Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-05-23 00:49:03 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 106

Update 00-Learn-how-to-use-Fleet.md (#2217)

Browse source 
Updated to reflect latest UI and query library content changes in Fleet 4.3.0.
This commit is contained in:
Mike Thomas 2021-09-27 20:25:23 +09:00 committed by GitHub
parent df89added9
commit 429875d4e5
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
docs/01-Using-Fleet/00-Learn-how-to-use-Fleet.md
View file

@ -28,19 +28,14 @@ So, let's start by asking the following questions about Fleet's 7 simulated Linu
2. Do these devices have a high severity vulnerable version of OpenSSL installed?
These questions can easily be answered, by running the following query: "Detect Linux hosts with high severity vulnerable versions of OpenSSL."
These questions can easily be answered, by running this simple query: "Get OpenSSL versions."
On the **Queries** page, enter the query name, "Detect Linux hosts with high severity vulnerable versions of OpenSSL," in the search box, select the query from the results table, and navigate to the **Edit or run query** page.
On the **Queries** page, enter the query name, "Get OpenSSL versions," in the search box, and select it to enter the **query console**. Then from the **query console**, hit "Run query", and from the "Select targets" page, select "All hosts," to run this query against all hosts enrolled in your Fleet. Then hit the "Run" button to execute the query.
<img src="https://user-images.githubusercontent.com/78363703/128487468-7961c509-d0ba-48be-a0e8-54bfb4c371d5.png" alt="Fleet query search"/>
<img src="https://user-images.githubusercontent.com/78363703/134630888-da9e7244-7d5d-4724-87ef-1bb41737308f.png" alt="Fleet select targets"/>
On the **Edit or run query** page, open the "Select targets" dropdown, and press the purple "+" icon to the right of "All hosts," to run this query against all hosts enrolled in your Fleet. Then hit the "Run" button to execute the query.
<img src="https://user-images.githubusercontent.com/78363703/128487638-7d779d89-f3fa-42dd-903f-070dc9347a9b.png" alt="Fleet select targets"/>
The query may take several seconds to complete, because Fleet has to wait for the osquery agents to respond with results.
> Fleet's query response time is inherently variable because of osquery's heartbeat response time. This helps prevent performance issues on hosts.
@ -48,7 +43,7 @@ The query may take several seconds to complete, because Fleet has to wait for th
When the query has finished, you should see 4 columns and several rows in the "Results" table:
<img src="https://user-images.githubusercontent.com/78363703/128488112-56c762da-5029-42d1-8f5d-e74f22aa39cd.png" alt="Fleet query results"/>
<img src="https://user-images.githubusercontent.com/78363703/134631391-cb62fbd4-81ab-4ea6-8e38-807cccc9c6cc.png" alt="Fleet query results"/>
- The "hostname" column answers: which device responded for a given row of results?