- Update "Learn how to use Fleet" docs page to walk a Fleet Sandbox user through adding their device and running a query
- Add a "Get operating system information" query to standard query library for the "Learn how to use Fleet" walkthrough
- Update Fleet's top level README to point users who want to try Fleet to Fleet Sandbox
- Update "How to install osquery..." (macOS, Windows, Linux) blog posts to point users who want to try Fleet to Fleet Sandbox
- Move `fleetctl preview` questions to "Contributing" FAQ section in docs. This is because `fleetctl preview` is now a testing tool for Fleet contributors
- Update "Deploying" docs to point users who want to try Fleet to Fleet Sandbox
* Adding password policy query to the default library
Adding a built-in policy to check the minimum password length on macOS using the recently released password_policy table.
* Addding osquery minimum version + adding query to constants.ts
* Adding policy query to check firewall on Mac
This commit closes https://github.com/fleetdm/confidential/issues/1410 once merged.
* Adding policies
This commit closes https://github.com/fleetdm/confidential/issues/1412. Right now there is no way to check the screenlock so instead we check if a profile for screenlock is there.
https://github.com/fleetdm/confidential/issues/1410 also closed by this.
* Update constants.ts
Fixed space
* Resolution text fix for new policies
Fixed copy based on @zhumo's comments!
* Screen lock policy
Adding a policy to check if the inactivity timeout is enabled on Windows and set to 1800 seconds or less (30min)
* Update constants.ts
Fix identation
* Update Windows screen lock policy
Changed wording from "administrator" to "IT administrator" in both files.
* App up to date or not installed
Adding "App installed and up to date OR not present" example
* Removed empty last line
* Update standard-query-library.yml
Added right descriptions and resolution for the Docker example, and added a new query to detect unencrypted SSH keys.
* Update docs/01-Using-Fleet/standard-query-library/standard-query-library.yml
Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
* Update docs/01-Using-Fleet/standard-query-library/standard-query-library.yml
Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
* Update docs/01-Using-Fleet/standard-query-library/standard-query-library.yml
Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
* Update standard-query-library.yml
Updated as per @noahtalerman's review
* Update docs/01-Using-Fleet/standard-query-library/standard-query-library.yml
Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
* Renaming files and a lot of find and replace
* pageRank meta tags, sorting by page rank
* reranking
* removing numbers
* revert changing links that are locked to a commit
* update metatag name, uncomment github contributers
* Update basic-documentation.page.js
* revert link change
* more explicit errors, change pageOrderInSection numbers, updated sort
* Update build-static-content.js
* update comment
* update handbook link
* handbook entry
* update sort
* update changelog doc links to use fleetdm.com
* move standard query library back to old location, update links/references to location
* revert unintentional link changes
* Update handbook/community.md
Co-authored-by: Mike Thomas <78363703+mike-j-thomas@users.noreply.github.com>
Co-authored-by: Mike Thomas <78363703+mike-j-thomas@users.noreply.github.com>
Co-authored-by: Mike McNeil <mikermcneil@users.noreply.github.com>
On website + constants.ts. Does not support all Linux encryption scenarios, we will add more to this query as we discover the patterns people need.
Closes#4208
* Adding antivirus queries
Adding 3 antivirus queries in the form of an information query as well as in the form of policy queries
* Update standard-query-library.yml
Adding newline at end of file
* Add remaining policy templates
* Removeempty resolution field
* Update naming for standard policies
* Add enabled word to SIP policy
* Use full SIP
* Also change in constants
* Update windows disk encryption
* Add changes file
* Tweak windows disk encryption policy
* Address lint errors
* Make requested changes
* Reflect changes in policy tempaltes
* Make sure that standard policies and policy templates are the same
* Edit automatic login disabled description
* Also edit in constants
* handle query tags in build-static-content script, update query readme
* show tags in query library, add ability to filter by tags
* fix lint errors
* update mobile styles
* fix CTA link
* update mobile layout
* remove tag line-height and font size
* Update build-static-content.js
* Style update
* remove margin from selected tag, adjust OS logo placement
* requested changes from code review
Co-authored-by: Mike Thomas <mthomas@fleetdm.com>
* feat: add query to find running docker containers
* docs: 📝 add query to get Mac and Linux machines with unencrypted primary disks
* feat: add query to find running docker containers
* docs: 📝 add query to get Mac and Linux machines with unencrypted primary disks
* chore: remove queries from develop
* docs: add query to get running docker containers
* docs: add query to get machines with unencrypted primary disks
* fix: remove trailing ---
* fix: remove trailing ---
* chore: remove trailing ---
* docs: add query to get applications hogging memory
* fix: resolve merge conflicts
* chore: update PR
* chore: update PR
* chore: merge previous query
* feat: add query to find servers with root logins within the day
* fix: remove unneeded period
* docs: add instructions for submiting multiple queries
* fix: remove duplicate entry
* fix: remove period from get running docker containers query description
* docs: add instructions for submiting multiple queries
* fix: resolve merge conflicts
* feat: add description for query to fetch failing batteries
* fix: resolve duplicate descriptions
* fix: remove typo in deplying docs
* fix: reword description
* fix: add suggestions to improve description
* feat: add description to query to fet windows machines with unencrypted hard disks
* feat: update description for count apple applications installed query
* docs: 📝 Add query to get apps opened within the last 24 hours
* feat: add query to find apps not in Applications directory
* feat: add query to find subscription based applications that have not been opened for the last 30 days
Queries:
- Get applications hogging memory
- Get Mac and Linux machines with unencrypted primary disks
- Get servers with root login in the last 24 hours
