Fleet - Open source device management, built on osquery.

Overview

Fleet logo, landscape, dark text, transparent background

Website   News   Report a bug

Run Tests   Go Report Card   Twitter Follow

Fleet is the most widely used open source osquery manager. Deploying osquery with Fleet enables programmable live queries, streaming logs, and effective management of osquery across 100,000+ servers, containers, and laptops. It's especially useful for talking to multiple devices at the same time.

Try Fleet

With Node.js and Docker installed:

# Install the Fleet command-line tool
sudo npm install -g fleetctl
# Run a local demo of the Fleet server
sudo fleetctl preview

Windows users can omit sudo.

The Fleet UI is now available at http://localhost:1337.

Now what?

Check out the Ask questions about your devices tutorial to learn where to see your devices in Fleet, how to add Fleet's standard query library, and how to ask questions about your devices by running queries.

Team

Fleet is independently backed and actively maintained with the help of many amazing contributors.

🎉 Announcing the transition of Fleet to a new independent entity 🎉

Please check out the blog post to understand what is happening with Fleet and our commitment to improving the product. To upgrade from Fleet ≤3.2.0, just grab the latest release from this repository (it'll work out of the box).

Documentation

Documentation for Fleet can be found here.

Community

Chat

Please join us in the #fleet channel on osquery Slack.

Contributing

Contributions are welcome, whether you answer questions on Slack/GitHub/StackOverflow/Twitter, improve the documentation or website, write a tutorial, give a talk, start a local osquery meetup, troubleshoot reported issues, or submit a patch. The Fleet code of conduct is on GitHub.

Banner featuring a futuristic cloud city with the Fleet logo

Comments
  • Update Fleet Desktop to ensure it always uses the latest token

    Update Fleet Desktop to ensure it always uses the latest token

    Goal

    The URL for "My Device" is a static link that can be visited by everyone if someone shares that link. It can also be brute-forced. This is a blocker for some customers to deploying Fleet Desktop. The server will rotate the url. The fleet desktop agent should be in sync with the server.

    Figma

    https://www.figma.com/file/hdALBDsrti77QuDNSzLdkx/%F0%9F%9A%A7-Fleet-EE-(dev-ready%2C-scratchpad)?node-id=7170%3A271466

    Parent Epic

    • #6064

    How?

    Fleet Server

    New columns will be needed in host_device_auth (created_at, updated_at and accessed_at). Fleet Server will consider tokens as expired if now - updated_at > 1h. APIs will return the usual authentication error when a token is expired. On this first iteration we won't be renewing a token validity when the user visits the URL.

    For good UX Fleet server will have to return the orbit_info SELECT on every distributed/read (we could alternatively add some small interval for this specific query, if need be). We will use the cached_mysql to not perform unnecessary token insertions on every distributed/write. Also token updating should do a INSERT ON DUPLICATE KEY token=token, and not update updated_at.

    TBD: We will have to check for values of distributed_interval and token expiration time (e.g. if distributed_interval is too long, e.g. ~1h then we cannot make token expiration be 1h, Fleet Desktop won't work well).

    Orbit

    Orbit will attempt to rotate the token every ~1h, by checking mtime of $ROOT_DIR/identifier. If more than 1h has passed since the last update, it will (0) generate a new token, (1) wait for Fleet to ingest the value, and (2) update the file. Such file will now need to be world-accessible so that Fleet Desktop that runs as user can read it.

    Fleet Desktop

    Fleet Desktop won't receive the token as environment variable anymore. Fleet Desktop will now have to receive the path to the identifier file as a new environment variable. Fleet Desktop will check the mtime of such file and if it changes will reload the token in memory (3). Fleet Desktop will check the validity of the token before updating the menu item URL (4).

    We should rename the menu item from "Initializing..." to "Connecting...", as the token will now change regularly.

    Diagram

    Following is the full diagram for the token flow, from generation to usage:

    graph LR;
    A[Fleet Server];
    subgraph Device
        direction TB;
        subgraph root
            direction TB;
                B[Orbit];
                B -- "(0) Rotate token<br>(every X mins)" --> B
            D[osqueryd];
        end
        B -- "(2) Update token" --> I
        I["/opt/orbit/identifier"];
        E[Fleet Desktop];
    end
    D -- "(1) osquery API<br>(token write)" ----> A;
    B -- "(1) Update token<br>via extension" --> D;
    E -- "(4) Fleet Desktop API<br>(using token)" ----> A;
    E -- "(3) Read token<br>(check mtime)" --> I;
    
    

    Notes

    • Depending on whether Fleet Desktop has been advertised as stable, we'll have to make sure changes are backwards compatible (so that a new Orbit can work with an old Fleet Desktop and vice-versa).
    #agent :backend #platform #desktop 
    opened by zhumo 40
  • Global policies: Add ability to configure automations for policies

    Global policies: Add ability to configure automations for policies

    Goal

    As a user, I want to specify a webhook URL where alerts about policies can be sent so that I'm able to easily create a ticket that includes what host is failing which policy.

    Figma

    Add ability to configure alerts for policies: https://www.figma.com/file/hdALBDsrti77QuDNSzLdkx/?node-id=3124%3A81417

    Tasks

    1

    • [ ] Update webhook_settings in app config to allow for the following json:
    {
      "webhook_settings": {
        "failing_policies_webhook": {
          "enable_failing_policies_webhook": true,
          "destination_url": "http://some/url",
          "policy_ids": [1, 2, 3]
        },
        "interval": "1h"
      }
    }
    

    webhook_status.interval will also impact this webhook.

    This webhook, when set, will make Fleet check on policies that are global, not team specific. More on how this will be done below.

    This data must also be available when GETting app config.

    Webhook Payload

    {
        "timestamp": "2021-12-02T16:55:23Z",
        "policy": {
            "id": 1,
            "name": "Gatekeeper enabled",
            "query": "SELECT 1 FROM gatekeeper WHERE assessments_enabled = 1;",
            "description": "Checks if gatekeeper is enabled on macOS devices",
            "author_id": 42,
            "author_name": "John",
            "author_email": "[email protected]",
            "resolution": "Resolution steps",
            "passing_host_count": 2000,
            "failing_host_count": 300
        },
        "hosts": [
            {
                "id": 11,
                "hostname": "laptop-1",
                "url": "https://fleet.example.com/hosts/11"
            },
            {
                "id": 12,
                "hostname": "laptop-2",
                "url": "https://fleet.example.com/hosts/12"
            }
        ]
    }
    

    (timestamp is the webhook request send time.)

    2

    • [ ] For triggering the webhooks, this will happen in two separate steps: collection and trigger.
    1. Collection: The failing policies webhook will be triggered in two scenarios: when a host fails a policy and it's the first time it executes that policy, and when a host fails a policy that it had previously passed. For this, when a host fails a policy, we should check the state of the policy for that host and add to a redis set called policy_failure_{policy id} this host id (SADD). This will only happen for policies that are configured for webhooks, so potentially some caching on the checks will be needed.
    2. Trigger: A fleet instance will hold the webhook lock (this is already implemented for the host status webhook, this would extend that functionality). Looping through all the policies that have webhooks configured, It'll get the host ids from the policy failure sets using SMEMBERS, trigger the webhook calls, and then remove the host ids from the sets with SREM. This means that if there's a host added to the set while this logic is happening, it'll be added to the set and will be picked up the next time

    There shouldn't be a race between a case where a host fails and then it passes, given that policies are updated at 1hr intervals by default, and it's not usually lower than that.

    customer request :backend :release 
    opened by noahtalerman 40
  • Add Jira integration and create Jira tickets for software vulnerabilities

    Add Jira integration and create Jira tickets for software vulnerabilities

    Goal

    As a Fleet user, I want to use Fleet in my vulnerability ticketing workflow so that I don't have to manually create tickets for new vulnerabilities (CVEs) or configure the webhook to create them for me.

    NOTE: We will only support Jira Cloud in this first iteration using the v2 API. We are choosing to integrate with the v2 API and not the v3 API because it is more likely that older hosted versions of Jira Server will support v2 API. In the future, we may upgrade to using the v3 API if we need one of the new features.

    Related

    • Epic: #4523
    • Frontend (blocked): #2936
    • Jira Cloud Setup (done) https://fleetdm.atlassian.net/: #4579

    Figma

    Integrations for vulnerability automations: https://www.figma.com/file/hdALBDsrti77QuDNSzLdkx/%F0%9F%9A%A7-Fleet-EE-(dev-ready%2C-scratchpad)?node-id=3905%3A218712

    Jira ticket template

    Summary (what Jira call's a name or title):

    <CVE identifier> detected on <Number of affected hosts> hosts
    

    Description:

    See vulnerability (CVE) details in National Vulnerability Database (NVD) here: <Link to CVE details in NVD>
    
    Affected hosts:
    <Hostname1>: <Link to Host details page>
    <Hostname2>: <Link to Host details page>
    <Hostname3>: <Link to Host details page>
    <Hostname4>: <Link to Host details page>
    ...
    <Hostname50>: Link to Host details page>
    
    View the affected software and more affected hosts:
    1. Go to the **Software** page in Fleet: <Link to Software page in Fleet>
    2. Above the list of software, in the **Search software** box, enter <CVE identifier>.
    3. Hover over the affected software and select **View all hosts**.
    

    --

    This issue was created automatically by your Fleet to Jira integration.

    
    ## Tasks
    
    ### 1
    - [x] Add support for a new `integrations` object in the `app_config_json` table. 
    - Use the following structure:
    
    ```json
    {
        "integrations": {
            "jira": [
                {
                    "url": "https://example.jira.com",
                    "username": "adminUser",
                    "password": "abc123",
                    "project_key": "PROJECT",
                    "enable_software_vulnerabilities": false
                }
            ]
        }
    }
    

    2

    • [x] When a new software vulnerability automation is triggered, determine if either a Jira integration or webhook is enabled.
    • Both configuration objects are stored in the app_config_json table using the following structure:
    {
        "integrations": {
            "jira": [
                {
                    "url": "https://example.jira.com",
                    "username": "adminUser",
                    "password": "abc123",
                    "project_key": "PROJECT",
                    "enable_software_vulnerabilities": false
                }
            ]
        }
        "webhook_settings": {
            "vulnerabilities_webhook": {
                "enable_vulnerabilities_webhook":true,
                "destination_url": "https://server.com",
                "host_batch_size": 1000
              }
        },
    }
    
    • If webhook_settings.vulnerabilities_webhook.enable_vulnerabilities_webhook: true, send the notification through the existing webhook flow.
    • If integrations.jira[<index>].enable_software_vulnerabilities: true, create a new ticket in the select Jira integration.
    • Enforce that both webhook and Jira cannot both be enabled. We will only support one automation path at a time.
    • Enforce that multiple Jira configurations can be added to the integrations.jira array, but only one can be set enable_software_vulnerabilities: true.

    3

    • [x] Establish authenticated connection to Jira Server API using basic authentication.
    • Use basic auth to authenticate with Jira Server API using user provided username and password.
    • For the first iteration, the assumption is that basic auth is meaningfully faster to implement. In a future iteration, we will implement the more secure OAuth 2.0 method.

    4

    • [ ] ~~Retrieve project id from Jira Cloud API using project key.~~ Not required to create a ticket, project key is sufficient.
    • Reference Get Project API docs.
    • This assumes that both the project key and project id are needed to create the issue. If a project key alone will work, we can skip this step.
    • This id should be cached if needed, we don't want to make this request after every vulnerability.

    5

    • [x] Create a Jira ticket using the Jira Cloud API.
    • Reference Jira API Create Issue Docs for information about creating new issues.
    • Retry up to five times.
    • If issue create fails after five retries, fail silently for this first iteration. In future iterations, we will track the failure and notify the user.

    6

    • [x] Ensure newly added Jira configurations are valid.
    • When a user adds a new Jira integration and associated credentials, we only want to save after we confirm the credentials work.
    • Pick a simple Jira endpoint that we can hit as a "test" connection.
    • On success, return 200 status code and save the new Jira integration.
    • On failure, pass the status code and error message back to the Fleet UI via the PATCH /api/v1/fleet/config response and do not save the failing integration.

    Architectural notes

    Since we need to support retries and we want to support fleet restarting half way through, the vulnerability processing side of things should feed into a SQL table (could be redis, but it would be good to support storage) that reflects the status of each of the tickets created. That way, we have 2 separate parts: vulnerability processing, and jira ticket creation. One being slow doesn't affect the other.

    These parts can use separate locks even, so that two instances are taking care of this in parallel.

    The data stored should reflect the status of the ticket created, how many retries have been done, etc. We'll use all of this data to filter pending Jira tickets to be created.

    We'll also use this table to understand what has happened in the system over time. We should cleanup old rows though, as it might not be useful to store that we created a ticket successfully a month ago.

    While I'll leave the structure of the table to the developer that works on this, among the data that comes to mind would be useful to have I've got:

    • created and updated at timestamps
    • retries
    • status
    • cve it refers to
    • error message received (could be null)

    More things could be added if they are available and might be useful to store as well.

    :architect :backend :blocker !integrations 
    opened by lukeheath 39
  • Add validation for `config` and `teams` YAML documents

    Add validation for `config` and `teams` YAML documents

    The config YAML document is where the user specifies agent_options configuration as well as other Fleet configuration (ex. host_settings.enable_software_inventory).

    The teams YAML document is where the user specifies agent_options configuration as well as other Fleet configuration (secrets), for a specific team.

    Goal

    As a user, I want validation for all keys and values in the config and teams yaml document, verifying that all keys match true, real keys, with great error messages. And that the values are the right data type. Very strict validation.

    This validation should apply everywhere agent options or config are applied and return meaningful, helpful errors if it fails.

    Tasks

    1

    • [x] Fleet server validates that no required keys in the config and teams YAML document are missing.
    • We don't have great documentation on what keys are required, so this will require some research/discussion.
    • Once this information is gathered, loop in @noahtalerman. Assignee of this ticket is responsible for making sure the docs are updated.

    2

    • [ ] Fleet server validates all keys in config and teams YAML document match true, real keys. Keys under agent_options are validated based on latest osquery.

    3

    • [x] Document all keys in the config and teams YAML document by replacing the "Organization settings" and "Teams" sections of the configuration files docs. For each key, include a description, the default value (if there is one) and example YAML to indicate where each key is located in the greater config.
    • Assignee can determine best format. One option is at https://fleetdm.com/docs/deploying/configuration#my-sql.

    4

    • [x] Fleet server validates all values in the config and teams YAML document are the right type. Values under agent_options are based on the latest osquery.

    5

    • [x] When running fleetctl apply with a config or teams YAML document, the Fleet server gives an error if validation fails. When this happens, Fleet doesn't try to set any configuration settings or any new agent_options to the hosts.

    6

    • [x] A user can test changes to a config or teams YAML document locally using a fleetctl apply --dry-run command. When running this command, the Fleet server gives an error if the validation fails. Fleet doesn't try to set configuration settings or send any new agent_options to the hosts.
    • Ensure new fleetctl apply --dry-run command flag is documented.

    7

    • [x] Add a --force flag to bypass validation.
    • When including this flag, bypass all validation checks and apply the given config.
    • Ensure the API endpoint has an option to force so that it can be applied via the UI.

    8

    • [x] In addition to validating required fields and that fields have the right type, ensure the value is valid for the config option when possible.
    • For example (from #6513 ) :

    Fleet doesn't detect when logger_tls_endpoint is not a path starting with /. Applying a bad path would break osquery as it would stop talking to the right fleet instance.

    #fleetctl customer request 5 :backend :api customer-domon #interface 
    opened by noahtalerman 38
  • Update query console right side panel in Fleet product

    Update query console right side panel in Fleet product

    Goal

    Update query console right side panel to improve first-time experiences with Fleet and make it more approachable to new users.

    Figma

    https://www.figma.com/file/yLP0vJ8Ms4GbCoofLwptwS/%E2%9C%85-fleetdm.com-(current%2C-dev-ready)?node-id=5197%3A20730

    Requirements

    • Fleet UI ingests a new schema: https://github.com/fleetdm/confidential/issues/1619
    • Fleet UI updates the query console right side panel (See Figma)

    Related

    • Parent epic: https://github.com/fleetdm/confidential/issues/1646
    • Blocker: https://github.com/fleetdm/fleet/issues/8067

    Notes

    Tasks

    • TODO: Update with implementation requirements.
    13 :frontend 🏆 OKR #interface 
    opened by noahtalerman 36
  • In Fleet Sandbox, add ability to download a pre-generated installer

    In Fleet Sandbox, add ability to download a pre-generated installer

    Goal

    As a user, I want to be able to download a Fleet-osquery installer in the Fleet UI so that I can add hosts to Fleet without having to know how to successfully generate an installer with the fleetctl package command.

    Figma

    https://www.figma.com/file/hdALBDsrti77QuDNSzLdkx/?node-id=6740%3A267448

    Related

    • #6555 (epic)
    • #6365 (platform)
    • #6592 (platform)

    Package Download API

    API endpoint is currently in review. Once merged, they will be deployed to theAPI for Contributors.

    It appears the PR is going to merge pretty quickly next week. In that case, we likely want to build out everything except for the API calls, then add them in once the API PR merges.

    If for any reason it looks like the API PR is going to be delayed until later in the week, we should build the full functionality of this ticket using a mock API that matches the pattern in these specs.

    API Specs

    Downloads a pre-built fleet-osquery installer with the given parameters.

    GET /api/_version_/fleet/download_installer/{enroll_secret}/{kind}

    Parameters

    | Name | Type | In | Description | | ------------- | ------- | ----- | ------------------------------------------------------------------ | | enroll_secret | string | path | The global enroll secret. | | kind | string | path | The installer kind: pkg, msi, deb or rpm. | | desktop | boolean | query | Set to true to ask for an installer that includes Fleet Desktop. |

    Default response
    Status: 200
    Content-Type: application/octet-stream
    Content-Disposition: attachment
    Content-Length: <length>
    Body: <blob>
    

    If an installer with the provided parameters is found, the installer is returned as a binary blob in the body of the response.

    Installer doesn't exist

    Status: 400

    If an installer with the provided parameters doesn't exist.

    Tasks

    1

    • [ ] Add new content for "Add Hosts" modal when Fleet instance is in sandbox mode.
    • The goal is to allow sandbox users to download packaged installers without having to run commands in the command line.
    • "Include Fleet Desktop" is checked by default.
    • “Download installer” button is disabled until a platform is selected.
    • Note the weighted margin-bottom –60px (rather than 40px) of the content to visually balance the contents. (See Figma)

    Image

    2

    • [ ] When a platform is selected, it enters a highlighted state.
    • There are 8 files that can be downloaded. One for each platform with and without "Fleet Desktop" included.
    • When "Download installer" button is clicked, an API request is sent to download the installers. (See API specs above)
    • We will use the same process to download the file as used to download hosts CSV. The only difference is instead of type: "text/csv" we should set type: "application/octet-stream".

    Image

    3

    • [ ] Add loading spinner to the "Download installer" button while file is downloading.
    • Reference the button loading spinner on the update query "Save" button for an example implementation.
    • In the loading state, if the user clicks or hovers over the platform buttons or the checkbox, nothing happens. (UI is locked during loading)

    Image

    4

    • [ ] Add success state after successful download.
    • A “finished” state appears, with instructions for what the next step is for the user to add the host to Fleet.
    • The installer is automatically downloaded in the browser.
    • “Got it” button closes the modal.
    • Note there is different copy for MacOS, Windows and Linux.

    MacOS: Run the installer on a macOS laptop or workstation to add it to Fleet. Windows: Run the installer on a Windows laptop, workstation, or sever to add it to Fleet Linux: Run the installer on a Linux laptop, workstation, or sever to add it to Fleet

    Image

    5

    • [ ] Add error state if the API returns a non-2xx response when file is requested.
    • Based on the conversation in this thread, we may not be implementing the error state. Instead, we may make a HEAD request for all eight files, and if any are missing we may fall back to the default add hosts modal content.
    • TODO: @noahtalerman will update this ticket with the product decision on this item.

    Image

    6

    • [ ] Add E2E tests to validate new add hosts flow for sandbox users.

    7

    • [ ] Try out the full sign up, provision, download package flow and tell us if the package has been successfully created.
    8 !sandbox #interface 
    opened by noahtalerman 36
  • Provide battery condition in host details response

    Provide battery condition in host details response

    Goal

    As an API consumer, I want the GET /hosts/{id} and GET /device/{token} endpoint to include battery_condition in the response object so that I can inform the user if the battery needs to be charged.

    Figma

    https://www.figma.com/file/hdALBDsrti77QuDNSzLdkx/?node-id=4897%3A181350

    Related

    • Frontend (blocked): #4062

    Tasks

    1

    • [x] Retrieve battery condition from the [osquery battery table] (https://github.com/osquery/osquery/blob/master/specs/darwin/battery.table) and store in Fleet database.
    • Add cycle_count to hosts information in Fleet database.
    • Add health to hosts information in Fleet database.

    2

    • [x] Include a batteries array in the GET hosts/{id} response.
    • Add new array to API response docs for this endpoint.

    3

    • [x] Include batteries array in the GET /device/{token} response.
    • This endpoint is currently undocumented. Please add endpoint documentation to Fleet REST API docs as a new "Device" section with a single endpoint.

    Sample array

    {
      "host": {
        "batteries": [
          {
            "cycle_count": 1000,
            "health": "Good"
          }
        ]  
      }
    }
    
    3 :backend :blocker #interface 
    opened by lukeheath 34
  • Add support for downloading a list of hosts in CSV format

    Add support for downloading a list of hosts in CSV format

    NOTE: This issue was broken out of the following issue: #2998.

    • Prior to separating these issues, the combined estimation from the backend engineering team was 5.

    Goal

    As an IT administrator, I want to be able to download a list of hosts in CSV format.

    1

    • [ ] Create new endpoint to generate a CSV containing all hosts with a specific software version installed.
    • GET /api/v1/fleet/hosts/report.
    • Generated filename should follow this naming pattern: Hosts YYYY-MM-DD
    • Update API docs.

    Parameters

    | Name | Type | In | Description | | ----------------- | ------ | ----- | -------------------------------------| | software_id | integer | body | Required. The software's id. |

    Example

    • GET /api/v1/fleet/hosts/report?software_id=408&format=csv
    Default response

    Status: 200

    CSV as the body of the response, see https://stackoverflow.com/questions/68162651/go-how-to-response-csv-file as an example.

    3 :backend :engineering :api 
    opened by noahtalerman 34
  • On fleetdm.com, sign up for Fleet Sandbox

    On fleetdm.com, sign up for Fleet Sandbox

    Part of the Q2 Digital Experience OKRs

    Goal

    Reduce the time to value for new Fleet users by creating a Fleet sandbox.

    Related

    Epic: #4970 Fleet UI: #5723, #5902 PR: https://github.com/fleetdm/fleet/pull/6380

    Figma

    /get-started: https://www.figma.com/file/yLP0vJ8Ms4GbCoofLwptwS/?node-id=794%3A373

    Needs updated wireframes

    • [x] @mike-j-thomas for new users on fleetdm.com, update the password requirements to the following: Must include 12 characters, at least 1 number (e.g. 0 - 9), and at least 1 symbol (e.g. &*#) ~- [ ] @mike-j-thomas add an error state when an existing user has a password that doesn't meet the new requirements and they attempt to access Fleet Sandbox.~ ~- This error state should point the user to reset their password.~

    Tasks

    1

    • [x] Add a Registration page (/try-fleet/register). This page replaces the Get started page.
    • A user reaches the Registration page if they select the "Try it out" buttons on the main page (/) and the How it works page (/platform)
    • This page accepts "Email" and "Password" fields
    • Selecting "I have an account" takes the user to the new Login page (/try-fleet/login)
    • Selecting "terms of service" navigates the user to the following Google doc: https://docs.google.com/document/d/1OM6YDVIs7bP8wg6iA3VG13X086r64tWDqBSRudG4a0Y/edit
    • Selecting "privacy policy" navigates the user to the following Google doc: https://docs.google.com/document/d/17i_g1aGpnuSmlqj35-yHJiwj7WRrLdC_Typc1Yb7aBE/edit#heading=h.gjdgxs
    • "Click here" navigates the user to https://fleetdm.com/docs/deploying

    Screen Shot 2022-05-10 at 4 22 21 PM

    2

    • [x] On the Registration page, add the "Sign up" flow
    • Selecting the "Sign up" button fires a loading spinner and creates a user with lastName set the the supplied emailAddress, firstName set to the result of the following regex: emailAddress.split(/@/)[1], and sandboxExpiration set to the time 24 hours from the current time (using ISO 8601 standard to represent the time as a date).
      • The sandboxExpiration is sent in the POST request as sandbox_expiration.
    • Selecting "Sign up" sends a POST request to the cloud provisioner.
      • The cloud provisioner responds with a url.
      • Using the url, fleetdm.com checks the url/healthz endpoint at some interval. When url/healthz returns 200, fleetdm.com redirects the user to the URL.
      • fleetdm.com redirects the user to this url and updates the user with cloudURL set to url.
      • The API request includes a secret (set as an environment variable) so that the cloud provisioner knows the request is coming from fleetdm.com.
        • This way, we prevent bots from hitting the API over and over again.

    Request:

    {
      "email": "[email protected]",
      "name": "[email protected]",
      "password": "sandbox123#",
      "sandbox_expiration": "0001-01-01T00:00:00Z"
    }
    

    Response:

    {
      "url": "billybobcat.sandbox.fleetdm.com"
    }
    

    Screen Shot 2022-05-10 at 4 22 51 PM

    3

    • [x] Add a new Login page (/try-fleet/login)
    • This page accepts "Email" and "Password" fields
    • "Create an account" navigates the user to the new Registration page.
    • "Forgot your password?" navigates the user to the new Forgot password page (/try-fleet/forgot-password) . Screen Shot 2022-05-10 at 4 24 35 PM

    4

    • [x] On the Login page, add a new "Login" flow.
    • For existing users that have never accessed Fleet sandbox, selecting "Sign in" sends a POST request to the cloud provisioner.
    • Selecting the "Sign in" button fires a loading spinner and the fleetmd.com user's sandboxExpiration is set to the time 24 hours from the current time (using ISO 8601 standard to represent the time as a date). This is sent in the POST request as sandbox_expiration.
      • The cloud provisioner responds with a url.
      • Using the url, fleetdm.com checks the url/healthz endpoint at some interval. When url/healthz returns 200, fleetdm.com redirects the user to the URL.
      • fleetdm.com redirects the user to this url and updates the user with cloudURL set to url.
      • The API request includes a secret (set as an environment variable) so that the cloud provisioner knows the request is coming from fleetdm.com.
        • This way, we prevent bots from hitting the API over and over again. Request:
    {
      "email": "[email protected]",
      "name": "[email protected]",
      "password": "sandbox123#",
      "sandbox_expiration": "0001-01-01T00:00:00Z"
    }
    

    Response:

    {
      "url": "billybobcat.sandbox.fleetdm.com"
    }
    
    • For existing users that have accessed Fleet sandbox, selecting "Sign in" navigates the user to their Fleet sandbox URL

    5

    • [x] Add a new Forgot password page (/try-fleet/forgot-password) and forgot password flow.
    • This page accepts "Email"
    • Selecting "I have an account" navigates the user to the new Registration page (try-fleet/register)
    • Selecting "Reset password" sends a password recovery link to the supplied email and navigates the user to the new Password reset sent page (/try-fleet/password-reset-sent). Screen Shot 2022-05-10 at 4 28 45 PM

    6

    • [x] Add a new Password reset sent page.
    • "Back to login" navigates the user to the new Login page.
    • "contact support" navigates the user to: TODO @mike-j-thomas Screen Shot 2022-05-10 at 4 29 32 PM

    7

    • [x] Add a new "Password reset" email template
    • The template includes a "Reset password" link which navigates the user to the new New password page (/try-fleet/new-password)

    Screen Shot 2022-05-10 at 4 34 36 PM

    8

    • [x] Add a new New password page
    • A user is sent here from the "Password reset" email template.
    • This page accepts "Password" and "Password confirmation" fields.
    • Selecting "Change my password" navigates the user to their Fleet Sandbox URL

    Screen Shot 2022-05-10 at 4 35 03 PM

    #website !sandbox 🏆 OKR #interface 
    opened by mike-j-thomas 32
  • Fleet's osquery installers: support deploying osquery with the `.app` bundle

    Fleet's osquery installers: support deploying osquery with the `.app` bundle

    This issue includes a required improvement for the 1.0.0 release of Fleet's osquery installers (aka orbit). These installers are currently in beta.

    To utilize some osquery features on macOS the latest version of osquery, deploying osquery with the .app bundle is required.

    Goal

    With Fleet's osquery installers, we are currently packaging osquery 5.1.0. With osquery 5.0.1 and above the format of the package was changed to a full macOS app so that osquery can access the EndpointSecurity events that the kernel exposes.

    How?

    • [ ] Mimic the package format for Orbit to follow a similar structure as the osquery one for 5.0.1
    #agent :architect 8 :backend !desktop 
    opened by noahtalerman 32
  • Query Experience Cleanup Tasks

    Query Experience Cleanup Tasks

    Tasks completed:

    This is the 4th PR for #1497, and second to last before pushing to main. The checklist will be done on the final PR.

    opened by martavis 31
  • Some Windows users are being truncated at a few characters

    Some Windows users are being truncated at a few characters

    Fleet version: Sandbox (~Nov 18, 2022)

    Operating system: Windows something

    Web browser: NA


    🧑‍💻  Expected behavior

    Full name of the user is displayed

    💥  Actual behavior

    image

    More info

    bug :reproduce 
    opened by zhumo 1
  • UI: Fix Tooltipwrapper causing extra whitespace if in last column of table

    UI: Fix Tooltipwrapper causing extra whitespace if in last column of table

    Addresses #8390

    Fixes

    • TooltipWrapper was causing extra whitespace after last table column. This solution used the third-party ReactTooltip, which has the nice feature of automatically changing its position if it would cause issues like this one. Screenshot 2022-11-18 at 3 47 17 PM

    Checklist for submitter

    • [x] Changes file added for user-visible changes in changes/
    • [x] Manual QA for all new/changed functionality
    opened by jacobshandling 1
  • Update fields for Linux packages

    Update fields for Linux packages

    A user requested these additional fields be completed for the Linux packages due to some tools requiring their presence.

    Checklist for submitter

    If some of the following don't apply, delete the relevant line.

    • [ ] Changes file added for user-visible changes in changes/ or orbit/changes/. See Changes files for more information.
    • [ ] Documented any API changes (docs/Using-Fleet/REST-API.md or docs/Contributing/API-for-contributors.md)
    • [ ] Documented any permissions changes
    • [ ] Input data is properly validated, SELECT * is avoided, SQL injection is prevented (using placeholders for values in statements)
    • [ ] Added support on fleet's osquery simulator cmd/osquery-perf for new osquery data ingestion features.
    • [ ] Added/updated tests
    • [ ] Manual QA for all new/changed functionality
      • For Orbit and Fleet Desktop changes:
        • [ ] Manual QA must be performed in the three main OSs, macOS, Windows and Linux.
        • [ ] Auto-update manual QA, from released version of component to new version (see tools/tuf/test).
    #agent 
    opened by zwass 2
  • Stand up two instances of Fleet (Free and Premium) for E2E testing to enable QAWolf

    Stand up two instances of Fleet (Free and Premium) for E2E testing to enable QAWolf

    Problem

    We have engaged QAWolf to write and maintain a new E2E testing suite. Their tool does not run within our CI pipeline like our current E2E suite but instead needs access to a live version of the app (Free and Premium) to run their tests against.

    We want to auto-update both instances from main once per day. Early morning is ideal, so we know at the start of each business day that the instances are running the latest.

    Requirements

    1. Stand up a long-lived Premium version of Fleet with all available features enabled.
    2. Stand up a long-lived Free version of Fleet with all available features enabled.
    3. Create an auto-deploy process that updates each instance from main early each morning.
    4. Each instance should enroll a mix of Mac, Windows, and Ubuntu hosts using the new template flags in osquery-perf. 500 total hosts.
    5. Enroll Ubuntu VMs using the docker-compose in tools/osquery. One host from each container.
    :engineering #platform 
    opened by lukeheath 4
  • Track usage of integrations for vulns and policies

    Track usage of integrations for vulns and policies

    Problem

    Currently, we are not tracking usage of vulns and policies integrations in our anonymous usage statistics. It is a blind spot for us in our efforts to understand how successful our features are.

    Business Case

    This will enable Fleet to better understand our uses and identify whether there is a gap in our customer understanding

    Measurement

    • Requested metrics are tracked and accurate

    Requirements

    In the anonymous usage statistics add new columns:

    1. "Vuln integration"
    2. "Policy integration"

    If there is an integration for vuln or policy, put "JIRA","Zendesk", or "webhook". Otherwise "none".

    • Documentation Add these usage stats to the documentation

    Design

    UI

    TODO

    API

    TODO

    CLI

    TODO

    Related

    Child issues

    Interface team

    • TODO

    Platform team

    • TODO

    Agent team

    • TODO

    Documentation

    • TODO
    epic #platform 
    opened by zhumo 0
Releases(fleet-v4.23.0)
  • fleet-v4.23.0(Nov 14, 2022)

    Changes

    • Added preview screenshots for Jira and Zendesk vulnerability tickets for Premium users.

    • Improve host detail query to populate primary ip and mac address on host.

    • Add option to show public IP address in Hosts table.

    • Improve ingress resource by replacing the template with a most recent version, that enables:

      • Not having any annotation hardcoded, all annotations are optional.
      • Custom path, as of now it was hardcoded to /*, but depending on the ingress controller, it can require an extra annotation to work with regular expressions.
      • Specify ingressClassName, as it was hardcoded to gce, and this is a setting that might be different on each cluster.
    • Added ingestion of host orbit version from orbit_info osquery extension table.

    • Added number of hosts enrolled by orbit version to usage statistics payload.

    • Added number of hosts enrolled by osquery version to usage statistics payload.

    • Added arch and linuxmint to list of linux distros so that their data is displayed and host count includes them.

    • When submitting invalid agent options, inform user how to override agent options using fleetctl force flag.

    • Exclude Windows Servers from mdm lists and aggregated data.

    • Activity feed includes editing team config file using fleetctl.

    • Update Go to 1.19.3.

    • Host details page includes information about the host's disk encryption.

    • Information surfaced to device user includes all summary/about information surfaced in host details page.

    • Support low_disk_space filter for endpoint /labels/{id}/hosts.

    • Select targets pages implements cleaner icons.

    • Added validation of unknown keys for the Apply Teams Spec request payload (POST /spec/teams endpoint).

    • Orbit MSI installer now includes the necessary manifest file to use windows_event_log as a logger_plugin.

    • UI allows for filtering low disk space hosts by platform.

    • Add passed policies column on the inherited policies table for teams.

    • Use the MSRC security bulletins to scan for Windows vulnerabilities. Detected vulnerabilities are inserted in a new table, 'operating_system_vulnerabilities'.

    • Added vulnerability scores to Jira and Zendesk integrations for Fleet Premium users.

    • Improve database usage to prevent some deadlocks.

    • Added ingestion of disk encryption status for hosts, and added that flag in the response of the GET /hosts/{id} API endpoint.

    • Trying to add a host with 0 enroll secrets directs user to manage enroll secrets.

    • Detect Windows MDM solutions and add mdm endpoints.

    • Styling updates on login and forgot password pages.

    • Add UI polish and style fixes for query pages.

    • Update styling of tooltips and modals.

    • Update colors, issues icon.

    • Cleanup dashboard styling.

    • Add tooling for writing integration tests on the frontend.

    • Fixed host details page so munki card only shows for mac hosts.

    • Fixed a bug where duplicate vulnerability webhook requests, jira, and zendesk tickets were being made when scanning for vulnerabilities. This affected ubuntu and redhat hosts that support OVAL vulnerability detection.

    • Fixed bug where password reset token expiration was not enforced.

    • Fixed a bug in fleetctl apply for teams, where a missing agent_options key in the YAML spec file would clear the existing agent options for the team (now it leaves it unchanged). If the key is present but empty, then it clears the agent options.

    • Fixed bug with our CPE matching process. UTM.app was matching to the wrong CPE.

    • Fixed an issue where fleet would send invalid usage stats if no hosts were enrolled.

    • Fixed an Orbit MSI installer bug that caused Orbit files not to be removed during uninstallation.

    Upgrading

    Please visit our update guide for upgrade instructions.

    Documentation

    Documentation for Fleet is available at fleetdm.com/docs.

    Binary Checksum

    SHA256

    010850f10cddaa40b346071f12c8cb61d41a5e7970dbdadcd1e786dcbb7597ac  fleet_v4.23.0_linux.tar.gz
    1850e3ddd1a6130167c254fb6ebbd99128f4e6d80731eed6e948f20bcbff05a1  fleetctl_v4.23.0_macos.tar.gz
    39a8a4626f15b36e905d513ffffe625b14cba9e13bd4b6c9f36740791ee3e3bb  fleetctl_v4.23.0_windows.tar.gz
    682880dfedc52792645842e70c97c733c5cac70734a704dfa8e9ad00672c6b8b  fleetctl_v4.23.0_linux.tar.gz
    6c3827505fc72e0c6f9cdbda175502fba29f6d50199f15c57d601c90e78a7fe9  fleetctl_v4.23.0_linux.zip
    81145904ef4e5d237ffde63b55654e5c29f5bb38a996e4fc421bbf5796e96d76  fleetctl_v4.23.0_windows.zip
    93003e1ff46f40175ac0f02055b1d64d6cec212d291075b9d30c95303964bc79  fleetctl_v4.23.0_macos.zip
    
    Source code(tar.gz)
    Source code(zip)
    checksums.txt(664 bytes)
    fleetctl_v4.23.0_linux.tar.gz(18.40 MB)
    fleetctl_v4.23.0_linux.zip(18.40 MB)
    fleetctl_v4.23.0_macos.tar.gz(18.12 MB)
    fleetctl_v4.23.0_macos.zip(18.12 MB)
    fleetctl_v4.23.0_windows.tar.gz(18.53 MB)
    fleetctl_v4.23.0_windows.zip(18.53 MB)
    fleet_v4.23.0_linux.tar.gz(35.13 MB)
  • fleet-v4.22.1(Oct 28, 2022)

    Changes

    • Fixed the error response of the /device/:token/desktop endpoint causing problems on free Fleet Desktop instances on versions 1.3.x.

    Upgrading

    Please visit our update guide for upgrade instructions.

    Documentation

    Documentation for Fleet is available at fleetdm.com/docs.

    Binary Checksum

    SHA256

    0a8a22d483a84211e9e27f4230a251304c3dc027b801ac0b696655ff868fd1b8  fleetctl_v4.22.1_macos.tar.gz
    71d0a532f97372eb59312556c8e60b56fbbee82ad25d43c0e77c5c09d940b066  fleetctl_v4.22.1_windows.tar.gz
    95e12143225727d83645cbfbc38641b51d8c5c081cad10aebeabe14e632af88c  fleetctl_v4.22.1_linux.zip
    a3dd7366eb9c41c2b7adfa7174bf7c0298d67b593d86ee5f6129ec1ff5bdefb5  fleetctl_v4.22.1_macos.zip
    c6d41f27235b69d674d4c8163a7695d897497a9071acdfb25c314b0f6ed880e1  fleet_v4.22.1_linux.tar.gz
    dc117c4509af1134d369663f40b600409759ad42ba851926cd1948f9b990f1d6  fleetctl_v4.22.1_linux.tar.gz
    f1a596ff4564b3d428be107fa5b26dc0f4295211e172f8f9bdea4d57a011d5f0  fleetctl_v4.22.1_windows.zip
    
    Source code(tar.gz)
    Source code(zip)
    checksums.txt(664 bytes)
    fleetctl_v4.22.1_linux.tar.gz(17.60 MB)
    fleetctl_v4.22.1_linux.zip(17.61 MB)
    fleetctl_v4.22.1_macos.tar.gz(17.34 MB)
    fleetctl_v4.22.1_macos.zip(17.35 MB)
    fleetctl_v4.22.1_windows.tar.gz(17.76 MB)
    fleetctl_v4.22.1_windows.zip(17.76 MB)
    fleet_v4.22.1_linux.tar.gz(32.70 MB)
  • fleet-v4.22.0(Oct 21, 2022)

    Changes

    • Fleet Premium: Add ability to see how many and which hosts have low disk space (less than 32GB available) on the Home page.

    • Fleet Premium: Add ability to see how many and which hosts are missing (offline for at least 30 days) on the Home page.

    • Improved the query console by indicating which columns are required in the WHERE clause, indicated which columns are platform-specific, and adding example queries for almost all osquery tables in the right sidebar. These improvements are also live on fleetdm.com/tables

    • Added a new display name for hosts in the Fleet UI. To determine the display name, Fleet uses the computer_name column in the system_info table. If computer_name isn't present, the hostname is used instead.

    • Added functionality to consider device tokens as expired after one hour. This change is not compatible with older versions of Fleet Desktop. We recommend to manually update Orbit and Fleet Desktop to > v1.0.0 in addition to upgrading the server if:

      • You're managing your own TUF server.
      • You have auto-updates disabled (fleetctl package [...] --disable-updates)
      • You have channels pinned to an older version (fleetctl package [...] --orbit-channel 1.0.0 --desktop-channel 1.1.0).
    • Added security headers to HTML, CSV, and installer responses.

    • Added validation of the command_line_flags object in the Agent Options section of Organization Settings and Team Settings.

    • Added logic to clean up irrelevant policies for a host on re-enrollment (e.g., if a host changes its OS from linux to macOS or it changes teams).

    • Added the inherited_policies array to the GET /teams/{team_id}/policies endpoint that lists the global policies inherited by the team, along with the pass/fail counts for the hosts on that team.

    • Added a new UI state for when results are coming in from a live query or policy query.

    • Added better team name suggestions to the Create teams modal.

    • Clarified last seen time and last fetched time in the Fleet UI.

    • Translated technical error messages returned by Agent options validation to be more user-friendly.

    • Renamed machine serial to serial number and IPv4 properly to private IP address.

    • Fleet Premium: Updated Fleet Desktop to use the /device/{token}/desktop API route to display the number of failing policies.

    • Made host details software tables more responsive by adding links to software details.

    • Added usage statistics for the weekly count of aggregate policy violation days. One policy violation day is counted for each policy that a host is failing, measured as of the time the count increments. The count increments once per 24-hour interval and resets each week.

    • Fixed a bug in which a user would not be rerouted to the Home page if already logged in.

    • Fixed a bug in which clicking the select all checkbox did not select all in some cases.

    • Fixed a bug introduced in 4.21.0 where a Windows-specific query was being sent to non-Windows hosts, causing an error in query ingestion for directIngestOSWindows.

    • Fixed a bug in which uninstalled software (DEB packages) appeared in Fleet.

    • Fixed a bug in which a team that didn't have config.features settings was edited via the UI, then both features.enable_host_users and features.enable_software_inventory would be false instead of the global default.

    • Fixed a bug that resulted in false negatives for vulnerable versions of Zoom, Google Chrome, Adobe Photoshop, Node.js, Visual Studio Code, Adobe Media Encoder, VirtualBox, Adobe Premiere Pro, Pip, and Firefox software.

    • Fixed bug that caused duplicated vulnerabilities to be sent to third-party integrations.

    • Fixed panic in ingestKubequeryInfo query ingestion.

    • Fixed a bug in which host_count and user_count returned as 0 in the teams/{id} endpoint.

    • Fixed a bug in which tooltips for Munki issue would be cut off at the edge of the browser window.

    • Fixed a bug in which tooltips for Munki issue would be cut off at the edge of the browser window.

    • Fixed a bug in which running fleetctl apply with the --dry-run flag would fail in some cases.

    • Fixed a bug in which Hosts table displayed 20 hosts per page.

    • Fixed a server panic that occured when a team was edited via YAML without an agent_options key.

    • Fixed an bug where Pop!_OS hosts were not being included in the linux hosts count on the hosts dashboard page.

    Upgrading

    Please visit our update guide for upgrade instructions.

    Documentation

    Documentation for Fleet is available at fleetdm.com/docs.

    Binary Checksum

    SHA256

    00661a87d7d3692ff9d3eb09152317b503f30198d79e37357381bdab8ee3d556  fleetctl_v4.22.0_macos.zip
    142fd577a9fb781643189c5c110e3cb8a530300d5796bca2fdc8ca4f45bb8fb7  fleetctl_v4.22.0_macos.tar.gz
    66967c861974f2cfa450ab2a091c873a81f58a866cb591b19d993e949aa875c6  fleetctl_v4.22.0_linux.tar.gz
    846f49f33cd6ff73eaab9a12b9d093b36b68325fdbf271bac433a51dbfb12051  fleetctl_v4.22.0_windows.zip
    cf937d8b50fbb8e141c26662db56b88df00ea750ff91301f0163e955196f8f0c  fleetctl_v4.22.0_linux.zip
    d272bebf4c055cd5b3bbdb551f9d8c8ade5d6fcb5072a57450706ff084175a5c  fleetctl_v4.22.0_windows.tar.gz
    ff678646cacba70da49a98b20c45c604a0314b6567f3af0d0c596dc2f8f3cca8  fleet_v4.22.0_linux.tar.gz
    
    Source code(tar.gz)
    Source code(zip)
    checksums.txt(664 bytes)
    fleetctl_v4.22.0_linux.tar.gz(17.60 MB)
    fleetctl_v4.22.0_linux.zip(17.61 MB)
    fleetctl_v4.22.0_macos.tar.gz(17.34 MB)
    fleetctl_v4.22.0_macos.zip(17.35 MB)
    fleetctl_v4.22.0_windows.tar.gz(17.76 MB)
    fleetctl_v4.22.0_windows.zip(17.76 MB)
    fleet_v4.22.0_linux.tar.gz(32.70 MB)
  • fleet-v4.21.0(Oct 5, 2022)

    Changes

    • Fleet Premium: Added the ability to know how many hosts and which hosts, on a team, are failing a global policy.

    • Added validation to the config and teams configuration files. Fleet can be managed with configuration files (YAML syntax) and the fleetctl command line tool.

    • Added the ability to manage osquery flags remotely. This requires Orbit, Fleet's agent manager. If at some point you revoked an old enroll secret, this feature won't work for hosts that were added to Fleet using this old enroll secret. To manage osquery flags on these hosts, we recommend deploying a new package. Check out the instructions here on GitHub.

    • Added a /api/v1/fleet/device/{token}/desktop API route that returns only the number of failing policies for a specific host.

    • Added support for kubequery.

    • Added support for an AC_TEAM_ID environment variable when creating signed installers for macOS hosts.

    • Made cards on the Home page clickable.

    • Added es_process_file_events, password_policy, and windows_update_history tables to osquery.

    • Added activity items to capture when, and by who, agent options are edited.

    • Added logging to capture the user’s email upon successful login.

    • Increased the size of placeholder text from extra small to small.

    • Fixed an error that cleared the form when adding a new integration.

    • Fixed an error generating Windows packages with the fleetctl package on non-English localizations of Windows.

    • Fixed a bug that showed the small screen overlay when trying to print.

    • Fixed the UI bug that caused the label filter dropdown to go under the table header.

    • Fixed side panel tooltips to not be wider than side panel causing scroll bug.

    Upgrading

    Please visit our update guide for upgrade instructions.

    Documentation

    Documentation for Fleet is available at fleetdm.com/docs.

    Binary Checksum

    SHA256

    2a5a3c3739d5239cfd30e1aac2d287598ff833bc6933f6a7f8ff3cd213288099 fleet_v4.21.0_linux.tar.gz 3417e6394ec99f7286423545f94d04574c93ef4b4b31196bc2545a5eef1a7574 fleetctl_v4.21.0_linux.zip 34ec5b4cc7a958725e7017693088123af7cfa05c8b08aa5ddd118e156ca0a888 fleetctl_v4.21.0_windows.zip 8af0f3703df8e53ca7747bc9f5faa4655327ab1c9488f1b6f776efe749037413 fleetctl_v4.21.0_macos.tar.gz b01d5596873134c5676ba0241a952852055883199e6c08505cf22882a84fdef2 fleetctl_v4.21.0_linux.tar.gz e2a1d52924be2d8e687450dd16557cddd51f71130be4ce1d1525362a7e98720c fleetctl_v4.21.0_macos.zip ed6791f19d5f5cf6c23375fd8831932d873bafed7589953e01e8d8763962e456 fleetctl_v4.21.0_windows.tar.gz

    Source code(tar.gz)
    Source code(zip)
    checksums.txt(664 bytes)
    fleetctl_v4.21.0_linux.tar.gz(17.12 MB)
    fleetctl_v4.21.0_linux.zip(17.12 MB)
    fleetctl_v4.21.0_macos.tar.gz(16.93 MB)
    fleetctl_v4.21.0_macos.zip(16.93 MB)
    fleetctl_v4.21.0_windows.tar.gz(17.27 MB)
    fleetctl_v4.21.0_windows.zip(17.26 MB)
    fleet_v4.21.0_linux.tar.gz(30.98 MB)
  • fleet-v4.20.1(Sep 16, 2022)

    Changes

    This is a security release.

    • Security: Upgrade Go to 1.19.1 to resolve a possible HTTP denial of service vulnerability (CVE-2022-27664).

    • Fixed a bug in which vulnerability automations sent duplicate webhooks.

    • Fixed a bug in which logging in with single sign-on (SSO) did not work after a failed authorization attempt.

    • Fixed a migration error. This only affects Fleet instances that use MariaDB. MariaDB is not officially supported. Future issues specific to MariaDB may not be fixed quickly (or at all). We strongly advise migrating to MySQL 8.0.19+.

    • Fixed a bug on the Edit pack page in which no targets are shown in the target picker.

    • Fixed a styling bug on the Host details > Query > Select a query modal.

    Upgrading

    Please visit our update guide for upgrade instructions.

    Documentation

    Documentation for Fleet is available at fleetdm.com/docs.

    Binary Checksum

    SHA256

    04f0e251b182120bf23ae3c736ac1ada5c442f99fab02a1faec7c6ccc368ae8c fleetctl_v4.20.1_macos.zip 177b28735aba69cb2c0e809b5f795c2ea732a85e9877654a8a00ff4ec96e7133 fleet_v4.20.1_linux.tar.gz 30e279b28d71c4f89080b445ccfca8b38633fdd78ab33cbc5c3fa31fbdaf119e fleetctl_v4.20.1_linux.zip 630c8e2301fb649c5cbf4333f55265124146e73230c863cd690428679f000e3c fleetctl_v4.20.1_windows.tar.gz 7440f0d22d3eb8d110d179af76e438f0e25e19801f708486a9a21894b1373a14 fleetctl_v4.20.1_macos.tar.gz 9ddb735375891d544e192641756b69df7d103633bf19a61dc215ff2f40d1a879 fleetctl_v4.20.1_linux.tar.gz d5a079d1b5a0713b510770e56d5ad9a1b2504e2194f2983a3969e74b8b65bed6 fleetctl_v4.20.1_windows.zip

    Source code(tar.gz)
    Source code(zip)
    checksums.txt(664 bytes)
    fleetctl_v4.20.1_linux.tar.gz(17.00 MB)
    fleetctl_v4.20.1_linux.zip(17.00 MB)
    fleetctl_v4.20.1_macos.tar.gz(16.83 MB)
    fleetctl_v4.20.1_macos.zip(16.83 MB)
    fleetctl_v4.20.1_windows.tar.gz(17.14 MB)
    fleetctl_v4.20.1_windows.zip(17.14 MB)
    fleet_v4.20.1_linux.tar.gz(30.70 MB)
  • fleet-v4.20.0(Sep 9, 2022)

    Changes

    Fleet Premium Users, please review the Upgrading section before updating to this version.

    • Add ability to know how many hosts, and which hosts, have Munki issues. This information is presented on the Home > macOS page and Host details page. This information is also available in the GET /api/v1/fleet/macadmins and GET /api/v1/fleet/hosts/{id}/macadmins and API routes.

    • Fleet Premium: Added ability to test features, like software inventory, on canary teams by adding a features section to the teams YAML document.

    • Improved vulnerability detection for macOS hosts by improving detection of Zoom, Ruby, and Node.js vulnerabilities. Warning: For users that download and sync Fleet's vulnerability feeds manually, there are required adjustments or else vulnerability processing will stop working. Users with the default vulnerability processing settings can safely upgrade without adjustments.

    • Fleet Premium: Improved the vulnerability automations by adding vulnerability scores (EPSS probability, CVSS scores, and CISA-known exploits) to the webhook payload. Read more about vulnerability automations on fleetdm.com/docs.

    • Renamed the host_settings section to features in the the config YAML file. But host_settings is still supported for backwards compatibility.

    • Improved the activity feed by adding the ability to see who modified agent options and when modifications occurred. This information is available on the Home page in the Fleet UI and the GET /activites API route.

    • Improved the config YAML documentation.

    • Improved the Hosts page for smaller screen widths.

    • Improved the building of osquery installers for Windows (.msi packages).

    • Added a Show query button on the Schedule page, which adds the ability to quickly see a query's SQL.

    • Improved the Fleet UI by adding loading spinners to all buttons that create or update entities in Fleet (e.g., users).

    • Fixed a bug in which a user could not reach some teams in the UI via pagination if there were more than 20 teams.

    • Fixed a bug in which a user could not reach some users in the UI via pagination if there were more than 20 users.

    • Fixed a bug in which duplicate vulnerabilities (CVEs) sometimes appeared on Software details page.

    • Fixed a bug in which the count in the Issues column (exclamation tooltip) in the Hosts table would sometimes not appear.

    • Fixed a bug in which no error message would appear if there was an issue while setting up Fleet.

    • Fixed a bug in which no error message would appear if users were creating or editing a label with a name or description that was too long.

    • Fixed a big in which the example payload for usage statistics included incorrect key names.

    • Fixed a bug in which the count above the Software table would sometimes not appear.

    • Fixed a bug in which the Add hosts button would not be displayed when search returned 0 hosts.

    • Fixed a bug in which modifying filters on the Hosts page would not return the user to the first page of the Hosts table.

    Upgrading

    Fleet Premium Updating to this version will cause additional_queries to be removed from hosts that are enrolled in a team. If you are currently using additional_queries in your Global Agent Options, they will also need to be applied to each team's Agent Options.

    Please visit our update guide for additional upgrade instructions.

    Documentation

    Documentation for Fleet is available at fleetdm.com/docs.

    Binary Checksum

    SHA256

    1d0b05f9c8084c0882def77acbd35b8b1ef7240c81b113a00bd030703df6cf16 fleetctl_v4.20.0_macos.tar.gz 41b618a6e4d9a707ef0a1f5f23692ac6b22fb1ee4108561cabdab456f0650207 fleetctl_v4.20.0_macos.zip 778c0f112f7e85f72e8c3b098297f1fcf841deb1d6a0c458f549a2c913c99eeb fleetctl_v4.20.0_linux.tar.gz 954e49e11f95332497e1a94169efdea30584336196daf8022c45212a1f10c925 fleet_v4.20.0_linux.tar.gz 9873a7d2e99f25d307de247ff2cdeb150e2a8f5afb19a25c40cf919afb415ecf fleetctl_v4.20.0_linux.zip bbfde0fc7a8580e77587399b9b8728181e4dd605cbd810649e6b57ca35dce8c0 fleetctl_v4.20.0_windows.tar.gz e6567e49b021fa51105731dcd31755c331aa498494beccf027512ea0c795c620 fleetctl_v4.20.0_windows.zip

    Source code(tar.gz)
    Source code(zip)
    checksums.txt(664 bytes)
    fleetctl_v4.20.0_linux.tar.gz(15.95 MB)
    fleetctl_v4.20.0_linux.zip(15.95 MB)
    fleetctl_v4.20.0_macos.tar.gz(15.78 MB)
    fleetctl_v4.20.0_macos.zip(15.77 MB)
    fleetctl_v4.20.0_windows.tar.gz(16.05 MB)
    fleetctl_v4.20.0_windows.zip(16.05 MB)
    fleet_v4.20.0_linux.tar.gz(29.49 MB)
  • fleet-v4.19.1(Sep 1, 2022)

    Changes

    • Fix a migration error that may occur when upgrading to Fleet 4.19.0.

    • Fix a bug in which the incorrect operating system was displayed for Windows hosts on the Hosts page and Host details page.

    Upgrading

    Please visit our update guide for upgrade instructions.

    Documentation

    Documentation for Fleet is available at fleetdm.com/docs.

    Binary Checksum

    SHA256

    5cb88254e7afc8acfe5920070e075857238b348068526e74ac3b4900b1b831b4  fleetctl_v4.19.1_linux.zip
    92a8c17fa8c79a77d009f95184ae1e655e0d5015f863dc8f115d733747e307cc  fleetctl_v4.19.1_macos.tar.gz
    9f354f18afda05be35d5fa22bb36622bd959b6480ccf8e10129c4b49a1e8fa66  fleet_v4.19.1_linux.tar.gz
    c2c8408069c123bd5a546015cdade8226fc75d137289dc83232f4a96eff9dfe6  fleetctl_v4.19.1_windows.zip
    c4b599b73b2550af2802721e2f7869d40a38b2b58faf54fa34f282966b427e18  fleetctl_v4.19.1_linux.tar.gz
    e9184737276593d2d5a1985a4af3f89b1f8a0a34b093ca184c85bb7f39a96b8e  fleetctl_v4.19.1_macos.zip
    f51ec21998b299846bad9d8ad157e75e96e6b22d0b56e86b399eed976b4e56a8  fleetctl_v4.19.1_windows.tar.gz
    
    Source code(tar.gz)
    Source code(zip)
    checksums.txt(664 bytes)
    fleetctl_v4.19.1_linux.tar.gz(15.93 MB)
    fleetctl_v4.19.1_linux.zip(15.92 MB)
    fleetctl_v4.19.1_macos.tar.gz(15.76 MB)
    fleetctl_v4.19.1_macos.zip(15.75 MB)
    fleetctl_v4.19.1_windows.tar.gz(16.03 MB)
    fleetctl_v4.19.1_windows.zip(16.03 MB)
    fleet_v4.19.1_linux.tar.gz(29.42 MB)
  • fleet-v4.19.0(Aug 23, 2022)

    We have found an issue in v4.19.0 that may cause migration errors if you have hosts with multiple versions of the same software installed from different sources.

    Please skip this release and install v4.19.1

    If you have already upgraded Fleet and are seeing issues with software inventory or are seeing error with migrations, dropping the software table from the Fleet database should resolve those issues. The table will be repopulated as hosts check back in.

    We’re sorry this one slipped past us! If you have any questions, comments or concerns please don’t hesitate to reach out. We’re more than happy to help!

    Changes

    • Fleet Premium: De-anonymize usage statistics by adding an organization property to the usage statistics payload. For Fleet Free instances, organization is reported as "unknown". Documentation on how to disable usage statistics, can be found here on fleetdm.com.

    • Fleet Premium: Added support for Just-in-time (JIT) user provisioning via SSO. This adds the ability to automatically create Fleet user accounts when a new users attempts to log in to Fleet via SSO. New Fleet accounts are given the Observer role.

    • Improved performance for aggregating software inventory. Aggregate software inventory is displayed on the Software page in the Fleet UI.

    • Added the ability to see the vendor for Windows programs in software inventory. Vendor data is available in the GET /software API route.

    • Added a Mobile device management (MDM) solutions table to the Home > macOS page. This table allows users to see a list of all MDM solutions their hosts are enrolled to and drill down to see which hosts are enrolled to each solution. Note that MDM solutions data is updated as hosts send fresh osquery results to Fleet. This typically occurs in an hour or so of upgrading.

    • Added a Operating systems table to the Home > Windows page. This table allows users to see a list of all Windows operating systems (ex. Windows 10 Pro 21H2) their hosts are running and drill down to see which hosts are running which version. Note that Windows operating system data is updated as hosts send fresh osquery results to Fleet. This typically occurs in an hour or so of upgrading.

    • Added a message in fleetctl to that notifies users to run fleet prepare instead of fleetctl prepare when running database migrations for Fleet.

    • Improved the Fleet UI by maintaining applied, host filters when a user navigates back to the Hosts page from an individual host's Host details page.

    • Improved the Fleet UI by adding consistent styling for Cancel buttons.

    • Improved the Queries, Schedule, and Policies pages in the Fleet UI by page size to 20 items.

    • Improve the Fleet UI by informing the user that Fleet only supports screen widths above 768px.

    • Added support for asynchronous saving of the hosts' scheduled query statistics. This is an experimental feature and should only be used if you're seeing performance issues. Documentation for this feature can be found here on fleetdm.com.

    • Fixed a bug in which the Operating system and Munki versions cards on the Home > macOS page would not stack vertically at smaller screen widths.

    • Fixed a bug in which multiple Fleet Desktop icons would appear on macOS computers.

    • Fixed a bug that prevented Windows (.msi) installers from being generated on Windows machines.

    Upgrading

    Please visit our update guide for upgrade instructions.

    Documentation

    Documentation for Fleet is available at fleetdm.com/docs.

    Binary Checksum

    SHA256

    452ca07f5123a6173dd6342440bdcdc4acae5a020284805bdf2cf8452f0bc1a1  fleetctl_v4.19.0_linux.zip
    545782e246fc91b501cad2bb688173d89b297afc9d78d76af41473e70fb0cb13  fleet_v4.19.0_linux.tar.gz
    5867be4e25d18c94e8cb10af27c024ff0755f1c62f7c07568835917e4565b336  fleetctl_v4.19.0_windows.tar.gz
    88cbbf39a58a72e5c891277d78315b08ff295b57dc6eff3645f1c08ae5cd5687  fleetctl_v4.19.0_linux.tar.gz
    b525ec428a0f290475148fd3e49a1043dd62199afeca10ca9f26f109aa61ae5a  fleetctl_v4.19.0_macos.zip
    d40dd7dbc4c715dfebc04b3dd5eaefeb7283b241f13df756ab3b224f69a7ddce  fleetctl_v4.19.0_windows.zip
    e187db62dec21c3aad1884506ec30ed67c3748ae1d438e5935121d6e117e02cf  fleetctl_v4.19.0_macos.tar.gz
    
    Source code(tar.gz)
    Source code(zip)
    checksums.txt(664 bytes)
    fleetctl_v4.19.0_linux.tar.gz(15.92 MB)
    fleetctl_v4.19.0_linux.zip(15.92 MB)
    fleetctl_v4.19.0_macos.tar.gz(15.75 MB)
    fleetctl_v4.19.0_macos.zip(15.75 MB)
    fleetctl_v4.19.0_windows.tar.gz(16.03 MB)
    fleetctl_v4.19.0_windows.zip(16.03 MB)
    fleet_v4.19.0_linux.tar.gz(29.41 MB)
  • fleet-v4.18.0(Aug 1, 2022)

    Changes

    • Added a Call to Action to the failing policy banner in Fleet Desktop. This empowers end-users to manage their device's compliance.

    • Introduced rate limiting for device authorized endpoints to improve the security of Fleet Desktop.

    • Improved styling for tooltips, dropdowns, copied text, checkboxes and buttons.

    • Fixed a bug in the Fleet UI causing text to be truncated in tables.

    • Fixed a bug affecting software vulnerabilities count in Host Details.

    • Fixed "Select Targets" search box and updated to reflect currently supported search values: hostname, UUID, serial number, or IPv4.

    • Improved disk space reporting in Host Details.

    • Updated frequency formatting for Packs to match Schedules.

    • Replaced "hosts" count with "results" count for live queries.

    • Replaced "Uptime" with "Last restarted" column in Host Details.

    • Removed vulnerabilities that do not correspond to a CVE in Fleet UI and API.

    • Added standard password requirements when users are created by an admin.

    • Updated the regexp we use for detecting the major/minor version on OS platforms.

    • Improved calculation of battery health based on cycle count. “Normal” corresponds to cycle count < 1000 and “Replacement recommended” corresponds to cycle count >= 1000.

    • Fixed an issue with double quotes usage in SQL query, caused by enabling ANSI_QUOTES in MySQL.

    • Added automated tests for Fleet upgrades.

    Upgrading

    Please visit our update guide for upgrade instructions.

    Documentation

    Documentation for Fleet is available at fleetdm.com/docs.

    Binary Checksum

    SHA256

    39820710f7979598df931d66e5ad10bd64f5ad2278546bdfc0c9f022e26361ef  fleetctl_v4.18.0_windows.tar.gz
    5cd874fccdde12a7a066cd59099b3cba42471290b5bcb8436faab2a7a6e8e20e  fleetctl_v4.18.0_linux.zip
    9613e28c977288ef96a9c1114842db9655ace6ef5ebaff0809395270a07697fe  fleetctl_v4.18.0_windows.zip
    b592d9c90cecc3255c3176870d379ed99c0359876b39da8ca84d111c383add4f  fleet_v4.18.0_linux.tar.gz
    c23d23184341dd40b01b68ce110edc3af8fc11e40809063ac8f040517948784b  fleetctl_v4.18.0_linux.tar.gz
    f3f37048af3ac746edd3f1eecfabf3e46feaa539e1317e0ab68c96d957c17937  fleetctl_v4.18.0_macos.tar.gz
    b63c467af524690ed7475e5d1dcd210faa58766530a3f92a58a647dfb3b5be6d  fleetctl_v4.18.0_macos.zip
    
    Source code(tar.gz)
    Source code(zip)
    checksums.txt(664 bytes)
    fleetctl_v4.18.0_linux.tar.gz(15.90 MB)
    fleetctl_v4.18.0_linux.zip(15.90 MB)
    fleetctl_v4.18.0_macos.tar.gz(16.10 MB)
    fleetctl_v4.18.0_macos.zip(16.11 MB)
    fleetctl_v4.18.0_windows.tar.gz(16.00 MB)
    fleetctl_v4.18.0_windows.zip(16.00 MB)
    fleet_v4.18.0_linux.tar.gz(29.32 MB)
  • fleet-v4.17.1(Jul 26, 2022)

    Changes

    • Fixed a bug causing an error when converting users to SSO login.

    • Fixed a bug causing the Edit User modal to hang when editing multiple users.

    • Fixed a bug that caused Ubuntu hosts to display an inaccurate OS version.

    • Fixed a bug affecting exporting live query results.

    • Fixed a bug in the Fleet UI affecting live query result counts.

    • Improved Battery Health processing to better reflect the health of batteries for M1 Macs.

    Upgrading

    Please visit our update guide for upgrade instructions.

    Documentation

    Documentation for Fleet is available at fleetdm.com/docs.

    Binary Checksum

    SHA256

    d8934c9dcb7f762beb86fbb2e20d62e3fea3ce93bcd5c347c416c682064ff47e  fleetctl_v4.17.1_macos.tar.gz
    b57efe08b92dacb34fe279a2c95f23f41ab97f066e14e8939873d0681b0b8361  fleetctl_v4.17.1_macos.zip
    4c8fd03b92ec4e4110bd0afa1dff66d1984da2d2f91f5717d7daad3ae76b2abf  fleetctl_v4.17.1_linux.zip
    79324f092c29d3482adddad90916eb8c85e86101add81ae1527d4ca1b717d5fe  fleetctl_v4.17.1_windows.zip
    bbce831b0996be1263002e9987dcd4e532e9146087c8d41678b38d2a9ff3407d  fleet_v4.17.1_linux.tar.gz
    d7444355d6da9fce05e1df4adff0f28a0d7eb62cb69cfe1cc7cb38a900c6b48e  fleetctl_v4.17.1_windows.tar.gz
    e8a48b5b491e72c13644cea7cc7f6197e4247200ffdf3a95a1b1e7c507e0d411  fleetctl_v4.17.1_linux.tar.gz
    
    Source code(tar.gz)
    Source code(zip)
    checksums.txt(664 bytes)
    fleetctl_v4.17.1_linux.tar.gz(15.62 MB)
    fleetctl_v4.17.1_linux.zip(15.63 MB)
    fleetctl_v4.17.1_macos.tar.gz(15.71 MB)
    fleetctl_v4.17.1_macos.zip(15.71 MB)
    fleetctl_v4.17.1_windows.tar.gz(15.74 MB)
    fleetctl_v4.17.1_windows.zip(15.74 MB)
    fleet_v4.17.1_linux.tar.gz(28.81 MB)
  • fleet-v4.17.0(Jul 9, 2022)

    Changes

    • Added the number of hosts enrolled by operating system (OS) and its version to usage statistics. Also added the weekly active users count to usage statistics. Documentation on how to disable usage statistics, can be found here on fleetdm.com.

    • Fleet Premium and Fleet Free: Fleet Desktop is officially out of beta. This application shows users exactly what's going on with their device and gives them the tools they need to make sure it is secure and aligned with policies. They just need to click an icon in their menu bar.

    • Fleet Premium and Fleet Free: Fleet's osquery installer is officially out of beta. Orbit is a lightweight wrapper for osquery that allows you to easily deploy, configure and keep osquery up-to-date across your organization.

    • Added native support for M1 Macs in Fleet Desktop.

    • Added battery health tracking to Host details page.

    • Improved reporting of error states on the health dashboard and added separate health checks for MySQL and Redis with /healthz?check=mysql and /healthz?check=redis.

    • Improved SSO login failure messaging.

    • Fixed osquery tables that report incorrect platforms.

    • Added docker_container_envs table to the osquery table schema on the *Query page.

    • Updated Fleet host detail query so that the os_version for Ubuntu hosts reflects the accurate patch number.

    • Improved accuracy of software_host_counts by removing hosts from the count if any software has been uninstalled.

    • Improved accuracy of the last_restarted date.

    • Fixed /api/_version_/fleet/hosts/identifier/{identifier} to return the correct value for host.status.

    • Improved logging when fleetctl encounters permissions errors.

    • Added support for scanning RHEL-based and Fedora hosts for vulnerable software using OVAL definitions.

    • Fixed SQL generated for operating system version policies to reduce false negatives.

    Upgrading

    Please visit our update guide for upgrade instructions.

    Documentation

    Documentation for Fleet is available at fleetdm.com/docs.

    Binary Checksum

    SHA256

    5e33fda754a0530464843b876630e44e8a5bc8ce5ddb41af0976f8eb7d5c8dfa  fleetctl_v4.17.0_linux.tar.gz
    78c68d8033cdeaab2720e58ddde663c807ce865ea8d39d91358f1d90cbfee3fd  fleetctl_v4.17.0_windows.zip
    9ab0f76ad56bc8de1402c0bc5446263ea4bbfcd7842b446e0c258a709a4e42b7  fleetctl_v4.17.0_linux.zip
    a2c55ceb92a88cc83f376ef08fc275412d8fa86788b6d16718782c799b73e0e6  fleetctl_v4.17.0_windows.tar.gz
    f43c3a13c0de38332f24860c49a1c53c260a94a5e8dfe6ef18fe55d73504dee5  fleet_v4.17.0_linux.tar.gz
    11b8fd0af84363a3eb0f44dcf96048df0f0df3420daaf9d9873b2c4b8e6c77d5  fleetctl_v4.17.0_macos.tar.gz
    471e23651feb6a52a6b3c6500e2018d1a936c08ac70bbb0c55cbe1cb335d3c2a  fleetctl_v4.17.0_macos.zip
    
    Source code(tar.gz)
    Source code(zip)
    checksums.txt(664 bytes)
    fleetctl_v4.17.0_linux.tar.gz(15.62 MB)
    fleetctl_v4.17.0_linux.zip(15.63 MB)
    fleetctl_v4.17.0_macos.tar.gz(15.71 MB)
    fleetctl_v4.17.0_macos.zip(15.71 MB)
    fleetctl_v4.17.0_windows.tar.gz(15.74 MB)
    fleetctl_v4.17.0_windows.zip(15.74 MB)
    fleet_v4.17.0_linux.tar.gz(28.81 MB)
  • fleet-v4.16.0(Jun 21, 2022)

    Fleet 4.16.0 (Jun 20, 2022)

    • Fleet Premium: Added the ability to set a Custom URL for the "Transparency" link included in Fleet Desktop. This allows you to use custom branding, as well as gives you control over what information you want to share with your end-users.

    • Fleet Premium: Added scoring to vulnerability detection, including EPSS probability score, CVSS base score, and known exploits. This helps you to quickly categorize which threats need attention today, next week, next month, or "someday."

    • Added a ticket-workflow for policy automations. Configured Fleet to automatically create a Jira issue or Zendesk ticket when one or more hosts fail a specific policy.

    • Added Open Vulnerability and Assement Language (OVAL) processing for Ubuntu hosts. This increases the accuracy of detected vulnerabilities.

    • Added software details page to the Fleet UI.

    • Improved live query experience by saving the state of selected targets and adding count of visible results when filtering columns.

    • Fixed an issue where the Device user page redirected to login if an expired session token was present.

    • Fixed an issue that caused a delay in availability of My device in Fleet Desktop.

    • Added support for custom headers for requests made to fleet instances by the fleetctl command.

    • Updated to an improved users query in every query we send to osquery.

    • Fixed no such table errors for mdm and munki_info for vanilla osquery MacOS hosts.

    • Fixed data inconsistencies in policy counts caused when a host was re-enrolled without a team or in a different one.

    • Fixed a bug affecting fleetctl debug archive and errors commands on Windows.

    • Added /api/_version_/fleet/device/{token}/policies to retrieve policies for a specific device. This endpoint can only be accessed with a premium license.

    • Added POST /targets/search and POST /targets/count API endpoints.

    • Updated GET /software, GET /software/{:id}, and GET /software/count endpoints to no include software that has been removed from hosts, but not cleaned up yet (orphaned).

    Upgrading

    Please visit our update guide for upgrade instructions.

    Documentation

    Documentation for Fleet is available at fleetdm.com/docs.

    Binary Checksums

    SHA256

    6e07d250d31c0614d879dd24e8649c8b7fa460a789dd10b87d09166bbdabdef5  fleetctl_v4.16.0_windows.zip
    9102a84cdeaed83e36079a63639d84c72a5cde4661cc8c35baac5768448dda69  fleet_v4.16.0_linux.tar.gz
    960a9eb2aa2afaebe22bc979549851720feedfa4b194bd56146beb41272b7704  fleetctl_v4.16.0_linux.tar.gz
    9ad3352d16fa53ce2a1da2a41e95a231c559265bd2307b7521fe731af7dd9671  fleetctl_v4.16.0_windows.tar.gz
    d82f6f404b5bb43f38fca4ff437bb50376ad1e43f375ce60726893ea09c21ad5  fleetctl_v4.16.0_linux.zip
    7d8a5263a344d7e4a307503526cdd9da08e9420f4363197c069dd790574e3f4d  fleetctl_v4.16.0_macos.tar.gz
    3230af343abf3c0a1627b3082a5676ba19416bf0f3df1bd8f07037174d50a788  fleetctl_v4.16.0_macos.zip
    
    Source code(tar.gz)
    Source code(zip)
    checksums.txt(663 bytes)
    fleetctl_v4.16.0_linux.tar.gz(16.23 MB)
    fleetctl_v4.16.0_linux.zip(16.23 MB)
    fleetctl_v4.16.0_macos.tar.gz(16.33 MB)
    fleetctl_v4.16.0_macos.zip(16.33 MB)
    fleetctl_v4.16.0_windows.tar.gz(16.34 MB)
    fleetctl_v4.16.0_windows.zip(16.34 MB)
    fleet_v4.16.0_linux.tar.gz(29.44 MB)
  • fleet-v4.15.0(May 27, 2022)

    Changes

    • Expanded beta support for vulnerability reporting to include both Zendesk and Jira integration. This allows users to configure Fleet to automatically create a Zendesk ticket or Jira issue when a new vulnerability (CVE) is detected on your hosts.

    • Expanded beta support for Fleet Desktop to Mac and Windows hosts. Fleet Desktop allows the device user to see information about their device. To add Fleet Desktop to a host, generate a Fleet-osquery installer with fleetctl package and include the --fleet-desktop flag. Then, open this installer on the device.

    • Added the ability to see when software was last used on Mac hosts in the Host Details view in the Fleet UI. Allows you to know how recently an application was accessed and is especially useful when making decisions about whether to continue subscriptions for paid software and distributing licensces.

    • Improved security by increasing the minimum password length requirement for Fleet users to 12 characters.

    • Added Policies tab to Host Details page for Fleet Premium users.

    • Added device_mapping to host information in UI and API responses.

    • Deprecated "MIA" host status in UI and API responses.

    • Added CVE scores to /software API endpoint responses when available.

    • Added all_linux_count and builtin_labels to GET /host_summary response.

    • Added "Bundle identifier" information as tooltip for macOS applications on Software page.

    • Fixed an issue with detecting root directory when using orbit shell.

    • Fixed an issue with duplicated hosts being sent in the vulnerability webhook payload.

    • Added the ability to select columns when exporting hosts to CSV.

    • Improved the output of fleetclt debug errors and added the ability to print the errors to stdout via the -stdout flag.

    • Added support for Docker Compose V2 to fleetctl preview.

    • Added experimental option to save responses to host_last_seen queries to the database in batches as well as the ability to configure enable_async_host_processing settings for host_last_seen, label_membership and policy_membership independently.

    • Expanded wifi_networks table to include more data on macOS and fixed compatibility issues with newer MacOS releases.

    • Improved precision in unseen hosts reports sent by the host status webhook.

    • Increased MySQL group_concat_max_len setting from default 1024 to 4194304.

    • Added validation for pack scheduled query interval.

    • Fixed instructions for enrolling hosts using osqueryd.

    Upgrading

    Please visit our update guide for upgrade instructions.

    Documentation

    Documentation for Fleet is available at fleetdm.com/docs.

    Binary Checksum

    SHA256

    08153d5f3e2f5f72fec7692809f23d1d9e8c5d94073c7cb5a889ebaf703079be  fleetctl_v4.15.0_linux.tar.gz
    14efca77f84c4f4a908fa95cfc08b47cb0d0c723ca102b86c2d3ad7cd0b31c11  fleetctl_v4.15.0_windows.zip
    2eaf1d24793dcd2f22d5e89fb4c331d3e2737a59b9cedf67de1f2c60a70eb049  fleetctl_v4.15.0_linux.zip
    557d7b9986d0b07dc4afb279fdf53cbbc69c693da478c1a949e1fcee1b644d47  fleetctl_v4.15.0_macos.zip
    80c5062704e6bf5f26e2e07abf3d7577458ed3df51c64b78bd3e1ef79f0f8336  fleet_v4.15.0_linux.tar.gz
    8d73afbb4e5dd68359acf6d11f8d2fc02af81111b713300b57f4228053ebb1a6  fleetctl_v4.15.0_macos.tar.gz
    9975000159979de37c11176f0b4237a8d0ba0abce5b6b61ee2ce4a8b6fce9f9a  fleetctl_v4.15.0_windows.tar.gz
    
    Source code(tar.gz)
    Source code(zip)
    checksums.txt(664 bytes)
    fleetctl_v4.15.0_linux.tar.gz(16.16 MB)
    fleetctl_v4.15.0_linux.zip(16.16 MB)
    fleetctl_v4.15.0_macos.tar.gz(15.91 MB)
    fleetctl_v4.15.0_macos.zip(15.91 MB)
    fleetctl_v4.15.0_windows.tar.gz(16.27 MB)
    fleetctl_v4.15.0_windows.zip(16.27 MB)
    fleet_v4.15.0_linux.tar.gz(28.35 MB)
  • fleet-v4.14.0(May 9, 2022)

    Changes

    • Add beta support for Jira integration. This allows users to configure Fleet to automatically create a Jira issue when a new vulnerability (CVE) is detected on your hosts.

    • Add a "Show query" button on the live query results page. This allows users to double-check the syntax used and compare this to their results without leaving the current view.

    • Add a Postman Collection for the Fleet API. This allows users to easily interact with Fleet's API routes so that they can build and test integrations.

    • Add beta support for Fleet Desktop on Linux. Fleet Desktop allows the device user to see information about their device. To add Fleet Desktop to a Linux device, first add the --fleet-desktop flag to the fleectl package command to generate a Fleet-osquery installer that includes Fleet Desktop. Then, open this installer on the device.

    • Add last_opened_at property, for macOS software, to the Host details API route (GET /hosts/{id}).

    • Improve the Settings pages in the the Fleet UI.

    • Improve error message retuned when running fleetctl query command with missing or misspelled hosts.

    • Improve the empty states and forms on the Policies page, Queries page, and Host details page in the Fleet UI.

    • All duration settings returned by fleetctl get config --include-server-config were changed from nanoseconds to an easy to read format.
    • Fix a bug in which the "Bundle identifier" tooltips displayed on Host details > Software did not render correctly.

    • Fix a bug in which the Fleet UI would render an empty Google Chrome profiles on the Host details page.

    • Fix a bug in which the Fleet UI would error when entering the "@" characters in the Search targets field.

    • Fix a bug in which a scheduled query would display the incorrect name when editing the query on the Schedule page.

    • Fix a bug in which a deprecation warning would be displayed when generating a deb or rpm Fleet-osquery package when running the fleetctl package command.

    • Fix a bug that caused panic errors when running the fleet serve --debug command.

    Upgrading

    Please visit our update guide for upgrade instructions.

    Documentation

    Documentation for Fleet is available at fleetdm.com/docs.

    Binary Checksum

    SHA256

    1198ff837f228d786ade25af7cc7db8478aab49f1cbff49ceba7d9c7e025111e  fleetctl_v4.14.0_windows.tar.gz
    37ecb349b478340d89c20979b5ef95c4408589eaa0a388be7ffea83514145086  fleetctl_v4.14.0_linux.zip
    869750e96fceb615a29186577bc81c3aedd4f36c6e6ccb41d233cb6d6fbe7fc7  fleetctl_v4.14.0_windows.zip
    efd4d60d6ccb0ef41279969f8215da31dd6fb64d29225c4607065a5b1419ef3d  fleetctl_v4.14.0_macos.tar.gz
    09a82fe3ebb60a63b45d317854029dc95b16984ad6878a5c3bc3ebbe9422b223  fleetctl_v4.14.0_macos.zip
    cd50f058724cdde07edcc3cf89c83e9c5cd91ca41974ea470ae660cb50dd04a1  fleetctl_v4.14.0_linux.tar.gz
    ec8c6282955adc49d9dde92d5adbf41465b1e2e8174fd8ca548d0132f9b0a217  fleet_v4.14.0_linux.tar.gz
    
    Source code(tar.gz)
    Source code(zip)
    checksums.txt(664 bytes)
    fleetctl_v4.14.0_linux.tar.gz(15.74 MB)
    fleetctl_v4.14.0_linux.zip(15.74 MB)
    fleetctl_v4.14.0_macos.tar.gz(15.83 MB)
    fleetctl_v4.14.0_macos.zip(15.83 MB)
    fleetctl_v4.14.0_windows.tar.gz(15.86 MB)
    fleetctl_v4.14.0_windows.zip(15.86 MB)
    fleet_v4.14.0_linux.tar.gz(27.42 MB)
  • fleet-v4.13.2(Apr 25, 2022)

    Changes

    • Fix a bug in which the "Operating systems" table on the Home > macOS page wouldn't update. This bug only affects deployments using MySQL < 5.7.22 or equivalent AWS RDS Aurora < 2.10.1. Note that this bug affects deployments that use Fleet's Terraform (uses AWS RDS Aurora 2.10.0).

    Upgrading

    Please visit our update guide for upgrade instructions.

    Documentation

    Documentation for Fleet is available at fleetdm.com/docs.

    Binary Checksum

    SHA256

    15409c39b5b7719064e9b30cd17682918e890dd0964be52d031f1921de96c8f9  fleetctl_v4.13.2_macos.tar.gz
    1a3ea0f5774139073e4c7dcf40b9eda2b67ba985245639a71e101d0e5b9e76e7  fleetctl_v4.13.2_windows.zip
    3c3fdecf86fe70ac3eb99824437f80b5dd8b3bfb67d2870ed5453322f288d3df  fleetctl_v4.13.2_linux.zip
    543d2bafbba99f732b2fb0531cb2f54150853f37694b92bb6e31099af7e34557  fleetctl_v4.13.2_linux.tar.gz
    867181a136208061c09cd91ec975746aaf65ec2fffab8427c02fbfb1bae92627  fleetctl_v4.13.2_macos.zip
    af6549dc5c754172a00d312cfb7b3d8cd046482690668ffcbff765159487478a  fleetctl_v4.13.2_windows.tar.gz
    fc6b741d668834f4574d336b5fdfb6165c65fcab14abf91cd254b5e2a1484d8f  fleet_v4.13.2_linux.tar.gz
    
    Source code(tar.gz)
    Source code(zip)
    checksums.txt(664 bytes)
    fleetctl_v4.13.2_linux.tar.gz(15.71 MB)
    fleetctl_v4.13.2_linux.zip(15.71 MB)
    fleetctl_v4.13.2_macos.tar.gz(15.46 MB)
    fleetctl_v4.13.2_macos.zip(15.47 MB)
    fleetctl_v4.13.2_windows.tar.gz(15.84 MB)
    fleetctl_v4.13.2_windows.zip(15.84 MB)
    fleet_v4.13.2_linux.tar.gz(27.29 MB)
  • fleet-v4.13.1(Apr 20, 2022)

    Changes

    • Fixes an SSO login issue introduced in 4.13.0.

    • Fixes authorization errors encountered on the frontend login and live query pages.

    Upgrading

    Please visit our update guide for upgrade instructions.

    Documentation

    Documentation for Fleet is available at fleetdm.com/docs.

    Binary Checksum

    SHA256

    1991f5bd8d7d2bad323cc00ffadb248e605437f363396c214b8ad9ed492cec20  fleetctl_v4.13.1_linux.zip
    3ef961a43c0b0d7d82973139beff17136cf2d0d5a86278e46214f33e693cda29  fleetctl_v4.13.1_linux.tar.gz
    ba8b49a9d9d9f169322106b53ed3dfb58a22f224b0025fbec57afac5a0fc490e  fleet_v4.13.1_linux.tar.gz
    3a1890e5a1d742bedf6d090007c85365470d2885e3876c03364e1a3057a911eb  fleetctl_v4.13.1_macos.tar.gz
    4c3aadb0d536075e690bf6909a02d119f5f6661470b97f4bd4218db4aed6422d  fleetctl_v4.13.1_macos.zip
    d72c3c113d267bbc0de47152c38f107b4644f79e9696f8a507aad97ca72a4c7a  fleetctl_v4.13.1_windows.tar.gz
    eac49845d9c9e694adfdb278447f6bf378ed92b5d86a5a9fe3fd7fc5f28bc1e5  fleetctl_v4.13.1_windows.zip
    
    Source code(tar.gz)
    Source code(zip)
    checksums.txt(664 bytes)
    fleetctl_v4.13.1_linux.tar.gz(15.71 MB)
    fleetctl_v4.13.1_linux.zip(15.71 MB)
    fleetctl_v4.13.1_macos.tar.gz(15.81 MB)
    fleetctl_v4.13.1_macos.zip(15.81 MB)
    fleetctl_v4.13.1_windows.tar.gz(15.84 MB)
    fleetctl_v4.13.1_windows.zip(15.84 MB)
    fleet_v4.13.1_linux.tar.gz(27.29 MB)
  • fleet-v4.13.0(Apr 18, 2022)

    Changes

    Known issues

    This release contains an issue with path validation in SSO, resulting in SSO users not able to login following an upgrade from a previous version of Fleet. If you use SSO we recommend installing 4.13.1.

    This is a security release.

    • Security: Fix several post-authentication authorization issues. Only Fleet Premium users that have team users are affected. Fleet Free users do not have access to the teams feature and are unaffected. See the following security advisory for details: https://github.com/fleetdm/fleet/security/advisories/GHSA-pr2g-j78h-84cr

    • Improve performance of software inventory on Windows hosts.

    • Add basic​_auth.username and basic_auth.password Prometheus configuration options. The GET /metrics API route is now disabled if these configuration options are left unspecified.

    • Fleet Premium: Add ability to specify a team specific "Destination URL" for policy automations. This allows the user to configure Fleet to send a webhook request to a unique location for policies that belong to a specific team. Documentation on what data is included the webhook request and when the webhook request is sent can be found here on fleedm.com/docs

    • Add ability to see the total number of hosts with a specific macOS version (ex. 12.3.1) on the Home > macOS page. This information is also available via the GET /os_versions API route.

    • Add ability to sort live query results in the Fleet UI.

    • Add a "Vulnerabilities" column to Host details > Software page. This allows the user see and search for specific vulnerabilities (CVEs) detected on a specific host.

    • Update vulnerability automations to fire anytime a vulnerability (CVE), that is detected on a host, was published to the National Vulnerability Database (NVD) in the last 30 days, is detected on a host. In previous versions of Fleet, vulnerability automations would fire anytime a CVE was published to NVD in the last 2 days.

    • Update the Policies page to ask the user to wait to see accurate passing and failing counts for new and recently edited policies.

    • Improve API-only (integration) users by removing the requirement to reset these users' passwords before use. Documentation on how to use API-only users can be found here on fleetdm.com/docs.

    • Improve the responsiveness of the Fleet UI by adding tablet screen width support for the Software, Queries, Schedule, Policies, Host details, Settings > Teams, and Settings > Users pages.

    • Add Beta support for integrating with Jira to automatically create a Jira issue when a new vulnerability (CVE) is detected on a host in Fleet.

    • Add Beta support for Fleet Desktop on Windows. Fleet Desktop allows the device user to see information about their device. To add Fleet Desktop to a Windows device, first add the --fleet-desktop flag to the fleectl package command to generate a Fleet-osquery installer that includes Fleet Desktop. Then, open this installer on the device.

    • Fix a bug in which downloading Fleet's vulnerability database failed if the destination directory specified was not in the tmp/ directory.

    • Fix a bug in which the "Updated at" time was not being updated for the "Mobile device management (MDM) enrollment" and "Munki versions" information on the Home > macOS page.

    • Fix a bug in which Fleet would consider Docker network interfaces to be a host's primary IP address.

    • Fix a bug in which tables in the Fleet UI would present misaligned buttons.

    • Fix a bug in which Fleet failed to connect to Redis in standalone mode.

    Upgrading

    Please visit our update guide for upgrade instructions.

    Documentation

    Documentation for Fleet is available at fleetdm.com/docs.

    Binary Checksum

    SHA256

    07a377b78a973192d8eb5380d3effb6323f08700a44a6bf9da0f7906bd71eb7c  fleetctl_v4.13.0_windows.tar.gz
    36c59106d083476396983a44c53f06d91107cafb1ec08943a30a2385ec4b55b1  fleetctl_v4.13.0_linux.tar.gz
    41580e1696c25e12ab882d5d40cd28b3947f131870da9c897ddf93304eb10015  fleetctl_v4.13.0_windows.zip
    7a861552e6687364def9c55478d626e3da9a56ecf37ec978a17f9f8d77471522  fleet_v4.13.0_linux.tar.gz
    3b97db442762a8c7acbdc8949b42637cb3f1c830b623e0d368b54fadd150b68b  fleetctl_v4.13.0_macos.tar.gz
    0da2cfd4936c5e359c3e4347ef7214cbf5543f3c0e1e621a59bf146531f0cf06  fleetctl_v4.13.0_macos.zip
    daaddb3837c3bbfd68881756c56725fddd3320469efb69e9fcc41cd6c17cd568  fleetctl_v4.13.0_linux.zip
    
    Source code(tar.gz)
    Source code(zip)
    checksums.txt(664 bytes)
    fleetctl_v4.13.0_linux.tar.gz(15.71 MB)
    fleetctl_v4.13.0_linux.zip(15.71 MB)
    fleetctl_v4.13.0_macos.tar.gz(15.81 MB)
    fleetctl_v4.13.0_macos.zip(15.81 MB)
    fleetctl_v4.13.0_windows.tar.gz(15.84 MB)
    fleetctl_v4.13.0_windows.zip(15.84 MB)
    fleet_v4.13.0_linux.tar.gz(27.29 MB)
  • fleet-v4.12.1(Apr 5, 2022)

    Changes

    • Fix login error for non-SSO users when Fleet is deployed with a MySQL read replica.

    Upgrading

    Please visit our update guide for upgrade instructions.

    Documentation

    Documentation for Fleet is available at fleetdm.com/docs.

    Binary Checksum

    SHA256

    05103f811a9fbbe0224c6fa34170bea4f856aaee2536c3fb9f531214d2e3cc2e  fleetctl_v4.12.1_windows.zip
    1198363148c73aae8d52cae2980807011b607861525016221520ebefa76772b8  fleet_v4.12.1_linux.tar.gz
    4ab2110fcd0ca3b910144884df77998d0c6ae30c0d3d2c6f7ddd48375d0a6c8f  fleetctl_v4.12.1_windows.tar.gz
    795079e35b78f5f4e7b90dbf55cba457a09130739ce8ab1d9e7281c1f420fc0c  fleetctl_v4.12.1_linux.zip
    9b4f1d7e09fb9a5222e7d733766d35d9305643ae5c544cf39cb724bca3f4b321  fleetctl_v4.12.1_linux.tar.gz
    590bfee426f7c2a122f06bc2502d4b47a23d25f613c3e7f2dfcd18324e9aa60f  fleetctl_v4.12.1_macos.tar.gz
    f360795aac7a27f73faf5a9476c72b62712f6c9f8113ab540550c2fe62cb2dca  fleetctl_v4.12.1_macos.zip
    
    Source code(tar.gz)
    Source code(zip)
    checksums.txt(664 bytes)
    fleetctl_v4.12.1_linux.tar.gz(15.68 MB)
    fleetctl_v4.12.1_linux.zip(15.68 MB)
    fleetctl_v4.12.1_macos.tar.gz(15.77 MB)
    fleetctl_v4.12.1_macos.zip(15.78 MB)
    fleetctl_v4.12.1_windows.tar.gz(15.80 MB)
    fleetctl_v4.12.1_windows.zip(15.80 MB)
    fleet_v4.12.1_linux.tar.gz(27.08 MB)
  • fleet-v4.12.0(Mar 25, 2022)

    Changes

    • Add ability to update which platform (macOS, Windows, Linux) a policy is checked on.

    • Add ability to detect compatibility for custom policies.

    • Increase the default session duration to 5 days. Session duration can be updated using the session_duration configuration option.

    • Add ability to see the percentage of hosts that responded to a live query.

    • Add ability for users with admin permissions to update any user's password.

    • Add content_type_value Kafka REST Proxy configuration option to allow the use of different versions of the Kafka REST Proxy.

    • Add database_path GeoIP configuration option to specify a GeoIP database. When configured, geolocation information is presented on the Host details page and in the GET /hosts/{id} API route.

    • Add ability to retrieve a host's public IP address. This information is available on the Host details page and GET /hosts/{id} API route.

    • Add instructions and materials needed to add hosts to Fleet using plain osquery. These instructions can be found in Hosts > Add hosts > Advanced in the Fleet UI.

    • Add Beta support for Fleet Desktop on macOS. Fleet Desktop allows the device user to see information about their device. To add Fleet Desktop to a macOS device, first add the --fleet-desktop flag to the fleectl package command to generate a Fleet-osquery installer that includes Fleet Desktop. Then, open this installer on the device.

    • Reduce the noise of osquery status logs by only running a host vital query, which populate the Host details page, when the query includes tables that are compatible with a specific host.

    • Fix a bug on the Edit pack page in which the "Select targets" element would display the hover effect for the wrong target.

    • Fix a bug on the Software page in which software items from deleted hosts were not removed.

    • Fix a bug in which the platform for Amazon Linux 2 hosts would be displayed incorrectly.

    Upgrading

    Please visit our update guide for upgrade instructions.

    Documentation

    Documentation for Fleet is available at fleetdm.com/docs.

    Binary Checksum

    SHA256

    0dd3189eea3d53960ef31f35437fc39df595473aaf176cb140f825453ae194a8  fleetctl_v4.12.0_linux.zip
    0f21dd9e06553497bcd3a0b0419c644f5336bf261d6143ac6ce1bc55ca9f31bc  fleetctl_v4.12.0_linux.tar.gz
    1eccbf3a9f06f0eb8dae8107a8fc820ede3d0aeb8428bc0f840187115ba57bdf  fleetctl_v4.12.0_windows.tar.gz
    48456eef4f5226fb021563577a4bf546f8150a6d98404bb35a1acc0004f36c93  fleetctl_v4.12.0_windows.zip
    ba8a497f10169e7e30ece33b9c7603bfd19f121d9f351f82e83ed2e3fd9dd906  fleet_v4.12.0_linux.tar.gz
    79f3554f6969f256ae24575bf7b2f4f64e40f1dab527e737f8f16bff666d3852  fleetctl_v4.12.0_macos.tar.gz
    3bfff767be17e08ad03dbe13a641a24530ec40d7794982a780fd5e963976ebcc  fleetctl_v4.12.0_macos.zip
    
    Source code(tar.gz)
    Source code(zip)
    checksums.txt(663 bytes)
    fleetctl_v4.12.0_linux.tar.gz(15.68 MB)
    fleetctl_v4.12.0_linux.zip(15.68 MB)
    fleetctl_v4.12.0_macos.tar.gz(15.77 MB)
    fleetctl_v4.12.0_macos.zip(15.78 MB)
    fleetctl_v4.12.0_windows.tar.gz(15.80 MB)
    fleetctl_v4.12.0_windows.zip(15.80 MB)
    fleet_v4.12.0_linux.tar.gz(27.08 MB)
  • v0.0.7(Mar 10, 2022)

  • fleet-v4.11.0(Mar 7, 2022)

    Changes

    • Improve vulnerability processing to reduce the number of false positives for RPM packages on Linux hosts.

    • Fleet Premium: Add a teams key to the packs yaml document to allow adding teams as targets when using CI/CD to manage query packs.

    • Fleet premium: Add the ability to retrieve configuration for a specific team with the fleetctl get team --name <team-name-here> command.

    • Remove the expiration for API tokens for API-only users. API-only users can be created using the fleetctl user create --api-only command.

    • Improve performance of the osquery query used to collect software inventory for Linux hosts.

    • Update the activity feed on the Home page to include add, edit, and delete policy activities. Activity information is also available in the GET /activities API route.

    • Update Kinesis logging plugin to append newline character to raw message bytes to properly format NDJSON for downstream consumers.

    • Clarify why the "Performance impact" for some queries is displayed as "Undetermined" in the Fleet UI.

    • Add instructions for using plain osquery to add hosts to Fleet in the Fleet View these instructions by heading to Hosts > Add hosts > Advanced.

    • Fix a bug in which uninstalling Munki from one or more hosts would result in inaccurate Munki versions displayed on the Home > macOS page.

    • Fix a bug in which a user, with access limited to one or more teams, was able to run a live query against hosts in any team. This bug is not exposed in the Fleet UI and is limited to users of the POST run API route.

    • Fix a bug in the Fleet UI in which the "Select targets" search bar would not return the expected hosts.

    • Fix a bug in which global agent options were not updated correctly when editing these options in the Fleet UI.

    • Fix a bug in which the Fleet UI would incorrectly tag some URLs as invalid.

    • Fix a bug in which the Fleet UI would attempt to connect to an SMTP server when SMTP was disabled.

    • Fix a bug on the Software page in which the "Hosts" column was not filtered by team.

    • Fix a bug in which global maintainers were unable to add and edit policies that belonged to a specific team.

    • Fix a bug in which the operating system version for some Linux distributions would not be displayed properly.

    • Fix a bug in which configuring an identity provider name to a value shorter than 4 characters was not allowed.

    • Fix a bug in which the avatar would not appear in the top navigation.

    Upgrading

    Please visit our update guide for upgrade instructions.

    Documentation

    Documentation for Fleet is available at fleetdm.com/docs.

    Binary Checksum

    SHA256

    07a3828310dc08a73c932941072fd8aef215dd88eb062f11e92dba32f1f635a4  fleet_v4.11.0_linux.tar.gz
    1048814ec8546a39e8afc184da42a084497fc0f0f3bb744dc6bdd974c76bca71  fleetctl_v4.11.0_windows.zip
    38e9b9ef81087b4d6c48c1595bd3dac320cea804fc75befaeff598608f23ada5  fleetctl_v4.11.0_linux.tar.gz
    7c011f53b6c242dec24efdfdeee9d54d7c7880c78601299075a05934d2136b46  fleetctl_v4.11.0_macos.tar.gz
    b43dd53e8e655c666772af641a1d6bead5378ea56da2b404a7d76ec98b591104  fleetctl_v4.11.0_macos.zip
    dfffd4384c105a6b7b000f32e23998832871ae9b52a0b69a504aa02f60e52311  fleetctl_v4.11.0_windows.tar.gz
    e5e742d65bcb8da77e1b6d190b2acbf88a4ff210c73c4c39faa5af00a6b2e07a  fleetctl_v4.11.0_linux.zip
    
    Source code(tar.gz)
    Source code(zip)
    checksums.txt(664 bytes)
    fleetctl_v4.11.0_linux.tar.gz(15.59 MB)
    fleetctl_v4.11.0_linux.zip(15.59 MB)
    fleetctl_v4.11.0_macos.tar.gz(15.35 MB)
    fleetctl_v4.11.0_macos.zip(15.35 MB)
    fleetctl_v4.11.0_windows.tar.gz(15.73 MB)
    fleetctl_v4.11.0_windows.zip(15.72 MB)
    fleet_v4.11.0_linux.tar.gz(26.96 MB)
  • fleet-v4.10.0(Feb 14, 2022)

    Changes

    • Upgrade Go to 1.17.7 with security fixes for crypto/elliptic (CVE-2022-23806), math/big (CVE-2022-23772), and cmd/go (CVE-2022-23773). These are not likely to be high impact in Fleet deployments, but we are upgrading in an abundance of caution.

    • Add aggregate software and vulnerability information on the new Software page.

    • Add ability to see how many hosts have a specific vulnerable software installed on the Software page. This information is also available in the GET /api/v1/fleet/software API route.

    • Add ability to send a webhook request if a new vulnerability (CVE) is found on at least one host. Documentation on what data is included the webhook request and when the webhook request is sent can be found here on fleedm.com/docs.

    • Add aggregate Mobile Device Management and Munki data on the Home page.

    • Add email and URL validation across the entire Fleet UI.

    • Add ability to filter software by "Vulnerable" on the Host details page.

    • Update standard policy templates to use new naming convention. For example, "Is FileVault enabled on macOS devices?" is now "Full disk encryption enabled (macOS)."

    • Add db-innodb-status and db-process-list to fleetctl debug command.

    • Fleet Premium: Add the ability to generate a Fleet installer and manage enroll secrets on the Team details page.

    • A ability for users with the observer role to view which platforms (macOS, Windows, Linux) a query is compatible with.

    • Improve the experience for editing queries and policies in the Fleet UI.

    • Improve vulnerability processing for NPM packages.

    • Support triggering a webhook for newly detected vulnerabilities with a list of affected hosts.

    • Add filter software by CVE.

    • Add the ability to disable scheduled query performance statistics.

    • Add ability to filter the host summary information by platform (macOS, Windows, Linux) on the Home page.

    • Fix a bug in Fleet installers for Linux in which a computer restart would stop the host from reporting to Fleet.

    • Make sure ApplyTeamSpec only works with premium deployments.

    • Disable MDM, Munki, and Chrome profile queries on unsupported platforms to reduce log noise.

    • Properly handle paths in CVE URL prefix.

    Upgrading

    Please visit our update guide for upgrade instructions.

    Documentation

    Documentation for Fleet is available at fleetdm.com/docs.

    Binary Checksum

    SHA256

    4271c4443c98a5a8d991e177733b9f23415ff18bb1a3e8af0db54743795ee9ec  fleetctl_v4.10.0_windows.zip
    6c04039feab80d5dc1a449e23167d182236889d9712cae04370e7e2e99dfa179  fleetctl_v4.10.0_linux.tar.gz
    74df98b823a9096db1c3b9b748a24ce2bbed7413a5d89a5c1751aba6d29e12eb  fleetctl_v4.10.0_windows.tar.gz
    2d2ae88e855a127b2d9e97582a37930657c09604717fc98d239a56f43df02b36  fleetctl_v4.10.0_macos.tar.gz
    f39d88bf24ca2d04c1c130a44a43a618f195fe4803a66d7686c7572cf519097e  fleetctl_v4.10.0_macos.zip
    9fc801df0171d6170158303d225e2d76c99449102f0134f7b7c6365330fc345e  fleet_v4.10.0_linux.tar.gz
    ca265f141cea5fe91410c9a5efd38cf12e6d68d8cc986aec2dd981e6b5afedc3  fleetctl_v4.10.0_linux.zip
    
    Source code(tar.gz)
    Source code(zip)
    checksums.txt(665 bytes)
    fleetctl_v4.10.0_linux.tar.gz(14.70 MB)
    fleetctl_v4.10.0_linux.zip(14.70 MB)
    fleetctl_v4.10.0_macos.tar.gz(14.79 MB)
    fleetctl_v4.10.0_macos.zip(14.79 MB)
    fleetctl_v4.10.0_windows.tar.gz(14.84 MB)
    fleetctl_v4.10.0_windows.zip(14.84 MB)
    fleet_v4.10.0_linux.tar.gz(24.82 MB)
  • fleet-v4.9.1(Feb 3, 2022)

    Changes

    This is a security release.

    • Security: Fix a vulnerability in Fleet's SSO implementation that could allow a malicious or compromised SAML Service Provider (SP) to log into Fleet as an existing Fleet user. See https://github.com/fleetdm/fleet/security/advisories/GHSA-ch68-7cf4-35vr for details.

    • Allow MSI packages generated by fleetctl package to reinstall on Windows without uninstall.

    • Fix a bug in which a team's scheduled queries didn't render correctly on the Schedule page.

    • Fix a bug in which a new policy would always get added to "All teams" rather than the selected team.

    Upgrading

    Please visit our update guide for upgrade instructions.

    Documentation

    Documentation for Fleet is available on fleetdm.com/docs.

    Binary Checksum

    SHA256

    9f2ca99d482d249d0fc7d17f71a11592155c7f0cb43fff019da30ed1b875bf42  fleetctl_v4.9.1_macos.tar.gz
    2f7e1b857eaee1c66bc1ccf2bfc3a0195c44a5c2f3831ad4fc938c5312d541e5  fleetctl_v4.9.1_macos.zip
    3f22f610d7e46c66b9eeb4ff4b6eb87ce5452b3ec1473f6ecabb0086a07db415  fleet_v4.9.1_linux.tar.gz
    9153bbd792ebb1fc154cd742c19cd2248137bab49968bcaf5c0ac6ee577718fb  fleetctl_v4.9.1_windows.zip
    a255c0ab198ceaf4344b80e7d7fc2fd307b98d223fc1ffcadf2df9d0729e981b  fleetctl_v4.9.1_linux.zip
    bf29eb09d0583bb629893bb7a6177cbef4fbc967996c7db77471a4585085c2a3  fleetctl_v4.9.1_windows.tar.gz
    c930085bae6d8ad852924d4ec5d2b0dec33abd7c621452a0c365a61f75088fb9  fleetctl_v4.9.1_linux.tar.gz
    
    Source code(tar.gz)
    Source code(zip)
    checksums.txt(657 bytes)
    fleetctl_v4.9.1_linux.tar.gz(14.59 MB)
    fleetctl_v4.9.1_linux.zip(14.59 MB)
    fleetctl_v4.9.1_macos.tar.gz(14.65 MB)
    fleetctl_v4.9.1_macos.zip(14.66 MB)
    fleetctl_v4.9.1_windows.tar.gz(14.70 MB)
    fleetctl_v4.9.1_windows.zip(14.70 MB)
    fleet_v4.9.1_linux.tar.gz(24.48 MB)
  • fleet-v4.9.0(Jan 22, 2022)

    Changes

    • Add ability to apply a policy yaml document so that GitOps workflows can be used to create and modify policies.

    • Add ability to run a live query that returns 1,000+ results in the Fleet UI by adding client-side pagination to the results table.

    • Improve the accuracy of query platform compatibility detection by adding recognition for queries with the WITH expression.

    • Add ability to open a page in the Fleet UI in a new tab by "right-clicking" an item in the navigation.

    • Improve the live query API route (GET /api/v1/queries/run) so that it successfully return results for Fleet instances using a load balancer by reducing the wait period to 25 seconds.

    • Improve performance of the Fleet UI by updating loading states and reducing the number of requests made to the Fleet API.

    • Improve performance of the MySQL database by updating the queries used to populate host vitals and caching the results.

    • Add read_timeout Redis configuration option to customize the maximum amount of time Fleet should wait to receive a response from a Redis server.

    • Add write_timeout Redis configuration option to customize the maximum amount of time Fleet should wait to send a command to a Redis server.

    • Fix a bug in which browser extensions (Google Chrome, Firefox, and Safari) were not included in software inventory.

    • Improve the security of the Organization settings page by preventing the browser from requesting to save SMTP credentials.

    • Fix a bug in which an existing pack's targets were not cleaned up after deleting hosts, labels, and teams.

    • Fix a bug in which non-existent queries and policies would not return a 404 not found response.

    Performance

    • Our testing demonstrated an increase in max devices served in our load test infrastructure to 70,000 from 60,000 in v4.8.0.

    Load Test Infrastructure

    • Fleet server

      • AWS Fargate
      • 2 tasks with 1024 CPU units and 2048 MiB of RAM.
    • MySQL

      • Amazon RDS
      • db.r5.2xlarge
    • Redis

      • Amazon ElastiCache
      • cache.m5.large with 2 replicas (no cluster mode)

    What was changed to accomplish these improvements?

    • Optimized the updating and fetching of host data to only send and receive the bare minimum data needed.

    • Reduced the number of times host information is updated by caching more data.

    • Updated cleanup jobs and deletion logic.

    Future improvements

    • At maximum DB utilization, we found that some hosts fail to respond to live queries. Future releases of Fleet will improve upon this.

    Upgrading

    Please visit our update guide for upgrade instructions.

    Documentation

    Documentation for Fleet can be found at https://fleetdm.com/docs.

    Binary Checksum

    SHA256

    3b6ab86cbe11c42a474c08c62b1a6ea7131f37a654e6f74da63cef824f1c7381  fleetctl_v4.9.0_linux.zip
    5b020272939906e342146097c33c9378d2af4ffe95ddde03ee59e9ae602f3eec  fleetctl_v4.9.0_windows.tar.gz
    7f9281f6035715f88e881d6c73ed66615fc692581e7f528bcf930c7480668d7e  fleetctl_v4.9.0_macos.tar.gz
    a851495359ce42edab4ebce90bb64d2462749e0448cd49a217772145a3c8f893  fleetctl_v4.9.0_macos.zip
    74e3d67f84edc29bbee3934aeedaf8f46707f6bd7eebe2c8791e8461b07eaf4c  fleet_v4.9.0_linux.tar.gz
    b385fa63f4a49fb269710b43f2cb5bf2004a746d11b727a70ef8e78bf49c754e  fleetctl_v4.9.0_linux.tar.gz
    ea7cd9fe4155ed5e75a03e488c5ce74d939b5cdd6531fc24b60445f04d90d268  fleetctl_v4.9.0_windows.zip
    
    Source code(tar.gz)
    Source code(zip)
    checksums.txt(657 bytes)
    fleetctl_v4.9.0_linux.tar.gz(14.59 MB)
    fleetctl_v4.9.0_linux.zip(14.59 MB)
    fleetctl_v4.9.0_macos.tar.gz(14.65 MB)
    fleetctl_v4.9.0_macos.zip(14.66 MB)
    fleetctl_v4.9.0_windows.tar.gz(14.70 MB)
    fleetctl_v4.9.0_windows.zip(14.70 MB)
    fleet_v4.9.0_linux.tar.gz(24.48 MB)
  • v0.0.6(Jan 17, 2022)

  • fleet-v4.8.0(Dec 31, 2021)

    Changes

    • Add ability to configure Fleet to send a webhook request with all hosts that failed a policy. Documentation on what data is included the webhook request and when the webhook request is sent can be found here on fleedm.com/docs.

    • Add ability to find a user's device in Fleet by filtering hosts by email associated with a Google Chrome profile. Requires the macadmins osquery extension which comes bundled in Fleet's osquery installers.

    • Add ability to see a host's Google Chrome profile information using the GET api/v1/fleet/hosts/{id}/device_mapping API route.

    • Add ability to see a host's mobile device management (MDM) enrollment status, MDM server URL, and Munki version on a host's Host details page. Requires the macadmins osquery extension which comes bundled in Fleet's osquery installers.

    • Add ability to see a host's MDM and Munki information with the GET api/v1/fleet/hosts/{id}/macadmins API route.

    • Improve the handling of certificates in the fleetctl package command by adding a check for a valid PEM file.

    • Update Prometheus Go client library which results in the following breaking changes to the GET /metrics API route: http_request_duration_microseconds is now http_request_duration_seconds_bucket, http_request_duration_microseconds_sum is now http_request_duration_seconds_sum, http_request_duration_microseconds_count is now http_request_duration_seconds_count, http_request_size_bytes is now http_request_size_bytes_bucket, and http_response_size_bytes is now http_response_size_bytes_bucket.

    • Improve performance when searching and sorting hosts in the Fleet UI.

    • Improve performance when running a live query feature by reducing the load on Redis.

    • Improve performance when viewing software installed across all hosts in the Fleet UI.

    • Fix a bug in which the Fleet UI presented the option to download an undefined certificate in the "Generate installer" instructions.

    • Fix a bug in which database migrations failed when using MariaDB due to a migration introduced in Fleet 4.7.0.

    • Fix a bug that prevented hosts from checking in to Fleet when Redis was down.

    Upgrading

    Please visit our update guide for upgrade instructions.

    Documentation

    Documentation for Fleet is available at fleetdm.com/docs.

    Binary Checksum

    SHA256

    a14f9ced0f606f6760e8c5297a62fccf0b1ffa7bed4c8ababc8e04a264531019  fleetctl_v4.8.0_macos.tar.gz
    b4416c5c0f302ec46493ea4328b2413fca89366a24017984a567f9b5ed107ead  fleetctl_v4.8.0_macos.zip
    35d7586bf8bdc14419ddf2a0fb6367ed068dca487e61586a877095056dc54223  fleetctl_v4.8.0_linux.zip
    4ae66acf77299a6c20c3305657c26e7ce385f3617ea5820cac32c3918d2651e7  fleet_v4.8.0_linux.tar.gz
    4f4944676f0addfdfd95d500585f39ebbd99570d432932a6a50488f2d048570d  fleetctl_v4.8.0_linux.tar.gz
    7cf2cd759713b56b2c3d05e26e0f7d05e48aa9dc1a1be985810679e87b9770d8  fleetctl_v4.8.0_windows.tar.gz
    d5dd7e0feff3d62e991c0eef0b3675d04b53acd0583dbb178b7aefe53d0b2a10  fleetctl_v4.8.0_windows.zip
    
    Source code(tar.gz)
    Source code(zip)
    checksums.txt(657 bytes)
    fleetctl_v4.8.0_linux.tar.gz(14.57 MB)
    fleetctl_v4.8.0_linux.zip(14.57 MB)
    fleetctl_v4.8.0_macos.tar.gz(14.65 MB)
    fleetctl_v4.8.0_macos.zip(14.65 MB)
    fleetctl_v4.8.0_windows.tar.gz(14.70 MB)
    fleetctl_v4.8.0_windows.zip(14.70 MB)
    fleet_v4.8.0_linux.tar.gz(24.44 MB)
  • v0.0.4(Dec 23, 2021)

    Changes

    • Use certs.pem if available in root directory to improve TLS compatibility.

    • Use UUID as the default host identifier for osquery.

    • Add github.com/macadmins/osquery-extension tables.

    • Add support for osquery flagfile (loaded automatically if it exists in the Orbit root).

    • Fix permissions for building MSI when packaging as root user. Fixes fleetdm/fleet#1424.

    Source code(tar.gz)
    Source code(zip)
    checksums.txt(272 bytes)
    orbit_0.0.4_linux.tar.gz(3.30 MB)
    orbit_0.0.4_macos.tar.gz(3.66 MB)
    orbit_0.0.4_windows.zip(3.40 MB)
  • fleet-v4.7.0(Dec 14, 2021)

    Changes

    • Add ability to create, modify, or delete policies in Fleet without modifying saved queries. Fleet 4.7.0 introduces breaking changes to the /policies API routes to separate policies from saved queries in Fleet. These changes will not affect any policies previously created or modified in the Fleet UI.

    • Turn on vulnerability processing for all Fleet instances with software inventory enabled. Vulnerability processing in Fleet provides the ability to see all hosts with specific vulnerable software installed.

    • Improve the performance of the "Software" table on the Home page.

    • Improve performance of the MySQL database by changing the way a host's users information is saved.

    • Add ability to select from a library of standard policy templates on the Policies page. These pre-made policies ask specific "yes" or "no" questions about your hosts. For example, one of these policy templates asks "Is Gatekeeper enabled on macOS devices?"

    • Add ability to ask whether or not your hosts have a specific operating system installed by selecting an operating system policy on the Host details page. For example, a host that is running macOS 12.0.1 will present a policy that asks "Is macOS 12.0.1 installed on macOS devices?"

    • Add ability to specify which platform(s) (macOS, Windows, and/or Linux) a policy is checked on.

    • Add ability to generate a report that includes which hosts are answering "Yes" or "No" to a specific policy by running a policy's query as a live query.

    • Add ability to see the total number of installed software software items across all your hosts.

    • Add ability to see an example scheduled query result that is sent to your configured log destination. Select "Schedule a query" > "Preview data" on the Schedule page to see the example scheduled query result.

    • Improve the host's users information by removing users without login shells and adding users that are not associated with a system group.

    • Add ability to see a Fleet instance's missing migrations with the fleetctl debug migrations command. The fleet serve and fleet prepare db commands will now fail if any unknown migrations are detected.

    • Add ability to see syntax errors as your write a query in the Fleet UI.

    • Add ability to record a policy's resolution steps that can be referenced when a host answers "No" to this policy.

    • Add server request errors to the Fleet server logs to allow for troubleshooting issues with the Fleet server in non-debug mode.

    • Increase default login session length to 24 hours.

    • Fix a bug in which software inventory and disk space information was not retrieved for Debian hosts.

    • Fix a bug in which searching for targets on the Edit pack page negatively impacted performance of the MySQL database.

    • Fix a bug in which some Fleet migrations were incompatible with MySQL 8.

    • Fix a bug that prevented the creation of osquery installers for Windows (.msi) when a non-default update channel is specified.

    • Fix a bug in which the "Software" table on the home page did not correctly filtering when a specific team was selected on the Home page.

    • Fix a bug in which users with "No access" in Fleet were presented with a perpetual loading state in the Fleet UI.

    Upgrading

    Please visit our update guide for upgrade instructions.

    Documentation

    Documentation for Fleet is available at fleetdm.com/docs.

    Binary Checksum

    SHA256

    4cd15a76ac934a429d714c881c9f86824b800dc12f216bcfebfc81e02f3ecfb7  fleet_v4.7.0_linux.tar.gz
    655704454143e0d151922763f45d7408b5185a46c04597833ad3be500f8b4007  fleetctl_v4.7.0_windows.tar.gz
    33030fda6bb7b078fa54d628e379fc4bc71dd2373d743d89d5365fb40536d087  fleetctl_v4.7.0_macos.tar.gz
    6a1a8a47965fe10b719f0aa1ef55f7eb7b22b0107c268b6adc0189cf16105730  fleetctl_v4.7.0_macos.zip
    e30efe82132739d50c6bff3f2aff8b1a5db4f69c76f7495429be2b5bab48e76c  fleetctl_v4.7.0_windows.zip
    ecc31978f64d9945739f45a48aed7dd1e4cd642046405f6d04ff851c7905e9e7  fleetctl_v4.7.0_linux.zip
    ef17e435d8d435e1c259a6d8e570b5ee4b2e773a1ea3c2a114ed194b5444c1ca  fleetctl_v4.7.0_linux.tar.gz
    

    Docker images

    • docker pull fleetdm/fleetctl:v4.7.0
    • docker pull fleetdm/fleetctl:v4.7.0
    • docker pull fleetdm/fleetctl:v4
    • docker pull fleetdm/fleet:v4.7.0
    • docker pull fleetdm/fleet:v4.7.0
    • docker pull fleetdm/fleet:v4
    Source code(tar.gz)
    Source code(zip)
    checksums.txt(657 bytes)
    fleetctl_v4.7.0_linux.tar.gz(14.29 MB)
    fleetctl_v4.7.0_linux.zip(14.29 MB)
    fleetctl_v4.7.0_macos.tar.gz(14.35 MB)
    fleetctl_v4.7.0_macos.zip(14.35 MB)
    fleetctl_v4.7.0_windows.tar.gz(14.42 MB)
    fleetctl_v4.7.0_windows.zip(14.42 MB)
    fleet_v4.7.0_linux.tar.gz(24.08 MB)
  • fleet-v4.6.2(Dec 2, 2021)

    Changes

    • Improve performance of the Home page by removing total hosts count from the "Software" table.

    • Improve performance of the Queries page by adding pagination to the list of queries.

    • Fix a bug in which the "Shell" column of the "Users" table on the Host details page would sometimes fail to update.

    • Fix a bug in which a host's status could quickly alternate between "Online" and "Offline" by increasing the grace period for host status.

    • Fix a bug in which some hosts would have a missing host_seen_times entry.

    • Add an after parameter to the GET /hosts API route to allow for cursor pagination.

    • Add a disable_failing_policies parameter to the GET /hosts API route to allow the API request to respond faster if failing policies count information is not needed.

    Upgrading

    Please visit our update guide for upgrade instructions.

    Documentation

    Documentation for this release can be found at https://github.com/fleetdm/fleet/blob/fleet-v4.6.2/docs/README.md

    Binary Checksum

    SHA256

    3e3f0b02c737227adcacf467e7e587816b51cb4c0025cde1a0e55537972fc22d  fleetctl_v4.6.2_windows.tar.gz
    9f9c0b30ebc64c51d66578951526d394c29fa5838362242f75afa1e08a2e524e  fleetctl_v4.6.2_windows.zip
    ade1c6de0414ceced04c73416eca296dd33576026a4950fe2a7dfe49874aa06c  fleet_v4.6.2_linux.tar.gz
    b37d90e14917552e066a0349ad722533a859b68d65699886b0061d7500f260d4  fleetctl_v4.6.2_linux.zip
    b53f7e1389fcf60b925b51a82c56333926580a8a78a1fee521d12790e8ffad93  fleetctl_v4.6.2_linux.tar.gz
    10b7cb096d08d947ad133b68b4f4fa11df9ad35c5c49229ae36822e94d29e523  fleetctl_v4.6.2_macos.zip
    430b0e6978f0ffa1fdae6967d6db6bb2a134e56d5b5922ceafcd3319a777b3ff  fleetctl_v4.6.2_macos.tar.gz
    

    Docker images

    • docker pull fleetdm/fleetctl:v4.6.2
    • docker pull fleetdm/fleetctl:v4.6.2
    • docker pull fleetdm/fleetctl:v4
    • docker pull fleetdm/fleet:v4.6.2
    • docker pull fleetdm/fleet:v4.6.2
    • docker pull fleetdm/fleet:v4
    Source code(tar.gz)
    Source code(zip)
    checksums.txt(657 bytes)
    fleetctl_v4.6.2_linux.tar.gz(14.22 MB)
    fleetctl_v4.6.2_linux.zip(14.22 MB)
    fleetctl_v4.6.2_macos.tar.gz(14.29 MB)
    fleetctl_v4.6.2_macos.zip(14.29 MB)
    fleetctl_v4.6.2_windows.tar.gz(14.36 MB)
    fleetctl_v4.6.2_windows.zip(14.36 MB)
    fleet_v4.6.2_linux.tar.gz(24.02 MB)
Owner
Fleet Device Management
Authoritative answers about servers & laptops, on demand. 📡
Fleet Device Management
cloudquery powered by Osquery

cloudquery powered by Osquery cloudquery is Osquery extension to fetch cloud telemetry from AWS, GCP, and Azure. It is extensible so that one can add

Uptycs Inc 62 Nov 12, 2022
kubequery is a Osquery extension that provides SQL based analytics for Kubernetes clusters

kubequery powered by Osquery kubequery is a Osquery extension that provides SQL based analytics for Kubernetes clusters kubequery will be packaged as

Uptycs Inc 83 Oct 25, 2022
An open-source, distributed, cloud-native CD (Continuous Delivery) product designed for developersAn open-source, distributed, cloud-native CD (Continuous Delivery) product designed for developers

Developer-oriented Continuous Delivery Product ⁣ English | 简体中文 Table of Contents Zadig Table of Contents What is Zadig Quick start How to use? How to

null 0 Oct 19, 2021
draft terraform provider for Fleet

Fleet Terraform provider This repo is a proof of concept of how a fleet provider for terraform could work Build provider Run the following command to

Nicolas Chaulet 2 Oct 5, 2021
This simple service's purpose is to expose data regarding a vehicle fleet

A Small API This simple service's purpose is to expose data regarding a vehicle

null 0 Dec 16, 2021
CDN for Open Source, Non-commercial CDN management

CDN Control Official Website: https://cluckcdn.buzz Documentation (Traditional Chinese): https://cluckcdn.buzz/docs/ 简体中文 README: README_CN.md Please

ArsFy (Chan Dung) 2 Feb 4, 2022
Karpenter: an open-source node provisioning project built for Kubernetes

Karpenter is an open-source node provisioning project built for Kubernetes. Its goal is to improve the efficiency and cost of running workloads on Kub

Rohan 1 Apr 10, 2022
go-opa-validate is an open-source lib that evaluates OPA (open policy agent) policy against JSON or YAML data.

go-opa-validate go-opa-validate is an open-source lib that evaluates OPA (open policy agent) policy against JSON or YAML data. Installation Usage Cont

chenk 5 Feb 5, 2022
Kstone is an etcd management platform, providing cluster management, monitoring, backup, inspection, data migration, visual viewing of etcd data, and intelligent diagnosis.

Kstone 中文 Kstone is an etcd management platform, providing cluster management, monitoring, backup, inspection, data migration, visual viewing of etcd

TKEStack 586 Nov 24, 2022
nano-gpu-agent is a Kubernetes device plugin for GPU resources allocation on node.

Nano GPU Agent About this Project Nano GPU Agent is a Kubernetes device plugin implement for gpu allocation and use in container. It runs as a Daemons

Nano GPU 49 Nov 23, 2022
OpenAIOS vGPU scheduler for Kubernetes is originated from the OpenAIOS project to virtualize GPU device memory.

OpenAIOS vGPU scheduler for Kubernetes English version|中文版 Introduction 4paradigm k8s vGPU scheduler is an "all in one" chart to manage your GPU in k8

4Paradigm 123 Nov 23, 2022
NVIDIA device plugin for Kubernetes

NVIDIA device plugin for Kubernetes Table of Contents About Prerequisites Quick Start Preparing your GPU Nodes Enabling GPU Support in Kubernetes Runn

NVIDIA Corporation 1.6k Nov 18, 2022
NVIDIA device plugin for Kubernetes

NVIDIA device plugin for Kubernetes Table of Contents About Prerequisites Quick Start Preparing your GPU Nodes Enabling GPU Support in Kubernetes Runn

gaoyang 0 Dec 28, 2021
K8s-socketcan - Virtual SocketCAN Kubernetes device plugin

Virtual SocketCAN Kubernetes device plugin This plugins enables you to create vi

Jakub Piotr Cłapa 1 Feb 15, 2022
Go WhatsApp Multi-Device Implementation in REST API with Multi-Session/Account Support

Go WhatsApp Multi-Device Implementation in REST API This repository contains example of implementation go.mau.fi/whatsmeow package with Multi-Session/

Dimas Restu H 62 Nov 27, 2022
Vilicus is an open source tool that orchestrates security scans of container images(docker/oci) and centralizes all results into a database for further analysis and metrics.

Vilicus Table of Contents Overview How does it work? Architecture Development Run deployment manually Usage Example of analysis Overview Vilicus is an

Ederson Brilhante 79 Nov 17, 2022
Bubbly is an open-source platform that gives you confidence in your continuous release process.

Bubbly Bubbly - Release Readiness in a Bubble Bubbly emerged from a need that many lean software teams practicing Continuous Integration and Delivery

Valocode 34 Jul 27, 2022
Open Source runtime tool which help to detect malware code execution and run time mis-configuration change on a kubernetes cluster

Kube-Knark Project Trace your kubernetes runtime !! Kube-Knark is an open source tracer uses pcap & ebpf technology to perform runtime tracing on a de

Chen Keinan 32 Sep 19, 2022