mirror of
https://github.com/empayre/fleet.git
synced 2024-11-07 01:15:22 +00:00
524 lines
35 KiB
YAML
524 lines
35 KiB
YAML
- categoryName: Endpoint ops
|
|
features:
|
|
#
|
|
# ╔╦╗╔═╗╦ ╦╦╔═╗╔═╗ ╦ ╦╔═╗╔═╗╦ ╔╦╗╦ ╦
|
|
# ║║║╣ ╚╗╔╝║║ ║╣ ╠═╣║╣ ╠═╣║ ║ ╠═╣
|
|
# ═╩╝╚═╝ ╚╝ ╩╚═╝╚═╝ ╩ ╩╚═╝╩ ╩╩═╝╩ ╩ ╩
|
|
- industryName: Device health
|
|
friendlyName: Automate device health
|
|
description: Automatically report system health issues using webhooks or integrations, to notify or quarantine outdated or misconfigured systems that are at higher risk of vulnerabilities or theft.
|
|
documentationUrl:
|
|
screenshotSrc:
|
|
tier: Free
|
|
productCategories: [Endpoint operations]
|
|
dri: mikermcneil
|
|
demos:
|
|
- description: A large tech company used the Fleet API to block access to corporate apps for outdated operating system versions with certain "celebrity" vulnerabilities.
|
|
quote:
|
|
moreInfoUrl:
|
|
buzzwords: [Device trust,Zero trust,Beyondcorp,Device attestation,Conditional access]
|
|
waysToUse:
|
|
- description: Automatically manage the behavior of sick endpoints that are at higher risk of vulnerabilities.
|
|
- description: Implement conditional access based on device health using the Fleet API.
|
|
- description: Quickly report your posture and vulnerabilities to auditors, showing remediation status and timing.
|
|
- description: Control and restore access to applications by restricting access when devices do not meet particular security requirements.
|
|
moreInfoUrl: https://duo.com/docs/device-health
|
|
- description: Control which laptop and desktop devices can access corporate apps and websites based on what vulnerabilities it might be exposed to based on how the device is configured, whether it's up to date, its MDM enrollment status, and anything else you can build in a SQL query of Fleet's 300 data tables representing information about enrolled host systems.
|
|
- description: Implement multivariate device trust
|
|
moreInfoUrl: https://youtu.be/5sFOdpMLXQg?feature=shared&t=1445
|
|
- description: Implement your own version of Google's zero trust model (BeyondCorp)
|
|
moreInfoUrl: https://cloud.google.com/beyondcorp
|
|
#
|
|
# ╔═╗╔═╗╦═╗╦╔═╗╔╦╗ ╔═╗═╗ ╦╔═╗╔═╗╦ ╦╔╦╗╦╔═╗╔╗╔
|
|
# ╚═╗║ ╠╦╝║╠═╝ ║ ║╣ ╔╩╦╝║╣ ║ ║ ║ ║ ║║ ║║║║
|
|
# ╚═╝╚═╝╩╚═╩╩ ╩ ╚═╝╩ ╚═╚═╝╚═╝╚═╝ ╩ ╩╚═╝╝╚╝
|
|
- industryName: Script execution
|
|
fiendlyName: Safely execute custom scripts (macOS, Windows, and Linux)
|
|
description: Deploy and execute custom scripts using a REST API, and manage your library of scripts in the UI or a git repo.
|
|
documentationUrl: https://fleetdm.com/docs/using-fleet/scripts
|
|
tier: Premium
|
|
dri: mikermcneil
|
|
productCategories: [Endpoint operations,Device management]
|
|
waysToUse:
|
|
- description: Execute custom macOS scripts (client platform engineering)
|
|
moreInfoUrl: https://www.hexnode.com/blogs/executing-custom-mac-scripts-via-mdm/
|
|
- description: Execute custom Windows scripts (client platform engineering)
|
|
moreInfoUrl: https://www.hexnode.com/blogs/executing-custom-windows-scripts-via-mdm/
|
|
- description: Use PowerShell scripts on Windows devices
|
|
moreInfoUrl: https://learn.microsoft.com/en-us/mem/intune/apps/intune-management-extension
|
|
- description: Run PowerShell scripts for remediations (security engineering)
|
|
moreInfoUrl: https://learn.microsoft.com/en-us/mem/intune/fundamentals/powershell-scripts-remediation
|
|
- description: Download and run remediation scripts
|
|
moreInfoUrl: https://help.zscaler.com/deception/downloading-and-running-remediation-script
|
|
- description: Deploy custom scripts
|
|
moreInfoUrl: https://scalefusion.com/custom-scripting
|
|
#
|
|
# ╔═╗╦ ╦╔╦╗╔═╗╔╦╗╔═╗╔╦╗╦╔═╗ ╔═╗╔═╗╔═╗╔╦╗╦ ╦╦═╗╔═╗ ╔═╗╔═╗╔═╗╔═╗╔═╗╔═╗╔╦╗╔═╗╔╗╔╔╦╗
|
|
# ╠═╣║ ║ ║ ║ ║║║║╠═╣ ║ ║║ ╠═╝║ ║╚═╗ ║ ║ ║╠╦╝║╣ ╠═╣╚═╗╚═╗║╣ ╚═╗╚═╗║║║║╣ ║║║ ║
|
|
# ╩ ╩╚═╝ ╩ ╚═╝╩ ╩╩ ╩ ╩ ╩╚═╝ ╩ ╚═╝╚═╝ ╩ ╚═╝╩╚═╚═╝ ╩ ╩╚═╝╚═╝╚═╝╚═╝╚═╝╩ ╩╚═╝╝╚╝ ╩
|
|
- industryName: Automatic posture assessment
|
|
friendlyName: Verify any security or compliance goal
|
|
description: Simplify security audits, build definitive reports, and discover + verify ongoing compliance for every endpoint, from workstations to data centers.
|
|
documentationUrl:
|
|
screenshotSrc:
|
|
usualDepartment: Security
|
|
tier: Free
|
|
productCategories: [Endpoint operations]
|
|
dri: mikermcneil
|
|
demos:
|
|
- description:
|
|
quote:
|
|
moreInfoUrl:
|
|
buzzwords: [Attack surface management (ASM),Endpoint hardening,Security posture,Cyber hygiene,Threat hunting]
|
|
waysToUse:
|
|
- description: Monitor devices that don't meet your organization's custom security policies
|
|
- description: Keep your devices compliant with customizable baselines, or use common benchmarks like CIS.
|
|
- description: Discover security misconfigurations that increase attack surface.
|
|
- description: Detect suspcious services listening on open ports that should not be connected to the internet, such as Remote Desktop Protocol (RDP).
|
|
moreInfoUrl: https://paraflare.com/articles/vulnerability-management-via-osquery/#:~:text=WHERE%20statename%20%3D%20%E2%80%9CEnabled%E2%80%9D-,OPEN%20SOCKETS,-Lastly%2C%20an%20examination
|
|
- description: Discover potentially unwanted programs that increase attack surface.
|
|
moreInfoUrl: https://paraflare.com/articles/vulnerability-management-via-osquery/
|
|
- description: Detect self-signed certifcates
|
|
- description: Detect legacy protocols with safer versions
|
|
moreInfoUrl: https://paraflare.com/articles/vulnerability-management-via-osquery/#:~:text=WHERE%20self_signed%20%3D%201%3B-,LEGACY%20PROTOCOLS,-This%20section%20will
|
|
- description: Detect exposed secrets on the command line
|
|
moreInfoUrl: https://paraflare.com/articles/vulnerability-management-via-osquery/#:~:text=WDigest%20is%20disabled.-,EXPOSED%20SECRETS,-Often%2C%20to%20create
|
|
- description: Detect and surface issues with devices
|
|
- description: Share device health reports
|
|
- description: Align endpoints with your security policies
|
|
moreInfoUrl: https://www.axonius.com/use-cases/cmdb-reconciliation
|
|
- description: Maximize security control coverage
|
|
- description: Uncover gaps in security policies, configurations, and hygiene
|
|
moreInfoUrl: https://www.axonius.com/use-cases/coverage-gap-discovery
|
|
- description: Automatically apply security policies to protect endpoints against attack.
|
|
- description: Surface security issues in all your deployed endpoints even data centers and factories.
|
|
- description: Continually validate controls and policies
|
|
#
|
|
# ╦ ╦╦ ╦╔╦╗╔═╗╔╗╔ ╔═╗╔╗╔╔╦╗╔═╗╔═╗╦╔╗╔╔╦╗ ╔╦╗╔═╗╔═╗╔═╗╦╔╗╔╔═╗
|
|
# ╠═╣║ ║║║║╠═╣║║║───║╣ ║║║ ║║╠═╝║ ║║║║║ ║ ║║║╠═╣╠═╝╠═╝║║║║║ ╦
|
|
# ╩ ╩╚═╝╩ ╩╩ ╩╝╚╝ ╚═╝╝╚╝═╩╝╩ ╚═╝╩╝╚╝ ╩ ╩ ╩╩ ╩╩ ╩ ╩╝╚╝╚═╝
|
|
- industryName: Human-endpoint mapping
|
|
friendlyName: See who logs in on every computer
|
|
description: Identify who logs in to any system, including login history and current sessions. Look up any host by the email address of the person using it.
|
|
documentationUrl:
|
|
screenshotSrc:
|
|
tier: Free
|
|
productCategories: [Endpoint operations]
|
|
dri: mikermcneil
|
|
demos:
|
|
- description: Security engineers at a top gaming company wanted to get demographics off their macOS, Windows, and Linux machines about who the user is and who's logged in.
|
|
moreInfoUrl: https://docs.google.com/document/d/1qFYtMoKh3zyERLhbErJOEOo2me6Bc7KOOkjKn482Sqc/edit
|
|
waysToUse:
|
|
- description: Look up computer by ActiveDirectory account
|
|
- description: Find device by Google Chrome user
|
|
- description: Identify who logs in to any system, including login history and current sessions.
|
|
- description: Look up any host by the email address of the person using it.
|
|
- description: Check user login history
|
|
moreInfoUrl: https://www.lepide.com/how-to/audit-who-logged-into-a-computer-and-when.html#:~:text=To%20find%20out%20the%20details,logs%20in%20%E2%80%9CWindows%20Logs%E2%80%9D.
|
|
- description: See currently logged in users
|
|
moreInfoUrl: https://www.top-password.com/blog/see-currently-logged-in-users-in-windows/
|
|
- description: Get demographics off of our machines about who the user is and who's logged in
|
|
moreInfoUrl: https://docs.google.com/document/d/1qFYtMoKh3zyERLhbErJOEOo2me6Bc7KOOkjKn482Sqc/edit
|
|
- description: See what servers someone is logged-in on
|
|
moreInfoUrl: https://community.spiceworks.com/topic/138171-is-there-a-way-to-see-what-servers-someone-is-logged-in-on
|
|
# ╔═╗═╗ ╦╔═╗╔═╗╦═╗╔╦╗ ┬ ╔═╗╦ ╦╔╗╔╔═╗
|
|
# ║╣ ╔╩╦╝╠═╝║ ║╠╦╝ ║ ┌┼─ ╚═╗╚╦╝║║║║
|
|
# ╚═╝╩ ╚═╩ ╚═╝╩╚═ ╩ └┘ ╚═╝ ╩ ╝╚╝╚═╝
|
|
- industryName: Automated export/sync
|
|
friendlyName: Build custom query automations
|
|
description: Ship logs with snapshots of any imaginable report, or monitor results for changes.
|
|
tier: Free
|
|
usualDepartment: Security
|
|
productCategories: [Endpoint operations]
|
|
waysToUse:
|
|
- description: Ship logs to Splunk, Snowflake, and more
|
|
- description: Synchronize live state of endpoints to a data lake or SIEM in a consistent shape.
|
|
- description: Export the data to other systems
|
|
moreInfoUrl: https://docs.google.com/document/d/1pE9U-1E4YDiy6h4TorszrTOiFAauFiORikSUFUqW7Pk/edit
|
|
- description: Export data to a third-party SIEM tool
|
|
moreInfoUrl: https://www.websense.com/content/support/library/web/hosted/admin_guide/siem_integration_explain.aspx
|
|
- description: Gather data and log events from endpoints
|
|
moreInfoUrl: https://techbeacon.com/security/how-osquery-can-lift-your-security-teams-game#:~:text=%22If%20security%20teams%20didn%27t%20have%20osquery%2C%20they%20would%20have%20to%20find%20a%20way%20to%20manually%20go%20into%20each%20endpoint%20and%20gather%20data%2C%20or%20buy%20a%20third%2Dparty%20tool%20to%20do%20that%20for%20them
|
|
#
|
|
# ╔═╗╦╔╦╗
|
|
# ╠╣ ║║║║
|
|
# ╚ ╩╩ ╩
|
|
- industryName: File integrity monitoring (FIM) # Short industry phrase
|
|
friendlyName: Detect changes to critical files # Short, Fleet one-liner for the feature, written in the imperative mood. (If easy to do, base this off of the words that an actual customer is saying.)
|
|
description: Specify files to monitor for changes or deletions, then log those events to your SIEM or data lake, including key information such as filepath and checksum. # Clear Mr. Rogers description
|
|
documentationUrl: https://fleetdm.com/guides/osquery-evented-tables-overview#file-integrity-monitoring-fim # URL of the single-best page within the docs which serves as a "jumping-off point" for this feature.
|
|
screenshotSrc: "" # A screenshot of the single, best, simplifying, obvious example
|
|
tier: Free # Either "Free" or "Premium"
|
|
usualDepartment: Security # or omit if there isn't a particular departmental leaning we've noticed
|
|
productCategories: [Endpoint operations] # or omit if this isn't associated with a single product category
|
|
dri: mikermcneil #GitHub user name
|
|
demos:
|
|
- description: A top gaming company needed a way to monitor critical files on production Debian servers.
|
|
quote: The FIM features are kind of a top priority.
|
|
moreInfoUrl: https://docs.google.com/document/d/1pE9U-1E4YDiy6h4TorszrTOiFAauFiORikSUFUqW7Pk/edit
|
|
buzzwords: [File integrity monitoring (FIM),Host-based intrusion detection system (HIDS),Anomaly detection]
|
|
waysToUse:
|
|
- description: Monitor critical files on production Debian servers
|
|
- description: Detect anomalous filesystem activity
|
|
moreInfoUrl: https://www.beyondtrust.com/resources/glossary/file-integrity-monitoring
|
|
- description: Pinpoint unintended changes
|
|
moreInfoUrl: https://www.beyondtrust.com/resources/glossary/file-integrity-monitoring
|
|
- description: Verify update status and monitor system health
|
|
moreInfoUrl: https://www.beyondtrust.com/resources/glossary/file-integrity-monitoring
|
|
- description: Meet compliance mandates
|
|
moreInfoUrl: https://www.beyondtrust.com/resources/glossary/file-integrity-monitoring
|
|
# ╦ ╦╔═╗╦═╗╔═╗
|
|
# ╚╦╝╠═╣╠╦╝╠═╣
|
|
# ╩ ╩ ╩╩╚═╩ ╩
|
|
- industryName: Malware detection (YARA)
|
|
fiendlyName: Scan files for malware signatures
|
|
description: Trigger automations when a file matches a YARA signature.
|
|
documentationUrl: https://fleetdm.com/tables/yara
|
|
tier: Free
|
|
dri: mikermcneil
|
|
usualDepartment: Security
|
|
productCategories: [Endpoint operations,Vulnerability management]
|
|
buzzwords: [YARA scanning,Antivirus (AV),Endpoint protection platform (EPP),Signature-based malware detection,Malware scanning,Malware analysis,Anomaly detection]
|
|
waysToUse:
|
|
- description: Write YARA rules to continuously scan host filesystems for malware signatures using policies.
|
|
moreInfoUrl: https://yara.readthedocs.io/en/stable/writingrules.html
|
|
- description: Monitor for relevent filesystem changes (YARA events) and on-demand YARA signature scans.
|
|
moreInfoUrl: https://osquery.readthedocs.io/en/stable/deployment/yara/
|
|
- description: Use YARA for malware detection
|
|
moreInfoUrl: https://www.cisa.gov/sites/default/files/FactSheets/NCCIC%20ICS_FactSheet_YARA_S508C.pdf
|
|
- description: Scan for indicators of compromise (IoC) for common malware.
|
|
moreInfoUrl: https://github.com/Cisco-Talos/osquery_queries
|
|
- description: Analyze malware using data from osquery, such as endpoint certificates and launch daemons (launchd).
|
|
moreInfoUrl: https://medium.com/hackernoon/malware-analysis-using-osquery-part-3-9dc805b67d16
|
|
- description: Detect persistent malware (e.g. WireLurker) in endpoints by generating simple policies that search for their static indicators of compromise (IoCs).
|
|
moreInfoUrl: https://osquery.readthedocs.io/en/stable/deployment/anomaly-detection/
|
|
- description: Run a targeted YARA scan with osquery as a lightweight approach to scan anything on a host filesystem, with minimal performance impact. Unlike full system YARA scans which consume considerable CPU resources, an equivalent YARA scan targeted in Fleet can be 8x cheaper (CPU %).
|
|
moreInfoUrl: https://www.tripwire.com/state-of-security/signature-socket-based-malware-detection-osquery-yara
|
|
# ╔═╗╔═╗╔═╗╔╗╔╔╦╗ ╔═╗╦ ╦╔╦╗╔═╗ ╦ ╦╔═╗╔╦╗╔═╗╔╦╗╔═╗
|
|
# ╠═╣║ ╦║╣ ║║║ ║ ╠═╣║ ║ ║ ║ ║───║ ║╠═╝ ║║╠═╣ ║ ║╣
|
|
# ╩ ╩╚═╝╚═╝╝╚╝ ╩ ╩ ╩╚═╝ ╩ ╚═╝ ╚═╝╩ ═╩╝╩ ╩ ╩ ╚═╝
|
|
- industryName: Agent auto-update
|
|
friendlyName: Keep agents and extensions up to date
|
|
descrption: Keep agents and extensions up to date by loading code from Fleet's free update registry.
|
|
tier: Free
|
|
productCategories: [Endpoint operations]
|
|
# ╦╔╗╔╔═╗╔╦╗╔═╗╦ ╦ ╔═╗╦═╗╔═╗
|
|
# ║║║║╚═╗ ║ ╠═╣║ ║ ║╣ ╠╦╝╚═╗
|
|
# ╩╝╚╝╚═╝ ╩ ╩ ╩╩═╝╩═╝╚═╝╩╚═╚═╝
|
|
- industryName: Installers (self-service)
|
|
tier: Free
|
|
productCategories: [Endpoint operations]
|
|
# ╔╗ ╔═╗╔╦╗╔═╗╦ ╦ ╦╔╗╔╔═╗╔╦╗╔═╗╦ ╦ ╔═╗╔╦╗╦╔═╗╔╗╔
|
|
# ╠╩╗╠═╣ ║ ║ ╠═╣ ║║║║╚═╗ ║ ╠═╣║ ║ ╠═╣ ║ ║║ ║║║║
|
|
# ╚═╝╩ ╩ ╩ ╚═╝╩ ╩ ╩╝╚╝╚═╝ ╩ ╩ ╩╩═╝╩═╝╩ ╩ ╩ ╩╚═╝╝╚╝
|
|
- industryName: Batch installation (Chef, Ansible, Puppet, MDM)
|
|
friendlyName: Install agents over the air
|
|
tier: Free
|
|
productCategories: [Endpoint operations]
|
|
# ╦═╗╔═╗╔╦╗╔═╗╔╦╗╔═╗ ╔═╗╔═╗╔╦╗╔╦╗╦╔╗╔╔═╗╔═╗
|
|
# ╠╦╝║╣ ║║║║ ║ ║ ║╣ ╚═╗║╣ ║ ║ ║║║║║ ╦╚═╗
|
|
# ╩╚═╚═╝╩ ╩╚═╝ ╩ ╚═╝ ╚═╝╚═╝ ╩ ╩ ╩╝╚╝╚═╝╚═╝
|
|
- industryName: Remote settings
|
|
description: Configure agent options remotely, over the air. (Includes osquery config, fleetd options, and osquery startup flags.)
|
|
tier: Free
|
|
usualDepartment: Security
|
|
productCategories: [Endpoint operations]
|
|
# ╦ ╦╔═╗╦═╗╦╔═╗╔╗ ╦ ╔═╗ ╔═╗╔╗╔╦═╗╔═╗╦ ╦ ╔╦╗╔═╗╔╗╔╔╦╗
|
|
# ╚╗╔╝╠═╣╠╦╝║╠═╣╠╩╗║ ║╣ ║╣ ║║║╠╦╝║ ║║ ║ ║║║║╣ ║║║ ║
|
|
# ╚╝ ╩ ╩╩╚═╩╩ ╩╚═╝╩═╝╚═╝ ╚═╝╝╚╝╩╚═╚═╝╩═╝╩═╝╩ ╩╚═╝╝╚╝ ╩
|
|
- industryName: Variable enrollment
|
|
description: Enroll hosts in different groups using different enrollment secrets and/or installers per-baseline.
|
|
tier: Premium
|
|
# ╔═╗╦═╗╦╦ ╦╔═╗╔╦╗╔═╗ ╦ ╦╔═╗╔╦╗╔═╗╔╦╗╔═╗ ╦═╗╔═╗╔═╗╦╔═╗╔╦╗╦═╗╦ ╦
|
|
# ╠═╝╠╦╝║╚╗╔╝╠═╣ ║ ║╣ ║ ║╠═╝ ║║╠═╣ ║ ║╣ ╠╦╝║╣ ║ ╦║╚═╗ ║ ╠╦╝╚╦╝
|
|
# ╩ ╩╚═╩ ╚╝ ╩ ╩ ╩ ╚═╝ ╚═╝╩ ═╩╝╩ ╩ ╩ ╚═╝ ╩╚═╚═╝╚═╝╩╚═╝ ╩ ╩╚═ ╩
|
|
- industryName: Private update registry
|
|
friendlyName: Update agents from a secret URL
|
|
description: Load agent code from a secret URL that you manage.
|
|
tier: Premium
|
|
usualDepartment: Security
|
|
productCategories: [Endpoint operations]
|
|
# ╔═╗╦ ╦╔═╗╔╦╗╔═╗╔╦╗ ╔╦╗╔═╗╔╗ ╦ ╔═╗╔═╗
|
|
# ║ ║ ║╚═╗ ║ ║ ║║║║ ║ ╠═╣╠╩╗║ ║╣ ╚═╗
|
|
# ╚═╝╚═╝╚═╝ ╩ ╚═╝╩ ╩ ╩ ╩ ╩╚═╝╩═╝╚═╝╚═╝
|
|
- industryName: Custom tables
|
|
friendlyName: Add tables to osquery with extensions
|
|
description: Install osquery extensions over the air. # (GitOptional)
|
|
moreInfoUrl: https://github.com/trailofbits/osquery-extensions/blob/3df2b72ad78549e25344c79dbc9bce6808c4d92a/README.md#extensions
|
|
tier: Premium
|
|
- categoryName: Integrations
|
|
features:
|
|
#
|
|
# ╦═╗╔═╗╔═╗╔╦╗ ╔═╗╔═╗╦
|
|
# ╠╦╝║╣ ╚═╗ ║ ╠═╣╠═╝║
|
|
# ╩╚═╚═╝╚═╝ ╩ ╩ ╩╩ ╩
|
|
- industryName: REST API
|
|
friendlyName: Automate any feature
|
|
description:
|
|
documentationUrl: https://fleetdm.com/docs/rest-api/rest-api
|
|
screenshotSrc:
|
|
tier: Free
|
|
dri: rachaelshaw
|
|
# ╔═╗╔═╗╔╦╗╔╦╗╔═╗╔╗╔╔╦╗ ╦ ╦╔╗╔╔═╗ ╔╦╗╔═╗╔═╗╦ ┌─ ╔═╗╦ ╦ ─┐
|
|
# ║ ║ ║║║║║║║╠═╣║║║ ║║ ║ ║║║║║╣ ║ ║ ║║ ║║ │ ║ ║ ║ │
|
|
# ╚═╝╚═╝╩ ╩╩ ╩╩ ╩╝╚╝═╩╝ ╩═╝╩╝╚╝╚═╝ ╩ ╚═╝╚═╝╩═╝ └─ ╚═╝╩═╝╩ ─┘
|
|
- industryName: Command line tool (CLI)
|
|
friendlyName: fleetctl
|
|
tier: Free
|
|
# ╦ ╦╔═╗╔╗ ╦ ╦╔═╗╔═╗╦╔═╔═╗
|
|
# ║║║║╣ ╠╩╗╠═╣║ ║║ ║╠╩╗╚═╗
|
|
# ╚╩╝╚═╝╚═╝╩ ╩╚═╝╚═╝╩ ╩╚═╝
|
|
- industryName: Webhooks
|
|
friendlyName:
|
|
tier: Free
|
|
# ╔╦╗╔═╗╔═╗╔═╗ ╔═╗╦ ╦╔╦╗╔═╗╔╦╗╔═╗╔╦╗╦╔═╗╔╗╔╔═╗
|
|
# ║║║╣ ║╣ ╠═╝ ╠═╣║ ║ ║ ║ ║║║║╠═╣ ║ ║║ ║║║║╚═╗
|
|
# ═╩╝╚═╝╚═╝╩ ╩ ╩╚═╝ ╩ ╚═╝╩ ╩╩ ╩ ╩ ╩╚═╝╝╚╝╚═╝
|
|
- industryName: Deep automations
|
|
friendlyName: Trigger webhooks or run scripts
|
|
description: Fire off webhooks or run scripts on hosts when certain things happen in Fleet.
|
|
productCategories: [Endpoint operations,Device management,Vulnerability management]
|
|
comingSoonOn: 2024-06-30
|
|
tier: Free
|
|
buzzwords: [Automated remediation,Auto-remediation,Self-healing]
|
|
waysToUse:
|
|
- description: Use policy automations to automatically remediate issues and mitigate vulnerabilities.
|
|
- description: Use osquery and santa to work around inflexibilities in proprietary MDMs and other protection solutions.
|
|
- description: Listen to webhooks to perform autonomous self-healing (cloud security engineering)
|
|
moreInfoUrl: https://www.fugue.co/blog/automated-remediation-scripts-vs.-self-healing-infrastructure-two-approaches-to-cloud-security
|
|
# ╔═╗╦╔╦╗╔═╗╔═╗╔═╗
|
|
# ║ ╦║ ║ ║ ║╠═╝╚═╗
|
|
# ╚═╝╩ ╩ ╚═╝╩ ╚═╝
|
|
- industryName: GitOps
|
|
friendlyName: Manage endpoints in git
|
|
description: Fork the best practices repo and use the GitHub Action to hook it up to your Fleet instance in minutes.
|
|
moreInfoUrl: https://github.com/fleetdm/fleet-mdm-gitops
|
|
productCategories: [Endpoint operations,Device management,Vulnerability management]
|
|
tier: Free
|
|
# ╔═╗╦═╗╔═╗╔═╗ ╦╔╗╔╔╦╗╔═╗╔═╗╦═╗╔═╗╔╦╗╦╔═╗╔╗╔╔═╗
|
|
# ╠╣ ╠╦╝║╣ ║╣ ║║║║ ║ ║╣ ║ ╦╠╦╝╠═╣ ║ ║║ ║║║║╚═╗
|
|
# ╚ ╩╚═╚═╝╚═╝ ╩╝╚╝ ╩ ╚═╝╚═╝╩╚═╩ ╩ ╩ ╩╚═╝╝╚╝╚═╝
|
|
- industryName: Free integrations (Tines, Snowflake, Terraform, Chronicle, etc)
|
|
friendlyName: Borrow off-the-shelf tactics from the community
|
|
description:
|
|
moreInfoUrl: https://fleetdm.com/integrations
|
|
tier: Free
|
|
waysToUse:
|
|
- description: (ActiveDirectory) Know who opened your computer and check their device posture before you let them log into anything.
|
|
- description: (Ansible) Easily issue MDM commands and standardize data across operating systems.
|
|
- description: (AWS) Deploy your own self-managed Fleet in any AWS environment in minutes.
|
|
- description: (Azure) Deploy your own self-managed Fleet in the Microsoft Cloud in minutes.
|
|
- description: (Chef) Easily issue MDM commands and standardize data across operating systems.
|
|
- description: (Elastic) Ingest osquery data and monitor for important changes or events.
|
|
- description: (GitHub) Version control using git, enabling collaboration and a GitOps workflow.
|
|
- description: (GitLab) Version control using git, enabling collaboration and a GitOps workflow.
|
|
- description: (Chronicle) Ingest osquery data and monitor for important changes or events.
|
|
- description: (Google Cloud) Deploy your own self-managed Fleet in any GCP environment in minutes.
|
|
- description: (Munki) Easily issue MDM commands and standardize data across operating systems.
|
|
- description: (Okta) Know who opened your computer and check their device posture before you let them log into anything.
|
|
- description: (Snowflake) Ingest osquery data and monitor for important changes or events.
|
|
- description: (Splunk) Ingest osquery data and monitor for important changes or events.
|
|
- description: (Tines) Build custom workflows that trigger in various situations.
|
|
- description: (Webhooks) Configure automations that send webhooks to specific URLs when Fleet detects changes to host, policy, and CVE statuses.
|
|
# ╔═╗╦═╗╔═╗╔╦╗╦╦ ╦╔╦╗ ╦╔╗╔╔╦╗╔═╗╔═╗╦═╗╔═╗╔╦╗╦╔═╗╔╗╔╔═╗
|
|
# ╠═╝╠╦╝║╣ ║║║║║ ║║║║ ║║║║ ║ ║╣ ║ ╦╠╦╝╠═╣ ║ ║║ ║║║║╚═╗
|
|
# ╩ ╩╚═╚═╝╩ ╩╩╚═╝╩ ╩ ╩╝╚╝ ╩ ╚═╝╚═╝╩╚═╩ ╩ ╩ ╩╚═╝╝╚╝╚═╝
|
|
- industryName: Premium integrations (Puppet, Vanta, Jira, Zendesk, etc)
|
|
friendlyName: Borrow off-the-shelf tactics from legendary brands
|
|
description: Plug in to cutting edge frameworks from similar organizations.
|
|
moreInfoUrl: https://fleetdm.com/integrations
|
|
tier: Premium
|
|
buzzwords: [Vanta,Puppet,Jira,Zendesk,Custom IdP]
|
|
waysToUse:
|
|
- description: (Vanta) Trigger a workflow based on a failing policy.
|
|
- description: (Puppet) Easily issue MDM commands, standardize data across operating systems, and map macOS+Windows settings to computers with the Puppet module.
|
|
- description: (Jira) Automatically create Jira tickets in various situations.
|
|
- description: (Torq) Build custom workflows that trigger in various situations.
|
|
- description: (Zendesk) Automatically create Zendesk tickets in various situations.
|
|
- description: (Custom IdP) Manage access to Fleet single sign-on (SSO) through any IdP (using SAML).
|
|
- categoryName: Support
|
|
features:
|
|
- industryName: Public issue tracker (GitHub)
|
|
tier: Free
|
|
- industryName: Community Slack channel
|
|
tier: Free
|
|
- industryName: Unlimited email support (confidential)
|
|
tier: Premium
|
|
- industryName: Phone and video call support
|
|
tier: Premium
|
|
- categoryName: Deployment
|
|
features:
|
|
- industryName: Self-managed
|
|
friendlyName: Host it yourself
|
|
tier: Free
|
|
buzzwords: [Self-hosted]
|
|
- industryName: Deployment tools (Terraform, Helm)
|
|
tier: Free
|
|
productCategories: [Endpoint operations]
|
|
- industryName: Managed Cloud
|
|
tier: Premium
|
|
- categoryName: Device management
|
|
features:
|
|
- industryName: Interactive MDM migration # « end-user initiated MDM migration, with interactive UI
|
|
tier: Free
|
|
usualDepartment: IT
|
|
productCategories: [Device management]
|
|
- industryName: Remotely enforce macOS settings
|
|
tier: Free
|
|
usualDepartment: IT
|
|
productCategories: [Device management]
|
|
- industryName: Self service
|
|
description: Provide resolution instructions for end users through Fleet Desktop that suggest how an end user can fix a posture issue themselves.
|
|
tier: Premium
|
|
usualDepartment: IT
|
|
productCategories: [Device management]
|
|
- industryName: User-initiated enrollment of macOS computers
|
|
tier: Free
|
|
usualDepartment: IT
|
|
productCategories: [Device management]
|
|
- industryName: Low-level macOS MDM commands (e.g. remote restart)
|
|
tier: Free
|
|
usualDepartment: IT
|
|
productCategories: [Device management]
|
|
- industryName: Native macOS update reminders
|
|
tier: Free
|
|
usualDepartment: IT
|
|
productCategories: [Device management]
|
|
- industryName: Zero-touch setup for macOS computers
|
|
tier: Premium
|
|
usualDepartment: IT
|
|
productCategories: [Device management]
|
|
- industryName: End-user macOS update reminders (via Nudge)
|
|
tier: Premium
|
|
usualDepartment: IT
|
|
productCategories: [Device management,Vulnerability management]
|
|
- industryName: Encrypt macOS hard disks with FileVault
|
|
tier: Premium
|
|
usualDepartment: IT
|
|
productCategories: [Device management]
|
|
- industryName: Manage queued MDM commands on macOS
|
|
tier: Premium
|
|
comingSoonOn: 2023-12-31
|
|
usualDepartment: IT
|
|
productCategories: [Device management]
|
|
- industryName: Remotely lock and wipe macOS computers
|
|
tier: Premium
|
|
usualDepartment: IT
|
|
productCategories: [Device management]
|
|
- industryName: Update apps on macOS computers
|
|
tier: Premium
|
|
comingSoonOn: 2024-03-31
|
|
usualDepartment: IT
|
|
productCategories: [Device management]
|
|
- industryName: Puppet module
|
|
friendlyName: Map macOS settings to computers with Puppet module
|
|
tier: Premium
|
|
usualDepartment: IT
|
|
productCategories: [Device management]
|
|
- categoryName: Inventory management
|
|
features:
|
|
- industryName: Device inventory dashboard
|
|
tier: Free
|
|
- industryName: Browse installed software packages
|
|
tier: Free
|
|
- industryName: Search devices by IP, serial, hostname, UUID
|
|
tier: Free
|
|
- industryName: Labels (SQL-driven)
|
|
friendlyName: Filter hosts using SQL
|
|
tier: Free
|
|
- industryName: Baselines (device groups)
|
|
friendlyName: Manage different endpoints differently
|
|
description: Set baselines and strategies for hosts in different situations called "teams", and move hosts between them via API-driven automations or a simple, delegatable user interface with role-based access.
|
|
tier: Premium
|
|
productCategories: [Endpoint operations,Device management,Vulnerability management]
|
|
waysToUse:
|
|
- description: Automate remediation for different applications with different security postures (cloud security engineering)
|
|
- industryName: Generate reports for groups of devices
|
|
tier: Premium
|
|
- categoryName: Collaboration
|
|
features:
|
|
- industryName: Versionable queries and config (GitOps)
|
|
tier: Free
|
|
demos:
|
|
- description: A top financial services company needed to set up rolling deployments for changes to osquery agents running on their production servers.
|
|
moreInfoUrl: https://docs.google.com/document/d/1UdzZMyBLbs9SUXfSXN2x2wZQCbjZZUetYlNWH6-ryqQ/edit#heading=h.2lh6ehprpvl6
|
|
- industryName: Scope transparency
|
|
tier: Free
|
|
documentationUrl: https://fleetdm.com/transparency
|
|
- categoryName: Security and compliance
|
|
features:
|
|
- industryName: Single sign on (SSO, SAML)
|
|
tier: Free
|
|
- industryName: Disk encryption
|
|
friendlyName: Ensure hard disks are encrypted
|
|
description: Encrypt hard disks of macOS and Windows computers, manage escrowed encryption keys, and report on disk encryption status (FileVault, BitLocker).
|
|
tier: Free
|
|
waysToUse:
|
|
- description: Report on disk encryption status
|
|
- description: Encrypt hard disks on macOS with FileVault
|
|
- description: Escrow FileVault keys on macOS
|
|
- description: Encrypt hard disks on Windows with BitLocker
|
|
- industryName: Audit queries and user activities
|
|
tier: Free
|
|
usualDepartment: Security
|
|
- industryName: Grant API-only access
|
|
tier: Free
|
|
- industryName: Programmable audit log
|
|
tier: Premium
|
|
usualDepartment: Security
|
|
waysToUse:
|
|
- description: Export activity of Fleet admins to your SIEM or data lake
|
|
- industryName: Just-in-time (JIT) provisioning
|
|
tier: Premium
|
|
- industryName: Automated user role sync via Okta, AD, or any IDP
|
|
tier: Premium
|
|
waysToUse:
|
|
- description: Automatically set admin access to Fleet based on your IDP
|
|
- industryName: Vanta integration
|
|
tier: Premium
|
|
- industryName: Trigger a workflow based on a failing policy
|
|
tier: Premium
|
|
- industryName: Role-based access control
|
|
tier: Premium
|
|
- categoryName: Vulnerability management
|
|
features:
|
|
- industryName: Detect vulnerable software
|
|
tier: Free
|
|
usualDepartment: Security
|
|
productCategories: [Vulnerability management]
|
|
demos:
|
|
- description: A top gaming company wanted to replace Qualys for infrastructure vulnerability detection.
|
|
quote: So we have some stuff today through Qualys, but it's just not very good. A lot of it is...it's just really noisy. I'm trying to find out specifically, actually what packages are installed where, and then the ability to live query them.
|
|
moreInfoUrl: https://docs.google.com/document/d/1JWtRsW1FUTCkZEESJj9-CvXjLXK4219by-C6vvVVyBY/edit
|
|
- industryName: Query performance monitoring
|
|
tier: Free
|
|
demos:
|
|
- description: A top software company needed to understand the performance impact of osquery queries before running them on all of their production Linux servers.
|
|
moreInfoUrl: https://docs.google.com/document/d/1WzMc8GJCRU6tTBb6gLsSTzFysqtXO8CtP2sXMPKgYSk/edit?disco=AAAA6xuVxGg
|
|
- description: A top software company wanted to detect regressions when adding/changing queries and fail builds if queries were too expensive.
|
|
moreInfoUrl: https://docs.google.com/document/d/1WzMc8GJCRU6tTBb6gLsSTzFysqtXO8CtP2sXMPKgYSk/edit?disco=AAAA6xuVxGg
|
|
- industryName: Detect and surface issues with devices (policies)
|
|
tier: Free
|
|
- industryName: Policy scoring
|
|
friendlyName: Mark policies as critical
|
|
tier: Premium
|
|
comingSoonOn: 2023-12-31
|
|
- industryName: Vulnerability scores (EPSS and CVSS)
|
|
tier: Premium
|
|
usualDepartment: Security
|
|
productCategories: [Vulnerability management]
|
|
- industryName: CISA KEVs (known exploited vulnerabilities)
|
|
tier: Premium
|
|
usualDepartment: Security
|
|
productCategories: [Vulnerability management]
|
|
- categoryName: Data outputs
|
|
features:
|
|
- industryName: Flexible log destinations (AWS Kinesis, Lambda, GCP, Kafka)
|
|
tier: Free
|
|
usualDepartment: Security
|
|
productCategories: [Endpoint operations]
|
|
- industryName: File carving (AWS S3)
|
|
tier: Free
|
|
usualDepartment: Security
|
|
productCategories: [Endpoint operations]
|