2020-12-24 22:12:44 +00:00
# Fleet UI
2022-09-09 14:14:40 +00:00
- [Creating a query ](#create-a-query )
- [Running a query ](#run-a-query )
- [Scheduling a query ](#schedule-a-query )
- [Update agent options ](#update-agent-options )
2020-12-24 22:12:44 +00:00
2022-08-31 18:08:53 +00:00
< div purpose = "embedded-content" >
< iframe src = "https://www.youtube.com/embed/1VNvg3_drow" allowfullscreen > < / iframe >
< / div >
2022-09-09 14:14:40 +00:00
## Create a query
2020-12-24 22:12:44 +00:00
2022-09-09 14:14:40 +00:00
Queries in Fleet allow you to ask a multitude of questions to help you manage, monitor, and identify threats on your devices.
2021-09-15 02:19:21 +00:00
2022-09-09 14:14:40 +00:00
If you're unsure of what to ask, head to Fleet's [query library ](https://fleetdm.com/queries ). There you'll find common queries that have been tested by members of our community.
2020-12-24 22:12:44 +00:00
2022-09-09 14:14:40 +00:00
How to create a query:
2020-12-24 22:12:44 +00:00
2022-09-09 14:14:40 +00:00
1. In the top navigation, select **Queries** .
2020-12-24 22:12:44 +00:00
2022-09-09 14:14:40 +00:00
2. Select **Create new query** to navigate to the query console.
2020-12-24 22:12:44 +00:00
2022-09-09 14:14:40 +00:00
3. In the **Query** field, enter your query. Remember, you can find common queries in [Fleet's library ](https://fleetdm.com/queries ).
2020-12-24 22:12:44 +00:00
2023-07-31 23:06:07 +00:00
4. Select **Save** , enter a name and description for your query, select the frequency that the query should run at, and select **Save query** .
2020-12-24 22:12:44 +00:00
2022-09-09 14:14:40 +00:00
## Run a query
2020-12-24 22:12:44 +00:00
2022-09-09 14:14:40 +00:00
Run a live query to get answers for all of your online hosts.
2020-12-24 22:12:44 +00:00
2022-09-09 14:14:40 +00:00
> Offline hosts won’
2020-12-24 22:12:44 +00:00
2022-09-09 14:14:40 +00:00
How to run a query:
2020-12-24 22:12:44 +00:00
2022-09-09 14:14:40 +00:00
1. In the top navigation, select **Queries** .
2021-06-24 17:59:41 +00:00
2022-09-09 14:14:40 +00:00
2. In the **Queries** table, find the query you'd like to run and select the query's name to navigate to the query console.
2021-06-24 17:59:41 +00:00
2022-09-09 14:14:40 +00:00
3. Select **Run query** to navigate to the target picker. Select **All hosts** and select **Run** . This will run the query against all your hosts.
2021-06-24 17:59:41 +00:00
2022-09-09 14:14:40 +00:00
The query may take several seconds to complete because Fleet has to wait for the hosts to respond with results.
2021-06-24 17:59:41 +00:00
2022-09-09 14:14:40 +00:00
> Fleet's query response time is inherently variable because of osquery's heartbeat response time. This helps prevent performance issues on hosts.
2021-06-24 17:59:41 +00:00
2022-09-09 14:14:40 +00:00
## Schedule a query
2021-06-24 17:59:41 +00:00
2023-07-31 23:06:07 +00:00
*In Fleet 4.35.0, the "Schedule" page was removed, and query automations are now configured on the "Queries" page. Instructions for scheduling queries in earlier versions of Fleet can be found [here ](https://github.com/fleetdm/fleet/blob/ac797c8f81ede770853c25fd04102da9f5e109bf/docs/Using-Fleet/Fleet-UI.md#schedule-a-query ).*
>Only users with the [admin role ](https://fleetdm.com/docs/using-fleet/manage-access#admin ) can manage query automations.
Fleet allows you to schedule queries to run at a set frequency. Scheduled queries will send data to your log destination automatically.
2022-02-18 15:25:53 +00:00
2022-10-26 23:26:49 +00:00
The default log destination, **filesystem** , is good to start. With this set, data is sent to the `/var/log/osquery/osqueryd.snapshots.log` file on each host’ log destinations page ](https://fleetdm.com/docs/using-fleet/log-destinations ).
2021-06-24 17:59:41 +00:00
2023-10-10 18:07:34 +00:00
By default, queries that run on a schedule will only target platforms compatible with that query. This behavior can be overridden by setting the platforms in "advanced options" when saving a query.
2021-06-24 17:59:41 +00:00
2023-07-31 23:06:07 +00:00
**How to schedule queries:**
2021-06-24 17:59:41 +00:00
2023-07-31 23:06:07 +00:00
1. In the top navigation, select **Queries** .
2021-06-24 17:59:41 +00:00
2023-07-31 23:06:07 +00:00
2. Select **Manage automations** .
2021-06-24 17:59:41 +00:00
2023-07-31 23:06:07 +00:00
3. Check the box next to the queries you want to automate, and select **Save** .
2021-06-24 17:59:41 +00:00
2023-07-31 23:06:07 +00:00
> The frequency that queries run at is set when a query is created.
2021-06-24 17:59:41 +00:00
2023-07-31 23:06:07 +00:00
With Fleet Premium, you can schedule queries for groups of hosts using [the teams feature ](https://fleetdm.com/docs/using-fleet/segment-hosts ). This allows you to collect different data for each group.
2022-09-22 21:41:57 +00:00
2023-01-04 19:16:34 +00:00
> In Fleet Premium, groups of hosts are called "teams."
2022-09-22 21:41:57 +00:00
2023-07-31 23:06:07 +00:00
**How to use teams to schedule queries for a group of hosts:**
1. If you haven't already, first [create a team ](https://fleetdm.com/docs/using-fleet/segment-hosts#create-a-team ) and [transfer hosts ](https://fleetdm.com/docs/using-fleet/segment-hosts#transfer-hosts-to-a-team ) to the team.
2. In the top navigation, select **Queries** .
3. In the **Teams** dropdown below the top navigation, select the team you want to manage automation for.
2022-09-22 21:41:57 +00:00
2023-07-31 23:06:07 +00:00
4. Select **Manage automations**
2022-09-22 21:41:57 +00:00
2023-07-31 23:06:07 +00:00
5. Select the queries you want to run on a schedule for this team, and select **Save** .
2022-09-22 21:41:57 +00:00
2023-07-31 23:06:07 +00:00
> Note: Only queries that belong to the selected team will be listed. When configuring query automations for all hosts, only global queries will be listed.
2022-09-22 21:41:57 +00:00
2022-09-09 14:14:40 +00:00
## Update agent options
<!-- Heading is kept so that the link from the Fleet UI still works -->
< span id = "configuring-agent-options" name = "configuring-agent-options" > < / span >
2023-09-04 01:00:59 +00:00
> This content was relocated on 31st August 2023.
2022-09-09 14:14:40 +00:00
2023-09-04 01:00:59 +00:00
See "[Agent configuration](https://fleetdm.com/docs/configuration/agent-configuration)" to learn how to simultaneously update agent options from the Fleet UI or fleetctl command line tool.
Put live documentation on fleetdm.com (#1380)
* minor clarifications
* further expand comments and stubs
* absorb custom titles embedded in metadata, plus further comment expansion and a followup fix for something i left hanging in f8cbc14829d91e7577c63307fd9c4346dbc229bb
* Skip non-markdown files and use real path maths
* Prep for running in parallel (Remove `continue` so this isn't dependent on the `for` loop)
* determine + track unique HTML output paths
* Compile markdown + spit out real HTML (without involving any but the crunchy nougaty dependency from the very center of everything)
* add md metadata parsing
* add timestamp
* Update build-static-content.js
* attach misc metadata as "other"
* how doc images might should work (this also aligns with how the select few images in the sailsjs.com docs work)
* add file extension to generated HTML files
* "options"=>"meta"
* Make "htmlId" useful for alphabetically sorting pages within their bottom-level section
See recent comments on https://github.com/fleetdm/fleet/issues/706 for more information.
* list out the most important, specific build-time transformations
* Omit ordering prefixes like "1-" from expected content page URLs
* add a little zone for consolidating backwards compatible permalinks
* interpret README.md files by mapping their URLs to match their containing folder
* clarify plan for images
* decrease probability of collisions
* Make capitalization smarter using known acronyms, proper nouns, and a smarter numeric word trim
* Resolve app path in case pwd is different in prod
* Delete HTML output from previous runs, if any
* condense the stuff about github emojis
* got rid of "permalink" thing, since id gets automatically attached during markdown compilation anyway
Also "permalink" isn't even a good name for what this is. See https://github.com/fleetdm/fleet/issues/706#issuecomment-884693931
* …and that eliminates the need for the cheerio dep!
* Bring in bubbles+syntax highlighting into build script, and remove sails.helpers.compileMarkdownContent() -- this leaves link munging as a todo though
* trivial (condense comments)
* Remove unused code from toHtml() helper
* Implemented target="_blank" and root-relative-ification
* remove todo about emojis after testing and verifying it works just fine
* trivial: add link to comment in case github emojis matter at some point
* consolidate "what ifs" in comments
* Leave this up to Sarah, for now. (Either bring it back here in the build script or do it all on the frontend)
* Enable /docs and /handbook routes, and add example of a redirect for a legacy/deprecated URL
* implement routing
* Upgrade deps
this takes advantages of the latest work from @eashaw, @rachaelshaw, and the rest of the Sails community
* tweak var names and comments
* make readme pages use their folder names to determine their default (fallback) titles
as discussed in https://github.com/fleetdm/fleet/issues/706#issuecomment-884788002
* first (good enough for now) pass at link rewriting
as discussed in https://github.com/fleetdm/fleet/issues/706#issuecomment-884742072
* Adapt docs pages to build from markdown output
* Continue work on docs pages
* Add landing page
* Remove unused code; minor changes
* Replace regex
* fixes https://github.com/fleetdm/fleet/pull/1380#issuecomment-891429581
* Don't rely on "path" being a global var
* Syle fleetdm doc pages
* Continue work on docs pages
* Fix linting error
* Disable lesshint style warnings
* parasails-has-no-page-script attribute
Added a parasails-has-no-page-script attribute to the docs template, added a check for that attribute in parasails.js and removed the empty page script for 498
* bring in latest parasails dep
* trivial
* Update links to dedupe and not open in new tab unless actually external
* Disable handbook for now til styles are ready
* fix CTA links
* trivial
* make sitemap.xml get served in prod
* hide search boxes for now, remove hard-coded version and make releases open in new tab
* clean out unused files
Co-authored-by: gillespi314 <73313222+gillespi314@users.noreply.github.com>
Co-authored-by: eashaw <caglc@live.com>
2021-08-18 00:55:13 +00:00
< meta name = "title" value = "Fleet UI" >
2022-02-23 18:17:55 +00:00
< meta name = "pageOrderInSection" value = "200" >
2023-07-13 16:57:17 +00:00
< meta name = "description" value = "Learn how to create, run, and schedule queries, as well as update agent options in the Fleet user interface." >
2023-10-10 18:07:34 +00:00
< meta name = "navSection" value = "The basics" >
