Relates to #14958
If some of the following don't apply, delete the relevant line.
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [X] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [ ] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [X] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
Changes:
- Moved a `v-if` that was placed on the wrong element on the mobile
(filtered) pricing features table (currently, just the name of the
feature is hidden, not the table itself)
- Reduced complexity of conditional rendering on the filter pricing
features table.
Closes: #15265
Changes:
- Updated `pricing-features-table.yml`:
- Changed the structure of the file so it is a flat array of features
(previously, features were nested under a category)
- Added `productCategories` arrays to features that did not have them
- Added `usualDepartment` values to features.
- Updated the pricing features validation in `build-static-content` to
work with the new file structure and made `productCategories` a required
value for features.
- Updated `view-pricing.js` to:
- categorize features based on the values of the `productCategories`
array
- build a single array of features (previously, it would also build an
array of features for security-focused buyers).
- sort premium features to the bottom of the pricing table.
- Updated the `pricing.ejs` to:
- render only the list of all features server-side
- conditionally show features in the pricing table, depending on the
selected pricing mode
Changes:
- Wrapped requests that have `.retry()` in a try-catch block. Errors
thrown by the `.retry()` method are not currently not being caught by
the `intercept()` chained onto the request, and cause the script to stop
running.
#15037
For endpoint fleet/hosts, filtering hosts with invalid team_id now
returns 400 error.
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [x] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [x] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
Reordered major categories to start with 3 buying situations and moving
support and security/compliance higher.
---------
Co-authored-by: Sam Pfluger <108141731+Sampfluger88@users.noreply.github.com>
Removed Orbit from top header list and the Components diagram. There is
a lot of additional Orbit content throughout this doc that needs to be
purged over time, especially when fleetctl commands are changed as the
Orbit object is eliminated.
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [ ] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [ ] Documented any API changes (docs/REST API/rest-api.md or
docs/Contributing/API-for-contributors.md)
- [ ] Documented any permissions changes (docs/Using
Fleet/manage-access.md)
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [ ] Added/updated tests
- [ ] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
Sam, per our ongoing conversation about creating a new issue template
for sales team member onboarding.
---------
Co-authored-by: Sam Pfluger <108141731+Sampfluger88@users.noreply.github.com>
#15176
This was already fixed earlier in the sprint by
https://github.com/fleetdm/fleet/pull/15187
Adding docs and a test.
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [x] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [x] Added/updated tests
- Add Isabell to team table
- reorder contact-us in leadership page
- Standardize "Contact us" on all departmental pages
- Convert all responsibilities to imperative mood verb phrase
- Untangle and deduplicate Engineering <> Product groups <> Product
---------
Co-authored-by: Rachael Shaw <r@rachael.wtf>
#14888
@getvictor This is ready for review, but keeping as draft as there are
probably many tests that need amending.
I used the new version of the `./tools/nvd/nvdvuln/nvdvuln.go` to
compare the current vulnerabilities found in our dogfood environment
with the vulnerabilities found by the code in this PR and both results
match:
```
go run -race -tags fts5 ./tools/nvd/nvdvuln/nvdvuln.go --debug --db_dir ./local --software_from_url <dogfood URL> --software_from_api_token <API_TOKEN> --sync 2>&1 | tee out.txt
[...]
CVEs found and expected matched!
```
- [X] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [ ] Added/updated tests
- [X] Manual QA for all new/changed functionality
---------
Co-authored-by: Victor Lyuboslavsky <victor@fleetdm.com>
Co-authored-by: Victor Lyuboslavsky <victor.lyuboslavsky@gmail.com>
Closes: https://github.com/fleetdm/fleet/issues/15243
Changes:
- Updated the `receive-usage analytics` webhook to send multiple
requests to Datadog, depending on the number of metrics built from
reported usage statistics. (Datadog has a request body limit of 512kb)
Related to: #10209
Changes:
- Updated the go test in the Makefile to have the `--codepkg` flag.
- Added a newline to the `test-go` GH workflow to trigger a run for this
PR
> Note: I'm creating this as a draft PR to see the results of the "Test
Go" workflow
Loom explaining changes (hit 5 min limit):
https://www.loom.com/share/e59b63bf638e4d9cad7984ef589b878d?sid=111fff75-115a-4a44-ae4f-6f25fede0d51#14887
- [x] Need to merge fleetdm/nvd PR
https://github.com/fleetdm/nvd/pull/25 before this one.
# Checklist for submitter
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
- Manually tested (with corresponding fleetdm/fleet changes) in my
personal fork: https://github.com/getvictor/nvd/releases
# QA Plan (must be done before merging this PR, and after merging the
nvd PR)
- [ ] Fork https://github.com/fleetdm/nvd and point `generate.yml` to
this branch.
[example](9d8e54930b/.github/workflows/generate.yml (L26))
- [ ] Add NVD_API_KEY to nvd secrets, and run the the nvd generate
GitHub action. Get key:
https://nvd.nist.gov/developers/request-an-api-key
- [ ] Compare the generated `cpe-###.sqlite.gz` to the previous one. One
way is to open it up with sqlite3 and `select * from cpe_2 order by
cpe23;` and dump results to a CSV file. Known differences are:
- New file has ~2,500 more records
- Backslashes are handled differently for `Backpack\CRUD` and `Philips
In.Sight B120\37` products -- not a new issue since we do not support
those products right now
- `cpe:2.3🅰️moodle:moodle:4.2.0:*:*:*:*:*:*:*` -- this appears OK.
Also, it is a PHP plugin, and we don't support these currently.
- [ ] Record the existing vulnerabilities of current hosts.
- [ ] Stop any running fleet server. Delete `/tmp/vulndbs/cpe.sqlite`.
Can also delete other files there, or not delete this file -- it should
be overwritten by the new file. Also delete all rows in software_cpe and
software_cve DB tables. (Or can just spin up a fresh fleet server with
fresh DB, and re-enroll hosts (after setting the new env variable
below))
- [ ] Find the path to the generated `cpe-###.sqlite.gz` file
- [ ] Set `FLEET_VULNERABILITIES_CPE_DATABASE_URL` environment variable
to the above path, and start fleet server.
- [ ] After server's vulnerabilities cron job runs, the new
vulnerabilities should match the previous vulnerabilities
related to #14359
Implements the UI for windows custom profiles. This includes:
- uploading, downloading, viewing, and deleting windows profiles
- updating the profile status aggregate to new endpoint that includes
windows profiles.
- UI updates and refactoring of some code to be more maintainable
Closes: #11812
Changes:
- Renamed the `hostStatusWebhookEnabled` attribute of the
`HistoricalUsageSnapshot` model to `hostsStatusWebHookEnabled` and
updated the definition to use the existing database column name.
- Updated the inputs of the `receive-usage-analytics` webhook to accept
a `hostsStatusWebHookEnabled` input.
- Updated the usage statistics documentation to have the [correct
variable
name](36e12d02e3/server/fleet/statistics.go (L21)).
## Addresses #14102
- Enable closing this menu on clicking its header when open
- Other small UX and code improvements around this component
https://github.com/fleetdm/fleet/assets/61553566/b848b2d1-533f-4aa0-9827-e841d3d840e8
- [x] Changes file added for user-visible changes in `changes/`
- [x] Manual QA for all new/changed functionality
---------
Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
Summary:
- Enroll hosts page refinement
- Since page was too long and had a lot of content I did following:
- Moved most important sections to the top
- Did some changes to make things more consistent, when possible having
UI and CLI sections with steps (ordered list)
- Moved `Add hosts with plain osquery` to contributor docs, since I
learned this approach is used just by couple of Fleet customers, and we
don't advise this as best practice anymore
- Added overview (table of contents) on the top to make easier to
navigate through the page
- Moved some technical (advanced) topics into separate section on the
bottom of the page
---------
Co-authored-by: Noah Talerman <noahtal@umich.edu>
Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
Co-authored-by: Rachael Shaw <r@rachael.wtf>
Closes: #15182
Changes:
- Updated the receive-usage-analytics webhook to create new database
records with a cloned `inputs` object. This prevents the JSON attributes
from being mutated into strings.
#15143 and #15162
Previous fix for #13889 caused false positives on software with similar
names. Tightening the matching to reduce false positive rate.
- Google Chrome Helper.app no longer matches Google Chrome.app
- Acrobat Uninstaller.app no longer matches Acrobat.app
# Checklist for submitter
- [x] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [x] Added/updated tests
Update name to "Apply latest configuration profiles and macOS updates"
Because it used to say update MDM (workflow is for more than MDM), and
keeps it in line with workstation group.
This PR adds support for a new terraform module that will make it easy
to configure Fleet instances for S3 backend for file carving results.
Its intended to be applied in two phases.
1) apply target-account which will provision the s3 bucket, IAM role and
policy permissions
2) apply carve on the fleet instance, bootstrapping environment
variables for Fleet server & attaching the IAM policy.
# Checklist for submitter
- [X] Manual QA for all new/changed functionality
