Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-05-20 23:48:52 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 139
fleet/docs/Using Fleet/segment-hosts.md
Noah Talerman 08c5867260
Update segment hosts (teams) docs (#19589) 
- Add Fleet's best practice
2024-06-11 17:50:33 -04:00

37 lines
2.3 KiB
Markdown
Raw Blame History

# Segment hosts
_Available in Fleet Premium_
In Fleet, you can group hosts together in a "team" in Fleet. This way, you can apply queries, policies, scripts, and more that are tailored to the hosts' risk/compliance needs.
A host can only belong to one team.
You can give users access to only some teams.
You can manage teams by selecting your avatar in the top navigation and then **Settings > Teams**.
## Best practice
Fleet's best practice teams:
- `Workstations`: End user's production work computers (macOS, Windows, and Linux)
- `Workstations (canary)`: IT team's test work computers. Sometimes, for demos or testing, includes end user's work computers. Used for [dogfooding](https://en.wikipedia.org/wiki/Eating_your_own_dog_food) a new workflow or feature that may or may not be rolled out to the "Workstations" team.
- `Servers`: Security team's production servers.
- `Servers (canary)`: Security team's test servers.
- `Compliance exclusions`: All contributors' test work computers or virtual machines (VMs). Used for validating workflows for Fleet customers or reproducing bugs in the Fleet product.
- `iPhones`: All contributors' test iOS hosts. Used to dogfood Fleet's iOS features (coming soon).
If some of your hosts don't fall under the above teams, what are these hosts for? The answer determines the the hosts' risk/compliance needs, and thus their security basline, and thus their "team" in Fleet. If the hosts' have a different compliance needs, and thus different security baseline, then it's time to create a new team in Fleet.
## Adding hosts to a team
You can add hosts to a new team in Fleet by either enrolling the host with a team's enroll secret or by transferring the host via the Fleet UI after the host has been enrolled to Fleet.
## Advanced
You can automatically enroll hosts to a specific team in Fleet by installing a fleetd with a team enroll secret. Learn more [here](./enroll-hosts.md#enroll-host-to-a-specific-team).
Changing the host's enroll secret after enrollment will not cause the host to be transferred to a different team.
<meta name="pageOrderInSection" value="1000">
<meta name="description" value="Learn how to group hosts in Fleet to apply specific queries, policies, and agent options using teams.">
<meta name="navSection" value="The basics">
Reference in a new issue View git blame Copy permalink