ad", + "sectionRelativeRepoPath": "fleet-3.8.0.md", + "meta": { + "category": "releases", + "authorFullName": "Noah Talerman", + "authorGitHubUsername": "noahtalerman", + "publishedOn": "2021-02-26", + "articleTitle": "Fleet 3.8.0", + "articleImageUrl": "/images/articles/fleet-3.8.0-cover-1600x900@2x.jpg" + } + }, + { + "url": "/releases/fleet-3.9.0", + "title": "Fleet 3.9.0", + "lastModifiedAt": 1726839805043, + "htmlId": "articles--fleet-390--7ceb277f2f", + "sectionRelativeRepoPath": "fleet-3.9.0.md", + "meta": { + "category": "releases", + "authorFullName": "Noah Talerman", + "authorGitHubUsername": "noahtalerman", + "publishedOn": "2021-03-10", + "articleTitle": "Fleet 3.9.0", + "articleImageUrl": "/images/articles/fleet-3.9.0-cover-1600x900@2x.jpg" + } + }, + { + "url": "/releases/fleet-4.0.0", + "title": "Fleet 4.0.0", + "lastModifiedAt": 1726839805044, + "htmlId": "articles--fleet-400--33d96e46d6", + "sectionRelativeRepoPath": "fleet-4.0.0.md", + "meta": { + "category": "releases", + "authorFullName": "Noah Talerman", + "authorGitHubUsername": "noahtalerman", + "publishedOn": "2021-06-30", + "articleTitle": "Fleet 4.0.0 released with Role-based access control and Teams features", + "articleImageUrl": "/images/articles/fleet-4.0.0-cover-1600x900@2x.jpg" + } + }, + { + "url": "/releases/fleet-4.1.0", + "title": "Fleet 4.1.0", + "lastModifiedAt": 1726839805045, + "htmlId": "articles--fleet-410--2f2a288a79", + "sectionRelativeRepoPath": "fleet-4.1.0.md", + "meta": { + "category": "releases", + "authorFullName": "Noah Talerman", + "authorGitHubUsername": "noahtalerman", + "publishedOn": "2021-07-27", + "articleTitle": "Fleet 4.1.0 released with Schedule and Activity feed features", + "articleImageUrl": "/images/articles/fleet-4.1.0-cover-1600x900@2x.jpg" + } + }, + { + "url": "/releases/fleet-4.10.0", + "title": "Fleet 4.10.0", + "lastModifiedAt": 1726839805046, + "htmlId": "articles--fleet-4100--dd259b5e42", + "sectionRelativeRepoPath": "fleet-4.10.0.md", + "meta": { + "category": "releases", + "authorFullName": "Mike Thomas", + "authorGitHubUsername": "mike-j-thomas", + "publishedOn": "2022-02-14", + "articleTitle": "Fleet 4.10.0 brings new features and improvements for vulnerability analysts.", + "articleImageUrl": "/images/articles/fleet-4.10.0-cover-1600x900@2x.jpg" + } + }, + { + "url": "/releases/fleet-4.12.0", + "title": "Fleet 4.12.0", + "lastModifiedAt": 1726839805047, + "htmlId": "articles--fleet-4120--150c6e2731", + "sectionRelativeRepoPath": "fleet-4.12.0.md", + "meta": { + "category": "releases", + "authorFullName": "Mike Thomas", + "authorGitHubUsername": "mike-j-thomas", + "publishedOn": "2022-03-25", + "articleTitle": "Fleet 4.12.0 | Platform-specific policies, and improved query results", + "articleImageUrl": "/images/articles/fleet-4.12.0-cover-1600x900@2x.jpg" + } + }, + { + "url": "/releases/fleet-4.13.0", + "title": "Fleet 4.13.0", + "lastModifiedAt": 1726839805047, + "htmlId": "articles--fleet-4130--771b1f08ac", + "sectionRelativeRepoPath": "fleet-4.13.0.md", + "meta": { + "category": "releases", + "authorFullName": "Fleet", + "authorGitHubUsername": "fleetdm", + "publishedOn": "2022-04-19", + "articleTitle": "Fleet 4.13.0 | Security fixes, policy automations for teams, and aggregated macOS versions for MacAdmins.", + "articleImageUrl": "/images/articles/fleet-4.13.0-cover-1600x900@2x.jpg" + } + }, + { + "url": "/releases/fleet-4.11.0", + "title": "Fleet 4.11.0", + "lastModifiedAt": 1726839805048, + "htmlId": "articles--fleet-4110--a057b8896f", + "sectionRelativeRepoPath": "fleet-4.11.0.md", + "meta": { + "category": "releases", + "authorFullName": "Mike Thomas", + "authorGitHubUsername": "mike-j-thomas", + "publishedOn": "2022-03-07", + "articleTitle": "Fleet 4.11.0 brings impact clarity, improvements to vulnerability processing, and performance updates.", + "articleImageUrl": "/images/articles/fleet-4.11.0-cover-1600x900@2x.jpg" + } + }, + { + "url": "/releases/fleet-4.14.0", + "title": "Fleet 4.14.0", + "lastModifiedAt": 1726839805049, + "htmlId": "articles--fleet-4140--e58b7a34f3", + "sectionRelativeRepoPath": "fleet-4.14.0.md", + "meta": { + "category": "releases", + "authorFullName": "Kathy Satterlee", + "authorGitHubUsername": "ksatter", + "publishedOn": "2022-05-06", + "articleTitle": "Fleet 4.14.0 adds beta support for automatic ticket creation and improves the live query experience.", + "articleImageUrl": "/images/articles/fleet-4.14.0-cover-1600x900@2x.jpg" + } + }, + { + "url": "/releases/fleet-4.16.0", + "title": "Fleet 4.16.0", + "lastModifiedAt": 1726839805051, + "htmlId": "articles--fleet-4160--ac79cd8c59", + "sectionRelativeRepoPath": "fleet-4.16.0.md", + "meta": { + "category": "releases", + "authorFullName": "Kathy Satterlee", + "authorGitHubUsername": "ksatter", + "publishedOn": "2022-06-16", + "articleTitle": "Fleet 4.16.0 | more customization, beefed up vuln management, Jira added to integrations.", + "articleImageUrl": "/images/articles/fleet-4.16.0-cover-1600x900@2x.jpg" + } + }, + { + "url": "/releases/fleet-4.17.0", + "title": "Fleet 4.17.0", + "lastModifiedAt": 1726839805052, + "htmlId": "articles--fleet-4170--a276e12e2a", + "sectionRelativeRepoPath": "fleet-4.17.0.md", + "meta": { + "category": "releases", + "authorFullName": "Kathy Satterlee", + "authorGitHubUsername": "ksatter", + "publishedOn": "2022-07-11", + "articleTitle": "Fleet 4.17.0 | Better osquery management, user engagement, improved host vitals.", + "articleImageUrl": "/images/articles/fleet-4.17.0-cover-1600x900@2x.jpg" + } + }, + { + "url": "/releases/fleet-4.15.0", + "title": "Fleet 4.15.0", + "lastModifiedAt": 1726839805053, + "htmlId": "articles--fleet-4150--3865641c1c", + "sectionRelativeRepoPath": "fleet-4.15.0.md", + "meta": { + "category": "releases", + "authorFullName": "Kathy Satterlee", + "authorGitHubUsername": "ksatter", + "publishedOn": "2022-05-30", + "articleTitle": "Fleet 4.15.0 adds beta support for Self-service, Scope transparency, and brings Zendesk to the party.", + "articleImageUrl": "/images/articles/fleet-4.15.0-cover-1600x900@2x.jpg" + } + }, + { + "url": "/releases/fleet-4.18.0", + "title": "Fleet 4.18.0", + "lastModifiedAt": 1726839805054, + "htmlId": "articles--fleet-4180--9e4ce6c31b", + "sectionRelativeRepoPath": "fleet-4.18.0.md", + "meta": { + "category": "releases", + "authorFullName": "Kathy Satterlee", + "authorGitHubUsername": "ksatter", + "publishedOn": "2022-08-03", + "articleTitle": "Fleet 4.18.0 | Better security and user messaging in Fleet Desktop", + "articleImageUrl": "/images/articles/fleet-4.18.0-cover-1600x900@2x.jpg" + } + }, + { + "url": "/releases/fleet-4.19.0", + "title": "Fleet 4.19.0", + "lastModifiedAt": 1726839805055, + "htmlId": "articles--fleet-4190--450188c15f", + "sectionRelativeRepoPath": "fleet-4.19.0.md", + "meta": { + "category": "releases", + "authorFullName": "Noah Talerman", + "authorGitHubUsername": "noahtalerman", + "publishedOn": "2022-08-22", + "articleTitle": "Fleet 4.19.0 | Just-in-time (JIT) user provisioning, remaining disk space, aggregate Windows and mobile device management (MDM) data", + "articleImageUrl": "/images/articles/fleet-4.19.0-cover-1600x900@2x.jpg" + } + }, + { + "url": "/releases/fleet-4.2.0", + "title": "Fleet 4.2.0", + "lastModifiedAt": 1726839805055, + "htmlId": "articles--fleet-420--ead484f1f9", + "sectionRelativeRepoPath": "fleet-4.2.0.md", + "meta": { + "category": "releases", + "authorFullName": "Noah Talerman", + "authorGitHubUsername": "noahtalerman", + "publishedOn": "2021-08-12", + "articleTitle": "Fleet 4.2.0", + "articleImageUrl": "/images/articles/fleet-4.2.0-cover-1600x900@2x.jpg" + } + }, + { + "url": "/releases/fleet-4.20.0", + "title": "Fleet 4.20.0", + "lastModifiedAt": 1726839805057, + "htmlId": "articles--fleet-4200--3a3e9234b6", + "sectionRelativeRepoPath": "fleet-4.20.0.md", + "meta": { + "category": "releases", + "authorFullName": "Noah Talerman", + "authorGitHubUsername": "noahtalerman", + "publishedOn": "2022-09-09", + "articleTitle": "Fleet 4.20.0 | Aggregate Munki issues, test features on canary teams, improved macOS vulnerability detection", + "articleImageUrl": "/images/articles/fleet-4.20.0-1600x900.jpg" + } + }, + { + "url": "/releases/fleet-4.21.0", + "title": "Fleet 4.21.0", + "lastModifiedAt": 1726839805058, + "htmlId": "articles--fleet-4210--ef1f69ba72", + "sectionRelativeRepoPath": "fleet-4.21.0.md", + "meta": { + "category": "releases", + "authorFullName": "Chris McGillicuddy", + "authorGitHubUsername": "chris-mcgillicuddy", + "publishedOn": "2022-10-05", + "articleTitle": "Fleet 4.21.0 | Validate config and teams YAML documents, manage osquery flags remotely with Orbit, view team and global policy compliance", + "articleImageUrl": "/images/articles/fleet-4.21.0-1600x900@2x.jpeg" + } + }, + { + "url": "/releases/fleet-4.22.0", + "title": "Fleet 4.22.0", + "lastModifiedAt": 1726839805059, + "htmlId": "articles--fleet-4220--79ccc66c3c", + "sectionRelativeRepoPath": "fleet-4.22.0.md", + "meta": { + "category": "releases", + "authorFullName": "Chris McGillicuddy", + "authorGitHubUsername": "chris-mcgillicuddy", + "publishedOn": "2022-10-21", + "articleTitle": "Fleet 4.22.0 | Easier access to host information, better query console UX, and clearer display names", + "articleImageUrl": "/images/articles/fleet-4.22.0-cover-800x450@2x.jpg" + } + }, + { + "url": "/releases/fleet-4.23.0", + "title": "Fleet 4.23.0", + "lastModifiedAt": 1726839805060, + "htmlId": "articles--fleet-4230--653ee52499", + "sectionRelativeRepoPath": "fleet-4.23.0.md", + "meta": { + "category": "releases", + "authorFullName": "Noah Talerman", + "authorGitHubUsername": "noahtalerman", + "publishedOn": "2022-11-14", + "articleTitle": "Fleet 4.23.0 | Better insight into inherited policies, improved host vitals, and more configuration visibility", + "articleImageUrl": "/images/articles/fleet-4.23.0-800x450@2x.jpg" + } + }, + { + "url": "/releases/fleet-4.24.0", + "title": "Fleet 4.24.0", + "lastModifiedAt": 1726839805061, + "htmlId": "articles--fleet-4240--19516bb4b8", + "sectionRelativeRepoPath": "fleet-4.24.0.md", + "meta": { + "category": "releases", + "authorFullName": "Noah Talerman", + "authorGitHubUsername": "noahtalerman", + "publishedOn": "2022-12-06", + "articleTitle": "Fleet 4.24.0 | Live query notifications and navigation improvements", + "articleImageUrl": "/images/articles/fleet-4.24.0-cover-1600x900@2x.jpg" + } + }, + { + "url": "/releases/fleet-4.25.0", + "title": "Fleet 4.25.0", + "lastModifiedAt": 1726839805063, + "htmlId": "articles--fleet-4250--9127fac1f2", + "sectionRelativeRepoPath": "fleet-4.25.0.md", + "meta": { + "category": "releases", + "authorFullName": "Noah Talerman", + "authorGitHubUsername": "noahtalerman", + "publishedOn": "2023-01-03", + "articleTitle": "Fleet 4.25.0 | Extra security and MDM visibility", + "articleImageUrl": "/images/articles/fleet-4.25.0-1600x900@2x.jpg" + } + }, + { + "url": "/releases/fleet-4.26.0", + "title": "Fleet 4.26.0", + "lastModifiedAt": 1726839805064, + "htmlId": "articles--fleet-4260--3ecc26a58f", + "sectionRelativeRepoPath": "fleet-4.26.0.md", + "meta": { + "category": "releases", + "authorFullName": "Noah Talerman", + "authorGitHubUsername": "noahtalerman", + "publishedOn": "2023-01-16", + "articleTitle": "Fleet 4.26.0 | Easier osquery extensions, external audit log destinations, and cleaner data lakes", + "articleImageUrl": "/images/articles/fleet-4.26.0-1600x900@2x.png" + } + }, + { + "url": "/releases/fleet-4.27.0", + "title": "Fleet 4.27.0", + "lastModifiedAt": 1726839805065, + "htmlId": "articles--fleet-4270--5def591f64", + "sectionRelativeRepoPath": "fleet-4.27.0.md", + "meta": { + "category": "releases", + "authorFullName": "Noah Talerman", + "authorGitHubUsername": "noahtalerman", + "publishedOn": "2023-02-14", + "articleTitle": "Fleet 4.27.0 | Improved access management and improved search filters", + "articleImageUrl": "/images/articles/fleet-4.27.0-1600x900@2x.png" + } + }, + { + "url": "/releases/fleet-4.28.0", + "title": "Fleet 4.28.0", + "lastModifiedAt": 1726839805066, + "htmlId": "articles--fleet-4280--52f2441fa4", + "sectionRelativeRepoPath": "fleet-4.28.0.md", + "meta": { + "category": "releases", + "authorFullName": "JD Strong", + "authorGitHubUsername": "spokanemac", + "publishedOn": "2023-02-28", + "articleTitle": "Fleet 4.28.0 | CIS benchmarks for Ventura", + "articleImageUrl": "/images/articles/fleet-4.28.0-800x450@2x.png" + } + }, + { + "url": "/releases/fleet-4.29.0", + "title": "Fleet 4.29.0", + "lastModifiedAt": 1726839805067, + "htmlId": "articles--fleet-4290--507fc72ef3", + "sectionRelativeRepoPath": "fleet-4.29.0.md", + "meta": { + "category": "releases", + "authorFullName": "JD Strong", + "authorGitHubUsername": "spokanemac", + "publishedOn": "2023-03-22", + "articleTitle": "Fleet 4.29.0 | SSO provides JIT Fleet user roles", + "articleImageUrl": "/images/articles/fleet-4.29.0-1600x900@2x.png" + } + }, + { + "url": "/releases/fleet-4.3.0", + "title": "Fleet 4.3.0", + "lastModifiedAt": 1726839805068, + "htmlId": "articles--fleet-430--f231d44352", + "sectionRelativeRepoPath": "fleet-4.3.0.md", + "meta": { + "category": "releases", + "authorFullName": "Mike Thomas", + "authorGitHubUsername": "mike-j-thomas", + "publishedOn": "2021-09-07", + "articleTitle": "Fleet 4.3.0", + "articleImageUrl": "/images/articles/fleet-4.3.0-cover-1600x900@2x.jpg" + } + }, + { + "url": "/releases/fleet-4.30.0", + "title": "Fleet 4.30.0", + "lastModifiedAt": 1726839805069, + "htmlId": "articles--fleet-4300--0e053dac25", + "sectionRelativeRepoPath": "fleet-4.30.0.md", + "meta": { + "category": "releases", + "authorFullName": "JD Strong", + "authorGitHubUsername": "spokanemac", + "publishedOn": "2023-04-11", + "articleTitle": "Fleet 4.30.0 | MDM public beta, Observer+ role, Vulnerability publication dates", + "articleImageUrl": "/images/articles/fleet-4.30.0-1600x900@2x.png" + } + }, + { + "url": "/releases/fleet-4.31.0", + "title": "Fleet 4.31.0", + "lastModifiedAt": 1726839805071, + "htmlId": "articles--fleet-4310--439ea795b4", + "sectionRelativeRepoPath": "fleet-4.31.0.md", + "meta": { + "category": "releases", + "authorFullName": "JD Strong", + "authorGitHubUsername": "spokanemac", + "publishedOn": "2023-05-01", + "articleTitle": "Fleet 4.31.0 | MDM enrollment workflow, API user role.", + "articleImageUrl": "/images/articles/fleet-4.31.0-1600x900@2x.png" + } + }, + { + "url": "/releases/fleet-4.32.0", + "title": "Fleet 4.32.0", + "lastModifiedAt": 1726839805073, + "htmlId": "articles--fleet-4320--221d90689c", + "sectionRelativeRepoPath": "fleet-4.32.0.md", + "meta": { + "category": "releases", + "authorFullName": "JD Strong", + "authorGitHubUsername": "spokanemac", + "publishedOn": "2023-05-24", + "articleTitle": "Fleet 4.32.0 | User migration, customizing macOS Setup Assistant.", + "articleImageUrl": "/images/articles/fleet-4.32.0-1600x900@2x.png" + } + }, + { + "url": "/releases/fleet-4.33.0", + "title": "Fleet 4.33.0", + "lastModifiedAt": 1726839805074, + "htmlId": "articles--fleet-4330--3b965c130a", + "sectionRelativeRepoPath": "fleet-4.33.0.md", + "meta": { + "category": "releases", + "authorFullName": "JD Strong", + "authorGitHubUsername": "spokanemac", + "publishedOn": "2023-06-13", + "articleTitle": "Fleet 4.33.0 | ChromeOS support, new verified status", + "articleImageUrl": "/images/articles/fleet-4.33.0-1600x900@2x.png" + } + }, + { + "url": "/releases/fleet-4.34.0", + "title": "Fleet 4.34.0", + "lastModifiedAt": 1726839805075, + "htmlId": "articles--fleet-4340--aab74d16d2", + "sectionRelativeRepoPath": "fleet-4.34.0.md", + "meta": { + "category": "releases", + "authorFullName": "JD Strong", + "authorGitHubUsername": "spokanemac", + "publishedOn": "2023-07-12", + "articleTitle": "Fleet 4.34.0 | ChromeOS tables, CIS Benchmark load testing", + "articleImageUrl": "/images/articles/fleet-4.34.0-1600x900@2x.png" + } + }, + { + "url": "/releases/fleet-4.35.0", + "title": "Fleet 4.35.0", + "lastModifiedAt": 1726839805076, + "htmlId": "articles--fleet-4350--d4921e1140", + "sectionRelativeRepoPath": "fleet-4.35.0.md", + "meta": { + "category": "releases", + "authorFullName": "JD Strong", + "authorGitHubUsername": "spokanemac", + "publishedOn": "2023-08-01", + "articleTitle": "Fleet 4.35.0 | Improvements and bug fixes.", + "articleImageUrl": "/images/articles/fleet-4.35.0-1600x900@2x.png" + } + }, + { + "url": "/releases/fleet-4.37.0", + "title": "Fleet 4.37.0", + "lastModifiedAt": 1726839805077, + "htmlId": "articles--fleet-4370--56524e6b70", + "sectionRelativeRepoPath": "fleet-4.37.0.md", + "meta": { + "category": "releases", + "authorFullName": "JD Strong", + "authorGitHubUsername": "spokanemac", + "publishedOn": "2023-09-07", + "articleTitle": "Fleet 4.37.0 | Remote script execution & Puppet support.", + "articleImageUrl": "/images/articles/fleet-4.37.0-1600x900@2x.png" + } + }, + { + "url": "/releases/fleet-4.36.0", + "title": "Fleet 4.36.0", + "lastModifiedAt": 1726839805078, + "htmlId": "articles--fleet-4360--0167b9704b", + "sectionRelativeRepoPath": "fleet-4.36.0.md", + "meta": { + "category": "releases", + "authorFullName": "JD Strong", + "authorGitHubUsername": "spokanemac", + "publishedOn": "2023-08-18", + "articleTitle": "Fleet 4.36.0 | Saved and scheduled queries merge.", + "articleImageUrl": "/images/articles/fleet-4.36.0-1600x900@2x.png" + } + }, + { + "url": "/releases/fleet-4.38.0", + "title": "Fleet 4.38.0", + "lastModifiedAt": 1726839805080, + "htmlId": "articles--fleet-4380--8522df1a2e", + "sectionRelativeRepoPath": "fleet-4.38.0.md", + "meta": { + "category": "releases", + "authorFullName": "JD Strong", + "authorGitHubUsername": "spokanemac", + "publishedOn": "2023-09-25", + "articleTitle": "Fleet 4.38.0 | Profile redelivery, NVD details, and custom extension label support.", + "articleImageUrl": "/images/articles/fleet-4.38.0-1600x900@2x.png" + } + }, + { + "url": "/releases/fleet-4.39.0", + "title": "Fleet 4.39.0", + "lastModifiedAt": 1726839805081, + "htmlId": "articles--fleet-4390--ad9a535d1c", + "sectionRelativeRepoPath": "fleet-4.39.0.md", + "meta": { + "category": "releases", + "authorFullName": "JD Strong", + "authorGitHubUsername": "spokanemac", + "publishedOn": "2023-10-26", + "articleTitle": "Fleet 4.39.0 | Sonoma support, script library, query reports.", + "articleImageUrl": "/images/articles/fleet-4.39.0-1600x900@2x.png" + } + }, + { + "url": "/releases/fleet-4.4.0", + "title": "Fleet 4.4.0", + "lastModifiedAt": 1726839805082, + "htmlId": "articles--fleet-440--24061a1eff", + "sectionRelativeRepoPath": "fleet-4.4.0.md", + "meta": { + "category": "releases", + "authorFullName": "Mike Thomas", + "authorGitHubUsername": "mike-j-thomas", + "publishedOn": "2021-10-07", + "articleTitle": "Fleet 4.4.0 releases aggregated software inventory, team policies, and improved team scheduling", + "articleImageUrl": "/images/articles/fleet-4.4.0-cover-1600x900@2x.jpg" + } + }, + { + "url": "/releases/fleet-4.40.0", + "title": "Fleet 4.40.0", + "lastModifiedAt": 1726839805083, + "htmlId": "articles--fleet-4400--53f1a0954b", + "sectionRelativeRepoPath": "fleet-4.40.0.md", + "meta": { + "category": "releases", + "authorFullName": "JD Strong", + "authorGitHubUsername": "spokanemac", + "publishedOn": "2023-11-06", + "articleTitle": "Fleet 4.40.0 | More Data, Rapid Security Response, CIS Benchmark updates.", + "articleImageUrl": "/images/articles/fleet-4.40.0-1600x900@2x.png" + } + }, + { + "url": "/releases/fleet-4.41.0", + "title": "Fleet 4.41.0", + "lastModifiedAt": 1726839805084, + "htmlId": "articles--fleet-4410--f4c37d963b", + "sectionRelativeRepoPath": "fleet-4.41.0.md", + "meta": { + "category": "releases", + "authorFullName": "JD Strong", + "authorGitHubUsername": "spokanemac", + "publishedOn": "2023-11-28", + "articleTitle": "Fleet 4.41.0 | NVD API 2.0, Windows script library.", + "articleImageUrl": "/images/articles/fleet-4.41.0-1600x900@2x.png" + } + }, + { + "url": "/releases/fleet-4.42.0", + "title": "Fleet 4.42.0", + "lastModifiedAt": 1726839805086, + "htmlId": "articles--fleet-4420--8d6641fa28", + "sectionRelativeRepoPath": "fleet-4.42.0.md", + "meta": { + "category": "releases", + "authorFullName": "JD Strong", + "authorGitHubUsername": "spokanemac", + "publishedOn": "2023-12-21", + "articleTitle": "Fleet 4.42.0 | Query performance reporting, host targeting improvements.", + "articleImageUrl": "/images/articles/fleet-4.42.0-1600x900@2x.png" + } + }, + { + "url": "/releases/fleet-4.43.0", + "title": "Fleet 4.43.0", + "lastModifiedAt": 1726839805087, + "htmlId": "articles--fleet-4430--296526b139", + "sectionRelativeRepoPath": "fleet-4.43.0.md", + "meta": { + "category": "releases", + "authorFullName": "JD Strong", + "authorGitHubUsername": "spokanemac", + "publishedOn": "2024-01-09", + "articleTitle": "Fleet 4.43.0 | Query performance reporting, host targeting improvements.", + "articleImageUrl": "/images/articles/fleet-4.43.0-1600x900@2x.png" + } + }, + { + "url": "/releases/fleet-4.44.0", + "title": "Fleet 4.44.0", + "lastModifiedAt": 1726839805089, + "htmlId": "articles--fleet-4440--e0c9504248", + "sectionRelativeRepoPath": "fleet-4.44.0.md", + "meta": { + "category": "releases", + "authorFullName": "JD Strong", + "authorGitHubUsername": "spokanemac", + "publishedOn": "2024-02-05", + "articleTitle": "Fleet 4.44.0 | Script execution, host expiry, and host targeting improvements.", + "articleImageUrl": "/images/articles/fleet-4.44.0-1600x900@2x.png" + } + }, + { + "url": "/releases/fleet-4.45.0", + "title": "Fleet 4.45.0", + "lastModifiedAt": 1726839805090, + "htmlId": "articles--fleet-4450--525bed4841", + "sectionRelativeRepoPath": "fleet-4.45.0.md", + "meta": { + "category": "releases", + "authorFullName": "JD Strong", + "authorGitHubUsername": "spokanemac", + "publishedOn": "2024-02-21", + "articleTitle": "Fleet 4.45.0 | Remote lock, Linux script library, osquery storage location.", + "articleImageUrl": "/images/articles/fleet-4.45.0-1600x900@2x.png" + } + }, + { + "url": "/releases/fleet-4.46.0", + "title": "Fleet 4.46.0", + "lastModifiedAt": 1726839805091, + "htmlId": "articles--fleet-4460--2bc79fbeb9", + "sectionRelativeRepoPath": "fleet-4.46.0.md", + "meta": { + "category": "releases", + "authorFullName": "JD Strong", + "authorGitHubUsername": "spokanemac", + "publishedOn": "2024-02-26", + "articleTitle": "Fleet 4.46.0 | Automatic SCEP certificate renewal.", + "articleImageUrl": "/images/articles/fleet-4.46.0-1600x900@2x.png" + } + }, + { + "url": "/releases/fleet-4.47.0", + "title": "Fleet 4.47.0", + "lastModifiedAt": 1726839805092, + "htmlId": "articles--fleet-4470--d61e2e7199", + "sectionRelativeRepoPath": "fleet-4.47.0.md", + "meta": { + "category": "releases", + "authorFullName": "JD Strong", + "authorGitHubUsername": "spokanemac", + "publishedOn": "2024-03-12", + "articleTitle": "Fleet 4.47.0 | Cross-platform remote wipe, vulnerabilities page, and scripting improvements.", + "articleImageUrl": "/images/articles/fleet-4.47.0-1600x900@2x.png" + } + }, + { + "url": "/releases/fleet-4.48.0", + "title": "Fleet 4.48.0", + "lastModifiedAt": 1726839805094, + "htmlId": "articles--fleet-4480--ecbe7beab5", + "sectionRelativeRepoPath": "fleet-4.48.0.md", + "meta": { + "category": "releases", + "authorFullName": "JD Strong", + "authorGitHubUsername": "spokanemac", + "publishedOn": "2024-04-03", + "articleTitle": "Fleet 4.48.0 | IdP local account creation, VS Code extensions.", + "articleImageUrl": "/images/articles/fleet-4.48.0-1600x900@2x.png" + } + }, + { + "url": "/releases/fleet-4.49.0", + "title": "Fleet 4.49.0", + "lastModifiedAt": 1726839805095, + "htmlId": "articles--fleet-4490--c90f5fc656", + "sectionRelativeRepoPath": "fleet-4.49.0.md", + "meta": { + "category": "releases", + "authorFullName": "JD Strong", + "authorGitHubUsername": "spokanemac", + "publishedOn": "2024-04-23", + "articleTitle": "Fleet 4.49.0 | VulnCheck's NVD++, device health API, fleetd data parsing.", + "articleImageUrl": "/images/articles/fleet-4.49.0-1600x900@2x.png" + } + }, + { + "url": "/releases/fleet-4.5.0", + "title": "Fleet 4.5.0", + "lastModifiedAt": 1726839805096, + "htmlId": "articles--fleet-450--2c474c8040", + "sectionRelativeRepoPath": "fleet-4.5.0.md", + "meta": { + "category": "releases", + "authorFullName": "Mike Thomas", + "authorGitHubUsername": "mike-j-thomas", + "publishedOn": "2021-11-02", + "articleTitle": "Fleet 4.5.0 with new team admin role, live OS compatibility checking, query performance impact, and a new-look dashboard", + "articleImageUrl": "/images/articles/fleet-4.5.0-cover-1600x900@2x.jpg" + } + }, + { + "url": "/releases/fleet-4.50.0", + "title": "Fleet 4.50.0", + "lastModifiedAt": 1726839805098, + "htmlId": "articles--fleet-4500--44757c8700", + "sectionRelativeRepoPath": "fleet-4.50.0.md", + "meta": { + "category": "releases", + "authorFullName": "JD Strong", + "authorGitHubUsername": "spokanemac", + "publishedOn": "2024-05-22", + "articleTitle": "Fleet 4.50.0 | Security agent deployment, AI descriptions, and Mac Admins SOFA support.", + "articleImageUrl": "/images/articles/fleet-4.50.0-1600x900@2x.png" + } + }, + { + "url": "/releases/fleet-4.53.0", + "title": "Fleet 4.53.0", + "lastModifiedAt": 1726839805100, + "htmlId": "articles--fleet-4530--1cc540fb24", + "sectionRelativeRepoPath": "fleet-4.53.0.md", + "meta": { + "category": "releases", + "authorFullName": "JD Strong", + "authorGitHubUsername": "spokanemac", + "publishedOn": "2024-06-25", + "articleTitle": "Fleet 4.53.0 | Better vuln matching, multi-issue hosts, & `fleetd` logs as tables", + "articleImageUrl": "/images/articles/fleet-4.53.0-1600x900@2x.png" + } + }, + { + "url": "/releases/fleet-4.54.0", + "title": "Fleet 4.54.0", + "lastModifiedAt": 1726839805101, + "htmlId": "articles--fleet-4540--11b1c848f2", + "sectionRelativeRepoPath": "fleet-4.54.0.md", + "meta": { + "category": "releases", + "authorFullName": "JD Strong", + "authorGitHubUsername": "spokanemac", + "publishedOn": "2024-07-17", + "articleTitle": "Fleet 4.54.0 | Target hosts via label exclusion, script execution time.", + "articleImageUrl": "/images/articles/fleet-4.54.0-1600x900@2x.png" + } + }, + { + "url": "/releases/fleet-4.51.0", + "title": "Fleet 4.51.0", + "lastModifiedAt": 1726839805102, + "htmlId": "articles--fleet-4510--7274f6fa9d", + "sectionRelativeRepoPath": "fleet-4.51.0.md", + "meta": { + "category": "releases", + "authorFullName": "JD Strong", + "authorGitHubUsername": "spokanemac", + "publishedOn": "2024-06-10", + "articleTitle": "Fleet 4.51.0 | Global activity webhook, macOS TCC table, and software self-service.", + "articleImageUrl": "/images/articles/fleet-4.51.0-1600x900@2x.png" + } + }, + { + "url": "/releases/fleet-4.55.0", + "title": "Fleet 4.55.0", + "lastModifiedAt": 1726839805106, + "htmlId": "articles--fleet-4550--f7134a8007", + "sectionRelativeRepoPath": "fleet-4.55.0.md", + "meta": { + "category": "releases", + "authorFullName": "JD Strong", + "authorGitHubUsername": "spokanemac", + "publishedOn": "2024-08-09", + "articleTitle": "Fleet 4.55.0 | MySQL 8, arm64 support, FileVault improvements, VPP support.", + "articleImageUrl": "/images/articles/fleet-4.55.0-1600x900@2x.png" + } + }, + { + "url": "/releases/fleet-4.56.0", + "title": "Fleet 4.56.0", + "lastModifiedAt": 1726839805108, + "htmlId": "articles--fleet-4560--6f2f9c6451", + "sectionRelativeRepoPath": "fleet-4.56.0.md", + "meta": { + "category": "releases", + "authorFullName": "JD Strong", + "authorGitHubUsername": "spokanemac", + "publishedOn": "2024-09-07", + "articleTitle": "Fleet 4.56.0 | Enhanced MDM migration, Exact CVE Search, and Self-Service VPP Apps.", + "articleImageUrl": "/images/articles/fleet-4.56.0-1600x900@2x.png" + } + }, + { + "url": "/releases/fleet-4.6.0", + "title": "Fleet 4.6.0", + "lastModifiedAt": 1726839805109, + "htmlId": "articles--fleet-460--d71c3386e5", + "sectionRelativeRepoPath": "fleet-4.6.0.md", + "meta": { + "category": "releases", + "authorFullName": "Mike Thomas", + "authorGitHubUsername": "mike-j-thomas", + "publishedOn": "2021-11-19", + "articleTitle": "Fleet 4.6.0 with osquery installer, enroll secret management, and improved host vitals", + "articleImageUrl": "/images/articles/fleet-4.6.0-cover-1600x900@2x.jpg" + } + }, + { + "url": "/releases/fleet-4.7.0", + "title": "Fleet 4.7.0", + "lastModifiedAt": 1726839805110, + "htmlId": "articles--fleet-470--f6d85e866c", + "sectionRelativeRepoPath": "fleet-4.7.0.md", + "meta": { + "category": "releases", + "authorFullName": "Mike Thomas", + "authorGitHubUsername": "mike-j-thomas", + "publishedOn": "2021-12-14", + "articleTitle": "Does Fleet 4.7.0 bring more power to your osquery compliance policies? Yes.", + "articleImageUrl": "/images/articles/fleet-4.7.0-cover-1600x900@2x.jpg" + } + }, + { + "url": "/releases/fleet-4.8.0", + "title": "Fleet 4.8.0", + "lastModifiedAt": 1726839805111, + "htmlId": "articles--fleet-480--e0296e324b", + "sectionRelativeRepoPath": "fleet-4.8.0.md", + "meta": { + "category": "releases", + "authorFullName": "Drew Baker", + "authorGitHubUsername": "Drew-P-drawers", + "publishedOn": "2021-12-31", + "articleTitle": "Looking for policy automations, Google Chrome profile search, and Munki details from your hosts? Upgrade to Fleet 4.8.0", + "articleImageUrl": "/images/articles/fleet-4.8.0-cover-1600x900@2x.jpg" + } + }, + { + "url": "/releases/fleet-4.9.0", + "title": "Fleet 4.9.0", + "lastModifiedAt": 1726839805112, + "htmlId": "articles--fleet-490--d6149315ff", + "sectionRelativeRepoPath": "fleet-4.9.0.md", + "meta": { + "category": "releases", + "authorFullName": "Mike Thomas", + "authorGitHubUsername": "mike-j-thomas", + "publishedOn": "2022-01-24", + "articleTitle": "Fleet 4.9.0 brings performance updates, paginated live query results, and policy YAML doc support.", + "articleImageUrl": "/images/articles/fleet-4.9.0-cover-1600x900@2x.jpg" + } + }, + { + "url": "/guides/fleet-ai-assisted-policy-descriptions-and-resolutions", + "title": "Fleet ai assisted policy descriptions and resolutions", + "lastModifiedAt": 1726839805113, + "htmlId": "articles--fleet-ai-assisted-po--74a94535fe", + "sectionRelativeRepoPath": "fleet-ai-assisted-policy-descriptions-and-resolutions.md", + "meta": { + "articleTitle": "Fleet’s AI-assisted policy descriptions and resolutions", + "authorFullName": "Rachel Perkins", + "authorGitHubUsername": "rachelelysia", + "category": "guides", + "publishedOn": "2024-05-20", + "articleImageUrl": "/images/articles/fleet-ai-assisted-policy-descriptions-and-resolutions-1600x900@2x.png", + "description": "AI guides our way, Policies clear, secure paths, Compliance shines bright." + } + }, + { + "url": "/announcements/fleet-adds-support-for-chrome-os", + "title": "Fleet adds support for chrome os", + "lastModifiedAt": 1726839805114, + "htmlId": "articles--fleet-adds-support-f--e846968e31", + "sectionRelativeRepoPath": "fleet-adds-support-for-chrome-os.md", + "meta": { + "category": "announcements", + "authorGitHubUsername": "spokanemac", + "authorFullName": "JD Strong", + "publishedOn": "2023-06-13", + "articleTitle": "Fleet enhances device management with ChromeOS support", + "articleImageUrl": "/images/articles/fleet-adds-support-for-chrome-os-1600x900@2x.png", + "description": "We're thrilled to announce that Fleet has expanded support to include ChromeOS and ChromeOS Flex!" + } + }, + { + "url": "/announcements/fleet-desktop-says-hello-world", + "title": "Fleet desktop says hello world", + "lastModifiedAt": 1726839805115, + "htmlId": "articles--fleet-desktop-says-h--b773918322", + "sectionRelativeRepoPath": "fleet-desktop-says-hello-world.md", + "meta": { + "category": "announcements", + "authorGitHubUsername": "zhumo", + "authorFullName": "Mo Zhu", + "publishedOn": "2022-08-02", + "articleTitle": "Fleet Desktop says “Hello, world!”", + "articleImageUrl": "/images/articles/fleet-desktop-says-hello-world-cover-1600x900@2x.jpg" + } + }, + { + "url": "/guides/fleet-desktop", + "title": "Fleet desktop", + "lastModifiedAt": 1726839805116, + "htmlId": "articles--fleet-desktop--9214a6a67a", + "sectionRelativeRepoPath": "fleet-desktop.md", + "meta": { + "category": "guides", + "authorGitHubUsername": "zhumo", + "authorFullName": "Mo Zhu", + "publishedOn": "2024-04-19", + "articleTitle": "Fleet Desktop", + "description": "Learn about Fleet Desktop's features for self-remediation and transparency." + } + }, + { + "url": "/announcements/fleet-in-vegas-2023", + "title": "Fleet in vegas 2023", + "lastModifiedAt": 1726839805117, + "htmlId": "articles--fleet-in-vegas-2023--284818a7ab", + "sectionRelativeRepoPath": "fleet-in-vegas-2023.md", + "meta": { + "category": "announcements", + "authorGitHubUsername": "spokanemac", + "authorFullName": "JD Strong", + "publishedOn": "2023-08-02", + "articleTitle": "Fleet takes on Vegas: Exploring cybersecurity's future at Black Hat, B-Sides, and DEF CON 31", + "articleImageUrl": "/images/articles/fleet-in-vegas-2023@2x.jpg", + "description": "Explore cybersecurity's cutting edge with Fleet at three top-tier conferences - Black Hat, Security B-Sides, and DEF CON." + } + }, + { + "url": "/releases/fleet-introduces-mdm", + "title": "Fleet introduces mdm", + "lastModifiedAt": 1726839805118, + "htmlId": "articles--fleet-introduces-mdm--e7ec825f3a", + "sectionRelativeRepoPath": "fleet-introduces-mdm.md", + "meta": { + "category": "releases", + "authorFullName": "JD Strong", + "authorGitHubUsername": "spokanemac", + "publishedOn": "2023-04-11", + "articleTitle": "Fleet introduces MDM", + "articleImageUrl": "/images/articles/fleet-mdm-launch-cover-800x450@2x.jpg" + } + }, + { + "url": "/announcements/fleet-in-your-calendar-introducing-maintenance-windows", + "title": "Fleet in your calendar introducing maintenance windows", + "lastModifiedAt": 1726839805119, + "htmlId": "articles--fleet-in-your-calend--35d205d395", + "sectionRelativeRepoPath": "fleet-in-your-calendar-introducing-maintenance-windows.md", + "meta": { + "category": "announcements", + "authorFullName": "JD Strong", + "authorGitHubUsername": "spokanemac", + "publishedOn": "2024-04-30", + "articleTitle": "Fleet in your calendar: introducing maintenance windows", + "articleImageUrl": "/images/articles/fleet-in-your-calendar-introducing-maintenance-windows-cover-900x450@2x.png", + "description": "Like any good colleague, when Fleet needs some of your time, it puts it on your calendar." + } + }, + { + "url": "/announcements/fleet-introduces-windows-mdm", + "title": "Fleet introduces windows mdm", + "lastModifiedAt": 1726839805120, + "htmlId": "articles--fleet-introduces-win--c7cafc9ba6", + "sectionRelativeRepoPath": "fleet-introduces-windows-mdm.md", + "meta": { + "category": "announcements", + "authorFullName": "JD Strong", + "authorGitHubUsername": "spokanemac", + "publishedOn": "2024-01-24", + "articleTitle": "Fleet introduces Windows MDM", + "articleImageUrl": "/images/articles/fleet-win-mdm-launch-cover-800x450@2x.png" + } + }, + { + "url": "/announcements/fleet-is-abuzz-for-macdevops-yvr-2023", + "title": "Fleet is abuzz for macdevops yvr 2023", + "lastModifiedAt": 1726839805121, + "htmlId": "articles--fleet-is-abuzz-for-m--ad5da5f6fb", + "sectionRelativeRepoPath": "fleet-is-abuzz-for-macdevops-yvr-2023.md", + "meta": { + "category": "announcements", + "authorGitHubUsername": "spokanemac", + "authorFullName": "JD Strong", + "publishedOn": "2023-06-07", + "articleTitle": "Fleet is abuzz 🐝 for MacDevOps:YVR", + "articleImageUrl": "/images/articles/fleet-is-abuzz-for-macdevops-yvr-2023@2x.png", + "description": "Fleet is a proud sponsor of MacDevOps:YVR which is back in person in Vancouver, B.C. June 21-22, 2023" + } + }, + { + "url": "/securing/fleet-osquery-unlocking-the-value-of-axonius-with-open-source-telemetry", + "title": "Fleet osquery unlocking the value of axonius with open source telemetry", + "lastModifiedAt": 1726839805122, + "htmlId": "articles--fleet-osquery-unlock--3d8a42de76", + "sectionRelativeRepoPath": "fleet-osquery-unlocking-the-value-of-axonius-with-open-source-telemetry.md", + "meta": { + "category": "security", + "authorFullName": "Brad Macdowall", + "authorGitHubUsername": "BradMacd", + "publishedOn": "2023-12-28", + "articleTitle": "Fleet & osquery: Unlocking the value of Axonius with open-source telemetry", + "articleImageUrl": "/images/articles/fleet-osquery-unlocking-the-value-of-axonius-with-open-source-telemetry-1600x900@2x.png" + } + }, + { + "url": "/guides/fleet-quick-tips-querying-procdump-eula-has-been-accepted", + "title": "Fleet quick tips querying procdump eula has been accepted", + "lastModifiedAt": 1726839805123, + "htmlId": "articles--fleet-quick-tips-que--083c7ab95c", + "sectionRelativeRepoPath": "fleet-quick-tips-querying-procdump-eula-has-been-accepted.md", + "meta": { + "category": "guides", + "authorGitHubUsername": "mike-j-thomas", + "authorFullName": "Mike Thomas", + "publishedOn": "2021-05-11", + "articleTitle": "Fleet quick tips — identify systems where the ProcDump EULA has been accepted", + "articleImageUrl": "/images/articles/fleet-quick-tips-querying-procdump-eula-has-been-accepted-cover-700x440@2x.png" + } + }, + { + "url": "/guides/fleet-terraform-byo-vpc-module", + "title": "Fleet terraform byo vpc module", + "lastModifiedAt": 1726839805124, + "htmlId": "articles--fleet-terraform-byo---dc914e6434", + "sectionRelativeRepoPath": "fleet-terraform-byo-vpc-module.md", + "meta": { + "category": "guides", + "authorFullName": "Robert Fairburn", + "authorGitHubUsername": "rfairburn", + "publishedOn": "2023-09-01", + "articleTitle": "Using the Fleet Terraform module with an existing VPC" + } + }, + { + "url": "/announcements/fleet-terraform-module", + "title": "Fleet terraform module", + "lastModifiedAt": 1726839805125, + "htmlId": "articles--fleet-terraform-modu--290ad35faf", + "sectionRelativeRepoPath": "fleet-terraform-module.md", + "meta": { + "category": "announcements", + "authorFullName": "Zachary Winnerman", + "authorGitHubUsername": "zwinnerman-fleetdm", + "publishedOn": "2023-01-09", + "articleTitle": "Keep Fleet running smoothly on AWS with the new Terraform module" + } + }, + { + "url": "/guides/fleet-usage-statistics", + "title": "Fleet usage statistics", + "lastModifiedAt": 1726839805126, + "htmlId": "articles--fleet-usage-statisti--8212e2baf7", + "sectionRelativeRepoPath": "fleet-usage-statistics.md", + "meta": { + "category": "guides", + "authorGitHubUsername": "noahtalerman", + "authorFullName": "Noah Talerman", + "publishedOn": "2024-08-13", + "articleTitle": "Fleet usage statistics", + "description": "Learn about Fleet's usage statistics and what information is collected." + } + }, + { + "url": "/success-stories/fleet-user-stories-f100", + "title": "Fleet user stories f100", + "lastModifiedAt": 1726839805127, + "htmlId": "articles--fleet-user-stories-f--869652e2be", + "sectionRelativeRepoPath": "fleet-user-stories-f100.md", + "meta": { + "category": "success stories", + "authorGitHubUsername": "mike-j-thomas", + "authorFullName": "Mike Thomas", + "publishedOn": "2021-09-29", + "articleTitle": "Fleet user stories — F100", + "articleImageUrl": "/images/articles/fleet-user-stories-f100-cover-800x450@2x.png" + } + }, + { + "url": "/success-stories/fleet-user-stories-schrodinger", + "title": "Fleet user stories schrodinger", + "lastModifiedAt": 1726839805127, + "htmlId": "articles--fleet-user-stories-s--1486ea1812", + "sectionRelativeRepoPath": "fleet-user-stories-schrodinger.md", + "meta": { + "category": "success stories", + "authorGitHubUsername": "mike-j-thomas", + "authorFullName": "Mike Thomas", + "publishedOn": "2021-09-10", + "articleTitle": "Fleet user stories — Schrödinger", + "articleImageUrl": "/images/articles/fleet-user-stories-schrodinger-cover-800x450@2x.png" + } + }, + { + "url": "/success-stories/fleet-user-stories-wayfair", + "title": "Fleet user stories wayfair", + "lastModifiedAt": 1726839805128, + "htmlId": "articles--fleet-user-stories-w--c78d4fa6b9", + "sectionRelativeRepoPath": "fleet-user-stories-wayfair.md", + "meta": { + "category": "success stories", + "authorGitHubUsername": "mike-j-thomas", + "authorFullName": "Mike Thomas", + "publishedOn": "2021-08-20", + "articleTitle": "Fleet user stories — Wayfair", + "articleImageUrl": "/images/articles/fleet-user-stories-wayfair-cover-800x450@2x.png" + } + }, + { + "url": "/guides/fleetctl", + "title": "Fleetctl", + "lastModifiedAt": 1726839805129, + "htmlId": "articles--fleetctl--0cb8193ba2", + "sectionRelativeRepoPath": "fleetctl.md", + "meta": { + "category": "guides", + "authorGitHubUsername": "noahtalerman", + "authorFullName": "Noah Talerman", + "publishedOn": "2024-07-04", + "articleTitle": "fleetctl", + "description": "Read about fleetctl, a CLI tool for managing Fleet and osquery configurations, running queries, generating Fleet's agent (fleetd) and more." + } + }, + { + "url": "/announcements/from-osquery-to-fleet-planting-the-seed", + "title": "From osquery to Fleet planting the seed", + "lastModifiedAt": 1726839805130, + "htmlId": "articles--from-osquery-to-flee--229a9b9742", + "sectionRelativeRepoPath": "from-osquery-to-fleet-planting-the-seed.md", + "meta": { + "category": "announcements", + "authorGitHubUsername": "zwass", + "authorFullName": "Zach Wasserman", + "publishedOn": "2022-01-20", + "articleTitle": "The next step for Fleet: our $5M seed round 🌱", + "articleImageUrl": "/images/articles/from-osquery-to-fleet-planting-the-seed-cover-800x450@2x.png" + } + }, + { + "url": "/guides/fleetd-updates", + "title": "Fleetd updates", + "lastModifiedAt": 1726839805131, + "htmlId": "articles--fleetd-updates--6d4aebafec", + "sectionRelativeRepoPath": "fleetd-updates.md", + "meta": { + "category": "guides", + "authorGitHubUsername": "noahtalerman", + "authorFullName": "Noah Talerman", + "publishedOn": "2024-04-30", + "articleTitle": "Fleetd updates", + "description": "Information on how to manage and secure Fleet agent updates." + } + }, + { + "url": "/guides/generate-process-trees-with-osquery", + "title": "Generate process trees with osquery", + "lastModifiedAt": 1726839805132, + "htmlId": "articles--generate-process-tre--d1b0edcce1", + "sectionRelativeRepoPath": "generate-process-trees-with-osquery.md", + "meta": { + "category": "guides", + "authorGitHubUsername": "zwass", + "authorFullName": "Zach Wasserman", + "publishedOn": "2020-03-17", + "articleTitle": "Generate process trees with osquery", + "articleImageUrl": "/images/articles/generate-process-trees-with-osquery-cover-700x393@2x.jpeg" + } + }, + { + "url": "/securing/get-and-stay-compliant-across-your-devices-with-fleet", + "title": "Get and stay compliant across your devices with Fleet", + "lastModifiedAt": 1726839805133, + "htmlId": "articles--get-and-stay-complia--2cb805730d", + "sectionRelativeRepoPath": "get-and-stay-compliant-across-your-devices-with-fleet.md", + "meta": { + "category": "security", + "authorFullName": "Drew Baker", + "authorGitHubUsername": "Drew-P-drawers", + "publishedOn": "2022-03-09", + "articleTitle": "Get and stay compliant across your devices with Fleet.", + "articleImageUrl": "/images/articles/get-and-stay-compliant-across-your-devices-with-fleet-cover-1600x900@2x.jpg" + } + }, + { + "url": "/guides/get-current-telemetry-from-your-devices-with-live-queries", + "title": "Get current telemetry from your devices with live queries", + "lastModifiedAt": 1726839805134, + "htmlId": "articles--get-current-telemetr--019d64996a", + "sectionRelativeRepoPath": "get-current-telemetry-from-your-devices-with-live-queries.md", + "meta": { + "articleTitle": "Get current telemetry from your devices with live queries", + "authorFullName": "Victor Lyuboslavsky", + "authorGitHubUsername": "getvictor", + "category": "guides", + "publishedOn": "2023-12-27", + "description": "Learn how live queries work under the hood." + } + }, + { + "url": "/announcements/government-agencies-need-to-dith-the-mdm-thicket", + "title": "Government agencies need to dith the mdm thicket", + "lastModifiedAt": 1726839805135, + "htmlId": "articles--government-agencies---f0385b3f79", + "sectionRelativeRepoPath": "government-agencies-need-to-dith-the-mdm-thicket.md", + "meta": { + "category": "announcements", + "authorFullName": "Keith Barnes", + "authorGitHubUsername": "KAB703", + "publishedOn": "2024-02-09", + "articleTitle": "Government agencies need to ditch the MDM thicket: multiple solutions cost you more than you think", + "articleImageUrl": "/images/articles/government-agencies-need-to-dith-the-mdm-thicket-1600x900@2x.png" + } + }, + { + "url": "/announcements/happy-1st-anniversary-fleet", + "title": "Happy 1st anniversary Fleet", + "lastModifiedAt": 1726839805135, + "htmlId": "articles--happy-1st-anniversar--128480e14b", + "sectionRelativeRepoPath": "happy-1st-anniversary-fleet.md", + "meta": { + "category": "announcements", + "authorGitHubUsername": "mike-j-thomas", + "authorFullName": "Mike Thomas", + "publishedOn": "2021-10-08", + "articleTitle": "Happy 1st anniversary, Fleet.", + "articleImageUrl": "/images/articles/happy-1st-anniversary-fleet-cover-800x450@2x.png" + } + }, + { + "url": "/securing/how-fleet-helps-federal-agencies-meet-cisa-bod-23-01", + "title": "How Fleet helps federal agencies meet cisa bod 23 01", + "lastModifiedAt": 1726839805136, + "htmlId": "articles--how-fleet-helps-fede--82d74da10e", + "sectionRelativeRepoPath": "how-fleet-helps-federal-agencies-meet-cisa-bod-23-01.md", + "meta": { + "category": "security", + "authorFullName": "Chris McGillicuddy", + "authorGitHubUsername": "chris-mcgillicuddy", + "publishedOn": "2022-10-28", + "articleTitle": "How Fleet helps federal agencies meet CISA BOD 23-01", + "articleImageUrl": "/images/articles/BOD-23-01-800x450@2x.jpg" + } + }, + { + "url": "/securing/how-osquery-can-help-cyber-responders", + "title": "How osquery can help cyber responders", + "lastModifiedAt": 1726839805138, + "htmlId": "articles--how-osquery-can-help--eca2df006d", + "sectionRelativeRepoPath": "how-osquery-can-help-cyber-responders.md", + "meta": { + "category": "security", + "authorFullName": "JD Strong", + "authorGitHubUsername": "spokanemac", + "publishedOn": "2023-11-02", + "articleTitle": "How osquery can help cyber responders.", + "articleImageUrl": "/images/articles/osquery-for-cyber-responders-1600x900@2x.png" + } + }, + { + "url": "/guides/how-to-configure-logging-destinations", + "title": "How to configure logging destinations", + "lastModifiedAt": 1726839805139, + "htmlId": "articles--how-to-configure-log--e7ef58a2dc", + "sectionRelativeRepoPath": "how-to-configure-logging-destinations.md", + "meta": { + "category": "guides", + "authorFullName": "Grant Bilstad", + "authorGitHubUsername": "pacamaster", + "publishedOn": "2024-06-28", + "articleTitle": "How to configure logging destinations", + "articleImageUrl": "/images/articles/how-to-configure-logging-destinations-1600x900@2x.jpg" + } + }, + { + "url": "/guides/how-to-install-osquery-and-enroll-linux-devices-into-fleet", + "title": "How to install osquery and enroll linux devices into Fleet", + "lastModifiedAt": 1726839805140, + "htmlId": "articles--how-to-install-osque--7ef1932c39", + "sectionRelativeRepoPath": "how-to-install-osquery-and-enroll-linux-devices-into-fleet.md", + "meta": { + "category": "guides", + "authorFullName": "Kathy Satterlee", + "authorGitHubUsername": "ksatter", + "publishedOn": "2022-03-19", + "articleTitle": "How to install osquery and enroll Linux devices into Fleet", + "articleImageUrl": "/images/articles/install-osquery-and-enroll-linux-devices-into-fleet-cover-1600x900@2x.jpg" + } + }, + { + "url": "/guides/how-to-install-osquery-and-enroll-macos-devices-into-fleet", + "title": "How to install osquery and enroll macos devices into Fleet", + "lastModifiedAt": 1726839805142, + "htmlId": "articles--how-to-install-osque--9584297736", + "sectionRelativeRepoPath": "how-to-install-osquery-and-enroll-macos-devices-into-fleet.md", + "meta": { + "category": "guides", + "authorFullName": "Kelvin Omereshone", + "authorGitHubUsername": "dominuskelvin", + "publishedOn": "2022-01-13", + "articleTitle": "How to install osquery and enroll macOS devices into Fleet", + "articleImageUrl": "/images/articles/install-osquery-and-enroll-macos-devices-into-fleet-cover-1600x900@2x.jpg" + } + }, + { + "url": "/guides/how-to-install-osquery-and-enroll-windows-devices-into-fleet", + "title": "How to install osquery and enroll windows devices into Fleet", + "lastModifiedAt": 1726839805143, + "htmlId": "articles--how-to-install-osque--65750e792f", + "sectionRelativeRepoPath": "how-to-install-osquery-and-enroll-windows-devices-into-fleet.md", + "meta": { + "category": "guides", + "authorFullName": "Kelvin Omereshone", + "authorGitHubUsername": "dominuskelvin", + "publishedOn": "2022-02-03", + "articleTitle": "How to install osquery and enroll Windows devices into Fleet", + "articleImageUrl": "/images/articles/install-osquery-and-enroll-windows-devices-into-fleet-cover-1600x900@2x.jpg" + } + }, + { + "url": "/guides/how-to-uninstall-osquery", + "title": "How to uninstall osquery", + "lastModifiedAt": 1726839805143, + "htmlId": "articles--how-to-uninstall-osq--7455ca45fc", + "sectionRelativeRepoPath": "how-to-uninstall-osquery.md", + "meta": { + "category": "guides", + "authorFullName": "Eric Shaw", + "authorGitHubUsername": "eashaw", + "publishedOn": "2021-09-08", + "articleTitle": "How to uninstall osquery", + "articleImageUrl": "/images/articles/how-to-uninstall-osquery-cover-1600x900@2x.jpg" + } + }, + { + "url": "/guides/import-and-export-queries-in-fleet", + "title": "Import and export queries in Fleet", + "lastModifiedAt": 1726839805144, + "htmlId": "articles--import-and-export-qu--44b09ee020", + "sectionRelativeRepoPath": "import-and-export-queries-in-fleet.md", + "meta": { + "category": "guides", + "authorGitHubUsername": "noahtalerman", + "authorFullName": "Noah Talerman", + "publishedOn": "2021-02-16", + "articleTitle": "Import and export queries in Fleet", + "articleImageUrl": "/images/articles/import-and-export-queries-in-Fleet-1600x900@2x.png" + } + }, + { + "url": "/guides/install-vpp-apps-on-macos-using-fleet", + "title": "Install vpp apps on macos using Fleet", + "lastModifiedAt": 1726839805145, + "htmlId": "articles--install-vpp-apps-on---4e6a161ea8", + "sectionRelativeRepoPath": "install-vpp-apps-on-macos-using-fleet.md", + "meta": { + "articleTitle": "Install VPP apps on macOS, iOS, and iPadOS using Fleet", + "authorFullName": "Jahziel Villasana-Espinoza", + "authorGitHubUsername": "jahzielv", + "category": "guides", + "publishedOn": "2024-08-12", + "articleImageUrl": "/images/articles/install-vpp-apps-on-macos-using-fleet-1600x900@2x.png", + "description": "This guide will walk you through installing VPP apps on macOS, iOS, and iPadOS using Fleet." + } + }, + { + "url": "/announcements/introducing-cross-platform-script-execution", + "title": "Introducing cross platform script execution", + "lastModifiedAt": 1726839805147, + "htmlId": "articles--introducing-cross-pl--f50031e3db", + "sectionRelativeRepoPath": "introducing-cross-platform-script-execution.md", + "meta": { + "category": "announcements", + "authorFullName": "JD Strong", + "authorGitHubUsername": "spokanemac", + "publishedOn": "2023-10-17", + "articleTitle": "Introducing cross-platform script execution", + "articleImageUrl": "/images/articles/introducing-cross-platform-script-execution-800x450@2x.png" + } + }, + { + "url": "/announcements/introducing-fleet-ultimate", + "title": "Introducing Fleet ultimate", + "lastModifiedAt": 1726839805147, + "htmlId": "articles--introducing-fleet-ul--caba265ec4", + "sectionRelativeRepoPath": "introducing-fleet-ultimate.md", + "meta": { + "category": "announcements", + "authorGitHubUsername": "jarodreyes", + "authorFullName": "Jarod Reyes", + "publishedOn": "2023-02-20", + "articleTitle": "Introducing CIS benchmarks, managed-cloud hosting and custom calculator in the new Fleet Ultimate plan.", + "articleImageUrl": "/images/articles/happy-1st-anniversary-fleet-cover-800x450@2x.png" + } + }, + { + "url": "/announcements/introducing-orbit-your-fleet-agent-manager", + "title": "Introducing orbit your Fleet agent manager", + "lastModifiedAt": 1726839805148, + "htmlId": "articles--introducing-orbit-yo--1de0ea07ab", + "sectionRelativeRepoPath": "introducing-orbit-your-fleet-agent-manager.md", + "meta": { + "category": "announcements", + "authorFullName": "Mo Zhu", + "authorGitHubUsername": "zhumo", + "publishedOn": "2022-08-18", + "articleTitle": "Introducing Orbit, your Fleet agent manager", + "articleImageUrl": "/images/articles/fleet-4.17.0-1-1600x900@2x.jpg" + } + }, + { + "url": "/engineering/linux-vulnerability-detection-with-oval-and-fleet", + "title": "Linux vulnerability detection with oval and Fleet", + "lastModifiedAt": 1726839805150, + "htmlId": "articles--linux-vulnerability---0d4c8fd5ac", + "sectionRelativeRepoPath": "linux-vulnerability-detection-with-oval-and-fleet.md", + "meta": { + "category": "engineering", + "authorGitHubUsername": "juan-fdz-hawa", + "authorFullName": "Juan Fernandes", + "publishedOn": "2022-07-29", + "articleTitle": "Linux vulnerability detection with OVAL and Fleet", + "articleImageUrl": "/images/articles/linux-vulnerability-detection-with-oval-and-fleet-1600x900@2x.jpg" + } + }, + { + "url": "/guides/locate-assets-with-osquery", + "title": "Locate assets with osquery", + "lastModifiedAt": 1726839805150, + "htmlId": "articles--locate-assets-with-o--764d2b5f55", + "sectionRelativeRepoPath": "locate-assets-with-osquery.md", + "meta": { + "category": "guides", + "authorGitHubUsername": "zwass", + "authorFullName": "Zach Wasserman", + "publishedOn": "2021-05-11", + "articleTitle": "Locate device assets in the event of an emergency.", + "articleImageUrl": "/images/articles/locate-assets-with-osquery-cover-700x393@2x.jpeg" + } + }, + { + "url": "/guides/log-destinations", + "title": "Log destinations", + "lastModifiedAt": 1726839805152, + "htmlId": "articles--log-destinations--9bb62f5aa2", + "sectionRelativeRepoPath": "log-destinations.md", + "meta": { + "category": "guides", + "authorGitHubUsername": "rachaelshaw", + "authorFullName": "Rachael Shaw", + "publishedOn": "2023-11-02", + "articleTitle": "Log destinations", + "description": "Learn about supported log destinations in Fleet, including Amazon Kinesis, AWS Lambda Snowflake, Splunk, and more." + } + }, + { + "url": "/securing/lossless-yubikeys-with-yubitrak-and-airtag", + "title": "Lossless yubikeys with yubitrak and airtag", + "lastModifiedAt": 1726839805153, + "htmlId": "articles--lossless-yubikeys-wi--b260bfc20a", + "sectionRelativeRepoPath": "lossless-yubiKeys-with-yubitrak-and-airtag.md", + "meta": { + "category": "security", + "authorGitHubUsername": "GuillaumeRoss", + "authorFullName": "Guillaume Ross", + "publishedOn": "2022-06-16", + "articleTitle": "Lossless YubiKeys with Yubitrak and AirTag", + "articleImageUrl": "/images/articles/lossless-yubikeys-with-yubitrak-and-airtag-cover-1600x900@2x.jpg" + } + }, + { + "url": "/guides/macos-mdm-setup", + "title": "Macos mdm setup", + "lastModifiedAt": 1726839805154, + "htmlId": "articles--macos-mdm-setup--66538706f5", + "sectionRelativeRepoPath": "macos-mdm-setup.md", + "meta": { + "category": "guides", + "authorGitHubUsername": "zhumo", + "authorFullName": "Mo Zhu", + "publishedOn": "2024-07-02", + "articleTitle": "macOS MDM setup", + "description": "Learn how to turn on MDM features in Fleet." + } + }, + { + "url": "/guides/macos-setup-experience", + "title": "Macos setup experience", + "lastModifiedAt": 1726839805155, + "htmlId": "articles--macos-setup-experien--cca7e9e073", + "sectionRelativeRepoPath": "macos-setup-experience.md", + "meta": { + "category": "guides", + "authorGitHubUsername": "noahtalerman", + "authorFullName": "Noah Talerman", + "publishedOn": "2024-07-03", + "articleTitle": "macOS setup experience", + "description": "Customize your macOS setup experience with Fleet Premium by managing user authentication, Setup Assistant panes, and installing bootstrap packages." + } + }, + { + "url": "/guides/managing-labels-in-fleet", + "title": "Managing labels in Fleet", + "lastModifiedAt": 1726839805156, + "htmlId": "articles--managing-labels-in-f--b2e5aed976", + "sectionRelativeRepoPath": "managing-labels-in-fleet.md", + "meta": { + "articleTitle": "Managing labels in Fleet", + "authorFullName": "JD Strong", + "authorGitHubUsername": "spokanemac", + "category": "guides", + "publishedOn": "2024-07-18", + "articleImageUrl": "/images/articles/managing-labels-in-fleet-1600x900@2x.png", + "description": "This guide will walk you through managing labels using the Fleet web UI." + } + }, + { + "url": "/securing/mapping-fleet-and-osquery-results-to-the-mitre-attck-framework-via-splunk", + "title": "Mapping Fleet and osquery results to the mitre attck framework via splunk", + "lastModifiedAt": 1726839805157, + "htmlId": "articles--mapping-fleet-and-os--7ee9249dc4", + "sectionRelativeRepoPath": "mapping-fleet-and-osquery-results-to-the-mitre-attck-framework-via-splunk.md", + "meta": { + "category": "security", + "authorFullName": "Dave Herder", + "authorGitHubUsername": "dherder", + "publishedOn": "2023-01-30", + "articleTitle": "Mapping Fleet and osquery results to the MITRE ATT&CK® framework via Splunk", + "articleImageUrl": "/images/articles/mapping-fleet-and-osquery-results-to-the-mitre-attck-framework-via-splunk-1600x900@2x.png" + } + }, + { + "url": "/guides/mdm-commands", + "title": "Mdm commands", + "lastModifiedAt": 1726839805158, + "htmlId": "articles--mdm-commands--8de440c455", + "sectionRelativeRepoPath": "mdm-commands.md", + "meta": { + "category": "guides", + "authorGitHubUsername": "noahtalerman", + "authorFullName": "Noah Talerman", + "publishedOn": "2024-06-12", + "articleTitle": "MDM commands", + "description": "Learn how to run custom MDM commands on hosts using Fleet." + } + }, + { + "url": "/guides/mdm-migration", + "title": "Mdm migration", + "lastModifiedAt": 1726839805159, + "htmlId": "articles--mdm-migration--a500f61869", + "sectionRelativeRepoPath": "mdm-migration.md", + "meta": { + "category": "guides", + "authorGitHubUsername": "zhumo", + "authorFullName": "Mo Zhu", + "publishedOn": "2024-08-14", + "articleTitle": "MDM migration", + "description": "Instructions for migrating hosts away from an old MDM solution to Fleet." + } + }, + { + "url": "/announcements/nvd-api-2.0", + "title": "Nvd API 2.0", + "lastModifiedAt": 1726839805160, + "htmlId": "articles--nvd-api-20--a754d441c3", + "sectionRelativeRepoPath": "nvd-api-2.0.md", + "meta": { + "category": "announcements", + "authorFullName": "JD Strong", + "authorGitHubUsername": "spokanemac", + "publishedOn": "2023-11-28", + "articleTitle": "NVD API 2.0: An important update for Fleet users", + "articleImageUrl": "/images/articles/nvd-api-2.0-1600x900@2x.jpg" + } + }, + { + "url": "/securing/optimizing-government-cybersecurity-strategies", + "title": "Optimizing government cybersecurity strategies", + "lastModifiedAt": 1726839805161, + "htmlId": "articles--optimizing-governmen--78189d23a6", + "sectionRelativeRepoPath": "optimizing-government-cybersecurity-strategies.md", + "meta": { + "category": "security", + "authorFullName": "Keith Barnes", + "authorGitHubUsername": "KAB703", + "publishedOn": "2023-11-14", + "articleTitle": "Optimizing government cybersecurity strategies with Fleet.", + "articleImageUrl": "/images/articles/optimizing-government-cybersecurity-strategies-1600x900@2x.png" + } + }, + { + "url": "/releases/osquery-5.11.0", + "title": "Osquery 5.11.0", + "lastModifiedAt": 1726839805162, + "htmlId": "articles--osquery-5110--5af6435495", + "sectionRelativeRepoPath": "osquery-5.11.0.md", + "meta": { + "category": "releases", + "authorFullName": "JD Strong", + "authorGitHubUsername": "spokanemac", + "publishedOn": "2024-02-16", + "articleTitle": "osquery 5.11.0 | VSCode, Apple silicon, and more", + "articleImageUrl": "/images/articles/osquery-5.11.0-cover-1600x900@2x.png" + } + }, + { + "url": "/guides/osquery-a-tool-to-easily-ask-questions-about-operating-systems", + "title": "Osquery a tool to easily ask questions about operating systems", + "lastModifiedAt": 1726839805163, + "htmlId": "articles--osquery-a-tool-to-ea--424e2ed801", + "sectionRelativeRepoPath": "osquery-a-tool-to-easily-ask-questions-about-operating-systems.md", + "meta": { + "category": "guides", + "authorGitHubUsername": "dominuskelvin", + "authorFullName": "Kelvin Omereshone", + "publishedOn": "2022-04-04", + "articleTitle": "Osquery: a tool to easily ask questions about operating systems", + "articleImageUrl": "/images/articles/osquery-a-tool-to-easily-ask-questions-about-operating-systems-cover-1600x900@2x.jpg" + } + }, + { + "url": "/securing/osquery-as-a-threat-hunting-platform", + "title": "Osquery as a threat hunting platform", + "lastModifiedAt": 1726839805164, + "htmlId": "articles--osquery-as-a-threat---d96a59f1dd", + "sectionRelativeRepoPath": "osquery-as-a-threat-hunting-platform.md", + "meta": { + "category": "security", + "authorFullName": "Chris McGillicuddy", + "authorGitHubUsername": "chris-mcgillicuddy", + "publishedOn": "2022-09-16", + "articleTitle": "Osquery… as a threat hunting platform?", + "articleImageUrl": "/images/articles/osquery-for-threat-hunting-1600x900@2x.jpg" + } + }, + { + "url": "/guides/osquery-consider-joining-against-the-users-table", + "title": "Osquery consider joining against the users table", + "lastModifiedAt": 1726839805165, + "htmlId": "articles--osquery-consider-joi--b99ae264e4", + "sectionRelativeRepoPath": "osquery-consider-joining-against-the-users-table.md", + "meta": { + "category": "guides", + "authorGitHubUsername": "zwass", + "authorFullName": "Zach Wasserman", + "publishedOn": "2021-05-06", + "articleTitle": "Osquery: Consider joining against the users table", + "articleImageUrl": "/images/articles/osquery-consider-joining-against-the-users-table-cover-700x437@2x.jpeg" + } + }, + { + "url": "/releases/osquery-5.8.1", + "title": "Osquery 5.8.1", + "lastModifiedAt": 1726839805166, + "htmlId": "articles--osquery-581--5d3dced550", + "sectionRelativeRepoPath": "osquery-5.8.1.md", + "meta": { + "category": "releases", + "authorFullName": "JD Strong", + "authorGitHubUsername": "spokanemac", + "publishedOn": "2023-03-14", + "articleTitle": "osquery 5.8.1 | Process auditing, stats, and additional tables", + "articleImageUrl": "/images/articles/osquery-5.8.1-cover-1600x900@2x.png" + } + }, + { + "url": "/guides/osquery-evented-tables-overview", + "title": "Osquery evented tables overview", + "lastModifiedAt": 1726839805168, + "htmlId": "articles--osquery-evented-tabl--b9b1176562", + "sectionRelativeRepoPath": "osquery-evented-tables-overview.md", + "meta": { + "articleTitle": "How to use osquery evented tables", + "authorFullName": "Mo Zhu", + "authorGitHubUsername": "zhumo", + "category": "guides", + "publishedOn": "2022-09-21" + } + }, + { + "url": "/securing/osquery-vulnerability-management-at-scale", + "title": "Osquery vulnerability management at scale", + "lastModifiedAt": 1726839805169, + "htmlId": "articles--osquery-vulnerabilit--cac605ad18", + "sectionRelativeRepoPath": "osquery-vulnerability-management-at-scale.md", + "meta": { + "category": "security", + "authorFullName": "Chris McGillicuddy", + "authorGitHubUsername": "chris-mcgillicuddy", + "publishedOn": "2022-10-05", + "articleTitle": "Vulnerability management at scale: a presentation from osquery Co-creator Zach Wasserman", + "articleImageUrl": "/images/articles/vulnerability-management-at-scale-with-osquery_800x450@2x.jpg" + } + }, + { + "url": "/guides/osquery-watchdog", + "title": "Osquery watchdog", + "lastModifiedAt": 1726839805170, + "htmlId": "articles--osquery-watchdog--6a195970e0", + "sectionRelativeRepoPath": "osquery-watchdog.md", + "meta": { + "category": "guides", + "authorGitHubUsername": "juan-fdz-hawa", + "authorFullName": "Juan Fernandes", + "publishedOn": "2023-07-28", + "articleTitle": "Osquery watchdog", + "description": "Learn about how osquery process manages child processes and managed extensions in Fleet." + } + }, + { + "url": "/announcements/psu-macadmins-conference-2023", + "title": "Psu macadmins conference 2023", + "lastModifiedAt": 1726839805171, + "htmlId": "articles--psu-macadmins-confer--175629dfbd", + "sectionRelativeRepoPath": "psu-macadmins-conference-2023.md", + "meta": { + "category": "announcements", + "authorGitHubUsername": "spokanemac", + "authorFullName": "JD Strong", + "publishedOn": "2023-07-13", + "articleTitle": "Mac admins summer camp ⛺ at PSU MacAdmins Conference 2023", + "articleImageUrl": "/images/articles/psu-macadmins-conference-2023@2x.png", + "description": "A look ahead to PSU MacAdmin Conference July 18-21, 2023" + } + }, + { + "url": "/guides/puppet-module", + "title": "Puppet module", + "lastModifiedAt": 1726839805172, + "htmlId": "articles--puppet-module--c01ecdf2b6", + "sectionRelativeRepoPath": "puppet-module.md", + "meta": { + "category": "guides", + "authorGitHubUsername": "noahtalerman", + "authorFullName": "Noah Talerman", + "publishedOn": "2024-05-24", + "articleTitle": "Puppet module", + "description": "Learn how to use Fleet's Puppet module to automatically assign custom configuration profiles on your macOS hosts." + } + }, + { + "url": "/guides/queries", + "title": "Queries", + "lastModifiedAt": 1726839805173, + "htmlId": "articles--queries--ce5c1e3c99", + "sectionRelativeRepoPath": "queries.md", + "meta": { + "category": "guides", + "authorGitHubUsername": "noahtalerman", + "authorFullName": "Noah Talerman", + "publishedOn": "2024-08-09", + "articleTitle": "Queries", + "description": "Learn how to create, run, and schedule queries, as well as update agent options in the Fleet user interface." + } + }, + { + "url": "/guides/querying-process-file-events-table-on-centos-7", + "title": "Querying process file events table on centos 7", + "lastModifiedAt": 1726839805174, + "htmlId": "articles--querying-process-fil--5587f39199", + "sectionRelativeRepoPath": "querying-process-file-events-table-on-centos-7.md", + "meta": { + "articleTitle": "Querying process_file_events on CentOS 7", + "description": "Learn how to configure and query the process_file_events table on CentOS 7 with Fleet.", + "category": "guides", + "authorGitHubUsername": "lucasmrod", + "authorFullName": "Lucas Rodriguez", + "publishedOn": "2023-07-17" + } + }, + { + "url": "/guides/role-based-access", + "title": "Role based access", + "lastModifiedAt": 1726839805177, + "htmlId": "articles--role-based-access--92a94667b2", + "sectionRelativeRepoPath": "role-based-access.md", + "meta": { + "category": "guides", + "authorGitHubUsername": "noahtalerman", + "authorFullName": "Noah Talerman", + "publishedOn": "2024-08-10", + "articleTitle": "Role-based access", + "description": "Learn about the different roles and permissions in Fleet." + } + }, + { + "url": "/engineering/saving-over-100x-on-egress-switching-from-aws-to-hetzner", + "title": "Saving over 100x on egress switching from aws to hetzner", + "lastModifiedAt": 1726839805179, + "htmlId": "articles--saving-over-100x-on---a46f112fc0", + "sectionRelativeRepoPath": "saving-over-100x-on-egress-switching-from-aws-to-hetzner.md", + "meta": { + "category": "engineering", + "authorGitHubUsername": "zwass", + "authorFullName": "Zach Wasserman", + "publishedOn": "2022-01-25", + "articleTitle": "Saving over 100x on egress switching from AWS to Hetzner", + "articleImageUrl": "/images/articles/saving-over-100x-on-egress-switching-from-aws-to-hetzner-cover-1600x900@2x.jpg" + } + }, + { + "url": "/guides/scripts", + "title": "Scripts", + "lastModifiedAt": 1726839805179, + "htmlId": "articles--scripts--3a91ba655e", + "sectionRelativeRepoPath": "scripts.md", + "meta": { + "category": "guides", + "authorGitHubUsername": "noahtalerman", + "authorFullName": "Noah Talerman", + "publishedOn": "2024-06-04", + "articleTitle": "Scripts", + "description": "Learn how to execute a custom script on macOS, Windows, and Linux hosts in Fleet." + } + }, + { + "url": "/guides/seamless-mdm-migration", + "title": "Seamless mdm migration", + "lastModifiedAt": 1726839805182, + "htmlId": "articles--seamless-mdm-migrati--f0abcf2f23", + "sectionRelativeRepoPath": "seamless-mdm-migration.md", + "meta": { + "category": "guides", + "authorFullName": "Zach Wasserman", + "authorGitHubUsername": "zwass", + "publishedOn": "2024-08-08", + "articleTitle": "Seamless MDM migrations to Fleet", + "articleImageUrl": "/images/articles/seamless-mdm-migration-1600x900@2x.png", + "description": "This guide provides a process for seamlessly migrating macOS devices from an existing MDM solution to Fleet." + } + }, + { + "url": "/announcements/seattle-bellevue-cyber-security-summit-march-8-2023", + "title": "Seattle bellevue cyber security summit march 8 2023", + "lastModifiedAt": 1726839805183, + "htmlId": "articles--seattle-bellevue-cyb--3b5ca28169", + "sectionRelativeRepoPath": "seattle-bellevue-cyber-security-summit-march-8-2023.md", + "meta": { + "category": "announcements", + "authorGitHubUsername": "spokanemac", + "authorFullName": "JD Strong", + "publishedOn": "2023-03-02", + "articleTitle": "Join Fleet at Cyber Security Summit Seattle/Bellevue", + "articleImageUrl": "/images/articles/seattle-bellevue-cyber-security-summit-social-post-1200x628@2x.png" + } + }, + { + "url": "/securing/security-testing-at-fleet-fleet-pentest", + "title": "Security testing at Fleet Fleet pentest", + "lastModifiedAt": 1726839805184, + "htmlId": "articles--security-testing-at---106e7f1999", + "sectionRelativeRepoPath": "security-testing-at-fleet-fleet-pentest.md", + "meta": { + "category": "security", + "authorGitHubUsername": "GuillaumeRoss", + "authorFullName": "Guillaume Ross", + "publishedOn": "2022-05-10", + "articleTitle": "Penetration testing of Fleet (April 2022)", + "articleImageUrl": "/images/articles/security-testing-at-fleet-fleet-pentest-cover-1600x900@2x.jpg" + } + }, + { + "url": "/securing/security-testing-at-fleet-orbit-auto-updater-audit", + "title": "Security testing at Fleet orbit auto updater audit", + "lastModifiedAt": 1726839805185, + "htmlId": "articles--security-testing-at---f487015e45", + "sectionRelativeRepoPath": "security-testing-at-fleet-orbit-auto-updater-audit.md", + "meta": { + "category": "security", + "authorGitHubUsername": "GuillaumeRoss", + "authorFullName": "Guillaume Ross", + "publishedOn": "2022-03-30", + "articleTitle": "Security testing at Fleet/Orbit auto-updater audit", + "articleImageUrl": "/images/articles/security-testing-at-fleet-orbit-auto-updater-audit-cover-1600x900@2x.jpg" + } + }, + { + "url": "/guides/software-self-service", + "title": "Software self service", + "lastModifiedAt": 1726839805186, + "htmlId": "articles--software-self-servic--9047e7f63d", + "sectionRelativeRepoPath": "software-self-service.md", + "meta": { + "articleTitle": "Software self-service", + "authorFullName": "Jahziel Villasana-Espinoza", + "authorGitHubUsername": "jahzielv", + "category": "guides", + "publishedOn": "2024-08-06", + "articleImageUrl": "/images/articles/software-self-service-1600x900@2x.png", + "description": "This guide will walk you through adding apps to Fleet for user self-service." + } + }, + { + "url": "/guides/standard-query-library", + "title": "Standard query library", + "lastModifiedAt": 1726839805187, + "htmlId": "articles--standard-query-libra--dccfaa84b4", + "sectionRelativeRepoPath": "standard-query-library.md", + "meta": { + "category": "guides", + "authorGitHubUsername": "noahtalerman", + "authorFullName": "Noah Talerman", + "publishedOn": "2024-04-04", + "articleTitle": "Standard query library", + "description": "Learn how to use and contribute to Fleet's standard query library." + } + }, + { + "url": "/report/state-of-device-management", + "title": "State of device management", + "lastModifiedAt": 1726839805187, + "htmlId": "articles--state-of-device-mana--f6254cc69c", + "sectionRelativeRepoPath": "state-of-device-management.md", + "meta": { + "category": "report", + "authorFullName": "Mike McNeil", + "authorGitHubUsername": "mikermcneil", + "publishedOn": "2022-07-07", + "articleTitle": "State of Device Management report 2022", + "articleImageUrl": "/images/articles/state-of-device-management-report-1600x900@2x.png" + } + }, + { + "url": "/securing/stay-on-course-with-your-security-compliance-goals", + "title": "Stay on course with your security compliance goals", + "lastModifiedAt": 1726839805188, + "htmlId": "articles--stay-on-course-with---a487f310dc", + "sectionRelativeRepoPath": "stay-on-course-with-your-security-compliance-goals.md", + "meta": { + "category": "security", + "authorFullName": "Chris McGillicuddy", + "authorGitHubUsername": "chris-mcgillicuddy", + "publishedOn": "2022-07-18", + "articleTitle": "Stay on course with your security compliance goals", + "articleImageUrl": "/images/articles/security-compliance-goals-cover-800x450@2x.jpg" + } + }, + { + "url": "/guides/sysadmin-diaries-device-enrollment", + "title": "Sysadmin diaries device enrollment", + "lastModifiedAt": 1726839805189, + "htmlId": "articles--sysadmin-diaries-dev--abfda23f04", + "sectionRelativeRepoPath": "sysadmin-diaries-device-enrollment.md", + "meta": { + "articleTitle": "Sysadmin diaries: device enrollment", + "authorFullName": "JD Strong", + "authorGitHubUsername": "spokanemac", + "category": "guides", + "publishedOn": "2024-05-03", + "articleImageUrl": "/images/articles/sysadmin-diaries-1600x900@2x.png", + "description": "In this sysadmin diary, we explore a the differences in device enrollment." + } + }, + { + "url": "/guides/sysadmin-diaries-exporting-policies", + "title": "Sysadmin diaries exporting policies", + "lastModifiedAt": 1726839805190, + "htmlId": "articles--sysadmin-diaries-exp--a101d98c97", + "sectionRelativeRepoPath": "sysadmin-diaries-exporting-policies.md", + "meta": { + "articleTitle": "Sysadmin diaries: exporting policies", + "authorFullName": "JD Strong", + "authorGitHubUsername": "spokanemac", + "category": "guides", + "publishedOn": "2024-06-28", + "articleImageUrl": "/images/articles/sysadmin-diaries-1600x900@2x.png", + "description": "In this sysadmin diary, we explore extracting existing policies to enable gitops." + } + }, + { + "url": "/guides/sysadmin-diaries-lost-device", + "title": "Sysadmin diaries lost device", + "lastModifiedAt": 1726839805191, + "htmlId": "articles--sysadmin-diaries-los--3bcb909203", + "sectionRelativeRepoPath": "sysadmin-diaries-lost-device.md", + "meta": { + "articleTitle": "Sysadmin diaries: lost device", + "authorFullName": "JD Strong", + "authorGitHubUsername": "spokanemac", + "category": "guides", + "publishedOn": "2024-07-09", + "articleImageUrl": "/images/articles/sysadmin-diaries-1600x900@2x.png", + "description": "In this sysadmin diary, we explore what actions can be taken with Fleet when a device is lost." + } + }, + { + "url": "/guides/sysadmin-diaries-passcode-profiles", + "title": "Sysadmin diaries passcode profiles", + "lastModifiedAt": 1726839805192, + "htmlId": "articles--sysadmin-diaries-pas--883471875d", + "sectionRelativeRepoPath": "sysadmin-diaries-passcode-profiles.md", + "meta": { + "articleTitle": "Sysadmin diaries: passcode profiles", + "authorFullName": "JD Strong", + "authorGitHubUsername": "spokanemac", + "category": "guides", + "publishedOn": "2024-04-01", + "articleImageUrl": "/images/articles/sysadmin-diaries-1600x900@2x.png", + "description": "In this sysadmin diary, we explore a missapplied passcode policy." + } + }, + { + "url": "/guides/sysadmin-diaries-restoring-fleetd", + "title": "Sysadmin diaries restoring fleetd", + "lastModifiedAt": 1726839805193, + "htmlId": "articles--sysadmin-diaries-res--96c547e138", + "sectionRelativeRepoPath": "sysadmin-diaries-restoring-fleetd.md", + "meta": { + "articleTitle": "Sysadmin diaries: restoring fleetd", + "authorFullName": "JD Strong", + "authorGitHubUsername": "spokanemac", + "category": "guides", + "publishedOn": "2024-06-14", + "articleImageUrl": "/images/articles/sysadmin-diaries-1600x900@2x.png", + "description": "In this sysadmin diary, we explore restoring fleetd deleted by a surly employee." + } + }, + { + "url": "/securing/tales-from-fleet-security-github-configuration-and-openssf-scorecards", + "title": "Tales from Fleet security github configuration and openssf scorecards", + "lastModifiedAt": 1726839805194, + "htmlId": "articles--tales-from-fleet-sec--035c3d6474", + "sectionRelativeRepoPath": "tales-from-fleet-security-github-configuration-and-openssf-scorecards.md", + "meta": { + "category": "security", + "authorFullName": "Guillaume Ross", + "authorGitHubUsername": "GuillaumeRoss", + "publishedOn": "2022-04-15", + "articleTitle": "Tales from Fleet security: GitHub configuration and OpenSSF Scorecards", + "articleImageUrl": "/images/articles/tales-from-fleet-security-github-configuration-and-openssf-scorecards-cover-1600x900@2x.jpg" + } + }, + { + "url": "/securing/tales-from-fleet-security-google-groups-scams", + "title": "Tales from Fleet security google groups scams", + "lastModifiedAt": 1726839805195, + "htmlId": "articles--tales-from-fleet-sec--841598a71f", + "sectionRelativeRepoPath": "tales-from-fleet-security-google-groups-scams.md", + "meta": { + "category": "security", + "authorFullName": "Guillaume Ross", + "authorGitHubUsername": "GuillaumeRoss", + "publishedOn": "2022-08-05", + "articleTitle": "Tales from Fleet security: scams targeting Google Groups", + "articleImageUrl": "/images/articles/tales-from-fleet-security-google-groups-scams-cover-1600x900@2x.jpg" + } + }, + { + "url": "/securing/tales-from-fleet-security-securing-1password", + "title": "Tales from Fleet security securing 1password", + "lastModifiedAt": 1726839805196, + "htmlId": "articles--tales-from-fleet-sec--d172f39898", + "sectionRelativeRepoPath": "tales-from-fleet-security-securing-1password.md", + "meta": { + "category": "security", + "authorFullName": "Guillaume Ross", + "authorGitHubUsername": "GuillaumeRoss", + "publishedOn": "2022-05-06", + "articleTitle": "Tales from Fleet security: securing 1Password", + "articleImageUrl": "/images/articles/tales-from-fleet-security-securing-1password-cover-1600x900@2x.jpg" + } + }, + { + "url": "/securing/tales-from-fleet-security-securing-bank-accounts-from-business-email-compromise", + "title": "Tales from Fleet security securing bank accounts from business email compromise", + "lastModifiedAt": 1726839805198, + "htmlId": "articles--tales-from-fleet-sec--f60a0becab", + "sectionRelativeRepoPath": "tales-from-fleet-security-securing-bank-accounts-from-business-email-compromise.md", + "meta": { + "category": "security", + "authorFullName": "Guillaume Ross", + "authorGitHubUsername": "GuillaumeRoss", + "publishedOn": "2022-07-15", + "articleTitle": "Tales from Fleet security: securing bank accounts from business email compromise", + "articleImageUrl": "/images/articles/securing-bank-accounts-from-business-email-compromise-1600x900@2x.jpg" + } + }, + { + "url": "/securing/tales-from-fleet-security-securing-google-workspace", + "title": "Tales from Fleet security securing google workspace", + "lastModifiedAt": 1726839805199, + "htmlId": "articles--tales-from-fleet-sec--72efc9f80f", + "sectionRelativeRepoPath": "tales-from-fleet-security-securing-google-workspace.md", + "meta": { + "category": "security", + "authorFullName": "Guillaume Ross", + "authorGitHubUsername": "GuillaumeRoss", + "publishedOn": "2022-03-25", + "articleTitle": "Tales from Fleet security: securing Google Workspace", + "articleImageUrl": "/images/articles/tales-from-fleet-security-securing-google-workspace-cover-1600x900@2x.jpg" + } + }, + { + "url": "/securing/tales-from-fleet-security-securing-the-startup", + "title": "Tales from Fleet security securing the startup", + "lastModifiedAt": 1726839805200, + "htmlId": "articles--tales-from-fleet-sec--a25132f487", + "sectionRelativeRepoPath": "tales-from-fleet-security-securing-the-startup.md", + "meta": { + "category": "security", + "authorFullName": "Guillaume Ross", + "authorGitHubUsername": "GuillaumeRoss", + "publishedOn": "2022-03-17", + "articleTitle": "Tales from Fleet security: securing the startup", + "articleImageUrl": "/images/articles/tales-from-fleet-security-securing-the-startup-cover-1600x900@2x.jpg" + } + }, + { + "url": "/securing/tales-from-fleet-security-soc2", + "title": "Tales from Fleet security soc2", + "lastModifiedAt": 1726839805202, + "htmlId": "articles--tales-from-fleet-sec--f537169e1e", + "sectionRelativeRepoPath": "tales-from-fleet-security-soc2.md", + "meta": { + "category": "security", + "authorGitHubUsername": "GuillaumeRoss", + "authorFullName": "Guillaume Ross", + "publishedOn": "2022-06-24", + "articleTitle": "Tales from Fleet security: how we achieved our SOC 2 type 1 rapidly", + "articleImageUrl": "/images/articles/tales-from-fleet-soc2-type1-report-cover-1600x900@2x.jpg" + } + }, + { + "url": "/securing/tales-from-fleet-security-speeding-up-macos-updates-with-nudge", + "title": "Tales from Fleet security speeding up macos updates with nudge", + "lastModifiedAt": 1726839805203, + "htmlId": "articles--tales-from-fleet-sec--41bc496d3c", + "sectionRelativeRepoPath": "tales-from-fleet-security-speeding-up-macos-updates-with-nudge.md", + "meta": { + "category": "security", + "authorFullName": "Guillaume Ross", + "authorGitHubUsername": "GuillaumeRoss", + "publishedOn": "2022-07-05", + "articleTitle": "Tales from Fleet security: speeding up macOS updates with Nudge", + "articleImageUrl": "/images/articles/tales-from-fleet-nudge-cover-1600x900@2x.jpg" + } + }, + { + "url": "/guides/teams", + "title": "Teams", + "lastModifiedAt": 1726839805204, + "htmlId": "articles--teams--a6aba53335", + "sectionRelativeRepoPath": "teams.md", + "meta": { + "category": "guides", + "authorGitHubUsername": "noahtalerman", + "authorFullName": "Noah Talerman", + "publishedOn": "2024-07-11", + "articleTitle": "Teams", + "description": "Learn how to group hosts in Fleet to apply specific queries, policies, and agent options using teams." + } + }, + { + "url": "/announcements/the-device-security-tightrope-balancing-cost-and-protection-in-k-12-schools", + "title": "The device security tightrope balancing cost and protection in k 12 schools", + "lastModifiedAt": 1726839805205, + "htmlId": "articles--the-device-security---cba806f3e1", + "sectionRelativeRepoPath": "the-device-security-tightrope-balancing-cost-and-protection-in-K-12-schools.md", + "meta": { + "category": "announcements", + "authorFullName": "Keith Barnes", + "authorGitHubUsername": "KAB703", + "publishedOn": "2024-03-01", + "articleTitle": "The device security tightrope: balancing cost and protection in K-12 schools", + "articleImageUrl": "/images/articles/the-device-security-tightrope-balancing-cost-and-protection-in-K-12-schools-1600x900@2x.png" + } + }, + { + "url": "/podcasts/the-future-of-device-management-ep1", + "title": "The future of device management ep1", + "lastModifiedAt": 1726839805207, + "htmlId": "articles--the-future-of-device--e424a67517", + "sectionRelativeRepoPath": "the-future-of-device-management-ep1.md", + "meta": { + "category": "podcasts", + "authorGitHubUsername": "zwass", + "authorFullName": "Zach Wasserman", + "publishedOn": "2022-06-06", + "articleTitle": "Future of device management episode 1", + "articleImageUrl": "/images/articles/future-of-device-management-ep1-cover-1600x900@2x.jpg" + } + }, + { + "url": "/podcasts/the-future-of-device-management-ep2", + "title": "The future of device management ep2", + "lastModifiedAt": 1726839805208, + "htmlId": "articles--the-future-of-device--0b4ec299db", + "sectionRelativeRepoPath": "the-future-of-device-management-ep2.md", + "meta": { + "category": "podcasts", + "authorGitHubUsername": "zwass", + "authorFullName": "Zach Wasserman", + "publishedOn": "2022-06-30", + "articleTitle": "Future of device management episode 2", + "articleImageUrl": "/images/articles/future-of-device-management-ep2-cover-1600x900@2x.jpg" + } + }, + { + "url": "/podcasts/the-future-of-device-management-ep3", + "title": "The future of device management ep3", + "lastModifiedAt": 1726839805209, + "htmlId": "articles--the-future-of-device--d7b8d1fbfe", + "sectionRelativeRepoPath": "the-future-of-device-management-ep3.md", + "meta": { + "category": "podcasts", + "authorGitHubUsername": "zwass", + "authorFullName": "Zach Wasserman", + "publishedOn": "2022-07-21", + "articleTitle": "Future of device management episode 3", + "articleImageUrl": "/images/articles/future-of-device-management-ep3-cover-1600x900@2x.jpg" + } + }, + { + "url": "/podcasts/the-future-of-device-management-ep4", + "title": "The future of device management ep4", + "lastModifiedAt": 1726839805210, + "htmlId": "articles--the-future-of-device--bd6c88c590", + "sectionRelativeRepoPath": "the-future-of-device-management-ep4.md", + "meta": { + "category": "podcasts", + "authorGitHubUsername": "zwass", + "authorFullName": "Zach Wasserman", + "publishedOn": "2022-08-12", + "articleTitle": "Future of device management episode 4", + "articleImageUrl": "/images/articles/future-of-device-management-ep4-cover-1600x900@2x.jpg" + } + }, + { + "url": "/podcasts/the-future-of-device-management-ep5", + "title": "The future of device management ep5", + "lastModifiedAt": 1726839805210, + "htmlId": "articles--the-future-of-device--c5ce4719fa", + "sectionRelativeRepoPath": "the-future-of-device-management-ep5.md", + "meta": { + "category": "podcasts", + "authorGitHubUsername": "zwass", + "authorFullName": "Zach Wasserman", + "publishedOn": "2022-09-01", + "articleTitle": "Future of device management episode 5", + "articleImageUrl": "/images/articles/future-of-device-management-ep5-cover-1600x900@2x.jpg" + } + }, + { + "url": "/podcasts/the-future-of-device-management-ep6", + "title": "The future of device management ep6", + "lastModifiedAt": 1726839805211, + "htmlId": "articles--the-future-of-device--141153d341", + "sectionRelativeRepoPath": "the-future-of-device-management-ep6.md", + "meta": { + "category": "podcasts", + "authorGitHubUsername": "zwass", + "authorFullName": "Zach Wasserman", + "publishedOn": "2022-09-23", + "articleTitle": "Future of device management episode 6", + "articleImageUrl": "/images/articles/future-of-device-management-ep6-cover-1600x900@2x.jpg" + } + }, + { + "url": "/podcasts/the-future-of-device-management-ep7", + "title": "The future of device management ep7", + "lastModifiedAt": 1726839805212, + "htmlId": "articles--the-future-of-device--52a1db0bde", + "sectionRelativeRepoPath": "the-future-of-device-management-ep7.md", + "meta": { + "category": "podcasts", + "authorGitHubUsername": "zwass", + "authorFullName": "Zach Wasserman", + "publishedOn": "2022-11-03", + "articleTitle": "Future of device management episode 7", + "articleImageUrl": "/images/articles/future-of-device-management-ep7-cover-1600x900@2x.jpg" + } + }, + { + "url": "/guides/understanding-the-intricacies-of-fleet-policies", + "title": "Understanding the intricacies of Fleet policies", + "lastModifiedAt": 1726839805213, + "htmlId": "articles--understanding-the-in--edae4ca064", + "sectionRelativeRepoPath": "understanding-the-intricacies-of-fleet-policies.md", + "meta": { + "articleTitle": "Understanding the intricacies of Fleet policies", + "authorFullName": "Victor Lyuboslavsky", + "authorGitHubUsername": "getvictor", + "category": "guides", + "publishedOn": "2023-12-29", + "description": "Learn how Fleet policies work behind the scenes." + } + }, + { + "url": "/guides/using-elasticsearch-and-kibana-to-visualize-osquery-performance", + "title": "Using elasticsearch and kibana to visualize osquery performance", + "lastModifiedAt": 1726839805215, + "htmlId": "articles--using-elasticsearch---55019ee35a", + "sectionRelativeRepoPath": "using-elasticsearch-and-kibana-to-visualize-osquery-performance.md", + "meta": { + "category": "guides", + "authorFullName": "Zach Wasserman", + "authorGitHubUsername": "zwass", + "publishedOn": "2021-05-26", + "articleTitle": "Using Elasticsearch and Kibana to visualize osquery performance", + "articleImageUrl": "/images/articles/using-elasticsearch-and-kibana-to-visualize-osquery-performance-cover-700x393@2x.jpeg" + } + }, + { + "url": "/guides/using-fleet-and-okta-workflows-to-generate-a-daily-os-report", + "title": "Using Fleet and okta workflows to generate a daily os report", + "lastModifiedAt": 1726839805218, + "htmlId": "articles--using-fleet-and-okta--a4676a8577", + "sectionRelativeRepoPath": "using-fleet-and-okta-workflows-to-generate-a-daily-os-report.md", + "meta": { + "articleTitle": "Using Fleet and Okta Workflows to generate a daily OS report", + "authorFullName": "Harrison Ravazzolo", + "authorGitHubUsername": "harrisonravazzolo", + "category": "guides", + "publishedOn": "2023-05-09", + "articleImageUrl": "/images/articles/using-fleet-and-okta-workflows-to-generate-a-daily-os-report@2x.jpg", + "description": "Learn how to use Fleet to query device OS information through the Fleet REST API and automate daily Slack notifications using Okta Workflows." + } + }, + { + "url": "/guides/using-fleet-and-tines-together", + "title": "Using Fleet and tines together", + "lastModifiedAt": 1726839805219, + "htmlId": "articles--using-fleet-and-tine--3606f85672", + "sectionRelativeRepoPath": "using-fleet-and-tines-together.md", + "meta": { + "category": "guides", + "authorFullName": "Dave Herder", + "authorGitHubUsername": "dherder", + "publishedOn": "2023-03-08", + "articleTitle": "Using Fleet and Tines together", + "articleImageUrl": "/images/articles/using-fleet-and-tines-together-1600x900@2x.png" + } + }, + { + "url": "/guides/using-github-actions-to-apply-configuration-profiles-with-fleet", + "title": "Using github actions to apply configuration profiles with Fleet", + "lastModifiedAt": 1726839805220, + "htmlId": "articles--using-github-actions--d966ed0177", + "sectionRelativeRepoPath": "using-github-actions-to-apply-configuration-profiles-with-fleet.md", + "meta": { + "articleTitle": "Using GitHub Actions to apply configuration profiles with Fleet", + "authorFullName": "JD Strong", + "authorGitHubUsername": "spokanemac", + "category": "guides", + "publishedOn": "2023-05-31", + "articleImageUrl": "/images/articles/using-github-actions-to-apply-configuration-profiles-with-fleet@2x.jpg", + "description": "A guide on using GitHub Actions with Fleet for efficient and automated application of the latest configuration profiles for a GitOps workflow." + } + }, + { + "url": "/securing/vulnerability-management-the-advantages-of-fleet-to-support-government-agencies", + "title": "Vulnerability management the advantages of Fleet to support government agencies", + "lastModifiedAt": 1726839805221, + "htmlId": "articles--vulnerability-manage--fae19ad566", + "sectionRelativeRepoPath": "vulnerability-management-the-advantages-of-fleet-to-support-government-agencies.md", + "meta": { + "category": "security", + "authorFullName": "Keith Barnes", + "authorGitHubUsername": "KAB703", + "publishedOn": "2023-12-26", + "articleTitle": "Vulnerability management: advantages of Fleet to support government agencies", + "articleImageUrl": "/images/articles/vulnerability-management-advantages-of-fleet-to-support-government-agencies-1600x900@2x.png" + } + }, + { + "url": "/guides/vulnerability-processing", + "title": "Vulnerability processing", + "lastModifiedAt": 1726839805222, + "htmlId": "articles--vulnerability-proces--244a2b70ee", + "sectionRelativeRepoPath": "vulnerability-processing.md", + "meta": { + "category": "guides", + "authorGitHubUsername": "noahtalerman", + "authorFullName": "Noah Talerman", + "publishedOn": "2024-07-12", + "articleTitle": "Vulnerability processing", + "description": "Find out how Fleet detects vulnerabilities and what software it covers." + } + }, + { + "url": "/guides/what-api-endpoints-to-expose-to-the-public-internet", + "title": "What API endpoints to expose to the public internet", + "lastModifiedAt": 1726839805223, + "htmlId": "articles--what-api-endpoints-t--cd0552d444", + "sectionRelativeRepoPath": "what-api-endpoints-to-expose-to-the-public-internet.md", + "meta": { + "category": "guides", + "authorGitHubUsername": "mike-j-thomas", + "authorFullName": "Mike Thomas", + "publishedOn": "2023-11-13", + "articleTitle": "Which API endpoints to expose to the public internet?" + } + }, + { + "url": "/securing/what-are-fleet-policies", + "title": "What are Fleet policies", + "lastModifiedAt": 1726839805224, + "htmlId": "articles--what-are-fleet-polic--d8ca2da611", + "sectionRelativeRepoPath": "what-are-fleet-policies.md", + "meta": { + "category": "security", + "authorGitHubUsername": "Drew-P-drawers", + "authorFullName": "Andrew Baker", + "publishedOn": "2022-05-20", + "articleTitle": "What are Fleet policies?", + "articleImageUrl": "/images/articles/what-are-fleet-policies-cover-1600x900@2x.jpg" + } + }, + { + "url": "/guides/windows-mdm-setup", + "title": "Windows mdm setup", + "lastModifiedAt": 1726839805226, + "htmlId": "articles--windows-mdm-setup--ebf4ebf0ba", + "sectionRelativeRepoPath": "windows-mdm-setup.md", + "meta": { + "articleTitle": "Windows MDM setup", + "authorFullName": "Noah Talerman", + "authorGitHubUsername": "noahtalerman", + "category": "guides", + "publishedOn": "2023-10-23", + "articleImageUrl": "/images/articles/windows-mdm-fleet-1600x900@2x.png", + "description": "Configuring Windows MDM in Fleet." + } + }, + { + "url": "/guides/zero-trust-attestation-with-fleet", + "title": "Zero trust attestation with Fleet", + "lastModifiedAt": 1726839805227, + "htmlId": "articles--zero-trust-attestati--b892a54252", + "sectionRelativeRepoPath": "zero-trust-attestation-with-fleet.md", + "meta": { + "articleTitle": "How to use Fleet for zero trust attestation", + "authorFullName": "Mo Zhu", + "authorGitHubUsername": "zhumo", + "category": "guides", + "publishedOn": "2022-10-14", + "articleImageUrl": "/images/articles/fleet-for-zero-trust-attestation-800x450@2x.jpg" + } + }, + { + "url": "/securing/work-may-be-watching-but-it-might-not-be-as-bad-as-you-think", + "title": "Work may be watching but it might not be as bad as you think", + "lastModifiedAt": 1726839805227, + "htmlId": "articles--work-may-be-watching--420e065d2f", + "sectionRelativeRepoPath": "work-may-be-watching-but-it-might-not-be-as-bad-as-you-think.md", + "meta": { + "category": "security", + "authorFullName": "Mike Thomas", + "authorGitHubUsername": "mike-j-thomas", + "publishedOn": "2021-10-22", + "articleTitle": "Work may be watching, but it might not be as bad as you think.", + "articleImageUrl": "/images/articles/work-may-be-watching-but-it-might-not-be-as-bad-as-you-think-cover-1600x900@2x.jpg" + } + }, + { + "url": "/handbook/company/open-positions/software-engineer", + "title": "🚀 Software Engineer", + "lastModifiedAt": 1726839805228, + "htmlId": "handbook--software-engineer--be50029cfb", + "sectionRelativeRepoPath": "company/open-positions.yml", + "meta": { + "maintainedBy": "LukeHeath" + } + }, + { + "url": "/handbook/company/open-positions/account-executive", + "title": "🐋 Account Executive", + "lastModifiedAt": 1726839805228, + "htmlId": "handbook--account-executive--d5def7dc8f", + "sectionRelativeRepoPath": "company/open-positions.yml", + "meta": { + "maintainedBy": "alexmitchelliii" + } + }, + { + "url": "/tables/account_policy_data", + "title": "account_policy_data", + "htmlId": "table--accountpolicydata--31df68b22b", + "evented": false, + "platforms": [ + "darwin" + ], + "keywordsForSyntaxHighlighting": [ + "account_policy_data", + "creation_time", + "failed_login_count", + "failed_login_timestamp", + "password_last_set_time", + "uid" + ], + "sectionRelativeRepoPath": "account_policy_data", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/account_policy_data.yml" + }, + { + "url": "/tables/ad_config", + "title": "ad_config", + "htmlId": "table--adconfig--39d2211d09", + "evented": false, + "platforms": [ + "darwin" + ], + "keywordsForSyntaxHighlighting": [ + "ad_config", + "domain", + "name", + "option", + "value" + ], + "sectionRelativeRepoPath": "ad_config", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/ad_config.yml" + }, + { + "url": "/tables/alf", + "title": "alf", + "htmlId": "table--alf--4c28031b0f", + "evented": false, + "platforms": [ + "darwin" + ], + "keywordsForSyntaxHighlighting": [ + "alf", + "allow_signed_enabled", + "firewall_unload", + "global_state", + "logging_enabled", + "logging_option", + "stealth_enabled", + "version" + ], + "sectionRelativeRepoPath": "alf", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/alf.yml" + }, + { + "url": "/tables/alf_exceptions", + "title": "alf_exceptions", + "htmlId": "table--alfexceptions--1fbd2a6157", + "evented": false, + "platforms": [ + "darwin" + ], + "keywordsForSyntaxHighlighting": [ + "alf_exceptions", + "path", + "state" + ], + "sectionRelativeRepoPath": "alf_exceptions", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/alf_exceptions.yml" + }, + { + "url": "/tables/alf_explicit_auths", + "title": "alf_explicit_auths", + "htmlId": "table--alfexplicitauths--4b47436520", + "evented": false, + "platforms": [ + "darwin" + ], + "keywordsForSyntaxHighlighting": [ + "alf_explicit_auths", + "process" + ], + "sectionRelativeRepoPath": "alf_explicit_auths", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/alf_explicit_auths.yml" + }, + { + "url": "/tables/apfs_physical_stores", + "title": "apfs_physical_stores", + "htmlId": "table--apfsphysicalstores--30af4e1d13", + "evented": false, + "platforms": [ + "darwin" + ], + "keywordsForSyntaxHighlighting": [ + "apfs_physical_stores", + "container_capacity_ceiling", + "container_capacity_free", + "container_designated_physical_store", + "container_fusion", + "container_reference", + "container_uuid", + "identifier", + "size", + "uuid" + ], + "sectionRelativeRepoPath": "apfs_physical_stores", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/apfs_physical_stores.yml" + }, + { + "url": "/tables/apfs_volumes", + "title": "apfs_volumes", + "htmlId": "table--apfsvolumes--d8e8cc281d", + "evented": false, + "platforms": [ + "darwin" + ], + "keywordsForSyntaxHighlighting": [ + "apfs_volumes", + "capacity_in_use", + "capacity_quota", + "capacity_reserve", + "container_capacity_ceiling", + "container_capacity_free", + "container_designated_physical_store", + "container_fusion", + "container_reference", + "container_uuid", + "crypto_migration_on", + "device_identifier", + "encryption", + "filevault", + "locked", + "name", + "role", + "uuid" + ], + "sectionRelativeRepoPath": "apfs_volumes", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/apfs_volumes.yml" + }, + { + "url": "/tables/app_icons", + "title": "app_icons", + "htmlId": "table--appicons--93bed0002f", + "evented": false, + "platforms": [ + "darwin" + ], + "keywordsForSyntaxHighlighting": [ + "app_icons", + "hash", + "icon", + "path" + ], + "sectionRelativeRepoPath": "app_icons", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/app_icons.yml" + }, + { + "url": "/tables/app_schemes", + "title": "app_schemes", + "htmlId": "table--appschemes--e75c685f8d", + "evented": false, + "platforms": [ + "darwin" + ], + "keywordsForSyntaxHighlighting": [ + "app_schemes", + "enabled", + "external", + "handler", + "protected", + "scheme" + ], + "sectionRelativeRepoPath": "app_schemes", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/app_schemes.yml" + }, + { + "url": "/tables/apparmor_events", + "title": "apparmor_events", + "htmlId": "table--apparmorevents--1b9b1af186", + "evented": true, + "platforms": [ + "linux" + ], + "keywordsForSyntaxHighlighting": [ + "apparmor_events", + "apparmor", + "capability", + "capname", + "comm", + "denied_mask", + "eid", + "error", + "fsuid", + "info", + "label", + "message", + "name", + "namespace", + "operation", + "ouid", + "parent", + "pid", + "profile", + "requested_mask", + "time", + "type", + "uptime" + ], + "sectionRelativeRepoPath": "apparmor_events", + "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fapparmor_events.yml&value=name%3A%20apparmor_events%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table." + }, + { + "url": "/tables/apparmor_profiles", + "title": "apparmor_profiles", + "htmlId": "table--apparmorprofiles--49f0f69437", + "evented": false, + "platforms": [ + "linux" + ], + "keywordsForSyntaxHighlighting": [ + "apparmor_profiles", + "attach", + "mode", + "name", + "path", + "sha1" + ], + "sectionRelativeRepoPath": "apparmor_profiles", + "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fapparmor_profiles.yml&value=name%3A%20apparmor_profiles%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table." + }, + { + "url": "/tables/appcompat_shims", + "title": "appcompat_shims", + "htmlId": "table--appcompatshims--33b5da402f", + "evented": false, + "platforms": [ + "windows" + ], + "keywordsForSyntaxHighlighting": [ + "appcompat_shims", + "description", + "executable", + "install_time", + "path", + "sdb_id", + "type" + ], + "sectionRelativeRepoPath": "appcompat_shims", + "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fappcompat_shims.yml&value=name%3A%20appcompat_shims%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table." + }, + { + "url": "/tables/apps", + "title": "apps", + "htmlId": "table--apps--ccdee150a9", + "evented": false, + "platforms": [ + "darwin" + ], + "keywordsForSyntaxHighlighting": [ + "apps", + "applescript_enabled", + "bundle_executable", + "bundle_identifier", + "bundle_name", + "bundle_package_type", + "bundle_short_version", + "bundle_version", + "category", + "compiler", + "copyright", + "development_region", + "display_name", + "element", + "environment", + "info_string", + "last_opened_time", + "minimum_system_version", + "name", + "path" + ], + "sectionRelativeRepoPath": "apps", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/apps.yml" + }, + { + "url": "/tables/apt_sources", + "title": "apt_sources", + "htmlId": "table--aptsources--a209051a90", + "evented": false, + "platforms": [ + "linux" + ], + "keywordsForSyntaxHighlighting": [ + "apt_sources", + "architectures", + "base_uri", + "components", + "maintainer", + "name", + "pid_with_namespace", + "release", + "source", + "version" + ], + "sectionRelativeRepoPath": "apt_sources", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/apt_sources.yml" + }, + { + "url": "/tables/arp_cache", + "title": "arp_cache", + "htmlId": "table--arpcache--83f95510b6", + "evented": false, + "platforms": [ + "darwin", + "linux", + "windows" + ], + "keywordsForSyntaxHighlighting": [ + "arp_cache", + "address", + "interface", + "mac", + "permanent" + ], + "sectionRelativeRepoPath": "arp_cache", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/arp_cache.yml" + }, + { + "url": "/tables/asl", + "title": "asl", + "htmlId": "table--asl--d2accdbfe3", + "evented": false, + "platforms": [ + "darwin" + ], + "keywordsForSyntaxHighlighting": [ + "asl", + "extra", + "facility", + "gid", + "host", + "level", + "message", + "pid", + "ref_pid", + "ref_proc", + "sender", + "time", + "time_nano_sec", + "uid" + ], + "sectionRelativeRepoPath": "asl", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/asl.yml" + }, + { + "url": "/tables/augeas", + "title": "augeas", + "htmlId": "table--augeas--b316cda7a7", + "evented": false, + "platforms": [ + "darwin", + "linux" + ], + "keywordsForSyntaxHighlighting": [ + "augeas", + "label", + "node", + "path", + "value" + ], + "sectionRelativeRepoPath": "augeas", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/augeas.yml" + }, + { + "url": "/tables/authdb", + "title": "authdb", + "htmlId": "table--authdb--a304d751e5", + "evented": false, + "platforms": [ + "darwin" + ], + "keywordsForSyntaxHighlighting": [ + "authdb", + "json_result", + "right_name" + ], + "sectionRelativeRepoPath": "authdb", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/authdb.yml" + }, + { + "url": "/tables/authenticode", + "title": "authenticode", + "htmlId": "table--authenticode--0de9da48eb", + "evented": false, + "platforms": [ + "windows" + ], + "keywordsForSyntaxHighlighting": [ + "authenticode", + "issuer_name", + "original_program_name", + "path", + "result", + "serial_number", + "subject_name" + ], + "sectionRelativeRepoPath": "authenticode", + "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fauthenticode.yml&value=name%3A%20authenticode%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table." + }, + { + "url": "/tables/authorization_mechanisms", + "title": "authorization_mechanisms", + "htmlId": "table--authorizationmechanisms--d2490cb436", + "evented": false, + "platforms": [ + "darwin" + ], + "keywordsForSyntaxHighlighting": [ + "authorization_mechanisms", + "entry", + "label", + "mechanism", + "plugin", + "privileged" + ], + "sectionRelativeRepoPath": "authorization_mechanisms", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/authorization_mechanisms.yml" + }, + { + "url": "/tables/authorizations", + "title": "authorizations", + "htmlId": "table--authorizations--7fb6b733e8", + "evented": false, + "platforms": [ + "darwin" + ], + "keywordsForSyntaxHighlighting": [ + "authorizations", + "allow_root", + "authenticate_user", + "class", + "comment", + "created", + "label", + "modified", + "session_owner", + "shared", + "timeout", + "tries", + "version" + ], + "sectionRelativeRepoPath": "authorizations", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/authorizations.yml" + }, + { + "url": "/tables/authorized_keys", + "title": "authorized_keys", + "htmlId": "table--authorizedkeys--5108700dee", + "evented": false, + "platforms": [ + "darwin", + "linux" + ], + "keywordsForSyntaxHighlighting": [ + "authorized_keys", + "algorithm", + "comment", + "key", + "key_file", + "options", + "pid_with_namespace", + "uid" + ], + "sectionRelativeRepoPath": "authorized_keys", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/authorized_keys.yml" + }, + { + "url": "/tables/autoexec", + "title": "autoexec", + "htmlId": "table--autoexec--ab98111b94", + "evented": false, + "platforms": [ + "windows" + ], + "keywordsForSyntaxHighlighting": [ + "autoexec", + "name", + "path", + "source" + ], + "sectionRelativeRepoPath": "autoexec", + "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fautoexec.yml&value=name%3A%20autoexec%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table." + }, + { + "url": "/tables/azure_instance_metadata", + "title": "azure_instance_metadata", + "htmlId": "table--azureinstancemetadata--01df1dde23", + "evented": false, + "platforms": [ + "darwin", + "linux", + "windows" + ], + "keywordsForSyntaxHighlighting": [ + "azure_instance_metadata", + "location", + "name", + "offer", + "os_type", + "placement_group_id", + "platform_fault_domain", + "platform_update_domain", + "publisher", + "resource_group_name", + "sku", + "subscription_id", + "version", + "vm_id", + "vm_scale_set_name", + "vm_size", + "zone" + ], + "sectionRelativeRepoPath": "azure_instance_metadata", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/azure_instance_metadata.yml" + }, + { + "url": "/tables/azure_instance_tags", + "title": "azure_instance_tags", + "htmlId": "table--azureinstancetags--166e2b6f18", + "evented": false, + "platforms": [ + "darwin", + "linux", + "windows" + ], + "keywordsForSyntaxHighlighting": [ + "azure_instance_tags", + "key", + "value", + "vm_id" + ], + "sectionRelativeRepoPath": "azure_instance_tags", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/azure_instance_tags.yml" + }, + { + "url": "/tables/background_activities_moderator", + "title": "background_activities_moderator", + "htmlId": "table--backgroundactivitiesmoderator--12072ab407", + "evented": false, + "platforms": [ + "windows" + ], + "keywordsForSyntaxHighlighting": [ + "background_activities_moderator", + "last_execution_time", + "path", + "sid" + ], + "sectionRelativeRepoPath": "background_activities_moderator", + "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fbackground_activities_moderator.yml&value=name%3A%20background_activities_moderator%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table." + }, + { + "url": "/tables/battery", + "title": "battery", + "htmlId": "table--battery--e54a7e368b", + "evented": false, + "platforms": [ + "darwin", + "windows" + ], + "keywordsForSyntaxHighlighting": [ + "battery", + "amperage", + "charged", + "charging", + "chemistry", + "condition", + "current_capacity", + "cycle_count", + "designed_capacity", + "health", + "manufacture_date", + "manufacturer", + "max_capacity", + "minutes_to_full_charge", + "minutes_until_empty", + "model", + "percent_remaining", + "serial_number", + "state", + "voltage" + ], + "sectionRelativeRepoPath": "battery", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/battery.yml" + }, + { + "url": "/tables/bitlocker_info", + "title": "bitlocker_info", + "htmlId": "table--bitlockerinfo--277b4f7713", + "evented": false, + "platforms": [ + "windows" + ], + "keywordsForSyntaxHighlighting": [ + "bitlocker_info", + "conversion_status", + "device_id", + "drive_letter", + "encryption_method", + "lock_status", + "percentage_encrypted", + "persistent_volume_id", + "protection_status", + "version" + ], + "sectionRelativeRepoPath": "bitlocker_info", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/bitlocker_info.yml" + }, + { + "url": "/tables/block_devices", + "title": "block_devices", + "htmlId": "table--blockdevices--3db1d23d7b", + "evented": false, + "platforms": [ + "darwin", + "linux" + ], + "keywordsForSyntaxHighlighting": [ + "block_devices", + "block_size", + "label", + "model", + "name", + "parent", + "size", + "type", + "uuid", + "vendor" + ], + "sectionRelativeRepoPath": "block_devices", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/block_devices.yml" + }, + { + "url": "/tables/bpf_process_events", + "title": "bpf_process_events", + "htmlId": "table--bpfprocessevents--f98d50f0c4", + "evented": true, + "platforms": [ + "linux" + ], + "keywordsForSyntaxHighlighting": [ + "bpf_process_events", + "cid", + "cmdline", + "cwd", + "duration", + "eid", + "exit_code", + "gid", + "json_cmdline", + "ntime", + "parent", + "path", + "pid", + "probe_error", + "syscall", + "tid", + "time", + "uid" + ], + "sectionRelativeRepoPath": "bpf_process_events", + "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fbpf_process_events.yml&value=name%3A%20bpf_process_events%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table." + }, + { + "url": "/tables/bpf_socket_events", + "title": "bpf_socket_events", + "htmlId": "table--bpfsocketevents--2bbe58be1b", + "evented": true, + "platforms": [ + "linux" + ], + "keywordsForSyntaxHighlighting": [ + "bpf_socket_events", + "cid", + "duration", + "eid", + "exit_code", + "family", + "fd", + "gid", + "local_address", + "local_port", + "ntime", + "parent", + "path", + "pid", + "probe_error", + "protocol", + "remote_address", + "remote_port", + "syscall", + "tid", + "time", + "type", + "uid" + ], + "sectionRelativeRepoPath": "bpf_socket_events", + "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fbpf_socket_events.yml&value=name%3A%20bpf_socket_events%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table." + }, + { + "url": "/tables/carbon_black_info", + "title": "carbon_black_info", + "htmlId": "table--carbonblackinfo--1a7333701d", + "evented": false, + "platforms": [ + "darwin", + "linux", + "windows" + ], + "keywordsForSyntaxHighlighting": [ + "carbon_black_info", + "binary_queue", + "collect_cross_processes", + "collect_data_file_writes", + "collect_emet_events", + "collect_file_mods", + "collect_module_info", + "collect_module_loads", + "collect_net_conns", + "collect_process_user_context", + "collect_processes", + "collect_reg_mods", + "collect_sensor_operations", + "collect_store_files", + "config_name", + "event_queue", + "log_file_disk_quota_mb", + "log_file_disk_quota_percentage", + "protection_disabled", + "sensor_backend_server", + "sensor_id", + "sensor_ip_addr" + ], + "sectionRelativeRepoPath": "carbon_black_info", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/carbon_black_info.yml" + }, + { + "url": "/tables/carves", + "title": "carves", + "htmlId": "table--carves--faab2a865e", + "evented": false, + "platforms": [ + "darwin", + "linux", + "windows" + ], + "keywordsForSyntaxHighlighting": [ + "carves", + "carve", + "carve_guid", + "path", + "request_id", + "sha256", + "size", + "status", + "time" + ], + "sectionRelativeRepoPath": "carves", + "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fcarves.yml&value=name%3A%20carves%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table." + }, + { + "url": "/tables/certificates", + "title": "certificates", + "htmlId": "table--certificates--e853dcf612", + "evented": false, + "platforms": [ + "darwin", + "linux", + "windows" + ], + "keywordsForSyntaxHighlighting": [ + "certificates", + "authority_key_id", + "ca", + "common_name", + "issuer", + "issuer2", + "key_algorithm", + "key_strength", + "key_usage", + "not_valid_after", + "not_valid_before", + "path", + "self_signed", + "serial", + "sha1", + "sid", + "signing_algorithm", + "store", + "store_id", + "store_location", + "subject", + "subject2", + "subject_key_id", + "username" + ], + "sectionRelativeRepoPath": "certificates", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/certificates.yml" + }, + { + "url": "/tables/chassis_info", + "title": "chassis_info", + "htmlId": "table--chassisinfo--b4f2a373fd", + "evented": false, + "platforms": [ + "windows" + ], + "keywordsForSyntaxHighlighting": [ + "chassis_info", + "audible_alarm", + "breach_description", + "chassis_types", + "description", + "lock", + "manufacturer", + "model", + "security_breach", + "serial", + "sku", + "smbios_tag", + "status", + "visible_alarm" + ], + "sectionRelativeRepoPath": "chassis_info", + "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fchassis_info.yml&value=name%3A%20chassis_info%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table." + }, + { + "url": "/tables/chocolatey_packages", + "title": "chocolatey_packages", + "htmlId": "table--chocolateypackages--a948b45942", + "evented": false, + "platforms": [ + "windows" + ], + "keywordsForSyntaxHighlighting": [ + "chocolatey_packages", + "author", + "license", + "name", + "path", + "summary", + "version" + ], + "sectionRelativeRepoPath": "chocolatey_packages", + "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fchocolatey_packages.yml&value=name%3A%20chocolatey_packages%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table." + }, + { + "url": "/tables/chrome_extension_content_scripts", + "title": "chrome_extension_content_scripts", + "htmlId": "table--chromeextensioncontentscripts--90dfc8f7b0", + "evented": false, + "platforms": [ + "darwin", + "linux", + "windows" + ], + "keywordsForSyntaxHighlighting": [ + "chrome_extension_content_scripts", + "browser_type", + "identifier", + "match", + "path", + "profile_path", + "referenced", + "script", + "uid", + "version" + ], + "sectionRelativeRepoPath": "chrome_extension_content_scripts", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/chrome_extension_content_scripts.yml" + }, + { + "url": "/tables/chrome_extensions", + "title": "chrome_extensions", + "htmlId": "table--chromeextensions--0b832601b4", + "evented": false, + "platforms": [ + "darwin", + "windows", + "linux", + "chrome" + ], + "keywordsForSyntaxHighlighting": [ + "chrome_extensions", + "author", + "browser_type", + "current_locale", + "default_locale", + "description", + "from_webstore", + "identifier", + "install_time", + "install_timestamp", + "key", + "manifest_hash", + "manifest_json", + "name", + "optional_permissions", + "optional_permissions_json", + "path", + "permissions", + "permissions_json", + "persistent", + "profile", + "profile_path", + "referenced", + "referenced_identifier", + "state", + "uid", + "update_url", + "version" + ], + "sectionRelativeRepoPath": "chrome_extensions", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/chrome_extensions.yml" + }, + { + "url": "/tables/cis_audit", + "title": "cis_audit", + "htmlId": "table--cisaudit--021dcf9746", + "evented": false, + "platforms": [ + "windows" + ], + "keywordsForSyntaxHighlighting": [ + "cis_audit", + "item", + "value" + ], + "sectionRelativeRepoPath": "cis_audit", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/cis_audit.yml" + }, + { + "url": "/tables/connected_displays", + "title": "connected_displays", + "htmlId": "table--connecteddisplays--f57653bc5b", + "evented": false, + "platforms": [ + "darwin" + ], + "keywordsForSyntaxHighlighting": [ + "connected_displays", + "ambient_brightness_enabled", + "connection_type", + "display_id", + "display_type", + "main", + "manufactured_week", + "manufactured_year", + "mirror", + "name", + "online", + "pixels", + "product_id", + "resolution", + "rotation", + "serial_number", + "vendor_id" + ], + "sectionRelativeRepoPath": "connected_displays", + "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fconnected_displays.yml&value=name%3A%20connected_displays%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table." + }, + { + "url": "/tables/connectivity", + "title": "connectivity", + "htmlId": "table--connectivity--9bd961f435", + "evented": false, + "platforms": [ + "windows" + ], + "keywordsForSyntaxHighlighting": [ + "connectivity", + "disconnected", + "ipv4_internet", + "ipv4_local_network", + "ipv4_no_traffic", + "ipv4_subnet", + "ipv6_internet", + "ipv6_local_network", + "ipv6_no_traffic", + "ipv6_subnet" + ], + "sectionRelativeRepoPath": "connectivity", + "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fconnectivity.yml&value=name%3A%20connectivity%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table." + }, + { + "url": "/tables/corestorage_logical_volume_families", + "title": "corestorage_logical_volume_families", + "htmlId": "table--corestoragelogicalvolumefamilies--c844b6943f", + "evented": false, + "platforms": [ + "darwin" + ], + "keywordsForSyntaxHighlighting": [ + "corestorage_logical_volume_families", + "EncryptionStatus", + "EncryptionType", + "HasVisibleUsers", + "HasVolumeKey", + "IsAcceptingNewUsers", + "IsFullySecure", + "MayHaveEncryptedEvents", + "RequiresPasswordUnlock", + "UUID", + "vg_FreeSpace", + "vg_FusionDrive", + "vg_Name", + "vg_Sequence", + "vg_Size", + "vg_Sparse", + "vg_Status", + "vg_UUID", + "vg_Version" + ], + "sectionRelativeRepoPath": "corestorage_logical_volume_families", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/corestorage_logical_volume_families.yml" + }, + { + "url": "/tables/corestorage_logical_volumes", + "title": "corestorage_logical_volumes", + "htmlId": "table--corestoragelogicalvolumes--b32c10c6c2", + "evented": false, + "platforms": [ + "darwin" + ], + "keywordsForSyntaxHighlighting": [ + "corestorage_logical_volumes", + "ContentHint", + "ConversionState", + "ConverstionProgressPercent", + "DesignatedPhysicalVolume", + "DesignatedPhysicalVolumeIdentifier", + "Identifier", + "Name", + "Sequence", + "Size", + "Status", + "UUID", + "Version", + "VolumeName", + "lvf_EncryptionStatus", + "lvf_EncryptionType", + "lvf_HasVisibleUsers", + "lvf_HasVolumeKey", + "lvf_IsAcceptingNewUsers", + "lvf_IsFullySecure", + "lvf_MayHaveEncryptedEvents", + "lvf_RequiresPasswordUnlock", + "lvf_UUID", + "vg_FreeSpace", + "vg_FusionDrive", + "vg_Name", + "vg_Sequence", + "vg_Size", + "vg_Sparse", + "vg_Status", + "vg_UUID", + "vg_Version" + ], + "sectionRelativeRepoPath": "corestorage_logical_volumes", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/corestorage_logical_volumes.yml" + }, + { + "url": "/tables/cpu_info", + "title": "cpu_info", + "htmlId": "table--cpuinfo--aa3c0cfb0c", + "evented": false, + "platforms": [ + "darwin", + "linux", + "windows" + ], + "keywordsForSyntaxHighlighting": [ + "cpu_info", + "address_width", + "availability", + "cpu_status", + "current_clock_speed", + "device_id", + "load_percentage", + "logical_processors", + "manufacturer", + "max_clock_speed", + "model", + "number_of_cores", + "number_of_efficiency_cores", + "number_of_performance_cores", + "processor_type", + "socket_designation" + ], + "sectionRelativeRepoPath": "cpu_info", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/cpu_info.yml" + }, + { + "url": "/tables/cpu_time", + "title": "cpu_time", + "htmlId": "table--cputime--8f68637ee3", + "evented": false, + "platforms": [ + "darwin", + "linux" + ], + "keywordsForSyntaxHighlighting": [ + "cpu_time", + "core", + "guest", + "guest_nice", + "idle", + "iowait", + "irq", + "nice", + "softirq", + "steal", + "system", + "user" + ], + "sectionRelativeRepoPath": "cpu_time", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/cpu_time.yml" + }, + { + "url": "/tables/cpuid", + "title": "cpuid", + "htmlId": "table--cpuid--68704a46e7", + "evented": false, + "platforms": [ + "darwin", + "linux", + "windows" + ], + "keywordsForSyntaxHighlighting": [ + "cpuid", + "feature", + "input_eax", + "output_bit", + "output_register", + "value" + ], + "sectionRelativeRepoPath": "cpuid", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/cpuid.yml" + }, + { + "url": "/tables/crashes", + "title": "crashes", + "htmlId": "table--crashes--6bccea7c2f", + "evented": false, + "platforms": [ + "darwin" + ], + "keywordsForSyntaxHighlighting": [ + "crashes", + "crash_path", + "crashed_thread", + "datetime", + "exception_codes", + "exception_notes", + "exception_type", + "identifier", + "parent", + "path", + "pid", + "registers", + "responsible", + "stack_trace", + "type", + "uid", + "version" + ], + "sectionRelativeRepoPath": "crashes", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/crashes.yml" + }, + { + "url": "/tables/crontab", + "title": "crontab", + "htmlId": "table--crontab--a8fe1b5316", + "evented": false, + "platforms": [ + "darwin", + "linux" + ], + "keywordsForSyntaxHighlighting": [ + "crontab", + "command", + "day_of_month", + "day_of_week", + "event", + "hour", + "minute", + "month", + "path", + "pid_with_namespace" + ], + "sectionRelativeRepoPath": "crontab", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/crontab.yml" + }, + { + "url": "/tables/cryptoinfo", + "title": "cryptoinfo", + "htmlId": "table--cryptoinfo--5e90627c08", + "evented": false, + "platforms": [ + "darwin", + "windows", + "linux" + ], + "keywordsForSyntaxHighlighting": [ + "cryptoinfo", + "fullkey", + "key", + "parent", + "passphrase", + "path", + "query", + "value" + ], + "sectionRelativeRepoPath": "cryptoinfo", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/cryptoinfo.yml" + }, + { + "url": "/tables/cryptsetup_status", + "title": "cryptsetup_status", + "htmlId": "table--cryptsetupstatus--3aa1264a26", + "evented": false, + "platforms": [ + "linux" + ], + "keywordsForSyntaxHighlighting": [ + "cryptsetup_status", + "fullkey", + "key", + "name", + "parent", + "query", + "value" + ], + "sectionRelativeRepoPath": "cryptsetup_status", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/cryptsetup_status.yml" + }, + { + "url": "/tables/csrutil_info", + "title": "csrutil_info", + "htmlId": "table--csrutilinfo--959d823b8e", + "evented": false, + "platforms": [ + "darwin" + ], + "keywordsForSyntaxHighlighting": [ + "csrutil_info", + "ssv_enabled" + ], + "sectionRelativeRepoPath": "csrutil_info", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/csrutil_info.yml" + }, + { + "url": "/tables/cups_destinations", + "title": "cups_destinations", + "htmlId": "table--cupsdestinations--8ccb3721f2", + "evented": false, + "platforms": [ + "darwin" + ], + "keywordsForSyntaxHighlighting": [ + "cups_destinations", + "name", + "option_name", + "option_value" + ], + "sectionRelativeRepoPath": "cups_destinations", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/cups_destinations.yml" + }, + { + "url": "/tables/cups_jobs", + "title": "cups_jobs", + "htmlId": "table--cupsjobs--3268465efb", + "evented": false, + "platforms": [ + "darwin" + ], + "keywordsForSyntaxHighlighting": [ + "cups_jobs", + "completed_time", + "creation_time", + "destination", + "format", + "processing_time", + "size", + "title", + "user" + ], + "sectionRelativeRepoPath": "cups_jobs", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/cups_jobs.yml" + }, + { + "url": "/tables/curl", + "title": "curl", + "htmlId": "table--curl--2ab03fa14d", + "evented": false, + "platforms": [ + "darwin", + "linux", + "windows" + ], + "keywordsForSyntaxHighlighting": [ + "curl", + "bytes", + "method", + "response_code", + "result", + "round_trip_time", + "url", + "user_agent" + ], + "sectionRelativeRepoPath": "curl", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/curl.yml" + }, + { + "url": "/tables/curl_certificate", + "title": "curl_certificate", + "htmlId": "table--curlcertificate--6d52c798b0", + "evented": false, + "platforms": [ + "darwin", + "linux", + "windows" + ], + "keywordsForSyntaxHighlighting": [ + "curl_certificate", + "authority_key_identifier", + "basic_constraint", + "common_name", + "dump_certificate", + "extended_key_usage", + "has_expired", + "hostname", + "info_access", + "issuer_alternative_names", + "issuer_common_name", + "issuer_organization", + "issuer_organization_unit", + "key_usage", + "name_constraints", + "organization", + "organization_unit", + "pem", + "policies", + "policy_constraints", + "policy_mappings", + "serial_number", + "sha1_fingerprint", + "sha256_fingerprint", + "signature", + "signature_algorithm", + "subject_alternative_names", + "subject_info_access", + "subject_key_identifier", + "timeout", + "valid_from", + "valid_to", + "version" + ], + "sectionRelativeRepoPath": "curl_certificate", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/curl_certificate.yml" + }, + { + "url": "/tables/deb_packages", + "title": "deb_packages", + "htmlId": "table--debpackages--f9f4ca0355", + "evented": false, + "platforms": [ + "linux" + ], + "keywordsForSyntaxHighlighting": [ + "deb_packages", + "admindir", + "arch", + "maintainer", + "mount_namespace_id", + "name", + "pid_with_namespace", + "priority", + "revision", + "section", + "size", + "source", + "status", + "version" + ], + "sectionRelativeRepoPath": "deb_packages", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/deb_packages.yml" + }, + { + "url": "/tables/default_environment", + "title": "default_environment", + "htmlId": "table--defaultenvironment--ccbaea6671", + "evented": false, + "platforms": [ + "windows" + ], + "keywordsForSyntaxHighlighting": [ + "default_environment", + "expand", + "value", + "variable" + ], + "sectionRelativeRepoPath": "default_environment", + "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fdefault_environment.yml&value=name%3A%20default_environment%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table." + }, + { + "url": "/tables/device_file", + "title": "device_file", + "htmlId": "table--devicefile--e5267d9f3e", + "evented": false, + "platforms": [ + "darwin", + "linux" + ], + "keywordsForSyntaxHighlighting": [ + "device_file", + "atime", + "block_size", + "ctime", + "device", + "filename", + "gid", + "hard_links", + "inode", + "mode", + "mtime", + "partition", + "path", + "size", + "type", + "uid" + ], + "sectionRelativeRepoPath": "device_file", + "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fdevice_file.yml&value=name%3A%20device_file%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table." + }, + { + "url": "/tables/device_firmware", + "title": "device_firmware", + "htmlId": "table--devicefirmware--ab4ba7dd63", + "evented": false, + "platforms": [ + "darwin" + ], + "keywordsForSyntaxHighlighting": [ + "device_firmware", + "device", + "type", + "version" + ], + "sectionRelativeRepoPath": "device_firmware", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/device_firmware.yml" + }, + { + "url": "/tables/device_hash", + "title": "device_hash", + "htmlId": "table--devicehash--c839a630b0", + "evented": false, + "platforms": [ + "darwin", + "linux" + ], + "keywordsForSyntaxHighlighting": [ + "device_hash", + "device", + "inode", + "md5", + "partition", + "sha1", + "sha256" + ], + "sectionRelativeRepoPath": "device_hash", + "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fdevice_hash.yml&value=name%3A%20device_hash%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table." + }, + { + "url": "/tables/device_partitions", + "title": "device_partitions", + "htmlId": "table--devicepartitions--3489019e85", + "evented": false, + "platforms": [ + "darwin", + "linux" + ], + "keywordsForSyntaxHighlighting": [ + "device_partitions", + "blocks", + "blocks_size", + "device", + "flags", + "inodes", + "label", + "offset", + "partition", + "type" + ], + "sectionRelativeRepoPath": "device_partitions", + "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fdevice_partitions.yml&value=name%3A%20device_partitions%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table." + }, + { + "url": "/tables/disk_encryption", + "title": "disk_encryption", + "htmlId": "table--diskencryption--26d5b55253", + "evented": false, + "platforms": [ + "darwin", + "linux" + ], + "keywordsForSyntaxHighlighting": [ + "disk_encryption", + "encrypted", + "encryption_status", + "filevault_status", + "name", + "type", + "uid", + "user_uuid", + "uuid" + ], + "sectionRelativeRepoPath": "disk_encryption", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/disk_encryption.yml" + }, + { + "url": "/tables/disk_events", + "title": "disk_events", + "htmlId": "table--diskevents--737534006f", + "evented": true, + "platforms": [ + "darwin" + ], + "keywordsForSyntaxHighlighting": [ + "disk_events", + "action", + "checksum", + "content", + "device", + "eid", + "ejectable", + "filesystem", + "media_name", + "mountable", + "name", + "path", + "size", + "time", + "uuid", + "vendor", + "writable" + ], + "sectionRelativeRepoPath": "disk_events", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/disk_events.yml" + }, + { + "url": "/tables/disk_info", + "title": "disk_info", + "htmlId": "table--diskinfo--e7393d4e29", + "evented": false, + "platforms": [ + "windows", + "chrome" + ], + "keywordsForSyntaxHighlighting": [ + "disk_info", + "description", + "disk_index", + "disk_size", + "hardware_model", + "id", + "manufacturer", + "name", + "partitions", + "pnp_device_id", + "serial", + "type" + ], + "sectionRelativeRepoPath": "disk_info", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/disk_info.yml" + }, + { + "url": "/tables/dns_cache", + "title": "dns_cache", + "htmlId": "table--dnscache--dc0e67fdcf", + "evented": false, + "platforms": [ + "windows" + ], + "keywordsForSyntaxHighlighting": [ + "dns_cache", + "flags", + "name", + "type" + ], + "sectionRelativeRepoPath": "dns_cache", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/dns_cache.yml" + }, + { + "url": "/tables/dns_resolvers", + "title": "dns_resolvers", + "htmlId": "table--dnsresolvers--2c8fb31e5d", + "evented": false, + "platforms": [ + "darwin", + "linux" + ], + "keywordsForSyntaxHighlighting": [ + "dns_resolvers", + "address", + "id", + "netmask", + "options", + "pid_with_namespace", + "type" + ], + "sectionRelativeRepoPath": "dns_resolvers", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/dns_resolvers.yml" + }, + { + "url": "/tables/docker_container_envs", + "title": "docker_container_envs", + "htmlId": "table--dockercontainerenvs--3f92fabef8", + "evented": false, + "platforms": [ + "darwin", + "linux" + ], + "keywordsForSyntaxHighlighting": [ + "docker_container_envs", + "id", + "key", + "value" + ], + "sectionRelativeRepoPath": "docker_container_envs", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/docker_container_envs.yml" + }, + { + "url": "/tables/docker_container_fs_changes", + "title": "docker_container_fs_changes", + "htmlId": "table--dockercontainerfschanges--e8a13529f8", + "evented": false, + "platforms": [ + "darwin", + "linux" + ], + "keywordsForSyntaxHighlighting": [ + "docker_container_fs_changes", + "change_type", + "id", + "path" + ], + "sectionRelativeRepoPath": "docker_container_fs_changes", + "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fdocker_container_fs_changes.yml&value=name%3A%20docker_container_fs_changes%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table." + }, + { + "url": "/tables/docker_container_labels", + "title": "docker_container_labels", + "htmlId": "table--dockercontainerlabels--525f815a85", + "evented": false, + "platforms": [ + "darwin", + "linux" + ], + "keywordsForSyntaxHighlighting": [ + "docker_container_labels", + "id", + "key", + "value" + ], + "sectionRelativeRepoPath": "docker_container_labels", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/docker_container_labels.yml" + }, + { + "url": "/tables/docker_container_mounts", + "title": "docker_container_mounts", + "htmlId": "table--dockercontainermounts--feffa9b278", + "evented": false, + "platforms": [ + "darwin", + "linux" + ], + "keywordsForSyntaxHighlighting": [ + "docker_container_mounts", + "destination", + "driver", + "id", + "mode", + "name", + "propagation", + "rw", + "source", + "type" + ], + "sectionRelativeRepoPath": "docker_container_mounts", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/docker_container_mounts.yml" + }, + { + "url": "/tables/docker_container_networks", + "title": "docker_container_networks", + "htmlId": "table--dockercontainernetworks--7482838a3b", + "evented": false, + "platforms": [ + "darwin", + "linux" + ], + "keywordsForSyntaxHighlighting": [ + "docker_container_networks", + "endpoint_id", + "gateway", + "id", + "ip_address", + "ip_prefix_len", + "ipv6_address", + "ipv6_gateway", + "ipv6_prefix_len", + "mac_address", + "name", + "network_id" + ], + "sectionRelativeRepoPath": "docker_container_networks", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/docker_container_networks.yml" + }, + { + "url": "/tables/docker_container_ports", + "title": "docker_container_ports", + "htmlId": "table--dockercontainerports--8fa613bed0", + "evented": false, + "platforms": [ + "darwin", + "linux" + ], + "keywordsForSyntaxHighlighting": [ + "docker_container_ports", + "host_ip", + "host_port", + "id", + "port", + "type" + ], + "sectionRelativeRepoPath": "docker_container_ports", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/docker_container_ports.yml" + }, + { + "url": "/tables/docker_container_processes", + "title": "docker_container_processes", + "htmlId": "table--dockercontainerprocesses--3790b40e9b", + "evented": false, + "platforms": [ + "darwin", + "linux" + ], + "keywordsForSyntaxHighlighting": [ + "docker_container_processes", + "cmdline", + "cpu", + "egid", + "euid", + "gid", + "id", + "mem", + "name", + "nice", + "parent", + "pgroup", + "pid", + "resident_size", + "sgid", + "start_time", + "state", + "suid", + "threads", + "time", + "total_size", + "uid", + "user", + "wired_size" + ], + "sectionRelativeRepoPath": "docker_container_processes", + "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fdocker_container_processes.yml&value=name%3A%20docker_container_processes%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table." + }, + { + "url": "/tables/docker_container_stats", + "title": "docker_container_stats", + "htmlId": "table--dockercontainerstats--55f8d1f434", + "evented": false, + "platforms": [ + "darwin", + "linux" + ], + "keywordsForSyntaxHighlighting": [ + "docker_container_stats", + "cpu_kernelmode_usage", + "cpu_total_usage", + "cpu_usermode_usage", + "disk_read", + "disk_write", + "id", + "interval", + "memory_cached", + "memory_limit", + "memory_max_usage", + "memory_usage", + "name", + "network_rx_bytes", + "network_tx_bytes", + "num_procs", + "online_cpus", + "pids", + "pre_cpu_kernelmode_usage", + "pre_cpu_total_usage", + "pre_cpu_usermode_usage", + "pre_online_cpus", + "pre_system_cpu_usage", + "preread", + "read", + "system_cpu_usage" + ], + "sectionRelativeRepoPath": "docker_container_stats", + "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fdocker_container_stats.yml&value=name%3A%20docker_container_stats%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table." + }, + { + "url": "/tables/docker_containers", + "title": "docker_containers", + "htmlId": "table--dockercontainers--e586f60cb7", + "evented": false, + "platforms": [ + "darwin", + "linux" + ], + "keywordsForSyntaxHighlighting": [ + "docker_containers", + "cgroup_namespace", + "command", + "config_entrypoint", + "created", + "env_variables", + "finished_at", + "id", + "image", + "image_id", + "ipc_namespace", + "mnt_namespace", + "name", + "net_namespace", + "path", + "pid", + "pid_namespace", + "privileged", + "readonly_rootfs", + "security_options", + "started_at", + "state", + "status", + "user_namespace", + "uts_namespace" + ], + "sectionRelativeRepoPath": "docker_containers", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/docker_containers.yml" + }, + { + "url": "/tables/docker_image_history", + "title": "docker_image_history", + "htmlId": "table--dockerimagehistory--77b04426fe", + "evented": false, + "platforms": [ + "darwin", + "linux" + ], + "keywordsForSyntaxHighlighting": [ + "docker_image_history", + "comment", + "created", + "created_by", + "id", + "size", + "tags" + ], + "sectionRelativeRepoPath": "docker_image_history", + "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fdocker_image_history.yml&value=name%3A%20docker_image_history%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table." + }, + { + "url": "/tables/docker_image_labels", + "title": "docker_image_labels", + "htmlId": "table--dockerimagelabels--14e0871386", + "evented": false, + "platforms": [ + "darwin", + "linux" + ], + "keywordsForSyntaxHighlighting": [ + "docker_image_labels", + "id", + "key", + "value" + ], + "sectionRelativeRepoPath": "docker_image_labels", + "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fdocker_image_labels.yml&value=name%3A%20docker_image_labels%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table." + }, + { + "url": "/tables/docker_image_layers", + "title": "docker_image_layers", + "htmlId": "table--dockerimagelayers--91693c4e4c", + "evented": false, + "platforms": [ + "darwin", + "linux" + ], + "keywordsForSyntaxHighlighting": [ + "docker_image_layers", + "id", + "layer_id", + "layer_order" + ], + "sectionRelativeRepoPath": "docker_image_layers", + "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fdocker_image_layers.yml&value=name%3A%20docker_image_layers%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table." + }, + { + "url": "/tables/docker_images", + "title": "docker_images", + "htmlId": "table--dockerimages--6819d40071", + "evented": false, + "platforms": [ + "darwin", + "linux" + ], + "keywordsForSyntaxHighlighting": [ + "docker_images", + "created", + "id", + "size_bytes", + "tags" + ], + "sectionRelativeRepoPath": "docker_images", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/docker_images.yml" + }, + { + "url": "/tables/docker_info", + "title": "docker_info", + "htmlId": "table--dockerinfo--2f30b285cd", + "evented": false, + "platforms": [ + "darwin", + "linux" + ], + "keywordsForSyntaxHighlighting": [ + "docker_info", + "architecture", + "bridge_nf_ip6tables", + "bridge_nf_iptables", + "cgroup_driver", + "containers", + "containers_paused", + "containers_running", + "containers_stopped", + "cpu_cfs_period", + "cpu_cfs_quota", + "cpu_set", + "cpu_shares", + "cpus", + "http_proxy", + "https_proxy", + "id", + "images", + "ipv4_forwarding", + "kernel_memory", + "kernel_version", + "logging_driver", + "memory", + "memory_limit", + "name", + "no_proxy", + "oom_kill_disable", + "os", + "os_type", + "root_dir", + "server_version", + "storage_driver", + "swap_limit" + ], + "sectionRelativeRepoPath": "docker_info", + "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fdocker_info.yml&value=name%3A%20docker_info%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table." + }, + { + "url": "/tables/docker_network_labels", + "title": "docker_network_labels", + "htmlId": "table--dockernetworklabels--1f827dc474", + "evented": false, + "platforms": [ + "darwin", + "linux" + ], + "keywordsForSyntaxHighlighting": [ + "docker_network_labels", + "id", + "key", + "value" + ], + "sectionRelativeRepoPath": "docker_network_labels", + "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fdocker_network_labels.yml&value=name%3A%20docker_network_labels%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table." + }, + { + "url": "/tables/docker_networks", + "title": "docker_networks", + "htmlId": "table--dockernetworks--2ae40ea518", + "evented": false, + "platforms": [ + "darwin", + "linux" + ], + "keywordsForSyntaxHighlighting": [ + "docker_networks", + "created", + "driver", + "enable_ipv6", + "gateway", + "id", + "name", + "subnet" + ], + "sectionRelativeRepoPath": "docker_networks", + "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fdocker_networks.yml&value=name%3A%20docker_networks%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table." + }, + { + "url": "/tables/docker_version", + "title": "docker_version", + "htmlId": "table--dockerversion--d5c8b11df6", + "evented": false, + "platforms": [ + "darwin", + "linux" + ], + "keywordsForSyntaxHighlighting": [ + "docker_version", + "api_version", + "arch", + "build_time", + "git_commit", + "go_version", + "kernel_version", + "min_api_version", + "os", + "version" + ], + "sectionRelativeRepoPath": "docker_version", + "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fdocker_version.yml&value=name%3A%20docker_version%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table." + }, + { + "url": "/tables/docker_volume_labels", + "title": "docker_volume_labels", + "htmlId": "table--dockervolumelabels--45adc74ba3", + "evented": false, + "platforms": [ + "darwin", + "linux" + ], + "keywordsForSyntaxHighlighting": [ + "docker_volume_labels", + "key", + "name", + "value" + ], + "sectionRelativeRepoPath": "docker_volume_labels", + "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fdocker_volume_labels.yml&value=name%3A%20docker_volume_labels%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table." + }, + { + "url": "/tables/docker_volumes", + "title": "docker_volumes", + "htmlId": "table--dockervolumes--cee95f6b90", + "evented": false, + "platforms": [ + "darwin", + "linux" + ], + "keywordsForSyntaxHighlighting": [ + "docker_volumes", + "driver", + "mount_point", + "name", + "type" + ], + "sectionRelativeRepoPath": "docker_volumes", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/docker_volumes.yml" + }, + { + "url": "/tables/drivers", + "title": "drivers", + "htmlId": "table--drivers--58290d489f", + "evented": false, + "platforms": [ + "windows" + ], + "keywordsForSyntaxHighlighting": [ + "drivers", + "class", + "date", + "description", + "device_id", + "device_name", + "driver_key", + "image", + "inf", + "manufacturer", + "provider", + "service", + "service_key", + "signed", + "version" + ], + "sectionRelativeRepoPath": "drivers", + "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fdrivers.yml&value=name%3A%20drivers%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table." + }, + { + "url": "/tables/dscl", + "title": "dscl", + "htmlId": "table--dscl--54e7060384", + "evented": false, + "platforms": [ + "darwin" + ], + "keywordsForSyntaxHighlighting": [ + "dscl", + "command", + "key", + "path", + "value" + ], + "sectionRelativeRepoPath": "dscl", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/dscl.yml" + }, + { + "url": "/tables/ec2_instance_metadata", + "title": "ec2_instance_metadata", + "htmlId": "table--ec2instancemetadata--8b1828d8f6", + "evented": false, + "platforms": [ + "darwin", + "linux", + "windows" + ], + "keywordsForSyntaxHighlighting": [ + "ec2_instance_metadata", + "account_id", + "ami_id", + "architecture", + "availability_zone", + "iam_arn", + "instance_id", + "instance_type", + "local_hostname", + "local_ipv4", + "mac", + "region", + "reservation_id", + "security_groups", + "ssh_public_key" + ], + "sectionRelativeRepoPath": "ec2_instance_metadata", + "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fec2_instance_metadata.yml&value=name%3A%20ec2_instance_metadata%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table." + }, + { + "url": "/tables/ec2_instance_tags", + "title": "ec2_instance_tags", + "htmlId": "table--ec2instancetags--450384158f", + "evented": false, + "platforms": [ + "darwin", + "linux", + "windows" + ], + "keywordsForSyntaxHighlighting": [ + "ec2_instance_tags", + "instance_id", + "key", + "value" + ], + "sectionRelativeRepoPath": "ec2_instance_tags", + "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fec2_instance_tags.yml&value=name%3A%20ec2_instance_tags%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table." + }, + { + "url": "/tables/es_process_events", + "title": "es_process_events", + "htmlId": "table--esprocessevents--d79d694750", + "evented": true, + "platforms": [ + "darwin" + ], + "keywordsForSyntaxHighlighting": [ + "es_process_events", + "cdhash", + "child_pid", + "cmdline", + "cmdline_count", + "codesigning_flags", + "cwd", + "egid", + "eid", + "env", + "env_count", + "euid", + "event_type", + "exit_code", + "gid", + "global_seq_num", + "original_parent", + "parent", + "path", + "pid", + "platform_binary", + "seq_num", + "signing_id", + "team_id", + "time", + "uid", + "username", + "version" + ], + "sectionRelativeRepoPath": "es_process_events", + "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fes_process_events.yml&value=name%3A%20es_process_events%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table." + }, + { + "url": "/tables/es_process_file_events", + "title": "es_process_file_events", + "htmlId": "table--esprocessfileevents--e28968a0e8", + "evented": true, + "platforms": [ + "darwin" + ], + "keywordsForSyntaxHighlighting": [ + "es_process_file_events", + "dest_filename", + "eid", + "event_type", + "filename", + "global_seq_num", + "parent", + "path", + "pid", + "seq_num", + "time", + "version" + ], + "sectionRelativeRepoPath": "es_process_file_events", + "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fes_process_file_events.yml&value=name%3A%20es_process_file_events%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table." + }, + { + "url": "/tables/etc_hosts", + "title": "etc_hosts", + "htmlId": "table--etchosts--a56205b3f9", + "evented": false, + "platforms": [ + "darwin", + "linux", + "windows" + ], + "keywordsForSyntaxHighlighting": [ + "etc_hosts", + "address", + "hostnames", + "pid_with_namespace" + ], + "sectionRelativeRepoPath": "etc_hosts", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/etc_hosts.yml" + }, + { + "url": "/tables/etc_protocols", + "title": "etc_protocols", + "htmlId": "table--etcprotocols--b5ffb257d1", + "evented": false, + "platforms": [ + "darwin", + "linux", + "windows" + ], + "keywordsForSyntaxHighlighting": [ + "etc_protocols", + "alias", + "comment", + "name", + "number" + ], + "sectionRelativeRepoPath": "etc_protocols", + "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fetc_protocols.yml&value=name%3A%20etc_protocols%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table." + }, + { + "url": "/tables/etc_services", + "title": "etc_services", + "htmlId": "table--etcservices--454572c18c", + "evented": false, + "platforms": [ + "darwin", + "linux", + "windows" + ], + "keywordsForSyntaxHighlighting": [ + "etc_services", + "aliases", + "comment", + "name", + "port", + "protocol" + ], + "sectionRelativeRepoPath": "etc_services", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/etc_services.yml" + }, + { + "url": "/tables/event_taps", + "title": "event_taps", + "htmlId": "table--eventtaps--b2afde9ecc", + "evented": false, + "platforms": [ + "darwin" + ], + "keywordsForSyntaxHighlighting": [ + "event_taps", + "enabled", + "event_tap_id", + "event_tapped", + "process_being_tapped", + "tapping_process" + ], + "sectionRelativeRepoPath": "event_taps", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/event_taps.yml" + }, + { + "url": "/tables/extended_attributes", + "title": "extended_attributes", + "htmlId": "table--extendedattributes--9dea030217", + "evented": false, + "platforms": [ + "darwin", + "linux" + ], + "keywordsForSyntaxHighlighting": [ + "extended_attributes", + "base64", + "directory", + "key", + "path", + "value" + ], + "sectionRelativeRepoPath": "extended_attributes", + "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fextended_attributes.yml&value=name%3A%20extended_attributes%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table." + }, + { + "url": "/tables/falcon_kernel_check", + "title": "falcon_kernel_check", + "htmlId": "table--falconkernelcheck--5479232641", + "evented": false, + "platforms": [ + "linux" + ], + "keywordsForSyntaxHighlighting": [ + "falcon_kernel_check", + "kernel", + "sensor_version", + "supported" + ], + "sectionRelativeRepoPath": "falcon_kernel_check", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/falcon_kernel_check.yml" + }, + { + "url": "/tables/falconctl_options", + "title": "falconctl_options", + "htmlId": "table--falconctloptions--7106491b65", + "evented": false, + "platforms": [ + "linux" + ], + "keywordsForSyntaxHighlighting": [ + "falconctl_options", + "options" + ], + "sectionRelativeRepoPath": "falconctl_options", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/falconctl_options.yml" + }, + { + "url": "/tables/fan_speed_sensors", + "title": "fan_speed_sensors", + "htmlId": "table--fanspeedsensors--32417c8bf6", + "evented": false, + "platforms": [ + "darwin" + ], + "keywordsForSyntaxHighlighting": [ + "fan_speed_sensors", + "actual", + "fan", + "max", + "min", + "name", + "target" + ], + "sectionRelativeRepoPath": "fan_speed_sensors", + "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Ffan_speed_sensors.yml&value=name%3A%20fan_speed_sensors%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table." + }, + { + "url": "/tables/file", + "title": "file", + "htmlId": "table--file--5f21761417", + "evented": false, + "platforms": [ + "darwin", + "linux", + "windows" + ], + "keywordsForSyntaxHighlighting": [ + "file", + "atime", + "attributes", + "block_size", + "bsd_flags", + "btime", + "ctime", + "device", + "directory", + "file_id", + "file_version", + "filename", + "gid", + "hard_links", + "inode", + "mode", + "mount_namespace_id", + "mtime", + "original_filename", + "path", + "pid_with_namespace", + "product_version", + "shortcut_comment", + "shortcut_run", + "shortcut_start_in", + "shortcut_target_location", + "shortcut_target_path", + "shortcut_target_type", + "size", + "symlink", + "type", + "uid", + "volume_serial" + ], + "sectionRelativeRepoPath": "file", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/file.yml" + }, + { + "url": "/tables/file_events", + "title": "file_events", + "htmlId": "table--fileevents--7d5b0a2d3e", + "evented": true, + "platforms": [ + "darwin", + "linux" + ], + "keywordsForSyntaxHighlighting": [ + "file_events", + "action", + "atime", + "category", + "ctime", + "eid", + "gid", + "hashed", + "inode", + "md5", + "mode", + "mtime", + "sha1", + "sha256", + "size", + "target_path", + "time", + "transaction_id", + "uid" + ], + "sectionRelativeRepoPath": "file_events", + "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Ffile_events.yml&value=name%3A%20file_events%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table." + }, + { + "url": "/tables/file_lines", + "title": "file_lines", + "htmlId": "table--filelines--66f7e5497f", + "evented": false, + "platforms": [ + "darwin", + "windows", + "linux" + ], + "keywordsForSyntaxHighlighting": [ + "file_lines", + "line", + "path" + ], + "sectionRelativeRepoPath": "file_lines", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/file_lines.yml" + }, + { + "url": "/tables/filevault_prk", + "title": "filevault_prk", + "htmlId": "table--filevaultprk--4327326014", + "evented": false, + "platforms": [ + "darwin" + ], + "keywordsForSyntaxHighlighting": [ + "filevault_prk", + "base64_encrypted" + ], + "sectionRelativeRepoPath": "filevault_prk", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/filevault_prk.yml" + }, + { + "url": "/tables/filevault_status", + "title": "filevault_status", + "htmlId": "table--filevaultstatus--808666eddb", + "evented": false, + "platforms": [ + "darwin" + ], + "keywordsForSyntaxHighlighting": [ + "filevault_status", + "status" + ], + "sectionRelativeRepoPath": "filevault_status", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/filevault_status.yml" + }, + { + "url": "/tables/filevault_users", + "title": "filevault_users", + "htmlId": "table--filevaultusers--283a958213", + "evented": false, + "platforms": [ + "darwin" + ], + "keywordsForSyntaxHighlighting": [ + "filevault_users", + "username", + "uuid" + ], + "sectionRelativeRepoPath": "filevault_users", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/filevault_users.yml" + }, + { + "url": "/tables/find_cmd", + "title": "find_cmd", + "htmlId": "table--findcmd--6d09c7cd5f", + "evented": false, + "platforms": [ + "darwin" + ], + "keywordsForSyntaxHighlighting": [ + "find_cmd", + "directory", + "path", + "perm", + "type" + ], + "sectionRelativeRepoPath": "find_cmd", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/find_cmd.yml" + }, + { + "url": "/tables/firefox_addons", + "title": "firefox_addons", + "htmlId": "table--firefoxaddons--9eabc39fea", + "evented": false, + "platforms": [ + "darwin", + "linux", + "windows" + ], + "keywordsForSyntaxHighlighting": [ + "firefox_addons", + "active", + "autoupdate", + "creator", + "description", + "disabled", + "identifier", + "location", + "name", + "path", + "source_url", + "type", + "uid", + "version", + "visible" + ], + "sectionRelativeRepoPath": "firefox_addons", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/firefox_addons.yml" + }, + { + "url": "/tables/firefox_preferences", + "title": "firefox_preferences", + "htmlId": "table--firefoxpreferences--2366a56fa1", + "evented": false, + "platforms": [ + "darwin" + ], + "keywordsForSyntaxHighlighting": [ + "firefox_preferences", + "fullkey", + "key", + "parent", + "path", + "query", + "value" + ], + "sectionRelativeRepoPath": "firefox_preferences", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/firefox_preferences.yml" + }, + { + "url": "/tables/firmware_eficheck_integrity_check", + "title": "firmware_eficheck_integrity_check", + "htmlId": "table--firmwareeficheckintegritycheck--88da320790", + "evented": false, + "platforms": [ + "darwin" + ], + "keywordsForSyntaxHighlighting": [ + "firmware_eficheck_integrity_check", + "chip", + "output" + ], + "sectionRelativeRepoPath": "firmware_eficheck_integrity_check", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/firmware_eficheck_integrity_check.yml" + }, + { + "url": "/tables/firmwarepasswd", + "title": "firmwarepasswd", + "htmlId": "table--firmwarepasswd--34c47d2dc2", + "evented": false, + "platforms": [ + "darwin" + ], + "keywordsForSyntaxHighlighting": [ + "firmwarepasswd", + "mode", + "option_roms_allowed", + "password_enabled" + ], + "sectionRelativeRepoPath": "firmwarepasswd", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/firmwarepasswd.yml" + }, + { + "url": "/tables/fleetd_logs", + "title": "fleetd_logs", + "htmlId": "table--fleetdlogs--04f95fb2e5", + "evented": false, + "platforms": [ + "darwin", + "windows", + "linux" + ], + "keywordsForSyntaxHighlighting": [ + "fleetd_logs", + "error", + "level", + "message", + "payload", + "time" + ], + "sectionRelativeRepoPath": "fleetd_logs", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/fleetd_logs.yml" + }, + { + "url": "/tables/gatekeeper", + "title": "gatekeeper", + "htmlId": "table--gatekeeper--c48826d081", + "evented": false, + "platforms": [ + "darwin" + ], + "keywordsForSyntaxHighlighting": [ + "gatekeeper", + "assessments_enabled", + "dev_id_enabled", + "opaque_version", + "version" + ], + "sectionRelativeRepoPath": "gatekeeper", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/gatekeeper.yml" + }, + { + "url": "/tables/gatekeeper_approved_apps", + "title": "gatekeeper_approved_apps", + "htmlId": "table--gatekeeperapprovedapps--ccb2041adc", + "evented": false, + "platforms": [ + "darwin" + ], + "keywordsForSyntaxHighlighting": [ + "gatekeeper_approved_apps", + "ctime", + "mtime", + "path", + "requirement" + ], + "sectionRelativeRepoPath": "gatekeeper_approved_apps", + "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fgatekeeper_approved_apps.yml&value=name%3A%20gatekeeper_approved_apps%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table." + }, + { + "url": "/tables/geolocation", + "title": "geolocation", + "htmlId": "table--geolocation--0338bc3ba9", + "evented": false, + "platforms": [ + "chrome" + ], + "keywordsForSyntaxHighlighting": [ + "geolocation", + "city", + "country", + "ip", + "region" + ], + "sectionRelativeRepoPath": "geolocation", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/geolocation.yml" + }, + { + "url": "/tables/google_chrome_profiles", + "title": "google_chrome_profiles", + "htmlId": "table--googlechromeprofiles--bc22157648", + "evented": false, + "platforms": [ + "darwin", + "windows", + "linux" + ], + "keywordsForSyntaxHighlighting": [ + "google_chrome_profiles", + "email", + "ephemeral", + "name", + "username" + ], + "sectionRelativeRepoPath": "google_chrome_profiles", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/google_chrome_profiles.yml" + }, + { + "url": "/tables/groups", + "title": "groups", + "htmlId": "table--groups--05fec1d6ce", + "evented": false, + "platforms": [ + "darwin", + "linux", + "windows" + ], + "keywordsForSyntaxHighlighting": [ + "groups", + "comment", + "gid", + "gid_signed", + "group_sid", + "groupname", + "is_hidden", + "pid_with_namespace" + ], + "sectionRelativeRepoPath": "groups", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/groups.yml" + }, + { + "url": "/tables/hardware_events", + "title": "hardware_events", + "htmlId": "table--hardwareevents--f7cce3883a", + "evented": true, + "platforms": [ + "darwin", + "linux" + ], + "keywordsForSyntaxHighlighting": [ + "hardware_events", + "action", + "driver", + "eid", + "model", + "model_id", + "path", + "revision", + "serial", + "time", + "type", + "vendor", + "vendor_id" + ], + "sectionRelativeRepoPath": "hardware_events", + "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fhardware_events.yml&value=name%3A%20hardware_events%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table." + }, + { + "url": "/tables/hash", + "title": "hash", + "htmlId": "table--hash--c08ce91512", + "evented": false, + "platforms": [ + "darwin", + "linux", + "windows" + ], + "keywordsForSyntaxHighlighting": [ + "hash", + "directory", + "md5", + "mount_namespace_id", + "path", + "pid_with_namespace", + "sha1", + "sha256" + ], + "sectionRelativeRepoPath": "hash", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/hash.yml" + }, + { + "url": "/tables/homebrew_packages", + "title": "homebrew_packages", + "htmlId": "table--homebrewpackages--9c26173ba7", + "evented": false, + "platforms": [ + "darwin" + ], + "keywordsForSyntaxHighlighting": [ + "homebrew_packages", + "name", + "path", + "prefix", + "type", + "version" + ], + "sectionRelativeRepoPath": "homebrew_packages", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/homebrew_packages.yml" + }, + { + "url": "/tables/hvci_status", + "title": "hvci_status", + "htmlId": "table--hvcistatus--46a3ee08e5", + "evented": false, + "platforms": [ + "windows" + ], + "keywordsForSyntaxHighlighting": [ + "hvci_status", + "code_integrity_policy_enforcement_status", + "instance_identifier", + "umci_policy_status", + "vbs_status", + "version" + ], + "sectionRelativeRepoPath": "hvci_status", + "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fhvci_status.yml&value=name%3A%20hvci_status%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table." + }, + { + "url": "/tables/ibridge_info", + "title": "ibridge_info", + "htmlId": "table--ibridgeinfo--38f5f5d7eb", + "evented": false, + "platforms": [ + "darwin" + ], + "keywordsForSyntaxHighlighting": [ + "ibridge_info", + "boot_uuid", + "coprocessor_version", + "firmware_version", + "unique_chip_id" + ], + "sectionRelativeRepoPath": "ibridge_info", + "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fibridge_info.yml&value=name%3A%20ibridge_info%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table." + }, + { + "url": "/tables/icloud_private_relay", + "title": "icloud_private_relay", + "htmlId": "table--icloudprivaterelay--7cbb9c575c", + "evented": false, + "platforms": [ + "darwin" + ], + "keywordsForSyntaxHighlighting": [ + "icloud_private_relay", + "status" + ], + "sectionRelativeRepoPath": "icloud_private_relay", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/icloud_private_relay.yml" + }, + { + "url": "/tables/ie_extensions", + "title": "ie_extensions", + "htmlId": "table--ieextensions--412b814817", + "evented": false, + "platforms": [ + "windows" + ], + "keywordsForSyntaxHighlighting": [ + "ie_extensions", + "name", + "path", + "registry_path", + "version" + ], + "sectionRelativeRepoPath": "ie_extensions", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/ie_extensions.yml" + }, + { + "url": "/tables/intel_me_info", + "title": "intel_me_info", + "htmlId": "table--intelmeinfo--fd5eb9626f", + "evented": false, + "platforms": [ + "linux", + "windows" + ], + "keywordsForSyntaxHighlighting": [ + "intel_me_info", + "version" + ], + "sectionRelativeRepoPath": "intel_me_info", + "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fintel_me_info.yml&value=name%3A%20intel_me_info%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table." + }, + { + "url": "/tables/interface_addresses", + "title": "interface_addresses", + "htmlId": "table--interfaceaddresses--4163068693", + "evented": false, + "platforms": [ + "darwin", + "linux", + "windows" + ], + "keywordsForSyntaxHighlighting": [ + "interface_addresses", + "address", + "broadcast", + "friendly_name", + "interface", + "mask", + "point_to_point", + "type" + ], + "sectionRelativeRepoPath": "interface_addresses", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/interface_addresses.yml" + }, + { + "url": "/tables/interface_details", + "title": "interface_details", + "htmlId": "table--interfacedetails--c8234f77ad", + "evented": false, + "platforms": [ + "darwin", + "linux", + "windows" + ], + "keywordsForSyntaxHighlighting": [ + "interface_details", + "collisions", + "connection_id", + "connection_status", + "description", + "dhcp_enabled", + "dhcp_lease_expires", + "dhcp_lease_obtained", + "dhcp_server", + "dns_domain", + "dns_domain_suffix_search_order", + "dns_host_name", + "dns_server_search_order", + "enabled", + "flags", + "friendly_name", + "ibytes", + "idrops", + "ierrors", + "interface", + "ipackets", + "last_change", + "link_speed", + "mac", + "manufacturer", + "metric", + "mtu", + "obytes", + "odrops", + "oerrors", + "opackets", + "pci_slot", + "physical_adapter", + "service", + "speed", + "type" + ], + "sectionRelativeRepoPath": "interface_details", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/interface_details.yml" + }, + { + "url": "/tables/interface_ipv6", + "title": "interface_ipv6", + "htmlId": "table--interfaceipv6--48a78776ae", + "evented": false, + "platforms": [ + "darwin", + "linux" + ], + "keywordsForSyntaxHighlighting": [ + "interface_ipv6", + "forwarding_enabled", + "hop_limit", + "interface", + "redirect_accept", + "rtadv_accept" + ], + "sectionRelativeRepoPath": "interface_ipv6", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/interface_ipv6.yml" + }, + { + "url": "/tables/iokit_devicetree", + "title": "iokit_devicetree", + "htmlId": "table--iokitdevicetree--475d23de81", + "evented": false, + "platforms": [ + "darwin" + ], + "keywordsForSyntaxHighlighting": [ + "iokit_devicetree", + "busy_state", + "class", + "depth", + "device_path", + "id", + "name", + "parent", + "retain_count", + "service" + ], + "sectionRelativeRepoPath": "iokit_devicetree", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/iokit_devicetree.yml" + }, + { + "url": "/tables/iokit_registry", + "title": "iokit_registry", + "htmlId": "table--iokitregistry--213523c85d", + "evented": false, + "platforms": [ + "darwin" + ], + "keywordsForSyntaxHighlighting": [ + "iokit_registry", + "busy_state", + "class", + "depth", + "id", + "name", + "parent", + "retain_count" + ], + "sectionRelativeRepoPath": "iokit_registry", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/iokit_registry.yml" + }, + { + "url": "/tables/ioreg", + "title": "ioreg", + "htmlId": "table--ioreg--64934c5b2c", + "evented": false, + "platforms": [ + "darwin" + ], + "keywordsForSyntaxHighlighting": [ + "ioreg", + "c", + "d", + "fullkey", + "k", + "key", + "n", + "p", + "parent", + "query", + "r", + "value" + ], + "sectionRelativeRepoPath": "ioreg", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/ioreg.yml" + }, + { + "url": "/tables/iptables", + "title": "iptables", + "htmlId": "table--iptables--73fe23ccfd", + "evented": false, + "platforms": [ + "linux" + ], + "keywordsForSyntaxHighlighting": [ + "iptables", + "bytes", + "chain", + "dst_ip", + "dst_mask", + "dst_port", + "filter_name", + "iniface", + "iniface_mask", + "match", + "outiface", + "outiface_mask", + "packets", + "policy", + "protocol", + "src_ip", + "src_mask", + "src_port", + "target" + ], + "sectionRelativeRepoPath": "iptables", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/iptables.yml" + }, + { + "url": "/tables/kernel_extensions", + "title": "kernel_extensions", + "htmlId": "table--kernelextensions--015ed33cfc", + "evented": false, + "platforms": [ + "darwin" + ], + "keywordsForSyntaxHighlighting": [ + "kernel_extensions", + "idx", + "linked_against", + "name", + "path", + "refs", + "size", + "version" + ], + "sectionRelativeRepoPath": "kernel_extensions", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/kernel_extensions.yml" + }, + { + "url": "/tables/kernel_info", + "title": "kernel_info", + "htmlId": "table--kernelinfo--e02ab4d886", + "evented": false, + "platforms": [ + "darwin", + "linux", + "windows" + ], + "keywordsForSyntaxHighlighting": [ + "kernel_info", + "arguments", + "device", + "path", + "version" + ], + "sectionRelativeRepoPath": "kernel_info", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/kernel_info.yml" + }, + { + "url": "/tables/kernel_keys", + "title": "kernel_keys", + "htmlId": "table--kernelkeys--c3a84244c8", + "evented": false, + "platforms": [ + "linux" + ], + "keywordsForSyntaxHighlighting": [ + "kernel_keys", + "description", + "flags", + "gid", + "permissions", + "serial_number", + "timeout", + "type", + "uid", + "usage" + ], + "sectionRelativeRepoPath": "kernel_keys", + "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fkernel_keys.yml&value=name%3A%20kernel_keys%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table." + }, + { + "url": "/tables/kernel_modules", + "title": "kernel_modules", + "htmlId": "table--kernelmodules--c9051ad100", + "evented": false, + "platforms": [ + "linux" + ], + "keywordsForSyntaxHighlighting": [ + "kernel_modules", + "address", + "name", + "size", + "status", + "used_by" + ], + "sectionRelativeRepoPath": "kernel_modules", + "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fkernel_modules.yml&value=name%3A%20kernel_modules%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table." + }, + { + "url": "/tables/kernel_panics", + "title": "kernel_panics", + "htmlId": "table--kernelpanics--c6cb2cce6e", + "evented": false, + "platforms": [ + "darwin" + ], + "keywordsForSyntaxHighlighting": [ + "kernel_panics", + "dependencies", + "frame_backtrace", + "kernel_version", + "last_loaded", + "last_unloaded", + "module_backtrace", + "name", + "os_version", + "path", + "registers", + "system_model", + "time", + "uptime" + ], + "sectionRelativeRepoPath": "kernel_panics", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/kernel_panics.yml" + }, + { + "url": "/tables/keychain_acls", + "title": "keychain_acls", + "htmlId": "table--keychainacls--e46564a1f0", + "evented": false, + "platforms": [ + "darwin" + ], + "keywordsForSyntaxHighlighting": [ + "keychain_acls", + "authorizations", + "description", + "keychain_path", + "label", + "path" + ], + "sectionRelativeRepoPath": "keychain_acls", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/keychain_acls.yml" + }, + { + "url": "/tables/keychain_items", + "title": "keychain_items", + "htmlId": "table--keychainitems--ceb19aa966", + "evented": false, + "platforms": [ + "darwin" + ], + "keywordsForSyntaxHighlighting": [ + "keychain_items", + "account", + "comment", + "created", + "description", + "label", + "modified", + "path", + "pk_hash", + "type" + ], + "sectionRelativeRepoPath": "keychain_items", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/keychain_items.yml" + }, + { + "url": "/tables/known_hosts", + "title": "known_hosts", + "htmlId": "table--knownhosts--2c508bc3c8", + "evented": false, + "platforms": [ + "darwin", + "linux" + ], + "keywordsForSyntaxHighlighting": [ + "known_hosts", + "key", + "key_file", + "uid" + ], + "sectionRelativeRepoPath": "known_hosts", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/known_hosts.yml" + }, + { + "url": "/tables/kva_speculative_info", + "title": "kva_speculative_info", + "htmlId": "table--kvaspeculativeinfo--aa9ff39cc2", + "evented": false, + "platforms": [ + "windows" + ], + "keywordsForSyntaxHighlighting": [ + "kva_speculative_info", + "bp_microcode_disabled", + "bp_mitigations", + "bp_system_pol_disabled", + "cpu_pred_cmd_supported", + "cpu_spec_ctrl_supported", + "ibrs_support_enabled", + "kva_shadow_enabled", + "kva_shadow_inv_pcid", + "kva_shadow_pcid", + "kva_shadow_user_global", + "stibp_support_enabled" + ], + "sectionRelativeRepoPath": "kva_speculative_info", + "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fkva_speculative_info.yml&value=name%3A%20kva_speculative_info%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table." + }, + { + "url": "/tables/last", + "title": "last", + "htmlId": "table--last--81b773b51e", + "evented": false, + "platforms": [ + "darwin", + "linux" + ], + "keywordsForSyntaxHighlighting": [ + "last", + "host", + "pid", + "time", + "tty", + "type", + "type_name", + "username" + ], + "sectionRelativeRepoPath": "last", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/last.yml" + }, + { + "url": "/tables/launchd", + "title": "launchd", + "htmlId": "table--launchd--e309e31831", + "evented": false, + "platforms": [ + "darwin" + ], + "keywordsForSyntaxHighlighting": [ + "launchd", + "disabled", + "groupname", + "inetd_compatibility", + "keep_alive", + "label", + "name", + "on_demand", + "path", + "process_type", + "program", + "program_arguments", + "queue_directories", + "root_directory", + "run_at_load", + "start_interval", + "start_on_mount", + "stderr_path", + "stdout_path", + "username", + "watch_paths", + "working_directory" + ], + "sectionRelativeRepoPath": "launchd", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/launchd.yml" + }, + { + "url": "/tables/launchd_overrides", + "title": "launchd_overrides", + "htmlId": "table--launchdoverrides--89410cb367", + "evented": false, + "platforms": [ + "darwin" + ], + "keywordsForSyntaxHighlighting": [ + "launchd_overrides", + "key", + "label", + "path", + "uid", + "value" + ], + "sectionRelativeRepoPath": "launchd_overrides", + "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Flaunchd_overrides.yml&value=name%3A%20launchd_overrides%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table." + }, + { + "url": "/tables/listening_ports", + "title": "listening_ports", + "htmlId": "table--listeningports--de6bf76ec3", + "evented": false, + "platforms": [ + "darwin", + "linux", + "windows" + ], + "keywordsForSyntaxHighlighting": [ + "listening_ports", + "address", + "family", + "fd", + "net_namespace", + "path", + "pid", + "port", + "protocol", + "socket" + ], + "sectionRelativeRepoPath": "listening_ports", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/listening_ports.yml" + }, + { + "url": "/tables/load_average", + "title": "load_average", + "htmlId": "table--loadaverage--f5f080e140", + "evented": false, + "platforms": [ + "darwin", + "linux" + ], + "keywordsForSyntaxHighlighting": [ + "load_average", + "average", + "period" + ], + "sectionRelativeRepoPath": "load_average", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/load_average.yml" + }, + { + "url": "/tables/location_services", + "title": "location_services", + "htmlId": "table--locationservices--f22473f4be", + "evented": false, + "platforms": [ + "darwin" + ], + "keywordsForSyntaxHighlighting": [ + "location_services", + "enabled" + ], + "sectionRelativeRepoPath": "location_services", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/location_services.yml" + }, + { + "url": "/tables/logged_in_users", + "title": "logged_in_users", + "htmlId": "table--loggedinusers--bd140b0e93", + "evented": false, + "platforms": [ + "darwin", + "linux", + "windows" + ], + "keywordsForSyntaxHighlighting": [ + "logged_in_users", + "host", + "pid", + "registry_hive", + "sid", + "time", + "tty", + "type", + "user" + ], + "sectionRelativeRepoPath": "logged_in_users", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/logged_in_users.yml" + }, + { + "url": "/tables/logical_drives", + "title": "logical_drives", + "htmlId": "table--logicaldrives--e69b777f6c", + "evented": false, + "platforms": [ + "windows" + ], + "keywordsForSyntaxHighlighting": [ + "logical_drives", + "boot_partition", + "description", + "device_id", + "file_system", + "free_space", + "size", + "type" + ], + "sectionRelativeRepoPath": "logical_drives", + "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Flogical_drives.yml&value=name%3A%20logical_drives%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table." + }, + { + "url": "/tables/logon_sessions", + "title": "logon_sessions", + "htmlId": "table--logonsessions--54d10b59e8", + "evented": false, + "platforms": [ + "windows" + ], + "keywordsForSyntaxHighlighting": [ + "logon_sessions", + "authentication_package", + "dns_domain_name", + "home_directory", + "home_directory_drive", + "logon_domain", + "logon_id", + "logon_script", + "logon_server", + "logon_sid", + "logon_time", + "logon_type", + "profile_path", + "session_id", + "upn", + "user" + ], + "sectionRelativeRepoPath": "logon_sessions", + "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Flogon_sessions.yml&value=name%3A%20logon_sessions%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table." + }, + { + "url": "/tables/lxd_certificates", + "title": "lxd_certificates", + "htmlId": "table--lxdcertificates--06e045fa14", + "evented": false, + "platforms": [ + "linux" + ], + "keywordsForSyntaxHighlighting": [ + "lxd_certificates", + "certificate", + "fingerprint", + "name", + "type" + ], + "sectionRelativeRepoPath": "lxd_certificates", + "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Flxd_certificates.yml&value=name%3A%20lxd_certificates%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table." + }, + { + "url": "/tables/lxd_cluster", + "title": "lxd_cluster", + "htmlId": "table--lxdcluster--a8491b6203", + "evented": false, + "platforms": [ + "linux" + ], + "keywordsForSyntaxHighlighting": [ + "lxd_cluster", + "enabled", + "member_config_description", + "member_config_entity", + "member_config_key", + "member_config_name", + "member_config_value", + "server_name" + ], + "sectionRelativeRepoPath": "lxd_cluster", + "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Flxd_cluster.yml&value=name%3A%20lxd_cluster%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table." + }, + { + "url": "/tables/lxd_cluster_members", + "title": "lxd_cluster_members", + "htmlId": "table--lxdclustermembers--7d6e6837d2", + "evented": false, + "platforms": [ + "linux" + ], + "keywordsForSyntaxHighlighting": [ + "lxd_cluster_members", + "database", + "message", + "server_name", + "status", + "url" + ], + "sectionRelativeRepoPath": "lxd_cluster_members", + "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Flxd_cluster_members.yml&value=name%3A%20lxd_cluster_members%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table." + }, + { + "url": "/tables/lxd_images", + "title": "lxd_images", + "htmlId": "table--lxdimages--55db6fdd97", + "evented": false, + "platforms": [ + "linux" + ], + "keywordsForSyntaxHighlighting": [ + "lxd_images", + "aliases", + "architecture", + "auto_update", + "cached", + "created_at", + "description", + "expires_at", + "filename", + "id", + "last_used_at", + "os", + "public", + "release", + "size", + "update_source_alias", + "update_source_certificate", + "update_source_protocol", + "update_source_server", + "uploaded_at" + ], + "sectionRelativeRepoPath": "lxd_images", + "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Flxd_images.yml&value=name%3A%20lxd_images%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table." + }, + { + "url": "/tables/lxd_instance_config", + "title": "lxd_instance_config", + "htmlId": "table--lxdinstanceconfig--54469816ca", + "evented": false, + "platforms": [ + "linux" + ], + "keywordsForSyntaxHighlighting": [ + "lxd_instance_config", + "key", + "name", + "value" + ], + "sectionRelativeRepoPath": "lxd_instance_config", + "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Flxd_instance_config.yml&value=name%3A%20lxd_instance_config%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table." + }, + { + "url": "/tables/lxd_instance_devices", + "title": "lxd_instance_devices", + "htmlId": "table--lxdinstancedevices--f28caba867", + "evented": false, + "platforms": [ + "linux" + ], + "keywordsForSyntaxHighlighting": [ + "lxd_instance_devices", + "device", + "device_type", + "key", + "name", + "value" + ], + "sectionRelativeRepoPath": "lxd_instance_devices", + "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Flxd_instance_devices.yml&value=name%3A%20lxd_instance_devices%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table." + }, + { + "url": "/tables/lxd_instances", + "title": "lxd_instances", + "htmlId": "table--lxdinstances--77d953ad3e", + "evented": false, + "platforms": [ + "linux" + ], + "keywordsForSyntaxHighlighting": [ + "lxd_instances", + "architecture", + "base_image", + "created_at", + "description", + "ephemeral", + "name", + "os", + "pid", + "processes", + "stateful", + "status" + ], + "sectionRelativeRepoPath": "lxd_instances", + "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Flxd_instances.yml&value=name%3A%20lxd_instances%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table." + }, + { + "url": "/tables/lxd_networks", + "title": "lxd_networks", + "htmlId": "table--lxdnetworks--7dd5f10782", + "evented": false, + "platforms": [ + "linux" + ], + "keywordsForSyntaxHighlighting": [ + "lxd_networks", + "bytes_received", + "bytes_sent", + "hwaddr", + "ipv4_address", + "ipv6_address", + "managed", + "mtu", + "name", + "packets_received", + "packets_sent", + "state", + "type", + "used_by" + ], + "sectionRelativeRepoPath": "lxd_networks", + "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Flxd_networks.yml&value=name%3A%20lxd_networks%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table." + }, + { + "url": "/tables/lxd_storage_pools", + "title": "lxd_storage_pools", + "htmlId": "table--lxdstoragepools--950b575e61", + "evented": false, + "platforms": [ + "linux" + ], + "keywordsForSyntaxHighlighting": [ + "lxd_storage_pools", + "driver", + "inodes_total", + "inodes_used", + "name", + "size", + "source", + "space_total", + "space_used" + ], + "sectionRelativeRepoPath": "lxd_storage_pools", + "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Flxd_storage_pools.yml&value=name%3A%20lxd_storage_pools%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table." + }, + { + "url": "/tables/macadmins_unified_log", + "title": "macadmins_unified_log", + "htmlId": "table--macadminsunifiedlog--e036df9e57", + "evented": false, + "platforms": [ + "darwin" + ], + "keywordsForSyntaxHighlighting": [ + "macadmins_unified_log", + "activity_identifier", + "boot_uuid", + "category", + "event_message", + "event_type", + "format_string", + "log_level", + "parent_activity_identifier", + "process_id", + "process_image_path", + "sender_image_path", + "sender_image_uuid", + "sender_program_counter", + "subsystem", + "thread_id", + "timestamp", + "trace_id" + ], + "sectionRelativeRepoPath": "macadmins_unified_log", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/macadmins_unified_log.yml" + }, + { + "url": "/tables/macos_profiles", + "title": "macos_profiles", + "htmlId": "table--macosprofiles--cae047dfff", + "evented": false, + "platforms": [ + "darwin" + ], + "keywordsForSyntaxHighlighting": [ + "macos_profiles", + "description", + "display_name", + "identifier", + "install_date", + "organization", + "type", + "uuid", + "verification_state" + ], + "sectionRelativeRepoPath": "macos_profiles", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/macos_profiles.yml" + }, + { + "url": "/tables/macos_rsr", + "title": "macos_rsr", + "htmlId": "table--macosrsr--9c9ef590fd", + "evented": false, + "platforms": [ + "darwin" + ], + "keywordsForSyntaxHighlighting": [ + "macos_rsr", + "full_macos_version", + "macos_version", + "rsr_supported", + "rsr_version" + ], + "sectionRelativeRepoPath": "macos_rsr", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/macos_rsr.yml" + }, + { + "url": "/tables/magic", + "title": "magic", + "htmlId": "table--magic--2b54571c80", + "evented": false, + "platforms": [ + "darwin", + "linux" + ], + "keywordsForSyntaxHighlighting": [ + "magic", + "data", + "magic_db_files", + "mime_encoding", + "mime_type", + "path" + ], + "sectionRelativeRepoPath": "magic", + "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fmagic.yml&value=name%3A%20magic%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table." + }, + { + "url": "/tables/managed_policies", + "title": "managed_policies", + "htmlId": "table--managedpolicies--494a329dfb", + "evented": false, + "platforms": [ + "darwin" + ], + "keywordsForSyntaxHighlighting": [ + "managed_policies", + "domain", + "manual", + "name", + "username", + "uuid", + "value" + ], + "sectionRelativeRepoPath": "managed_policies", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/managed_policies.yml" + }, + { + "url": "/tables/md_devices", + "title": "md_devices", + "htmlId": "table--mddevices--cc18ebf22a", + "evented": false, + "platforms": [ + "linux" + ], + "keywordsForSyntaxHighlighting": [ + "md_devices", + "active_disks", + "bitmap_chunk_size", + "bitmap_external_file", + "bitmap_on_mem", + "check_array_finish", + "check_array_progress", + "check_array_speed", + "chunk_size", + "device_name", + "failed_disks", + "nr_raid_disks", + "other", + "raid_disks", + "raid_level", + "recovery_finish", + "recovery_progress", + "recovery_speed", + "reshape_finish", + "reshape_progress", + "reshape_speed", + "resync_finish", + "resync_progress", + "resync_speed", + "size", + "spare_disks", + "status", + "superblock_state", + "superblock_update_time", + "superblock_version", + "unused_devices", + "working_disks" + ], + "sectionRelativeRepoPath": "md_devices", + "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fmd_devices.yml&value=name%3A%20md_devices%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table." + }, + { + "url": "/tables/md_drives", + "title": "md_drives", + "htmlId": "table--mddrives--f529358f7d", + "evented": false, + "platforms": [ + "linux" + ], + "keywordsForSyntaxHighlighting": [ + "md_drives", + "drive_name", + "md_device_name", + "slot", + "state" + ], + "sectionRelativeRepoPath": "md_drives", + "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fmd_drives.yml&value=name%3A%20md_drives%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table." + }, + { + "url": "/tables/md_personalities", + "title": "md_personalities", + "htmlId": "table--mdpersonalities--6234b42367", + "evented": false, + "platforms": [ + "linux" + ], + "keywordsForSyntaxHighlighting": [ + "md_personalities", + "name" + ], + "sectionRelativeRepoPath": "md_personalities", + "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fmd_personalities.yml&value=name%3A%20md_personalities%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table." + }, + { + "url": "/tables/mdfind", + "title": "mdfind", + "htmlId": "table--mdfind--2061531fab", + "evented": false, + "platforms": [ + "darwin" + ], + "keywordsForSyntaxHighlighting": [ + "mdfind", + "path", + "query" + ], + "sectionRelativeRepoPath": "mdfind", + "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fmdfind.yml&value=name%3A%20mdfind%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table." + }, + { + "url": "/tables/mdls", + "title": "mdls", + "htmlId": "table--mdls--8826cff54e", + "evented": false, + "platforms": [ + "darwin" + ], + "keywordsForSyntaxHighlighting": [ + "mdls", + "key", + "path", + "value", + "valuetype" + ], + "sectionRelativeRepoPath": "mdls", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/mdls.yml" + }, + { + "url": "/tables/mdm", + "title": "mdm", + "htmlId": "table--mdm--4e74952c0b", + "evented": false, + "platforms": [ + "darwin" + ], + "keywordsForSyntaxHighlighting": [ + "mdm", + "access_rights", + "checkin_url", + "dep_capable", + "enrolled", + "has_scep_payload", + "identity_certificate_uuid", + "install_date", + "installed_from_dep", + "payload_identifier", + "server_url", + "sign_message", + "topic", + "user_approved" + ], + "sectionRelativeRepoPath": "mdm", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/mdm.yml" + }, + { + "url": "/tables/mdm_bridge", + "title": "mdm_bridge", + "htmlId": "table--mdmbridge--6dff726888", + "evented": false, + "platforms": [ + "windows" + ], + "keywordsForSyntaxHighlighting": [ + "mdm_bridge", + "enrolled_user", + "enrollment_status", + "mdm_command_input", + "mdm_command_output", + "raw_mdm_command_output" + ], + "sectionRelativeRepoPath": "mdm_bridge", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/mdm_bridge.yml" + }, + { + "url": "/tables/memory_array_mapped_addresses", + "title": "memory_array_mapped_addresses", + "htmlId": "table--memoryarraymappedaddresses--6f656395f7", + "evented": false, + "platforms": [ + "darwin", + "linux" + ], + "keywordsForSyntaxHighlighting": [ + "memory_array_mapped_addresses", + "ending_address", + "handle", + "memory_array_handle", + "partition_width", + "starting_address" + ], + "sectionRelativeRepoPath": "memory_array_mapped_addresses", + "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fmemory_array_mapped_addresses.yml&value=name%3A%20memory_array_mapped_addresses%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table." + }, + { + "url": "/tables/memory_arrays", + "title": "memory_arrays", + "htmlId": "table--memoryarrays--abd1487b4b", + "evented": false, + "platforms": [ + "darwin", + "linux" + ], + "keywordsForSyntaxHighlighting": [ + "memory_arrays", + "handle", + "location", + "max_capacity", + "memory_error_correction", + "memory_error_info_handle", + "number_memory_devices", + "use" + ], + "sectionRelativeRepoPath": "memory_arrays", + "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fmemory_arrays.yml&value=name%3A%20memory_arrays%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table." + }, + { + "url": "/tables/memory_device_mapped_addresses", + "title": "memory_device_mapped_addresses", + "htmlId": "table--memorydevicemappedaddresses--21aa4bee51", + "evented": false, + "platforms": [ + "darwin", + "linux" + ], + "keywordsForSyntaxHighlighting": [ + "memory_device_mapped_addresses", + "ending_address", + "handle", + "interleave_data_depth", + "interleave_position", + "memory_array_mapped_address_handle", + "memory_device_handle", + "partition_row_position", + "starting_address" + ], + "sectionRelativeRepoPath": "memory_device_mapped_addresses", + "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fmemory_device_mapped_addresses.yml&value=name%3A%20memory_device_mapped_addresses%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table." + }, + { + "url": "/tables/memory_devices", + "title": "memory_devices", + "htmlId": "table--memorydevices--8e8226757f", + "evented": false, + "platforms": [ + "darwin", + "linux", + "windows" + ], + "keywordsForSyntaxHighlighting": [ + "memory_devices", + "array_handle", + "asset_tag", + "bank_locator", + "configured_clock_speed", + "configured_voltage", + "data_width", + "device_locator", + "form_factor", + "handle", + "manufacturer", + "max_speed", + "max_voltage", + "memory_type", + "memory_type_details", + "min_voltage", + "part_number", + "serial_number", + "set", + "size", + "total_width" + ], + "sectionRelativeRepoPath": "memory_devices", + "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fmemory_devices.yml&value=name%3A%20memory_devices%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table." + }, + { + "url": "/tables/memory_error_info", + "title": "memory_error_info", + "htmlId": "table--memoryerrorinfo--0e04980533", + "evented": false, + "platforms": [ + "darwin", + "linux" + ], + "keywordsForSyntaxHighlighting": [ + "memory_error_info", + "device_error_address", + "error_granularity", + "error_operation", + "error_resolution", + "error_type", + "handle", + "memory_array_error_address", + "vendor_syndrome" + ], + "sectionRelativeRepoPath": "memory_error_info", + "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fmemory_error_info.yml&value=name%3A%20memory_error_info%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table." + }, + { + "url": "/tables/memory_info", + "title": "memory_info", + "htmlId": "table--memoryinfo--84feac1e17", + "evented": false, + "platforms": [ + "linux" + ], + "keywordsForSyntaxHighlighting": [ + "memory_info", + "active", + "buffers", + "cached", + "inactive", + "memory_available", + "memory_free", + "memory_total", + "swap_cached", + "swap_free", + "swap_total" + ], + "sectionRelativeRepoPath": "memory_info", + "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fmemory_info.yml&value=name%3A%20memory_info%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table." + }, + { + "url": "/tables/memory_map", + "title": "memory_map", + "htmlId": "table--memorymap--dbdfd30e2f", + "evented": false, + "platforms": [ + "linux" + ], + "keywordsForSyntaxHighlighting": [ + "memory_map", + "end", + "name", + "start" + ], + "sectionRelativeRepoPath": "memory_map", + "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fmemory_map.yml&value=name%3A%20memory_map%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table." + }, + { + "url": "/tables/mounts", + "title": "mounts", + "htmlId": "table--mounts--9bd193b227", + "evented": false, + "platforms": [ + "darwin", + "linux" + ], + "keywordsForSyntaxHighlighting": [ + "mounts", + "blocks", + "blocks_available", + "blocks_free", + "blocks_size", + "device", + "device_alias", + "flags", + "inodes", + "inodes_free", + "path", + "type" + ], + "sectionRelativeRepoPath": "mounts", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/mounts.yml" + }, + { + "url": "/tables/msr", + "title": "msr", + "htmlId": "table--msr--ff9484332b", + "evented": false, + "platforms": [ + "linux" + ], + "keywordsForSyntaxHighlighting": [ + "msr", + "feature_control", + "perf_ctl", + "perf_status", + "platform_info", + "processor_number", + "rapl_energy_status", + "rapl_power_limit", + "rapl_power_units", + "turbo_disabled", + "turbo_ratio_limit" + ], + "sectionRelativeRepoPath": "msr", + "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fmsr.yml&value=name%3A%20msr%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table." + }, + { + "url": "/tables/munki_info", + "title": "munki_info", + "htmlId": "table--munkiinfo--2e4b112369", + "evented": false, + "platforms": [ + "darwin" + ], + "keywordsForSyntaxHighlighting": [ + "munki_info", + "console_user", + "end_time", + "errors", + "manifest_name", + "problem_installs", + "start_time", + "success", + "version", + "warnings" + ], + "sectionRelativeRepoPath": "munki_info", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/munki_info.yml" + }, + { + "url": "/tables/munki_installs", + "title": "munki_installs", + "htmlId": "table--munkiinstalls--b403c42531", + "evented": false, + "platforms": [ + "darwin" + ], + "keywordsForSyntaxHighlighting": [ + "munki_installs", + "end_time", + "installed", + "installed_version", + "name" + ], + "sectionRelativeRepoPath": "munki_installs", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/munki_installs.yml" + }, + { + "url": "/tables/network_interfaces", + "title": "network_interfaces", + "htmlId": "table--networkinterfaces--ea6f795816", + "evented": false, + "platforms": [ + "chrome" + ], + "keywordsForSyntaxHighlighting": [ + "network_interfaces", + "ipv4", + "ipv6", + "mac" + ], + "sectionRelativeRepoPath": "network_interfaces", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/network_interfaces.yml" + }, + { + "url": "/tables/nfs_shares", + "title": "nfs_shares", + "htmlId": "table--nfsshares--b4f614d51e", + "evented": false, + "platforms": [ + "darwin" + ], + "keywordsForSyntaxHighlighting": [ + "nfs_shares", + "options", + "readonly", + "share" + ], + "sectionRelativeRepoPath": "nfs_shares", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/nfs_shares.yml" + }, + { + "url": "/tables/npm_packages", + "title": "npm_packages", + "htmlId": "table--npmpackages--b2a26bbba0", + "evented": false, + "platforms": [ + "darwin", + "linux", + "windows" + ], + "keywordsForSyntaxHighlighting": [ + "npm_packages", + "author", + "description", + "directory", + "homepage", + "license", + "mount_namespace_id", + "name", + "path", + "pid_with_namespace", + "version" + ], + "sectionRelativeRepoPath": "npm_packages", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/npm_packages.yml" + }, + { + "url": "/tables/ntdomains", + "title": "ntdomains", + "htmlId": "table--ntdomains--57ef982364", + "evented": false, + "platforms": [ + "windows" + ], + "keywordsForSyntaxHighlighting": [ + "ntdomains", + "client_site_name", + "dc_site_name", + "dns_forest_name", + "domain_controller_address", + "domain_controller_name", + "domain_name", + "name", + "status" + ], + "sectionRelativeRepoPath": "ntdomains", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/ntdomains.yml" + }, + { + "url": "/tables/ntfs_acl_permissions", + "title": "ntfs_acl_permissions", + "htmlId": "table--ntfsaclpermissions--2d66c6c45e", + "evented": false, + "platforms": [ + "windows" + ], + "keywordsForSyntaxHighlighting": [ + "ntfs_acl_permissions", + "access", + "inherited_from", + "path", + "principal", + "type" + ], + "sectionRelativeRepoPath": "ntfs_acl_permissions", + "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fntfs_acl_permissions.yml&value=name%3A%20ntfs_acl_permissions%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table." + }, + { + "url": "/tables/ntfs_journal_events", + "title": "ntfs_journal_events", + "htmlId": "table--ntfsjournalevents--2369d84275", + "evented": true, + "platforms": [ + "windows" + ], + "keywordsForSyntaxHighlighting": [ + "ntfs_journal_events", + "action", + "category", + "drive_letter", + "eid", + "file_attributes", + "node_ref_number", + "old_path", + "parent_ref_number", + "partial", + "path", + "record_timestamp", + "record_usn", + "time" + ], + "sectionRelativeRepoPath": "ntfs_journal_events", + "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fntfs_journal_events.yml&value=name%3A%20ntfs_journal_events%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table." + }, + { + "url": "/tables/nvram", + "title": "nvram", + "htmlId": "table--nvram--450a99f968", + "evented": false, + "platforms": [ + "darwin" + ], + "keywordsForSyntaxHighlighting": [ + "nvram", + "name", + "type", + "value" + ], + "sectionRelativeRepoPath": "nvram", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/nvram.yml" + }, + { + "url": "/tables/nvram_info", + "title": "nvram_info", + "htmlId": "table--nvraminfo--a99cb280af", + "evented": false, + "platforms": [ + "darwin" + ], + "keywordsForSyntaxHighlighting": [ + "nvram_info", + "amfi_enabled" + ], + "sectionRelativeRepoPath": "nvram_info", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/nvram_info.yml" + }, + { + "url": "/tables/oem_strings", + "title": "oem_strings", + "htmlId": "table--oemstrings--89f170ddda", + "evented": false, + "platforms": [ + "darwin", + "linux" + ], + "keywordsForSyntaxHighlighting": [ + "oem_strings", + "handle", + "number", + "value" + ], + "sectionRelativeRepoPath": "oem_strings", + "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Foem_strings.yml&value=name%3A%20oem_strings%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table." + }, + { + "url": "/tables/office_mru", + "title": "office_mru", + "htmlId": "table--officemru--11e1929c70", + "evented": false, + "platforms": [ + "windows" + ], + "keywordsForSyntaxHighlighting": [ + "office_mru", + "application", + "last_opened_time", + "path", + "sid", + "version" + ], + "sectionRelativeRepoPath": "office_mru", + "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Foffice_mru.yml&value=name%3A%20office_mru%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table." + }, + { + "url": "/tables/orbit_info", + "title": "orbit_info", + "htmlId": "table--orbitinfo--98fca7c408", + "evented": false, + "platforms": [ + "darwin", + "linux", + "windows" + ], + "keywordsForSyntaxHighlighting": [ + "orbit_info", + "desktop_channel", + "desktop_version", + "device_auth_token", + "enrolled", + "last_recorded_error", + "orbit_channel", + "osqueryd_channel", + "scripts_enabled", + "uptime", + "version" + ], + "sectionRelativeRepoPath": "orbit_info", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/orbit_info.yml" + }, + { + "url": "/tables/os_version", + "title": "os_version", + "htmlId": "table--osversion--95451301c8", + "evented": false, + "platforms": [ + "darwin", + "linux", + "windows", + "chrome" + ], + "keywordsForSyntaxHighlighting": [ + "os_version", + "arch", + "build", + "codename", + "extra", + "install_date", + "major", + "minor", + "mount_namespace_id", + "name", + "patch", + "pid_with_namespace", + "platform", + "platform_like", + "revision", + "version" + ], + "sectionRelativeRepoPath": "os_version", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/os_version.yml" + }, + { + "url": "/tables/osquery_events", + "title": "osquery_events", + "htmlId": "table--osqueryevents--3bff81a1b8", + "evented": false, + "platforms": [ + "darwin", + "linux", + "windows" + ], + "keywordsForSyntaxHighlighting": [ + "osquery_events", + "active", + "events", + "name", + "publisher", + "refreshes", + "subscriptions", + "type" + ], + "sectionRelativeRepoPath": "osquery_events", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/osquery_events.yml" + }, + { + "url": "/tables/osquery_extensions", + "title": "osquery_extensions", + "htmlId": "table--osqueryextensions--56dea82216", + "evented": false, + "platforms": [ + "darwin", + "linux", + "windows" + ], + "keywordsForSyntaxHighlighting": [ + "osquery_extensions", + "name", + "path", + "sdk_version", + "type", + "uuid", + "version" + ], + "sectionRelativeRepoPath": "osquery_extensions", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/osquery_extensions.yml" + }, + { + "url": "/tables/osquery_flags", + "title": "osquery_flags", + "htmlId": "table--osqueryflags--27972ebab6", + "evented": false, + "platforms": [ + "darwin", + "linux", + "windows" + ], + "keywordsForSyntaxHighlighting": [ + "osquery_flags", + "default_value", + "description", + "name", + "shell_only", + "type", + "value" + ], + "sectionRelativeRepoPath": "osquery_flags", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/osquery_flags.yml" + }, + { + "url": "/tables/osquery_info", + "title": "osquery_info", + "htmlId": "table--osqueryinfo--99ebd3222b", + "evented": false, + "platforms": [ + "darwin", + "windows", + "linux", + "chrome" + ], + "keywordsForSyntaxHighlighting": [ + "osquery_info", + "build_distro", + "build_platform", + "config_hash", + "config_valid", + "extensions", + "instance_id", + "pid", + "platform_mask", + "start_time", + "uuid", + "version", + "watcher" + ], + "sectionRelativeRepoPath": "osquery_info", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/osquery_info.yml" + }, + { + "url": "/tables/osquery_packs", + "title": "osquery_packs", + "htmlId": "table--osquerypacks--c2f0293ed5", + "evented": false, + "platforms": [ + "darwin", + "linux", + "windows" + ], + "keywordsForSyntaxHighlighting": [ + "osquery_packs", + "active", + "discovery_cache_hits", + "discovery_executions", + "name", + "platform", + "shard", + "version" + ], + "sectionRelativeRepoPath": "osquery_packs", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/osquery_packs.yml" + }, + { + "url": "/tables/osquery_registry", + "title": "osquery_registry", + "htmlId": "table--osqueryregistry--723b93f998", + "evented": false, + "platforms": [ + "darwin", + "linux", + "windows" + ], + "keywordsForSyntaxHighlighting": [ + "osquery_registry", + "active", + "internal", + "name", + "owner_uuid", + "registry" + ], + "sectionRelativeRepoPath": "osquery_registry", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/osquery_registry.yml" + }, + { + "url": "/tables/osquery_schedule", + "title": "osquery_schedule", + "htmlId": "table--osqueryschedule--81eadaf536", + "evented": false, + "platforms": [ + "darwin", + "linux", + "windows" + ], + "keywordsForSyntaxHighlighting": [ + "osquery_schedule", + "average_memory", + "denylisted", + "executions", + "interval", + "last_executed", + "last_memory", + "last_system_time", + "last_user_time", + "last_wall_time_ms", + "name", + "output_size", + "query", + "system_time", + "user_time", + "wall_time", + "wall_time_ms" + ], + "sectionRelativeRepoPath": "osquery_schedule", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/osquery_schedule.yml" + }, + { + "url": "/tables/package_bom", + "title": "package_bom", + "htmlId": "table--packagebom--8182ed768f", + "evented": false, + "platforms": [ + "darwin" + ], + "keywordsForSyntaxHighlighting": [ + "package_bom", + "filepath", + "gid", + "mode", + "modified_time", + "path", + "size", + "uid" + ], + "sectionRelativeRepoPath": "package_bom", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/package_bom.yml" + }, + { + "url": "/tables/package_install_history", + "title": "package_install_history", + "htmlId": "table--packageinstallhistory--988f999553", + "evented": false, + "platforms": [ + "darwin" + ], + "keywordsForSyntaxHighlighting": [ + "package_install_history", + "content_type", + "name", + "package_id", + "source", + "time", + "version" + ], + "sectionRelativeRepoPath": "package_install_history", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/package_install_history.yml" + }, + { + "url": "/tables/package_receipts", + "title": "package_receipts", + "htmlId": "table--packagereceipts--4d830b5b2d", + "evented": false, + "platforms": [ + "darwin" + ], + "keywordsForSyntaxHighlighting": [ + "package_receipts", + "install_time", + "installer_name", + "location", + "package_filename", + "package_id", + "path", + "version" + ], + "sectionRelativeRepoPath": "package_receipts", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/package_receipts.yml" + }, + { + "url": "/tables/parse_ini", + "title": "parse_ini", + "htmlId": "table--parseini--4de2377a57", + "evented": false, + "platforms": [ + "darwin", + "windows", + "linux" + ], + "keywordsForSyntaxHighlighting": [ + "parse_ini", + "fullkey", + "key", + "parent", + "path", + "value" + ], + "sectionRelativeRepoPath": "parse_ini", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/parse_ini.yml" + }, + { + "url": "/tables/parse_json", + "title": "parse_json", + "htmlId": "table--parsejson--c3c9947479", + "evented": false, + "platforms": [ + "darwin", + "windows", + "linux" + ], + "keywordsForSyntaxHighlighting": [ + "parse_json", + "fullkey", + "key", + "parent", + "path", + "value" + ], + "sectionRelativeRepoPath": "parse_json", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/parse_json.yml" + }, + { + "url": "/tables/parse_jsonl", + "title": "parse_jsonl", + "htmlId": "table--parsejsonl--b71d789467", + "evented": false, + "platforms": [ + "darwin", + "windows", + "linux" + ], + "keywordsForSyntaxHighlighting": [ + "parse_jsonl", + "fullkey", + "key", + "parent", + "path", + "value" + ], + "sectionRelativeRepoPath": "parse_jsonl", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/parse_jsonl.yml" + }, + { + "url": "/tables/parse_xml", + "title": "parse_xml", + "htmlId": "table--parsexml--15ed589727", + "evented": false, + "platforms": [ + "darwin", + "windows", + "linux" + ], + "keywordsForSyntaxHighlighting": [ + "parse_xml", + "fullkey", + "key", + "parent", + "path", + "value" + ], + "sectionRelativeRepoPath": "parse_xml", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/parse_xml.yml" + }, + { + "url": "/tables/password_policy", + "title": "password_policy", + "htmlId": "table--passwordpolicy--9a2e1051b8", + "evented": false, + "platforms": [ + "darwin" + ], + "keywordsForSyntaxHighlighting": [ + "password_policy", + "policy_content", + "policy_description", + "policy_identifier", + "uid" + ], + "sectionRelativeRepoPath": "password_policy", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/password_policy.yml" + }, + { + "url": "/tables/patches", + "title": "patches", + "htmlId": "table--patches--b3f61813f5", + "evented": false, + "platforms": [ + "windows" + ], + "keywordsForSyntaxHighlighting": [ + "patches", + "caption", + "csname", + "description", + "fix_comments", + "hotfix_id", + "install_date", + "installed_by", + "installed_on" + ], + "sectionRelativeRepoPath": "patches", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/patches.yml" + }, + { + "url": "/tables/pci_devices", + "title": "pci_devices", + "htmlId": "table--pcidevices--b00adf6d59", + "evented": false, + "platforms": [ + "darwin", + "linux" + ], + "keywordsForSyntaxHighlighting": [ + "pci_devices", + "driver", + "model", + "model_id", + "pci_class", + "pci_class_id", + "pci_slot", + "pci_subclass", + "pci_subclass_id", + "subsystem_model", + "subsystem_model_id", + "subsystem_vendor", + "subsystem_vendor_id", + "vendor", + "vendor_id" + ], + "sectionRelativeRepoPath": "pci_devices", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/pci_devices.yml" + }, + { + "url": "/tables/physical_disk_performance", + "title": "physical_disk_performance", + "htmlId": "table--physicaldiskperformance--21ffb96328", + "evented": false, + "platforms": [ + "windows" + ], + "keywordsForSyntaxHighlighting": [ + "physical_disk_performance", + "avg_disk_bytes_per_read", + "avg_disk_bytes_per_write", + "avg_disk_read_queue_length", + "avg_disk_sec_per_read", + "avg_disk_sec_per_write", + "avg_disk_write_queue_length", + "current_disk_queue_length", + "name", + "percent_disk_read_time", + "percent_disk_time", + "percent_disk_write_time", + "percent_idle_time" + ], + "sectionRelativeRepoPath": "physical_disk_performance", + "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fphysical_disk_performance.yml&value=name%3A%20physical_disk_performance%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table." + }, + { + "url": "/tables/pipes", + "title": "pipes", + "htmlId": "table--pipes--6c348a0bda", + "evented": false, + "platforms": [ + "windows" + ], + "keywordsForSyntaxHighlighting": [ + "pipes", + "flags", + "instances", + "max_instances", + "name", + "pid" + ], + "sectionRelativeRepoPath": "pipes", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/pipes.yml" + }, + { + "url": "/tables/platform_info", + "title": "platform_info", + "htmlId": "table--platforminfo--606b0b07f8", + "evented": false, + "platforms": [ + "darwin", + "linux", + "windows" + ], + "keywordsForSyntaxHighlighting": [ + "platform_info", + "address", + "date", + "extra", + "firmware_type", + "revision", + "size", + "vendor", + "version", + "volume_size" + ], + "sectionRelativeRepoPath": "platform_info", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/platform_info.yml" + }, + { + "url": "/tables/plist", + "title": "plist", + "htmlId": "table--plist--10bd270ccc", + "evented": false, + "platforms": [ + "darwin" + ], + "keywordsForSyntaxHighlighting": [ + "plist", + "key", + "path", + "subkey", + "value" + ], + "sectionRelativeRepoPath": "plist", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/plist.yml" + }, + { + "url": "/tables/pmset", + "title": "pmset", + "htmlId": "table--pmset--5f7c05dca3", + "evented": false, + "platforms": [ + "darwin" + ], + "keywordsForSyntaxHighlighting": [ + "pmset", + "getting", + "json_result" + ], + "sectionRelativeRepoPath": "pmset", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/pmset.yml" + }, + { + "url": "/tables/portage_keywords", + "title": "portage_keywords", + "htmlId": "table--portagekeywords--16048373f7", + "evented": false, + "platforms": [ + "linux" + ], + "keywordsForSyntaxHighlighting": [ + "portage_keywords", + "keyword", + "mask", + "package", + "unmask", + "version" + ], + "sectionRelativeRepoPath": "portage_keywords", + "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fportage_keywords.yml&value=name%3A%20portage_keywords%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table." + }, + { + "url": "/tables/portage_packages", + "title": "portage_packages", + "htmlId": "table--portagepackages--af336b6b49", + "evented": false, + "platforms": [ + "linux" + ], + "keywordsForSyntaxHighlighting": [ + "portage_packages", + "build_time", + "eapi", + "package", + "repository", + "size", + "slot", + "version", + "world" + ], + "sectionRelativeRepoPath": "portage_packages", + "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fportage_packages.yml&value=name%3A%20portage_packages%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table." + }, + { + "url": "/tables/portage_use", + "title": "portage_use", + "htmlId": "table--portageuse--61384aa618", + "evented": false, + "platforms": [ + "linux" + ], + "keywordsForSyntaxHighlighting": [ + "portage_use", + "package", + "use", + "version" + ], + "sectionRelativeRepoPath": "portage_use", + "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fportage_use.yml&value=name%3A%20portage_use%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table." + }, + { + "url": "/tables/power_sensors", + "title": "power_sensors", + "htmlId": "table--powersensors--27bd8387f6", + "evented": false, + "platforms": [ + "darwin" + ], + "keywordsForSyntaxHighlighting": [ + "power_sensors", + "category", + "key", + "name", + "value" + ], + "sectionRelativeRepoPath": "power_sensors", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/power_sensors.yml" + }, + { + "url": "/tables/powershell_events", + "title": "powershell_events", + "htmlId": "table--powershellevents--728605e870", + "evented": true, + "platforms": [ + "windows" + ], + "keywordsForSyntaxHighlighting": [ + "powershell_events", + "cosine_similarity", + "datetime", + "script_block_count", + "script_block_id", + "script_name", + "script_path", + "script_text", + "time" + ], + "sectionRelativeRepoPath": "powershell_events", + "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fpowershell_events.yml&value=name%3A%20powershell_events%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table." + }, + { + "url": "/tables/preferences", + "title": "preferences", + "htmlId": "table--preferences--96fcf226b3", + "evented": false, + "platforms": [ + "darwin" + ], + "keywordsForSyntaxHighlighting": [ + "preferences", + "domain", + "forced", + "host", + "key", + "subkey", + "username", + "value" + ], + "sectionRelativeRepoPath": "preferences", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/preferences.yml" + }, + { + "url": "/tables/prefetch", + "title": "prefetch", + "htmlId": "table--prefetch--8592ee7112", + "evented": false, + "platforms": [ + "windows" + ], + "keywordsForSyntaxHighlighting": [ + "prefetch", + "accessed_directories", + "accessed_directories_count", + "accessed_files", + "accessed_files_count", + "filename", + "hash", + "last_run_time", + "other_run_times", + "path", + "run_count", + "size", + "volume_creation", + "volume_serial" + ], + "sectionRelativeRepoPath": "prefetch", + "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fprefetch.yml&value=name%3A%20prefetch%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table." + }, + { + "url": "/tables/privacy_preferences", + "title": "privacy_preferences", + "htmlId": "table--privacypreferences--927ea3e9b3", + "evented": false, + "platforms": [ + "chrome" + ], + "keywordsForSyntaxHighlighting": [ + "privacy_preferences", + "ad_measurement_enabled", + "autofill_address_enabled", + "autofill_credit_card_enabled", + "autofill_enabled", + "do_not_track_enabled", + "fledge_enabled", + "hyperlink_auditing_enabled", + "network_prediction_enabled", + "privacy_sandbox_enabled", + "protected_content_enabled", + "referrers_enabled", + "safe_browsing_enabled", + "safe_browsing_extended_reporting_enabled", + "save_passwords_enabled", + "search_suggest_enabled", + "spelling_service_enabled", + "third_party_cookies_allowed", + "topics_enabled", + "translation_service_enabled", + "web_rtc_ip_handling_policy" + ], + "sectionRelativeRepoPath": "privacy_preferences", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/privacy_preferences.yml" + }, + { + "url": "/tables/process_envs", + "title": "process_envs", + "htmlId": "table--processenvs--586b20fc53", + "evented": false, + "platforms": [ + "darwin", + "linux" + ], + "keywordsForSyntaxHighlighting": [ + "process_envs", + "key", + "pid", + "value" + ], + "sectionRelativeRepoPath": "process_envs", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/process_envs.yml" + }, + { + "url": "/tables/process_etw_events", + "title": "process_etw_events", + "htmlId": "table--processetwevents--61143eacfc", + "evented": true, + "platforms": [ + "windows" + ], + "keywordsForSyntaxHighlighting": [ + "process_etw_events", + "cmdline", + "datetime", + "eid", + "exit_code", + "flags", + "header_pid", + "mandatory_label", + "parent_process_sequence_number", + "path", + "pid", + "ppid", + "process_sequence_number", + "session_id", + "time", + "time_windows", + "token_elevation_status", + "token_elevation_type", + "type", + "username" + ], + "sectionRelativeRepoPath": "process_etw_events", + "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fprocess_etw_events.yml&value=name%3A%20process_etw_events%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table." + }, + { + "url": "/tables/process_events", + "title": "process_events", + "htmlId": "table--processevents--6ae8ba2267", + "evented": true, + "platforms": [ + "darwin", + "linux" + ], + "keywordsForSyntaxHighlighting": [ + "process_events", + "atime", + "auid", + "btime", + "cmdline", + "cmdline_size", + "ctime", + "cwd", + "egid", + "eid", + "env", + "env_count", + "env_size", + "euid", + "fsgid", + "fsuid", + "gid", + "mode", + "mtime", + "overflows", + "owner_gid", + "owner_uid", + "parent", + "path", + "pid", + "sgid", + "status", + "suid", + "syscall", + "time", + "uid", + "uptime" + ], + "sectionRelativeRepoPath": "process_events", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/process_events.yml" + }, + { + "url": "/tables/process_file_events", + "title": "process_file_events", + "htmlId": "table--processfileevents--67c363ae55", + "evented": true, + "platforms": [ + "linux" + ], + "keywordsForSyntaxHighlighting": [ + "process_file_events", + "auid", + "cwd", + "dest_path", + "egid", + "eid", + "euid", + "executable", + "fsgid", + "fsuid", + "gid", + "operation", + "partial", + "path", + "pid", + "ppid", + "sgid", + "suid", + "time", + "uid", + "uptime" + ], + "sectionRelativeRepoPath": "process_file_events", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/process_file_events.yml" + }, + { + "url": "/tables/process_memory_map", + "title": "process_memory_map", + "htmlId": "table--processmemorymap--6bf8d10644", + "evented": false, + "platforms": [ + "darwin", + "linux", + "windows" + ], + "keywordsForSyntaxHighlighting": [ + "process_memory_map", + "device", + "end", + "inode", + "offset", + "path", + "permissions", + "pid", + "pseudo", + "start" + ], + "sectionRelativeRepoPath": "process_memory_map", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/process_memory_map.yml" + }, + { + "url": "/tables/process_namespaces", + "title": "process_namespaces", + "htmlId": "table--processnamespaces--d1156621d4", + "evented": false, + "platforms": [ + "linux" + ], + "keywordsForSyntaxHighlighting": [ + "process_namespaces", + "cgroup_namespace", + "ipc_namespace", + "mnt_namespace", + "net_namespace", + "pid", + "pid_namespace", + "user_namespace", + "uts_namespace" + ], + "sectionRelativeRepoPath": "process_namespaces", + "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fprocess_namespaces.yml&value=name%3A%20process_namespaces%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table." + }, + { + "url": "/tables/process_open_files", + "title": "process_open_files", + "htmlId": "table--processopenfiles--43c8c6bba0", + "evented": false, + "platforms": [ + "darwin", + "linux" + ], + "keywordsForSyntaxHighlighting": [ + "process_open_files", + "fd", + "path", + "pid" + ], + "sectionRelativeRepoPath": "process_open_files", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/process_open_files.yml" + }, + { + "url": "/tables/process_open_pipes", + "title": "process_open_pipes", + "htmlId": "table--processopenpipes--0f49c83994", + "evented": false, + "platforms": [ + "linux" + ], + "keywordsForSyntaxHighlighting": [ + "process_open_pipes", + "fd", + "inode", + "mode", + "partner_fd", + "partner_mode", + "partner_pid", + "pid", + "type" + ], + "sectionRelativeRepoPath": "process_open_pipes", + "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fprocess_open_pipes.yml&value=name%3A%20process_open_pipes%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table." + }, + { + "url": "/tables/process_open_sockets", + "title": "process_open_sockets", + "htmlId": "table--processopensockets--9dc2c99a67", + "evented": false, + "platforms": [ + "darwin", + "linux", + "windows" + ], + "keywordsForSyntaxHighlighting": [ + "process_open_sockets", + "family", + "fd", + "local_address", + "local_port", + "net_namespace", + "path", + "pid", + "protocol", + "remote_address", + "remote_port", + "socket", + "state" + ], + "sectionRelativeRepoPath": "process_open_sockets", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/process_open_sockets.yml" + }, + { + "url": "/tables/processes", + "title": "processes", + "htmlId": "table--processes--3a54ed4992", + "evented": false, + "platforms": [ + "darwin", + "linux", + "windows" + ], + "keywordsForSyntaxHighlighting": [ + "processes", + "cgroup_path", + "cmdline", + "cpu_subtype", + "cpu_type", + "cwd", + "disk_bytes_read", + "disk_bytes_written", + "egid", + "elapsed_time", + "elevated_token", + "euid", + "gid", + "handle_count", + "name", + "nice", + "on_disk", + "parent", + "path", + "percent_processor_time", + "pgroup", + "pid", + "protection_type", + "resident_size", + "root", + "secure_process", + "sgid", + "start_time", + "state", + "suid", + "system_time", + "threads", + "total_size", + "translated", + "uid", + "upid", + "uppid", + "user_time", + "virtual_process", + "wired_size" + ], + "sectionRelativeRepoPath": "processes", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/processes.yml" + }, + { + "url": "/tables/programs", + "title": "programs", + "htmlId": "table--programs--f7f76d14a9", + "evented": false, + "platforms": [ + "windows" + ], + "keywordsForSyntaxHighlighting": [ + "programs", + "identifying_number", + "install_date", + "install_location", + "install_source", + "language", + "name", + "publisher", + "uninstall_string", + "version" + ], + "sectionRelativeRepoPath": "programs", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/programs.yml" + }, + { + "url": "/tables/prometheus_metrics", + "title": "prometheus_metrics", + "htmlId": "table--prometheusmetrics--f6ce409d91", + "evented": false, + "platforms": [ + "darwin", + "linux" + ], + "keywordsForSyntaxHighlighting": [ + "prometheus_metrics", + "metric_name", + "metric_value", + "target_name", + "timestamp_ms" + ], + "sectionRelativeRepoPath": "prometheus_metrics", + "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fprometheus_metrics.yml&value=name%3A%20prometheus_metrics%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table." + }, + { + "url": "/tables/puppet_info", + "title": "puppet_info", + "htmlId": "table--puppetinfo--ce553a89eb", + "evented": false, + "platforms": [ + "darwin", + "windows", + "linux" + ], + "keywordsForSyntaxHighlighting": [ + "puppet_info", + "cached_catalog_status", + "catalog_uuid", + "code_id", + "configuration_version", + "corrective_change", + "environment", + "host", + "kind", + "master_used", + "noop", + "noop_pending", + "puppet_version", + "report_format", + "status", + "time", + "transaction_completed", + "transaction_uuid" + ], + "sectionRelativeRepoPath": "puppet_info", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/puppet_info.yml" + }, + { + "url": "/tables/puppet_logs", + "title": "puppet_logs", + "htmlId": "table--puppetlogs--c81bf10f91", + "evented": false, + "platforms": [ + "darwin", + "windows", + "linux" + ], + "keywordsForSyntaxHighlighting": [ + "puppet_logs", + "file", + "level", + "line", + "message", + "source", + "time" + ], + "sectionRelativeRepoPath": "puppet_logs", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/puppet_logs.yml" + }, + { + "url": "/tables/puppet_state", + "title": "puppet_state", + "htmlId": "table--puppetstate--802f52e922", + "evented": false, + "platforms": [ + "darwin", + "windows", + "linux" + ], + "keywordsForSyntaxHighlighting": [ + "puppet_state", + "change_count", + "changed", + "corrective_change", + "evaluation_time", + "failed", + "file", + "line", + "out_of_sync", + "out_of_sync_count", + "resource", + "resource_type", + "skipped", + "title" + ], + "sectionRelativeRepoPath": "puppet_state", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/puppet_state.yml" + }, + { + "url": "/tables/pwd_policy", + "title": "pwd_policy", + "htmlId": "table--pwdpolicy--b862a98afa", + "evented": false, + "platforms": [ + "darwin" + ], + "keywordsForSyntaxHighlighting": [ + "pwd_policy", + "days_to_expiration", + "expires_every_n_days", + "history_depth", + "max_failed_attempts", + "min_mixed_case_characters" + ], + "sectionRelativeRepoPath": "pwd_policy", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/pwd_policy.yml" + }, + { + "url": "/tables/python_packages", + "title": "python_packages", + "htmlId": "table--pythonpackages--31ae8c2370", + "evented": false, + "platforms": [ + "darwin", + "linux", + "windows" + ], + "keywordsForSyntaxHighlighting": [ + "python_packages", + "author", + "directory", + "license", + "name", + "path", + "pid_with_namespace", + "summary", + "version" + ], + "sectionRelativeRepoPath": "python_packages", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/python_packages.yml" + }, + { + "url": "/tables/quicklook_cache", + "title": "quicklook_cache", + "htmlId": "table--quicklookcache--19ae561620", + "evented": false, + "platforms": [ + "darwin" + ], + "keywordsForSyntaxHighlighting": [ + "quicklook_cache", + "cache_path", + "fs_id", + "hit_count", + "icon_mode", + "inode", + "label", + "last_hit_date", + "mtime", + "path", + "rowid", + "size", + "volume_id" + ], + "sectionRelativeRepoPath": "quicklook_cache", + "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fquicklook_cache.yml&value=name%3A%20quicklook_cache%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table." + }, + { + "url": "/tables/registry", + "title": "registry", + "htmlId": "table--registry--415b2b1c89", + "evented": false, + "platforms": [ + "windows" + ], + "keywordsForSyntaxHighlighting": [ + "registry", + "data", + "key", + "mtime", + "name", + "path", + "type" + ], + "sectionRelativeRepoPath": "registry", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/registry.yml" + }, + { + "url": "/tables/routes", + "title": "routes", + "htmlId": "table--routes--ed00beba43", + "evented": false, + "platforms": [ + "darwin", + "linux", + "windows" + ], + "keywordsForSyntaxHighlighting": [ + "routes", + "destination", + "flags", + "gateway", + "hopcount", + "interface", + "metric", + "mtu", + "netmask", + "source", + "type" + ], + "sectionRelativeRepoPath": "routes", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/routes.yml" + }, + { + "url": "/tables/rpm_package_files", + "title": "rpm_package_files", + "htmlId": "table--rpmpackagefiles--96e530c921", + "evented": false, + "platforms": [ + "linux" + ], + "keywordsForSyntaxHighlighting": [ + "rpm_package_files", + "groupname", + "mode", + "package", + "path", + "sha256", + "size", + "username" + ], + "sectionRelativeRepoPath": "rpm_package_files", + "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Frpm_package_files.yml&value=name%3A%20rpm_package_files%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table." + }, + { + "url": "/tables/rpm_packages", + "title": "rpm_packages", + "htmlId": "table--rpmpackages--e4da8f9f41", + "evented": false, + "platforms": [ + "linux" + ], + "keywordsForSyntaxHighlighting": [ + "rpm_packages", + "arch", + "epoch", + "install_time", + "mount_namespace_id", + "name", + "package_group", + "pid_with_namespace", + "release", + "sha1", + "size", + "source", + "vendor", + "version" + ], + "sectionRelativeRepoPath": "rpm_packages", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/rpm_packages.yml" + }, + { + "url": "/tables/running_apps", + "title": "running_apps", + "htmlId": "table--runningapps--c9443711d8", + "evented": false, + "platforms": [ + "darwin" + ], + "keywordsForSyntaxHighlighting": [ + "running_apps", + "bundle_identifier", + "is_active", + "pid" + ], + "sectionRelativeRepoPath": "running_apps", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/running_apps.yml" + }, + { + "url": "/tables/safari_extensions", + "title": "safari_extensions", + "htmlId": "table--safariextensions--75748b2d43", + "evented": false, + "platforms": [ + "darwin" + ], + "keywordsForSyntaxHighlighting": [ + "safari_extensions", + "author", + "bundle_version", + "copyright", + "description", + "developer_id", + "extension_type", + "identifier", + "name", + "path", + "sdk", + "uid", + "update_url", + "version" + ], + "sectionRelativeRepoPath": "safari_extensions", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/safari_extensions.yml" + }, + { + "url": "/tables/sandboxes", + "title": "sandboxes", + "htmlId": "table--sandboxes--c68d00ef55", + "evented": false, + "platforms": [ + "darwin" + ], + "keywordsForSyntaxHighlighting": [ + "sandboxes", + "build_id", + "bundle_path", + "enabled", + "label", + "path", + "user" + ], + "sectionRelativeRepoPath": "sandboxes", + "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fsandboxes.yml&value=name%3A%20sandboxes%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table." + }, + { + "url": "/tables/scheduled_tasks", + "title": "scheduled_tasks", + "htmlId": "table--scheduledtasks--a69b6b604d", + "evented": false, + "platforms": [ + "windows" + ], + "keywordsForSyntaxHighlighting": [ + "scheduled_tasks", + "action", + "enabled", + "hidden", + "last_run_code", + "last_run_message", + "last_run_time", + "name", + "next_run_time", + "path", + "state" + ], + "sectionRelativeRepoPath": "scheduled_tasks", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/scheduled_tasks.yml" + }, + { + "url": "/tables/screenlock", + "title": "screenlock", + "htmlId": "table--screenlock--91a400ed71", + "evented": false, + "platforms": [ + "darwin", + "chrome" + ], + "keywordsForSyntaxHighlighting": [ + "screenlock", + "enabled", + "grace_period" + ], + "sectionRelativeRepoPath": "screenlock", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/screenlock.yml" + }, + { + "url": "/tables/seccomp_events", + "title": "seccomp_events", + "htmlId": "table--seccompevents--5cf6060bd9", + "evented": true, + "platforms": [ + "linux" + ], + "keywordsForSyntaxHighlighting": [ + "seccomp_events", + "arch", + "auid", + "code", + "comm", + "compat", + "exe", + "gid", + "ip", + "pid", + "ses", + "sig", + "syscall", + "time", + "uid", + "uptime" + ], + "sectionRelativeRepoPath": "seccomp_events", + "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fseccomp_events.yml&value=name%3A%20seccomp_events%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table." + }, + { + "url": "/tables/secureboot", + "title": "secureboot", + "htmlId": "table--secureboot--299ca9c718", + "evented": false, + "platforms": [ + "darwin", + "linux", + "windows" + ], + "keywordsForSyntaxHighlighting": [ + "secureboot", + "description", + "kernel_extensions", + "mdm_operations", + "secure_boot", + "secure_mode", + "setup_mode" + ], + "sectionRelativeRepoPath": "secureboot", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/secureboot.yml" + }, + { + "url": "/tables/security_profile_info", + "title": "security_profile_info", + "htmlId": "table--securityprofileinfo--17121d5fa6", + "evented": false, + "platforms": [ + "windows" + ], + "keywordsForSyntaxHighlighting": [ + "security_profile_info", + "audit_account_logon", + "audit_account_manage", + "audit_ds_access", + "audit_logon_events", + "audit_object_access", + "audit_policy_change", + "audit_privilege_use", + "audit_process_tracking", + "audit_system_events", + "clear_text_password", + "enable_admin_account", + "enable_guest_account", + "force_logoff_when_expire", + "lockout_bad_count", + "logon_to_change_password", + "lsa_anonymous_name_lookup", + "maximum_password_age", + "minimum_password_age", + "minimum_password_length", + "new_administrator_name", + "new_guest_name", + "password_complexity", + "password_history_size" + ], + "sectionRelativeRepoPath": "security_profile_info", + "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fsecurity_profile_info.yml&value=name%3A%20security_profile_info%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table." + }, + { + "url": "/tables/selinux_events", + "title": "selinux_events", + "htmlId": "table--selinuxevents--cfc47c5cc9", + "evented": true, + "platforms": [ + "linux" + ], + "keywordsForSyntaxHighlighting": [ + "selinux_events", + "eid", + "message", + "time", + "type", + "uptime" + ], + "sectionRelativeRepoPath": "selinux_events", + "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fselinux_events.yml&value=name%3A%20selinux_events%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table." + }, + { + "url": "/tables/selinux_settings", + "title": "selinux_settings", + "htmlId": "table--selinuxsettings--392476076c", + "evented": false, + "platforms": [ + "linux" + ], + "keywordsForSyntaxHighlighting": [ + "selinux_settings", + "key", + "scope", + "value" + ], + "sectionRelativeRepoPath": "selinux_settings", + "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fselinux_settings.yml&value=name%3A%20selinux_settings%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table." + }, + { + "url": "/tables/services", + "title": "services", + "htmlId": "table--services--a7e374154f", + "evented": false, + "platforms": [ + "windows" + ], + "keywordsForSyntaxHighlighting": [ + "services", + "description", + "display_name", + "module_path", + "name", + "path", + "pid", + "service_exit_code", + "service_type", + "start_type", + "status", + "user_account", + "win32_exit_code" + ], + "sectionRelativeRepoPath": "services", + "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fservices.yml&value=name%3A%20services%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table." + }, + { + "url": "/tables/shadow", + "title": "shadow", + "htmlId": "table--shadow--2a5e749131", + "evented": false, + "platforms": [ + "linux" + ], + "keywordsForSyntaxHighlighting": [ + "shadow", + "expire", + "flag", + "hash_alg", + "inactive", + "last_change", + "max", + "min", + "password_status", + "username", + "warning" + ], + "sectionRelativeRepoPath": "shadow", + "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fshadow.yml&value=name%3A%20shadow%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table." + }, + { + "url": "/tables/shared_folders", + "title": "shared_folders", + "htmlId": "table--sharedfolders--edd6c29f21", + "evented": false, + "platforms": [ + "darwin" + ], + "keywordsForSyntaxHighlighting": [ + "shared_folders", + "name", + "path" + ], + "sectionRelativeRepoPath": "shared_folders", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/shared_folders.yml" + }, + { + "url": "/tables/shared_memory", + "title": "shared_memory", + "htmlId": "table--sharedmemory--4632a169c9", + "evented": false, + "platforms": [ + "linux" + ], + "keywordsForSyntaxHighlighting": [ + "shared_memory", + "atime", + "attached", + "creator_pid", + "creator_uid", + "ctime", + "dtime", + "locked", + "owner_uid", + "permissions", + "pid", + "shmid", + "size", + "status" + ], + "sectionRelativeRepoPath": "shared_memory", + "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fshared_memory.yml&value=name%3A%20shared_memory%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table." + }, + { + "url": "/tables/shared_resources", + "title": "shared_resources", + "htmlId": "table--sharedresources--1eedd340fb", + "evented": false, + "platforms": [ + "windows" + ], + "keywordsForSyntaxHighlighting": [ + "shared_resources", + "allow_maximum", + "description", + "install_date", + "maximum_allowed", + "name", + "path", + "status", + "type", + "type_name" + ], + "sectionRelativeRepoPath": "shared_resources", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/shared_resources.yml" + }, + { + "url": "/tables/sharing_preferences", + "title": "sharing_preferences", + "htmlId": "table--sharingpreferences--435a39048e", + "evented": false, + "platforms": [ + "darwin" + ], + "keywordsForSyntaxHighlighting": [ + "sharing_preferences", + "bluetooth_sharing", + "content_caching", + "disc_sharing", + "file_sharing", + "internet_sharing", + "printer_sharing", + "remote_apple_events", + "remote_login", + "remote_management", + "screen_sharing" + ], + "sectionRelativeRepoPath": "sharing_preferences", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/sharing_preferences.yml" + }, + { + "url": "/tables/shell_history", + "title": "shell_history", + "htmlId": "table--shellhistory--487890df4c", + "evented": false, + "platforms": [ + "darwin", + "linux" + ], + "keywordsForSyntaxHighlighting": [ + "shell_history", + "command", + "history_file", + "time", + "uid" + ], + "sectionRelativeRepoPath": "shell_history", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/shell_history.yml" + }, + { + "url": "/tables/shellbags", + "title": "shellbags", + "htmlId": "table--shellbags--ea58c94fcb", + "evented": false, + "platforms": [ + "windows" + ], + "keywordsForSyntaxHighlighting": [ + "shellbags", + "accessed_time", + "created_time", + "mft_entry", + "mft_sequence", + "modified_time", + "path", + "sid", + "source" + ], + "sectionRelativeRepoPath": "shellbags", + "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fshellbags.yml&value=name%3A%20shellbags%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table." + }, + { + "url": "/tables/shimcache", + "title": "shimcache", + "htmlId": "table--shimcache--78c1808f2a", + "evented": false, + "platforms": [ + "windows" + ], + "keywordsForSyntaxHighlighting": [ + "shimcache", + "entry", + "execution_flag", + "modified_time", + "path" + ], + "sectionRelativeRepoPath": "shimcache", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/shimcache.yml" + }, + { + "url": "/tables/signature", + "title": "signature", + "htmlId": "table--signature--651b5e1a16", + "evented": false, + "platforms": [ + "darwin" + ], + "keywordsForSyntaxHighlighting": [ + "signature", + "arch", + "authority", + "cdhash", + "hash_resources", + "identifier", + "path", + "signed", + "team_identifier" + ], + "sectionRelativeRepoPath": "signature", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/signature.yml" + }, + { + "url": "/tables/sip_config", + "title": "sip_config", + "htmlId": "table--sipconfig--72a4d07300", + "evented": false, + "platforms": [ + "darwin" + ], + "keywordsForSyntaxHighlighting": [ + "sip_config", + "config_flag", + "enabled", + "enabled_nvram" + ], + "sectionRelativeRepoPath": "sip_config", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/sip_config.yml" + }, + { + "url": "/tables/smbios_tables", + "title": "smbios_tables", + "htmlId": "table--smbiostables--14a3086ac5", + "evented": false, + "platforms": [ + "darwin", + "linux" + ], + "keywordsForSyntaxHighlighting": [ + "smbios_tables", + "description", + "handle", + "header_size", + "md5", + "number", + "size", + "type" + ], + "sectionRelativeRepoPath": "smbios_tables", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/smbios_tables.yml" + }, + { + "url": "/tables/smc_keys", + "title": "smc_keys", + "htmlId": "table--smckeys--65a180be47", + "evented": false, + "platforms": [ + "darwin" + ], + "keywordsForSyntaxHighlighting": [ + "smc_keys", + "hidden", + "key", + "size", + "type", + "value" + ], + "sectionRelativeRepoPath": "smc_keys", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/smc_keys.yml" + }, + { + "url": "/tables/sntp_request", + "title": "sntp_request", + "htmlId": "table--sntprequest--31b3965f95", + "evented": false, + "platforms": [ + "darwin", + "windows", + "linux" + ], + "keywordsForSyntaxHighlighting": [ + "sntp_request", + "clock_offset_ms", + "server", + "timestamp_ms" + ], + "sectionRelativeRepoPath": "sntp_request", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/sntp_request.yml" + }, + { + "url": "/tables/socket_events", + "title": "socket_events", + "htmlId": "table--socketevents--45972f7f3b", + "evented": true, + "platforms": [ + "darwin", + "linux" + ], + "keywordsForSyntaxHighlighting": [ + "socket_events", + "action", + "auid", + "eid", + "family", + "fd", + "local_address", + "local_port", + "path", + "pid", + "protocol", + "remote_address", + "remote_port", + "socket", + "status", + "success", + "time", + "uptime" + ], + "sectionRelativeRepoPath": "socket_events", + "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fsocket_events.yml&value=name%3A%20socket_events%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table." + }, + { + "url": "/tables/sofa_security_release_info", + "title": "sofa_security_release_info", + "htmlId": "table--sofasecurityreleaseinfo--b23bdf9329", + "evented": false, + "platforms": [ + "darwin" + ], + "keywordsForSyntaxHighlighting": [ + "sofa_security_release_info", + "days_since_previous_release", + "os_version", + "product_version", + "release_date", + "security_info", + "unique_cves_count", + "update_name" + ], + "sectionRelativeRepoPath": "sofa_security_release_info", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/sofa_security_release_info.yml" + }, + { + "url": "/tables/sofa_unpatched_cves", + "title": "sofa_unpatched_cves", + "htmlId": "table--sofaunpatchedcves--680ab849b7", + "evented": false, + "platforms": [ + "darwin" + ], + "keywordsForSyntaxHighlighting": [ + "sofa_unpatched_cves", + "actively_exploited", + "cve", + "os_version", + "patched_version" + ], + "sectionRelativeRepoPath": "sofa_unpatched_cves", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/sofa_unpatched_cves.yml" + }, + { + "url": "/tables/software_update", + "title": "software_update", + "htmlId": "table--softwareupdate--6cb5e63ee6", + "evented": false, + "platforms": [ + "darwin" + ], + "keywordsForSyntaxHighlighting": [ + "software_update", + "software_update_required" + ], + "sectionRelativeRepoPath": "software_update", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/software_update.yml" + }, + { + "url": "/tables/ssh_configs", + "title": "ssh_configs", + "htmlId": "table--sshconfigs--084b9832a4", + "evented": false, + "platforms": [ + "darwin", + "linux", + "windows" + ], + "keywordsForSyntaxHighlighting": [ + "ssh_configs", + "block", + "option", + "ssh_config_file", + "uid" + ], + "sectionRelativeRepoPath": "ssh_configs", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/ssh_configs.yml" + }, + { + "url": "/tables/startup_items", + "title": "startup_items", + "htmlId": "table--startupitems--f212a6ad4e", + "evented": false, + "platforms": [ + "darwin", + "linux", + "windows" + ], + "keywordsForSyntaxHighlighting": [ + "startup_items", + "args", + "name", + "path", + "source", + "status", + "type", + "username" + ], + "sectionRelativeRepoPath": "startup_items", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/startup_items.yml" + }, + { + "url": "/tables/sudo_info", + "title": "sudo_info", + "htmlId": "table--sudoinfo--91f0750d0d", + "evented": false, + "platforms": [ + "darwin" + ], + "keywordsForSyntaxHighlighting": [ + "sudo_info", + "json_result" + ], + "sectionRelativeRepoPath": "sudo_info", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/sudo_info.yml" + }, + { + "url": "/tables/sudoers", + "title": "sudoers", + "htmlId": "table--sudoers--53cbb8caa7", + "evented": false, + "platforms": [ + "darwin", + "linux" + ], + "keywordsForSyntaxHighlighting": [ + "sudoers", + "header", + "rule_details", + "source" + ], + "sectionRelativeRepoPath": "sudoers", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/sudoers.yml" + }, + { + "url": "/tables/suid_bin", + "title": "suid_bin", + "htmlId": "table--suidbin--12efbe4810", + "evented": false, + "platforms": [ + "darwin", + "linux" + ], + "keywordsForSyntaxHighlighting": [ + "suid_bin", + "groupname", + "path", + "permissions", + "pid_with_namespace", + "username" + ], + "sectionRelativeRepoPath": "suid_bin", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/suid_bin.yml" + }, + { + "url": "/tables/syslog_events", + "title": "syslog_events", + "htmlId": "table--syslogevents--cc5c3d702f", + "evented": true, + "platforms": [ + "linux" + ], + "keywordsForSyntaxHighlighting": [ + "syslog_events", + "datetime", + "eid", + "facility", + "host", + "message", + "severity", + "tag", + "time" + ], + "sectionRelativeRepoPath": "syslog_events", + "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fsyslog_events.yml&value=name%3A%20syslog_events%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table." + }, + { + "url": "/tables/system_controls", + "title": "system_controls", + "htmlId": "table--systemcontrols--bc070f5bb2", + "evented": false, + "platforms": [ + "darwin", + "linux" + ], + "keywordsForSyntaxHighlighting": [ + "system_controls", + "config_value", + "current_value", + "field_name", + "name", + "oid", + "subsystem", + "type" + ], + "sectionRelativeRepoPath": "system_controls", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/system_controls.yml" + }, + { + "url": "/tables/system_extensions", + "title": "system_extensions", + "htmlId": "table--systemextensions--59019bbb28", + "evented": false, + "platforms": [ + "darwin" + ], + "keywordsForSyntaxHighlighting": [ + "system_extensions", + "UUID", + "bundle_path", + "category", + "identifier", + "mdm_managed", + "path", + "state", + "team", + "version" + ], + "sectionRelativeRepoPath": "system_extensions", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/system_extensions.yml" + }, + { + "url": "/tables/system_info", + "title": "system_info", + "htmlId": "table--systeminfo--4f963da54a", + "evented": false, + "platforms": [ + "windows", + "darwin", + "linux", + "chrome" + ], + "keywordsForSyntaxHighlighting": [ + "system_info", + "board_model", + "board_serial", + "board_vendor", + "board_version", + "computer_name", + "cpu_brand", + "cpu_logical_cores", + "cpu_microcode", + "cpu_physical_cores", + "cpu_sockets", + "cpu_subtype", + "cpu_type", + "hardware_model", + "hardware_serial", + "hardware_vendor", + "hardware_version", + "hostname", + "local_hostname", + "physical_memory", + "uuid" + ], + "sectionRelativeRepoPath": "system_info", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/system_info.yml" + }, + { + "url": "/tables/system_state", + "title": "system_state", + "htmlId": "table--systemstate--d1ce3bbb0e", + "evented": false, + "platforms": [ + "chrome" + ], + "keywordsForSyntaxHighlighting": [ + "system_state", + "idle_state" + ], + "sectionRelativeRepoPath": "system_state", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/system_state.yml" + }, + { + "url": "/tables/systemd_units", + "title": "systemd_units", + "htmlId": "table--systemdunits--cc47585fcb", + "evented": false, + "platforms": [ + "linux" + ], + "keywordsForSyntaxHighlighting": [ + "systemd_units", + "active_state", + "description", + "following", + "fragment_path", + "id", + "job_id", + "job_path", + "job_type", + "load_state", + "object_path", + "source_path", + "sub_state", + "unit_file_state", + "user" + ], + "sectionRelativeRepoPath": "systemd_units", + "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fsystemd_units.yml&value=name%3A%20systemd_units%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table." + }, + { + "url": "/tables/tcc_access", + "title": "tcc_access", + "htmlId": "table--tccaccess--103e029af3", + "evented": false, + "platforms": [ + "darwin" + ], + "keywordsForSyntaxHighlighting": [ + "tcc_access", + "auth_reason", + "auth_value", + "client", + "client_type", + "indirect_object_identifier", + "indirect_object_identifier_type", + "last_modified", + "policy_id", + "service", + "source", + "uid" + ], + "sectionRelativeRepoPath": "tcc_access", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/tcc_access.yml" + }, + { + "url": "/tables/temperature_sensors", + "title": "temperature_sensors", + "htmlId": "table--temperaturesensors--952195065c", + "evented": false, + "platforms": [ + "darwin" + ], + "keywordsForSyntaxHighlighting": [ + "temperature_sensors", + "celsius", + "fahrenheit", + "key", + "name" + ], + "sectionRelativeRepoPath": "temperature_sensors", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/temperature_sensors.yml" + }, + { + "url": "/tables/time", + "title": "time", + "htmlId": "table--time--740a172c2f", + "evented": false, + "platforms": [ + "darwin", + "linux", + "windows" + ], + "keywordsForSyntaxHighlighting": [ + "time", + "datetime", + "day", + "hour", + "iso_8601", + "local_timezone", + "minutes", + "month", + "seconds", + "timestamp", + "timezone", + "unix_time", + "weekday", + "win_timestamp", + "year" + ], + "sectionRelativeRepoPath": "time", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/time.yml" + }, + { + "url": "/tables/time_machine_backups", + "title": "time_machine_backups", + "htmlId": "table--timemachinebackups--6a1cb2e696", + "evented": false, + "platforms": [ + "darwin" + ], + "keywordsForSyntaxHighlighting": [ + "time_machine_backups", + "backup_date", + "destination_id" + ], + "sectionRelativeRepoPath": "time_machine_backups", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/time_machine_backups.yml" + }, + { + "url": "/tables/time_machine_destinations", + "title": "time_machine_destinations", + "htmlId": "table--timemachinedestinations--8c33b4e082", + "evented": false, + "platforms": [ + "darwin" + ], + "keywordsForSyntaxHighlighting": [ + "time_machine_destinations", + "alias", + "bytes_available", + "bytes_used", + "consistency_scan_date", + "destination_id", + "encryption", + "root_volume_uuid" + ], + "sectionRelativeRepoPath": "time_machine_destinations", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/time_machine_destinations.yml" + }, + { + "url": "/tables/tpm_info", + "title": "tpm_info", + "htmlId": "table--tpminfo--086cc37696", + "evented": false, + "platforms": [ + "windows" + ], + "keywordsForSyntaxHighlighting": [ + "tpm_info", + "activated", + "enabled", + "manufacturer_id", + "manufacturer_name", + "manufacturer_version", + "owned", + "physical_presence_version", + "product_name", + "spec_version" + ], + "sectionRelativeRepoPath": "tpm_info", + "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Ftpm_info.yml&value=name%3A%20tpm_info%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table." + }, + { + "url": "/tables/ulimit_info", + "title": "ulimit_info", + "htmlId": "table--ulimitinfo--9cff90dafb", + "evented": false, + "platforms": [ + "darwin", + "linux" + ], + "keywordsForSyntaxHighlighting": [ + "ulimit_info", + "hard_limit", + "soft_limit", + "type" + ], + "sectionRelativeRepoPath": "ulimit_info", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/ulimit_info.yml" + }, + { + "url": "/tables/unified_log", + "title": "unified_log", + "htmlId": "table--unifiedlog--d971aaf7c9", + "evented": false, + "platforms": [ + "darwin" + ], + "keywordsForSyntaxHighlighting": [ + "unified_log", + "activity", + "category", + "level", + "max_rows", + "message", + "pid", + "predicate", + "process", + "sender", + "storage", + "subsystem", + "tid", + "timestamp" + ], + "sectionRelativeRepoPath": "unified_log", + "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Funified_log.yml&value=name%3A%20unified_log%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table." + }, + { + "url": "/tables/uptime", + "title": "uptime", + "htmlId": "table--uptime--542f2cc52b", + "evented": false, + "platforms": [ + "darwin", + "linux", + "windows" + ], + "keywordsForSyntaxHighlighting": [ + "uptime", + "days", + "hours", + "minutes", + "seconds", + "total_seconds" + ], + "sectionRelativeRepoPath": "uptime", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/uptime.yml" + }, + { + "url": "/tables/usb_devices", + "title": "usb_devices", + "htmlId": "table--usbdevices--12892f9cf7", + "evented": false, + "platforms": [ + "darwin", + "linux" + ], + "keywordsForSyntaxHighlighting": [ + "usb_devices", + "class", + "model", + "model_id", + "protocol", + "removable", + "serial", + "subclass", + "usb_address", + "usb_port", + "vendor", + "vendor_id", + "version" + ], + "sectionRelativeRepoPath": "usb_devices", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/usb_devices.yml" + }, + { + "url": "/tables/user_events", + "title": "user_events", + "htmlId": "table--userevents--8aaee70de1", + "evented": true, + "platforms": [ + "darwin", + "linux" + ], + "keywordsForSyntaxHighlighting": [ + "user_events", + "address", + "auid", + "eid", + "message", + "path", + "pid", + "terminal", + "time", + "type", + "uid", + "uptime" + ], + "sectionRelativeRepoPath": "user_events", + "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fuser_events.yml&value=name%3A%20user_events%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table." + }, + { + "url": "/tables/user_groups", + "title": "user_groups", + "htmlId": "table--usergroups--03e0b1a5e7", + "evented": false, + "platforms": [ + "darwin", + "linux", + "windows" + ], + "keywordsForSyntaxHighlighting": [ + "user_groups", + "gid", + "uid" + ], + "sectionRelativeRepoPath": "user_groups", + "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fuser_groups.yml&value=name%3A%20user_groups%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table." + }, + { + "url": "/tables/user_interaction_events", + "title": "user_interaction_events", + "htmlId": "table--userinteractionevents--ed2ac5b181", + "evented": true, + "platforms": [ + "darwin" + ], + "keywordsForSyntaxHighlighting": [ + "user_interaction_events", + "time" + ], + "sectionRelativeRepoPath": "user_interaction_events", + "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fuser_interaction_events.yml&value=name%3A%20user_interaction_events%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table." + }, + { + "url": "/tables/user_login_settings", + "title": "user_login_settings", + "htmlId": "table--userloginsettings--1abbdf6e57", + "evented": false, + "platforms": [ + "darwin" + ], + "keywordsForSyntaxHighlighting": [ + "user_login_settings", + "password_hint_enabled" + ], + "sectionRelativeRepoPath": "user_login_settings", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/user_login_settings.yml" + }, + { + "url": "/tables/user_ssh_keys", + "title": "user_ssh_keys", + "htmlId": "table--usersshkeys--1ba0f20456", + "evented": false, + "platforms": [ + "darwin", + "linux", + "windows" + ], + "keywordsForSyntaxHighlighting": [ + "user_ssh_keys", + "encrypted", + "key_type", + "path", + "pid_with_namespace", + "uid" + ], + "sectionRelativeRepoPath": "user_ssh_keys", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/user_ssh_keys.yml" + }, + { + "url": "/tables/userassist", + "title": "userassist", + "htmlId": "table--userassist--4e3bbdb293", + "evented": false, + "platforms": [ + "windows" + ], + "keywordsForSyntaxHighlighting": [ + "userassist", + "count", + "last_execution_time", + "path", + "sid" + ], + "sectionRelativeRepoPath": "userassist", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/userassist.yml" + }, + { + "url": "/tables/users", + "title": "users", + "htmlId": "table--users--023e2862dc", + "evented": false, + "platforms": [ + "darwin", + "windows", + "linux", + "chrome" + ], + "keywordsForSyntaxHighlighting": [ + "users", + "description", + "directory", + "email", + "gid", + "gid_signed", + "is_hidden", + "pid_with_namespace", + "shell", + "type", + "uid", + "uid_signed", + "username", + "uuid" + ], + "sectionRelativeRepoPath": "users", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/users.yml" + }, + { + "url": "/tables/video_info", + "title": "video_info", + "htmlId": "table--videoinfo--bcca78a3df", + "evented": false, + "platforms": [ + "windows" + ], + "keywordsForSyntaxHighlighting": [ + "video_info", + "color_depth", + "driver", + "driver_date", + "driver_version", + "manufacturer", + "model", + "series", + "video_mode" + ], + "sectionRelativeRepoPath": "video_info", + "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fvideo_info.yml&value=name%3A%20video_info%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table." + }, + { + "url": "/tables/virtual_memory_info", + "title": "virtual_memory_info", + "htmlId": "table--virtualmemoryinfo--4c4e71449e", + "evented": false, + "platforms": [ + "darwin" + ], + "keywordsForSyntaxHighlighting": [ + "virtual_memory_info", + "active", + "anonymous", + "compressed", + "compressor", + "copy", + "decompressed", + "faults", + "file_backed", + "free", + "inactive", + "page_ins", + "page_outs", + "purgeable", + "purged", + "reactivated", + "speculative", + "swap_ins", + "swap_outs", + "throttled", + "uncompressed", + "wired", + "zero_fill" + ], + "sectionRelativeRepoPath": "virtual_memory_info", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/virtual_memory_info.yml" + }, + { + "url": "/tables/vscode_extensions", + "title": "vscode_extensions", + "htmlId": "table--vscodeextensions--3122f67e21", + "evented": false, + "platforms": [ + "darwin", + "linux", + "windows" + ], + "keywordsForSyntaxHighlighting": [ + "vscode_extensions", + "installed_at", + "name", + "path", + "prerelease", + "publisher", + "publisher_id", + "uid", + "uuid", + "version" + ], + "sectionRelativeRepoPath": "vscode_extensions", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/vscode_extensions.yml" + }, + { + "url": "/tables/wifi_networks", + "title": "wifi_networks", + "htmlId": "table--wifinetworks--196d0fe380", + "evented": false, + "platforms": [ + "darwin" + ], + "keywordsForSyntaxHighlighting": [ + "wifi_networks", + "add_reason", + "added_at", + "auto_join", + "auto_login", + "captive_login_date", + "captive_portal", + "disabled", + "last_connected", + "network_name", + "passpoint", + "personal_hotspot", + "possibly_hidden", + "roaming", + "roaming_profile", + "security_type", + "ssid", + "temporarily_disabled", + "was_captive_network" + ], + "sectionRelativeRepoPath": "wifi_networks", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/wifi_networks.yml" + }, + { + "url": "/tables/wifi_status", + "title": "wifi_status", + "htmlId": "table--wifistatus--7d5af734ae", + "evented": false, + "platforms": [ + "darwin" + ], + "keywordsForSyntaxHighlighting": [ + "wifi_status", + "bssid", + "channel", + "channel_band", + "channel_width", + "country_code", + "interface", + "mode", + "network_name", + "noise", + "rssi", + "security_type", + "ssid", + "transmit_rate" + ], + "sectionRelativeRepoPath": "wifi_status", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/wifi_status.yml" + }, + { + "url": "/tables/wifi_survey", + "title": "wifi_survey", + "htmlId": "table--wifisurvey--86f4a22532", + "evented": false, + "platforms": [ + "darwin" + ], + "keywordsForSyntaxHighlighting": [ + "wifi_survey", + "bssid", + "channel", + "channel_band", + "channel_width", + "country_code", + "interface", + "network_name", + "noise", + "rssi", + "ssid" + ], + "sectionRelativeRepoPath": "wifi_survey", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/wifi_survey.yml" + }, + { + "url": "/tables/winbaseobj", + "title": "winbaseobj", + "htmlId": "table--winbaseobj--0e0dd909ed", + "evented": false, + "platforms": [ + "windows" + ], + "keywordsForSyntaxHighlighting": [ + "winbaseobj", + "object_name", + "object_type", + "session_id" + ], + "sectionRelativeRepoPath": "winbaseobj", + "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fwinbaseobj.yml&value=name%3A%20winbaseobj%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table." + }, + { + "url": "/tables/windows_crashes", + "title": "windows_crashes", + "htmlId": "table--windowscrashes--3bcda23e6b", + "evented": false, + "platforms": [ + "windows" + ], + "keywordsForSyntaxHighlighting": [ + "windows_crashes", + "build_number", + "command_line", + "crash_path", + "current_directory", + "datetime", + "exception_address", + "exception_code", + "exception_message", + "machine_name", + "major_version", + "minor_version", + "module", + "path", + "pid", + "process_uptime", + "registers", + "stack_trace", + "tid", + "type", + "username", + "version" + ], + "sectionRelativeRepoPath": "windows_crashes", + "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fwindows_crashes.yml&value=name%3A%20windows_crashes%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table." + }, + { + "url": "/tables/windows_eventlog", + "title": "windows_eventlog", + "htmlId": "table--windowseventlog--c368bc9838", + "evented": false, + "platforms": [ + "windows" + ], + "keywordsForSyntaxHighlighting": [ + "windows_eventlog", + "channel", + "computer_name", + "data", + "datetime", + "eventid", + "keywords", + "level", + "pid", + "provider_guid", + "provider_name", + "task", + "tid", + "time_range", + "timestamp", + "xpath" + ], + "sectionRelativeRepoPath": "windows_eventlog", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/windows_eventlog.yml" + }, + { + "url": "/tables/windows_events", + "title": "windows_events", + "htmlId": "table--windowsevents--b4aae30966", + "evented": true, + "platforms": [ + "windows" + ], + "keywordsForSyntaxHighlighting": [ + "windows_events", + "computer_name", + "data", + "datetime", + "eid", + "eventid", + "keywords", + "level", + "provider_guid", + "provider_name", + "source", + "task", + "time" + ], + "sectionRelativeRepoPath": "windows_events", + "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fwindows_events.yml&value=name%3A%20windows_events%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table." + }, + { + "url": "/tables/windows_firewall_rules", + "title": "windows_firewall_rules", + "htmlId": "table--windowsfirewallrules--54886746d8", + "evented": false, + "platforms": [ + "windows" + ], + "keywordsForSyntaxHighlighting": [ + "windows_firewall_rules", + "action", + "app_name", + "direction", + "enabled", + "grouping", + "icmp_types_codes", + "local_addresses", + "local_ports", + "name", + "profile_domain", + "profile_private", + "profile_public", + "protocol", + "remote_addresses", + "remote_ports", + "service_name" + ], + "sectionRelativeRepoPath": "windows_firewall_rules", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/windows_firewall_rules.yml" + }, + { + "url": "/tables/windows_optional_features", + "title": "windows_optional_features", + "htmlId": "table--windowsoptionalfeatures--7fc389462f", + "evented": false, + "platforms": [ + "windows" + ], + "keywordsForSyntaxHighlighting": [ + "windows_optional_features", + "caption", + "name", + "state", + "statename" + ], + "sectionRelativeRepoPath": "windows_optional_features", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/windows_optional_features.yml" + }, + { + "url": "/tables/windows_search", + "title": "windows_search", + "htmlId": "table--windowssearch--3bc557a530", + "evented": false, + "platforms": [ + "windows" + ], + "keywordsForSyntaxHighlighting": [ + "windows_search", + "additional_properties", + "date_created", + "date_modified", + "max_results", + "name", + "owner", + "path", + "properties", + "query", + "size", + "sort", + "type" + ], + "sectionRelativeRepoPath": "windows_search", + "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fwindows_search.yml&value=name%3A%20windows_search%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table." + }, + { + "url": "/tables/windows_security_center", + "title": "windows_security_center", + "htmlId": "table--windowssecuritycenter--8c6fbc78cd", + "evented": false, + "platforms": [ + "windows" + ], + "keywordsForSyntaxHighlighting": [ + "windows_security_center", + "antispyware", + "antivirus", + "autoupdate", + "firewall", + "internet_settings", + "user_account_control", + "windows_security_center_service" + ], + "sectionRelativeRepoPath": "windows_security_center", + "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fwindows_security_center.yml&value=name%3A%20windows_security_center%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table." + }, + { + "url": "/tables/windows_security_products", + "title": "windows_security_products", + "htmlId": "table--windowssecurityproducts--f74ebb0ecc", + "evented": false, + "platforms": [ + "windows" + ], + "keywordsForSyntaxHighlighting": [ + "windows_security_products", + "name", + "remediation_path", + "signatures_up_to_date", + "state", + "state_timestamp", + "type" + ], + "sectionRelativeRepoPath": "windows_security_products", + "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fwindows_security_products.yml&value=name%3A%20windows_security_products%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table." + }, + { + "url": "/tables/windows_update_history", + "title": "windows_update_history", + "htmlId": "table--windowsupdatehistory--ef7bb6c2c1", + "evented": false, + "platforms": [ + "windows" + ], + "keywordsForSyntaxHighlighting": [ + "windows_update_history", + "client_app_id", + "date", + "description", + "hresult", + "operation", + "result_code", + "server_selection", + "service_id", + "support_url", + "title", + "update_id", + "update_revision" + ], + "sectionRelativeRepoPath": "windows_update_history", + "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fwindows_update_history.yml&value=name%3A%20windows_update_history%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table." + }, + { + "url": "/tables/windows_updates", + "title": "windows_updates", + "htmlId": "table--windowsupdates--aa61957cff", + "evented": false, + "platforms": [ + "windows" + ], + "keywordsForSyntaxHighlighting": [ + "windows_updates", + "fullkey", + "is_default", + "key", + "locale", + "parent", + "query", + "value" + ], + "sectionRelativeRepoPath": "windows_updates", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/windows_updates.yml" + }, + { + "url": "/tables/wmi_bios_info", + "title": "wmi_bios_info", + "htmlId": "table--wmibiosinfo--e665577f28", + "evented": false, + "platforms": [ + "windows" + ], + "keywordsForSyntaxHighlighting": [ + "wmi_bios_info", + "name", + "value" + ], + "sectionRelativeRepoPath": "wmi_bios_info", + "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fwmi_bios_info.yml&value=name%3A%20wmi_bios_info%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table." + }, + { + "url": "/tables/wmi_cli_event_consumers", + "title": "wmi_cli_event_consumers", + "htmlId": "table--wmiclieventconsumers--d43fbe70e9", + "evented": false, + "platforms": [ + "windows" + ], + "keywordsForSyntaxHighlighting": [ + "wmi_cli_event_consumers", + "class", + "command_line_template", + "executable_path", + "name", + "relative_path" + ], + "sectionRelativeRepoPath": "wmi_cli_event_consumers", + "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fwmi_cli_event_consumers.yml&value=name%3A%20wmi_cli_event_consumers%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table." + }, + { + "url": "/tables/wmi_event_filters", + "title": "wmi_event_filters", + "htmlId": "table--wmieventfilters--04ba1150eb", + "evented": false, + "platforms": [ + "windows" + ], + "keywordsForSyntaxHighlighting": [ + "wmi_event_filters", + "class", + "name", + "query", + "query_language", + "relative_path" + ], + "sectionRelativeRepoPath": "wmi_event_filters", + "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fwmi_event_filters.yml&value=name%3A%20wmi_event_filters%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table." + }, + { + "url": "/tables/wmi_filter_consumer_binding", + "title": "wmi_filter_consumer_binding", + "htmlId": "table--wmifilterconsumerbinding--c53468b489", + "evented": false, + "platforms": [ + "windows" + ], + "keywordsForSyntaxHighlighting": [ + "wmi_filter_consumer_binding", + "class", + "consumer", + "filter", + "relative_path" + ], + "sectionRelativeRepoPath": "wmi_filter_consumer_binding", + "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fwmi_filter_consumer_binding.yml&value=name%3A%20wmi_filter_consumer_binding%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table." + }, + { + "url": "/tables/wmi_script_event_consumers", + "title": "wmi_script_event_consumers", + "htmlId": "table--wmiscripteventconsumers--9275e5f795", + "evented": false, + "platforms": [ + "windows" + ], + "keywordsForSyntaxHighlighting": [ + "wmi_script_event_consumers", + "class", + "name", + "relative_path", + "script_file_name", + "script_text", + "scripting_engine" + ], + "sectionRelativeRepoPath": "wmi_script_event_consumers", + "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fwmi_script_event_consumers.yml&value=name%3A%20wmi_script_event_consumers%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table." + }, + { + "url": "/tables/xprotect_entries", + "title": "xprotect_entries", + "htmlId": "table--xprotectentries--82da15dfc5", + "evented": false, + "platforms": [ + "darwin" + ], + "keywordsForSyntaxHighlighting": [ + "xprotect_entries", + "filename", + "filetype", + "identity", + "launch_type", + "name", + "optional", + "uses_pattern" + ], + "sectionRelativeRepoPath": "xprotect_entries", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/xprotect_entries.yml" + }, + { + "url": "/tables/xprotect_meta", + "title": "xprotect_meta", + "htmlId": "table--xprotectmeta--d9c759b143", + "evented": false, + "platforms": [ + "darwin" + ], + "keywordsForSyntaxHighlighting": [ + "xprotect_meta", + "developer_id", + "identifier", + "min_version", + "type" + ], + "sectionRelativeRepoPath": "xprotect_meta", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/xprotect_meta.yml" + }, + { + "url": "/tables/xprotect_reports", + "title": "xprotect_reports", + "htmlId": "table--xprotectreports--ed058eba3f", + "evented": false, + "platforms": [ + "darwin" + ], + "keywordsForSyntaxHighlighting": [ + "xprotect_reports", + "name", + "time", + "user_action" + ], + "sectionRelativeRepoPath": "xprotect_reports", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/xprotect_reports.yml" + }, + { + "url": "/tables/yara", + "title": "yara", + "htmlId": "table--yara--f7412a4474", + "evented": false, + "platforms": [ + "darwin", + "linux", + "windows" + ], + "keywordsForSyntaxHighlighting": [ + "yara", + "count", + "matches", + "path", + "pid_with_namespace", + "sig_group", + "sigfile", + "sigrule", + "sigurl", + "strings", + "tags" + ], + "sectionRelativeRepoPath": "yara", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/yara.yml" + }, + { + "url": "/tables/yara_events", + "title": "yara_events", + "htmlId": "table--yaraevents--a3df07297e", + "evented": true, + "platforms": [ + "darwin", + "linux", + "windows" + ], + "keywordsForSyntaxHighlighting": [ + "yara_events", + "action", + "category", + "count", + "eid", + "matches", + "strings", + "tags", + "target_path", + "time", + "transaction_id" + ], + "sectionRelativeRepoPath": "yara_events", + "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fyara_events.yml&value=name%3A%20yara_events%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table." + }, + { + "url": "/tables/ycloud_instance_metadata", + "title": "ycloud_instance_metadata", + "htmlId": "table--ycloudinstancemetadata--91cc1e1945", + "evented": false, + "platforms": [ + "darwin", + "linux", + "windows" + ], + "keywordsForSyntaxHighlighting": [ + "ycloud_instance_metadata", + "cloud_id", + "description", + "folder_id", + "hostname", + "instance_id", + "metadata_endpoint", + "name", + "serial_port_enabled", + "ssh_public_key", + "zone" + ], + "sectionRelativeRepoPath": "ycloud_instance_metadata", + "githubUrl": "https://github.com/fleetdm/fleet/new/main/schema?filename=tables%2Fycloud_instance_metadata.yml&value=name%3A%20ycloud_instance_metadata%0Adescription%3A%20%7C-%20%23%20(required)%20string%20-%20The%20description%20for%20this%20table.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%23%20Add%20description%20here%0Aexamples%3A%20%7C-%20%23%20(optional)%20string%20-%20An%20example%20query%20for%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown%0A%09%23%20Add%20examples%20here%0Anotes%3A%20%7C-%20%23%20(optional)%20string%20-%20Notes%20about%20this%20table.%20Note%3A%20This%20field%20supports%20Markdown.%0A%09%23%20Add%20notes%20here%0Acolumns%3A%20%23%20(required)%0A%09-%20name%3A%20%23%20(required)%20string%20-%20The%20name%20of%20the%20column%0A%09%20%20description%3A%20%23%20(required)%20string%20-%20The%20column's%20description.%20Note%3A%20this%20field%20supports%20Markdown%0A%09%20%20type%3A%20%23%20(required)%20string%20-%20the%20column's%20data%20type%0A%09%20%20required%3A%20%23%20(required)%20boolean%20-%20whether%20or%20not%20this%20column%20is%20required%20to%20query%20this%20table." + }, + { + "url": "/tables/yum_sources", + "title": "yum_sources", + "htmlId": "table--yumsources--866cfa7193", + "evented": false, + "platforms": [ + "linux" + ], + "keywordsForSyntaxHighlighting": [ + "yum_sources", + "baseurl", + "enabled", + "gpgcheck", + "gpgkey", + "mirrorlist", + "name", + "pid_with_namespace" + ], + "sectionRelativeRepoPath": "yum_sources", + "githubUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/yum_sources.yml" + } + ], + "rituals": { + "handbook/demand/demand.rituals.yml": [ + { + "task": "Refresh event calendar", + "startedOn": "2023-12-31", + "frequency": "Quarterly", + "description": "https://fleetdm.com/handbook/demand#refresh-event-calendar", + "moreInfoUrl": "https://fleetdm.com/handbook/demand#refresh-event-calendar", + "dri": "Drew-P-drawers" + }, + { + "task": "Prioritize for next sprint", + "startedOn": "2023-09-04", + "frequency": "Triweekly", + "description": "Using your departmental kanban board, prioritize and finalize next sprint's goals for your team by draging the appropriate issues to the top of the 'Not yet' column.", + "moreInfoUrl": "https://fleetdm.com/handbook/company/why-this-way#why-make-work-visible", + "dri": "mikermcneil", + "autoIssue": { + "labels": [ + "#g-demand" + ], + "repo": "confidential" + } + }, + { + "task": "Settle event strategy", + "startedOn": "2024-01-02", + "frequency": "Quarterly (first Tuesday)", + "description": "https://fleetdm.com/handbook/demand#settle-event-strategy", + "moreInfoUrl": "https://fleetdm.com/handbook/demand#settle-event-strategy", + "dri": "Drew-P-drawers" + }, + { + "task": "🫧 Pipeline sync", + "startedOn": "2024-08-29", + "frequency": "Weekly", + "description": "Allign with CRO and AEs on pipeline processes and incoming leads", + "moreInfoUrl": "", + "dri": "Drew-P-drawers" + }, + { + "task": "Optimize ads", + "startedOn": "2024-02-26", + "frequency": "Weekly", + "description": "Remove all but the top 5 perfoming ads in each evergreen campaign. Make sure ABM campaigns are using top performing evergreen ads.", + "moreInfoUrl": "https://fleetdm.com/handbook/demand#optimize-ads-through-experimentation", + "dri": "Drew-P-drawers" + }, + { + "task": "Process pending swag requests from the website", + "startedOn": "2023-09-20", + "frequency": "Weekly", + "description": "Complete draft orders.", + "moreInfoUrl": "https://fleetdm.com/handbook/demand#process-pending-swag-requests-from-the-website", + "dri": "Drew-P-drawers" + }, + { + "task": "Engage with the community", + "startedOn": "2023-09-20", + "frequency": "Daily", + "description": "Find relevant conversations with the community and contribute", + "moreInfoUrl": "https://fleetdm.com/handbook/demand#engage-with-the-community", + "dri": "Drew-P-drawers" + }, + { + "task": "Publish ☁️🌈 Sprint demos", + "startedOn": "2023-11-03", + "frequency": "Triweekly", + "description": "Every release cycle, upload the ☁️🌈 Sprint demos video to YouTube", + "moreInfoUrl": "https://fleetdm.com/handbook/demand#upload-to-youtube", + "dri": "Drew-P-drawers" + }, + { + "task": "Measure intent signals", + "startedOn": "2024-08-09", + "frequency": "Daily", + "description": "Measure intent signals and update SalesForce", + "moreInfoUrl": "https://fleetdm.com/handbook/demand#measure-intent-signals", + "dri": "Drew-P-drawers" + }, + { + "task": "Research accounts", + "startedOn": "2024-08-09", + "frequency": "Daily", + "description": "Research SalesForce accounts and begin ABM ads", + "moreInfoUrl": "https://fleetdm.com/handbook/demand#warm-up-actions", + "dri": "Drew-P-drawers" + } + ], + "handbook/customer-success/customer-success.rituals.yml": [ + { + "task": "Prioritize for next sprint", + "startedOn": "2023-09-04", + "frequency": "Triweekly", + "description": "Using your departmental kanban board, prioritize and finalize next sprint's goals for your team by draging the appropriate issues to the top of the 'Not yet' column.", + "moreInfoUrl": "https://fleetdm.com/handbook/company/why-this-way#why-make-work-visible", + "dri": "zayhanlon", + "autoIssue": { + "labels": [ + "#g-customer-success" + ], + "repo": "confidential" + } + }, + { + "task": "Process new requests", + "startedOn": "2023-09-04", + "frequency": "Daily", + "description": "Prioritize all new requests including issues and PRs within one business day.", + "moreInfoUrl": "https://fleetdm.com/handbook/company/communications#process-new-requests", + "dri": "zayhanlon" + }, + { + "task": "Overnight customer feedback", + "startedOn": "2024-02-08", + "frequency": "Daily", + "description": "Respond to messages and alerts", + "moreInfoUrl": "https://fleetdm.com/handbook/customer-success#respond-to-messages-and-alerts", + "dri": "ksatter" + }, + { + "task": "Monitor customer Slack channels ", + "startedOn": "2024-02-08", + "frequency": "Daily", + "description": "Continuously monitor Slack for customer feedback, feature requests, reported bugs, etc., and respond in less than an hour.", + "moreInfoUrl": "https://fleetdm.com/handbook/company/communications#customer-support-service-level-agreements-slas", + "dri": "ksatter" + }, + { + "task": "Follow-up on unresolved customer questions and concerns", + "startedOn": "2024-02-08", + "frequency": "Daily", + "description": "Follow-up with and tag appropriate personnel on customer issues and bugs in progress and items that remain unresolved.", + "moreInfoUrl": "https://fleetdm.com/handbook/company/communications#customer-support-service-level-agreements-slas", + "dri": "ksatter" + }, + { + "task": "Prepare for customer voice", + "startedOn": "2024-02-23", + "frequency": "Weekly", + "description": "Prepare and review the health and latest updates from Fleet's key customers and active proof of concepts (POCs).", + "moreInfoUrl": "", + "dri": "patagonia121" + }, + { + "task": "Prepare customer requests for feature fest", + "startedOn": "2024-02-12", + "frequency": "Triweekly", + "description": "Check-in before the 🗣️ Product Feature Requests meeting to make sure that all information necessary has been gathered before presenting customer requests and feedback to the Product team.", + "moreInfoUrl": "", + "dri": "nonpunctual" + }, + { + "task": "Present customer requests at feature fest", + "startedOn": "2024-02-15", + "frequency": "Triweekly", + "description": "Present and advocate for requests and ideas brought to Fleet's attention by customers that are interesting from a product perspective.", + "moreInfoUrl": "", + "dri": "nonpunctual" + }, + { + "task": "Communicate release notes to stakeholders", + "startedOn": "2024-02-21", + "frequency": "Triweekly", + "description": "Update customers on new features and resolved bugs in an upcoming release.", + "moreInfoUrl": "", + "dri": "patagonia121" + }, + { + "task": "Upgrade Managed Cloud", + "startedOn": "2024-02-08", + "frequency": "Weekly", + "description": "Upgrade each Managed Cloud instance to the latest version of Fleet", + "moreInfoUrl": "https://github.com/fleetdm/fleet/releases", + "dri": "rfairburn" + } + ], + "handbook/digital-experience/digital-experience.rituals.yml": [ + { + "task": "Complete Digital Experience KPIs", + "startedOn": "2024-08-30", + "frequency": "Weekly", + "description": "Complete Digital Experience KPIs for this week", + "moreInfoUrl": "https://docs.google.com/spreadsheets/d/1Hso0LxqwrRVINCyW_n436bNHmoqhoLhC8bcbvLPOs9A/edit?gid=0#gid=0&range=DB1", + "dri": "SFriendLee", + "autoIssue": { + "labels": [ + "#g-digital-experience" + ], + "repo": "fleet" + } + }, + { + "task": "Prep 1:1s for OKR planning", + "startedOn": "2024-09-09", + "frequency": "Monthly", + "description": "Add ”DISCUSS: Mike: Expectations of OKR planning“ to each e-group member's 1:1 document", + "moreInfoUrl": "https://docs.google.com/spreadsheets/d/1Hso0LxqwrRVINCyW_n436bNHmoqhoLhC8bcbvLPOs9A/edit", + "dri": "SFriendLee", + "autoIssue": { + "labels": [ + "#g-digital-experience" + ], + "repo": "fleet" + } + }, + { + "task": "Check browser compatibility for fleetdm.com", + "startedOn": "2024-03-06", + "frequency": "Monthly", + "description": "Use Browserstack to manually QA pages on fleetdm.com in each of the earliest supported browser versions", + "moreInfoUrl": "https://fleetdm.com/handbook/digital-experience#check-browser-compatibility-for-fleetdm-com", + "dri": "eashaw", + "autoIssue": { + "labels": [ + "#g-digital-experience" + ], + "repo": "fleet" + } + }, + { + "task": "Regenerate messaging framework", + "startedOn": "2024-07-15", + "frequency": "Quarterly", + "description": "Run through the entire website in `?utm_content=clear` mode and build a fresh outline of the headings to make sure they all still make sense.", + "moreInfoUrl": "", + "dri": "mike-j-thomas" + }, + { + "task": "Check brand fronts are up to date", + "startedOn": "2024-08-01", + "frequency": "Quarterly", + "description": "Check all brand fronts for consistancy and update as needed with the current product pitch and graphics.", + "moreInfoUrl": "https://fleetdm.com/handbook/digital-experience#update-a-company-brand-front", + "dri": "mike-j-thomas" + }, + { + "task": "Check production dependencies of fleetdm.com", + "startedOn": "2023-11-10", + "frequency": "Weekly", + "description": "Check for vulnerabilities on the production dependencies of fleetdm.com.", + "moreInfoUrl": "https://fleetdm.com/handbook/digital-experience#check-production-dependencies-of-fleetdm-com", + "dri": "eashaw", + "autoIssue": { + "labels": [ + "#g-digital-experience" + ], + "repo": "fleet" + } + }, + { + "task": "Check osquery Slack invitation", + "startedOn": "2023-11-10", + "frequency": "Monthly", + "description": "Check the osquery Slack invitation that is linked to from Fleet and the Fleet website to make sure it is valid.", + "moreInfoUrl": "https://fleetdm.com/slack", + "dri": "eashaw", + "autoIssue": { + "labels": [ + "#g-digital-experience" + ], + "repo": "fleet" + } + }, + { + "task": "Prepare for CEO office minutes", + "startedOn": "2023-12-18", + "frequency": "Daily", + "description": "Prepare the CEO office minutes calendar event and meeting agenda", + "moreInfoUrl": "https://fleetdm.com/handbook/digital-experience#prepare-for-ceo-office-minutes", + "dri": "SFriendLee" + }, + { + "task": "Prioritize for next sprint", + "startedOn": "2023-08-09", + "frequency": "Triweekly", + "description": "Using your departmental kanban board, prioritize and finalize next sprint's goals for your team by draging the appropriate issues to the top of the 'Not yet' column.", + "moreInfoUrl": "https://fleetdm.com/handbook/company/why-this-way#why-make-work-visible", + "dri": "sampfluger88", + "autoIssue": { + "labels": [ + "#g-digital-experience" + ], + "repo": "confidential" + } + }, + { + "task": "Process the CEO's inbox", + "startedOn": "2023-07-29", + "frequency": "Daily ⏰", + "description": "Process the CEO's inbox", + "moreInfoUrl": "https://fleetdm.com/handbook/digital-experience#process-the-ceos-email", + "dri": "SFriendLee" + }, + { + "task": "Process all \"New requests\" on the #g-digital-experience kanban board", + "startedOn": "2023-07-29", + "frequency": "Daily ⏰", + "description": "Process and prioritize all new issues and PRs", + "moreInfoUrl": "https://fleetdm.com/handbook/digital-experience#process-new-requests-from-the-g-ceo-kanban-board", + "dri": "sampfluger88" + }, + { + "task": "Process the CEO's calendar", + "startedOn": "2023-07-29", + "frequency": "Daily ⏰", + "description": "Process the CEO's calendar", + "moreInfoUrl": "https://fleetdm.com/handbook/digital-experience#process-the-ceos-calendar", + "dri": "SFriendLee" + }, + { + "task": "Send weekly update", + "startedOn": "2023-09-15", + "frequency": "Weekly", + "description": "Send weekly update", + "moreInfoUrl": "https://fleetdm.com/handbook/digital-experience#send-the-weekly-update", + "dri": "SFriendLee", + "autoIssue": { + "labels": [ + "#g-digital-experience" + ], + "repo": "confidential" + } + }, + { + "task": "Process and backup E-group agenda", + "startedOn": "2023-09-20", + "frequency": "Weekly", + "description": "Process and backup E-group agenda", + "moreInfoUrl": "https://fleetdm.com/handbook/digital-experience#process-and-backup-sid-agenda", + "dri": "SFriendLee", + "autoIssue": { + "labels": [ + "#g-digital-experience" + ], + "repo": "confidential" + } + }, + { + "task": "Process and backup Sid agenda", + "startedOn": "2023-09-25", + "frequency": "Monthly", + "description": "Process and backup Sid agenda", + "moreInfoUrl": "https://fleetdm.com/handbook/digital-experience#process-and-backup-e-group-agenda", + "dri": "SFriendLee", + "autoIssue": { + "labels": [ + "#g-digital-experience" + ], + "repo": "confidential" + } + }, + { + "task": "Share recording of all hands meeting", + "startedOn": "2023-07-01", + "frequency": "Monthly", + "description": "Sharing the all hands recording", + "moreInfoUrl": "https://fleetdm.com/handbook/digital-experience#share-recording-of-all-hands-meeting", + "dri": "SFriendLee", + "autoIssue": { + "labels": [ + "#g-digital-experience" + ], + "repo": "confidential" + } + }, + { + "task": "Prepare all hands deck", + "startedOn": "2023-07-01", + "frequency": "Monthly", + "description": "Preparing the all hands deck", + "moreInfoUrl": "https://fleetdm.com/handbook/digital-experience#preparing-for-the-all-hands", + "dri": "sampfluger88", + "autoIssue": { + "labels": [ + "#g-digital-experience" + ], + "repo": "confidential" + } + }, + { + "task": "Prepare board deck", + "startedOn": "2023-09-25", + "frequency": "Quarterly", + "description": "Prepare slide deck for the next board meeting", + "dri": "sampfluger88" + }, + { + "task": "Process CEO GitHub review requests, mentions, and outstanding PRs", + "startedOn": "2023-07-29", + "frequency": "Daily", + "description": "Filter all action items from CEO's GitHub notifications", + "dri": "SFriendLee" + }, + { + "task": "Check LinkedIn for unread messages", + "startedOn": "2023-09-25", + "frequency": "Daily", + "description": "Prevent connections from slipping through the cracks", + "moreInfoUrl": "https://fleetdm.com/handbook/digital-experience#check-linkedin-for-unread-messages", + "dri": "SFriendLee" + }, + { + "task": "Downgrade unused license seats", + "startedOn": "2024-03-31", + "frequency": "Quarterly", + "description": "Downgrade unused or questionable license seats on the first Wednesday of every quarter", + "moreInfoUrl": "https://fleetdm.com/handbook/digital-experience#downgrade-an-unused-license-seat", + "dri": "sampfluger88" + }, + { + "task": "Communicate Fleet's potential energy to stakeholders", + "startedOn": "2024-05-01", + "frequency": "Monthly", + "description": "Via hand or automation, send a monthly update email to all investors that hold 4% equity or greater in Fleet who have opted in to receive emails on the company's progress.", + "moreInfoUrl": "https://fleetdm.com/handbook/digital-experience#communicate-fleets-potential-energy-to-stakeholders", + "dri": "sampfluger88", + "autoIssue": { + "labels": [ + "#g-digital-experience" + ], + "repo": "confidential" + } + }, + { + "task": "Vanta check", + "startedOn": "2024-04-01", + "frequency": "Monthly", + "description": "Look for any new actions in Vanta due in the upcoming months and create issues to ensure they're done on time.", + "moreInfoUrl": null, + "dri": "sampfluger88", + "autoIssue": { + "labels": [ + "#g-digital-experience" + ], + "repo": "confidential" + } + }, + { + "task": "Recognize and benchmark workiversaries", + "startedOn": "2024-07-15", + "frequency": "Bimonthly", + "description": "Identify workiversaries coming up in the next two months and follow the steps to ensure they're recognized and benchmarked", + "moreInfoUrl": "https://fleetdm.com/handbook/digital-experience#recognize-employee-workiversaries", + "dri": "sampfluger88" + }, + { + "task": "Quarterly grants", + "startedOn": "2024-02-01", + "frequency": "Quarterly", + "description": "Create the equity grants GitHub issue and walk through the steps.", + "moreInfoUrl": "https://fleetdm.com/handbook/digital-experience#grant-equity", + "dri": "hollidayn" + }, + { + "task": "Change password of \"Integrations admin\" Salesforce account", + "startedOn": "2024-09-10", + "frequency": "Quarterly", + "description": "Log into the \"Integrations admin\" account in Salesforce and change the password to prevent a password change being required by Salesforce.", + "moreInfoUrl": "https://fleetdm.com/handbook/digital-experience#change-the-integrations-admin-salesforce-account-password", + "dri": "eashaw" + } + ], + "handbook/finance/finance.rituals.yml": [ + { + "task": "Communicate the status of customer financial actions", + "startedOn": "2024-02-12", + "frequency": "Weekly", + "description": "At the start of every week, check the Salesforce reports for past due invoices, non-invoiced opportunities, and past due renewals. Report findings to in the `#g-sales` channel.", + "moreInfoUrl": "https://fleetdm.com/handbook/finance#communicate-the-status-of-customer-financial-actions", + "dri": "ireedy", + "autoIssue": { + "labels": [ + "#g-finance" + ], + "repo": "confidential" + } + }, + { + "task": "AP invoice monitoring", + "startedOn": "2024-04-01", + "frequency": "Weekly", + "description": "Look for new accounts payable invoices and make sure that Fleet's suppliers are paid.", + "moreInfoUrl": "https://fleetdm.com/handbook/finance#process-a-new-vendor-invoice", + "dri": "ireedy", + "autoIssue": { + "labels": [ + "#g-finance" + ], + "repo": "confidential" + } + }, + { + "task": "Complete Finance KPI inputs", + "startedOn": "2024-02-16", + "frequency": "Weekly", + "description": "Create the weekly team KPI issue, complete the finance update.", + "moreInfoUrl": "https://fleetdm.com/handbook/finance#update-weekly-kpis", + "dri": "ireedy", + "autoIssue": { + "labels": [ + "#g-finance" + ], + "repo": "confidential" + } + }, + { + "task": "Key review prep", + "startedOn": "2024-02-14", + "frequency": "Triweekly", + "description": "Prepare for this sprint's Key review meeting.", + "moreInfoUrl": "https://fleetdm.com/handbook/company/leadership#key-reviews", + "dri": "jostableford", + "autoIssue": { + "labels": [ + "#g-finance" + ], + "repo": "confidential" + } + }, + { + "task": "Prioritize for next sprint", + "startedOn": "2023-08-09", + "frequency": "Triweekly", + "description": "Using your departmental kanban board, prioritize and finalize next sprint's goals for your team by draging the appropriate issues to the top of the 'Not yet' column.", + "moreInfoUrl": "https://fleetdm.com/handbook/company/why-this-way#why-make-work-visible", + "dri": "jostableford", + "autoIssue": { + "labels": [ + "#g-finance" + ], + "repo": "confidential" + } + }, + { + "task": "Reconcile monthly recurring expenses", + "startedOn": "2024-02-28", + "frequency": "Monthly", + "description": "Each month, update the inputs in “The numbers” spreadsheet to reflect the actuals for recurring non-personnel spend, and identify any unexpected increase or decrease in spend.", + "moreInfoUrl": "https://fleetdm.com/handbook/finance#reconcile-monthly-recurring-expenses", + "dri": "jostableford", + "autoIssue": { + "labels": [ + "#g-finance" + ], + "repo": "confidential" + } + }, + { + "task": "Monthly accounting", + "startedOn": "2024-02-28", + "frequency": "Monthly", + "description": "Create the monthly close GitHub issue and walk through the steps. This process includes fulfilling the monthly reporting requirement for SVB.", + "moreInfoUrl": "https://fleetdm.com/handbook/finance#process-monthly-accounting", + "dri": "ireedy", + "autoIssue": { + "labels": [ + "#g-finance" + ], + "repo": "confidential" + } + }, + { + "task": "Run regular payroll", + "startedOn": "2024-02-24", + "frequency": "Monthly", + "description": "Verify auto-populated payroll for all full time employees is accurate, and approve for processing.", + "moreInfoUrl": "https://fleetdm.com/handbook/finance#run-payroll", + "dri": "jostableford", + "autoIssue": { + "labels": [ + "#g-finance" + ], + "repo": "confidential" + } + }, + { + "task": "Monthly mail review", + "startedOn": "2024-04-15", + "frequency": "Monthly", + "description": "Review and clear mail incurring storage fees", + "moreInfoUrl": null, + "dri": "ireedy", + "autoIssue": { + "labels": [ + "#g-finance" + ], + "repo": "confidential" + } + }, + { + "task": "Run US contractor payroll", + "startedOn": "2024-02-28", + "frequency": "Monthly", + "description": "Manually process US contractor payroll by verifying and syncing time contractor worked, then processing payment.", + "moreInfoUrl": "https://fleetdm.com/handbook/finance#run-us-contractor-payroll", + "dri": "jostableford", + "autoIssue": { + "labels": [ + "#g-finance" + ], + "repo": "confidential" + } + }, + { + "task": "Run US commission payroll", + "startedOn": "2024-01-31", + "frequency": "Monthly", + "description": "Verify closed-won deal amounts, use commission calculators to determine commissions owed, and process payroll.", + "moreInfoUrl": "https://fleetdm.com/handbook/finance#run-us-commission-payroll", + "dri": "jostableford", + "autoIssue": { + "labels": [ + "#g-finance" + ], + "repo": "confidential" + } + }, + { + "task": "Run bonus payroll", + "startedOn": "2024-01-31", + "frequency": "Quarterly", + "description": "Verify completion of any objective or outcome based bonus plans, and process payroll.", + "moreInfoUrl": "https://fleetdm.com/handbook/finance#run-us-commission-payroll", + "dri": "jostableford" + }, + { + "task": "Review state filings for the previous quarter", + "startedOn": "2024-07-19", + "frequency": "Quarterly", + "description": "Verify that state filings have been successfully submitted for the previous quarter", + "moreInfoUrl": "https://fleetdm.com/handbook/finance#review-state-employment-tax-filings-for-the-previous-quarter", + "dri": "ireedy" + }, + { + "task": "Investor reporting", + "startedOn": "2024-03-31", + "frequency": "Quarterly", + "description": "Provide updated metrics for CRV in Chronograph.", + "moreInfoUrl": "https://fleetdm.com/handbook/finance#report-quarterly-numbers-in-chronograph", + "dri": "ireedy" + }, + { + "task": "Quartlery finance check", + "startedOn": "2024-03-31", + "frequency": "Quarterly", + "description": "Every quarter, we check Quickbooks Online (QBO) for discrepancies and follow up with accounting providers for any quirks found.", + "moreInfoUrl": "https://fleetdm.com/handbook/finance#check-finances-for-quirks", + "dri": "jostableford" + }, + { + "task": "Deliver annual report for venture line", + "startedOn": "2024-12-01", + "frequency": "Annually", + "description": "Within 60 days of the new year, provide financial statements to SVB, along with board-approved projections for the new year", + "moreInfoUrl": "https://fleetdm.com/handbook/finance#deliver-annual-report-for-venture-line", + "dri": "jostableford" + }, + { + "task": "Tax preparation", + "startedOn": "2024-02-01", + "frequency": "Annually", + "description": "Provide information to tax team with Deloitte and assist with filing and paying state and federal returns", + "moreInfoUrl": null, + "dri": "jostableford" + } + ], + "handbook/engineering/engineering.rituals.yml": [ + { + "task": "Pull request review", + "startedOn": "2023-08-09", + "frequency": "Daily", + "description": "Engineers go through pull requests for which their review has been requested.", + "moreInfoUrl": "https://fleetdm.com/handbook/company/why-this-way#why-make-work-visible", + "dri": "lukeheath" + }, + { + "task": "Engineering group discussions", + "startedOn": "2023-08-09", + "frequency": "Daily", + "description": "Engineers go through pull requests for which their review has been requested.", + "moreInfoUrl": null, + "dri": "lukeheath" + }, + { + "task": "Oncall handoff", + "startedOn": "2023-08-09", + "frequency": "Weekly", + "description": "Hand off the oncall engineering responsibilities to the next oncall engineer.", + "moreInfoUrl": null, + "dri": "lukeheath" + }, + { + "task": "Vulnerability alerts (fleetdm.com)", + "startedOn": "2023-08-09", + "frequency": "Weekly", + "description": "Review and remediate or dismiss vulnerability alerts for the fleetdm.com codebase on GitHub.", + "moreInfoUrl": "https://github.com/fleetdm/fleet/security", + "dri": "eashaw" + }, + { + "task": "Vulnerability alerts (frontend)", + "startedOn": "2023-08-09", + "frequency": "Weekly", + "description": "Review and remediate or dismiss vulnerability alerts for the Fleet frontend codebase (and related JS) on GitHub.", + "moreInfoUrl": "https://github.com/fleetdm/fleet/security", + "dri": "lukeheath" + }, + { + "task": "Vulnerability alerts (backend)", + "startedOn": "2023-08-09", + "frequency": "Weekly", + "description": "Review and remediate or dismiss vulnerability alerts for the Fleet backend codebase (and all Go code) on GitHub.", + "moreInfoUrl": "https://github.com/fleetdm/fleet/security", + "dri": "lukeheath" + }, + { + "task": "Release candidate ritual", + "startedOn": "2023-08-09", + "frequency": "Triweekly", + "description": "Go through the process of creating a release candidate.", + "moreInfoUrl": "https://github.com/fleetdm/fleet/blob/main/tools/release/README.md#minor-release-typically-end-of-sprint", + "dri": "lukeheath" + }, + { + "task": "Release ritual", + "startedOn": "2023-08-09", + "frequency": "Triweekly", + "description": "Go through the process of releasing the next iteration of Fleet.", + "moreInfoUrl": "https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Releasing-Fleet.md", + "dri": "lukeheath" + }, + { + "task": "Create patch release branch", + "startedOn": "2023-08-09", + "frequency": "Every patch release", + "description": "Go through the process of creating a patch release branch, cherry picking commits, and pushing the branch to github.com/fleetdm/fleet.", + "moreInfoUrl": "https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Releasing-Fleet.md#patch-releases", + "dri": "lukeheath" + }, + { + "task": "Bug review", + "startedOn": "2023-08-09", + "frequency": "Weekly", + "description": "Review bugs that are in QA's inbox.", + "moreInfoUrl": "https://www.fleetdm.com/handbook/company/product-groups#inbox", + "dri": "xpkoala" + }, + { + "task": "QA report", + "startedOn": "2023-08-09", + "frequency": "Triweekly", + "description": "Every release cycle, on the Monday of release week, update the DRI for the release ritual on status of testing.", + "moreInfoUrl": null, + "dri": "xpkoala" + }, + { + "task": "Release QA", + "startedOn": "2023-08-09", + "frequency": "Triweekly", + "description": "Every release cycle, by end of day Friday of release week, move all issues to the ”✅ Ready for release” column on the #g-mdm and #g-endpoint-ops sprint boards.", + "moreInfoUrl": null, + "dri": "xpkoala" + }, + { + "task": "Check ongoing events", + "startedOn": "2024-02-09", + "frequency": "Daily", + "description": "Check event issues and complete steps.", + "moreInfoUrl": "https://fleetdm.com/handbook/engineering#book-an-event", + "dri": "spokanemac" + } + ], + "handbook/sales/sales.rituals.yml": [ + { + "task": "Close leads contacted ≥7 days ago", + "startedOn": "2024-07-05", + "frequency": "Daily", + "description": "Close all of your leads in the 'Attempted to contact' stage and which have been there for 7 or more days. If follow-up is appropriate, and won't be bothersome, it can be done after closing the lead. (A new lead can always be opened for the contact later.)", + "moreInfoUrl": "", + "dri": "Every AE" + }, + { + "task": "Prioritize for next sprint", + "startedOn": "2023-09-04", + "frequency": "Triweekly", + "description": "Using your departmental kanban board, prioritize and finalize next sprint's goals for your team by draging the appropriate issues to the top of the 'Not yet' column.", + "moreInfoUrl": "https://fleetdm.com/handbook/company/why-this-way#why-make-work-visible", + "dri": "alexmitchelliii", + "autoIssue": { + "labels": [ + "#g-sales" + ], + "repo": "confidential" + } + }, + { + "task": "g-sales standup", + "startedOn": "2023-09-04", + "frequency": "Daily", + "description": "Review progress on priorities for Sprint. Discuss previous day accomplishments, goals for today and any blockers.", + "moreInfoUrl": "https://fleetdm.com/handbook/company/why-this-way#why-make-work-visible", + "dri": "alexmitchelliii" + }, + { + "task": "Opportunity pipeline review", + "startedOn": "2023-09-04", + "frequency": "Weekly", + "description": "Review status of sales opportunities and discuss next steps.", + "moreInfoUrl": "https://fleetdm.com/handbook/customers#review-rep-activity", + "dri": "alexmitchelliii", + "autoIssue": { + "labels": [ + "#g-sales" + ], + "repo": "confidential" + } + }, + { + "task": "Review rep activity", + "startedOn": "2023-09-18", + "frequency": "Monthly", + "description": "https://fleetdm.com/handbook/customers#review-rep-activity", + "moreInfoUrl": "https://fleetdm.com/handbook/customers#review-rep-activity", + "dri": "alexmitchelliii" + } + ], + "handbook/product-design/product-design.rituals.yml": [ + { + "task": "Design sprint review", + "startedOn": "2024-03-07", + "frequency": "Triweekly", + "description": "Clear out the drafting board of all issues that are not estimated but leave the items we want to take in the next sprint on the drafting board. Record the number of dropped stories for KPIs (all user stories that did not meet the 3 week drafting timeline).", + "moreInfoUrl": null, + "dri": "noahtalerman" + }, + { + "task": "🎁 Feature fest", + "startedOn": "2024-03-07", + "frequency": "Triweekly", + "description": "We make a decision regarding which customer and community feature requests can be committed to in the next six weeks.", + "moreInfoUrl": "https://fleetdm.com/handbook/company/product-groups#feature-fest", + "dri": "noahtalerman" + }, + { + "task": "Design sprint kickoff", + "startedOn": "2024-03-07", + "frequency": "Triweekly", + "description": "Add stories prioritized during Feature fest to Drafting board, assign stories to product designers, and align on priorities.", + "moreInfoUrl": null, + "dri": "noahtalerman" + }, + { + "task": "Sprint kickoff review", + "startedOn": "2024-03-07", + "frequency": "Triweekly", + "description": "Identify stories that did not make it into this sprint and remove them from the board. Notify relevant requesters/stakeholders. Ensure bugs have been effectively prioritized across teams. Recommend highlights for next release notes. Record the number of drops for KPI reporting. Consider product group staffing. Are we scheduling what we prioritized? Did we finish what we scheduled in the sprint? (Look at org chart.)", + "moreInfoUrl": null, + "dri": "noahtalerman" + }, + { + "task": "🦢🗣 Design review", + "startedOn": "2024-03-07", + "frequency": "Daily", + "description": "On Mondays, contributors present wireframes in 'Feedback' mode and anyone can give feedback. 'Final review' mode during all other days and only Head of Product Design + CTO + Product Designers give feedback.", + "moreInfoUrl": "https://fleetdm.com/handbook/company/product-groups#design-reviews", + "dri": "noahtalerman" + }, + { + "task": "🦢🔄 Product design sync", + "startedOn": "2023-07-11", + "frequency": "Weekly", + "description": "Weekly time to chat about product design work (design reviews, conventions & best practices, using Figma, etc.)", + "moreInfoUrl": "https://docs.google.com/document/d/1GDEcXuTUjHI2CD9Jqega_GyF9DL6-PBmcyJpj55Lmos/edit", + "dri": "noahtalerman" + }, + { + "task": "🦢🗣 Product office hours", + "startedOn": "2023-07-11", + "frequency": "Weekly", + "description": "Head of Product Design + any other contributors who would like to attend. 30 minutes reserved to talk about any product.", + "moreInfoUrl": "https://docs.google.com/document/d/1Znyp2a9qcM9JdYHrzLudvcPwEdhnCg7RiKi22s8yGWw/edit", + "dri": "noahtalerman" + }, + { + "task": "Maintenance", + "startedOn": "2024-03-01", + "frequency": "Weekly", + "description": "Head of Product Design checks the latest versions of relevant platforms, updates the maintenance tracker, and notifies the #g-mdm and #g-endpoint-ops Slack channel.", + "moreInfoUrl": null, + "dri": "noahtalerman" + }, + { + "task": "Product confirm and celebrate", + "startedOn": "2024-02-27", + "frequency": "Weekly", + "description": "Review user stories we shipped but haven't closed/ Confirm all the loose ends are tied up: docs, internal and external comms, guides, pricing page, transparency page, user permissions.", + "moreInfoUrl": null, + "dri": "noahtalerman" + }, + { + "task": "Pre-sprint prioritization", + "startedOn": "2024-02-27", + "frequency": "Triweekly", + "description": "Discuss what stories weren't completed in the previous sprint. Record the number of stories in KPIs. Align on priorities for upcoming sprint.", + "dri": "noahtalerman" + } + ] + }, + "testimonials": [ + { + "quote": "Yes Sir. Great tools for the everyday open-source geeks 💯", + "quoteAuthorName": "Alvaro Gutierrez", + "quoteAuthorProfileImageFilename": "testimonial-authour-alvaro-gutierrez-100x100@2x.png", + "quoteLinkUrl": "https://www.linkedin.com/in/aantoniogutierrez/", + "quoteAuthorJobTitle": "Technology Evangelist", + "productCategories": [ + "Endpoint operations" + ] + }, + { + "quote": "Fleet / osquery are some of my favorite open source detection tooling.", + "quoteAuthorName": "Joe Pistone", + "quoteAuthorProfileImageFilename": "testimonial-author-joe-pistone-100x100@2x.png", + "quoteLinkUrl": "https://www.linkedin.com/in/josephpistone/", + "quoteAuthorJobTitle": "Manager, Security Operations", + "productCategories": [ + "Endpoint operations" + ] + }, + { + "quote": "I had to answer some really complex questions for a compliance audit, and I was able to do it in about 15 minutes by munging some data together via a few queries into a csv. It took me longer to remember how to use `xsv` than to actually put together the report. If you aren't using osquery in your environment, you should be.", + "quoteAuthorName": "Charles Zaffery", + "quoteAuthorProfileImageFilename": "testimonial-author-charles-zaffery-48x48@2x.png", + "quoteLinkUrl": "https://www.linkedin.com/in/charleszaffery/", + "quoteAuthorJobTitle": "Principle Computer Janitor", + "productCategories": [ + "Vulnerability management" + ] + }, + { + "quote": "The visibility down into the assets covered by the agent is phenomenal. Fleet has become the central source for a lot of things.", + "quoteAuthorName": "Andre Shields", + "quoteAuthorProfileImageFilename": "testimonial-author-andre-shields-48x48@2x.png", + "quoteLinkUrl": "https://www.linkedin.com/in/andre-shields/", + "quoteAuthorJobTitle": "Staff Cybersecurity Engineer, Vulnerability Management", + "youtubeVideoUrl": "https://www.youtube.com/watch?v=siXy9aanOu4", + "productCategories": [ + "Endpoint operations", + "Vulnerability management" + ], + "videoIdForEmbed": "siXy9aanOu4" + }, + { + "quote": "I love the steady and consistent delivery of features that help teams work how they want to work, not how your product dictates they work.", + "quoteImageFilename": "social-proof-logo-atlassian-192x32@2x.png", + "quoteLinkUrl": "https://www.linkedin.com/in/danielgrzelak/", + "quoteAuthorName": "Dan Grzelak", + "quoteAuthorProfileImageFilename": "testimonial-author-daniel-grzelak-48x48@2x.png", + "quoteAuthorJobTitle": "Security Chief of Staff", + "productCategories": [ + "Endpoint operations", + "Vulnerability management", + "Device management" + ], + "imageHeight": 32 + }, + { + "quote": "We can build it exactly the way we want it. Which is just not possible on other platforms.", + "quoteAuthorName": "Austin Anderson", + "quoteAuthorProfileImageFilename": "testimonial-author-austin-anderson-48x48@2x.png", + "quoteAuthorJobTitle": "Cybersecurity team senior manager", + "quoteLinkUrl": "https://www.linkedin.com/in/austin-anderson-73172185/", + "youtubeVideoUrl": "https://www.youtube.com/watch?v=G5Ry_vQPaYc", + "productCategories": [ + "Endpoint operations", + "Vulnerability management" + ], + "videoIdForEmbed": "G5Ry_vQPaYc" + }, + { + "quote": "Exciting. This is a team that listens to feedback.", + "quoteImageFilename": "social-proof-logo-uber-71x32@2x.png", + "quoteLinkUrl": "https://www.linkedin.com/in/eriknicolasgomez/", + "quoteAuthorName": "Erik Gomez", + "quoteAuthorProfileImageFilename": "testimonial-author-erik-gomez-48x48@2x.png", + "quoteAuthorJobTitle": "Staff Client Platform Engineer", + "productCategories": [ + "Endpoint operations", + "Device management" + ], + "imageHeight": 32 + }, + { + "quote": "Context is king for device data, and Fleet provides a way to surface that information to our other teams and partners.", + "quoteAuthorName": "Nick Fohs", + "quoteAuthorProfileImageFilename": "testimonial-author-nick-fohs-24x24@2x.png", + "quoteLinkUrl": "https://www.linkedin.com/in/nickfohs/", + "quoteAuthorJobTitle": "Systems and infrastructure manager", + "youtubeVideoUrl": "https://www.youtube.com/watch?v=fs5ULAR4e4A", + "productCategories": [ + "Endpoint operations", + "Device management", + "Vulnerability management" + ], + "videoIdForEmbed": "fs5ULAR4e4A" + }, + { + "quote": "Keeping up with the latest issues in endpoint security is a never-ending task, because engineers have to regularly ensure every laptop and server is still sufficiently patched and securely configured. The problem is, software vendors release new versions all the time, and no matter how much you lock it down, end users find ways to change things.", + "quoteImageFilename": "social-proof-logo-lyft-47x32@2x.png", + "quoteLinkUrl": "https://www.linkedin.com/in/nwaisman/", + "quoteAuthorName": "Nico Waisman", + "quoteAuthorProfileImageFilename": "testimonial-author-nico-waisman-48x48@2x.png", + "quoteAuthorJobTitle": "CISO of Lyft", + "productCategories": [ + "Endpoint operations", + "Vulnerability management" + ], + "imageHeight": 32 + }, + { + "quote": "Having the freedom to take full advantage of the product is one of the reasons why I always support open-source products with a commercially-backed company, like Fleet.", + "quoteImageFilename": "social-proof-logo-lyft-47x32@2x.png", + "quoteLinkUrl": "https://www.linkedin.com/posts/nwaisman_movingtofleet-activity-7156319785981509632-bk_W", + "quoteAuthorName": "Nico Waisman", + "quoteAuthorProfileImageFilename": "testimonial-author-nico-waisman-48x48@2x.png", + "quoteAuthorJobTitle": "CISO of Lyft", + "productCategories": [ + "Device management" + ], + "imageHeight": 32 + }, + { + "quote": "Fleet has been highly effective for our needs. We appreciate your team for always being so open to hearing our feedback.", + "quoteAuthorName": "Kenny Botelho", + "quoteAuthorProfileImageFilename": "testimonial-author-kenny-botelho-48x48@2x.png", + "quoteAuthorJobTitle": "Client Platform IT Engineer / Leader", + "quoteLinkUrl": "https://www.linkedin.com/in/kennybotelho/", + "productCategories": [ + "Endpoint operations", + "Device management" + ] + }, + { + "quote": "Mad props to how easy making a deploy pkg of the agent was. I wish everyone made stuff that easy.", + "quoteImageFilename": "social-proof-logo-stripe-67x32@2x.png", + "quoteAuthorName": "Wes Whetstone", + "quoteAuthorProfileImageFilename": "testimonial-author-wes-whetstone-48x48@2x.png", + "quoteLinkUrl": "https://www.linkedin.com/in/jckwhet/", + "quoteAuthorJobTitle": "Staff CPE at Stripe", + "productCategories": [ + "Endpoint operations", + "Device management" + ], + "imageHeight": 32 + }, + { + "quote": "Fleet’s come a long way - to now being the top open-source osquery manager.", + "quoteImageFilename": "social-proof-logo-atlassian-192x32@2x.png", + "quoteLinkUrl": "https://www.linkedin.com/in/bshak/", + "quoteAuthorName": "Brendan Shaklovitz", + "quoteAuthorProfileImageFilename": "testimonial-author-brendan-shaklovitz-48x48@2x.png", + "quoteAuthorJobTitle": "Senior SRE", + "productCategories": [ + "Endpoint operations" + ], + "imageHeight": 32 + }, + { + "quote": "It’s great to see the new release of Fleet containing some really cool new features that make osquery much more usable in practical environments. I’m really impressed with the work that Zach Wasserman and the crew are doing at Fleet.", + "quoteImageFilename": "social-proof-logo-osquery-124x32@2x.png", + "quoteLinkUrl": "https://www.linkedin.com/in/marpaia/", + "quoteAuthorName": "Mike Arpaia", + "quoteAuthorProfileImageFilename": "testimonial-author-mike-arpaia-48x48@2x.png", + "quoteAuthorJobTitle": "Creator of osquery", + "productCategories": [ + "Endpoint operations" + ], + "imageHeight": 32 + }, + { + "quote": "Osquery is one of the best tools out there and Fleet makes it even better. Highly recommend it if you want to monitor, detect and investigate threats on a scale and also for infra/sys admin. I have used it on 15k servers and it’s really scalable.", + "quoteImageFilename": "social-proof-logo-salesforce-48x32@2x.png", + "quoteLinkUrl": "https://www.linkedin.com/in/anelshaer/", + "quoteAuthorName": "Ahmed Elshaer", + "quoteAuthorProfileImageFilename": "testimonial-author-ahmed-elshaer-48x48@2x.png", + "quoteAuthorJobTitle": "DFIR, Blue Teaming, SecOps", + "productCategories": [ + "Endpoint operations" + ], + "imageHeight": 32 + }, + { + "quote": "With the power of osquery, you need a scalable & resilient platform to manage your workloads. Fleet is the \"just right\" open-source, enterprise grade solution.", + "quoteImageFilename": "social-proof-logo-comcast-91x32@2x.png", + "quoteLinkUrl": "https://www.linkedin.com/in/abubakar-yousafzai-b7213659/", + "quoteAuthorName": "Abubakar Yousafzai", + "quoteAuthorProfileImageFilename": "testimonial-author-abubakar-yousafzai-48x48@2x.png", + "quoteAuthorJobTitle": "Security Software Development & Engineering", + "productCategories": [ + "Endpoint operations" + ], + "imageHeight": 32 + }, + { + "quote": "One of the best teams out there to go work for and help shape security platforms.", + "quoteImageFilename": "social-proof-logo-deloitte-130x32@2x.png", + "quoteLinkUrl": "https://www.linkedin.com/in/neondhruv/", + "quoteAuthorName": "Dhruv Majumdar", + "quoteAuthorProfileImageFilename": "testimonial-author-dhruv-majumdar-48x48@2x.png", + "quoteAuthorJobTitle": "Director Of Cyber Risk & Advisory", + "productCategories": [ + "Vulnerability management", + "Endpoint operations" + ], + "imageHeight": 32 + }, + { + "quote": "Fleet has such a huge amount of use cases. My goal was to get telemetry on endpoints, but then our IR team, our TBM team, and multiple other folks in security started heavily utilizing the system in ways I didn’t expect. It spread so naturally, even our corporate and infrastructure teams want to run it.", + "quoteAuthorName": "Charles Zaffery", + "quoteLinkUrl": "https://www.linkedin.com/in/charleszaffery/", + "quoteAuthorJobTitle": "Principle computer janitor", + "quoteAuthorProfileImageFilename": "testimonial-author-charles-zaffery-48x48@2x.png", + "youtubeVideoUrl": "https://www.youtube.com/watch?v=nRbZJflWqCo", + "productCategories": [ + "Endpoint operations" + ], + "videoIdForEmbed": "nRbZJflWqCo" + }, + { + "quote": "I don't want one bad actor to brick my fleet, I want them to make a pull request first.", + "quoteAuthorName": "Matt Carr", + "quoteAuthorJobTitle": "CPE manager", + "quoteAuthorProfileImageFilename": "testimonial-author-matt-carr-48x48@2x.png", + "quoteLinkUrl": "https://www.linkedin.com/in/mathewcarr/", + "productCategories": [ + "Device management" + ] + }, + { + "quote": "I wanted an easy way to control osquery configurations, and I wanted to stream data as fast as possible into Snowflake. No other solution jumped out to solve those things except for Fleet.", + "quoteAuthorName": "Tom Larkin", + "quoteAuthorJobTitle": "IT Engineering Manager", + "quoteAuthorProfileImageFilename": "testimonial-author-tom-larkin-48x48@2x.png", + "quoteLinkUrl": "https://www.linkedin.com/in/thlarkin/", + "youtubeVideoUrl": "https://www.youtube.com/watch?v=nkjg_hNe86Q", + "productCategories": [ + "Endpoint operations" + ], + "videoIdForEmbed": "nkjg_hNe86Q" + }, + { + "quote": "Something I really appreciate about working with you guys is that it doesn't feel like I'm talking to a vendor. It actually feels like I'm talking to my team, and I really appreciate it.", + "quoteImageFilename": "social-proof-logo-deloitte-130x32@2x.png", + "quoteLinkUrl": "https://www.linkedin.com/in/cmajumdar/", + "quoteAuthorName": "Chandra Majumdar", + "quoteAuthorProfileImageFilename": "testimonial-author-chandra-majumdar-48x48@2x.png", + "quoteAuthorJobTitle": "Partner - Cyber and Strategic Risk", + "productCategories": [ + "Vulnerability management", + "Endpoint operations" + ], + "imageHeight": 32 + }, + { + "quote": "This is not just production osquery, but actually a way bigger opportunity than even something like Airwatch or Jamf.", + "quoteImageFilename": "logo-flock-safety-907x132@2x.png", + "quoteLinkUrl": "https://www.linkedin.com/in/mrerictan/", + "quoteAuthorName": "Eric Tan", + "quoteAuthorProfileImageFilename": "testimonial-author-eric-tan-99x99@2x.png", + "quoteAuthorJobTitle": "CIO & Chief Security Officer at Flock Safety", + "productCategories": [ + "Device management", + "Endpoint operations" + ], + "imageHeight": 132 + } + ], + "openPositions": [ + { + "jobTitle": "🚀 Software Engineer", + "url": "/handbook/company/open-positions/software-engineer" + }, + { + "jobTitle": "🐋 Account Executive", + "url": "/handbook/company/open-positions/account-executive" + } + ], + "compiledPagePartialsAppPath": "views/partials/built-from-markdown" } } From a17ab39ab6d39fecf510194f61f1cf0caae465ba Mon Sep 17 00:00:00 2001 From: Rebecca Cowart Date: Fri, 20 Sep 2024 15:57:13 -0400 Subject: [PATCH 07/18] Update button name in deploy-fleet.md (#22271) Render changed their "Apply" button to read "Deploy Blueprint" --- docs/Deploy/deploy-fleet.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/Deploy/deploy-fleet.md b/docs/Deploy/deploy-fleet.md index ee5299bfc3..5f1355b80b 100644 --- a/docs/Deploy/deploy-fleet.md +++ b/docs/Deploy/deploy-fleet.md @@ -47,7 +47,7 @@ Render is a cloud hosting service that makes it easy to get up and running fast, 2. Give the Blueprint a unique name like `yourcompany-fleet`. -3. Click "**Apply.**" Render will provision your services, which should take less than five minutes. +3. Click "**Deploy Blueprint.**" Render will provision your services, which should take less than five minutes. 4. Click the "**Dashboard**" tab in Render when provisioning is complete to see your new services. From fc8b1d67f51fa317cd5c298075555999806f9f96 Mon Sep 17 00:00:00 2001 From: Noah Talerman <47070608+noahtalerman@users.noreply.github.com> Date: Fri, 20 Sep 2024 16:00:01 -0400 Subject: [PATCH 08/18] Remove placeholder text (#22274) --------- Co-authored-by: RachelElysia --- .../AppleOSTargetForm/AppleOSTargetForm.tsx | 14 -------------- .../WindowsTargetForm/WindowsTargetForm.tsx | 2 -- 2 files changed, 16 deletions(-) diff --git a/frontend/pages/ManageControlsPage/OSUpdates/components/AppleOSTargetForm/AppleOSTargetForm.tsx b/frontend/pages/ManageControlsPage/OSUpdates/components/AppleOSTargetForm/AppleOSTargetForm.tsx index d3c35e3f60..755b59d093 100644 --- a/frontend/pages/ManageControlsPage/OSUpdates/components/AppleOSTargetForm/AppleOSTargetForm.tsx +++ b/frontend/pages/ManageControlsPage/OSUpdates/components/AppleOSTargetForm/AppleOSTargetForm.tsx @@ -166,18 +166,6 @@ const AppleOSTargetForm = ({ setDeadline(val); }; - const getMinimumVersionPlaceholder = (platform: ApplePlatform) => { - switch (platform) { - case "darwin": - return "13.0.1"; - case "ios": - case "ipados": - return "17.5.1"; - default: - return ""; - } - }; - const getMinimumVersionTooltip = () => { return ( <> @@ -210,7 +198,6 @@ const AppleOSTargetForm = ({ label="Minimum version" tooltip={getMinimumVersionTooltip()} helpText="Version number only (e.g., “13.0.1” not “Ventura 13” or “13.0.1 (22A400)”)" - placeholder={getMinimumVersionPlaceholder(applePlatform)} value={minOsVersion} error={minOsVersionError} onChange={handleMinVersionChange} @@ -219,7 +206,6 @@ const AppleOSTargetForm = ({ label="Deadline" tooltip={getDeadlineTooltip(applePlatform)} helpText="YYYY-MM-DD format only (e.g., “2024-07-01”)." - placeholder="2024-07-01" value={deadline} error={deadlineError} onChange={handleDeadlineChange} diff --git a/frontend/pages/ManageControlsPage/OSUpdates/components/WindowsTargetForm/WindowsTargetForm.tsx b/frontend/pages/ManageControlsPage/OSUpdates/components/WindowsTargetForm/WindowsTargetForm.tsx index ec7007a29e..7addf342e3 100644 --- a/frontend/pages/ManageControlsPage/OSUpdates/components/WindowsTargetForm/WindowsTargetForm.tsx +++ b/frontend/pages/ManageControlsPage/OSUpdates/components/WindowsTargetForm/WindowsTargetForm.tsx @@ -158,7 +158,6 @@ const WindowsTargetForm = ({ label="Deadline" tooltip="Number of days the end user has before updates are installed and the host is forced to restart." helpText="Number of days from 0 to 30." - placeholder="5" value={deadlineDays} error={deadlineDaysError} onChange={handleDeadlineDaysChange} @@ -167,7 +166,6 @@ const WindowsTargetForm = ({ label="Grace period" tooltip="Number of days after the deadline the end user has before the host is forced to restart (only if end user was offline when deadline passed)." helpText="Number of days from 0 to 7." - placeholder="2" value={gracePeriodDays} error={gracePeriodDaysError} onChange={handleGracePeriodDays} From d7594d1f1d156bbe7d4046f2e3afba670dc66583 Mon Sep 17 00:00:00 2001 From: RachelElysia <71795832+RachelElysia@users.noreply.github.com> Date: Fri, 20 Sep 2024 13:19:43 -0700 Subject: [PATCH 09/18] Fleet UI: Disable install/uninstall actions if scripts are disabled (#22240) --- .../HostActionsDropdown/helpers.tsx | 59 +++++++------ .../HostDetailsPage/HostDetailsPage.tsx | 1 + .../details/cards/Software/HostSoftware.tsx | 4 + .../HostSoftwareTableConfig.tests.tsx | 83 +++++++++++++++++++ .../Software/HostSoftwareTableConfig.tsx | 49 +++++++---- 5 files changed, 156 insertions(+), 40 deletions(-) create mode 100644 frontend/pages/hosts/details/cards/Software/HostSoftwareTableConfig.tests.tsx diff --git a/frontend/pages/hosts/details/HostDetailsPage/HostActionsDropdown/helpers.tsx b/frontend/pages/hosts/details/HostDetailsPage/HostActionsDropdown/helpers.tsx index 3665687d03..5590846c9e 100644 --- a/frontend/pages/hosts/details/HostDetailsPage/HostActionsDropdown/helpers.tsx +++ b/frontend/pages/hosts/details/HostDetailsPage/HostActionsDropdown/helpers.tsx @@ -282,6 +282,36 @@ const removeUnavailableOptions = ( return options; }; +// Available tooltips for disabled options +export const getDropdownOptionTooltipContent = ( + value: string | number, + isHostOnline?: boolean +) => { + const tooltipAction: Record = { + runScript: "run scripts on", + wipe: "wipe", + lock: "lock", + unlock: "unlock", + installSoftware: "install software on", // Host software dropdown option + uninstallSoftware: "uninstall software on", // Host software dropdown option + }; + if (tooltipAction[value]) { + return ( + <> + To {tooltipAction[value]} this host, deploy the +
+ fleetd agent with --enable-scripts and +
+ refetch host vitals + + ); + } + if (!isHostOnline && value === "query") { + return <>You can't query an offline host.; + } + return undefined; +}; + const modifyOptions = ( options: IDropdownOption[], { @@ -291,34 +321,13 @@ const modifyOptions = ( hostPlatform, }: IHostActionConfigOptions ) => { - // Available tooltips for disabled options - const getDropdownOptionTooltipContent = (value: string | number) => { - const tooltipAction: Record = { - runScript: "run scripts on", - wipe: "wipe", - lock: "lock", - unlock: "unlock", - }; - if (tooltipAction[value]) { - return ( - <> - To {tooltipAction[value]} this host, deploy the -
- fleetd agent with --enable-scripts and -
- refetch host vitals - - ); - } - if (!isHostOnline && value === "query") { - return <>You can't query an offline host.; - } - }; - const disableOptions = (optionsToDisable: IDropdownOption[]) => { optionsToDisable.forEach((option) => { option.disabled = true; - option.tooltipContent = getDropdownOptionTooltipContent(option.value); + option.tooltipContent = getDropdownOptionTooltipContent( + option.value, + isHostOnline + ); }); }; diff --git a/frontend/pages/hosts/details/HostDetailsPage/HostDetailsPage.tsx b/frontend/pages/hosts/details/HostDetailsPage/HostDetailsPage.tsx index 5c627edb9a..0c56d7c6ca 100644 --- a/frontend/pages/hosts/details/HostDetailsPage/HostDetailsPage.tsx +++ b/frontend/pages/hosts/details/HostDetailsPage/HostDetailsPage.tsx @@ -946,6 +946,7 @@ const HostDetailsPage = ({ platform={host.platform} softwareUpdatedAt={host.software_updated_at} hostCanWriteSoftware={!!host.orbit_version || isIosOrIpadosHost} + hostScriptsEnabled={host.scripts_enabled || false} isSoftwareEnabled={featuresConfig?.enable_software_inventory} router={router} queryParams={parseHostSoftwareQueryParams(location.query)} diff --git a/frontend/pages/hosts/details/cards/Software/HostSoftware.tsx b/frontend/pages/hosts/details/cards/Software/HostSoftware.tsx index 818fbcd7d9..1853d0aeee 100644 --- a/frontend/pages/hosts/details/cards/Software/HostSoftware.tsx +++ b/frontend/pages/hosts/details/cards/Software/HostSoftware.tsx @@ -44,6 +44,7 @@ interface IHostSoftwareProps { hostTeamId: number; onShowSoftwareDetails?: (software: IHostSoftware) => void; isSoftwareEnabled?: boolean; + hostScriptsEnabled?: boolean; isMyDevicePage?: boolean; } @@ -87,6 +88,7 @@ const HostSoftware = ({ platform, softwareUpdatedAt, hostCanWriteSoftware, + hostScriptsEnabled, router, queryParams, pathname, @@ -249,6 +251,7 @@ const HostSoftware = ({ router, softwareIdActionPending, userHasSWWritePermission, + hostScriptsEnabled, onSelectAction, teamId: hostTeamId, hostCanWriteSoftware, @@ -258,6 +261,7 @@ const HostSoftware = ({ router, softwareIdActionPending, userHasSWWritePermission, + hostScriptsEnabled, onSelectAction, hostTeamId, hostCanWriteSoftware, diff --git a/frontend/pages/hosts/details/cards/Software/HostSoftwareTableConfig.tests.tsx b/frontend/pages/hosts/details/cards/Software/HostSoftwareTableConfig.tests.tsx new file mode 100644 index 0000000000..aa14172c86 --- /dev/null +++ b/frontend/pages/hosts/details/cards/Software/HostSoftwareTableConfig.tests.tsx @@ -0,0 +1,83 @@ +import { + generateActions, + DEFAULT_ACTION_OPTIONS, + generateActionsProps, +} from "./HostSoftwareTableConfig"; + +describe("generateActions", () => { + const defaultProps: generateActionsProps = { + userHasSWWritePermission: true, + hostScriptsEnabled: true, + hostCanWriteSoftware: true, + softwareIdActionPending: null, + softwareId: 1, + status: null, + software_package: null, + app_store_app: null, + }; + + it("returns default actions when user has write permission and scripts are enabled", () => { + const actions = generateActions(defaultProps); + expect(actions).toEqual(DEFAULT_ACTION_OPTIONS); + }); + + it("removes install and uninstall actions when user has no write permission", () => { + const props = { ...defaultProps, userHasSWWritePermission: false }; + const actions = generateActions(props); + expect(actions.find((a) => a.value === "install")).toBeUndefined(); + expect(actions.find((a) => a.value === "uninstall")).toBeUndefined(); + }); + + it("disables install and uninstall actions when host scripts are disabled", () => { + const props = { ...defaultProps, hostScriptsEnabled: false }; + const actions = generateActions(props); + expect(actions.find((a) => a.value === "install")?.disabled).toBe(true); + expect(actions.find((a) => a.value === "uninstall")?.disabled).toBe(true); + }); + + it("disables install and uninstall actions when locally pending (waiting for API response)", () => { + const props = { + ...defaultProps, + softwareIdActionPending: 1, + softwareId: 1, + }; + const actions = generateActions(props); + expect(actions.find((a) => a.value === "install")?.disabled).toBe(true); + expect(actions.find((a) => a.value === "uninstall")?.disabled).toBe(true); + }); + + it("disables install and uninstall actions when pending install status", () => { + const props: generateActionsProps = { + ...defaultProps, + status: "pending_install", + }; + const actions = generateActions(props); + expect(actions.find((a) => a.value === "install")?.disabled).toBe(true); + expect(actions.find((a) => a.value === "uninstall")?.disabled).toBe(true); + }); + + it("disables install and uninstall actions when pending uninstall status", () => { + const props: generateActionsProps = { + ...defaultProps, + status: "pending_uninstall", + }; + const actions = generateActions(props); + expect(actions.find((a) => a.value === "install")?.disabled).toBe(true); + expect(actions.find((a) => a.value === "uninstall")?.disabled).toBe(true); + }); + + it("removes uninstall action for VPP apps", () => { + const props: generateActionsProps = { + ...defaultProps, + app_store_app: { + app_store_id: "1", + self_service: false, + icon_url: "", + version: "", + last_install: { command_uuid: "", installed_at: "" }, + }, + }; + const actions = generateActions(props); + expect(actions.find((a) => a.value === "uninstall")).toBeUndefined(); + }); +}); diff --git a/frontend/pages/hosts/details/cards/Software/HostSoftwareTableConfig.tsx b/frontend/pages/hosts/details/cards/Software/HostSoftwareTableConfig.tsx index dd4aef833e..53256f50bf 100644 --- a/frontend/pages/hosts/details/cards/Software/HostSoftwareTableConfig.tsx +++ b/frontend/pages/hosts/details/cards/Software/HostSoftwareTableConfig.tsx @@ -29,8 +29,9 @@ import VersionCell from "pages/SoftwarePage/components/VersionCell"; import { getVulnerabilities } from "pages/SoftwarePage/SoftwareTitles/SoftwareTable/SoftwareTitlesTableConfig"; import InstallStatusCell from "./InstallStatusCell"; +import { getDropdownOptionTooltipContent } from "../../HostDetailsPage/HostActionsDropdown/helpers"; -const DEFAULT_ACTION_OPTIONS: IDropdownOption[] = [ +export const DEFAULT_ACTION_OPTIONS: IDropdownOption[] = [ { value: "showDetails", label: "Show details", disabled: false }, { value: "install", label: "Install", disabled: false }, { value: "uninstall", label: "Uninstall", disabled: false }, @@ -50,24 +51,25 @@ type IInstalledVersionsCellProps = CellProps< >; type IVulnerabilitiesCellProps = IInstalledVersionsCellProps; -const generateActions = ({ - userHasSWWritePermission, - // Commenting below in case there is a quick decision to use these conditions after all - // hostCanWriteSoftware, - // software_package, - softwareIdActionPending, - softwareId, - status, - app_store_app, -}: { +export interface generateActionsProps { userHasSWWritePermission: boolean; + hostScriptsEnabled: boolean; hostCanWriteSoftware: boolean; softwareIdActionPending: number | null; softwareId: number; status: SoftwareInstallStatus | null; software_package: IHostSoftwarePackage | null; app_store_app: IHostAppStoreApp | null; -}) => { +} + +export const generateActions = ({ + userHasSWWritePermission, + hostScriptsEnabled, + softwareIdActionPending, + softwareId, + status, + app_store_app, +}: generateActionsProps) => { // this gives us a clean slate of the default actions so we can modify // the options. const actions = cloneDeep(DEFAULT_ACTION_OPTIONS); @@ -88,15 +90,29 @@ const generateActions = ({ } if (!userHasSWWritePermission) { - actions.splice(indexInstallAction, 1); + // Reverse order to not change index of subsequent array element before removal actions.splice(indexUninstallAction, 1); + actions.splice(indexInstallAction, 1); } else { + // if host's scripts are disabled, disable install/uninstall with tooltip + if (!hostScriptsEnabled) { + actions[indexInstallAction].disabled = true; + actions[indexUninstallAction].disabled = true; + + actions[ + indexInstallAction + ].tooltipContent = getDropdownOptionTooltipContent("installSoftware"); + actions[ + indexUninstallAction + ].tooltipContent = getDropdownOptionTooltipContent("uninstallSoftware"); + } + // user has software write permission for host const pendingStatuses = ["pending_install", "pending_uninstall"]; + // if locally pending (waiting for API response) or pending install/uninstall, + // disable both install and uninstall if ( - // if locally pending (waiting for API response) or pending install/uninstall, disable both - // install and uninstall softwareId === softwareIdActionPending || pendingStatuses.includes(status || "") ) { @@ -114,6 +130,7 @@ const generateActions = ({ interface ISoftwareTableHeadersProps { userHasSWWritePermission: boolean; + hostScriptsEnabled?: boolean; hostCanWriteSoftware: boolean; softwareIdActionPending: number | null; router: InjectedRouter; @@ -125,6 +142,7 @@ interface ISoftwareTableHeadersProps { // more info here https://react-table.tanstack.com/docs/api/useTable#cell-properties export const generateSoftwareTableHeaders = ({ userHasSWWritePermission, + hostScriptsEnabled = false, hostCanWriteSoftware, softwareIdActionPending, router, @@ -217,6 +235,7 @@ export const generateSoftwareTableHeaders = ({ placeholder="Actions" options={generateActions({ userHasSWWritePermission, + hostScriptsEnabled, hostCanWriteSoftware, softwareIdActionPending, softwareId, From b26c592143587db3c6bf1364e9ef3d8c2e2faad9 Mon Sep 17 00:00:00 2001 From: Rachael Shaw Date: Sun, 22 Sep 2024 15:18:01 -0500 Subject: [PATCH 10/18] Handbook: Update drafting steps (#22286) - Update where to make reference doc PRs (use reference doc release branch) - Point toward story issue template re: what to link to in issues (since it's always evolving) --- handbook/product-design/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/handbook/product-design/README.md b/handbook/product-design/README.md index 3a269485f8..6034f6296f 100644 --- a/handbook/product-design/README.md +++ b/handbook/product-design/README.md @@ -36,9 +36,9 @@ At Fleet, like [GitLab](https://about.gitlab.com/handbook/product-development-fl - **Ready.** Use this page to communicate designs reviews and development. - **Scratchpad.** Use this page for work in progress and design that might be useful in the future. -- If the story requires API or YAML file changes, open a draft PR with the proposed design. +- If the story requires API or YAML file changes, open a pull request to the reference docs release branch (e.g. `docs-v4.58.0`) with the proposed design. Mark the PR ready for review as soon as it's ready for feedback from the [API design DRI](https://fleetdm.com/handbook/company/communications#directly-responsible-individuals-dris). -- Add links to the Figma file's cover page and draft PRs in the user story. +- Add links to the user story as specified in the [issue template](https://github.com/fleetdm/fleet/issues/new?template=story.md). - Draft changes to the Fleet product that solve the problem specified in the story. Constantly place yourself in the shoes of a user while drafting changes. Place these drafts in the appropriate Figma file in Fleet product project. From 2d90b7f35b511d652c9ea938ef99d96c084f3d66 Mon Sep 17 00:00:00 2001 From: Rachael Shaw Date: Sun, 22 Sep 2024 15:18:23 -0500 Subject: [PATCH 11/18] Update product-design.rituals.yml (#22285) Create the reference docs release branch as part of product design sprint kickoff (This will help make sure everyone's on the same page re: which branch to make API design PRs to) --- handbook/product-design/product-design.rituals.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/handbook/product-design/product-design.rituals.yml b/handbook/product-design/product-design.rituals.yml index d9225ce778..b32f5406fe 100644 --- a/handbook/product-design/product-design.rituals.yml +++ b/handbook/product-design/product-design.rituals.yml @@ -16,7 +16,7 @@ task: "Design sprint kickoff" # 2024-03-06 TODO: Link to responsibility or corresponding "how to" info e.g. https://fleetdm.com/handbook/company/product-groups#making-changes startedOn: "2024-03-07" frequency: "Triweekly" - description: "Add stories prioritized during Feature fest to Drafting board, assign stories to product designers, and align on priorities." + description: "Add stories prioritized during Feature fest to Drafting board, assign stories to product designers, create upcoming reference docs release branch, and align on priorities." moreInfoUrl: dri: "noahtalerman" - From 85a8cb9b6b1287507dca824fbc529268830adc3e Mon Sep 17 00:00:00 2001 From: Sam Pfluger <108141731+Sampfluger88@users.noreply.github.com> Date: Sun, 22 Sep 2024 15:23:51 -0500 Subject: [PATCH 12/18] Clarify empty space formatting (#22294) --- handbook/company/communications.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/handbook/company/communications.md b/handbook/company/communications.md index 271c2e3f19..c83524ee66 100644 --- a/handbook/company/communications.md +++ b/handbook/company/communications.md @@ -1359,10 +1359,10 @@ Each heading needs two lines of empty space separating it from the previous sect ``` ...previous content. - - + + ### New heading - + Related content... ``` From 6d9eb8d73efc526bf137467e1c3bbb97661386e7 Mon Sep 17 00:00:00 2001 From: Noah Talerman <47070608+noahtalerman@users.noreply.github.com> Date: Sun, 22 Sep 2024 23:01:27 -0400 Subject: [PATCH 13/18] Clean up Product Design responsibilities (#22282) Product Design doesn't have these responsibilities anymore - Bugs go straight to the release board - I think @spokanemac ranks features after the "Sprint-kickoff review" and is DRI for the release article - We use [experimental features](https://fleetdm.com/handbook/company/product-groups#experimental-features) instead of "beta" features --- handbook/product-design/README.md | 59 ------------------------------- 1 file changed, 59 deletions(-) diff --git a/handbook/product-design/README.md b/handbook/product-design/README.md index 6034f6296f..2044bde60c 100644 --- a/handbook/product-design/README.md +++ b/handbook/product-design/README.md @@ -97,28 +97,6 @@ What happens during expedited drafting? 5. UI changes [are approved](https://fleetdm.com/handbook/company/development-groups#drafting-process), and the UI changes are brought back into the sprint or are estimated. -### Correctly prioritize a bug - -Bugs are always prioritized. (Fleet takes quality and stability [very seriously](https://fleetdm.com/handbook/company/why-this-way#why-spend-so-much-energy-responding-to-every-potential-production-incident).) Bugs should be prioritized in the following order: -1. Quality: product does what it's supposed to (what is documented). -2. Common-sense user criticality: If no one can load any page, that's obviously important. -3. Age of bugs: Long-open bugs are open wounds bleeding quality out of the product. They must be closed quickly. -4. Customer criticality: How important it is to a customer use case. - - -If a bug is unreleased or [critical](https://fleetdm.com/handbook/engineering#critical-bugs), it is addressed in the current sprint. Otherwise, it may be prioritized and estimated for the next sprint. If a bug [requires drafting](https://fleetdm.com/handbook/engineering#in-product-drafting-as-needed) to determine the expected functionality, the bug should undergo [expedited drafting](#expedited-drafting). - -If a bug is not addressed within six weeks, it is [sent to the product team for triage](https://fleetdm.com/handbook/engineering#in-engineering). Each sprint, the Head of Product Design reviews these bugs. Bugs are categorized as follows: -- **Schedule**: the bug should be prioritized in the next sprint if there's engineering capacity for it. -- **De-prioritized**: the issue will be closed and the necessary subsequent steps will be initiated. This might include updating documentation and informing the community. - -The Head of Product Design meets with the Director of Product Development to discuss and finalize the outcomes for the churned bugs. - -After aligning with the Director of Product Development on the outcomes, The Head of Product Design will clean up churned bugs. Below are the steps for each category: -- **Schedule**: Remove the `:product` label, move the bug ticket to the 'Sprint backlog' column on the bug board, and assign it to the appropriate group's Engineering Manager so that it can be prioritized into the sprint backlog. -- **De-prioritized**: The Head of Product Design should close the issue and, as the DRI, ensure all follow-up actions are finalized. - - ### Write a user story Product Managers [write user stories](https://fleetdm.com/handbook/company/product-groups#writing-a-good-user-story) in the [drafting board](https://app.zenhub.com/workspaces/-product-backlog-coming-soon-6192dd66ea2562000faea25c/board). The drafting board is shared by every [product group](https://fleetdm.com/handbook/company/development-groups). @@ -133,26 +111,6 @@ If an issue's title or user story summary (_"as a…I want to…so that"_) does Engineering Managers estimate user stories. They are responsible for delivering planned work in the current sprint (0-3 weeks) while quickly getting user stories estimated for the next sprint (3-6 weeks). Only work that is slated to be released into the hands of users within ≤six weeks will be estimated. Estimation is run by each group's Engineering Manager and occurs on the [drafting board](https://app.zenhub.com/workspaces/-product-backlog-coming-soon-6192dd66ea2562000faea25c/board). -### Rank features before release - -These measures exist to keep all contributors (including other departments besides engineering and product) up to date with improvements and changes to the Fleet product. This helps folks plan and communicate with customers and users more effectively. - -After the kickoff of a product sprint, the demand and product teams decide which improvements are most important to highlight in this release, whether that's through social media "drumbeat" tweets, collaboration with partners, or emphasized [content blocks](https://about.gitlab.com/handbook/marketing/blog/release-posts/#3rd-to-10th) within the release blog post. - -When an improvement gets scheduled for release, the Head of Product sets its "echelon" to determine the emphasis the company will place on it. This leveling is based on the improvement's desirability and timeliness, and will affect demand effort for the feature. - -- **Echelon 1: A major product feature announcement.** The most important release types, these require a specific and custom demand package. Usually including an individual blog post, a demo video and potentially a press release or official product demand launch. There is a maximum of one _echelon 1_ product announcement per release sprint. -- **Echelon 2: A highlighted feature in the release notes.** This product feature will be highlighted at the top of the Sprint Release blog post. Depending on the feature specifics this will include: a 1-2 paragraph write-up of the feature, a demo video (if applicable) and a link to the docs. Ideally there would be no more than three _echelon 2_ features in a release post, otherwise the top features will be crowded. -- **Echelon 3: A notable feature to mention in the [changelog](https://github.com/fleetdm/fleet/blob/main/CHANGELOG.md)**. Most product improvements fit into this echelon. This includes 1-2 sentences in the changelog and [release blog post](https://fleetdm.com/releases). - - -### Create release issue - -Before each release, the Head of Product [creates a "Release" issue](https://github.com/fleetdm/confidential/issues/new/choose), which includes a list of all improvements included in the upcoming release. Each improvement links to the relevant bug or user story issue on GitHub so it is easy to read the related discussion and history. - -The product team is responsible for providing the demand team with the necessary information for writing the release blog post. Every three weeks after the sprint is kicked off, the product team meets with the relevant demand team members to go over the features for that sprint and recommend items to highlight as _echelon 2_ features and provide relevant context for other features to help demand decide which features to highlight. - - ### Consider a feature eligible to be flagged At Fleet, features are placed behind feature flags if the changes could affect Fleet's availability of existing functionalities. The following highlights should be considered when deciding if we should leverage feature flags: @@ -167,20 +125,6 @@ At Fleet, features are placed behind feature flags if the changes could affect F > Fleet's feature flag guidelines is borrowed from GitLab's ["When to use feature flags" section](https://about.gitlab.com/handbook/product-development-flow/feature-flag-lifecycle/#when-to-use-feature-flags) of their handbook. Check out [GitLab's "Feature flags only when needed" video](https://www.youtube.com/watch?v=DQaGqyolOd8) for an explanation of the costs of introducing feature flags. -### Consider promoting a feature as "beta" - -At Fleet, features are advertised as "beta" if there are concerns that the feature may not work as intended in certain Fleet -deployments. For example, these concerns could be related to the feature's performance in Fleet -deployments with hundreds of thousands of hosts. - -The following highlights should be considered when deciding if we promote a feature as "beta:" - -- The feature will not be advertised as "beta" permanently. This means that the Directly - Responsible Individual (DRI) who decides a feature is advertised as "beta" is also responsible for creating an issue that - explains why the feature is advertised as "beta" and tracking the feature's progress towards advertising the feature as "stable." -- The feature will be advertised as "beta" in the documentation on fleetdm.com/docs, release notes, release blog posts, and Twitter. - - ### View Fleet usage statistics In order to understand the usage of the Fleet product, we [collect statistics](https://fleetdm.com/docs/using-fleet/usage-statistics) from installations where this functionality is enabled. @@ -276,9 +220,6 @@ Please see [handbook/product#create-release-issue](https://fleetdm.com/handbook/ ##### Feature flags Please see [handbook/product#consider-a-feature-eligible-to-be-flagged](https://fleetdm.com/handbook/product#consider-a-feature-eligible-to-be-flagged) -##### Beta features -Please see [handbook/product#consider-promoting-a-feature-as-beta](https://fleetdm.com/handbook/product#consider-promoting-a-feature-as-beta) - ##### Feature fest Please see [handbook/product-groups#feature-fest](https://fleetdm.com/handbook/product-groups#feature-fest) From b5fcaa73dcf46f738ccea124188a4eb413f34d53 Mon Sep 17 00:00:00 2001 From: Noah Talerman <47070608+noahtalerman@users.noreply.github.com> Date: Sun, 22 Sep 2024 23:01:53 -0400 Subject: [PATCH 14/18] Update story template (#22280) - Reminder to use the reference docs branch instead of `main` (also no more draft PRs) --- .github/ISSUE_TEMPLATE/story.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/story.md b/.github/ISSUE_TEMPLATE/story.md index 052d25c7d6..bc76e169c1 100644 --- a/.github/ISSUE_TEMPLATE/story.md +++ b/.github/ISSUE_TEMPLATE/story.md @@ -32,15 +32,15 @@ What else should contributors [keep in mind](https://fleetdm.com/handbook/compan ## Changes ### Product -- [ ] Reference documentation changes: TODO - [ ] UI changes: TODO - [ ] CLI (fleetctl) usage changes: TODO -- [ ] YAML changes: TODO -- [ ] REST API changes: TODO +- [ ] YAML changes: TODO +- [ ] REST API changes: TODO - [ ] Fleet's agent (fleetd) changes: TODO - [ ] Activity changes: TODO -- [ ] Permissions changes: TODO -- [ ] Changes to paid features or tiers: TODO +- [ ] Permissions changes: TODO +- [ ] Changes to paid features or tiers: TODO +- [ ] Other reference documentation changes: TODO - [ ] Once shipped, requester has been notified ### Engineering From 66a9fb21111674e89bcb0e1a5f8d08613107c34a Mon Sep 17 00:00:00 2001 From: Sam Pfluger <108141731+Sampfluger88@users.noreply.github.com> Date: Mon, 23 Sep 2024 00:23:02 -0500 Subject: [PATCH 15/18] Update hiring steps (#22296) --- handbook/company/leadership.md | 50 ++++------------------------------ 1 file changed, 6 insertions(+), 44 deletions(-) diff --git a/handbook/company/leadership.md b/handbook/company/leadership.md index 05097bf552..d89b81639f 100644 --- a/handbook/company/leadership.md +++ b/handbook/company/leadership.md @@ -360,54 +360,16 @@ After receiving the interview packet, the Head of Digital Experience uses the fo 4. **Send offer:** 🐈‍⬛ CEO reviews and sends the offer to the candidate: - _Grant the candidate "edit" access_ to their "exit scenarios" spreadsheet. - _Send_ the email. +5. **Process the offer response** The Head of Digital Experience will process the offer response by either creating a new ["Teammate pre-onboarding" issue](https://github.com/fleetdm/confidential/issues/new?assignees=&labels=%23g-digital-experience&projects=&template=pre-onboarding.md&title=Pre-onboarding%3A+______________________) and following the steps if the offer is accepted or notifying the stakeholders that the offer was not accepted and we should continue the search. -#### Steps after an offer is accepted -Once the new team member replies and accepts their offer in writing, 🌐 Head of Digital Experience follows these steps: -1. **Verify, track, and reply:** Reply to the candidate: - - _Verify the candidate replied with their physical address… or else keep asking._ If they did not reply with their physical address, then we are not done. No offer is "accepted" until we've received a physical address. - - _Review and update the team database_ to be sure everything is accurate, **one last time**. Remember to read the column headers and precisely follow the instructions about how to format the data: - - The new team member's role in ["🧑‍🚀 Fleeties"](https://docs.google.com/spreadsheets/d/1OSLn-ZCbGSjPusHPiR5dwQhheH1K8-xqyZdsOe9y7qc/edit#gid=0) now includes: - - **Start date** _(The new fleetie's first day, YYYY-MM-DD)_ - - **Location** _(Derive this from the physical address)_ - - **GitHub username** _(Username of 2FA-enabled GitHub account)_ - - **@fleetdm.com email** _(Set this to whatever email you think this person should have)_ - - The new team member's row in ["🥧 Equity plan"](https://docs.google.com/spreadsheets/d/1_GJlqnWWIQBiZFOoyl9YbTr72bg5qdSSp4O3kuKm1Jc/edit#gid=0) now includes: - - **OTE** _("On-target earnings", i.e. anticipated total annual cash compensation)_ - - **Equity** _(Stock options)_ - - **"Notes"** _(Track base salary here, as well as a very short explanation of commission or bonus structure.)_ - - **Physical address** _(The full street address of the location where work will typically be performed.)_ - - **Personal email** _(Use the personal email they're replying from, e.g. `@gmail.com`)_ - - **"Offer accepted?"** _(Set this to `TRUE`)_ - - _[Create a "Hiring" issue](https://github.com/fleetdm/confidential/issues/new/choose)_ for the new team member. (This issue will keep track of the hiring tasks for the new team member.) - - _Send a reply_ welcoming the team member to Fleet and letting them know to expect a separate email with next steps for getting the team member's laptop, Yubikeys, and agreement going ASAP so they can start on time. For example: +#### After an offer is accepted - ``` - \o/ It's official! - - Be on the lookout for an email in a separate thread with next steps for quickly signing the paperwork and getting your company laptop and hardware 2FA keys (Yubikeys), which we recommend setting up ASAP. - - Thanks, and welcome to the team! - - Cheers, - Sam - ``` - -2. **Ask hiring manager to send rejections:** Post to the `hiring-xxxxx-yyyy` Slack channel to let folks know the offer was accepted, and at-mention the _hiring manager_ using the following template: - -``` -@HIRING_MANAGER, :astronaut: TEAM_MEMBER_NAME has accepted the offer :fleet: and this position is now filled :white_check_mark:. Please inform any other interviewees who are still in the running and let them know that we chose a different person. :thankyou-ty: -``` - -3. **Close Slack channel:** Then archive the channel. - - >_**Note:** Send rejection emails quickly, within 1 business day. It only gets harder if you wait._ -4. **Remove open position:** Ensure the hiring manager removes the newly-filled position from the fleetdm.com website by [making a pull request](https://fleetdm.com/handbook/company/communications#making-a-pull-request) to delete it from the [open-positions.yml](https://github.com/fleetdm/fleet/blob/main/handbook/company/open-positions.yml) file. -5. **Create 30-60-90 day plan:** 🧑‍🚀 Hiring manager creates a 30-60-90 day plan outlining key role objectives. The plan is reviewed weekly in 1:1 meetings during the first three months of employment, ensuring continuous support and alignment with company goals. To create the 30-60-90 day plan, hiring manager will: - - Create a copy of the [30-60-90 day plan template](https://docs.google.com/document/d/1EztmPBuMFXbVoy4ZToXcxasNO38ooOh8Gh5hPXFvJhI/copy) and rename the copied file using the naming convention `[start date] - 30-60-90 day plan - [teammate full name]` and move it to the [30-60-90 day plan folder](https://drive.google.com/drive/u/0/folders/1QWiAbgBFuuofT_3M8oIoBsbEBmubQAj7) in Google Drive. - - Follow the prompts in the template to fill out the 30-60-90 day plan for the new teammate before they start. +The Head of Digital Experience will then follow the steps in the ["Teammate pre-onboarding"](https://github.com/fleetdm/confidential/issues/new?assignees=&labels=%23g-digital-experience&projects=&template=pre-onboarding.md&title=Pre-onboarding%3A+______________________) issue, which includes reaching out to the new team member within 1 business day from a separate email thread to get additional information as needed, prepare their agreement, add them to the company's payroll system, and get their new laptop and hardware security keys ordered so that everything is ready for them to start on their first day. -Now what happens? 🌐 Head of Digital Experience will then follow the steps in the "Hiring" issue, which includes reaching out to the new team member within 1 business day from a separate email thread to get additional information as needed, prepare their agreement, add them to the company's payroll system, and get their new laptop and hardware security keys ordered so that everything is ready for them to start on their first day. +## Create a 30-60-90 day plan + +The hiring manager creates a 30-60-90 day plan outlining key role objectives to be reviewed in 1:1 meetings during the first three months of employment. To create the 30-60-90 day plan, use the prompts in the "Vision" section of the new teammates [1:1 meeting doc (TEMPLATE)](https://docs.google.com/document/d/1IkGQJ4PPU0MyW35Xo8BuvoUPKpStsmcw_nHWt71W2yE/edit#heading=h.uzxntzlyyaou) to ensure continuous support and alignment with company goals. ## CEO shadow program From 2ce2b806015b86cb7555aba1e618e9ea98cb2044 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Mon, 23 Sep 2024 06:56:37 -0300 Subject: [PATCH 16/18] Update versions of fleetd components in Fleet's TUF [automated] (#22289) Automated change from [GitHub action](https://github.com/fleetdm/fleet/actions/workflows/fleetd-tuf.yml). Co-authored-by: lucasmrod --- orbit/TUF.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/orbit/TUF.md b/orbit/TUF.md index 727e5f34b6..64cd1cb9f2 100644 --- a/orbit/TUF.md +++ b/orbit/TUF.md @@ -18,8 +18,8 @@ Following are the currently deployed versions of fleetd components on the `stabl | Component\OS | macOS | Linux | Windows | Linux (arm64) | |--------------|--------|--------|---------|---------------| -| orbit | 1.32.0 | 1.32.0 | 1.32.0 | 1.32.0 | -| desktop | 1.32.0 | 1.32.0 | 1.32.0 | 1.32.0 | +| orbit | 1.33.0 | 1.33.0 | 1.33.0 | 1.33.0 | +| desktop | 1.33.0 | 1.33.0 | 1.33.0 | 1.33.0 | | osqueryd | 5.13.1 | 5.13.1 | 5.13.1 | 5.13.1 | | nudge | - | - | - | - | | swiftDialog | - | - | - | - | From cbf563fb9b0a34353639784640d63fb4e27bba2d Mon Sep 17 00:00:00 2001 From: Ian Littman Date: Mon, 23 Sep 2024 04:58:13 -0500 Subject: [PATCH 17/18] Use sync.Map for stubbed key-value store to avoid data races in GitOps test (#22292) This override only happens in testing, so this isn't release-blocking, but this is the quickest way to clean up a test that will otherwise be flaky due to data races, at the cost of performance (vs. setting up a more complex solution with mutexes). # Checklist for submitter If some of the following don't apply, delete the relevant line. - [x] Added/updated tests - [x] Manual QA for all new/changed functionality (via manually running test using the KV store) --- cmd/fleetctl/gitops_test.go | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/cmd/fleetctl/gitops_test.go b/cmd/fleetctl/gitops_test.go index b934961559..1a054482f6 100644 --- a/cmd/fleetctl/gitops_test.go +++ b/cmd/fleetctl/gitops_test.go @@ -10,6 +10,7 @@ import ( "path/filepath" "slices" "strings" + "sync" "testing" "time" @@ -2919,24 +2920,23 @@ software: } type memKeyValueStore struct { - m map[string]string + m sync.Map } func newMemKeyValueStore() *memKeyValueStore { - return &memKeyValueStore{ - m: make(map[string]string), - } + return &memKeyValueStore{} } func (m *memKeyValueStore) Set(ctx context.Context, key string, value string, expireTime time.Duration) error { - m.m[key] = value + m.m.Store(key, value) return nil } func (m *memKeyValueStore) Get(ctx context.Context, key string) (*string, error) { - v, ok := m.m[key] + v, ok := m.m.Load(key) if !ok { return nil, nil } - return &v, nil + vAsString := v.(string) + return &vAsString, nil } From e861ae7319a5ee3d065d215ce923925f7bd09137 Mon Sep 17 00:00:00 2001 From: Lucas Manuel Rodriguez Date: Mon, 23 Sep 2024 06:59:04 -0300 Subject: [PATCH 18/18] Release fleetd 1.33.0 (#22283) --- .github/workflows/generate-desktop-targets.yml | 7 +------ .github/workflows/goreleaser-orbit.yaml | 5 ----- orbit/CHANGELOG.md | 6 ++++++ orbit/changes/20320-uninstall-after-failed-post-install | 1 - orbit/changes/update-go1.23.1 | 2 -- 5 files changed, 7 insertions(+), 14 deletions(-) delete mode 100644 orbit/changes/20320-uninstall-after-failed-post-install delete mode 100644 orbit/changes/update-go1.23.1 diff --git a/.github/workflows/generate-desktop-targets.yml b/.github/workflows/generate-desktop-targets.yml index d7324c9bf0..93e5a30fce 100644 --- a/.github/workflows/generate-desktop-targets.yml +++ b/.github/workflows/generate-desktop-targets.yml @@ -13,18 +13,13 @@ on: - '.github/workflows/generate-desktop-targets.yml' workflow_dispatch: -# This allows a subsequently queued workflow run to interrupt previous runs -concurrency: - group: ${{ github.workflow }}-${{ github.head_ref || github.run_id}} - cancel-in-progress: true - defaults: run: # fail-fast using bash -eo pipefail. See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#exit-codes-and-error-action-preference shell: bash env: - FLEET_DESKTOP_VERSION: 1.32.0 + FLEET_DESKTOP_VERSION: 1.33.0 permissions: contents: read diff --git a/.github/workflows/goreleaser-orbit.yaml b/.github/workflows/goreleaser-orbit.yaml index 54e16752b3..e196901ead 100644 --- a/.github/workflows/goreleaser-orbit.yaml +++ b/.github/workflows/goreleaser-orbit.yaml @@ -5,11 +5,6 @@ on: tags: - "orbit-*" # For testing, use a pre-release tag like 'orbit-1.24.0-1' -# This allows a subsequently queued workflow run to interrupt previous runs -concurrency: - group: ${{ github.workflow }}-${{ github.head_ref || github.run_id}} - cancel-in-progress: true - defaults: run: # fail-fast using bash -eo pipefail. See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#exit-codes-and-error-action-preference diff --git a/orbit/CHANGELOG.md b/orbit/CHANGELOG.md index 1d11365182..fa9efe36ef 100644 --- a/orbit/CHANGELOG.md +++ b/orbit/CHANGELOG.md @@ -1,3 +1,9 @@ +## Orbit 1.33.0 (Sep 20, 2024) + +* Added support to run the configured uninstall script when installer's post-install script fails. + +* Updated Go to go1.23.1 + ## Orbit 1.32.0 (Aug 29, 2024) * Bumped macadmins extension to use SOFA feed sofafeed.macadmins.io diff --git a/orbit/changes/20320-uninstall-after-failed-post-install b/orbit/changes/20320-uninstall-after-failed-post-install deleted file mode 100644 index 5dd4d96972..0000000000 --- a/orbit/changes/20320-uninstall-after-failed-post-install +++ /dev/null @@ -1 +0,0 @@ -During software install flow, if installer's post-install script fails, run the uninstall script to attempt to roll back. diff --git a/orbit/changes/update-go1.23.1 b/orbit/changes/update-go1.23.1 deleted file mode 100644 index d9a689e4e9..0000000000 --- a/orbit/changes/update-go1.23.1 +++ /dev/null @@ -1,2 +0,0 @@ -* Updated Go to go1.23.1 -