Commit Graph

9958 Commits

Author SHA1 Message Date
Gabriel Hernandez
c7ea572698
Revert "Implement windows custom profiles in fleet UI (#15205)" (#15275)
This reverts commit 8e37977605.
2023-11-27 16:43:21 +00:00
Robert Fairburn
65edda3cf0
Use latest tf modules with dogfood (#15308) 2023-11-27 07:59:39 -06:00
Marcos Oviedo
097114e8f5
Fix windows installer orbit delete pending (#15301)
Relates to #14958 

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [X] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [ ] Manual QA for all new/changed functionality
  - For Orbit and Fleet Desktop changes:
- [X] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2023-11-23 12:29:40 -03:00
Eric
7fdf97660d
Website: Fix mobile filtered pricing table (#15304)
Changes:
- Moved a `v-if` that was placed on the wrong element on the mobile
(filtered) pricing features table (currently, just the name of the
feature is hidden, not the table itself)
- Reduced complexity of conditional rendering on the filter pricing
features table.
2023-11-22 18:45:06 -06:00
Eric
4feff451da
Website: Update pricing features yaml and pricing page. (#15294)
Closes: #15265

Changes:
- Updated `pricing-features-table.yml`:
- Changed the structure of the file so it is a flat array of features
(previously, features were nested under a category)
   - Added `productCategories` arrays to features that did not have them
   - Added `usualDepartment` values to features.
- Updated the pricing features validation in `build-static-content` to
work with the new file structure and made `productCategories` a required
value for features.
- Updated `view-pricing.js` to:
- categorize features based on the values of the `productCategories`
array
- build a single array of features (previously, it would also build an
array of features for security-focused buyers).
   - sort premium features to the bottom of the pricing table.
- Updated the `pricing.ejs` to:
   - render only the list of all features server-side
- conditionally show features in the pricing table, depending on the
selected pricing mode
2023-11-22 18:33:32 -06:00
Eric
4e24499e9e
Website: Update Vanta sync script to catch errors thrown from .retry() method. (#15303)
Changes:
- Wrapped requests that have `.retry()` in a try-catch block. Errors
thrown by the `.retry()` method are not currently not being caught by
the `intercept()` chained onto the request, and cause the script to stop
running.
2023-11-22 18:31:33 -06:00
Victor Lyuboslavsky
e8b1041f47
Fix for #15171 (#15292)
Fix for #15171
2023-11-22 15:14:26 -06:00
Mike McNeil
34daa46b09
Update homepage.ejs (#15289)
Default to "endpoint ops"
2023-11-23 06:09:43 +09:00
Victor Lyuboslavsky
8cfe272091
filtering hosts with invalid team_id now returns 400 error. (#15266)
#15037 
For endpoint fleet/hosts, filtering hosts with invalid team_id now
returns 400 error.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
2023-11-22 15:04:48 -06:00
Jahziel Villasana-Espinoza
5131879292
feat: remove file if it exists before creating new one (#15186)
# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
2023-11-22 14:04:38 -05:00
Mike McNeil
67a86f4431
Focus documentation efforts on single source of truth (#15198)
Update fleet-4.14.0.md article to hide the heads up about the Postman
collection, since we're instead focusing on
https://fleetdm.com/docs/rest-api/rest-api
2023-11-22 10:35:16 -08:00
Robert Fairburn
ccd7ae82e5
Ensure CGO_ENABLED=0 is forced for cron_monitoring lambda (#15201) 2023-11-22 11:12:09 -06:00
Robert Fairburn
695ad26cb7
Allow Fleet terraform modules to configure lb timeouts (#15237) 2023-11-22 11:11:18 -06:00
Roberto Dip
5f313c8972
fix various bugs after testing windows MDM profiles (#15264)
for #13281
2023-11-22 10:48:28 -03:00
Sam Pfluger
599f16fa40
Add SLA link (#15272)
Closes fleetdm/confidential#4453
2023-11-21 23:09:15 -06:00
Alex Mitchell
b7be9ed83b
Update pricing-features-table.yml (#15257)
Reordered major categories to start with 3 buying situations and moving
support and security/compliance higher.

---------

Co-authored-by: Sam Pfluger <108141731+Sampfluger88@users.noreply.github.com>
2023-11-21 22:32:10 -06:00
Alex Mitchell
b6e1dad27e
Update fleetd.md (#14833)
Removed Orbit from top header list and the Components diagram. There is
a lot of additional Orbit content throughout this doc that needs to be
purged over time, especially when fleetctl commands are changed as the
Orbit object is eliminated.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

- [ ] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [ ] Documented any API changes (docs/REST API/rest-api.md or
docs/Contributing/API-for-contributors.md)
- [ ] Documented any permissions changes (docs/Using
Fleet/manage-access.md)
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [ ] Added/updated tests
- [ ] Manual QA for all new/changed functionality
  - For Orbit and Fleet Desktop changes:
- [ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2023-11-21 21:58:47 -06:00
Mike McNeil
871df45fdd
Add examples (Update pricing-features-table.yml) (#15270) 2023-11-21 21:10:19 -06:00
Alex Mitchell
1b5c48d4e0
Update README.md (#15256)
Sam, per our ongoing conversation about creating a new issue template
for sales team member onboarding.

---------

Co-authored-by: Sam Pfluger <108141731+Sampfluger88@users.noreply.github.com>
2023-11-21 20:58:56 -06:00
Tim Lee
e7132454ee
CI fix - Use bash in Start tunnel step (#14872) 2023-11-21 16:15:17 -07:00
Victor Lyuboslavsky
fbbd81ff77
UmbrellaMenu.app no longer matches Cisco Umbrella (#15262)
#15176 
This was already fixed earlier in the sprint by
https://github.com/fleetdm/fleet/pull/15187
Adding docs and a test.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [x] Added/updated tests
2023-11-21 16:29:02 -06:00
Noah Talerman
313adb195c
Update features.yml (#15026)
- Finish these features so that Fleet can effectively run ads for them
2023-11-21 13:57:24 -08:00
Jacob Shandling
e709357ca2
UI – Restore clickability to entirety of sort headers except in filter text inputs (#15260)
## Addresses #14519 

- Applies anywhere there is a sort header, including the query results
and query report tables


https://github.com/fleetdm/fleet/assets/61553566/5bf0db8f-3d13-434d-b811-914fdded02df



- [x] Changes file added for user-visible changes in `changes/`
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2023-11-21 13:49:41 -08:00
Sam Pfluger
b2899c402e
Handbook/company/leadership#structure-of-departmental-handbook-pages (#14811)
- Add Isabell to team table
- reorder contact-us in leadership page
- Standardize "Contact us" on all departmental pages
- Convert all responsibilities to imperative mood verb phrase
- Untangle and deduplicate Engineering <> Product groups <> Product

---------

Co-authored-by: Rachael Shaw <r@rachael.wtf>
2023-11-21 13:55:46 -06:00
Tim Lee
c5ea7eac4f
Cache policy counts (#15244) 2023-11-21 12:52:06 -07:00
Tim Lee
0557f10ac5
14729 smtp settings validation for TLS (#15029) 2023-11-21 11:48:21 -07:00
Lucas Manuel Rodriguez
4194c44131
Use NVD API 2.0 to download CVE information (#15102)
#14888

@getvictor This is ready for review, but keeping as draft as there are
probably many tests that need amending.

I used the new version of the `./tools/nvd/nvdvuln/nvdvuln.go` to
compare the current vulnerabilities found in our dogfood environment
with the vulnerabilities found by the code in this PR and both results
match:
```
go run -race -tags fts5 ./tools/nvd/nvdvuln/nvdvuln.go --debug --db_dir ./local --software_from_url <dogfood URL> --software_from_api_token <API_TOKEN> --sync 2>&1 | tee out.txt
[...]
CVEs found and expected matched!
```

- [X] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [ ] Added/updated tests
- [X] Manual QA for all new/changed functionality

---------

Co-authored-by: Victor Lyuboslavsky <victor@fleetdm.com>
Co-authored-by: Victor Lyuboslavsky <victor.lyuboslavsky@gmail.com>
2023-11-21 12:30:07 -06:00
Jacob Shandling
b961c8e912
UI – Add help text, modularize help text styling, misc cleanup (#15252)
## Addresses #14882 

- Add help text
- Align heading of Advanced section
- Add `help-text` mixin for improved modularity/reusability
- Fix responsive styles on LabelFilterSelect

<img width="721" alt="Screenshot 2023-11-21 at 9 52 45 AM"
src="https://github.com/fleetdm/fleet/assets/61553566/216112f8-de9d-4ee3-acb5-376e6ccd3b4e">

- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2023-11-21 10:16:33 -08:00
Tim Lee
97e88ae32e
hotfix: update CPE tests (#15250) 2023-11-21 10:25:27 -07:00
Gabriel Hernandez
fd40f3ddf7
add activities for windows profiles (#15246)
relates to #14359

Add activities to fleet UI for windows profiles create, delete, and
edit.

- [x] Manual QA for all new/changed functionality
2023-11-21 17:11:32 +00:00
Eric
29671f4249
Website: Update receive-usage-analytics webhook to limit size of requests sent to Datadog. (#15245)
Closes: https://github.com/fleetdm/fleet/issues/15243

Changes:
- Updated the `receive-usage analytics` webhook to send multiple
requests to Datadog, depending on the number of metrics built from
reported usage statistics. (Datadog has a request body limit of 512kb)
2023-11-21 10:15:59 -06:00
Grant Bilstad
2f618871ca
broken link osquery extensions (#15232)
'learn how' link goes to page that no longer exists, updated to new
extensions section
2023-11-20 17:42:19 -07:00
Eric
ed7c51c9c9
Add --coverpkg flag to go test in the Makefile (#15153)
Related to: #10209

Changes:
 - Updated the go test in the Makefile to have the `--codepkg` flag.
- Added a newline to the `test-go` GH workflow to trigger a run for this
PR


> Note: I'm creating this as a draft PR to see the results of the "Test
Go" workflow
2023-11-20 17:01:19 -06:00
Joanne Stableford
e690c077df
Update formula in quarterly reporting (#15223) 2023-11-20 16:11:52 -06:00
Victor Lyuboslavsky
eada583ff1
Updating CPE generator to use new NVD API. (#15018)
Loom explaining changes (hit 5 min limit):
https://www.loom.com/share/e59b63bf638e4d9cad7984ef589b878d?sid=111fff75-115a-4a44-ae4f-6f25fede0d51

#14887

- [x] Need to merge fleetdm/nvd PR
https://github.com/fleetdm/nvd/pull/25 before this one.

# Checklist for submitter

- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
- Manually tested (with corresponding fleetdm/fleet changes) in my
personal fork: https://github.com/getvictor/nvd/releases

# QA Plan (must be done before merging this PR, and after merging the
nvd PR)
- [ ] Fork https://github.com/fleetdm/nvd and point `generate.yml` to
this branch.
[example](9d8e54930b/.github/workflows/generate.yml (L26))
- [ ] Add NVD_API_KEY to nvd secrets, and run the the nvd generate
GitHub action. Get key:
https://nvd.nist.gov/developers/request-an-api-key
- [ ] Compare the generated `cpe-###.sqlite.gz` to the previous one. One
way is to open it up with sqlite3 and `select * from cpe_2 order by
cpe23;` and dump results to a CSV file. Known differences are:
   - New file has ~2,500 more records
- Backslashes are handled differently for `Backpack\CRUD` and `Philips
In.Sight B120\37` products -- not a new issue since we do not support
those products right now
- `cpe:2.3🅰️moodle:moodle:4.2.0:*:*:*:*:*:*:*` -- this appears OK.
Also, it is a PHP plugin, and we don't support these currently.
- [ ] Record the existing vulnerabilities of current hosts.
- [ ] Stop any running fleet server. Delete `/tmp/vulndbs/cpe.sqlite`.
Can also delete other files there, or not delete this file -- it should
be overwritten by the new file. Also delete all rows in software_cpe and
software_cve DB tables. (Or can just spin up a fresh fleet server with
fresh DB, and re-enroll hosts (after setting the new env variable
below))
- [ ] Find the path to the generated `cpe-###.sqlite.gz` file
- [ ] Set `FLEET_VULNERABILITIES_CPE_DATABASE_URL` environment variable
to the above path, and start fleet server.
- [ ] After server's vulnerabilities cron job runs, the new
vulnerabilities should match the previous vulnerabilities
2023-11-20 16:10:00 -06:00
Gabriel Hernandez
8e37977605
Implement windows custom profiles in fleet UI (#15205)
related to #14359

Implements the UI for windows custom profiles. This includes:

- uploading, downloading, viewing, and deleting windows profiles
- updating the profile status aggregate to new endpoint that includes
windows profiles.
- UI updates and refactoring of some code to be more maintainable
2023-11-20 18:35:46 -03:00
Eric
6a6f51dce6
Website: Update usage statistics webhook inputs and HistoricalUsageSnapshot model. (#15180)
Closes: #11812

Changes:
- Renamed the `hostStatusWebhookEnabled` attribute of the
`HistoricalUsageSnapshot` model to `hostsStatusWebHookEnabled` and
updated the definition to use the existing database column name.
- Updated the inputs of the `receive-usage-analytics` webhook to accept
a `hostsStatusWebHookEnabled` input.
- Updated the usage statistics documentation to have the [correct
variable
name](36e12d02e3/server/fleet/statistics.go (L21)).
2023-11-20 15:34:19 -06:00
Jacob Shandling
3ad60e1041
UI – Improve UX of label filter dropdown (#15199)
## Addresses #14102

- Enable closing this menu on clicking its header when open
- Other small UX and code improvements around this component


https://github.com/fleetdm/fleet/assets/61553566/b848b2d1-533f-4aa0-9827-e841d3d840e8


- [x] Changes file added for user-visible changes in `changes/`
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2023-11-20 12:42:55 -08:00
Sarah Gillespie
57df2f250c
Add Windows MDM profiles to host details API response (#15210) 2023-11-20 14:34:57 -06:00
Marko Lisica
669be3a53c
Enroll hosts docs improvements (#14862)
Summary:
- Enroll hosts page refinement
- Since page was too long and had a lot of content I did following:
    - Moved most important sections to the top
- Did some changes to make things more consistent, when possible having
UI and CLI sections with steps (ordered list)
- Moved `Add hosts with plain osquery` to contributor docs, since I
learned this approach is used just by couple of Fleet customers, and we
don't advise this as best practice anymore
- Added overview (table of contents) on the top to make easier to
navigate through the page
- Moved some technical (advanced) topics into separate section on the
bottom of the page

---------

Co-authored-by: Noah Talerman <noahtal@umich.edu>
Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
Co-authored-by: Rachael Shaw <r@rachael.wtf>
2023-11-20 19:39:41 +01:00
Jacob Shandling
32706a732b
UI – Clarify activity items for JIT provisioned SSO user initial logins (#15192)
## Addresses #14345 

![Screenshot 2023-11-17 at 11 43
59 AM](https://github.com/fleetdm/fleet/assets/61553566/b97634dc-53c1-4ddd-910e-8dd7112c2623)

- [x] Changes file added for user-visible changes in `changes/`
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2023-11-20 10:29:36 -08:00
Eric
9984bc6894
Website: Fix object mutation in receive-usage-analytics webhook. (#15185)
Closes: #15182

Changes:
- Updated the receive-usage-analytics webhook to create new database
records with a cloned `inputs` object. This prevents the JSON attributes
from being mutated into strings.
2023-11-20 12:04:03 -06:00
Victor Lyuboslavsky
8ae88cfe1a
Tightening the CPE matching to reduce false positive rate. (#15187)
#15143 and #15162 

Previous fix for #13889 caused false positives on software with similar
names. Tightening the matching to reduce false positive rate.
- Google Chrome Helper.app no longer matches Google Chrome.app
- Acrobat Uninstaller.app no longer matches Acrobat.app

# Checklist for submitter
- [x] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [x] Added/updated tests
2023-11-20 11:59:31 -06:00
Joanne Stableford
c7af163577
Update fleetctl-workstations to min macOS 14.1.1 (#15209) 2023-11-20 12:50:52 -05:00
Joanne Stableford
f02fa91576
Update fleetctl-workstations-canary to macOS 14.1.1 (#15208) 2023-11-20 12:48:02 -05:00
Joanne Stableford
7945c17a39
Update name for workflow (#15203)
Update name to "Apply latest configuration profiles and macOS updates"
Because it used to say update MDM (workflow is for more than MDM), and
keeps it in line with workstation group.
2023-11-20 12:37:42 -05:00
Benjamin Edwards
29de567dc0
add module to enable bringing your own bucket file carving destination (#15206)
This PR adds support for a new terraform module that will make it easy
to configure Fleet instances for S3 backend for file carving results.
Its intended to be applied in two phases.

1) apply target-account which will provision the s3 bucket, IAM role and
policy permissions
2) apply carve on the fleet instance, bootstrapping environment
variables for Fleet server & attaching the IAM policy.

# Checklist for submitter
- [X] Manual QA for all new/changed functionality
2023-11-20 11:26:43 -05:00
Martin Angers
c1fa8de992
Fix data race in mysql tests (#15204) 2023-11-20 10:20:08 -05:00
Roberto Dip
d9f0f86002
update host profile status when we get a Windows MDM response (#15172)
related to #14364, this adds logic to update the `status` and `detail`
columns of `host_mdm_windows_profiles` when we get a management
response.
2023-11-20 11:25:54 -03:00
Roberto Dip
420dfe1cd0
batch set profiles as pending on profile-related actions (#15179)
final step of #14364
2023-11-20 11:16:02 -03:00