Fleet - Open source device management, built on osquery.

Overview

Fleet logo, landscape, dark text, transparent background

Website   News   Report a bug

Run Tests   Go Report Card   Twitter Follow

Fleet is the most widely used open source osquery manager. Deploying osquery with Fleet enables programmable live queries, streaming logs, and effective management of osquery across 100,000+ servers, containers, and laptops. It's especially useful for talking to multiple devices at the same time.

Try Fleet

With Node.js and Docker installed:

# Install the Fleet command-line tool
sudo npm install -g fleetctl
# Run a local demo of the Fleet server
sudo fleetctl preview

Windows users can omit sudo.

The Fleet UI is now available at http://localhost:1337.

Now what?

Check out the Ask questions about your devices tutorial to learn where to see your devices in Fleet, how to add Fleet's standard query library, and how to ask questions about your devices by running queries.

Team

Fleet is independently backed and actively maintained with the help of many amazing contributors.

🎉 Announcing the transition of Fleet to a new independent entity 🎉

Please check out the blog post to understand what is happening with Fleet and our commitment to improving the product. To upgrade from Fleet ≤3.2.0, just grab the latest release from this repository (it'll work out of the box).

Documentation

Documentation for Fleet can be found here.

Community

Chat

Please join us in the #fleet channel on osquery Slack.

Contributing

Contributions are welcome, whether you answer questions on Slack/GitHub/StackOverflow/Twitter, improve the documentation or website, write a tutorial, give a talk, start a local osquery meetup, troubleshoot reported issues, or submit a patch. The Fleet code of conduct is on GitHub.

Banner featuring a futuristic cloud city with the Fleet logo

Issues
  • Global policies: Add ability to configure automations for policies

    Global policies: Add ability to configure automations for policies

    Goal

    As a user, I want to specify a webhook URL where alerts about policies can be sent so that I'm able to easily create a ticket that includes what host is failing which policy.

    Figma

    Add ability to configure alerts for policies: https://www.figma.com/file/hdALBDsrti77QuDNSzLdkx/?node-id=3124%3A81417

    Tasks

    1

    • [ ] Update webhook_settings in app config to allow for the following json:
    {
      "webhook_settings": {
        "failing_policies_webhook": {
          "enable_failing_policies_webhook": true,
          "destination_url": "http://some/url",
          "policy_ids": [1, 2, 3]
        },
        "interval": "1h"
      }
    }
    

    webhook_status.interval will also impact this webhook.

    This webhook, when set, will make Fleet check on policies that are global, not team specific. More on how this will be done below.

    This data must also be available when GETting app config.

    Webhook Payload

    {
        "timestamp": "2021-12-02T16:55:23Z",
        "policy": {
            "id": 1,
            "name": "Gatekeeper enabled",
            "query": "SELECT 1 FROM gatekeeper WHERE assessments_enabled = 1;",
            "description": "Checks if gatekeeper is enabled on macOS devices",
            "author_id": 42,
            "author_name": "John",
            "author_email": "[email protected]",
            "resolution": "Resolution steps",
            "passing_host_count": 2000,
            "failing_host_count": 300
        },
        "hosts": [
            {
                "id": 11,
                "hostname": "laptop-1",
                "url": "https://fleet.example.com/hosts/11"
            },
            {
                "id": 12,
                "hostname": "laptop-2",
                "url": "https://fleet.example.com/hosts/12"
            }
        ]
    }
    

    (timestamp is the webhook request send time.)

    2

    • [ ] For triggering the webhooks, this will happen in two separate steps: collection and trigger.
    1. Collection: The failing policies webhook will be triggered in two scenarios: when a host fails a policy and it's the first time it executes that policy, and when a host fails a policy that it had previously passed. For this, when a host fails a policy, we should check the state of the policy for that host and add to a redis set called policy_failure_{policy id} this host id (SADD). This will only happen for policies that are configured for webhooks, so potentially some caching on the checks will be needed.
    2. Trigger: A fleet instance will hold the webhook lock (this is already implemented for the host status webhook, this would extend that functionality). Looping through all the policies that have webhooks configured, It'll get the host ids from the policy failure sets using SMEMBERS, trigger the webhook calls, and then remove the host ids from the sets with SREM. This means that if there's a host added to the set while this logic is happening, it'll be added to the set and will be picked up the next time

    There shouldn't be a race between a case where a host fails and then it passes, given that policies are updated at 1hr intervals by default, and it's not usually lower than that.

    customer request :backend :release 
    opened by noahtalerman 40
  • Add Jira integration and create Jira tickets for software vulnerabilities

    Add Jira integration and create Jira tickets for software vulnerabilities

    Goal

    As a Fleet user, I want to use Fleet in my vulnerability ticketing workflow so that I don't have to manually create tickets for new vulnerabilities (CVEs) or configure the webhook to create them for me.

    NOTE: We will only support Jira Cloud in this first iteration using the v2 API. We are choosing to integrate with the v2 API and not the v3 API because it is more likely that older hosted versions of Jira Server will support v2 API. In the future, we may upgrade to using the v3 API if we need one of the new features.

    Related

    • Epic: #4523
    • Frontend (blocked): #2936
    • Jira Cloud Setup (done) https://fleetdm.atlassian.net/: #4579

    Figma

    Integrations for vulnerability automations: https://www.figma.com/file/hdALBDsrti77QuDNSzLdkx/%F0%9F%9A%A7-Fleet-EE-(dev-ready%2C-scratchpad)?node-id=3905%3A218712

    Jira ticket template

    Summary (what Jira call's a name or title):

    <CVE identifier> detected on <Number of affected hosts> hosts
    

    Description:

    See vulnerability (CVE) details in National Vulnerability Database (NVD) here: <Link to CVE details in NVD>
    
    Affected hosts:
    <Hostname1>: <Link to Host details page>
    <Hostname2>: <Link to Host details page>
    <Hostname3>: <Link to Host details page>
    <Hostname4>: <Link to Host details page>
    ...
    <Hostname50>: Link to Host details page>
    
    View the affected software and more affected hosts:
    1. Go to the **Software** page in Fleet: <Link to Software page in Fleet>
    2. Above the list of software, in the **Search software** box, enter <CVE identifier>.
    3. Hover over the affected software and select **View all hosts**.
    

    --

    This issue was created automatically by your Fleet to Jira integration.

    
    ## Tasks
    
    ### 1
    - [x] Add support for a new `integrations` object in the `app_config_json` table. 
    - Use the following structure:
    
    ```json
    {
        "integrations": {
            "jira": [
                {
                    "url": "https://example.jira.com",
                    "username": "adminUser",
                    "password": "abc123",
                    "project_key": "PROJECT",
                    "enable_software_vulnerabilities": false
                }
            ]
        }
    }
    

    2

    • [x] When a new software vulnerability automation is triggered, determine if either a Jira integration or webhook is enabled.
    • Both configuration objects are stored in the app_config_json table using the following structure:
    {
        "integrations": {
            "jira": [
                {
                    "url": "https://example.jira.com",
                    "username": "adminUser",
                    "password": "abc123",
                    "project_key": "PROJECT",
                    "enable_software_vulnerabilities": false
                }
            ]
        }
        "webhook_settings": {
            "vulnerabilities_webhook": {
                "enable_vulnerabilities_webhook":true,
                "destination_url": "https://server.com",
                "host_batch_size": 1000
              }
        },
    }
    
    • If webhook_settings.vulnerabilities_webhook.enable_vulnerabilities_webhook: true, send the notification through the existing webhook flow.
    • If integrations.jira[<index>].enable_software_vulnerabilities: true, create a new ticket in the select Jira integration.
    • Enforce that both webhook and Jira cannot both be enabled. We will only support one automation path at a time.
    • Enforce that multiple Jira configurations can be added to the integrations.jira array, but only one can be set enable_software_vulnerabilities: true.

    3

    • [x] Establish authenticated connection to Jira Server API using basic authentication.
    • Use basic auth to authenticate with Jira Server API using user provided username and password.
    • For the first iteration, the assumption is that basic auth is meaningfully faster to implement. In a future iteration, we will implement the more secure OAuth 2.0 method.

    4

    • [ ] ~~Retrieve project id from Jira Cloud API using project key.~~ Not required to create a ticket, project key is sufficient.
    • Reference Get Project API docs.
    • This assumes that both the project key and project id are needed to create the issue. If a project key alone will work, we can skip this step.
    • This id should be cached if needed, we don't want to make this request after every vulnerability.

    5

    • [x] Create a Jira ticket using the Jira Cloud API.
    • Reference Jira API Create Issue Docs for information about creating new issues.
    • Retry up to five times.
    • If issue create fails after five retries, fail silently for this first iteration. In future iterations, we will track the failure and notify the user.

    6

    • [x] Ensure newly added Jira configurations are valid.
    • When a user adds a new Jira integration and associated credentials, we only want to save after we confirm the credentials work.
    • Pick a simple Jira endpoint that we can hit as a "test" connection.
    • On success, return 200 status code and save the new Jira integration.
    • On failure, pass the status code and error message back to the Fleet UI via the PATCH /api/v1/fleet/config response and do not save the failing integration.

    Architectural notes

    Since we need to support retries and we want to support fleet restarting half way through, the vulnerability processing side of things should feed into a SQL table (could be redis, but it would be good to support storage) that reflects the status of each of the tickets created. That way, we have 2 separate parts: vulnerability processing, and jira ticket creation. One being slow doesn't affect the other.

    These parts can use separate locks even, so that two instances are taking care of this in parallel.

    The data stored should reflect the status of the ticket created, how many retries have been done, etc. We'll use all of this data to filter pending Jira tickets to be created.

    We'll also use this table to understand what has happened in the system over time. We should cleanup old rows though, as it might not be useful to store that we created a ticket successfully a month ago.

    While I'll leave the structure of the table to the developer that works on this, among the data that comes to mind would be useful to have I've got:

    • created and updated at timestamps
    • retries
    • status
    • cve it refers to
    • error message received (could be null)

    More things could be added if they are available and might be useful to store as well.

    :architect :backend :blocker !integrations 
    opened by lukeheath 39
  • Add support for downloading a list of hosts in CSV format

    Add support for downloading a list of hosts in CSV format

    NOTE: This issue was broken out of the following issue: #2998.

    • Prior to separating these issues, the combined estimation from the backend engineering team was 5.

    Goal

    As an IT administrator, I want to be able to download a list of hosts in CSV format.

    1

    • [ ] Create new endpoint to generate a CSV containing all hosts with a specific software version installed.
    • GET /api/v1/fleet/hosts/report.
    • Generated filename should follow this naming pattern: Hosts YYYY-MM-DD
    • Update API docs.

    Parameters

    | Name | Type | In | Description | | ----------------- | ------ | ----- | -------------------------------------| | software_id | integer | body | Required. The software's id. |

    Example

    • GET /api/v1/fleet/hosts/report?software_id=408&format=csv
    Default response

    Status: 200

    CSV as the body of the response, see https://stackoverflow.com/questions/68162651/go-how-to-response-csv-file as an example.

    3 :backend :engineering :api dev 
    opened by noahtalerman 34
  • Fleet's osquery installers: support deploying osquery with the `.app` bundle

    Fleet's osquery installers: support deploying osquery with the `.app` bundle

    This issue includes a required improvement for the 1.0.0 release of Fleet's osquery installers (aka orbit). These installers are currently in beta.

    To utilize some osquery features on macOS the latest version of osquery, deploying osquery with the .app bundle is required.

    Goal

    With Fleet's osquery installers, we are currently packaging osquery 5.1.0. With osquery 5.0.1 and above the format of the package was changed to a full macOS app so that osquery can access the EndpointSecurity events that the kernel exposes.

    How?

    • [ ] Mimic the package format for Orbit to follow a similar structure as the osquery one for 5.0.1
    #agent :architect 8 :backend !desktop 
    opened by noahtalerman 32
  • Query Experience Cleanup Tasks

    Query Experience Cleanup Tasks

    Tasks completed:

    This is the 4th PR for #1497, and second to last before pushing to main. The checklist will be done on the final PR.

    opened by martavis 31
  • Vulnerabilities: Add ability to configure and send vulnerability webhook automations

    Vulnerabilities: Add ability to configure and send vulnerability webhook automations

    Goal

    As a vulnerability analyst, I want to be able to tell Fleet to reach out when a new vulnerability (CVE) is detected on my devices. This way, I can automate the process of sending a message to device owners or creating a ticket to track the vulnerability.

    Why only new vulnerabilities?

    I only want to be notified when Fleet detects a CVE, on my devices, that was published within the last 2 days.

    I don't want Fleet to reach out for every CVE detected because I already have a list of old CVEs that affect my devices. If I received a message for every CVE detected, I may start to ignore these messages or turn off this ability.

    Figma

    Software page, search by CVE, vuln automations: https://www.figma.com/file/hdALBDsrti77QuDNSzLdkx/?node-id=3531%3A87643

    Frontend (Blocking): #3762

    Tasks

    1

    • [x] Update webhook_settings in app config to allow for the following json:
    • webhook_status.interval will NOT impact this webhook. This will happen as vulnerabilities are being detected, so it'll follow that interval.
    • This data must also be available when GETting app config.
    {
      "webhook_settings": {
        "vulnerabilities_webhook": {
          "enable_vulnerabilities_webhook": true,
          "destination_url": "http://some/url",
          "host_batch_size": 1000
        }
      }
    }
    

    2

    • [ ] Trigger webhook request
    • If Fleet detects vulnerabilities (CVE) that were published within the last 2 days, Fleet will send one request for each CVE.
      • This time corresponds to the date the CVE was published by the National Vulnerability Database (NVD).
      • This time is not the date the CVE first appeared in Fleet.
      • A CVE’s publish date is currently not available in the Fleet API. Ex. NVD publish date: Screen Shot 2022-01-24 at 10 27 33 AM
        • In the above example CVE, a webhook request is only sent if the current time is within two days of 12-10-2021.
    • timestamp is the webhook request send time.

    Webhook Payload

    {
        "timestamp": "0000-00-00T00:00:00Z",
        "vulnerability": {
            "cve": "CVE-2014-9471",
            "details_link": "https://nvd.nist.gov/vuln/detail/CVE-2014-9471",
            "hosts_affected": [
                {
                    "id": 1,
                    "hostname": "macbook-1",
                    "url": "https://fleet.example.com/hosts/1"
                },
                {
                    "id": 2,
                    "hostname": "macbook-2",
                    "url": "https://fleet.example.com/hosts/2"
                }
            ]
        }
    }
    
    customer request 8 :backend :blocker customer-dabu 
    opened by noahtalerman 30
  • Deprecate the use of `/global` in API routes

    Deprecate the use of `/global` in API routes

    Users of the Fleet API do not need both global and teams language in the API routes to distinguish between global entities (policies and schedule) and team level entities in Fleet.

    Goal

    Deprecate the use of /global in API routes.

    Related

    • Blocking: #4419

    How?

    • [x] Add a new GET /api/v1/fleet/schedule API route.
      • The existing GET /api/v1/fleet/global/schedule will be supported until the next major release of Fleet.
    • [x] Add a new GET /api/v1/fleet/policies API route.
      • The existing GET /api/v1/fleet/global/policies will be supported until the next major release of Fleet.
    • [x] Add a new POST /api/v1/fleet/schedule API route.
      • The existing POST /api/v1/fleet/global/schedule will be supported until the next major release of Fleet.
    • [x] Add a new POST /api/v1/fleet/policies API route.
      • The existing POST /api/v1/fleet/global/policies will be supported until the next major release of Fleet.
    • [x] Add a new PATCH /api/v1/fleet/schedule/{id} API route.
      • The existing PATCH /api/v1/fleet/global/schedule/{id} will be supported until the next major release of Fleet.
    • [x] Add a new DELETE /api/v1/fleet/schedule/{id} API route.
      • The existing DELETE /api/v1/fleet/global/schedule/{id} will be supported until the next major release of Fleet.
    • [x] Add a new GET /api/v1/fleet/policies/{id} API route.
      • The existing GET /api/v1/fleet/global/policies/{id} will be supported until the next major release of Fleet.
    • [x] Add a new POST /api/v1/fleet/policies/delete.
      • The existing POST /api/v1/fleet/global/policies/delete will be supported until the next major release of Fleet.

    EDIT(mna): Additional endpoint that was not mentioned but exists with the /global section, will also migrate it:

    • [x] Add a new PATCH /api/v1/fleet/policies/{id}.
      • The existing PATCH /api/v1/fleet/global/policies/{id} will be supported until the next major release of Fleet.

    EDIT (mna): The following changes are also necessary due to conflicts with the new routes described above (i.e. when old routes already exist at the path of the desired new route):

    • [x] Move POST /api/_version_/fleet/schedule to POST /api/_version_/fleet/packs/schedule (or should that be /packs/scheduled, as we have an existing GET /packs/{id:[0-9]+}/scheduled?)
      • The existing POST /api/v1/fleet/schedule will be supported on v1 until the next major release of Fleet.
    • [x] Move PATCH /api/_version_/fleet/schedule/{id} to PATCH /api/_version_/fleet/packs/schedule/{id} (or should that be /packs/scheduled?)
      • The existing PATCH /api/v1/fleet/schedule/{id} will be supported on v1 until the next major release of Fleet.
    • [x] Move DELETE /api/_version_/fleet/schedule/{id} to DELETE /api/_version_/fleet/packs/schedule/{id} (or should that be /packs/scheduled?)
      • The existing DELETE /api/v1/fleet/schedule/{id} will be supported on v1 until the next major release of Fleet.
    not backwards compatible 3 :backend :blocked :blocker :engineering 
    opened by noahtalerman 28
  • Expose probability of exploit (EPSS score) via the `GET /software` response

    Expose probability of exploit (EPSS score) via the `GET /software` response

    Goal

    As a Fleet user, I want to know the exploitability (EPSS score) for vulnerable software installed on my devices so that I can prioritize updating/patching the software that is most vulnerable to attack across my fleet.

    Figma

    Add probability of exploit (EPSS score) for vulnerable software: https://www.figma.com/file/hdALBDsrti77QuDNSzLdkx/?node-id=6454%3A262007

    Related

    • "Improve the usability of the vulnerability management product" epic: https://github.com/fleetdm/fleet/issues/4928
    • Frontend (blocked): #5380
    • Backend: #5585

    Tasks

    1

    • [ ] Add a new epss_probability property to the GET /software response.
    • epss_probability is only available to paid users. This means that the value will always be set to null for Fleet Free users.
    • Add a new epss_probability field to order_key. This allows the user to sort software by epss_probability.
      • Since each software item may have multiple vulnerabilities each with their own epss_probability, for each software item, we'll use the vulnerability with the highest epss_probability, to sort software items by probability of exploit.
    {
      ...
      "software": [
        {
          ...
          "vulnerabilities": [
            {
              ...
              "vulnerabilities": [
                {
                  "cve": "CVE-2015-20107",
                  "details_link": "https://nvd.nist.gov/vuln/detail/CVE-2015-20107",
                  "epss_probability": 0.9,
                }
              ],
              "hosts_count": 4
            },
            {
              "cve": "CVE-2021-3572",
              "details_link": "https://nvd.nist.gov/vuln/detail/CVE-2021-3572",
              "epss_probability": 0.3,
            }
          ],
          "hosts_count": 8
        }
      ]
    }
    

    2

    • [ ] Add a new epss_probability property to get the software array returned by GET /hosts/{id} and GET /hosts/identifier/{identifier} endpoints.
    8 :backend :blocked :blocker !vuln #interface 
    opened by noahtalerman 27
  • Add ability to update an existing policy's platforms

    Add ability to update an existing policy's platforms

    The changes that added the ability to specify platforms for a new policy are included in the following PR: #3181

    Goal

    Add ability to update an existing policy's platforms so that a user who discovers that their policy is compatible with, and running on, multiple platforms, can update their policy so that it only runs on the one desired platform.

    Ex. The following “Is Filevault enabled on macOS devices?” policy's query is compatible with macOS and Linux. I want to update this policy so that it is only checked on macOS devices: SELECT 1 FROM disk_encryption WHERE user_uuid IS NOT '' AND filevault_status = 'on' LIMIT 1;

    Frontend (blocking): #2716

    8 :backend :blocker 
    opened by noahtalerman 27
  • Support failing policies ticket automation workflow for Jira and Zendesk integrations

    Support failing policies ticket automation workflow for Jira and Zendesk integrations

    Part of the following epic: #4523

    Goals

    As a Fleet user, I want to be able to configure Fleet to create a ticket with a list of hosts that are failing a policy so that I automate tracking my progress on keeping my hosts complaint.

    Figma

    Tickets for policy automations: https://www.figma.com/file/hdALBDsrti77QuDNSzLdkx/?node-id=6284%3A270348

    Related

    • Frontend: #5441

    Notes

    This ticket includes configuring policy automation tickets for global policies, as well as team-level policies.

    Jira ticket (issue) template

    Summary (what Jira calls a name or title):

    <Policy name> policy failed on <Number of failing hosts> hosts
    

    Description:

    Hosts:
    <Hostname1>: <Link to Host details page>
    <Hostname2>: <Link to Host details page>
    <Hostname3>: <Link to Host details page>
    <Hostname4>: <Link to Host details page>
    ...
    <Hostname50>: <Link to Host details page>
    
    View hosts that failed <policy name> on the **Hosts** page in Fleet: <Link to Hosts page in Fleet>
    
    --
    
    This issue was created automatically by your Fleet to Jira integration.
    

    Zendesk ticket template

    Subject (what Zendesk calls a name or title):

    <Policy name> policy failed on <Number of failing hosts> hosts
    

    Body:

    Hosts:
    <Hostname1>: <Link to Host details page>
    <Hostname2>: <Link to Host details page>
    <Hostname3>: <Link to Host details page>
    <Hostname4>: <Link to Host details page>
    ...
    <Hostname50>: <Link to Host details page>
    
    View hosts that failed <policy name> the **Hosts** page in Fleet: <Link to Hosts page in Fleet>
    
    --
    
    This issue was created automatically by your Fleet to Zendesk integration.
    

    Tasks

    1

    • [x] Add a new enable_failing_policies object to both the Jira and Zendesk global config objects.
    • Ensure only one automation can be enabled (Jira, Zendesk or webhook).
    • If enable_failing_policies is enabled for either Jira or Zendesk, set the webhook_settings.failing_policies_webhook.enable_failing_policies_webhook config property to false.

    2

    • [x] When enable_failing_policies is enabled for Jira or Zendesk, create a ticket in the associated platform.
    • Use the same triggering logic that is currently used for the failing policies webhook.
    • Populate the ticket with the ticket template defined above.
    • The ticket will include hostnames and links to Host details pages for up to 50 failing hosts. This is because a ticket with a large number of hosts will become increasingly difficult to read as the number of hosts grows.

    3

    • [x] Add integrations object to team details PATCH containing integration configs.
    • Update PATCH /teams/{id} to include new integrations object.
    • Inside each integration object (Jira, Zendesk) add a new enable_failing_policies property.
    • Retrieve team-level configurations from the GET /teams/{id} endpoint.

    Example enable_failing_policies object

    {
      "team": {
        "name": "Workstations",
        "id": 1,
        "user_ids": [1, 17, 22, 32],
        "host_ids": [],
        "user_count": 4,
        "host_count": 0,
        "agent_options": {
          ...
        },
        "webhook_settings": {
          "failing_policies_webhook": {
            "enable_failing_policies_webhook": false,
            "destination_url": "",
            "policy_ids": null,
            "host_batch_size": 0
          }
        },
        "integrations": {
          "jira": [
            {
              "url": "https://jiraserver.com",
              "username": "some_user",
              "password": "sec4et!",
              "project_key": "jira_project",
              "enable_failing_policies": true
            }
          ],
          "zendesk": [
            {
              "url": "https://example.zendesk.com",
              "email": "[email protected]",
              "api_token": "abc123",
              "group_id": "12345678",
              "enable_failing_policies": false
            }
          ]
        },
      }
    }
    
    8 :backend !integrations #interface 
    opened by noahtalerman 26
  • Add ability to search hosts by Google Chrome profiles

    Add ability to search hosts by Google Chrome profiles

    Request from a customer with close to 100,000 devices. The first iteration of this feature will rely on the Google Chrome profiles information exposed by the google_chrome_profiles table included in the macadmins osquery extension.

    Goal

    As an IT administrator (macOS, Windows, and Linux workstations), I want to be able to enter a users work email in the search bar.

    Tasks

    1

    • [ ] Update the existing GET /api/v1/fleet/hosts API to support searching by email: when the query parameter resembles an email (eg: has an @, no spaces, etc) we will search the chrome profile emails to find a match of hosts. In any other case, we must not search there.
    • Retrieve the users' emails using the google_chrome_profiles table included in the macadmins osquery extension.
      • The customer that requested this feature has the macadmins extension deployed.
      • The macadmins extension will be included with Fleet's osquery installers.
      • Hosts not having this extension shouldn't cause any failures.

    IMPORTANT NOTE: this is intended to be the first source of a few to try to infer the person actually using a workstation. The database table should be modeled with this in mind: host_id, email, source.


    2

    • [ ] Add a new GET /api/v1/fleet/hosts/{id}/device-mapping API route which includes the google chrome profile(s) found on the host.

    Example

    GET /api/v1/fleet/hosts/{id}/device-mapping

    Default response

    Status: 200

    {
      "device-mapping": [
        { "email": "[email protected]", "source": "google_chrome_profiles" }
      ]
    }
    
    customer request :backend :release 
    opened by noahtalerman 25
  • Edits to Hetzner deployment guide

    Edits to Hetzner deployment guide

    Main nav:

    • I added a link to the article from the main nav

    Edits to the article:

    • Changed up some of the language to make it consistent with our existing deployment guides.
    • Re-arranged the intro section for clarity
    • Changed the thumbnail image

    Style fixes:

    • reduced margin top and bottom for articles H3

    Checklist for submitter

    If some of the following don't apply, delete the relevant line.

    • [x] Manual QA for all new/changed functionality
    opened by mike-j-thomas 0
  • Update and correct the macOS log destination for fleet desktop

    Update and correct the macOS log destination for fleet desktop

    Fixes #6407

    ➜  Fleet stat fleet-desktop.log
    16777234 17180053 -rw-r--r-- 1 sharvil staff 0 443 "Jun 28 18:37:13 2022" "Jun 28 18:36:41 2022" "Jun 28 18:36:41 2022" "Jun 28 18:36:26 2022" 4096 8 0 fleet-desktop.log
    ➜  Fleet pwd
    /Users/sharvil/Library/Logs/Fleet
    ➜  Fleet file fleet-desktop.log
    fleet-desktop.log: ASCII text
    ➜  Fleet
    

    Thoughts on cleaning up log from old location? @lucasmrod @roperzh

    Checklist for submitter

    If some of the following don't apply, delete the relevant line.

    • [x] Changes file added for user-visible changes (in changes/ and/or orbit/changes/).
    • [x] Manual QA for all new/changed functionality
    opened by sharvilshah 1
  • Update

    Update "Usage statistics" doc page

    • Remove unreleased updates to the usage statistics payload. This way, current users don't mistakenly believe that usage statistics were expanded without them knowing.
      • After this PR is merged to main, the removed doc updates will be added to a separate fleet-v-4.17.0-docs branch. This branch will be merged in when Fleet 4.17.0 is released.
    opened by noahtalerman 0
  • Fix column width, caret alignment, add changelog

    Fix column width, caret alignment, add changelog

    Cerra #6388

    Fixes

    • Min width 110px to accommodate the link being on a single line
    • Align caret higher to line up with text

    Screenrecording of fix with responsive UI https://user-images.githubusercontent.com/71795832/176283535-59e9781a-9708-49df-b7d0-441d7e5800cd.mov

    Checklist for submitter

    If some of the following don't apply, delete the relevant line.

    • [x] Changes file added for user-visible changes (in changes/ and/or orbit/changes/).
    • [x] Manual QA for all new/changed functionality
    opened by RachelElysia 0
  • Fleet Desktop logs destination on macOS should be ~/Library/Logs

    Fleet Desktop logs destination on macOS should be ~/Library/Logs

    Fleet version: v4.16.0

    Operating system: macOS


    We specified in https://github.com/fleetdm/fleet/issues/5689 the log destination for macOS devices to be ~/Library/Log, but the right folder for logs in macOS is ~/Library/Logs

    bug #agent 1 
    opened by roperzh 0
Releases(fleet-v4.16.0)
  • fleet-v4.16.0(Jun 21, 2022)

    Fleet 4.16.0 (Jun 20, 2022)

    • Fleet Premium: Added the ability to set a Custom URL for the "Transparency" link included in Fleet Desktop. This allows you to use custom branding, as well as gives you control over what information you want to share with your end-users.

    • Fleet Premium: Added scoring to vulnerability detection, including EPSS probability score, CVSS base score, and known exploits. This helps you to quickly categorize which threats need attention today, next week, next month, or "someday."

    • Added a ticket-workflow for policy automations. Configured Fleet to automatically create a Jira issue or Zendesk ticket when one or more hosts fail a specific policy.

    • Added Open Vulnerability and Assement Language (OVAL) processing for Ubuntu hosts. This increases the accuracy of detected vulnerabilities.

    • Added software details page to the Fleet UI.

    • Improved live query experience by saving the state of selected targets and adding count of visible results when filtering columns.

    • Fixed an issue where the Device user page redirected to login if an expired session token was present.

    • Fixed an issue that caused a delay in availability of My device in Fleet Desktop.

    • Added support for custom headers for requests made to fleet instances by the fleetctl command.

    • Updated to an improved users query in every query we send to osquery.

    • Fixed no such table errors for mdm and munki_info for vanilla osquery MacOS hosts.

    • Fixed data inconsistencies in policy counts caused when a host was re-enrolled without a team or in a different one.

    • Fixed a bug affecting fleetctl debug archive and errors commands on Windows.

    • Added /api/_version_/fleet/device/{token}/policies to retrieve policies for a specific device. This endpoint can only be accessed with a premium license.

    • Added POST /targets/search and POST /targets/count API endpoints.

    • Updated GET /software, GET /software/{:id}, and GET /software/count endpoints to no include software that has been removed from hosts, but not cleaned up yet (orphaned).

    Upgrading

    Please visit our update guide for upgrade instructions.

    Documentation

    Documentation for Fleet is available at fleetdm.com/docs.

    Binary Checksums

    SHA256

    6e07d250d31c0614d879dd24e8649c8b7fa460a789dd10b87d09166bbdabdef5  fleetctl_v4.16.0_windows.zip
    9102a84cdeaed83e36079a63639d84c72a5cde4661cc8c35baac5768448dda69  fleet_v4.16.0_linux.tar.gz
    960a9eb2aa2afaebe22bc979549851720feedfa4b194bd56146beb41272b7704  fleetctl_v4.16.0_linux.tar.gz
    9ad3352d16fa53ce2a1da2a41e95a231c559265bd2307b7521fe731af7dd9671  fleetctl_v4.16.0_windows.tar.gz
    d82f6f404b5bb43f38fca4ff437bb50376ad1e43f375ce60726893ea09c21ad5  fleetctl_v4.16.0_linux.zip
    7d8a5263a344d7e4a307503526cdd9da08e9420f4363197c069dd790574e3f4d  fleetctl_v4.16.0_macos.tar.gz
    3230af343abf3c0a1627b3082a5676ba19416bf0f3df1bd8f07037174d50a788  fleetctl_v4.16.0_macos.zip
    
    Source code(tar.gz)
    Source code(zip)
    checksums.txt(663 bytes)
    fleetctl_v4.16.0_linux.tar.gz(16.23 MB)
    fleetctl_v4.16.0_linux.zip(16.23 MB)
    fleetctl_v4.16.0_macos.tar.gz(16.33 MB)
    fleetctl_v4.16.0_macos.zip(16.33 MB)
    fleetctl_v4.16.0_windows.tar.gz(16.34 MB)
    fleetctl_v4.16.0_windows.zip(16.34 MB)
    fleet_v4.16.0_linux.tar.gz(29.44 MB)
  • fleet-v4.15.0(May 27, 2022)

    Changes

    • Expanded beta support for vulnerability reporting to include both Zendesk and Jira integration. This allows users to configure Fleet to automatically create a Zendesk ticket or Jira issue when a new vulnerability (CVE) is detected on your hosts.

    • Expanded beta support for Fleet Desktop to Mac and Windows hosts. Fleet Desktop allows the device user to see information about their device. To add Fleet Desktop to a host, generate a Fleet-osquery installer with fleetctl package and include the --fleet-desktop flag. Then, open this installer on the device.

    • Added the ability to see when software was last used on Mac hosts in the Host Details view in the Fleet UI. Allows you to know how recently an application was accessed and is especially useful when making decisions about whether to continue subscriptions for paid software and distributing licensces.

    • Improved security by increasing the minimum password length requirement for Fleet users to 12 characters.

    • Added Policies tab to Host Details page for Fleet Premium users.

    • Added device_mapping to host information in UI and API responses.

    • Deprecated "MIA" host status in UI and API responses.

    • Added CVE scores to /software API endpoint responses when available.

    • Added all_linux_count and builtin_labels to GET /host_summary response.

    • Added "Bundle identifier" information as tooltip for macOS applications on Software page.

    • Fixed an issue with detecting root directory when using orbit shell.

    • Fixed an issue with duplicated hosts being sent in the vulnerability webhook payload.

    • Added the ability to select columns when exporting hosts to CSV.

    • Improved the output of fleetclt debug errors and added the ability to print the errors to stdout via the -stdout flag.

    • Added support for Docker Compose V2 to fleetctl preview.

    • Added experimental option to save responses to host_last_seen queries to the database in batches as well as the ability to configure enable_async_host_processing settings for host_last_seen, label_membership and policy_membership independently.

    • Expanded wifi_networks table to include more data on macOS and fixed compatibility issues with newer MacOS releases.

    • Improved precision in unseen hosts reports sent by the host status webhook.

    • Increased MySQL group_concat_max_len setting from default 1024 to 4194304.

    • Added validation for pack scheduled query interval.

    • Fixed instructions for enrolling hosts using osqueryd.

    Upgrading

    Please visit our update guide for upgrade instructions.

    Documentation

    Documentation for Fleet is available at fleetdm.com/docs.

    Binary Checksum

    SHA256

    08153d5f3e2f5f72fec7692809f23d1d9e8c5d94073c7cb5a889ebaf703079be  fleetctl_v4.15.0_linux.tar.gz
    14efca77f84c4f4a908fa95cfc08b47cb0d0c723ca102b86c2d3ad7cd0b31c11  fleetctl_v4.15.0_windows.zip
    2eaf1d24793dcd2f22d5e89fb4c331d3e2737a59b9cedf67de1f2c60a70eb049  fleetctl_v4.15.0_linux.zip
    557d7b9986d0b07dc4afb279fdf53cbbc69c693da478c1a949e1fcee1b644d47  fleetctl_v4.15.0_macos.zip
    80c5062704e6bf5f26e2e07abf3d7577458ed3df51c64b78bd3e1ef79f0f8336  fleet_v4.15.0_linux.tar.gz
    8d73afbb4e5dd68359acf6d11f8d2fc02af81111b713300b57f4228053ebb1a6  fleetctl_v4.15.0_macos.tar.gz
    9975000159979de37c11176f0b4237a8d0ba0abce5b6b61ee2ce4a8b6fce9f9a  fleetctl_v4.15.0_windows.tar.gz
    
    Source code(tar.gz)
    Source code(zip)
    checksums.txt(664 bytes)
    fleetctl_v4.15.0_linux.tar.gz(16.16 MB)
    fleetctl_v4.15.0_linux.zip(16.16 MB)
    fleetctl_v4.15.0_macos.tar.gz(15.91 MB)
    fleetctl_v4.15.0_macos.zip(15.91 MB)
    fleetctl_v4.15.0_windows.tar.gz(16.27 MB)
    fleetctl_v4.15.0_windows.zip(16.27 MB)
    fleet_v4.15.0_linux.tar.gz(28.35 MB)
  • fleet-v4.14.0(May 9, 2022)

    Changes

    • Add beta support for Jira integration. This allows users to configure Fleet to automatically create a Jira issue when a new vulnerability (CVE) is detected on your hosts.

    • Add a "Show query" button on the live query results page. This allows users to double-check the syntax used and compare this to their results without leaving the current view.

    • Add a Postman Collection for the Fleet API. This allows users to easily interact with Fleet's API routes so that they can build and test integrations.

    • Add beta support for Fleet Desktop on Linux. Fleet Desktop allows the device user to see information about their device. To add Fleet Desktop to a Linux device, first add the --fleet-desktop flag to the fleectl package command to generate a Fleet-osquery installer that includes Fleet Desktop. Then, open this installer on the device.

    • Add last_opened_at property, for macOS software, to the Host details API route (GET /hosts/{id}).

    • Improve the Settings pages in the the Fleet UI.

    • Improve error message retuned when running fleetctl query command with missing or misspelled hosts.

    • Improve the empty states and forms on the Policies page, Queries page, and Host details page in the Fleet UI.

    • All duration settings returned by fleetctl get config --include-server-config were changed from nanoseconds to an easy to read format.
    • Fix a bug in which the "Bundle identifier" tooltips displayed on Host details > Software did not render correctly.

    • Fix a bug in which the Fleet UI would render an empty Google Chrome profiles on the Host details page.

    • Fix a bug in which the Fleet UI would error when entering the "@" characters in the Search targets field.

    • Fix a bug in which a scheduled query would display the incorrect name when editing the query on the Schedule page.

    • Fix a bug in which a deprecation warning would be displayed when generating a deb or rpm Fleet-osquery package when running the fleetctl package command.

    • Fix a bug that caused panic errors when running the fleet serve --debug command.

    Upgrading

    Please visit our update guide for upgrade instructions.

    Documentation

    Documentation for Fleet is available at fleetdm.com/docs.

    Binary Checksum

    SHA256

    1198ff837f228d786ade25af7cc7db8478aab49f1cbff49ceba7d9c7e025111e  fleetctl_v4.14.0_windows.tar.gz
    37ecb349b478340d89c20979b5ef95c4408589eaa0a388be7ffea83514145086  fleetctl_v4.14.0_linux.zip
    869750e96fceb615a29186577bc81c3aedd4f36c6e6ccb41d233cb6d6fbe7fc7  fleetctl_v4.14.0_windows.zip
    efd4d60d6ccb0ef41279969f8215da31dd6fb64d29225c4607065a5b1419ef3d  fleetctl_v4.14.0_macos.tar.gz
    09a82fe3ebb60a63b45d317854029dc95b16984ad6878a5c3bc3ebbe9422b223  fleetctl_v4.14.0_macos.zip
    cd50f058724cdde07edcc3cf89c83e9c5cd91ca41974ea470ae660cb50dd04a1  fleetctl_v4.14.0_linux.tar.gz
    ec8c6282955adc49d9dde92d5adbf41465b1e2e8174fd8ca548d0132f9b0a217  fleet_v4.14.0_linux.tar.gz
    
    Source code(tar.gz)
    Source code(zip)
    checksums.txt(664 bytes)
    fleetctl_v4.14.0_linux.tar.gz(15.74 MB)
    fleetctl_v4.14.0_linux.zip(15.74 MB)
    fleetctl_v4.14.0_macos.tar.gz(15.83 MB)
    fleetctl_v4.14.0_macos.zip(15.83 MB)
    fleetctl_v4.14.0_windows.tar.gz(15.86 MB)
    fleetctl_v4.14.0_windows.zip(15.86 MB)
    fleet_v4.14.0_linux.tar.gz(27.42 MB)
  • fleet-v4.13.2(Apr 25, 2022)

    Changes

    • Fix a bug in which the "Operating systems" table on the Home > macOS page wouldn't update. This bug only affects deployments using MySQL < 5.7.22 or equivalent AWS RDS Aurora < 2.10.1. Note that this bug affects deployments that use Fleet's Terraform (uses AWS RDS Aurora 2.10.0).

    Upgrading

    Please visit our update guide for upgrade instructions.

    Documentation

    Documentation for Fleet is available at fleetdm.com/docs.

    Binary Checksum

    SHA256

    15409c39b5b7719064e9b30cd17682918e890dd0964be52d031f1921de96c8f9  fleetctl_v4.13.2_macos.tar.gz
    1a3ea0f5774139073e4c7dcf40b9eda2b67ba985245639a71e101d0e5b9e76e7  fleetctl_v4.13.2_windows.zip
    3c3fdecf86fe70ac3eb99824437f80b5dd8b3bfb67d2870ed5453322f288d3df  fleetctl_v4.13.2_linux.zip
    543d2bafbba99f732b2fb0531cb2f54150853f37694b92bb6e31099af7e34557  fleetctl_v4.13.2_linux.tar.gz
    867181a136208061c09cd91ec975746aaf65ec2fffab8427c02fbfb1bae92627  fleetctl_v4.13.2_macos.zip
    af6549dc5c754172a00d312cfb7b3d8cd046482690668ffcbff765159487478a  fleetctl_v4.13.2_windows.tar.gz
    fc6b741d668834f4574d336b5fdfb6165c65fcab14abf91cd254b5e2a1484d8f  fleet_v4.13.2_linux.tar.gz
    
    Source code(tar.gz)
    Source code(zip)
    checksums.txt(664 bytes)
    fleetctl_v4.13.2_linux.tar.gz(15.71 MB)
    fleetctl_v4.13.2_linux.zip(15.71 MB)
    fleetctl_v4.13.2_macos.tar.gz(15.46 MB)
    fleetctl_v4.13.2_macos.zip(15.47 MB)
    fleetctl_v4.13.2_windows.tar.gz(15.84 MB)
    fleetctl_v4.13.2_windows.zip(15.84 MB)
    fleet_v4.13.2_linux.tar.gz(27.29 MB)
  • fleet-v4.13.1(Apr 20, 2022)

    Changes

    • Fixes an SSO login issue introduced in 4.13.0.

    • Fixes authorization errors encountered on the frontend login and live query pages.

    Upgrading

    Please visit our update guide for upgrade instructions.

    Documentation

    Documentation for Fleet is available at fleetdm.com/docs.

    Binary Checksum

    SHA256

    1991f5bd8d7d2bad323cc00ffadb248e605437f363396c214b8ad9ed492cec20  fleetctl_v4.13.1_linux.zip
    3ef961a43c0b0d7d82973139beff17136cf2d0d5a86278e46214f33e693cda29  fleetctl_v4.13.1_linux.tar.gz
    ba8b49a9d9d9f169322106b53ed3dfb58a22f224b0025fbec57afac5a0fc490e  fleet_v4.13.1_linux.tar.gz
    3a1890e5a1d742bedf6d090007c85365470d2885e3876c03364e1a3057a911eb  fleetctl_v4.13.1_macos.tar.gz
    4c3aadb0d536075e690bf6909a02d119f5f6661470b97f4bd4218db4aed6422d  fleetctl_v4.13.1_macos.zip
    d72c3c113d267bbc0de47152c38f107b4644f79e9696f8a507aad97ca72a4c7a  fleetctl_v4.13.1_windows.tar.gz
    eac49845d9c9e694adfdb278447f6bf378ed92b5d86a5a9fe3fd7fc5f28bc1e5  fleetctl_v4.13.1_windows.zip
    
    Source code(tar.gz)
    Source code(zip)
    checksums.txt(664 bytes)
    fleetctl_v4.13.1_linux.tar.gz(15.71 MB)
    fleetctl_v4.13.1_linux.zip(15.71 MB)
    fleetctl_v4.13.1_macos.tar.gz(15.81 MB)
    fleetctl_v4.13.1_macos.zip(15.81 MB)
    fleetctl_v4.13.1_windows.tar.gz(15.84 MB)
    fleetctl_v4.13.1_windows.zip(15.84 MB)
    fleet_v4.13.1_linux.tar.gz(27.29 MB)
  • fleet-v4.13.0(Apr 18, 2022)

    Changes

    Known issues

    This release contains an issue with path validation in SSO, resulting in SSO users not able to login following an upgrade from a previous version of Fleet. If you use SSO we recommend installing 4.13.1.

    This is a security release.

    • Security: Fix several post-authentication authorization issues. Only Fleet Premium users that have team users are affected. Fleet Free users do not have access to the teams feature and are unaffected. See the following security advisory for details: https://github.com/fleetdm/fleet/security/advisories/GHSA-pr2g-j78h-84cr

    • Improve performance of software inventory on Windows hosts.

    • Add basic​_auth.username and basic_auth.password Prometheus configuration options. The GET /metrics API route is now disabled if these configuration options are left unspecified.

    • Fleet Premium: Add ability to specify a team specific "Destination URL" for policy automations. This allows the user to configure Fleet to send a webhook request to a unique location for policies that belong to a specific team. Documentation on what data is included the webhook request and when the webhook request is sent can be found here on fleedm.com/docs

    • Add ability to see the total number of hosts with a specific macOS version (ex. 12.3.1) on the Home > macOS page. This information is also available via the GET /os_versions API route.

    • Add ability to sort live query results in the Fleet UI.

    • Add a "Vulnerabilities" column to Host details > Software page. This allows the user see and search for specific vulnerabilities (CVEs) detected on a specific host.

    • Update vulnerability automations to fire anytime a vulnerability (CVE), that is detected on a host, was published to the National Vulnerability Database (NVD) in the last 30 days, is detected on a host. In previous versions of Fleet, vulnerability automations would fire anytime a CVE was published to NVD in the last 2 days.

    • Update the Policies page to ask the user to wait to see accurate passing and failing counts for new and recently edited policies.

    • Improve API-only (integration) users by removing the requirement to reset these users' passwords before use. Documentation on how to use API-only users can be found here on fleetdm.com/docs.

    • Improve the responsiveness of the Fleet UI by adding tablet screen width support for the Software, Queries, Schedule, Policies, Host details, Settings > Teams, and Settings > Users pages.

    • Add Beta support for integrating with Jira to automatically create a Jira issue when a new vulnerability (CVE) is detected on a host in Fleet.

    • Add Beta support for Fleet Desktop on Windows. Fleet Desktop allows the device user to see information about their device. To add Fleet Desktop to a Windows device, first add the --fleet-desktop flag to the fleectl package command to generate a Fleet-osquery installer that includes Fleet Desktop. Then, open this installer on the device.

    • Fix a bug in which downloading Fleet's vulnerability database failed if the destination directory specified was not in the tmp/ directory.

    • Fix a bug in which the "Updated at" time was not being updated for the "Mobile device management (MDM) enrollment" and "Munki versions" information on the Home > macOS page.

    • Fix a bug in which Fleet would consider Docker network interfaces to be a host's primary IP address.

    • Fix a bug in which tables in the Fleet UI would present misaligned buttons.

    • Fix a bug in which Fleet failed to connect to Redis in standalone mode.

    Upgrading

    Please visit our update guide for upgrade instructions.

    Documentation

    Documentation for Fleet is available at fleetdm.com/docs.

    Binary Checksum

    SHA256

    07a377b78a973192d8eb5380d3effb6323f08700a44a6bf9da0f7906bd71eb7c  fleetctl_v4.13.0_windows.tar.gz
    36c59106d083476396983a44c53f06d91107cafb1ec08943a30a2385ec4b55b1  fleetctl_v4.13.0_linux.tar.gz
    41580e1696c25e12ab882d5d40cd28b3947f131870da9c897ddf93304eb10015  fleetctl_v4.13.0_windows.zip
    7a861552e6687364def9c55478d626e3da9a56ecf37ec978a17f9f8d77471522  fleet_v4.13.0_linux.tar.gz
    3b97db442762a8c7acbdc8949b42637cb3f1c830b623e0d368b54fadd150b68b  fleetctl_v4.13.0_macos.tar.gz
    0da2cfd4936c5e359c3e4347ef7214cbf5543f3c0e1e621a59bf146531f0cf06  fleetctl_v4.13.0_macos.zip
    daaddb3837c3bbfd68881756c56725fddd3320469efb69e9fcc41cd6c17cd568  fleetctl_v4.13.0_linux.zip
    
    Source code(tar.gz)
    Source code(zip)
    checksums.txt(664 bytes)
    fleetctl_v4.13.0_linux.tar.gz(15.71 MB)
    fleetctl_v4.13.0_linux.zip(15.71 MB)
    fleetctl_v4.13.0_macos.tar.gz(15.81 MB)
    fleetctl_v4.13.0_macos.zip(15.81 MB)
    fleetctl_v4.13.0_windows.tar.gz(15.84 MB)
    fleetctl_v4.13.0_windows.zip(15.84 MB)
    fleet_v4.13.0_linux.tar.gz(27.29 MB)
  • fleet-v4.12.1(Apr 5, 2022)

    Changes

    • Fix login error for non-SSO users when Fleet is deployed with a MySQL read replica.

    Upgrading

    Please visit our update guide for upgrade instructions.

    Documentation

    Documentation for Fleet is available at fleetdm.com/docs.

    Binary Checksum

    SHA256

    05103f811a9fbbe0224c6fa34170bea4f856aaee2536c3fb9f531214d2e3cc2e  fleetctl_v4.12.1_windows.zip
    1198363148c73aae8d52cae2980807011b607861525016221520ebefa76772b8  fleet_v4.12.1_linux.tar.gz
    4ab2110fcd0ca3b910144884df77998d0c6ae30c0d3d2c6f7ddd48375d0a6c8f  fleetctl_v4.12.1_windows.tar.gz
    795079e35b78f5f4e7b90dbf55cba457a09130739ce8ab1d9e7281c1f420fc0c  fleetctl_v4.12.1_linux.zip
    9b4f1d7e09fb9a5222e7d733766d35d9305643ae5c544cf39cb724bca3f4b321  fleetctl_v4.12.1_linux.tar.gz
    590bfee426f7c2a122f06bc2502d4b47a23d25f613c3e7f2dfcd18324e9aa60f  fleetctl_v4.12.1_macos.tar.gz
    f360795aac7a27f73faf5a9476c72b62712f6c9f8113ab540550c2fe62cb2dca  fleetctl_v4.12.1_macos.zip
    
    Source code(tar.gz)
    Source code(zip)
    checksums.txt(664 bytes)
    fleetctl_v4.12.1_linux.tar.gz(15.68 MB)
    fleetctl_v4.12.1_linux.zip(15.68 MB)
    fleetctl_v4.12.1_macos.tar.gz(15.77 MB)
    fleetctl_v4.12.1_macos.zip(15.78 MB)
    fleetctl_v4.12.1_windows.tar.gz(15.80 MB)
    fleetctl_v4.12.1_windows.zip(15.80 MB)
    fleet_v4.12.1_linux.tar.gz(27.08 MB)
  • fleet-v4.12.0(Mar 25, 2022)

    Changes

    • Add ability to update which platform (macOS, Windows, Linux) a policy is checked on.

    • Add ability to detect compatibility for custom policies.

    • Increase the default session duration to 5 days. Session duration can be updated using the session_duration configuration option.

    • Add ability to see the percentage of hosts that responded to a live query.

    • Add ability for users with admin permissions to update any user's password.

    • Add content_type_value Kafka REST Proxy configuration option to allow the use of different versions of the Kafka REST Proxy.

    • Add database_path GeoIP configuration option to specify a GeoIP database. When configured, geolocation information is presented on the Host details page and in the GET /hosts/{id} API route.

    • Add ability to retrieve a host's public IP address. This information is available on the Host details page and GET /hosts/{id} API route.

    • Add instructions and materials needed to add hosts to Fleet using plain osquery. These instructions can be found in Hosts > Add hosts > Advanced in the Fleet UI.

    • Add Beta support for Fleet Desktop on macOS. Fleet Desktop allows the device user to see information about their device. To add Fleet Desktop to a macOS device, first add the --fleet-desktop flag to the fleectl package command to generate a Fleet-osquery installer that includes Fleet Desktop. Then, open this installer on the device.

    • Reduce the noise of osquery status logs by only running a host vital query, which populate the Host details page, when the query includes tables that are compatible with a specific host.

    • Fix a bug on the Edit pack page in which the "Select targets" element would display the hover effect for the wrong target.

    • Fix a bug on the Software page in which software items from deleted hosts were not removed.

    • Fix a bug in which the platform for Amazon Linux 2 hosts would be displayed incorrectly.

    Upgrading

    Please visit our update guide for upgrade instructions.

    Documentation

    Documentation for Fleet is available at fleetdm.com/docs.

    Binary Checksum

    SHA256

    0dd3189eea3d53960ef31f35437fc39df595473aaf176cb140f825453ae194a8  fleetctl_v4.12.0_linux.zip
    0f21dd9e06553497bcd3a0b0419c644f5336bf261d6143ac6ce1bc55ca9f31bc  fleetctl_v4.12.0_linux.tar.gz
    1eccbf3a9f06f0eb8dae8107a8fc820ede3d0aeb8428bc0f840187115ba57bdf  fleetctl_v4.12.0_windows.tar.gz
    48456eef4f5226fb021563577a4bf546f8150a6d98404bb35a1acc0004f36c93  fleetctl_v4.12.0_windows.zip
    ba8a497f10169e7e30ece33b9c7603bfd19f121d9f351f82e83ed2e3fd9dd906  fleet_v4.12.0_linux.tar.gz
    79f3554f6969f256ae24575bf7b2f4f64e40f1dab527e737f8f16bff666d3852  fleetctl_v4.12.0_macos.tar.gz
    3bfff767be17e08ad03dbe13a641a24530ec40d7794982a780fd5e963976ebcc  fleetctl_v4.12.0_macos.zip
    
    Source code(tar.gz)
    Source code(zip)
    checksums.txt(663 bytes)
    fleetctl_v4.12.0_linux.tar.gz(15.68 MB)
    fleetctl_v4.12.0_linux.zip(15.68 MB)
    fleetctl_v4.12.0_macos.tar.gz(15.77 MB)
    fleetctl_v4.12.0_macos.zip(15.78 MB)
    fleetctl_v4.12.0_windows.tar.gz(15.80 MB)
    fleetctl_v4.12.0_windows.zip(15.80 MB)
    fleet_v4.12.0_linux.tar.gz(27.08 MB)
  • v0.0.7(Mar 10, 2022)

  • fleet-v4.11.0(Mar 7, 2022)

    Changes

    • Improve vulnerability processing to reduce the number of false positives for RPM packages on Linux hosts.

    • Fleet Premium: Add a teams key to the packs yaml document to allow adding teams as targets when using CI/CD to manage query packs.

    • Fleet premium: Add the ability to retrieve configuration for a specific team with the fleetctl get team --name <team-name-here> command.

    • Remove the expiration for API tokens for API-only users. API-only users can be created using the fleetctl user create --api-only command.

    • Improve performance of the osquery query used to collect software inventory for Linux hosts.

    • Update the activity feed on the Home page to include add, edit, and delete policy activities. Activity information is also available in the GET /activities API route.

    • Update Kinesis logging plugin to append newline character to raw message bytes to properly format NDJSON for downstream consumers.

    • Clarify why the "Performance impact" for some queries is displayed as "Undetermined" in the Fleet UI.

    • Add instructions for using plain osquery to add hosts to Fleet in the Fleet View these instructions by heading to Hosts > Add hosts > Advanced.

    • Fix a bug in which uninstalling Munki from one or more hosts would result in inaccurate Munki versions displayed on the Home > macOS page.

    • Fix a bug in which a user, with access limited to one or more teams, was able to run a live query against hosts in any team. This bug is not exposed in the Fleet UI and is limited to users of the POST run API route.

    • Fix a bug in the Fleet UI in which the "Select targets" search bar would not return the expected hosts.

    • Fix a bug in which global agent options were not updated correctly when editing these options in the Fleet UI.

    • Fix a bug in which the Fleet UI would incorrectly tag some URLs as invalid.

    • Fix a bug in which the Fleet UI would attempt to connect to an SMTP server when SMTP was disabled.

    • Fix a bug on the Software page in which the "Hosts" column was not filtered by team.

    • Fix a bug in which global maintainers were unable to add and edit policies that belonged to a specific team.

    • Fix a bug in which the operating system version for some Linux distributions would not be displayed properly.

    • Fix a bug in which configuring an identity provider name to a value shorter than 4 characters was not allowed.

    • Fix a bug in which the avatar would not appear in the top navigation.

    Upgrading

    Please visit our update guide for upgrade instructions.

    Documentation

    Documentation for Fleet is available at fleetdm.com/docs.

    Binary Checksum

    SHA256

    07a3828310dc08a73c932941072fd8aef215dd88eb062f11e92dba32f1f635a4  fleet_v4.11.0_linux.tar.gz
    1048814ec8546a39e8afc184da42a084497fc0f0f3bb744dc6bdd974c76bca71  fleetctl_v4.11.0_windows.zip
    38e9b9ef81087b4d6c48c1595bd3dac320cea804fc75befaeff598608f23ada5  fleetctl_v4.11.0_linux.tar.gz
    7c011f53b6c242dec24efdfdeee9d54d7c7880c78601299075a05934d2136b46  fleetctl_v4.11.0_macos.tar.gz
    b43dd53e8e655c666772af641a1d6bead5378ea56da2b404a7d76ec98b591104  fleetctl_v4.11.0_macos.zip
    dfffd4384c105a6b7b000f32e23998832871ae9b52a0b69a504aa02f60e52311  fleetctl_v4.11.0_windows.tar.gz
    e5e742d65bcb8da77e1b6d190b2acbf88a4ff210c73c4c39faa5af00a6b2e07a  fleetctl_v4.11.0_linux.zip
    
    Source code(tar.gz)
    Source code(zip)
    checksums.txt(664 bytes)
    fleetctl_v4.11.0_linux.tar.gz(15.59 MB)
    fleetctl_v4.11.0_linux.zip(15.59 MB)
    fleetctl_v4.11.0_macos.tar.gz(15.35 MB)
    fleetctl_v4.11.0_macos.zip(15.35 MB)
    fleetctl_v4.11.0_windows.tar.gz(15.73 MB)
    fleetctl_v4.11.0_windows.zip(15.72 MB)
    fleet_v4.11.0_linux.tar.gz(26.96 MB)
  • fleet-v4.10.0(Feb 14, 2022)

    Changes

    • Upgrade Go to 1.17.7 with security fixes for crypto/elliptic (CVE-2022-23806), math/big (CVE-2022-23772), and cmd/go (CVE-2022-23773). These are not likely to be high impact in Fleet deployments, but we are upgrading in an abundance of caution.

    • Add aggregate software and vulnerability information on the new Software page.

    • Add ability to see how many hosts have a specific vulnerable software installed on the Software page. This information is also available in the GET /api/v1/fleet/software API route.

    • Add ability to send a webhook request if a new vulnerability (CVE) is found on at least one host. Documentation on what data is included the webhook request and when the webhook request is sent can be found here on fleedm.com/docs.

    • Add aggregate Mobile Device Management and Munki data on the Home page.

    • Add email and URL validation across the entire Fleet UI.

    • Add ability to filter software by "Vulnerable" on the Host details page.

    • Update standard policy templates to use new naming convention. For example, "Is FileVault enabled on macOS devices?" is now "Full disk encryption enabled (macOS)."

    • Add db-innodb-status and db-process-list to fleetctl debug command.

    • Fleet Premium: Add the ability to generate a Fleet installer and manage enroll secrets on the Team details page.

    • A ability for users with the observer role to view which platforms (macOS, Windows, Linux) a query is compatible with.

    • Improve the experience for editing queries and policies in the Fleet UI.

    • Improve vulnerability processing for NPM packages.

    • Support triggering a webhook for newly detected vulnerabilities with a list of affected hosts.

    • Add filter software by CVE.

    • Add the ability to disable scheduled query performance statistics.

    • Add ability to filter the host summary information by platform (macOS, Windows, Linux) on the Home page.

    • Fix a bug in Fleet installers for Linux in which a computer restart would stop the host from reporting to Fleet.

    • Make sure ApplyTeamSpec only works with premium deployments.

    • Disable MDM, Munki, and Chrome profile queries on unsupported platforms to reduce log noise.

    • Properly handle paths in CVE URL prefix.

    Upgrading

    Please visit our update guide for upgrade instructions.

    Documentation

    Documentation for Fleet is available at fleetdm.com/docs.

    Binary Checksum

    SHA256

    4271c4443c98a5a8d991e177733b9f23415ff18bb1a3e8af0db54743795ee9ec  fleetctl_v4.10.0_windows.zip
    6c04039feab80d5dc1a449e23167d182236889d9712cae04370e7e2e99dfa179  fleetctl_v4.10.0_linux.tar.gz
    74df98b823a9096db1c3b9b748a24ce2bbed7413a5d89a5c1751aba6d29e12eb  fleetctl_v4.10.0_windows.tar.gz
    2d2ae88e855a127b2d9e97582a37930657c09604717fc98d239a56f43df02b36  fleetctl_v4.10.0_macos.tar.gz
    f39d88bf24ca2d04c1c130a44a43a618f195fe4803a66d7686c7572cf519097e  fleetctl_v4.10.0_macos.zip
    9fc801df0171d6170158303d225e2d76c99449102f0134f7b7c6365330fc345e  fleet_v4.10.0_linux.tar.gz
    ca265f141cea5fe91410c9a5efd38cf12e6d68d8cc986aec2dd981e6b5afedc3  fleetctl_v4.10.0_linux.zip
    
    Source code(tar.gz)
    Source code(zip)
    checksums.txt(665 bytes)
    fleetctl_v4.10.0_linux.tar.gz(14.70 MB)
    fleetctl_v4.10.0_linux.zip(14.70 MB)
    fleetctl_v4.10.0_macos.tar.gz(14.79 MB)
    fleetctl_v4.10.0_macos.zip(14.79 MB)
    fleetctl_v4.10.0_windows.tar.gz(14.84 MB)
    fleetctl_v4.10.0_windows.zip(14.84 MB)
    fleet_v4.10.0_linux.tar.gz(24.82 MB)
  • fleet-v4.9.1(Feb 3, 2022)

    Changes

    This is a security release.

    • Security: Fix a vulnerability in Fleet's SSO implementation that could allow a malicious or compromised SAML Service Provider (SP) to log into Fleet as an existing Fleet user. See https://github.com/fleetdm/fleet/security/advisories/GHSA-ch68-7cf4-35vr for details.

    • Allow MSI packages generated by fleetctl package to reinstall on Windows without uninstall.

    • Fix a bug in which a team's scheduled queries didn't render correctly on the Schedule page.

    • Fix a bug in which a new policy would always get added to "All teams" rather than the selected team.

    Upgrading

    Please visit our update guide for upgrade instructions.

    Documentation

    Documentation for Fleet is available on fleetdm.com/docs.

    Binary Checksum

    SHA256

    9f2ca99d482d249d0fc7d17f71a11592155c7f0cb43fff019da30ed1b875bf42  fleetctl_v4.9.1_macos.tar.gz
    2f7e1b857eaee1c66bc1ccf2bfc3a0195c44a5c2f3831ad4fc938c5312d541e5  fleetctl_v4.9.1_macos.zip
    3f22f610d7e46c66b9eeb4ff4b6eb87ce5452b3ec1473f6ecabb0086a07db415  fleet_v4.9.1_linux.tar.gz
    9153bbd792ebb1fc154cd742c19cd2248137bab49968bcaf5c0ac6ee577718fb  fleetctl_v4.9.1_windows.zip
    a255c0ab198ceaf4344b80e7d7fc2fd307b98d223fc1ffcadf2df9d0729e981b  fleetctl_v4.9.1_linux.zip
    bf29eb09d0583bb629893bb7a6177cbef4fbc967996c7db77471a4585085c2a3  fleetctl_v4.9.1_windows.tar.gz
    c930085bae6d8ad852924d4ec5d2b0dec33abd7c621452a0c365a61f75088fb9  fleetctl_v4.9.1_linux.tar.gz
    
    Source code(tar.gz)
    Source code(zip)
    checksums.txt(657 bytes)
    fleetctl_v4.9.1_linux.tar.gz(14.59 MB)
    fleetctl_v4.9.1_linux.zip(14.59 MB)
    fleetctl_v4.9.1_macos.tar.gz(14.65 MB)
    fleetctl_v4.9.1_macos.zip(14.66 MB)
    fleetctl_v4.9.1_windows.tar.gz(14.70 MB)
    fleetctl_v4.9.1_windows.zip(14.70 MB)
    fleet_v4.9.1_linux.tar.gz(24.48 MB)
  • fleet-v4.9.0(Jan 22, 2022)

    Changes

    • Add ability to apply a policy yaml document so that GitOps workflows can be used to create and modify policies.

    • Add ability to run a live query that returns 1,000+ results in the Fleet UI by adding client-side pagination to the results table.

    • Improve the accuracy of query platform compatibility detection by adding recognition for queries with the WITH expression.

    • Add ability to open a page in the Fleet UI in a new tab by "right-clicking" an item in the navigation.

    • Improve the live query API route (GET /api/v1/queries/run) so that it successfully return results for Fleet instances using a load balancer by reducing the wait period to 25 seconds.

    • Improve performance of the Fleet UI by updating loading states and reducing the number of requests made to the Fleet API.

    • Improve performance of the MySQL database by updating the queries used to populate host vitals and caching the results.

    • Add read_timeout Redis configuration option to customize the maximum amount of time Fleet should wait to receive a response from a Redis server.

    • Add write_timeout Redis configuration option to customize the maximum amount of time Fleet should wait to send a command to a Redis server.

    • Fix a bug in which browser extensions (Google Chrome, Firefox, and Safari) were not included in software inventory.

    • Improve the security of the Organization settings page by preventing the browser from requesting to save SMTP credentials.

    • Fix a bug in which an existing pack's targets were not cleaned up after deleting hosts, labels, and teams.

    • Fix a bug in which non-existent queries and policies would not return a 404 not found response.

    Performance

    • Our testing demonstrated an increase in max devices served in our load test infrastructure to 70,000 from 60,000 in v4.8.0.

    Load Test Infrastructure

    • Fleet server

      • AWS Fargate
      • 2 tasks with 1024 CPU units and 2048 MiB of RAM.
    • MySQL

      • Amazon RDS
      • db.r5.2xlarge
    • Redis

      • Amazon ElastiCache
      • cache.m5.large with 2 replicas (no cluster mode)

    What was changed to accomplish these improvements?

    • Optimized the updating and fetching of host data to only send and receive the bare minimum data needed.

    • Reduced the number of times host information is updated by caching more data.

    • Updated cleanup jobs and deletion logic.

    Future improvements

    • At maximum DB utilization, we found that some hosts fail to respond to live queries. Future releases of Fleet will improve upon this.

    Upgrading

    Please visit our update guide for upgrade instructions.

    Documentation

    Documentation for Fleet can be found at https://fleetdm.com/docs.

    Binary Checksum

    SHA256

    3b6ab86cbe11c42a474c08c62b1a6ea7131f37a654e6f74da63cef824f1c7381  fleetctl_v4.9.0_linux.zip
    5b020272939906e342146097c33c9378d2af4ffe95ddde03ee59e9ae602f3eec  fleetctl_v4.9.0_windows.tar.gz
    7f9281f6035715f88e881d6c73ed66615fc692581e7f528bcf930c7480668d7e  fleetctl_v4.9.0_macos.tar.gz
    a851495359ce42edab4ebce90bb64d2462749e0448cd49a217772145a3c8f893  fleetctl_v4.9.0_macos.zip
    74e3d67f84edc29bbee3934aeedaf8f46707f6bd7eebe2c8791e8461b07eaf4c  fleet_v4.9.0_linux.tar.gz
    b385fa63f4a49fb269710b43f2cb5bf2004a746d11b727a70ef8e78bf49c754e  fleetctl_v4.9.0_linux.tar.gz
    ea7cd9fe4155ed5e75a03e488c5ce74d939b5cdd6531fc24b60445f04d90d268  fleetctl_v4.9.0_windows.zip
    
    Source code(tar.gz)
    Source code(zip)
    checksums.txt(657 bytes)
    fleetctl_v4.9.0_linux.tar.gz(14.59 MB)
    fleetctl_v4.9.0_linux.zip(14.59 MB)
    fleetctl_v4.9.0_macos.tar.gz(14.65 MB)
    fleetctl_v4.9.0_macos.zip(14.66 MB)
    fleetctl_v4.9.0_windows.tar.gz(14.70 MB)
    fleetctl_v4.9.0_windows.zip(14.70 MB)
    fleet_v4.9.0_linux.tar.gz(24.48 MB)
  • v0.0.6(Jan 17, 2022)

  • fleet-v4.8.0(Dec 31, 2021)

    Changes

    • Add ability to configure Fleet to send a webhook request with all hosts that failed a policy. Documentation on what data is included the webhook request and when the webhook request is sent can be found here on fleedm.com/docs.

    • Add ability to find a user's device in Fleet by filtering hosts by email associated with a Google Chrome profile. Requires the macadmins osquery extension which comes bundled in Fleet's osquery installers.

    • Add ability to see a host's Google Chrome profile information using the GET api/v1/fleet/hosts/{id}/device_mapping API route.

    • Add ability to see a host's mobile device management (MDM) enrollment status, MDM server URL, and Munki version on a host's Host details page. Requires the macadmins osquery extension which comes bundled in Fleet's osquery installers.

    • Add ability to see a host's MDM and Munki information with the GET api/v1/fleet/hosts/{id}/macadmins API route.

    • Improve the handling of certificates in the fleetctl package command by adding a check for a valid PEM file.

    • Update Prometheus Go client library which results in the following breaking changes to the GET /metrics API route: http_request_duration_microseconds is now http_request_duration_seconds_bucket, http_request_duration_microseconds_sum is now http_request_duration_seconds_sum, http_request_duration_microseconds_count is now http_request_duration_seconds_count, http_request_size_bytes is now http_request_size_bytes_bucket, and http_response_size_bytes is now http_response_size_bytes_bucket.

    • Improve performance when searching and sorting hosts in the Fleet UI.

    • Improve performance when running a live query feature by reducing the load on Redis.

    • Improve performance when viewing software installed across all hosts in the Fleet UI.

    • Fix a bug in which the Fleet UI presented the option to download an undefined certificate in the "Generate installer" instructions.

    • Fix a bug in which database migrations failed when using MariaDB due to a migration introduced in Fleet 4.7.0.

    • Fix a bug that prevented hosts from checking in to Fleet when Redis was down.

    Upgrading

    Please visit our update guide for upgrade instructions.

    Documentation

    Documentation for Fleet is available at fleetdm.com/docs.

    Binary Checksum

    SHA256

    a14f9ced0f606f6760e8c5297a62fccf0b1ffa7bed4c8ababc8e04a264531019  fleetctl_v4.8.0_macos.tar.gz
    b4416c5c0f302ec46493ea4328b2413fca89366a24017984a567f9b5ed107ead  fleetctl_v4.8.0_macos.zip
    35d7586bf8bdc14419ddf2a0fb6367ed068dca487e61586a877095056dc54223  fleetctl_v4.8.0_linux.zip
    4ae66acf77299a6c20c3305657c26e7ce385f3617ea5820cac32c3918d2651e7  fleet_v4.8.0_linux.tar.gz
    4f4944676f0addfdfd95d500585f39ebbd99570d432932a6a50488f2d048570d  fleetctl_v4.8.0_linux.tar.gz
    7cf2cd759713b56b2c3d05e26e0f7d05e48aa9dc1a1be985810679e87b9770d8  fleetctl_v4.8.0_windows.tar.gz
    d5dd7e0feff3d62e991c0eef0b3675d04b53acd0583dbb178b7aefe53d0b2a10  fleetctl_v4.8.0_windows.zip
    
    Source code(tar.gz)
    Source code(zip)
    checksums.txt(657 bytes)
    fleetctl_v4.8.0_linux.tar.gz(14.57 MB)
    fleetctl_v4.8.0_linux.zip(14.57 MB)
    fleetctl_v4.8.0_macos.tar.gz(14.65 MB)
    fleetctl_v4.8.0_macos.zip(14.65 MB)
    fleetctl_v4.8.0_windows.tar.gz(14.70 MB)
    fleetctl_v4.8.0_windows.zip(14.70 MB)
    fleet_v4.8.0_linux.tar.gz(24.44 MB)
  • v0.0.4(Dec 23, 2021)

    Changes

    • Use certs.pem if available in root directory to improve TLS compatibility.

    • Use UUID as the default host identifier for osquery.

    • Add github.com/macadmins/osquery-extension tables.

    • Add support for osquery flagfile (loaded automatically if it exists in the Orbit root).

    • Fix permissions for building MSI when packaging as root user. Fixes fleetdm/fleet#1424.

    Source code(tar.gz)
    Source code(zip)
    checksums.txt(272 bytes)
    orbit_0.0.4_linux.tar.gz(3.30 MB)
    orbit_0.0.4_macos.tar.gz(3.66 MB)
    orbit_0.0.4_windows.zip(3.40 MB)
  • fleet-v4.7.0(Dec 14, 2021)

    Changes

    • Add ability to create, modify, or delete policies in Fleet without modifying saved queries. Fleet 4.7.0 introduces breaking changes to the /policies API routes to separate policies from saved queries in Fleet. These changes will not affect any policies previously created or modified in the Fleet UI.

    • Turn on vulnerability processing for all Fleet instances with software inventory enabled. Vulnerability processing in Fleet provides the ability to see all hosts with specific vulnerable software installed.

    • Improve the performance of the "Software" table on the Home page.

    • Improve performance of the MySQL database by changing the way a host's users information is saved.

    • Add ability to select from a library of standard policy templates on the Policies page. These pre-made policies ask specific "yes" or "no" questions about your hosts. For example, one of these policy templates asks "Is Gatekeeper enabled on macOS devices?"

    • Add ability to ask whether or not your hosts have a specific operating system installed by selecting an operating system policy on the Host details page. For example, a host that is running macOS 12.0.1 will present a policy that asks "Is macOS 12.0.1 installed on macOS devices?"

    • Add ability to specify which platform(s) (macOS, Windows, and/or Linux) a policy is checked on.

    • Add ability to generate a report that includes which hosts are answering "Yes" or "No" to a specific policy by running a policy's query as a live query.

    • Add ability to see the total number of installed software software items across all your hosts.

    • Add ability to see an example scheduled query result that is sent to your configured log destination. Select "Schedule a query" > "Preview data" on the Schedule page to see the example scheduled query result.

    • Improve the host's users information by removing users without login shells and adding users that are not associated with a system group.

    • Add ability to see a Fleet instance's missing migrations with the fleetctl debug migrations command. The fleet serve and fleet prepare db commands will now fail if any unknown migrations are detected.

    • Add ability to see syntax errors as your write a query in the Fleet UI.

    • Add ability to record a policy's resolution steps that can be referenced when a host answers "No" to this policy.

    • Add server request errors to the Fleet server logs to allow for troubleshooting issues with the Fleet server in non-debug mode.

    • Increase default login session length to 24 hours.

    • Fix a bug in which software inventory and disk space information was not retrieved for Debian hosts.

    • Fix a bug in which searching for targets on the Edit pack page negatively impacted performance of the MySQL database.

    • Fix a bug in which some Fleet migrations were incompatible with MySQL 8.

    • Fix a bug that prevented the creation of osquery installers for Windows (.msi) when a non-default update channel is specified.

    • Fix a bug in which the "Software" table on the home page did not correctly filtering when a specific team was selected on the Home page.

    • Fix a bug in which users with "No access" in Fleet were presented with a perpetual loading state in the Fleet UI.

    Upgrading

    Please visit our update guide for upgrade instructions.

    Documentation

    Documentation for Fleet is available at fleetdm.com/docs.

    Binary Checksum

    SHA256

    4cd15a76ac934a429d714c881c9f86824b800dc12f216bcfebfc81e02f3ecfb7  fleet_v4.7.0_linux.tar.gz
    655704454143e0d151922763f45d7408b5185a46c04597833ad3be500f8b4007  fleetctl_v4.7.0_windows.tar.gz
    33030fda6bb7b078fa54d628e379fc4bc71dd2373d743d89d5365fb40536d087  fleetctl_v4.7.0_macos.tar.gz
    6a1a8a47965fe10b719f0aa1ef55f7eb7b22b0107c268b6adc0189cf16105730  fleetctl_v4.7.0_macos.zip
    e30efe82132739d50c6bff3f2aff8b1a5db4f69c76f7495429be2b5bab48e76c  fleetctl_v4.7.0_windows.zip
    ecc31978f64d9945739f45a48aed7dd1e4cd642046405f6d04ff851c7905e9e7  fleetctl_v4.7.0_linux.zip
    ef17e435d8d435e1c259a6d8e570b5ee4b2e773a1ea3c2a114ed194b5444c1ca  fleetctl_v4.7.0_linux.tar.gz
    

    Docker images

    • docker pull fleetdm/fleetctl:v4.7.0
    • docker pull fleetdm/fleetctl:v4.7.0
    • docker pull fleetdm/fleetctl:v4
    • docker pull fleetdm/fleet:v4.7.0
    • docker pull fleetdm/fleet:v4.7.0
    • docker pull fleetdm/fleet:v4
    Source code(tar.gz)
    Source code(zip)
    checksums.txt(657 bytes)
    fleetctl_v4.7.0_linux.tar.gz(14.29 MB)
    fleetctl_v4.7.0_linux.zip(14.29 MB)
    fleetctl_v4.7.0_macos.tar.gz(14.35 MB)
    fleetctl_v4.7.0_macos.zip(14.35 MB)
    fleetctl_v4.7.0_windows.tar.gz(14.42 MB)
    fleetctl_v4.7.0_windows.zip(14.42 MB)
    fleet_v4.7.0_linux.tar.gz(24.08 MB)
  • fleet-v4.6.2(Dec 2, 2021)

    Changes

    • Improve performance of the Home page by removing total hosts count from the "Software" table.

    • Improve performance of the Queries page by adding pagination to the list of queries.

    • Fix a bug in which the "Shell" column of the "Users" table on the Host details page would sometimes fail to update.

    • Fix a bug in which a host's status could quickly alternate between "Online" and "Offline" by increasing the grace period for host status.

    • Fix a bug in which some hosts would have a missing host_seen_times entry.

    • Add an after parameter to the GET /hosts API route to allow for cursor pagination.

    • Add a disable_failing_policies parameter to the GET /hosts API route to allow the API request to respond faster if failing policies count information is not needed.

    Upgrading

    Please visit our update guide for upgrade instructions.

    Documentation

    Documentation for this release can be found at https://github.com/fleetdm/fleet/blob/fleet-v4.6.2/docs/README.md

    Binary Checksum

    SHA256

    3e3f0b02c737227adcacf467e7e587816b51cb4c0025cde1a0e55537972fc22d  fleetctl_v4.6.2_windows.tar.gz
    9f9c0b30ebc64c51d66578951526d394c29fa5838362242f75afa1e08a2e524e  fleetctl_v4.6.2_windows.zip
    ade1c6de0414ceced04c73416eca296dd33576026a4950fe2a7dfe49874aa06c  fleet_v4.6.2_linux.tar.gz
    b37d90e14917552e066a0349ad722533a859b68d65699886b0061d7500f260d4  fleetctl_v4.6.2_linux.zip
    b53f7e1389fcf60b925b51a82c56333926580a8a78a1fee521d12790e8ffad93  fleetctl_v4.6.2_linux.tar.gz
    10b7cb096d08d947ad133b68b4f4fa11df9ad35c5c49229ae36822e94d29e523  fleetctl_v4.6.2_macos.zip
    430b0e6978f0ffa1fdae6967d6db6bb2a134e56d5b5922ceafcd3319a777b3ff  fleetctl_v4.6.2_macos.tar.gz
    

    Docker images

    • docker pull fleetdm/fleetctl:v4.6.2
    • docker pull fleetdm/fleetctl:v4.6.2
    • docker pull fleetdm/fleetctl:v4
    • docker pull fleetdm/fleet:v4.6.2
    • docker pull fleetdm/fleet:v4.6.2
    • docker pull fleetdm/fleet:v4
    Source code(tar.gz)
    Source code(zip)
    checksums.txt(657 bytes)
    fleetctl_v4.6.2_linux.tar.gz(14.22 MB)
    fleetctl_v4.6.2_linux.zip(14.22 MB)
    fleetctl_v4.6.2_macos.tar.gz(14.29 MB)
    fleetctl_v4.6.2_macos.zip(14.29 MB)
    fleetctl_v4.6.2_windows.tar.gz(14.36 MB)
    fleetctl_v4.6.2_windows.zip(14.36 MB)
    fleet_v4.6.2_linux.tar.gz(24.02 MB)
  • fleet-v4.6.1(Nov 22, 2021)

    Changes

    • Fix a bug (introduced in 4.6.0) in which Fleet used progressively more CPU on Redis, resulting in API and UI slowdowns and inconsistency.

    • Make fleetctl apply fail when the configuration contains invalid fields.

    Upgrading

    Please visit our update guide for upgrade instructions.

    Documentation

    Documentation for Fleet is available at fleetdm.com/docs.

    Binary Checksum

    SHA256

    1ef666cb348775ec853ed08f7a8d47d31c8ac1f8d5ead45479e7aa7160be2c31  fleetctl_v4.6.1_windows.zip
    04041ca9f0588df1f0814b064d2c6084aa4b89212eff38cf9fc279c18730c991  fleetctl_v4.6.1_macos.tar.gz
    3bdb11dc764e70d80eeef075548d8e027130da9500f32f6e5abb0c2476d5f169  fleetctl_v4.6.1_linux.zip
    83130abb5edec390fbbbf20b29620f520cfb0ae6ef53d2df7985cc4b30a5596a  fleetctl_v4.6.1_macos.zip
    3d40585026c3e8cfe981f426db3bd45435f595daade3980b7c6d194d44e0a2e3  fleetctl_v4.6.1_windows.tar.gz
    7a902592b4cf7a033048c4a07d0d9abd49477b5428ba91d40567b4ba5fafea1d  fleetctl_v4.6.1_linux.tar.gz
    e8451edbac32823d00d02970162d623a9441ba675bbd10d2cf7b6a9f5e43cd04  fleet_v4.6.1_linux.tar.gz
    

    Docker images

    • docker pull fleetdm/fleetctl:v4.6.1
    • docker pull fleetdm/fleetctl:v4.6.1
    • docker pull fleetdm/fleetctl:v4
    • docker pull fleetdm/fleet:v4.6.1
    • docker pull fleetdm/fleet:v4.6.1
    • docker pull fleetdm/fleet:v4
    Source code(tar.gz)
    Source code(zip)
    checksums.txt(657 bytes)
    fleetctl_v4.6.1_linux.tar.gz(14.19 MB)
    fleetctl_v4.6.1_linux.zip(14.19 MB)
    fleetctl_v4.6.1_macos.tar.gz(14.26 MB)
    fleetctl_v4.6.1_macos.zip(14.26 MB)
    fleetctl_v4.6.1_windows.tar.gz(14.33 MB)
    fleetctl_v4.6.1_windows.zip(14.33 MB)
    fleet_v4.6.1_linux.tar.gz(23.81 MB)
  • fleet-v4.6.0(Nov 19, 2021)

    Changes

    • Fleet Premium: Add ability to filter aggregate host data, such as platforms (macOS, Windows, and Linux) and status (online, offline, and new), on the Home page. The aggregate host data is also available in the GET /host_summary API route.

    • Fleet Premium: Add ability to move pending invited users between teams.

    • Fleet Premium: Add fleetctl updates rotate command for rotation of keys in the updates system. The fleetctl updates command provides the ability to self-manage an agent update server.

    • Enable the software inventory by default for new Fleet instances. The software inventory feature can be turned on or off using the enable_software_inventory configuration option.

    • Update the JSON payload for the host status webhook by renaming the "message" property to "text" so that the payload can be received and displayed in Slack.

    • Remove the deprecated app_configs table from Fleet's MySQL database. The app_config_json table has replaced it.

    • Improve performance of the policies feature for Fleet instances with over 100,000 hosts.

    • Add instructions in the Fleet UI for generating an osquery installer for macOS, Linux, or Windows. Documentation for generating an osquery installer and distributing the installer to your hosts to add them to Fleet can be found here on fleetdm.com/docs

    • Add ability to see all the software, and filter by vulnerable software, installed across all your hosts on the Home page. Each software's name, version, hosts_count, vulnerabilities, and more is also available in the GET /software API route and fleetctl get software command.

    • Add ability to add, edit, and delete enroll secrets on the Hosts page.

    • Add ability to see aggregate host data such as platforms (macOS, Windows, and Linux) and status (online, offline, and new) the Home page.

    • Add ability to see all of the queries scheduled to run on a specific host on the Host details page immediately after a query is added to a schedule or pack.

    • Add a "Shell" column to the "Users" table on the Host details page so users can now be filtered to see only those who have logged in.

    • Package osquery's certs.pem in fleetctl package to improve TLS compatibility.

    • Add support for packaging an osquery flagfile with fleetctl package --osquery-flagfile.

    • Use "Fleet osquery" rather than "Orbit osquery" in packages generated by fleetctl package.

    • Clarify that a policy in Fleet is a yes or no question you can ask about your hosts by replacing "Passing" and "Failing" text with "Yes" and "No" respectively on the Policies page and Host details page.

    • Add ability to see the original author of a query on the Query page.

    • Improve the UI for the "Software" table and "Policies" table on the Host details page so that it's easier to pivot to see all hosts with a specific software installed or answering "No" to a specific policy.

    • Fix a bug in which modifying a specific target for a live query, in target selector UI, would deselect a different target.

    • Fix a bug in which the user was navigated to a non existent page, in the Fleet UI, after saving a pack.

    • Fix a bug in which long software names in the "Software" table caused the bundle identifier tooltip to be inaccessible.

    Upgrading

    Please visit our update guide for upgrade instructions.

    Documentation

    Documentation for this release can be found at https://github.com/fleetdm/fleet/blob/fleet-v4.6.0/docs/README.md

    Binary Checksum

    SHA256

    00df4863e7c27b116d3a788c6508acfbdcf6da11d0d29034646a7f712abb4d83  fleetctl_v4.6.0_linux.tar.gz
    a8405a073db5611be42dc26c41e09b5c0421a5af6816ab1ab27d3386eb56a8d3  fleetctl_v4.6.0_macos.zip
    639c3eba54a8c8773ff5984e239c55fadca1979f2c032f62b9033cde65536f10  fleet_v4.6.0_linux.tar.gz
    a457f09fd9dd3f57cb39c4b9a87e6efdc50fae1f71d026dbb0c84c38ee68ab0e  fleetctl_v4.6.0_macos.tar.gz
    9b1076c7cec196b7a7f5f37f27572a9e447e2b51986a74f937558abe2d3e9e4b  fleetctl_v4.6.0_windows.zip
    bfda2a842d7877a9a465463fece681c2305513f2c1097dc33f01ac774ab5d4f6  fleetctl_v4.6.0_windows.tar.gz
    ca508fd7d0598f861dd403eb06e6c5de92d469bb13eea683d2f6f625bea61429  fleetctl_v4.6.0_linux.zip
    

    Docker images

    • docker pull fleetdm/fleetctl:v4.6.0
    • docker pull fleetdm/fleetctl:v4.6.0
    • docker pull fleetdm/fleetctl:v4
    • docker pull fleetdm/fleet:v4.6.0
    • docker pull fleetdm/fleet:v4.6.0
    • docker pull fleetdm/fleet:v4
    Source code(tar.gz)
    Source code(zip)
    checksums.txt(657 bytes)
    fleetctl_v4.6.0_linux.tar.gz(14.19 MB)
    fleetctl_v4.6.0_linux.zip(14.19 MB)
    fleetctl_v4.6.0_macos.tar.gz(14.26 MB)
    fleetctl_v4.6.0_macos.zip(14.26 MB)
    fleetctl_v4.6.0_windows.tar.gz(14.33 MB)
    fleetctl_v4.6.0_windows.zip(14.33 MB)
    fleet_v4.6.0_linux.tar.gz(23.82 MB)
  • fleet-v4.5.1(Nov 11, 2021)

    Changes

    • Fix performance issues with search filtering on manage queries page.

    • Improve correctness and UX for query platform compatibility.

    • Fleet Premium: Show correct hosts when a team is selected.

    • Fix a bug preventing login for new SSO users.

    • Always return the disabled value in the GET /api/v1/fleet/packs/{id} API (previously it was sometimes left out).

    Upgrading

    Please visit our update guide for upgrade instructions.

    Documentation

    Documentation for this release can be found at https://github.com/fleetdm/fleet/blob/fleet-v4.5.1/docs/README.md

    Binary Checksum

    SHA256

    14ad55a12f1320d9b4e947fedc5e3f36557719a066caf4f83e3a8d54f1c09ae5  fleetctl_v4.5.1_windows.zip
    4d87b8646c7477ef21d13c7b7adb54253016a8d0daee99e848a3b4ed5739e706  fleetctl_v4.5.1_macos.tar.gz
    7100bd629915d1c2948b8255741dd926a08e5fd06490f5daffa694b56902507a  fleetctl_v4.5.1_windows.tar.gz
    cedc5a53eba8f692c03baea93bb9a4b27d06bbf1fcf15075d07789326d9b36c8  fleet_v4.5.1_linux.tar.gz
    d153b1e418f2dcef6d8fab11f0d9496ea6e0075a0c71e8fd87d81fc6ec4d5bda  fleetctl_v4.5.1_macos.zip
    ea30c24716fa0977e8b78866fbb21a6e1c3ae33de58860d02635c6a2d9f5eb70  fleetctl_v4.5.1_linux.zip
    fa539932eb6c00c41fad7af60add06ccebcd4eaf1b1a1a383c14633c4a3f9b82  fleetctl_v4.5.1_linux.tar.gz
    
    

    Docker images

    • docker pull fleetdm/fleetctl:v4.5.1
    • docker pull fleetdm/fleetctl:v4.5.1
    • docker pull fleetdm/fleetctl:v4
    • docker pull fleetdm/fleet:v4.5.1
    • docker pull fleetdm/fleet:v4.5.1
    • docker pull fleetdm/fleet:v4
    Source code(tar.gz)
    Source code(zip)
    checksums.txt(657 bytes)
    fleetctl_v4.5.1_linux.tar.gz(13.81 MB)
    fleetctl_v4.5.1_linux.zip(13.81 MB)
    fleetctl_v4.5.1_macos.tar.gz(13.59 MB)
    fleetctl_v4.5.1_macos.zip(13.59 MB)
    fleetctl_v4.5.1_windows.tar.gz(14.08 MB)
    fleetctl_v4.5.1_windows.zip(14.08 MB)
    fleet_v4.5.1_linux.tar.gz(23.36 MB)
  • fleet-v4.5.0(Nov 1, 2021)

    Changes

    • Fleet Premium: Add a Team admin user role. This allows users to delegate the responsibility of managing team members in Fleet. Documentation for the permissions associated with the Team admin and other user roles can be found here on fleetdm.com/docs.

    • Add Apache Kafka logging plugin. Documentation for configuring Kafka as a logging plugin can be found here on fleetdm.com/docs. Thank you to Joseph Macaulay for adding this capability.

    • Add support for MinIO as a file carving backend. Documentation for configuring MinIO as a file carving backend can be found here on fleetdm.com/docs. Thank you to Chandra Majumdar and Ben Edwards for adding this capability.

    • Add the ability to run a live query and receive results using only the Fleet REST API with a GET /api/v1/fleet/queries/run API route. Documentation for this new API route can be found here on fleetdm.com/docs.

    • Add ability to see whether a specific host is "Passing" or "Failing" a policy on the Host details page. This information is also exposed in the GET api/v1/fleet/hosts/{id} API route. In Fleet, a policy is a "yes" or "no" question you can ask of all your hosts.

    • Add the ability to quickly see the total number of "Failing" policies for a particular host on the Hosts page with a new "Issues" column. Total "Issues" are also revealed on a specific host's Host details page.

    • Add the ability to see which platforms (macOS, Windows, Linux) a specific query is compatible with. The compatibility detected by Fleet is estimated based on the osquery tables used in the query.

    • Add the ability to see whether your queries have a "Minimal," "Considerable," or "Excessive" performance impact on your hosts. Query performance information is only collected when a query runs as a scheduled query.

      • Running a "Minimal" query, very frequently, has little to no impact on your host's performance.

      • Running a "Considerable" query, frequently, can have a noticeable impact on your host's performance.

      • Running an "Excessive" query, even infrequently, can have a significant impact on your host’s performance.

    • Add the ability to see a list of hosts that have a specific software version installed by selecting a software version on a specific host's Host details page. Software inventory is currently under a feature flag. To enable this feature flag, check out the feature flag documentation.

    • Add the ability to see all vulnerable software detected across all your hosts with the GET /api/v1/fleet/software API route. Documentation for this new API route can be found here on fleetdm.com/docs.

    • Add the ability to see the exact number of hosts that selected filters on the Hosts page. This ability is also available when using the GET api/v1/fleet/hosts/count API route.

    • Add ability to automatically "Refetch" host vitals for a particular host without manually reloading the page.

    • Add ability to connect to Redis with TLS. Documentation for configuring Fleet to use a TLS connection to the Redis server can be found here on fleetdm.com/docs.

    • Add cluster_read_from_replica Redis to specify whether or not to prefer readying from a replica when possible. Documentation for this configuration option can be found here on fleetdm.com/docs.

    • Fix a bug in which turning on the host expiry setting did not remove expired hosts from Fleet.

    • Fix a bug in which the Software inventory for some host's was missing bundle_identifier information.

    Upgrading

    Please visit our update guide for upgrade instructions.

    Documentation

    Documentation for this release can be found at https://github.com/fleetdm/fleet/blob/v4.5.0/docs/README.md

    Binary Checksum

    SHA256

    2984129ac927eef77380cd762725563c0f2b5ebb1bc9f958b4501da9dd031a96  fleetctl_v4.5.0_windows.tar.gz
    2a063820b3f688927360334abffae671ef5299b3f10e008ec9f7d7332e8b0151  fleetctl_v4.5.0_windows.zip
    991a261b405740566ab86fb09f1ad6ba39e0063410554e08b6a1701065c27ef0  fleetctl_v4.5.0_macos.zip
    ba3098b442ec56748ac00c03be80c32c62687c65a1276e3a48e05dd27c5d2b30  fleet_v4.5.0_linux.tar.gz
    cf9d9de6fe467c0c8ac49d96cef3d49b29100a103f94258bf5068a9a8eaf740f  fleetctl_v4.5.0_linux.zip
    e6557bfef6fe1620298558b35d80f491a65979115b8c0250f47fffc8327a90e9  fleetctl_v4.5.0_linux.tar.gz
    fb12e3bb085663b41a7e8bf5754490c39a83383b9d58a07c2bbbe3e5ef79f71b  fleetctl_v4.5.0_macos.tar.gz
    

    Docker images

    • docker pull fleetdm/fleetctl:v4.5.0
    • docker pull fleetdm/fleetctl:v4.5.0
    • docker pull fleetdm/fleetctl:v4
    • docker pull fleetdm/fleet:v4.5.0
    • docker pull fleetdm/fleet:v4.5.0
    • docker pull fleetdm/fleet:v4
    Source code(tar.gz)
    Source code(zip)
    checksums.txt(657 bytes)
    fleetctl_v4.5.0_linux.tar.gz(13.81 MB)
    fleetctl_v4.5.0_linux.zip(13.81 MB)
    fleetctl_v4.5.0_macos.tar.gz(13.59 MB)
    fleetctl_v4.5.0_macos.zip(13.59 MB)
    fleetctl_v4.5.0_windows.tar.gz(14.08 MB)
    fleetctl_v4.5.0_windows.zip(14.08 MB)
    fleet_v4.5.0_linux.tar.gz(23.36 MB)
  • fleet-v4.4.3(Oct 22, 2021)

    Changes

    • Cache AppConfig in Redis to speed up requests and reduce MySQL load.

    • Fix migration compatibility with MySQL GTID replication.

    • Improve performance of software listing query.

    • Improve MSI generation compatibility (for macOS M1 and some Virtualization configurations) in fleetctl package.

    Upgrading

    Please visit our update guide for upgrade instructions.

    Documentation

    Documentation for this release can be found at https://github.com/fleetdm/fleet/blob/fleet-v4.4.3/docs/README.md

    Binary Checksum

    SHA256

    192086b0c2476e3c4a1a5a009efcac33a2f18e90bcd027f3de0510fe32bad678  fleetctl_v4.4.3_linux.tar.gz
    4f00364d720f2e6ab35ad00fb5a89281dbc154229eb9182dad15c052f684d81d  fleetctl_v4.4.3_macos.tar.gz
    539a209b654c71ae85932a61a9eac851f4609efdad2f24ed26f4b276edf3ff30  fleetctl_v4.4.3_windows.zip
    782d7f3180c114f317c3514525f60a0131533755829cffca0940d79e958c659d  fleetctl_v4.4.3_macos.zip
    936c20298e083181ad8279ee3f9f5b26e6d930a6a0998f3b29db17ac9c21bae1  fleetctl_v4.4.3_windows.tar.gz
    b270187e9464d762b43515292495a98a030f9ffb155d676556df26bb513f5319  fleetctl_v4.4.3_linux.zip
    d7b9a2d56b69bcbc30138ae816342b336000c5c343e77ab9ff655663fd19998a  fleet_v4.4.3_linux.tar.gz
    

    Docker images

    • docker pull fleetdm/fleetctl:v4.4.3
    • docker pull fleetdm/fleetctl:v4.4.3
    • docker pull fleetdm/fleetctl:v4
    • docker pull fleetdm/fleet:v4.4.3
    • docker pull fleetdm/fleet:v4.4.3
    • docker pull fleetdm/fleet:v4
    Source code(tar.gz)
    Source code(zip)
    checksums.txt(657 bytes)
    fleetctl_v4.4.3_linux.tar.gz(13.80 MB)
    fleetctl_v4.4.3_linux.zip(13.80 MB)
    fleetctl_v4.4.3_macos.tar.gz(13.56 MB)
    fleetctl_v4.4.3_macos.zip(13.57 MB)
    fleetctl_v4.4.3_windows.tar.gz(14.05 MB)
    fleetctl_v4.4.3_windows.zip(14.06 MB)
    fleet_v4.4.3_linux.tar.gz(23.99 MB)
  • fleet-v4.4.2(Oct 15, 2021)

    Changes

    • Fix migration errors under some MySQL configurations due to use of temporary tables.

    • Fix pagination of hosts on host dashboard.

    • Optimize HTTP requests on host search.

    Upgrading

    Please visit our update guide for upgrade instructions.

    Documentation

    Documentation for this release can be found at https://github.com/fleetdm/fleet/blob/fleet-v4.4.2/docs/README.md

    Binary Checksum

    SHA256

    02348e5ec22a07c12a1b13342b0f78294b8486250bc61f91da3cc66d0d1b4c6d  fleetctl_v4.4.2_linux.zip
    221d0959f41d9192a4cdd0f65d4e0876629886a1cb313331d7e4ce0f214c4bd6  fleetctl_v4.4.2_macos.zip
    274d9b53ebeab9804fe5cbbdc86776d7f99785948d66cf5b462fdd4f1bd4fd9d  fleet_v4.4.2_linux.tar.gz
    99799b7a206e2f1f8f7ddd3750b2b83ccfd0e058805b55c5d67ece779bd00fe3  fleetctl_v4.4.2_linux.tar.gz
    c04cc37d6d6179bd1d3145b4bd2bb74ae80cae7f0866689516be83403812bf8b  fleetctl_v4.4.2_macos.tar.gz
    dd127c2fef0d87227ccec39e59c53ccbc5a3bd474c6f4031bd07567fc37e96f6  fleetctl_v4.4.2_windows.tar.gz
    e4d5374a642b11793ba4f8ca061dea18211d043be69ce6113c176ed3a49086e4  fleetctl_v4.4.2_windows.zip
    

    Docker images

    • docker pull fleetdm/fleetctl:v4.4.2
    • docker pull fleetdm/fleetctl:v4.4.2
    • docker pull fleetdm/fleetctl:v4
    • docker pull fleetdm/fleet:v4.4.2
    • docker pull fleetdm/fleet:v4.4.2
    • docker pull fleetdm/fleet:v4
    Source code(tar.gz)
    Source code(zip)
    checksums.txt(657 bytes)
    fleetctl_v4.4.2_linux.tar.gz(13.80 MB)
    fleetctl_v4.4.2_linux.zip(13.80 MB)
    fleetctl_v4.4.2_macos.tar.gz(13.56 MB)
    fleetctl_v4.4.2_macos.zip(13.57 MB)
    fleetctl_v4.4.2_windows.tar.gz(14.05 MB)
    fleetctl_v4.4.2_windows.zip(14.05 MB)
    fleet_v4.4.2_linux.tar.gz(23.99 MB)
  • fleet-v4.4.1(Oct 9, 2021)

    Changes

    • Fix database migrations error when updating from 4.3.2 to 4.4.0. This did not effect upgrades between other versions and 4.4.0.

    • Improve logging of errors in fleet serve.

    Upgrading

    Please visit our update guide for upgrade instructions.

    Documentation

    Documentation for this release can be found at https://github.com/fleetdm/fleet/blob/fleet-v4.4.1/docs/README.md

    Binary Checksum

    SHA256

    0dc70a973d5ebeebe46df43fe39f0edc914a2cb49b00bfb074fe27163b77e329  fleetctl_v4.4.1_windows.tar.gz
    16904861e677c4a60cdfbcbe776fdc31a5dd2eb2e8845d43cf39562ba39b994e  fleetctl_v4.4.1_linux.tar.gz
    45367df2516a6fc0378af7af3addacbc79237eb2403f6f4797084dbc74b84ecd  fleetctl_v4.4.1_macos.zip
    628424e4ab3fda06dfead189c61d2a497e01c73ff288dda960a8a24bb90eeaf2  fleetctl_v4.4.1_windows.zip
    bd37624263810af2b8b5259889829199875f87005d7c271b573be7b5b4c5a957  fleet_v4.4.1_linux.tar.gz
    beb5eb7d648fbc718439c874ac3f49086b97ea728091ff3748000b802d90e0b6  fleetctl_v4.4.1_linux.zip
    cd549469dad090ce6814cce04a4a0975b25572412268cb3a9480e4a62e468ef5  fleetctl_v4.4.1_macos.tar.gz
    

    Docker images

    • docker pull fleetdm/fleetctl:v4.4.1
    • docker pull fleetdm/fleetctl:v4.4.1
    • docker pull fleetdm/fleetctl:v4
    • docker pull fleetdm/fleet:v4.4.1
    • docker pull fleetdm/fleet:v4.4.1
    • docker pull fleetdm/fleet:v4
    Source code(tar.gz)
    Source code(zip)
    checksums.txt(657 bytes)
    fleetctl_v4.4.1_linux.tar.gz(13.80 MB)
    fleetctl_v4.4.1_linux.zip(13.80 MB)
    fleetctl_v4.4.1_macos.tar.gz(13.56 MB)
    fleetctl_v4.4.1_macos.zip(13.57 MB)
    fleetctl_v4.4.1_windows.tar.gz(14.05 MB)
    fleetctl_v4.4.1_windows.zip(14.05 MB)
    fleet_v4.4.1_linux.tar.gz(23.99 MB)
  • fleet-v4.4.0(Oct 6, 2021)

    Changes

    • Fleet Premium: Teams Schedules show inherited queries from All teams (global) Schedule.

    • Fleet Premium: Team Maintainers can modify and delete queries, and modify the Team Schedule.

    • Fleet Premium: Team Maintainers can delete hosts from their teams.

    • fleetctl get hosts now shows host additional queries if there are any.

    • Update default homepage to new dashboard.

    • Add ability to bulk delete hosts based on manual selection and applied filters.

    • Display macOS bundle identifiers on software table if available.

    • Fixed scroll position when navigating to different pages.

    • Fleet Premium: When transferring a host from team to team, clear the Policy results for that host.

    • Improve stability of host vitals (fix cases of dropping users table, disk space).

    • Improve performance and reliability of Policy database migrations.

    • Provide a more clear error when a user tries to delete a query that is set in a Policy.

    • Fix query editor Delete key and horizontal scroll issues.

    • Cleaner buttons and icons on Manage Hosts Page.

    Upgrading

    Please visit our update guide for upgrade instructions.

    Documentation

    Documentation for this release can be found at https://github.com/fleetdm/fleet/blob/fleet-v4.4.0/docs/README.md

    Binary Checksum

    SHA256

    10a251277831ce3a074442dd86458f215d805e73b204b4397dfbb8814a41cd70  fleetctl_v4.4.0_macos.zip
    33ec61f1a26ccc1730693d51fc5d633e10987a4623fcef9bf2b9dd34b41fb098  fleet_v4.4.0_linux.tar.gz
    b9ad9c608a70c1fad2f710da77390e2780674e9c7e09ba658aae7040af782302  fleetctl_v4.4.0_linux.tar.gz
    c5d24d089e74157d5830b3745702d6ffad469833a756182d0da6ed02972454ee  fleetctl_v4.4.0_windows.zip
    e50b12952ba35e18e7c8cd41a5597c17dfbe4bcf44137950541a03d0665b1ef6  fleetctl_v4.4.0_macos.tar.gz
    f2208527dd6103db9f805f6ea602f670f4709ca4433081bce522ddd1c9548e2a  fleetctl_v4.4.0_windows.tar.gz
    fee2b6422beb0d5192115b88e821b436ca02fca2245f0faa91f850cc45391b7f  fleetctl_v4.4.0_linux.zip
    

    Docker images

    • docker pull fleetdm/fleetctl:v4.4.0
    • docker pull fleetdm/fleetctl:v4.4.0
    • docker pull fleetdm/fleetctl:v4
    • docker pull fleetdm/fleet:v4.4.0
    • docker pull fleetdm/fleet:v4.4.0
    • docker pull fleetdm/fleet:v4
    Source code(tar.gz)
    Source code(zip)
    checksums.txt(657 bytes)
    fleetctl_v4.4.0_linux.tar.gz(13.80 MB)
    fleetctl_v4.4.0_linux.zip(13.80 MB)
    fleetctl_v4.4.0_macos.tar.gz(13.56 MB)
    fleetctl_v4.4.0_macos.zip(13.56 MB)
    fleetctl_v4.4.0_windows.tar.gz(14.05 MB)
    fleetctl_v4.4.0_windows.zip(14.05 MB)
    fleet_v4.4.0_linux.tar.gz(23.98 MB)
  • fleet-v4.3.2(Sep 30, 2021)

    Changes

    • Improve database performance by reducing the amount of MySQL database queries when a host checks in.

    • Fix a bug in which users with the global maintainer role could not edit or save queries. In, Fleet 4.0.0, the Admin, Maintainer, and Observer user roles were introduced. Documentation for the permissions associated with each role can be found here on fleetdm.com/docs.

    • Fix a bug in which policies were checked about every second and add a policy_update_interval osquery configuration option. Documentation for this configuration option can be found here on fleetdm.com/docs.

    • Fix a bug in which edits to a query’s name, description, SQL did not appear until the user refreshed the Edit query page.

    • Fix a bug in which the hosts count for a label returned 0 after modifying a label’s name or description.

    • Improve error message when attempting to create or edit a user with an email that already exists.

    Upgrading

    Please visit our update guide for upgrade instructions.

    Documentation

    Documentation for this release can be found at https://github.com/fleetdm/fleet/blob/4.3.2/docs/README.md

    Binary Checksum

    SHA256

    1785f1245b7e774065902c2e786eb5ed849c7890e1ee13935216694903ea4e52  fleetctl_v4.3.2_linux.tar.gz
    1eccaf925c52a837acb4f65f9228aca1eba28f84c5553481b4f50185faa1ccdf  fleetctl_v4.3.2_macos.zip
    3be4104f44a14471d36a983d17d0982151a09e0e3c2a2dce380812feba0f448f  fleet_v4.3.2_linux.tar.gz
    5da8561a192181ca881f1f470cc7fe5ac42257799b424ba95b4f43bb05922fb3  fleetctl_v4.3.2_linux.zip
    8f62734c77bda51bc8cca1677e91983ed63c583c90394b63af8d97122f795d2e  fleetctl_v4.3.2_windows.zip
    c60ed4b006b3ef1a43d519c34e0809eaa6c82bb83ddf3d0a0905120dee922210  fleetctl_v4.3.2_windows.tar.gz
    fa0af07698ab82182cbbe98ba115ef6afb7b617e243e5aaa1e8bd3831cde31bf  fleetctl_v4.3.2_macos.tar.gz
    

    Docker images

    • docker pull fleetdm/fleetctl:v4.3.2
    • docker pull fleetdm/fleetctl:v4.3.2
    • docker pull fleetdm/fleetctl:v4
    • docker pull fleetdm/fleet:v4.3.2
    • docker pull fleetdm/fleet:v4.3.2
    • docker pull fleetdm/fleet:v4
    Source code(tar.gz)
    Source code(zip)
    checksums.txt(657 bytes)
    fleetctl_v4.3.2_linux.tar.gz(13.79 MB)
    fleetctl_v4.3.2_linux.zip(13.79 MB)
    fleetctl_v4.3.2_macos.tar.gz(13.56 MB)
    fleetctl_v4.3.2_macos.zip(13.56 MB)
    fleetctl_v4.3.2_windows.tar.gz(14.05 MB)
    fleetctl_v4.3.2_windows.zip(14.05 MB)
    fleet_v4.3.2_linux.tar.gz(23.96 MB)
  • fleet-v4.3.1(Sep 22, 2021)

    Changes

    • Add fleetctl get software command to list all software and the detected vulnerabilities. The Vulnerable software feature is currently in Beta. For information on how to configure the Vulnerable software feature and how exactly Fleet processes vulnerabilities, check out the Vulnerability processing documentation.

    • Add fleetctl vulnerability-data-stream command to sync the vulnerabilities processing data streams by hand.

    • Add disable_data_sync vulnerabilities configuration option to avoid downloading the data streams. Documentation for this configuration option can be found here on fleetdm.com/docs.

    • Only show observers the queries they have permissions to run on the Queries page. In, Fleet 4.0.0, the Admin, Maintainer, and Observer user roles were introduced. Documentation for the permissions associated with each role can be found here on fleetdm.com/docs.

    • Add connect_retry_attempts Redis configuration option to retry failed connections. Documentation for this configuration option can be found here on fleetdm.com/docs.

    • Add cluster_follow_redirections Redis configuration option to follow cluster redirections. Documentation for this configuration option can be found here on fleetdm.com/docs.

    • Add max_jitter_percent osquery configuration option to prevent all hosts from returning data at roughly the same time. Note that this improves the Fleet server performance, but it will now take longer for new labels to populate. Documentation for this configuration option can be found here on fleetdm.com/docs.

    • Improve the performance of database migrations.

    • Reduce database load for label membership recording.

    • Fail early if the process does not have permissions to write to the logging file.

    • Completely skip trying to save a host's users and software inventory if it's disabled to reduce database load.

    • Fix a bug in which team maintainers were unable to run live queries against the hosts assigned to their team(s).

    • Fix a bug in which a blank screen would intermittently appear on the Hosts page.

    • Fix a bug detecting disk space for hosts.

    Upgrading

    Please visit our update guide for upgrade instructions.

    Documentation

    Documentation for this release can be found at https://github.com/fleetdm/fleet/blob/fleet-v4.3.1/docs/README.md

    Binary Checksum

    SHA256

    0fa83a4134398fa2cb32f5862241d18026c4e5e7d0069d82c639782c824e587f  fleetctl_v4.3.1_linux.zip
    14563255e7ddfd93b795837523c4d0d2de4bf362dd388a8d497c06c46d1ea9d6  fleetctl_v4.3.1_macos.tar.gz
    5f709602bf0c0ecae271d3068fcbd3368256de76df36caf7952a88eca2d800ea  fleetctl_v4.3.1_macos.zip
    8b615c28622c675ba8af3622d09a2f8becc7cc9d44e7d0a2853fd738d36dbfda  fleet_v4.3.1_linux.tar.gz
    adba7e83eaef17c96b53c79b51208705d1a877c9a0c02b5abf80a68095135d58  fleetctl_v4.3.1_windows.zip
    ae1fa468e6377422644b71c1bae5800accfbb28b4782f50641126c75c83aea19  fleetctl_v4.3.1_linux.tar.gz
    c08cc873b6504e0ceda1634cf924876cab0e388fc7236bd5b7e45e451e7daad9  fleetctl_v4.3.1_windows.tar.gz
    

    Docker images

    • docker pull fleetdm/fleetctl:v4.3.1
    • docker pull fleetdm/fleetctl:v4.3.1
    • docker pull fleetdm/fleetctl:v4
    • docker pull fleetdm/fleet:v4.3.1
    • docker pull fleetdm/fleet:v4.3.1
    • docker pull fleetdm/fleet:v4
    Source code(tar.gz)
    Source code(zip)
    checksums.txt(657 bytes)
    fleetctl_v4.3.1_linux.tar.gz(13.79 MB)
    fleetctl_v4.3.1_linux.zip(13.79 MB)
    fleetctl_v4.3.1_macos.tar.gz(13.56 MB)
    fleetctl_v4.3.1_macos.zip(13.56 MB)
    fleetctl_v4.3.1_windows.tar.gz(14.05 MB)
    fleetctl_v4.3.1_windows.zip(14.05 MB)
    fleet_v4.3.1_linux.tar.gz(23.93 MB)
  • fleet-v4.3.0(Sep 13, 2021)

    Changes

    • Add Policies feature for detecting device compliance with organizational policies.

    • Run/edit query experience has been completely redesigned.

    • Add support for MySQL read replicas. This allows the Fleet server to scale to more hosts.

    • Add configurable webhook to notify when a specified percentage of hosts have been offline for over the specified amount of days.

    • Add fleetctl package command for building Orbit packages.

    • Add enroll secret dialog on host dashboard.

    • Expose free disk space in gigs and percentage for hosts.

    • Add 15-minute interval option on Schedule page.

    • Clean up advanced options UI.

    • 404 and 500 page now include buttons for Osquery community Slack and to file an issue

    • Update all empty and error states for cleaner UI.

    • Add warning banners in Fleet UI and fleetctl for license expiration.

    • Render query performance information on host vitals page pack section.

    • Improved performance for app loading.

    • Make team schedule names more user friendly and hide the stats for global and team schedules when showing host pack stats.

    • Display query_name in when referencing scheduled queries for more consistent UI/UX.

    • Query action added for observers on host vitals page.

    • Add server_settings.debug_host_ids to gather more detailed information about what the specified hosts are sending to fleet.

    • Allow deeper linking into the Fleet application by saving filters in URL parameters.

    • Rename Basic Tier to Premium Tier, and Core Tier to Free Tier.

    • Improve vulnerability detection compatibility with database configurations.

    • MariaDB compatibility fixes: add explicit foreign key constraint and on cascade delete for host_software to allow for hosts with software to be deleted.

    • Fix migration that was incompatible with MySQL primary key requirements (default on DigitalOcean MySQL 5.8).

    • Add 30 second SMTP timeout for mail configuration.

    • Fix display of platform Labels on manage hosts page

    • Fix a bug recording scheduled query statistics.

    • When a label is removed, ignore query executions for that label.

    • Add fleet serve config to change the redis connection timeout and keep alive interval.

    • Remove hardcoded limits in label searches when targeting queries.

    • Allow host users to be readded.

    • Move email template images from github to fleetdm.com.

    • Fix bug rendering CPU in host vitals.

    • Update the schema for host_users to allow for bulk inserts without locking, and allow for users without unique uid.

    • When using dynamic vulnerability processing node, try to create the vulnerability.databases-path.

    • Fix fleetctl get host <hostname> to properly output JSON when the command line flag is supplied i.e fleetctl get host --json foobar

    Upgrading

    Please visit our update guide for upgrade instructions.

    Documentation

    Documentation for this release can be found at https://github.com/fleetdm/fleet/blob/fleet-v4.3.0/docs/README.md

    Binary Checksum

    SHA256

    176893d3110c0f8073ff9dcde8fd0a417899d5334d0e65a7668e26f98700bf7d  fleet_v4.3.0_linux.tar.gz
    42351b4599edd0781ee83a367d9a284f1ecd2eb96b92938733c6656601f46482  fleetctl_v4.3.0_macos.tar.gz
    47b96e0d0b3587f83a515f5f7433eb6135562d2e3f39dd97e805c4ab0c28427a  fleetctl_v4.3.0_macos.zip
    69360c6f9d3b27ee8d3210c4eb4e40a9545a13812fd9459aee61e51c44fb6e3c  fleetctl_v4.3.0_linux.tar.gz
    6d1fe46dfe90bde1e79e631d6f8dfe6004e2df342db909bbb8f2e3959ec597c6  fleetctl_v4.3.0_windows.zip
    938b8a5d9d0c68761ff10172ca66dac280b576476a1236c8f0be589727d3aeab  fleetctl_v4.3.0_linux.zip
    98a0501b5c2521c22539a77c3d0f7b1430754c9adbf8e47512bbc127fa3a8a08  fleetctl_v4.3.0_windows.tar.gz
    

    Docker images

    • docker pull fleetdm/fleetctl:v4.3.0
    • docker pull fleetdm/fleetctl:v4.3.0
    • docker pull fleetdm/fleetctl:v4
    • docker pull fleetdm/fleet:v4.3.0
    • docker pull fleetdm/fleet:v4.3.0
    • docker pull fleetdm/fleet:v4
    Source code(tar.gz)
    Source code(zip)
    checksums.txt(657 bytes)
    fleetctl_v4.3.0_linux.tar.gz(13.42 MB)
    fleetctl_v4.3.0_linux.zip(13.42 MB)
    fleetctl_v4.3.0_macos.tar.gz(13.20 MB)
    fleetctl_v4.3.0_macos.zip(13.20 MB)
    fleetctl_v4.3.0_windows.tar.gz(13.69 MB)
    fleetctl_v4.3.0_windows.zip(13.69 MB)
    fleet_v4.3.0_linux.tar.gz(23.90 MB)
Owner
Fleet Device Management
Authoritative answers about servers & laptops, on demand. 📡
Fleet Device Management
kubequery is a Osquery extension that provides SQL based analytics for Kubernetes clusters

kubequery powered by Osquery kubequery is a Osquery extension that provides SQL based analytics for Kubernetes clusters kubequery will be packaged as

Uptycs Inc 66 May 23, 2022
IT Asset Fleet Remote Management and Monitoring (RMM) platform

ratd Remote Access Toolkit Daemon IT Asset Remote Management and Monitoring (RMM) platform How to use: You can't, just yet. Release Plan Release 0 Cre

null 7 May 27, 2022
An open-source, distributed, cloud-native CD (Continuous Delivery) product designed for developersAn open-source, distributed, cloud-native CD (Continuous Delivery) product designed for developers

Developer-oriented Continuous Delivery Product ⁣ English | 简体中文 Table of Contents Zadig Table of Contents What is Zadig Quick start How to use? How to

null 0 Oct 19, 2021
draft terraform provider for Fleet

Fleet Terraform provider This repo is a proof of concept of how a fleet provider for terraform could work Build provider Run the following command to

Nicolas Chaulet 2 Oct 5, 2021
This simple service's purpose is to expose data regarding a vehicle fleet

A Small API This simple service's purpose is to expose data regarding a vehicle

null 0 Dec 16, 2021
CDN for Open Source, Non-commercial CDN management

CDN Control Official Website: https://cluckcdn.buzz Documentation (Traditional Chinese): https://cluckcdn.buzz/docs/ 简体中文 README: README_CN.md Please

ArsFy (Chan Dung) 2 Feb 4, 2022
Karpenter: an open-source node provisioning project built for Kubernetes

Karpenter is an open-source node provisioning project built for Kubernetes. Its goal is to improve the efficiency and cost of running workloads on Kub

Rohan 1 Apr 10, 2022
go-opa-validate is an open-source lib that evaluates OPA (open policy agent) policy against JSON or YAML data.

go-opa-validate go-opa-validate is an open-source lib that evaluates OPA (open policy agent) policy against JSON or YAML data. Installation Usage Cont

chenk 5 Feb 5, 2022
Kstone is an etcd management platform, providing cluster management, monitoring, backup, inspection, data migration, visual viewing of etcd data, and intelligent diagnosis.

Kstone 中文 Kstone is an etcd management platform, providing cluster management, monitoring, backup, inspection, data migration, visual viewing of etcd

TKEStack 544 Jun 27, 2022
nano-gpu-agent is a Kubernetes device plugin for GPU resources allocation on node.

Nano GPU Agent About this Project Nano GPU Agent is a Kubernetes device plugin implement for gpu allocation and use in container. It runs as a Daemons

Nano GPU 40 Jun 10, 2022
OpenAIOS vGPU scheduler for Kubernetes is originated from the OpenAIOS project to virtualize GPU device memory.

OpenAIOS vGPU scheduler for Kubernetes English version|中文版 Introduction 4paradigm k8s vGPU scheduler is an "all in one" chart to manage your GPU in k8

4Paradigm 55 Jun 22, 2022
NVIDIA device plugin for Kubernetes

NVIDIA device plugin for Kubernetes Table of Contents About Prerequisites Quick Start Preparing your GPU Nodes Enabling GPU Support in Kubernetes Runn

NVIDIA Corporation 1.4k Jun 22, 2022
NVIDIA device plugin for Kubernetes

NVIDIA device plugin for Kubernetes Table of Contents About Prerequisites Quick Start Preparing your GPU Nodes Enabling GPU Support in Kubernetes Runn

gaoyang 0 Dec 28, 2021
K8s-socketcan - Virtual SocketCAN Kubernetes device plugin

Virtual SocketCAN Kubernetes device plugin This plugins enables you to create vi

Jakub Piotr Cłapa 1 Feb 15, 2022
Go WhatsApp Multi-Device Implementation in REST API with Multi-Session/Account Support

Go WhatsApp Multi-Device Implementation in REST API This repository contains example of implementation go.mau.fi/whatsmeow package with Multi-Session/

Dimas Restu H 28 Jun 25, 2022
Vilicus is an open source tool that orchestrates security scans of container images(docker/oci) and centralizes all results into a database for further analysis and metrics.

Vilicus Table of Contents Overview How does it work? Architecture Development Run deployment manually Usage Example of analysis Overview Vilicus is an

Ederson Brilhante 76 Mar 22, 2022
Bubbly is an open-source platform that gives you confidence in your continuous release process.

Bubbly Bubbly - Release Readiness in a Bubble Bubbly emerged from a need that many lean software teams practicing Continuous Integration and Delivery

Valocode 33 Jun 11, 2022
Open Source runtime tool which help to detect malware code execution and run time mis-configuration change on a kubernetes cluster

Kube-Knark Project Trace your kubernetes runtime !! Kube-Knark is an open source tracer uses pcap & ebpf technology to perform runtime tracing on a de

Chen Keinan 30 May 21, 2022