fleet/handbook/company/pricing-features-table.yml

524 lines
35 KiB
YAML

- categoryName: Endpoint ops
features:
#
# ╔╦╗╔═╗╦ ╦╦╔═╗╔═╗ ╦ ╦╔═╗╔═╗╦ ╔╦╗╦ ╦
# ║║║╣ ╚╗╔╝║║ ║╣ ╠═╣║╣ ╠═╣║ ║ ╠═╣
# ═╩╝╚═╝ ╚╝ ╩╚═╝╚═╝ ╩ ╩╚═╝╩ ╩╩═╝╩ ╩ ╩
- industryName: Device health
friendlyName: Automate device health
description: Automatically report system health issues using webhooks or integrations, to notify or quarantine outdated or misconfigured systems that are at higher risk of vulnerabilities or theft.
documentationUrl:
screenshotSrc:
tier: Free
productCategories: [Endpoint operations]
dri: mikermcneil
demos:
- description: A large tech company used the Fleet API to block access to corporate apps for outdated operating system versions with certain "celebrity" vulnerabilities.
quote:
moreInfoUrl:
buzzwords: [Device trust,Zero trust,Beyondcorp,Device attestation,Conditional access]
waysToUse:
- description: Automatically manage the behavior of sick endpoints that are at higher risk of vulnerabilities.
- description: Implement conditional access based on device health using the Fleet API.
- description: Quickly report your posture and vulnerabilities to auditors, showing remediation status and timing.
- description: Control and restore access to applications by restricting access when devices do not meet particular security requirements.
moreInfoUrl: https://duo.com/docs/device-health
- description: Control which laptop and desktop devices can access corporate apps and websites based on what vulnerabilities it might be exposed to based on how the device is configured, whether it's up to date, its MDM enrollment status, and anything else you can build in a SQL query of Fleet's 300 data tables representing information about enrolled host systems.
- description: Implement multivariate device trust
moreInfoUrl: https://youtu.be/5sFOdpMLXQg?feature=shared&t=1445
- description: Implement your own version of Google's zero trust model (BeyondCorp)
moreInfoUrl: https://cloud.google.com/beyondcorp
#
# ╔═╗╔═╗╦═╗╦╔═╗╔╦╗ ╔═╗═╗ ╦╔═╗╔═╗╦ ╦╔╦╗╦╔═╗╔╗╔
# ╚═╗║ ╠╦╝║╠═╝ ║ ║╣ ╔╩╦╝║╣ ║ ║ ║ ║ ║║ ║║║║
# ╚═╝╚═╝╩╚═╩╩ ╩ ╚═╝╩ ╚═╚═╝╚═╝╚═╝ ╩ ╩╚═╝╝╚╝
- industryName: Script execution
fiendlyName: Safely execute custom scripts (macOS, Windows, and Linux)
description: Deploy and execute custom scripts using a REST API, and manage your library of scripts in the UI or a git repo.
documentationUrl: https://fleetdm.com/docs/using-fleet/scripts
tier: Premium
dri: mikermcneil
productCategories: [Endpoint operations,Device management]
waysToUse:
- description: Execute custom macOS scripts (client platform engineering)
moreInfoUrl: https://www.hexnode.com/blogs/executing-custom-mac-scripts-via-mdm/
- description: Execute custom Windows scripts (client platform engineering)
moreInfoUrl: https://www.hexnode.com/blogs/executing-custom-windows-scripts-via-mdm/
- description: Use PowerShell scripts on Windows devices
moreInfoUrl: https://learn.microsoft.com/en-us/mem/intune/apps/intune-management-extension
- description: Run PowerShell scripts for remediations (security engineering)
moreInfoUrl: https://learn.microsoft.com/en-us/mem/intune/fundamentals/powershell-scripts-remediation
- description: Download and run remediation scripts
moreInfoUrl: https://help.zscaler.com/deception/downloading-and-running-remediation-script
- description: Deploy custom scripts
moreInfoUrl: https://scalefusion.com/custom-scripting
#
# ╔═╗╦ ╦╔╦╗╔═╗╔╦╗╔═╗╔╦╗╦╔═╗ ╔═╗╔═╗╔═╗╔╦╗╦ ╦╦═╗╔═╗ ╔═╗╔═╗╔═╗╔═╗╔═╗╔═╗╔╦╗╔═╗╔╗╔╔╦╗
# ╠═╣║ ║ ║ ║ ║║║║╠═╣ ║ ║║ ╠═╝║ ║╚═╗ ║ ║ ║╠╦╝║╣ ╠═╣╚═╗╚═╗║╣ ╚═╗╚═╗║║║║╣ ║║║ ║
# ╩ ╩╚═╝ ╩ ╚═╝╩ ╩╩ ╩ ╩ ╩╚═╝ ╩ ╚═╝╚═╝ ╩ ╚═╝╩╚═╚═╝ ╩ ╩╚═╝╚═╝╚═╝╚═╝╚═╝╩ ╩╚═╝╝╚╝ ╩
- industryName: Automatic posture assessment
friendlyName: Verify any security or compliance goal
description: Simplify security audits, build definitive reports, and discover + verify ongoing compliance for every endpoint, from workstations to data centers.
documentationUrl:
screenshotSrc:
usualDepartment: Security
tier: Free
productCategories: [Endpoint operations]
dri: mikermcneil
demos:
- description:
quote:
moreInfoUrl:
buzzwords: [Attack surface management (ASM),Endpoint hardening,Security posture,Cyber hygiene,Threat hunting]
waysToUse:
- description: Monitor devices that don't meet your organization's custom security policies
- description: Keep your devices compliant with customizable baselines, or use common benchmarks like CIS.
- description: Discover security misconfigurations that increase attack surface.
- description: Detect suspcious services listening on open ports that should not be connected to the internet, such as Remote Desktop Protocol (RDP).
moreInfoUrl: https://paraflare.com/articles/vulnerability-management-via-osquery/#:~:text=WHERE%20statename%20%3D%20%E2%80%9CEnabled%E2%80%9D-,OPEN%20SOCKETS,-Lastly%2C%20an%20examination
- description: Discover potentially unwanted programs that increase attack surface.
moreInfoUrl: https://paraflare.com/articles/vulnerability-management-via-osquery/
- description: Detect self-signed certifcates
- description: Detect legacy protocols with safer versions
moreInfoUrl: https://paraflare.com/articles/vulnerability-management-via-osquery/#:~:text=WHERE%20self_signed%20%3D%201%3B-,LEGACY%20PROTOCOLS,-This%20section%20will
- description: Detect exposed secrets on the command line
moreInfoUrl: https://paraflare.com/articles/vulnerability-management-via-osquery/#:~:text=WDigest%20is%20disabled.-,EXPOSED%20SECRETS,-Often%2C%20to%20create
- description: Detect and surface issues with devices
- description: Share device health reports
- description: Align endpoints with your security policies
moreInfoUrl: https://www.axonius.com/use-cases/cmdb-reconciliation
- description: Maximize security control coverage
- description: Uncover gaps in security policies, configurations, and hygiene
moreInfoUrl: https://www.axonius.com/use-cases/coverage-gap-discovery
- description: Automatically apply security policies to protect endpoints against attack.
- description: Surface security issues in all your deployed endpoints even data centers and factories.
- description: Continually validate controls and policies
#
# ╦ ╦╦ ╦╔╦╗╔═╗╔╗╔ ╔═╗╔╗╔╔╦╗╔═╗╔═╗╦╔╗╔╔╦╗ ╔╦╗╔═╗╔═╗╔═╗╦╔╗╔╔═╗
# ╠═╣║ ║║║║╠═╣║║║───║╣ ║║║ ║║╠═╝║ ║║║║║ ║ ║║║╠═╣╠═╝╠═╝║║║║║ ╦
# ╩ ╩╚═╝╩ ╩╩ ╩╝╚╝ ╚═╝╝╚╝═╩╝╩ ╚═╝╩╝╚╝ ╩ ╩ ╩╩ ╩╩ ╩ ╩╝╚╝╚═╝
- industryName: Human-endpoint mapping
friendlyName: See who logs in on every computer
description: Identify who logs in to any system, including login history and current sessions. Look up any host by the email address of the person using it.
documentationUrl:
screenshotSrc:
tier: Free
productCategories: [Endpoint operations]
dri: mikermcneil
demos:
- description: Security engineers at a top gaming company wanted to get demographics off their macOS, Windows, and Linux machines about who the user is and who's logged in.
moreInfoUrl: https://docs.google.com/document/d/1qFYtMoKh3zyERLhbErJOEOo2me6Bc7KOOkjKn482Sqc/edit
waysToUse:
- description: Look up computer by ActiveDirectory account
- description: Find device by Google Chrome user
- description: Identify who logs in to any system, including login history and current sessions.
- description: Look up any host by the email address of the person using it.
- description: Check user login history
moreInfoUrl: https://www.lepide.com/how-to/audit-who-logged-into-a-computer-and-when.html#:~:text=To%20find%20out%20the%20details,logs%20in%20%E2%80%9CWindows%20Logs%E2%80%9D.
- description: See currently logged in users
moreInfoUrl: https://www.top-password.com/blog/see-currently-logged-in-users-in-windows/
- description: Get demographics off of our machines about who the user is and who's logged in
moreInfoUrl: https://docs.google.com/document/d/1qFYtMoKh3zyERLhbErJOEOo2me6Bc7KOOkjKn482Sqc/edit
- description: See what servers someone is logged-in on
moreInfoUrl: https://community.spiceworks.com/topic/138171-is-there-a-way-to-see-what-servers-someone-is-logged-in-on
# ╔═╗═╗ ╦╔═╗╔═╗╦═╗╔╦╗ ┬ ╔═╗╦ ╦╔╗╔╔═╗
# ║╣ ╔╩╦╝╠═╝║ ║╠╦╝ ║ ┌┼─ ╚═╗╚╦╝║║║║
# ╚═╝╩ ╚═╩ ╚═╝╩╚═ ╩ └┘ ╚═╝ ╩ ╝╚╝╚═╝
- industryName: Automated export/sync
friendlyName: Build custom query automations
description: Ship logs with snapshots of any imaginable report, or monitor results for changes.
tier: Free
usualDepartment: Security
productCategories: [Endpoint operations]
waysToUse:
- description: Ship logs to Splunk, Snowflake, and more
- description: Synchronize live state of endpoints to a data lake or SIEM in a consistent shape.
- description: Export the data to other systems
moreInfoUrl: https://docs.google.com/document/d/1pE9U-1E4YDiy6h4TorszrTOiFAauFiORikSUFUqW7Pk/edit
- description: Export data to a third-party SIEM tool
moreInfoUrl: https://www.websense.com/content/support/library/web/hosted/admin_guide/siem_integration_explain.aspx
- description: Gather data and log events from endpoints
moreInfoUrl: https://techbeacon.com/security/how-osquery-can-lift-your-security-teams-game#:~:text=%22If%20security%20teams%20didn%27t%20have%20osquery%2C%20they%20would%20have%20to%20find%20a%20way%20to%20manually%20go%20into%20each%20endpoint%20and%20gather%20data%2C%20or%20buy%20a%20third%2Dparty%20tool%20to%20do%20that%20for%20them
#
# ╔═╗╦╔╦╗
# ╠╣ ║║║║
# ╚ ╩╩ ╩
- industryName: File integrity monitoring (FIM) # Short industry phrase
friendlyName: Detect changes to critical files # Short, Fleet one-liner for the feature, written in the imperative mood. (If easy to do, base this off of the words that an actual customer is saying.)
description: Specify files to monitor for changes or deletions, then log those events to your SIEM or data lake, including key information such as filepath and checksum. # Clear Mr. Rogers description
documentationUrl: https://fleetdm.com/guides/osquery-evented-tables-overview#file-integrity-monitoring-fim # URL of the single-best page within the docs which serves as a "jumping-off point" for this feature.
screenshotSrc: "" # A screenshot of the single, best, simplifying, obvious example
tier: Free # Either "Free" or "Premium"
usualDepartment: Security # or omit if there isn't a particular departmental leaning we've noticed
productCategories: [Endpoint operations] # or omit if this isn't associated with a single product category
dri: mikermcneil #GitHub user name
demos:
- description: A top gaming company needed a way to monitor critical files on production Debian servers.
quote: The FIM features are kind of a top priority.
moreInfoUrl: https://docs.google.com/document/d/1pE9U-1E4YDiy6h4TorszrTOiFAauFiORikSUFUqW7Pk/edit
buzzwords: [File integrity monitoring (FIM),Host-based intrusion detection system (HIDS),Anomaly detection]
waysToUse:
- description: Monitor critical files on production Debian servers
- description: Detect anomalous filesystem activity
moreInfoUrl: https://www.beyondtrust.com/resources/glossary/file-integrity-monitoring
- description: Pinpoint unintended changes
moreInfoUrl: https://www.beyondtrust.com/resources/glossary/file-integrity-monitoring
- description: Verify update status and monitor system health
moreInfoUrl: https://www.beyondtrust.com/resources/glossary/file-integrity-monitoring
- description: Meet compliance mandates
moreInfoUrl: https://www.beyondtrust.com/resources/glossary/file-integrity-monitoring
# ╦ ╦╔═╗╦═╗╔═╗
# ╚╦╝╠═╣╠╦╝╠═╣
# ╩ ╩ ╩╩╚═╩ ╩
- industryName: Malware detection (YARA)
fiendlyName: Scan files for malware signatures
description: Trigger automations when a file matches a YARA signature.
documentationUrl: https://fleetdm.com/tables/yara
tier: Free
dri: mikermcneil
usualDepartment: Security
productCategories: [Endpoint operations,Vulnerability management]
buzzwords: [YARA scanning,Antivirus (AV),Endpoint protection platform (EPP),Signature-based malware detection,Malware scanning,Malware analysis,Anomaly detection]
waysToUse:
- description: Write YARA rules to continuously scan host filesystems for malware signatures using policies.
moreInfoUrl: https://yara.readthedocs.io/en/stable/writingrules.html
- description: Monitor for relevent filesystem changes (YARA events) and on-demand YARA signature scans.
moreInfoUrl: https://osquery.readthedocs.io/en/stable/deployment/yara/
- description: Use YARA for malware detection
moreInfoUrl: https://www.cisa.gov/sites/default/files/FactSheets/NCCIC%20ICS_FactSheet_YARA_S508C.pdf
- description: Scan for indicators of compromise (IoC) for common malware.
moreInfoUrl: https://github.com/Cisco-Talos/osquery_queries
- description: Analyze malware using data from osquery, such as endpoint certificates and launch daemons (launchd).
moreInfoUrl: https://medium.com/hackernoon/malware-analysis-using-osquery-part-3-9dc805b67d16
- description: Detect persistent malware (e.g. WireLurker) in endpoints by generating simple policies that search for their static indicators of compromise (IoCs).
moreInfoUrl: https://osquery.readthedocs.io/en/stable/deployment/anomaly-detection/
- description: Run a targeted YARA scan with osquery as a lightweight approach to scan anything on a host filesystem, with minimal performance impact. Unlike full system YARA scans which consume considerable CPU resources, an equivalent YARA scan targeted in Fleet can be 8x cheaper (CPU %).
moreInfoUrl: https://www.tripwire.com/state-of-security/signature-socket-based-malware-detection-osquery-yara
# ╔═╗╔═╗╔═╗╔╗╔╔╦╗ ╔═╗╦ ╦╔╦╗╔═╗ ╦ ╦╔═╗╔╦╗╔═╗╔╦╗╔═╗
# ╠═╣║ ╦║╣ ║║║ ║ ╠═╣║ ║ ║ ║ ║───║ ║╠═╝ ║║╠═╣ ║ ║╣
# ╩ ╩╚═╝╚═╝╝╚╝ ╩ ╩ ╩╚═╝ ╩ ╚═╝ ╚═╝╩ ═╩╝╩ ╩ ╩ ╚═╝
- industryName: Agent auto-update
friendlyName: Keep agents and extensions up to date
descrption: Keep agents and extensions up to date by loading code from Fleet's free update registry.
tier: Free
productCategories: [Endpoint operations]
# ╦╔╗╔╔═╗╔╦╗╔═╗╦ ╦ ╔═╗╦═╗╔═╗
# ║║║║╚═╗ ║ ╠═╣║ ║ ║╣ ╠╦╝╚═╗
# ╩╝╚╝╚═╝ ╩ ╩ ╩╩═╝╩═╝╚═╝╩╚═╚═╝
- industryName: Installers (self-service)
tier: Free
productCategories: [Endpoint operations]
# ╔╗ ╔═╗╔╦╗╔═╗╦ ╦ ╦╔╗╔╔═╗╔╦╗╔═╗╦ ╦ ╔═╗╔╦╗╦╔═╗╔╗╔
# ╠╩╗╠═╣ ║ ║ ╠═╣ ║║║║╚═╗ ║ ╠═╣║ ║ ╠═╣ ║ ║║ ║║║║
# ╚═╝╩ ╩ ╩ ╚═╝╩ ╩ ╩╝╚╝╚═╝ ╩ ╩ ╩╩═╝╩═╝╩ ╩ ╩ ╩╚═╝╝╚╝
- industryName: Batch installation (Chef, Ansible, Puppet, MDM)
friendlyName: Install agents over the air
tier: Free
productCategories: [Endpoint operations]
# ╦═╗╔═╗╔╦╗╔═╗╔╦╗╔═╗ ╔═╗╔═╗╔╦╗╔╦╗╦╔╗╔╔═╗╔═╗
# ╠╦╝║╣ ║║║║ ║ ║ ║╣ ╚═╗║╣ ║ ║ ║║║║║ ╦╚═╗
# ╩╚═╚═╝╩ ╩╚═╝ ╩ ╚═╝ ╚═╝╚═╝ ╩ ╩ ╩╝╚╝╚═╝╚═╝
- industryName: Remote settings
description: Configure agent options remotely, over the air. (Includes osquery config, fleetd options, and osquery startup flags.)
tier: Free
usualDepartment: Security
productCategories: [Endpoint operations]
# ╦ ╦╔═╗╦═╗╦╔═╗╔╗ ╦ ╔═╗ ╔═╗╔╗╔╦═╗╔═╗╦ ╦ ╔╦╗╔═╗╔╗╔╔╦╗
# ╚╗╔╝╠═╣╠╦╝║╠═╣╠╩╗║ ║╣ ║╣ ║║║╠╦╝║ ║║ ║ ║║║║╣ ║║║ ║
# ╚╝ ╩ ╩╩╚═╩╩ ╩╚═╝╩═╝╚═╝ ╚═╝╝╚╝╩╚═╚═╝╩═╝╩═╝╩ ╩╚═╝╝╚╝ ╩
- industryName: Variable enrollment
description: Enroll hosts in different groups using different enrollment secrets and/or installers per-baseline.
tier: Premium
# ╔═╗╦═╗╦╦ ╦╔═╗╔╦╗╔═╗ ╦ ╦╔═╗╔╦╗╔═╗╔╦╗╔═╗ ╦═╗╔═╗╔═╗╦╔═╗╔╦╗╦═╗╦ ╦
# ╠═╝╠╦╝║╚╗╔╝╠═╣ ║ ║╣ ║ ║╠═╝ ║║╠═╣ ║ ║╣ ╠╦╝║╣ ║ ╦║╚═╗ ║ ╠╦╝╚╦╝
# ╩ ╩╚═╩ ╚╝ ╩ ╩ ╩ ╚═╝ ╚═╝╩ ═╩╝╩ ╩ ╩ ╚═╝ ╩╚═╚═╝╚═╝╩╚═╝ ╩ ╩╚═ ╩
- industryName: Private update registry
friendlyName: Update agents from a secret URL
description: Load agent code from a secret URL that you manage.
tier: Premium
usualDepartment: Security
productCategories: [Endpoint operations]
# ╔═╗╦ ╦╔═╗╔╦╗╔═╗╔╦╗ ╔╦╗╔═╗╔╗ ╦ ╔═╗╔═╗
# ║ ║ ║╚═╗ ║ ║ ║║║║ ║ ╠═╣╠╩╗║ ║╣ ╚═╗
# ╚═╝╚═╝╚═╝ ╩ ╚═╝╩ ╩ ╩ ╩ ╩╚═╝╩═╝╚═╝╚═╝
- industryName: Custom tables
friendlyName: Add tables to osquery with extensions
description: Install osquery extensions over the air. # (GitOptional)
moreInfoUrl: https://github.com/trailofbits/osquery-extensions/blob/3df2b72ad78549e25344c79dbc9bce6808c4d92a/README.md#extensions
tier: Premium
- categoryName: Integrations
features:
#
# ╦═╗╔═╗╔═╗╔╦╗ ╔═╗╔═╗╦
# ╠╦╝║╣ ╚═╗ ║ ╠═╣╠═╝║
# ╩╚═╚═╝╚═╝ ╩ ╩ ╩╩ ╩
- industryName: REST API
friendlyName: Automate any feature
description:
documentationUrl: https://fleetdm.com/docs/rest-api/rest-api
screenshotSrc:
tier: Free
dri: rachaelshaw
# ╔═╗╔═╗╔╦╗╔╦╗╔═╗╔╗╔╔╦╗ ╦ ╦╔╗╔╔═╗ ╔╦╗╔═╗╔═╗╦ ┌─ ╔═╗╦ ╦ ─┐
# ║ ║ ║║║║║║║╠═╣║║║ ║║ ║ ║║║║║╣ ║ ║ ║║ ║║ │ ║ ║ ║ │
# ╚═╝╚═╝╩ ╩╩ ╩╩ ╩╝╚╝═╩╝ ╩═╝╩╝╚╝╚═╝ ╩ ╚═╝╚═╝╩═╝ └─ ╚═╝╩═╝╩ ─┘
- industryName: Command line tool (CLI)
friendlyName: fleetctl
tier: Free
# ╦ ╦╔═╗╔╗ ╦ ╦╔═╗╔═╗╦╔═╔═╗
# ║║║║╣ ╠╩╗╠═╣║ ║║ ║╠╩╗╚═╗
# ╚╩╝╚═╝╚═╝╩ ╩╚═╝╚═╝╩ ╩╚═╝
- industryName: Webhooks
friendlyName:
tier: Free
# ╔╦╗╔═╗╔═╗╔═╗ ╔═╗╦ ╦╔╦╗╔═╗╔╦╗╔═╗╔╦╗╦╔═╗╔╗╔╔═╗
# ║║║╣ ║╣ ╠═╝ ╠═╣║ ║ ║ ║ ║║║║╠═╣ ║ ║║ ║║║║╚═╗
# ═╩╝╚═╝╚═╝╩ ╩ ╩╚═╝ ╩ ╚═╝╩ ╩╩ ╩ ╩ ╩╚═╝╝╚╝╚═╝
- industryName: Deep automations
friendlyName: Trigger webhooks or run scripts
description: Fire off webhooks or run scripts on hosts when certain things happen in Fleet.
productCategories: [Endpoint operations,Device management,Vulnerability management]
comingSoonOn: 2024-06-30
tier: Free
buzzwords: [Automated remediation,Auto-remediation,Self-healing]
waysToUse:
- description: Use policy automations to automatically remediate issues and mitigate vulnerabilities.
- description: Use osquery and santa to work around inflexibilities in proprietary MDMs and other protection solutions.
- description: Listen to webhooks to perform autonomous self-healing (cloud security engineering)
moreInfoUrl: https://www.fugue.co/blog/automated-remediation-scripts-vs.-self-healing-infrastructure-two-approaches-to-cloud-security
# ╔═╗╦╔╦╗╔═╗╔═╗╔═╗
# ║ ╦║ ║ ║ ║╠═╝╚═╗
# ╚═╝╩ ╩ ╚═╝╩ ╚═╝
- industryName: GitOps
friendlyName: Manage endpoints in git
description: Fork the best practices repo and use the GitHub Action to hook it up to your Fleet instance in minutes.
moreInfoUrl: https://github.com/fleetdm/fleet-mdm-gitops
productCategories: [Endpoint operations,Device management,Vulnerability management]
tier: Free
# ╔═╗╦═╗╔═╗╔═╗ ╦╔╗╔╔╦╗╔═╗╔═╗╦═╗╔═╗╔╦╗╦╔═╗╔╗╔╔═╗
# ╠╣ ╠╦╝║╣ ║╣ ║║║║ ║ ║╣ ║ ╦╠╦╝╠═╣ ║ ║║ ║║║║╚═╗
# ╚ ╩╚═╚═╝╚═╝ ╩╝╚╝ ╩ ╚═╝╚═╝╩╚═╩ ╩ ╩ ╩╚═╝╝╚╝╚═╝
- industryName: Free integrations (Tines, Snowflake, Terraform, Chronicle, etc)
friendlyName: Borrow off-the-shelf tactics from the community
description:
moreInfoUrl: https://fleetdm.com/integrations
tier: Free
waysToUse:
- description: (ActiveDirectory) Know who opened your computer and check their device posture before you let them log into anything.
- description: (Ansible) Easily issue MDM commands and standardize data across operating systems.
- description: (AWS) Deploy your own self-managed Fleet in any AWS environment in minutes.
- description: (Azure) Deploy your own self-managed Fleet in the Microsoft Cloud in minutes.
- description: (Chef) Easily issue MDM commands and standardize data across operating systems.
- description: (Elastic) Ingest osquery data and monitor for important changes or events.
- description: (GitHub) Version control using git, enabling collaboration and a GitOps workflow.
- description: (GitLab) Version control using git, enabling collaboration and a GitOps workflow.
- description: (Chronicle) Ingest osquery data and monitor for important changes or events.
- description: (Google Cloud) Deploy your own self-managed Fleet in any GCP environment in minutes.
- description: (Munki) Easily issue MDM commands and standardize data across operating systems.
- description: (Okta) Know who opened your computer and check their device posture before you let them log into anything.
- description: (Snowflake) Ingest osquery data and monitor for important changes or events.
- description: (Splunk) Ingest osquery data and monitor for important changes or events.
- description: (Tines) Build custom workflows that trigger in various situations.
- description: (Webhooks) Configure automations that send webhooks to specific URLs when Fleet detects changes to host, policy, and CVE statuses.
# ╔═╗╦═╗╔═╗╔╦╗╦╦ ╦╔╦╗ ╦╔╗╔╔╦╗╔═╗╔═╗╦═╗╔═╗╔╦╗╦╔═╗╔╗╔╔═╗
# ╠═╝╠╦╝║╣ ║║║║║ ║║║║ ║║║║ ║ ║╣ ║ ╦╠╦╝╠═╣ ║ ║║ ║║║║╚═╗
# ╩ ╩╚═╚═╝╩ ╩╩╚═╝╩ ╩ ╩╝╚╝ ╩ ╚═╝╚═╝╩╚═╩ ╩ ╩ ╩╚═╝╝╚╝╚═╝
- industryName: Premium integrations (Puppet, Vanta, Jira, Zendesk, etc)
friendlyName: Borrow off-the-shelf tactics from legendary brands
description: Plug in to cutting edge frameworks from similar organizations.
moreInfoUrl: https://fleetdm.com/integrations
tier: Premium
buzzwords: [Vanta,Puppet,Jira,Zendesk,Custom IdP]
waysToUse:
- description: (Vanta) Trigger a workflow based on a failing policy.
- description: (Puppet) Easily issue MDM commands, standardize data across operating systems, and map macOS+Windows settings to computers with the Puppet module.
- description: (Jira) Automatically create Jira tickets in various situations.
- description: (Torq) Build custom workflows that trigger in various situations.
- description: (Zendesk) Automatically create Zendesk tickets in various situations.
- description: (Custom IdP) Manage access to Fleet single sign-on (SSO) through any IdP (using SAML).
- categoryName: Support
features:
- industryName: Public issue tracker (GitHub)
tier: Free
- industryName: Community Slack channel
tier: Free
- industryName: Unlimited email support (confidential)
tier: Premium
- industryName: Phone and video call support
tier: Premium
- categoryName: Deployment
features:
- industryName: Self-managed
friendlyName: Host it yourself
tier: Free
buzzwords: [Self-hosted]
- industryName: Deployment tools (Terraform, Helm)
tier: Free
productCategories: [Endpoint operations]
- industryName: Managed Cloud
tier: Premium
- categoryName: Device management
features:
- industryName: Interactive MDM migration # « end-user initiated MDM migration, with interactive UI
tier: Free
usualDepartment: IT
productCategories: [Device management]
- industryName: Remotely enforce macOS settings
tier: Free
usualDepartment: IT
productCategories: [Device management]
- industryName: Self service
description: Provide resolution instructions for end users through Fleet Desktop that suggest how an end user can fix a posture issue themselves.
tier: Premium
usualDepartment: IT
productCategories: [Device management]
- industryName: User-initiated enrollment of macOS computers
tier: Free
usualDepartment: IT
productCategories: [Device management]
- industryName: Low-level macOS MDM commands (e.g. remote restart)
tier: Free
usualDepartment: IT
productCategories: [Device management]
- industryName: Native macOS update reminders
tier: Free
usualDepartment: IT
productCategories: [Device management]
- industryName: Zero-touch setup for macOS computers
tier: Premium
usualDepartment: IT
productCategories: [Device management]
- industryName: End-user macOS update reminders (via Nudge)
tier: Premium
usualDepartment: IT
productCategories: [Device management,Vulnerability management]
- industryName: Encrypt macOS hard disks with FileVault
tier: Premium
usualDepartment: IT
productCategories: [Device management]
- industryName: Manage queued MDM commands on macOS
tier: Premium
comingSoonOn: 2023-12-31
usualDepartment: IT
productCategories: [Device management]
- industryName: Remotely lock and wipe macOS computers
tier: Premium
usualDepartment: IT
productCategories: [Device management]
- industryName: Update apps on macOS computers
tier: Premium
comingSoonOn: 2024-03-31
usualDepartment: IT
productCategories: [Device management]
- industryName: Puppet module
friendlyName: Map macOS settings to computers with Puppet module
tier: Premium
usualDepartment: IT
productCategories: [Device management]
- categoryName: Inventory management
features:
- industryName: Device inventory dashboard
tier: Free
- industryName: Browse installed software packages
tier: Free
- industryName: Search devices by IP, serial, hostname, UUID
tier: Free
- industryName: Labels (SQL-driven)
friendlyName: Filter hosts using SQL
tier: Free
- industryName: Baselines (device groups)
friendlyName: Manage different endpoints differently
description: Set baselines and strategies for hosts in different situations called "teams", and move hosts between them via API-driven automations or a simple, delegatable user interface with role-based access.
tier: Premium
productCategories: [Endpoint operations,Device management,Vulnerability management]
waysToUse:
- description: Automate remediation for different applications with different security postures (cloud security engineering)
- industryName: Generate reports for groups of devices
tier: Premium
- categoryName: Collaboration
features:
- industryName: Versionable queries and config (GitOps)
tier: Free
demos:
- description: A top financial services company needed to set up rolling deployments for changes to osquery agents running on their production servers.
moreInfoUrl: https://docs.google.com/document/d/1UdzZMyBLbs9SUXfSXN2x2wZQCbjZZUetYlNWH6-ryqQ/edit#heading=h.2lh6ehprpvl6
- industryName: Scope transparency
tier: Free
documentationUrl: https://fleetdm.com/transparency
- categoryName: Security and compliance
features:
- industryName: Single sign on (SSO, SAML)
tier: Free
- industryName: Disk encryption
friendlyName: Ensure hard disks are encrypted
description: Encrypt hard disks of macOS and Windows computers, manage escrowed encryption keys, and report on disk encryption status (FileVault, BitLocker).
tier: Free
waysToUse:
- description: Report on disk encryption status
- description: Encrypt hard disks on macOS with FileVault
- description: Escrow FileVault keys on macOS
- description: Encrypt hard disks on Windows with BitLocker
- industryName: Audit queries and user activities
tier: Free
usualDepartment: Security
- industryName: Grant API-only access
tier: Free
- industryName: Programmable audit log
tier: Premium
usualDepartment: Security
waysToUse:
- description: Export activity of Fleet admins to your SIEM or data lake
- industryName: Just-in-time (JIT) provisioning
tier: Premium
- industryName: Automated user role sync via Okta, AD, or any IDP
tier: Premium
waysToUse:
- description: Automatically set admin access to Fleet based on your IDP
- industryName: Vanta integration
tier: Premium
- industryName: Trigger a workflow based on a failing policy
tier: Premium
- industryName: Role-based access control
tier: Premium
- categoryName: Vulnerability management
features:
- industryName: Detect vulnerable software
tier: Free
usualDepartment: Security
productCategories: [Vulnerability management]
demos:
- description: A top gaming company wanted to replace Qualys for infrastructure vulnerability detection.
quote: So we have some stuff today through Qualys, but it's just not very good. A lot of it is...it's just really noisy. I'm trying to find out specifically, actually what packages are installed where, and then the ability to live query them.
moreInfoUrl: https://docs.google.com/document/d/1JWtRsW1FUTCkZEESJj9-CvXjLXK4219by-C6vvVVyBY/edit
- industryName: Query performance monitoring
tier: Free
demos:
- description: A top software company needed to understand the performance impact of osquery queries before running them on all of their production Linux servers.
moreInfoUrl: https://docs.google.com/document/d/1WzMc8GJCRU6tTBb6gLsSTzFysqtXO8CtP2sXMPKgYSk/edit?disco=AAAA6xuVxGg
- description: A top software company wanted to detect regressions when adding/changing queries and fail builds if queries were too expensive.
moreInfoUrl: https://docs.google.com/document/d/1WzMc8GJCRU6tTBb6gLsSTzFysqtXO8CtP2sXMPKgYSk/edit?disco=AAAA6xuVxGg
- industryName: Detect and surface issues with devices (policies)
tier: Free
- industryName: Policy scoring
friendlyName: Mark policies as critical
tier: Premium
comingSoonOn: 2023-12-31
- industryName: Vulnerability scores (EPSS and CVSS)
tier: Premium
usualDepartment: Security
productCategories: [Vulnerability management]
- industryName: CISA KEVs (known exploited vulnerabilities)
tier: Premium
usualDepartment: Security
productCategories: [Vulnerability management]
- categoryName: Data outputs
features:
- industryName: Flexible log destinations (AWS Kinesis, Lambda, GCP, Kafka)
tier: Free
usualDepartment: Security
productCategories: [Endpoint operations]
- industryName: File carving (AWS S3)
tier: Free
usualDepartment: Security
productCategories: [Endpoint operations]