* /sandbox/queries becomes /queries, etc
* Publish fleetdm.com/queries
Expose query library routes the rest of the way, move remediation data sanitization to the point of entry, and update query library to match (pairing w/ @gillespi314)
* Fix accidental commit of sailsrc (again)
- Move host `additional` into a separate table.
- Join when that data is needed.
- API change: `/api/v1/fleet/hosts` now returns only the requested
`additional` columns, unless `*` is provided as the sole argument.
Background:
A customer reported that MySQL binlogs grew huge and replication lag
went way up when data was stored in the `additional` column. In this
deployment MySQL was running with ROW replication. This would cause the
entire `additional` data to be copied on each update of the host checkin
time. While switching to STATEMENT or MIXED replication would likely
mitigate the issue, this was not an option in their environment.
- Add question that addresses upgrading from Kolide Fleet to FleetDM Fleet
- Edit "Automatically add hosts to packs" question and move portion about `targets` field to `fleetctl` docs
Adds the following queries to the Standard query library:
- Get authorized keys for Local Accounts
- Get authorized keys for Domain Joined Accounts
- Get current users with active shell/console on the system
- Get Disk encryption status
- Detect Unencrypted SSH Keys for Local Accounts
- Detect Unencrypted SSH Keys for Domain Joined Accounts
- Line parsed values from system and user cron/tab
- Detect Dynamic Linker Hijacking (MITRE. T1574.006)
- Get etc hosts entries
- Get Network Interfaces
- Get Local User Accounts
- Detect active user accounts on servers
- Detect Nmap Scanner
- Get docker images on a system
- Get docker running containers on a system
- Get docker running process on a system
- Create `/configuration-files/` directory inside of `/1-Using-Fleet` directory. This directory contains example Fleet configuration files in yaml format. Replaces the `/examples` directory.
- Create `/standard-query-library/` directory inside of `/1-Using-Fleet` directory. This directory contains the new `standard-query-library.yml`. This file will act as the source of community contributions to the standard query library.
- Edit references to `/examples` directory
This allows the host details to be refetched on the next check in,
rather than waiting for the normal interval to go by. Associated UI
changes are in-progress.
- Migration and service methods for requesting refetch.
- Expose refetch over API.
- Change detail query logic to respect this flag.
- Add section on contributing to Fleet documentation. This section covers the use of relative links and best practices for anchor links
- Add 3 questions and their respective answers to the FAQ section in the `1-Using-Fleet` docs
- Add new `2-Orbit-osquery/` directory to the top-level `docs/` directory.
- Rename `2-Deployment/` -> `3-Deployment/` to accommodate new Orbit directory.
- Rename `3-Contribution/` -> `4-Contribution/` to accommodate new Orbit directory.
- Add FAQ section to Orbit documentation.
This PR concludes the Complete API documentation project #43
Add documentation for the following endpoints:
- api/v1/status/live_query
- api/v1/status/result_store
- api/v1/sso/callback
This PR includes various fixes to anchor links used in the documentation.
There are certain characters GitHub doesn't support for the use of anchor links in markdown files. The general rule I've found is to only use a-z or A-Z characters in anchor links. All other characters should be removed.
For example, consider the section title How do I connect to the Mailhog simulated server?. The valid GitHub anchor link for this section is #how-do-i-connect-to-the-mailhog-simulated-server. Notice no ?.
Closes#494
The api/v1/fleet/queries/run_by_names endpoint was incorrectly documented as discussed in #409. This PR includes the fix.
- Add the query parameter to the queries/run_by_names endpoint and edit the example requests to include this parameter.
This PR includes two documentation fixes.
1. Remove the support property from the osquery queries spec in the fleetctl docs. The support property is not a feature of osquery or Fleet.
2. Edit the api/v1/fleet/queries/run_by_names with accurate examples. This endpoint sends query targets (hosts and labels) by name (hostname and label name). Contrast this with the api/v1/fleet/queries/run which sends query targets by id (host id and label id)
Resolves#409
This PR is part of the Complete documentation for Fleet API project #43.
The endpoint included in these changes:
- POST /api/v1/fleet/reset_password
- GET /api/v1/fleet/sessions/{id}
- DELETE /api/v1/fleet/sessions/{id}
- POST /api/v1/fleet/queries/delete
- GET /api/v1/fleet/email/change/{token}
Add documentation on the websocket endpoints in the Fleet API. These endpoints allow users to retrieve live query results.
Endpoints added include:
- `api/v1/fleet/results`
- `api/v1/fleet/results/websockets`
- Fix api/v1/fleet/queries/run endpoint. Prior the fix, the endpoint was incorrectly documented as api/v1/fleet/spec/queries/run
- Fix api/v1/fleet/queries/run_by_names endpoint. Prior the fix, the endpoint was incorrectly documented as api/v1/fleet/queries/run
The endpoint included in these changes:
- /api/v1/kolide/carves GET
- /api/v1/kolide/carves/{id} GET
- /api/v1/kolide/users/{id} PATCH
- /api/v1/kolide/users/{id}/enable POST
- /api/v1/kolide/users/{id}/admin POST
- /api/v1/kolide/users/{id}/require_password_reset POST
- /api/v1/kolide/users/{id}/sessions GET
- /api/v1/kolide/users/{id}/sessions DELETE
- Add query parameter to the /api/v1/fleet/hosts endpoint and edit the example request and response.
- Add query parameter to the /api/v1/fleet/labels/{id}/hosts endpoint
These changes support the ability to perform a search on the Hosts table by hostname, machine_serial, and ipv4.
This PR is part of the Complete documentation for Fleet API project #43.
The endpoint included in these changes:
- `POST api/v1/fleet/targets`
Additional changes:
- Now order_key and order_direction are included in the parameters table for endpoints that support them. Fixes#326
- Change endpoints to `api/v1/fleet` naming
This PR is part of the Complete documentation for Fleet API project #43.
The endpoints included in these changes:
- /labels POST
- /labels/{id} PATCH
- /labels/{id} GET
- /labels GET
- /labels/{id}/hosts GET
- /labels/{name} DELETE
- /labels/id/{id} DELETE
- /spec/labels POST
- /spec/labels GET
- /spec/labels/{name} GET
- Support both /api/v1/fleet and /api/v1/kolide routes in server.
- Add logging for use of deprecated routes.
- Rename routes in frontend JS.
- Rename routes and add notes in documentation.
Reformat the anchor links for specific endpoints by moving these links to their respective sections.
The endpoints included in these changes:
- /api/v1/kolide/packs POST
- /api/v1/kolide/packs/{id} PATCH "modify_pack"
- /api/v1/kolide/packs/{id} GET "get_pack"
- /api/v1/kolide/packs GET "list_packs"
- /api/v1/kolide/packs/{name} DELETE "delete_pack"
- /api/v1/kolide/packs/id/{id} DELETE "delete_pack_by_id"
- /api/v1/kolide/packs/{id}/scheduled GET "get_scheduled_queries_in_pack"
- /api/v1/kolide/schedule POST "schedule_query"
- /api/v1/kolide/schedule/{id} GET "get_scheduled_query"
- /api/v1/kolide/schedule/{id} PATCH "modify_scheduled_query"
- /api/v1/kolide/schedule/{id} DELETE "delete_scheduled_query"
- /api/v1/kolide/spec/packs POST "apply_pack_specs"
- /api/v1/kolide/spec/packs GET "get_pack_specs"
- /api/v1/kolide/spec/packs/{name} GET "get_pack_spec"
The endpoints included in these changes:
- /api/v1/kolide/queries/{id} GET
- /api/v1/kolide/queries/{id} PATCH
- /api/v1/kolide/queries/{name} DELETE
- /api/v1/kolide/queries GET
- /api/v1/kolide/queries POST
- /api/v1/kolide/queries/id/{id} DELETE
- /api/v1/kolide/spec/queries POST
- /api/v1/kolide/spec/queries GET
- /api/v1/kolide/spec/queries/{name} GET
- /api/v1/kolide/queries/run POST
- /api/v1/kolide/queries/run_by_names POST
The endpoints included in these changes:
- /api/v1/kolide/host_summary GET
- /api/v1/kolide/hosts/{id} GET
- /api/v1/kolide/hosts/identifier/{identifier} GET
- /api/v1/kolide/hosts/{id} DELETE
- /api/v1/kolide/spec/osquery_options POST
- /api/v1/kolide/spec/osquery_options GET
This PR is part of the Complete documentation for Fleet API project #43.
The endpoints included in these changes:
- /api/v1/kolide/config/certificate GET
- /api/v1/kolide/config GET
- /api/v1/kolide/config PATCH
- /api/v1/kolide/spec/enroll_secret POST
- /api/v1/kolide/spec/enroll_secret GET
- /api/v1/kolide/invites POST
- /api/v1/kolide/invites GET
- /api/v1/kolide/invites/{id} DELETE
- /api/v1/kolide/invites/{token} GET
- Quick attempt to alleviate potential confusion for how the osquery configuration overrides option works
- Leave in the commented explanation in the sample yaml file
- Split the array of objects to separate objects for each pattern in ignorePatterns. Rename the key in each object to "pattern." The documentation for the example config file is poor.
- Add hello@fleetdm.com and /server/datastore/mysql/migrations/ to ignorePatterns
- Add 999 to aliveStatucCodes (Seems to be a LinkedIn edge case)
- Fix all broken markdown links
