fleet/handbook/company/pricing-features-table.yml
Noah Talerman 313adb195c
Update features.yml (#15026)
- Finish these features so that Fleet can effectively run ads for them
2023-11-21 13:57:24 -08:00

667 lines
45 KiB
YAML

- categoryName: Endpoint ops
features:
#
# ╔╦╗╔═╗╦ ╦╦╔═╗╔═╗ ╦ ╦╔═╗╔═╗╦ ╔╦╗╦ ╦
# ║║║╣ ╚╗╔╝║║ ║╣ ╠═╣║╣ ╠═╣║ ║ ╠═╣
# ═╩╝╚═╝ ╚╝ ╩╚═╝╚═╝ ╩ ╩╚═╝╩ ╩╩═╝╩ ╩ ╩
- industryName: Device health
friendlyName: Automate device health
description: Automatically report system health issues using webhooks or integrations, to notify or quarantine outdated or misconfigured systems that are at higher risk of vulnerabilities or theft.
documentationUrl: https://fleetdm.com/docs/rest-api/rest-api#get-host
screenshotSrc:
tier: Free
productCategories: [Endpoint operations]
usualDepartment: Security
dri: mikermcneil
demos:
- description: A large tech company used the Fleet API to block access to corporate apps for outdated operating system versions with certain "celebrity" vulnerabilities.
quote:
moreInfoUrl: https://play.goconsensus.com/s4e490bb9
buzzwords: [Device trust,Zero trust,Layer 7 device trust,Beyondcorp,Device attestation,Conditional access]
waysToUse:
- description: Automatically manage the behavior of endpoints that are at higher risk of vulnerabilities or data loss due to their configuration or patch level.
- description: Block access to corporate apps for users whose devices with unexpected settings, like disabled screen lock, passwords that are too short, unencrypted hard disks, and more
- description: Quickly implement conditional access based on device health using osquery and a simple device health REST API. Coming soon (2023-12-31)
moreInfoUrl: https://github.com/fleetdm/fleet/issues/14920
- description: Control and restore access to applications by automatically restricting access when devices do not meet particular security requirements.
moreInfoUrl: https://duo.com/docs/device-health
- description: Control which laptop and desktop devices can access corporate apps and websites based on what vulnerabilities it might be exposed to based on how the device is configured, whether it's up to date, its MDM enrollment status, and anything else you can build in a SQL query of Fleet's 300 data tables representing information about enrolled host systems.
- description: Implement multivariate device trust
moreInfoUrl: https://youtu.be/5sFOdpMLXQg?feature=shared&t=1445
- description: Implement your own version of Google's zero trust model (BeyondCorp)
moreInfoUrl: https://cloud.google.com/beyondcorp
- description: Get endpoint data into ServiceNow and make your asset management teams happy
moreInfoUrl: https://www.youtube.com/watch?v=aVbU6_9JoM0
#
# ╔═╗╔═╗╦═╗╦╔═╗╔╦╗ ╔═╗═╗ ╦╔═╗╔═╗╦ ╦╔╦╗╦╔═╗╔╗╔
# ╚═╗║ ╠╦╝║╠═╝ ║ ║╣ ╔╩╦╝║╣ ║ ║ ║ ║ ║║ ║║║║
# ╚═╝╚═╝╩╚═╩╩ ╩ ╚═╝╩ ╚═╚═╝╚═╝╚═╝ ╩ ╩╚═╝╝╚╝
- industryName: Script execution
friendlyName: Safely execute custom scripts (macOS, Windows, and Linux)
description: Deploy and execute custom scripts using a REST API, and manage your library of scripts in the UI or a git repo.
documentationUrl: https://fleetdm.com/docs/using-fleet/scripts
tier: Premium
dri: mikermcneil
usualDepartment: IT
productCategories: [Endpoint operations,Device management]
demos:
- description: A large tech company used scripts to fix issues with their security and compliance agents on workstations.
buzzwords: [Remote script execution,PowerShell scripts,Bash scripts]
waysToUse:
- description: Execute custom macOS scripts (client platform engineering)
moreInfoUrl: https://www.hexnode.com/blogs/executing-custom-mac-scripts-via-mdm/
- description: Execute custom Windows scripts (client platform engineering)
moreInfoUrl: https://www.hexnode.com/blogs/executing-custom-windows-scripts-via-mdm/
- description: Use PowerShell scripts on Windows devices
moreInfoUrl: https://learn.microsoft.com/en-us/mem/intune/apps/intune-management-extension
- description: Run PowerShell scripts for remediations (security engineering)
moreInfoUrl: https://learn.microsoft.com/en-us/mem/intune/fundamentals/powershell-scripts-remediation
- description: Download and run remediation scripts
moreInfoUrl: https://help.zscaler.com/deception/downloading-and-running-remediation-script
- description: Deploy custom scripts
moreInfoUrl: https://scalefusion.com/custom-scripting
#
# ╔═╗╦ ╦╔╦╗╔═╗╔╦╗╔═╗╔╦╗╦╔═╗ ╔═╗╔═╗╔═╗╔╦╗╦ ╦╦═╗╔═╗ ╔═╗╔═╗╔═╗╔═╗╔═╗╔═╗╔╦╗╔═╗╔╗╔╔╦╗
# ╠═╣║ ║ ║ ║ ║║║║╠═╣ ║ ║║ ╠═╝║ ║╚═╗ ║ ║ ║╠╦╝║╣ ╠═╣╚═╗╚═╗║╣ ╚═╗╚═╗║║║║╣ ║║║ ║
# ╩ ╩╚═╝ ╩ ╚═╝╩ ╩╩ ╩ ╩ ╩╚═╝ ╩ ╚═╝╚═╝ ╩ ╚═╝╩╚═╚═╝ ╩ ╩╚═╝╚═╝╚═╝╚═╝╚═╝╩ ╩╚═╝╝╚╝ ╩
- industryName: Automatic posture assessment
friendlyName: Verify any security or compliance goal
description: Simplify security audits, build definitive reports, and discover + verify ongoing compliance for every endpoint, from workstations to data centers.
documentationUrl: https://fleetdm.com/docs/using-fleet/cis-benchmarks#cis-benchmarks
screenshotSrc:
usualDepartment: Security
tier: Free
productCategories: [Endpoint operations]
dri: mikermcneil
demos:
- description: A large tech company used Fleet's CIS Benchmark policies to automatically assess posuture of 80,000 endpoints.
quote:
moreInfoUrl:
buzzwords: [Attack surface management (ASM),Endpoint hardening,Security posture,Cyber hygiene,Anomaly detection,Configuration management,Attack Surface Monitoring,Policy assessment]
waysToUse:
- description: Monitor devices that don't meet your organization's custom security policies
- description: Quickly report your posture and vulnerabilities to auditors, showing remediation status and timing.
- description: Keep your devices compliant with customizable baselines, or use common benchmarks like CIS.
- description: Discover security misconfigurations that increase attack surface.
- description: Detect suspcious services listening on open ports that should not be connected to the internet, such as Remote Desktop Protocol (RDP).
moreInfoUrl: https://paraflare.com/articles/vulnerability-management-via-osquery/#:~:text=WHERE%20statename%20%3D%20%E2%80%9CEnabled%E2%80%9D-,OPEN%20SOCKETS,-Lastly%2C%20an%20examination
- description: Discover potentially unwanted programs that increase attack surface.
moreInfoUrl: https://paraflare.com/articles/vulnerability-management-via-osquery/
- description: Detect self-signed certifcates
- description: Detect legacy protocols with safer versions
moreInfoUrl: https://paraflare.com/articles/vulnerability-management-via-osquery/#:~:text=WHERE%20self_signed%20%3D%201%3B-,LEGACY%20PROTOCOLS,-This%20section%20will
- description: Detect exposed secrets on the command line
moreInfoUrl: https://paraflare.com/articles/vulnerability-management-via-osquery/#:~:text=WDigest%20is%20disabled.-,EXPOSED%20SECRETS,-Often%2C%20to%20create
- description: Detect and surface issues with devices
- description: Share device health reports
- description: Align endpoints with your security policies
moreInfoUrl: https://www.axonius.com/use-cases/cmdb-reconciliation
- description: Maximize security control coverage
- description: Uncover gaps in security policies, configurations, and hygiene
moreInfoUrl: https://www.axonius.com/use-cases/coverage-gap-discovery
- description: Automatically apply security policies to protect endpoints against attack.
- description: Surface security issues in all your deployed endpoints even data centers and factories.
- description: Continually validate controls and policies
#
# ╦ ╦╦ ╦╔╦╗╔═╗╔╗╔ ╔═╗╔╗╔╔╦╗╔═╗╔═╗╦╔╗╔╔╦╗ ╔╦╗╔═╗╔═╗╔═╗╦╔╗╔╔═╗
# ╠═╣║ ║║║║╠═╣║║║───║╣ ║║║ ║║╠═╝║ ║║║║║ ║ ║║║╠═╣╠═╝╠═╝║║║║║ ╦
# ╩ ╩╚═╝╩ ╩╩ ╩╝╚╝ ╚═╝╝╚╝═╩╝╩ ╚═╝╩╝╚╝ ╩ ╩ ╩╩ ╩╩ ╩ ╩╝╚╝╚═╝
- industryName: Human-endpoint mapping
friendlyName: See who logs in on every computer
description: Identify who logs in to any system, including login history and current sessions. Look up any host by the email address of the person using it.
documentationUrl: https://fleetdm.com/docs/rest-api/rest-api#get-hosts-google-chrome-profiles
screenshotSrc:
tier: Free
productCategories: [Endpoint operations]
usualDepartment: IT
buzzwords: [Device users,human-to-device mapping]
dri: mikermcneil
demos:
- description: Security engineers at a top gaming company wanted to get demographics off their macOS, Windows, and Linux machines about who the user is and who's logged in.
moreInfoUrl: https://docs.google.com/document/d/1qFYtMoKh3zyERLhbErJOEOo2me6Bc7KOOkjKn482Sqc/edit
waysToUse:
- description: Look up computer by ActiveDirectory account
- description: Find device by Google Chrome user
- description: Identify who logs in to any system, including login history and current sessions.
- description: Look up any host by the email address of the person using it.
- description: Check user login history
moreInfoUrl: https://www.lepide.com/how-to/audit-who-logged-into-a-computer-and-when.html#:~:text=To%20find%20out%20the%20details,logs%20in%20%E2%80%9CWindows%20Logs%E2%80%9D.
- description: See currently logged in users
moreInfoUrl: https://www.top-password.com/blog/see-currently-logged-in-users-in-windows/
- description: Get demographics off of our machines about who the user is and who's logged in
moreInfoUrl: https://docs.google.com/document/d/1qFYtMoKh3zyERLhbErJOEOo2me6Bc7KOOkjKn482Sqc/edit
- description: See what servers someone is logged-in on
moreInfoUrl: https://community.spiceworks.com/topic/138171-is-there-a-way-to-see-what-servers-someone-is-logged-in-on
- industryName: Intrusion detection
friendlyName: Build custom query and policy automations to detect suspicious behavior
description: Send webhooks and ship logs to detect intrusions and issues with devices.
documentationUrl: https://fleetdm.com/docs/using-fleet/log-destinations
tier: Free
usualDepartment: Security
productCategories: [Endpoint operations]
buzzwords: [Host-based intrusion detection system (HIDS,Indicators of Compromise (IOCs),Feeder for SIEM]
demos:
- description: A top media company wanted to share more security data with other departments without slowing down hosts.
waysToUse:
- description: Send webhooks to generate alerts when an IOC is detected on one or more devices.
- description: Ship logs to Splunk, Snowflake, and other SIEMs to build a host-based intrusion detection system (HIDS).
- description: Synchronize live state of endpoints to a data lake or SIEM in a consistent shape.
- description: Export the data to other systems
moreInfoUrl: https://docs.google.com/document/d/1pE9U-1E4YDiy6h4TorszrTOiFAauFiORikSUFUqW7Pk/edit
- description: Export data to a third-party SIEM tool
moreInfoUrl: https://www.websense.com/content/support/library/web/hosted/admin_guide/siem_integration_explain.aspx
- description: Gather data and log events from endpoints
moreInfoUrl: https://techbeacon.com/security/how-osquery-can-lift-your-security-teams-game#:~:text=%22If%20security%20teams%20didn%27t%20have%20osquery%2C%20they%20would%20have%20to%20find%20a%20way%20to%20manually%20go%20into%20each%20endpoint%20and%20gather%20data%2C%20or%20buy%20a%20third%2Dparty%20tool%20to%20do%20that%20for%20them
#
# ╔═╗╦╔╦╗
# ╠╣ ║║║║
# ╚ ╩╩ ╩
- industryName: File integrity monitoring (FIM) # Short industry phrase
friendlyName: Detect changes to critical files # Short, Fleet one-liner for the feature, written in the imperative mood. (If easy to do, base this off of the words that an actual customer is saying.)
description: Specify files to monitor for changes or deletions, then log those events to your SIEM or data lake, including key information such as filepath and checksum. # Clear Mr. Rogers description
documentationUrl: https://fleetdm.com/guides/osquery-evented-tables-overview#file-integrity-monitoring-fim # URL of the single-best page within the docs which serves as a "jumping-off point" for this feature.
screenshotSrc: "" # A screenshot of the single, best, simplifying, obvious example
tier: Free # Either "Free" or "Premium"
usualDepartment: Security # or omit if there isn't a particular departmental leaning we've noticed
productCategories: [Endpoint operations] # or omit if this isn't associated with a single product category
dri: mikermcneil #GitHub user name
demos:
- description: A top gaming company needed a way to monitor critical files on production Debian servers.
quote: The FIM features are kind of a top priority.
moreInfoUrl: https://docs.google.com/document/d/1pE9U-1E4YDiy6h4TorszrTOiFAauFiORikSUFUqW7Pk/edit
buzzwords: [File integrity monitoring (FIM),Host-based intrusion detection system (HIDS),Anomaly detection]
waysToUse:
- description: Monitor critical files on production Debian servers
- description: Detect anomalous filesystem activity
moreInfoUrl: https://www.beyondtrust.com/resources/glossary/file-integrity-monitoring
- description: Detect unintended changes
moreInfoUrl: https://www.beyondtrust.com/resources/glossary/file-integrity-monitoring
- description: Verify update status and monitor system health
moreInfoUrl: https://www.beyondtrust.com/resources/glossary/file-integrity-monitoring
- description: Meet compliance mandates
moreInfoUrl: https://www.beyondtrust.com/resources/glossary/file-integrity-monitoring
# ╔╦╗╔═╗╦ ╦ ╦╔═╗╦═╗╔═╗ ╔╦╗╔═╗╔╦╗╔═╗╔═╗╔╦╗╦╔═╗╔╗╔ ┌─╦ ╦╔═╗╦═╗╔═╗─┐
# ║║║╠═╣║ ║║║╠═╣╠╦╝║╣ ║║║╣ ║ ║╣ ║ ║ ║║ ║║║║ │ ╚╦╝╠═╣╠╦╝╠═╣ │
# ╩ ╩╩ ╩╩═╝╚╩╝╩ ╩╩╚═╚═╝ ═╩╝╚═╝ ╩ ╚═╝╚═╝ ╩ ╩╚═╝╝╚╝ └─ ╩ ╩ ╩╩╚═╩ ╩─┘
- industryName: Malware detection (YARA) # TODO: consider: technically more than YARA, consider generalizing this and including the concept of comparing known binary hashes (either via live query or in the data lake to compare threat intel feed)
friendlyName: Scan files for malware signatures
description: Report and trigger automations when malware or other unexpected files are detected on a host using YARA signatures.
documentationUrl: https://fleetdm.com/tables/yara
tier: Free
dri: mikermcneil
usualDepartment: Security
productCategories: [Endpoint operations,Vulnerability management]
buzzwords: [YARA scanning,Cyber Threat Intelligence (CTI),Indicators of compromise (IOCs),Antivirus (AV),Endpoint protection platform (EPP),Endpoint detection and response (EDR),Malware detection,Signature-based malware detection,Malware scanning,Malware analysis,Anomaly detection]
demos:
- description: A top media company used Fleet policies with YARA rules to continuously scan host filesystems for malware signatures provided by internal and external threat intelligence teams.
moreInfoUrl: # short demo video
waysToUse:
- description: Detect suspicious bytecode in JAR files
- description: Identify suspicious patterns in binaries using YARA signatures # (≈regular expressions for binary)
- description: Continuously scan host filesystems for malware signatures.
moreInfoUrl: https://yara.readthedocs.io/en/stable/writingrules.html
- description: Monitor for relevent filesystem changes (YARA events) and on-demand YARA signature scans.
moreInfoUrl: https://osquery.readthedocs.io/en/stable/deployment/yara/
- description: Use YARA for malware detection
moreInfoUrl: https://www.cisa.gov/sites/default/files/FactSheets/NCCIC%20ICS_FactSheet_YARA_S508C.pdf
- description: Scan for indicators of compromise (IoC) for common malware.
moreInfoUrl: https://github.com/Cisco-Talos/osquery_queries
- description: Analyze malware using data from osquery, such as endpoint certificates and launch daemons (launchd).
moreInfoUrl: https://medium.com/hackernoon/malware-analysis-using-osquery-part-3-9dc805b67d16
- description: Detect persistent malware (e.g. WireLurker) in endpoints by generating simple policies that search for their static indicators of compromise (IoCs).
moreInfoUrl: https://osquery.readthedocs.io/en/stable/deployment/anomaly-detection/
- description: Run a targeted YARA scan with osquery as a lightweight approach to scan anything on a host filesystem, with minimal performance impact. Unlike full system YARA scans which consume considerable CPU resources, an equivalent YARA scan targeted in Fleet can be 8x cheaper (CPU %).
moreInfoUrl: https://www.tripwire.com/state-of-security/signature-socket-based-malware-detection-osquery-yara
- industryName: Detection engineering
friendlyName: # Ship logs to your data lake and comopare with known bad binary hashes or capture behavioral data and build custom detections (e.g. using a framework like MITRE)
description:
documentationUrl:
tier: Free
dri: mikermcneil
usualDepartment: Security
productCategories: [Endpoint operations]
buzzwords: [Security analytics,Behavioral analytics,MITRE ATT&CK,Tactics techniques and procedures (TTPs),Security information and event management (SIEM)]
demos:
- description:
moreInfoUrl:
waysToUse:
- description:
- industryName: Threat hunting
friendlyName: # TODO: live query
description:
documentationUrl:
tier: Free
dri: mikermcneil
usualDepartment: Security
productCategories: [Endpoint operations]
buzzwords: []
demos:
- description:
moreInfoUrl:
waysToUse:
- description:
- industryName: Incident response
friendlyName: # TODO: live query, triage, figuring out scope of impact, remediate using scripts, MDM commands (e.g. remote wipe), and quarantine or reimage using other systems and APIs (e.g. remove from network, decommission container)
description:
documentationUrl:
tier: Free
dri: mikermcneil
usualDepartment: Security
productCategories: [Endpoint operations]
buzzwords: []
demos:
- description:
moreInfoUrl:
waysToUse:
- description:
- industryName: Binary authorization
friendlyName: Restrict what programs can run, and what files running programs can access.
description:
documentationUrl:
tier: Free
dri: mikermcneil
usualDepartment: Security
productCategories: [Endpoint operations]
comingSoonOn: YYYY-MM-DD
buzzwords: [Mandatory Access Control (MAC),Privilege confinement,Binary authorization,Santa,Binary allowlisting,Binary whitelisting]
demos:
- description:
moreInfoUrl:
waysToUse:
- description: Confine programs to a limited set of resources.
- description: Report on AppArmor events
moreInfoUrl: https://fleetdm.com/tables/apparmor_events
- description: Confine programs according to a set of rules that specify which files a program can access.
moreInfoUrl: https://wiki.debian.org/AppArmor
- description: Proactively protect the system against both known and unknown vulnerabilities.
# ╔═╗╔═╗╔═╗╔╗╔╔╦╗ ╔═╗╦ ╦╔╦╗╔═╗ ╦ ╦╔═╗╔╦╗╔═╗╔╦╗╔═╗
# ╠═╣║ ╦║╣ ║║║ ║ ╠═╣║ ║ ║ ║ ║───║ ║╠═╝ ║║╠═╣ ║ ║╣
# ╩ ╩╚═╝╚═╝╝╚╝ ╩ ╩ ╩╚═╝ ╩ ╚═╝ ╚═╝╩ ═╩╝╩ ╩ ╩ ╚═╝
- industryName: Agent auto-update
friendlyName: Keep agents and extensions up to date
descrption: Keep agents and extensions up to date by loading code from Fleet's free update registry.
tier: Free
productCategories: [Endpoint operations]
# ╦╔╗╔╔═╗╔╦╗╔═╗╦ ╦ ╔═╗╦═╗╔═╗
# ║║║║╚═╗ ║ ╠═╣║ ║ ║╣ ╠╦╝╚═╗
# ╩╝╚╝╚═╝ ╩ ╩ ╩╩═╝╩═╝╚═╝╩╚═╚═╝
- industryName: Installers (self-service)
tier: Free
productCategories: [Endpoint operations]
waysToUse:
- description: Build scripts for Ansible deployments
moreInfoUrl: https://www.youtube.com/watch?v=qflUfLQCnwY&list=PL6-FgoWOoK2YUR4ADGsxTSL3onb-GzCnM&index=4
- description: Deploy osquery to macOS via Jamf
moreInfoUrl: https://www.youtube.com/watch?v=qflUfLQCnwY&list=PL6-FgoWOoK2YUR4ADGsxTSL3onb-GzCnM&index=4
- description: Package osquery for Linux servers via Workspace One and Windows servers via group policies
moreInfoUrl: https://www.youtube.com/watch?v=qflUfLQCnwY&list=PL6-FgoWOoK2YUR4ADGsxTSL3onb-GzCnM&index=4
# ╔╗ ╔═╗╔╦╗╔═╗╦ ╦ ╦╔╗╔╔═╗╔╦╗╔═╗╦ ╦ ╔═╗╔╦╗╦╔═╗╔╗╔
# ╠╩╗╠═╣ ║ ║ ╠═╣ ║║║║╚═╗ ║ ╠═╣║ ║ ╠═╣ ║ ║║ ║║║║
# ╚═╝╩ ╩ ╩ ╚═╝╩ ╩ ╩╝╚╝╚═╝ ╩ ╩ ╩╩═╝╩═╝╩ ╩ ╩ ╩╚═╝╝╚╝
- industryName: Batch installation (Chef, Ansible, Puppet, MDM)
friendlyName: Install agents over the air
tier: Free
productCategories: [Endpoint operations]
# ╦═╗╔═╗╔╦╗╔═╗╔╦╗╔═╗ ╔═╗╔═╗╔╦╗╔╦╗╦╔╗╔╔═╗╔═╗
# ╠╦╝║╣ ║║║║ ║ ║ ║╣ ╚═╗║╣ ║ ║ ║║║║║ ╦╚═╗
# ╩╚═╚═╝╩ ╩╚═╝ ╩ ╚═╝ ╚═╝╚═╝ ╩ ╩ ╩╝╚╝╚═╝╚═╝
- industryName: Remote settings
description: Configure agent options remotely, over the air. (Includes osquery config, and osquery startup flags.). Fleetd startup flags coming soon (2023-12-31) #customer-blanco
moreInfoUrl: https://github.com/fleetdm/fleet/issues/13825
tier: Free
usualDepartment: Security
productCategories: [Endpoint operations]
# ╦ ╦╔═╗╦═╗╦╔═╗╔╗ ╦ ╔═╗ ╔═╗╔╗╔╦═╗╔═╗╦ ╦ ╔╦╗╔═╗╔╗╔╔╦╗
# ╚╗╔╝╠═╣╠╦╝║╠═╣╠╩╗║ ║╣ ║╣ ║║║╠╦╝║ ║║ ║ ║║║║╣ ║║║ ║
# ╚╝ ╩ ╩╩╚═╩╩ ╩╚═╝╩═╝╚═╝ ╚═╝╝╚╝╩╚═╚═╝╩═╝╩═╝╩ ╩╚═╝╝╚╝ ╩
- industryName: Variable enrollment
description: Enroll hosts in different groups using different enrollment secrets and/or installers per-baseline.
tier: Premium
# ╔═╗╦═╗╦╦ ╦╔═╗╔╦╗╔═╗ ╦ ╦╔═╗╔╦╗╔═╗╔╦╗╔═╗ ╦═╗╔═╗╔═╗╦╔═╗╔╦╗╦═╗╦ ╦
# ╠═╝╠╦╝║╚╗╔╝╠═╣ ║ ║╣ ║ ║╠═╝ ║║╠═╣ ║ ║╣ ╠╦╝║╣ ║ ╦║╚═╗ ║ ╠╦╝╚╦╝
# ╩ ╩╚═╩ ╚╝ ╩ ╩ ╩ ╚═╝ ╚═╝╩ ═╩╝╩ ╩ ╩ ╚═╝ ╩╚═╚═╝╚═╝╩╚═╝ ╩ ╩╚═ ╩
- industryName: Private update registry
friendlyName: Update agents from a secret URL
description: Load agent code from a secret URL that you manage.
tier: Premium
usualDepartment: Security
productCategories: [Endpoint operations]
# ╔═╗╦ ╦╔═╗╔╦╗╔═╗╔╦╗ ╔╦╗╔═╗╔╗ ╦ ╔═╗╔═╗
# ║ ║ ║╚═╗ ║ ║ ║║║║ ║ ╠═╣╠╩╗║ ║╣ ╚═╗
# ╚═╝╚═╝╚═╝ ╩ ╚═╝╩ ╩ ╩ ╩ ╩╚═╝╩═╝╚═╝╚═╝
- industryName: Custom tables
friendlyName: Add tables to osquery with extensions
description: Install osquery extensions over the air. # (GitOptional)
moreInfoUrl: https://github.com/trailofbits/osquery-extensions/blob/3df2b72ad78549e25344c79dbc9bce6808c4d92a/README.md#extensions
tier: Premium
- categoryName: Integrations
features:
#
# ╦═╗╔═╗╔═╗╔╦╗ ╔═╗╔═╗╦
# ╠╦╝║╣ ╚═╗ ║ ╠═╣╠═╝║
# ╩╚═╚═╝╚═╝ ╩ ╩ ╩╩ ╩
- industryName: REST API
friendlyName: Automate any feature
description:
documentationUrl: https://fleetdm.com/docs/rest-api/rest-api
screenshotSrc:
tier: Free
dri: rachaelshaw
# ╔═╗╔═╗╔╦╗╔╦╗╔═╗╔╗╔╔╦╗ ╦ ╦╔╗╔╔═╗ ╔╦╗╔═╗╔═╗╦ ┌─ ╔═╗╦ ╦ ─┐
# ║ ║ ║║║║║║║╠═╣║║║ ║║ ║ ║║║║║╣ ║ ║ ║║ ║║ │ ║ ║ ║ │
# ╚═╝╚═╝╩ ╩╩ ╩╩ ╩╝╚╝═╩╝ ╩═╝╩╝╚╝╚═╝ ╩ ╚═╝╚═╝╩═╝ └─ ╚═╝╩═╝╩ ─┘
- industryName: Command line tool (CLI)
friendlyName: fleetctl
tier: Free
# ╦ ╦╔═╗╔╗ ╦ ╦╔═╗╔═╗╦╔═╔═╗
# ║║║║╣ ╠╩╗╠═╣║ ║║ ║╠╩╗╚═╗
# ╚╩╝╚═╝╚═╝╩ ╩╚═╝╚═╝╩ ╩╚═╝
- industryName: Webhooks
friendlyName:
tier: Free
# ╔╦╗╔═╗╔═╗╔═╗ ╔═╗╦ ╦╔╦╗╔═╗╔╦╗╔═╗╔╦╗╦╔═╗╔╗╔╔═╗
# ║║║╣ ║╣ ╠═╝ ╠═╣║ ║ ║ ║ ║║║║╠═╣ ║ ║║ ║║║║╚═╗
# ═╩╝╚═╝╚═╝╩ ╩ ╩╚═╝ ╩ ╚═╝╩ ╩╩ ╩ ╩ ╩╚═╝╝╚╝╚═╝
- industryName: Deep automations
friendlyName: Trigger webhooks or run scripts
description: Fire off webhooks or run scripts on hosts when certain things happen in Fleet.
productCategories: [Endpoint operations,Device management,Vulnerability management]
comingSoonOn: 2024-06-30
tier: Free
buzzwords: [Automated remediation,Auto-remediation,Self-healing]
waysToUse:
- description: Use policy automations to automatically remediate issues and mitigate vulnerabilities.
- description: Use osquery and santa to work around inflexibilities in proprietary MDMs and other protection solutions.
- description: Listen to webhooks to perform autonomous self-healing (cloud security engineering)
moreInfoUrl: https://www.fugue.co/blog/automated-remediation-scripts-vs.-self-healing-infrastructure-two-approaches-to-cloud-security
# ╔═╗╦╔╦╗╔═╗╔═╗╔═╗
# ║ ╦║ ║ ║ ║╠═╝╚═╗
# ╚═╝╩ ╩ ╚═╝╩ ╚═╝
- industryName: GitOps
friendlyName: Manage endpoints in git
description: Fork the best practices repo and use the GitHub Action to hook it up to your Fleet instance in minutes. Coming soon (2024-03-31)
moreInfoUrl: https://github.com/fleetdm/fleet/issues/13643
productCategories: [Endpoint operations,Device management,Vulnerability management]
tier: Free
demos:
description: A top savings and investment company wanted workflows and automation so that one bad actor can't brick their fleet. This way, they have to make a pull request first.
quote: I don't want one bad actor to brick my fleet. I want them to make a pull request first.
moreInfoUrl: https://docs.google.com/document/d/1hAQL6P--Tt3syq1MTRONAxhQA_2Vjt3oOJJt_O4xbiE/edit?disco=AAABAVnYvns&usp_dm=true#heading=h.7en766pueek4
# ╔═╗╦═╗╔═╗╔═╗ ╦╔╗╔╔╦╗╔═╗╔═╗╦═╗╔═╗╔╦╗╦╔═╗╔╗╔╔═╗
# ╠╣ ╠╦╝║╣ ║╣ ║║║║ ║ ║╣ ║ ╦╠╦╝╠═╣ ║ ║║ ║║║║╚═╗
# ╚ ╩╚═╚═╝╚═╝ ╩╝╚╝ ╩ ╚═╝╚═╝╩╚═╩ ╩ ╩ ╩╚═╝╝╚╝╚═╝
- industryName: Free integrations (Tines, Snowflake, Terraform, Chronicle, etc)
friendlyName: Borrow off-the-shelf tactics from the community
description:
moreInfoUrl: https://fleetdm.com/integrations
tier: Free
waysToUse:
- description: (ActiveDirectory) Know who opened your computer and check their device posture before you let them log into anything.
- description: (Ansible) Easily issue MDM commands and standardize data across operating systems.
- description: (AWS) Deploy your own self-managed Fleet in any AWS environment in minutes.
- description: (Azure) Deploy your own self-managed Fleet in the Microsoft Cloud in minutes.
- description: (Chef) Easily issue MDM commands and standardize data across operating systems.
- description: (Elastic) Ingest osquery data and monitor for important changes or events.
- description: (GitHub) Version control using git, enabling collaboration and a GitOps workflow.
- description: (GitLab) Version control using git, enabling collaboration and a GitOps workflow.
- description: (Chronicle) Ingest osquery data and monitor for important changes or events.
- description: (Google Cloud) Deploy your own self-managed Fleet in any GCP environment in minutes.
- description: (Munki) Easily issue MDM commands and standardize data across operating systems.
- description: (Okta) Know who opened your computer and check their device posture before you let them log into anything.
- description: (Snowflake) Ingest osquery data and monitor for important changes or events.
- description: (Splunk) Ingest osquery data and monitor for important changes or events.
- description: (Tines) Build custom workflows that trigger in various situations.
- description: (Webhooks) Configure automations that send webhooks to specific URLs when Fleet detects changes to host, policy, and CVE statuses.
# ╔═╗╦═╗╔═╗╔╦╗╦╦ ╦╔╦╗ ╦╔╗╔╔╦╗╔═╗╔═╗╦═╗╔═╗╔╦╗╦╔═╗╔╗╔╔═╗
# ╠═╝╠╦╝║╣ ║║║║║ ║║║║ ║║║║ ║ ║╣ ║ ╦╠╦╝╠═╣ ║ ║║ ║║║║╚═╗
# ╩ ╩╚═╚═╝╩ ╩╩╚═╝╩ ╩ ╩╝╚╝ ╩ ╚═╝╚═╝╩╚═╩ ╩ ╩ ╩╚═╝╝╚╝╚═╝
- industryName: Premium integrations (Puppet, Vanta, Jira, Zendesk, etc)
friendlyName: Borrow off-the-shelf tactics from legendary brands
description: Plug in to cutting edge frameworks from similar organizations.
moreInfoUrl: https://fleetdm.com/integrations
tier: Premium
buzzwords: [Vanta,Puppet,Jira,Zendesk,Custom IdP]
waysToUse:
- description: (Vanta) Trigger a workflow based on a failing policy.
- description: (Puppet) Easily issue MDM commands, standardize data across operating systems, and map macOS+Windows settings to computers with the Puppet module.
- description: (Jira) Automatically create Jira tickets in various situations, including exporting vulnerabilities to Jira and syncing tickets.
- description: (Torq) Build custom workflows that trigger in various situations.
- description: (Zendesk) Automatically create Zendesk tickets in various situations.
- description: (Custom IdP) Manage access to Fleet single sign-on (SSO) through any IdP (using SAML).
- categoryName: Support
features:
- industryName: Public issue tracker (GitHub)
tier: Free
- industryName: Community Slack channel
tier: Free
- industryName: Unlimited email support (confidential)
tier: Premium
- industryName: Phone and video call support
tier: Premium
- categoryName: Deployment
features:
- industryName: Self-managed
friendlyName: Host it yourself
tier: Free
buzzwords: [Self-hosted]
- industryName: Deployment tools (Terraform, Helm)
tier: Free
productCategories: [Endpoint operations]
- industryName: Managed Cloud
tier: Premium
- categoryName: Device management
features:
- industryName: Interactive MDM migration # « end-user initiated MDM migration, with interactive UI
tier: Premium
usualDepartment: IT
productCategories: [Device management]
- industryName: Remotely enforce OS settings
tier: Free
usualDepartment: IT
waysToUse:
- description: Deploy configuration profiles on macOS and verify that they're installed. Windows coming soon (2023-12-31).
moreInfoUrl: https://github.com/fleetdm/fleet/issues/13281
- description: Deploy custom declaration (DDM) profiles on macOS. Coming soon (2024-03-31).
moreInfoUrl: https://github.com/fleetdm/fleet/issues/14550
- description: Target profiles to specific hosts using SQL. Coming soon (2023-12-31)
moreInfoUrl: https://github.com/fleetdm/fleet/issues/14715
- description: Automatically re-deploy configuration profiles on macOS they're not installed.
productCategories: [Device management]
- industryName: Self service
description: Provide resolution instructions for end users through Fleet Desktop that suggest how an end user can fix a posture issue themselves.
tier: Premium
usualDepartment: IT
productCategories: [Device management]
- industryName: User-initiated enrollment of macOS computers
tier: Free
usualDepartment: IT
productCategories: [Device management]
- industryName: Low-level MDM commands for macOS and Windows (e.g. remote restart)
tier: Free
usualDepartment: IT
productCategories: [Device management]
- industryName: Native macOS update reminders
tier: Free
usualDepartment: IT
productCategories: [Device management]
- industryName: Zero-touch setup for macOS computers
tier: Premium
usualDepartment: IT
productCategories: [Device management]
waysToUse:
- description: Ship a macOS workstation to the end users home and have them automatically enroll to Fleet during out-of-the-box setup.
- description: Ship a Windows workstation to the end users home and have them automatically enroll to Fleet during out-of-the-box setup. Coming soon (2023-12-31) #Customer-preston
- description: Customize the out-of-the-box setup experience for your end users.
- description: Require end users to authenticate with your identity provider (IdP) and agree to an end user license agreement (EULA) before they can use their new workstation
- industryName: Enforce OS updates
tier: Premium
usualDepartment: IT
productCategories: [Device management,Vulnerability management]
waysToUse:
- description: Enforce macOS updates via Nudge.
- description: Automatically update Windows after the end user reaches a deadline. Coming soon (2023-12-31) #Customer-preston
- industryName: Encrypt macOS hard disks with FileVault
tier: Premium
usualDepartment: IT
productCategories: [Device management]
- industryName: Remotely lock and wipe macOS computers
tier: Premium
usualDepartment: IT
productCategories: [Device management]
- industryName: Install apps and packages on macOS and Windows computers.
description:
moreInfoUrl: https://github.com/fleetdm/fleet/issues/14921
tier: Premium
comingSoonOn: 2023-12-31 #Customer-reedtimmer and customer-preston
usualDepartment: IT
productCategories: [Device management]
- industryName: Puppet module
friendlyName: Map macOS settings to computers with Puppet module
tier: Premium
usualDepartment: IT
productCategories: [Device management]
- categoryName: Inventory management
features:
- industryName: Software inventory
tier: Free
waysToUse:
- description: Implement software inventory recommendations from the SANS 20 / CIS 18.
moreInfoUrl: https://docs.google.com/document/d/1E6EQMMqrsRc6Z3YsR6Q33OaF9eAa8zLNaz4K2YzFdyo/edit#heading=h.7en766pueek4
- description: View a list of all software and their versions installed on all your hosts.
- description: View a list of software rolled up by title. Coming soon (2023-12-31)
moreInfoUrl: https://github.com/fleetdm/fleet/issues/14674
- industryName: Hardware inventory
tier: Free
waysToUse:
- description: Implement hardware and infrastructure inventory recommendations from the SANS 20 / CIS 18.
moreInfoUrl: https://docs.google.com/document/d/1E6EQMMqrsRc6Z3YsR6Q33OaF9eAa8zLNaz4K2YzFdyo/edit#heading=h.7en766pueek4
- industryName: Device inventory dashboard
tier: Free
- industryName: Browse installed software packages
tier: Free
- industryName: Search devices by IP, serial, hostname, UUID
tier: Free
- industryName: Labels (SQL-driven)
friendlyName: Filter hosts using SQL
tier: Free
- industryName: Custom device data for help desk
description:
moreInfoUrl: https://github.com/fleetdm/fleet/issues/14415
tier: Free
comingSoonOn: 2023-12-31
usualDepartment: IT
productCategories: [Endpoint operations,Device management]
- industryName: Baselines (device groups)
friendlyName: Manage different endpoints differently
description: Set baselines and strategies for hosts in different situations called "teams", and move hosts between them via API-driven automations or a simple, delegatable user interface with role-based access.
tier: Premium
productCategories: [Endpoint operations,Device management,Vulnerability management]
waysToUse:
- description: Automate remediation for different applications with different security postures (cloud security engineering)
- industryName: Generate reports for groups of devices
tier: Premium
- categoryName: Collaboration
features:
- industryName: Versionable queries and config (GitOps)
tier: Free
demos:
- description: A top financial services company needed to set up rolling deployments for changes to osquery agents running on their production servers.
moreInfoUrl: https://docs.google.com/document/d/1UdzZMyBLbs9SUXfSXN2x2wZQCbjZZUetYlNWH6-ryqQ/edit#heading=h.2lh6ehprpvl6
- industryName: Scope transparency
tier: Free
documentationUrl: https://fleetdm.com/transparency
- categoryName: Security and compliance
features:
- industryName: Single sign on (SSO, SAML)
tier: Free
- industryName: Disk encryption
friendlyName: Ensure hard disks are encrypted
description: Encrypt hard disks of macOS and Windows computers, manage escrowed encryption keys, and report on disk encryption status (FileVault, BitLocker).
tier: Free
waysToUse:
- description: Report on disk encryption status
- description: Encrypt hard disks on macOS with FileVault
- description: Escrow FileVault keys on macOS
- description: Encrypt hard disks on Windows with BitLocker. Coming soon (2023-12-31) #Customer-preston
- industryName: Audit queries and user activities
tier: Free
usualDepartment: Security
- industryName: Grant API-only access
tier: Free
- industryName: Programmable audit log
tier: Premium
usualDepartment: Security
waysToUse:
- description: Export activity of Fleet admins to your SIEM or data lake
- industryName: Just-in-time (JIT) provisioning
tier: Premium
- industryName: Automated user role sync via Okta, AD, or any IDP
tier: Premium
waysToUse:
- description: Automatically set admin access to Fleet based on your IDP
- industryName: Vanta integration
tier: Premium
- industryName: Trigger a workflow based on a failing policy
tier: Premium
- industryName: Role-based access control
tier: Premium
- categoryName: Vulnerability management
features:
- industryName: Detect vulnerable software #TODO: find a better industryName and make this the friendly name. Maybe separate out export.
tier: Free
usualDepartment: Security
productCategories: [Vulnerability management]
demos:
- description: A top gaming company wanted to replace Qualys for infrastructure vulnerability detection.
quote: So we have some stuff today through Qualys, but it's just not very good. A lot of it is...it's just really noisy. I'm trying to find out specifically, actually what packages are installed where, and then the ability to live query them.
moreInfoUrl: https://docs.google.com/document/d/1JWtRsW1FUTCkZEESJj9-CvXjLXK4219by-C6vvVVyBY/edit
waysToUse:
- description: Email relevant, actually-installed vulnerabilities to responsible teams so they can fix them.
moreInfoUrl: https://docs.google.com/document/d/1oeCmT077o_5nxzLhnxs7kcg_4Qn1Pn1F5zx10nQOAp8/edit
- industryName: Query performance monitoring
tier: Free
demos:
- description: A top software company needed to understand the performance impact of osquery queries before running them on all of their production Linux servers.
moreInfoUrl: https://docs.google.com/document/d/1WzMc8GJCRU6tTBb6gLsSTzFysqtXO8CtP2sXMPKgYSk/edit?disco=AAAA6xuVxGg
- description: A top software company wanted to detect regressions when adding/changing queries and fail builds if queries were too expensive.
moreInfoUrl: https://docs.google.com/document/d/1WzMc8GJCRU6tTBb6gLsSTzFysqtXO8CtP2sXMPKgYSk/edit?disco=AAAA6xuVxGg
waysToUse:
- description: Monitor performance for automated queries.
- description: Monitor performance for live queries. Coming soon (2024-01-26) #Customer-blanco
moreInfoUrl: https://github.com/fleetdm/fleet/issues/467
- industryName: Detect and surface issues with devices (policies)
tier: Free
- industryName: Vulnerability dashboard
tier: Premium
comingSoonOn: 2024-03-31
waysToUse:
- description: Only show vulnerabilities that you care about. Coming soon (2024-03-31) #Customer-faltona and customer-rialto
- industryName: Policy scoring
friendlyName: Mark policies as critical
tier: Premium
- industryName: Vulnerability scores (EPSS and CVSS) #TODO: Incorporate this perspective: https://github.com/fleetdm/confidential/issues/4120#issuecomment-1802350614
tier: Premium
usualDepartment: Security
productCategories: [Vulnerability management]
- industryName: CISA KEVs (known exploited vulnerabilities) #TODO: Incorporate this perspective: https://github.com/fleetdm/confidential/issues/4120#issuecomment-1802350614
tier: Premium
usualDepartment: Security
productCategories: [Vulnerability management]
- industryName: Patched version #Can be determined using description from National Vulnerability Database (NVD). Description tells you which versions are affected.
tier: Premium
usualDepartment: Security
productCategories: [Vulnerability management]
- categoryName: Data outputs
features:
- industryName: Flexible log destinations (AWS Kinesis, Lambda, GCP, Kafka)
tier: Free
usualDepartment: Security
productCategories: [Endpoint operations]
waysToUse:
- description: Choose different file sizes for automated query results and agent logs. Coming soon (2024-01-26) #Customer-blanco
moreInfoUrl: https://github.com/fleetdm/fleet/issues/11999
- industryName: File carving (AWS S3)
tier: Free
usualDepartment: Security
productCategories: [Endpoint operations]