* Adding CIS 1.5 / 1.6 / 2.2.1 to constants.ts
* Adding CIS 1.5 / 1.6 / 2.2.1 to standard query library
* Adding 2.3.1
* Adding 2.3.1 to query library and 2.4.2 to both
* Adding 2.4.10
* Tagging 2.5.1.1
* Tagging 2.5.2.1
* Tagging 2.5.2.2
* Adding 2.5.6
* Adding 2.6.1.4
* Adding 3.6
* Tagging 5.1.2
* Tagging 5.2.2
* Tagging 5.8
The query we have for the screen lock is comprehensive and covers more than one CIS requirement
* Adding 6.1.3 and 6.1.4
- Update "Learn how to use Fleet" docs page to walk a Fleet Sandbox user through adding their device and running a query
- Add a "Get operating system information" query to standard query library for the "Learn how to use Fleet" walkthrough
- Update Fleet's top level README to point users who want to try Fleet to Fleet Sandbox
- Update "How to install osquery..." (macOS, Windows, Linux) blog posts to point users who want to try Fleet to Fleet Sandbox
- Move `fleetctl preview` questions to "Contributing" FAQ section in docs. This is because `fleetctl preview` is now a testing tool for Fleet contributors
- Update "Deploying" docs to point users who want to try Fleet to Fleet Sandbox
* Adding password policy query to the default library
Adding a built-in policy to check the minimum password length on macOS using the recently released password_policy table.
* Addding osquery minimum version + adding query to constants.ts
* Adding policy query to check firewall on Mac
This commit closes https://github.com/fleetdm/confidential/issues/1410 once merged.
* Adding policies
This commit closes https://github.com/fleetdm/confidential/issues/1412. Right now there is no way to check the screenlock so instead we check if a profile for screenlock is there.
https://github.com/fleetdm/confidential/issues/1410 also closed by this.
* Update constants.ts
Fixed space
* Resolution text fix for new policies
Fixed copy based on @zhumo's comments!
* Screen lock policy
Adding a policy to check if the inactivity timeout is enabled on Windows and set to 1800 seconds or less (30min)
* Update constants.ts
Fix identation
* Update Windows screen lock policy
Changed wording from "administrator" to "IT administrator" in both files.
* App up to date or not installed
Adding "App installed and up to date OR not present" example
* Removed empty last line
* Update standard-query-library.yml
Added right descriptions and resolution for the Docker example, and added a new query to detect unencrypted SSH keys.
* Update docs/01-Using-Fleet/standard-query-library/standard-query-library.yml
Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
* Update docs/01-Using-Fleet/standard-query-library/standard-query-library.yml
Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
* Update docs/01-Using-Fleet/standard-query-library/standard-query-library.yml
Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
* Update standard-query-library.yml
Updated as per @noahtalerman's review
* Update docs/01-Using-Fleet/standard-query-library/standard-query-library.yml
Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
* Renaming files and a lot of find and replace
* pageRank meta tags, sorting by page rank
* reranking
* removing numbers
* revert changing links that are locked to a commit
* update metatag name, uncomment github contributers
* Update basic-documentation.page.js
* revert link change
* more explicit errors, change pageOrderInSection numbers, updated sort
* Update build-static-content.js
* update comment
* update handbook link
* handbook entry
* update sort
* update changelog doc links to use fleetdm.com
* move standard query library back to old location, update links/references to location
* revert unintentional link changes
* Update handbook/community.md
Co-authored-by: Mike Thomas <78363703+mike-j-thomas@users.noreply.github.com>
Co-authored-by: Mike Thomas <78363703+mike-j-thomas@users.noreply.github.com>
Co-authored-by: Mike McNeil <mikermcneil@users.noreply.github.com>
* Improve documentation for how we do vulnerability processing
* Add mermaid diagrams
* Mermaid, next try
* Change style of once an hour node
* Improve collection diagram
* Improve readability of diagrams
* Improve flow charts
* Update broken link
* docs: add new manage-packs.png
* feat: add new team-agent-options.png
* feat: add new global-agent-options.png
* docs: update screenshots and docs context
* chore: delete stale screenshots
* feat: update screenshot to recommended preset size
* chore: remove editor new line
* feat: update new line
On website + constants.ts. Does not support all Linux encryption scenarios, we will add more to this query as we discover the patterns people need.
Closes#4208
* Adding antivirus queries
Adding 3 antivirus queries in the form of an information query as well as in the form of policy queries
* Update standard-query-library.yml
Adding newline at end of file
* fix: update headings in configuration files docs
* fix: update heading in testing docs
* fix: update heading in seeding data docs
* fix: update headings in committing changes docs
* fix: update heading from External Contributors to External contributors
* fix: update headings in API for contributors docs.
* fix: update heading in API versioning docs.
* Add platform filters for MDM/Munki/Chrome queries
This should help quiet warnings that users/customers have reported when
these queries try to run on platforms without the macadmins extension
tables.
For #4123
* Improve documentation
* add changes file
* revert doc formatting
* Update tests
* Yet another test fix
Co-authored-by: Tomas Touceda <chiiph@gmail.com>
* Add remaining policy templates
* Removeempty resolution field
* Update naming for standard policies
* Add enabled word to SIP policy
* Use full SIP
* Also change in constants
* Update windows disk encryption
* Add changes file
* Tweak windows disk encryption policy
* Address lint errors
* Make requested changes
* Reflect changes in policy tempaltes
* Make sure that standard policies and policy templates are the same
* Edit automatic login disabled description
* Also edit in constants
* doc: add introduction to fleetctl docs
* Update docs/01-Using-Fleet/02-fleetctl-CLI.md
Co-authored-by: Mike Thomas <78363703+mike-j-thomas@users.noreply.github.com>
* handle query tags in build-static-content script, update query readme
* show tags in query library, add ability to filter by tags
* fix lint errors
* update mobile styles
* fix CTA link
* update mobile layout
* remove tag line-height and font size
* Update build-static-content.js
* Style update
* remove margin from selected tag, adjust OS logo placement
* requested changes from code review
Co-authored-by: Mike Thomas <mthomas@fleetdm.com>
* feat: add FAQ for what happens to logs
FAQ for what happens to log if either the Fleet's server or the log destination are offline
* fix: add the default buffered_log_max
This helps the period stay under the default request timeouts for most
load balancers.
Some default timeouts:
* AWS ALB - 60s
* Nginx - 60s
* GCP LB - 30s
* doc: add FAQ for orbit running alongside osquery
* fix: update FAQ to be more clear.
Co-authored-by: Mike Thomas <78363703+mike-j-thomas@users.noreply.github.com>
* fix: typo on osquery
Co-authored-by: Mike Thomas <78363703+mike-j-thomas@users.noreply.github.com>
Co-authored-by: Mike Thomas <78363703+mike-j-thomas@users.noreply.github.com>
* Updating Upgrade docs
* making changes to database section of upgrade docs
* Update docs/02-Deploying/06-Upgrading-Fleet.md
Co-authored-by: Mike Thomas <78363703+mike-j-thomas@users.noreply.github.com>
* Update docs/02-Deploying/06-Upgrading-Fleet.md
Co-authored-by: Mike Thomas <78363703+mike-j-thomas@users.noreply.github.com>
* Update docs/02-Deploying/06-Upgrading-Fleet.md
Co-authored-by: Mike Thomas <78363703+mike-j-thomas@users.noreply.github.com>
* Corrected anchor tags, ready to merge
Co-authored-by: Katheryn Satterlee <ksatter@Kathys-MacBook-Pro.local>
Co-authored-by: Mike Thomas <78363703+mike-j-thomas@users.noreply.github.com>
* feat: add query to find running docker containers
* docs: 📝 add query to get Mac and Linux machines with unencrypted primary disks
* feat: add query to find running docker containers
* docs: 📝 add query to get Mac and Linux machines with unencrypted primary disks
* chore: remove queries from develop
* docs: add query to get running docker containers
* docs: add query to get machines with unencrypted primary disks
* fix: remove trailing ---
* fix: remove trailing ---
* chore: remove trailing ---
* docs: add query to get applications hogging memory
* fix: resolve merge conflicts
* chore: update PR
* chore: update PR
* chore: merge previous query
* feat: add query to find servers with root logins within the day
* fix: remove unneeded period
* docs: add instructions for submiting multiple queries
* fix: remove duplicate entry
* fix: remove period from get running docker containers query description
* docs: add instructions for submiting multiple queries
* fix: resolve merge conflicts
* feat: add description for query to fetch failing batteries
* fix: resolve duplicate descriptions
* fix: remove typo in deplying docs
* fix: reword description
* fix: add suggestions to improve description
* feat: add description to query to fet windows machines with unencrypted hard disks
* feat: update description for count apple applications installed query
* chore: add dominuskelvin as maintainer
* docs: 📝 Add query to get apps opened within the last 24 hours
* feat: add link to signing installers
* fix: typo with link to the getting started page
* feat: docs on how to sign an osquery installer
* feat: make signing installer a subsection of osquery installer
* feat: make description for signing installer shorter and compact
* fix: change package to installers
* fix: reword note section
* feat: add query to find running docker containers
* docs: 📝 add query to get Mac and Linux machines with unencrypted primary disks
* feat: add query to find running docker containers
* docs: 📝 add query to get Mac and Linux machines with unencrypted primary disks
* chore: remove queries from develop
* docs: add query to get running docker containers
* docs: add query to get machines with unencrypted primary disks
* fix: remove trailing ---
* fix: remove trailing ---
* chore: remove trailing ---
* docs: add query to get applications hogging memory
* fix: resolve merge conflicts
* chore: update PR
* chore: update PR
* chore: merge previous query
* feat: add query to find servers with root logins within the day
* fix: remove unneeded period
* docs: add instructions for submiting multiple queries
* fix: remove duplicate entry
* fix: remove period from get running docker containers query description
* docs: add instructions for submiting multiple queries
* fix: resolve merge conflicts
* feat: add description for query to fetch failing batteries
* fix: resolve duplicate descriptions
* fix: remove typo in deplying docs
* fix: reword description
* fix: add suggestions to improve description
* feat: add description to query to fet windows machines with unencrypted hard disks
* feat: update description for count apple applications installed query
* docs: 📝 Add query to get apps opened within the last 24 hours
* feat: add query to find apps not in Applications directory
* feat: add query to find subscription based applications that have not been opened for the last 30 days
- Add "Automations" documentation page to document the available automations in Fleet
- Update the "Vulnerability processing" documentation
- Update the "REST API" documentation
* Add webhook to app config
* Add redis failing policies set and webhook
* Add basic webhook test
* Store hostname in redis
* Global policy deletion to remove policy ID from set and config
* Also process new passing policies
* Fix unit test
* Sort hosts
* Add more tests
* Add ListSets to the failing policies interface
* Fix server URL and garbage collect on the triggering side
* Do not use Redis SCAN
* Fix Redis operation order
* Add API changes to doc
* Add comments
* Add more tests
* Fix tests
* Add tests for config update upon deletion of policies
* Run make dump-test-schema
* Ignore policies that failed to run
* Add proper unit tests to trigger logic
* Fix comments
* WIP
* Add tests to service_osquerty_test.go
* Use SSCAN for listing hosts instead of SMEMBERS
* Add failing policies to docs/01-Using-Fleet/configuration-files/README.md
* Remove skip
* Fix PR comments
