Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-05-23 00:49:03 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 143

Update Ask-questions-about-your-devices.md (#1642)

Browse source 
* Update Ask-questions-about-your-devices.md

Added screenshots.

* Update Ask-questions-about-your-devices.md

changed to img tags for better control of sizing.

* Update docs/1-Using-Fleet/tutorials/Ask-questions-about-your-devices.md

* Update docs/1-Using-Fleet/tutorials/Ask-questions-about-your-devices.md

* Update docs/1-Using-Fleet/tutorials/Ask-questions-about-your-devices.md

* Update docs/1-Using-Fleet/tutorials/Ask-questions-about-your-devices.md
This commit is contained in:
Mike Thomas 2021-08-12 06:31:34 +09:00 committed by GitHub
parent 790d169e14
commit dca5aac6e1
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 9 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
docs/1-Using-Fleet/tutorials/Ask-questions-about-your-devices.md
View file

@ -50,6 +50,8 @@ fleetctl apply -f standard-query-library.yml
Success! Now, refresh the **Queries** page in the Fleet, and the "Queries" table will be populated with Fleet's standard query library.
<img src="https://user-images.githubusercontent.com/78363703/128487220-9cb4ffce-abb0-43be-aa7b-e2cade7c7220.png" alt="Fleet query page" width="600"/>
### Asking questions by running queries
Let's ask the following questions about the simulated Linux hosts connected to your Fleet:
@ -62,13 +64,20 @@ These questions can easily be answered with Fleet, by running the following quer
On the **Queries** page, enter the query name, "Detect Linux hosts with high severity vulnerable versions of OpenSSL," in the search bar, and select it from the table to navigate to the **Edit or run query** page.
<img src="https://user-images.githubusercontent.com/78363703/128487468-7961c509-d0ba-48be-a0e8-54bfb4c371d5.png" alt="Fleet query search" width="600"/>
On the **Edit or run query** page, open the "Select targets" dropdown, and press the purple "+" icon to the right of "All hosts." This means we'll be attempting to run this query against all hosts connected to your Fleet.
<img src="https://user-images.githubusercontent.com/78363703/128487638-7d779d89-f3fa-42dd-903f-070dc9347a9b.png" alt="Fleet select targets" width="600"/>
Now hit the "Run" button to run the query, and you're done. The query may take several seconds to complete because Fleet has to wait for the osquery agents to respond with results.
> Fleet's query response time is inherently variable because of osquery's heartbeat response time. This helps prevent performance issues on hosts.
When the query has finished, you should see 4 columns and several rows in the "Results" table:
<img src="https://user-images.githubusercontent.com/78363703/128488112-56c762da-5029-42d1-8f5d-e74f22aa39cd.png" alt="Fleet query results" width="600"/>
- The "hostname" column answers: which device responded for a given row of results?
- The "name" column answers: what is the name of the installed software item? The query we just ran asked for all software items that contain "openssl" in their name, so each row in this column should contain "openssl."
@ -104,4 +113,3 @@ Now you have the results from your query, you can compare the results from the "
| 1.0.1-1.0.1h | [CVE-2014-3511](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3511) |
Do any of the simulated, Linux hosts have a high severity vulnerable version of OpenSSL installed? If the answer is yes, don't worry. The devices are running in a simulated Docker environment and do not provide any additional vectors for performing malicious actions against your device.