empayre/fleet
14
0
Fork 0
mirror of https://github.com/empayre/fleet.git synced 2024-11-06 08:55:24 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
8aa1dcf84b
fleet/handbook/company/pricing-features-table.yml
Noah Talerman a9910ad37e
Update pricing-features-table.yml (#17599) 
- "Separate file size options for query results vs. agent logs when
using filesystem storage" (#11999) is on track for a 2024-04-22 release
2024-03-20 20:56:04 -05:00

891 lines
59 KiB
YAML
Raw Blame History

#
# ╔╦╗╔═╗╦ ╦╦╔═╗╔═╗ ╦ ╦╔═╗╔═╗╦ ╔╦╗╦ ╦
# ║║║╣ ╚╗╔╝║║ ║╣ ╠═╣║╣ ╠═╣║ ║ ╠═╣
# ═╩╝╚═╝ ╚╝ ╩╚═╝╚═╝ ╩ ╩╚═╝╩ ╩╩═╝╩ ╩ ╩
- industryName: Device health
friendlyName: Automate device health
description: Automatically report system health issues using webhooks or integrations, to notify or quarantine outdated or misconfigured systems that are at higher risk of vulnerabilities or theft.
documentationUrl: https://fleetdm.com/docs/using-fleet/automations#automations
screenshotSrc:
tier: Free
productCategories: [Device management,Endpoint operations]
pricingTableCategories: [Device management,Endpoint operations]
usualDepartment: IT
dri: mikermcneil
demos:
- description: A large tech company used the Fleet API to block access to corporate apps for outdated operating system versions with certain "celebrity" vulnerabilities.
quote:
moreInfoUrl: https://play.goconsensus.com/s4e490bb9
buzzwords: [Device trust,Zero trust,Layer 7 device trust,Beyondcorp,Device attestation,Conditional access]
waysToUse:
- description: Create a calendar event and auto-remediate all failing policies when users are free. Coming soon (2024-04-01).
moreInfoUrl: https://github.com/fleetdm/fleet/issues/17230
- description: Automatically manage the behavior of endpoints that are at higher risk of vulnerabilities or data loss due to their configuration or patch level.
- description: Block access to corporate apps for users whose devices with unexpected settings, like disabled screen lock, passwords that are too short, unencrypted hard disks, and more
- description: Quickly implement conditional access based on device health using osquery and a simple device health REST API.
moreInfoUrl: https://github.com/fleetdm/fleet/issues/14920
- description: Control and restore access to applications by automatically restricting access when devices do not meet particular security requirements.
moreInfoUrl: https://duo.com/docs/device-health
- description: Control which laptop and desktop devices can access corporate apps and websites based on what vulnerabilities it might be exposed to based on how the device is configured, whether it's up to date, its MDM enrollment status, and anything else you can build in a SQL query of Fleet's 300 data tables representing information about enrolled host systems.
- description: Implement multivariate device trust
moreInfoUrl: https://youtu.be/5sFOdpMLXQg?feature=shared&t=1445
- description: Implement your own version of Google's zero trust model (BeyondCorp)
moreInfoUrl: https://cloud.google.com/beyondcorp
- description: Get endpoint data into ServiceNow and make your asset management teams happy
moreInfoUrl: https://www.youtube.com/watch?v=aVbU6_9JoM0
#
# ╔═╗╔═╗╦═╗╦╔═╗╔╦╗ ╔═╗═╗ ╦╔═╗╔═╗╦ ╦╔╦╗╦╔═╗╔╗╔
# ╚═╗║ ╠╦╝║╠═╝ ║ ║╣ ╔╩╦╝║╣ ║ ║ ║ ║ ║║ ║║║║
# ╚═╝╚═╝╩╚═╩╩ ╩ ╚═╝╩ ╚═╚═╝╚═╝╚═╝ ╩ ╩╚═╝╝╚╝
- industryName: Script execution
friendlyName: Safely execute custom scripts (macOS, Windows, and Linux)
description: Deploy and execute custom scripts using a REST API, and manage your library of scripts in the UI or a git repo.
documentationUrl: https://fleetdm.com/docs/using-fleet/scripts
tier: Free
dri: mikermcneil
usualDepartment: IT
productCategories: [Endpoint operations,Device management]
pricingTableCategories: [Device management]
demos:
- description: A large tech company used scripts to fix issues with their security and compliance agents on workstations.
buzzwords: [Remote script execution,PowerShell scripts,Bash scripts]
waysToUse:
- description: Execute custom macOS scripts (client platform engineering)
moreInfoUrl: https://www.hexnode.com/blogs/executing-custom-mac-scripts-via-mdm/
- description: Execute custom Windows scripts (client platform engineering)
moreInfoUrl: https://www.hexnode.com/blogs/executing-custom-windows-scripts-via-mdm/
- description: Use PowerShell scripts on Windows devices
moreInfoUrl: https://learn.microsoft.com/en-us/mem/intune/apps/intune-management-extension
- description: Run PowerShell scripts for remediations (security engineering)
moreInfoUrl: https://learn.microsoft.com/en-us/mem/intune/fundamentals/powershell-scripts-remediation
- description: Download and run remediation scripts
moreInfoUrl: https://help.zscaler.com/deception/downloading-and-running-remediation-script
- description: Deploy custom scripts
moreInfoUrl: https://scalefusion.com/custom-scripting
- description: Run scripts on online/offline hosts
moreInfoUrl: https://github.com/fleetdm/fleet/issues/15529
#
# ╔═╗╦ ╦╔╦╗╔═╗╔╦╗╔═╗╔╦╗╦╔═╗ ╔═╗╔═╗╔═╗╔╦╗╦ ╦╦═╗╔═╗ ╔═╗╔═╗╔═╗╔═╗╔═╗╔═╗╔╦╗╔═╗╔╗╔╔╦╗
# ╠═╣║ ║ ║ ║ ║║║║╠═╣ ║ ║║ ╠═╝║ ║╚═╗ ║ ║ ║╠╦╝║╣ ╠═╣╚═╗╚═╗║╣ ╚═╗╚═╗║║║║╣ ║║║ ║
# ╩ ╩╚═╝ ╩ ╚═╝╩ ╩╩ ╩ ╩ ╩╚═╝ ╩ ╚═╝╚═╝ ╩ ╚═╝╩╚═╚═╝ ╩ ╩╚═╝╚═╝╚═╝╚═╝╚═╝╩ ╩╚═╝╝╚╝ ╩
- industryName: Automatic posture assessment
friendlyName: Verify any security or compliance goal
description: Simplify security audits, build definitive reports, and discover + verify ongoing compliance for every endpoint, from workstations to data centers.
documentationUrl: https://fleetdm.com/docs/using-fleet/cis-benchmarks#cis-benchmarks
screenshotSrc:
usualDepartment: Security
tier: Free
productCategories: [Endpoint operations]
pricingTableCategories: [Endpoint operations]
dri: mikermcneil
demos:
- description: A large tech company used Fleet's CIS Benchmark policies to automatically assess posuture of 80,000 endpoints.
quote:
moreInfoUrl:
buzzwords: [Attack surface management (ASM),Endpoint hardening,Security posture,Cyber hygiene,Anomaly detection,Configuration management,Attack Surface Monitoring,Policy assessment]
waysToUse:
- description: Monitor devices that don't meet your organization's custom security policies
- description: Quickly report your posture and vulnerabilities to auditors, showing remediation status and timing.
- description: Keep your devices compliant with customizable baselines, or use common benchmarks like CIS.
- description: Discover security misconfigurations that increase attack surface.
- description: Detect suspcious services listening on open ports that should not be connected to the internet, such as Remote Desktop Protocol (RDP).
moreInfoUrl: https://paraflare.com/articles/vulnerability-management-via-osquery/#:~:text=WHERE%20statename%20%3D%20%E2%80%9CEnabled%E2%80%9D-,OPEN%20SOCKETS,-Lastly%2C%20an%20examination
- description: Discover potentially unwanted programs that increase attack surface.
moreInfoUrl: https://paraflare.com/articles/vulnerability-management-via-osquery/
- description: Detect self-signed certifcates
- description: Detect legacy protocols with safer versions
moreInfoUrl: https://paraflare.com/articles/vulnerability-management-via-osquery/#:~:text=WHERE%20self_signed%20%3D%201%3B-,LEGACY%20PROTOCOLS,-This%20section%20will
- description: Detect exposed secrets on the command line
moreInfoUrl: https://paraflare.com/articles/vulnerability-management-via-osquery/#:~:text=WDigest%20is%20disabled.-,EXPOSED%20SECRETS,-Often%2C%20to%20create
- description: Detect and surface issues with devices
- description: Share device health reports
- description: Align endpoints with your security policies
moreInfoUrl: https://www.axonius.com/use-cases/cmdb-reconciliation
- description: Maximize security control coverage
- description: Uncover gaps in security policies, configurations, and hygiene
moreInfoUrl: https://www.axonius.com/use-cases/coverage-gap-discovery
- description: Automatically apply security policies to protect endpoints against attack.
- description: Surface security issues in all your deployed endpoints even data centers and factories.
- description: Continually validate controls and policies
#
# ╦ ╦╦ ╦╔╦╗╔═╗╔╗╔ ╔═╗╔╗╔╔╦╗╔═╗╔═╗╦╔╗╔╔╦╗ ╔╦╗╔═╗╔═╗╔═╗╦╔╗╔╔═╗
# ╠═╣║ ║║║║╠═╣║║║───║╣ ║║║ ║║╠═╝║ ║║║║║ ║ ║║║╠═╣╠═╝╠═╝║║║║║ ╦
# ╩ ╩╚═╝╩ ╩╩ ╩╝╚╝ ╚═╝╝╚╝═╩╝╩ ╚═╝╩╝╚╝ ╩ ╩ ╩╩ ╩╩ ╩ ╩╝╚╝╚═╝
- industryName: Human-endpoint mapping
friendlyName: See who logs in on every computer
description: Identify who logs in to any system, including login history and current sessions. Look up any host by the email address of the person using it.
documentationUrl: https://fleetdm.com/docs/rest-api/rest-api#get-hosts-google-chrome-profiles
screenshotSrc:
tier: Free
productCategories: [Endpoint operations]
pricingTableCategories: [Endpoint operations]
usualDepartment: IT
buzzwords: [Device users,human-to-device mapping]
dri: mikermcneil
demos:
- description: Security engineers at a top gaming company wanted to get demographics off their macOS, Windows, and Linux machines about who the user is and who's logged in.
moreInfoUrl: https://docs.google.com/document/d/1qFYtMoKh3zyERLhbErJOEOo2me6Bc7KOOkjKn482Sqc/edit
- description: Data engineers at a top biotech corporation needed to know who is logged into their devices.
quote: So we don't know exactly what's going on after we deploy the device, we know that they are compliant with the security because we are running these stuff, but we don't know certainly who is running, who is logging in the device?
moreInfoUrl: https://docs.google.com/document/d/17MNI5ykzlFjdVmQ8SPMrT1oR_hY_vkYAJx31F7l7Pv8/edit#heading=h.7en766pueek4
waysToUse:
- description: Look up computer by ActiveDirectory account
- description: Find device by Google Chrome user
- description: Identify who logs in to any system, including login history and current sessions.
- description: Look up any host by the email address of the person using it.
- description: Check user login history
moreInfoUrl: https://www.lepide.com/how-to/audit-who-logged-into-a-computer-and-when.html#:~:text=To%20find%20out%20the%20details,logs%20in%20%E2%80%9CWindows%20Logs%E2%80%9D.
- description: See currently logged in users
moreInfoUrl: https://www.top-password.com/blog/see-currently-logged-in-users-in-windows/
- description: Get demographics off of our machines about who the user is and who's logged in
moreInfoUrl: https://docs.google.com/document/d/1qFYtMoKh3zyERLhbErJOEOo2me6Bc7KOOkjKn482Sqc/edit
- description: See what servers someone is logged-in on
moreInfoUrl: https://community.spiceworks.com/topic/138171-is-there-a-way-to-see-what-servers-someone-is-logged-in-on
- industryName: Intrusion detection
friendlyName: Build custom query and policy automations to detect suspicious behavior
description: Send webhooks and ship logs to detect intrusions and issues with devices.
documentationUrl: https://fleetdm.com/docs/using-fleet/log-destinations
tier: Free
usualDepartment: Security
productCategories: [Endpoint operations]
pricingTableCategories: [Endpoint operations]
buzzwords: [Host-based intrusion detection system (HIDS,Indicators of Compromise (IOCs),Feeder for SIEM]
demos:
- description: A top media company wanted to share more security data with other departments without slowing down hosts.
waysToUse:
- description: Send webhooks to generate alerts when an IOC is detected on one or more devices.
- description: Ship logs to Splunk, Snowflake, and other SIEMs to build a host-based intrusion detection system (HIDS).
- description: Synchronize live state of endpoints to a data lake or SIEM in a consistent shape.
- description: Export the data to other systems
moreInfoUrl: https://docs.google.com/document/d/1pE9U-1E4YDiy6h4TorszrTOiFAauFiORikSUFUqW7Pk/edit
- description: Export data to a third-party SIEM tool
moreInfoUrl: https://www.websense.com/content/support/library/web/hosted/admin_guide/siem_integration_explain.aspx
- description: Gather data and log events from endpoints
moreInfoUrl: https://techbeacon.com/security/how-osquery-can-lift-your-security-teams-game#:~:text=%22If%20security%20teams%20didn%27t%20have%20osquery%2C%20they%20would%20have%20to%20find%20a%20way%20to%20manually%20go%20into%20each%20endpoint%20and%20gather%20data%2C%20or%20buy%20a%20third%2Dparty%20tool%20to%20do%20that%20for%20them
#
# ╔═╗╦╔╦╗
# ╠╣ ║║║║
# ╚ ╩╩ ╩
- industryName: File integrity monitoring (FIM) # Short industry phrase
friendlyName: Detect changes to critical files # Short, Fleet one-liner for the feature, written in the imperative mood. (If easy to do, base this off of the words that an actual customer is saying.)
description: Specify files to monitor for changes or deletions, then log those events to your SIEM or data lake, including key information such as filepath and checksum. # Clear Mr. Rogers description
documentationUrl: https://fleetdm.com/guides/osquery-evented-tables-overview#file-integrity-monitoring-fim # URL of the single-best page within the docs which serves as a "jumping-off point" for this feature.
screenshotSrc: "" # A screenshot of the single, best, simplifying, obvious example
tier: Free # Either "Free" or "Premium"
usualDepartment: Security # or omit if there isn't a particular departmental leaning we've noticed
productCategories: [Endpoint operations] # or omit if this isn't associated with a single product category
pricingTableCategories: [Endpoint operations]
dri: mikermcneil #GitHub user name
demos:
- description: A top gaming company needed a way to monitor critical files on production Debian servers.
quote: The FIM features are kind of a top priority.
moreInfoUrl: https://docs.google.com/document/d/1pE9U-1E4YDiy6h4TorszrTOiFAauFiORikSUFUqW7Pk/edit
buzzwords: [File integrity monitoring (FIM),Host-based intrusion detection system (HIDS),Anomaly detection]
waysToUse:
- description: Monitor critical files on production Debian servers
- description: Detect anomalous filesystem activity
moreInfoUrl: https://www.beyondtrust.com/resources/glossary/file-integrity-monitoring
- description: Detect unintended changes
moreInfoUrl: https://www.beyondtrust.com/resources/glossary/file-integrity-monitoring
- description: Verify update status and monitor system health
moreInfoUrl: https://www.beyondtrust.com/resources/glossary/file-integrity-monitoring
- description: Meet compliance mandates
moreInfoUrl: https://www.beyondtrust.com/resources/glossary/file-integrity-monitoring
# ╔╦╗╔═╗╦ ╦ ╦╔═╗╦═╗╔═╗ ╔╦╗╔═╗╔╦╗╔═╗╔═╗╔╦╗╦╔═╗╔╗╔ ┌─╦ ╦╔═╗╦═╗╔═╗─┐
# ║║║╠═╣║ ║║║╠═╣╠╦╝║╣ ║║║╣ ║ ║╣ ║ ║ ║║ ║║║║ │ ╚╦╝╠═╣╠╦╝╠═╣ │
# ╩ ╩╩ ╩╩═╝╚╩╝╩ ╩╩╚═╚═╝ ═╩╝╚═╝ ╩ ╚═╝╚═╝ ╩ ╩╚═╝╝╚╝ └─ ╩ ╩ ╩╩╚═╩ ╩─┘
- industryName: Malware detection (YARA/custom IoCs) # TODO: consider: technically more than YARA, consider generalizing this and including the concept of comparing known binary hashes and other IoCs (either via live query or in the data lake to compare threat intel feed)
friendlyName: Scan files for malware signatures
description: Report and trigger automations when malware or other unexpected files are detected on a host using YARA signatures.
documentationUrl: https://fleetdm.com/tables/yara
tier: Free
dri: mikermcneil
usualDepartment: Security
productCategories: [Endpoint operations,Vulnerability management]
pricingTableCategories: [Endpoint operations,Vulnerability management]
buzzwords: [YARA scanning,Cyber Threat Intelligence (CTI),Indicators of compromise (IOCs),Antivirus (AV),Endpoint protection platform (EPP),Endpoint detection and response (EDR),Malware detection,Signature-based malware detection,Malware scanning,Malware analysis,Anomaly detection]
demos:
- description: A top media company used Fleet policies with YARA rules to continuously scan host filesystems for malware signatures provided by internal and external threat intelligence teams.
moreInfoUrl: # short demo video
waysToUse:
- description: Detect suspicious bytecode in JAR files
- description: Identify suspicious patterns in binaries using YARA signatures # (≈regular expressions for binary)
- description: Continuously scan host filesystems for malware signatures.
moreInfoUrl: https://yara.readthedocs.io/en/stable/writingrules.html
- description: Monitor for relevent filesystem changes (YARA events) and on-demand YARA signature scans.
moreInfoUrl: https://osquery.readthedocs.io/en/stable/deployment/yara/
- description: Use YARA for malware detection
moreInfoUrl: https://www.cisa.gov/sites/default/files/FactSheets/NCCIC%20ICS_FactSheet_YARA_S508C.pdf
- description: Scan for indicators of compromise (IoC) for common malware.
moreInfoUrl: https://github.com/Cisco-Talos/osquery_queries
- description: Analyze malware using data from osquery, such as endpoint certificates and launch daemons (launchd).
moreInfoUrl: https://medium.com/hackernoon/malware-analysis-using-osquery-part-3-9dc805b67d16
- description: Detect persistent malware (e.g. WireLurker) in endpoints by generating simple policies that search for their static indicators of compromise (IoCs).
moreInfoUrl: https://osquery.readthedocs.io/en/stable/deployment/anomaly-detection/
- description: Run a targeted YARA scan with osquery as a lightweight approach to scan anything on a host filesystem, with minimal performance impact. Unlike full system YARA scans which consume considerable CPU resources, an equivalent YARA scan targeted in Fleet can be 8x cheaper (CPU %).
moreInfoUrl: https://www.tripwire.com/state-of-security/signature-socket-based-malware-detection-osquery-yara
- industryName: Detection engineering
friendlyName: # Ship logs to your data lake and comopare with known bad binary hashes or capture behavioral data and build custom detections (e.g. using a framework like MITRE)
description:
documentationUrl: https://fleetdm.com/docs/using-fleet/log-destinations
tier: Free
dri: mikermcneil
usualDepartment: Security
productCategories: [Endpoint operations]
pricingTableCategories: [Endpoint operations]
buzzwords: [Security analytics,Behavioral analytics,MITRE ATT&CK,Tactics techniques and procedures (TTPs),Security information and event management (SIEM)]
demos:
- description:
moreInfoUrl:
waysToUse:
- description:
- industryName: Threat hunting
friendlyName: # TODO: live query
description:
documentationUrl: https://fleetdm.com/queries
tier: Free
dri: mikermcneil
usualDepartment: Security
productCategories: [Endpoint operations]
pricingTableCategories: [Endpoint operations]
buzzwords: []
demos:
- description:
moreInfoUrl:
waysToUse:
- description:
- industryName: Incident response
friendlyName: Interrogate hosts in real time
description: Live query, triage, figuring out scope of impact, remediate using scripts or MDM commands (e.g. remote wipe), and quarantine or reimage using other systems and APIs (e.g. remove from network, decommission container)
documentationUrl: https://fleetdm.com/securing/how-osquery-can-help-cyber-responders#simplifying-endpoint-visibility-with-osquery-and-fleet
tier: Free
dri: mikermcneil
usualDepartment: Security
productCategories: [Endpoint operations]
pricingTableCategories: [Endpoint operations]
buzzwords: []
demos:
- description:
moreInfoUrl:
waysToUse:
- description:
- industryName: Binary authorization
friendlyName: Restrict what programs can run, and what files running programs can access.
description:
documentationUrl:
tier: Free
dri: mikermcneil
usualDepartment: Security
productCategories: [Endpoint operations]
pricingTableCategories: [Endpoint operations]
comingSoonOn: 2025-06-30
buzzwords: [Mandatory Access Control (MAC),Privilege confinement,Binary authorization,Santa,Binary allowlisting,Binary whitelisting]
demos:
- description:
moreInfoUrl:
waysToUse:
- description: Confine programs to a limited set of resources.
- description: Report on AppArmor events
moreInfoUrl: https://fleetdm.com/tables/apparmor_events
- description: Confine programs according to a set of rules that specify which files a program can access.
moreInfoUrl: https://wiki.debian.org/AppArmor
- description: Proactively protect the system against both known and unknown vulnerabilities.
# ╔═╗╔═╗╔═╗╔╗╔╔╦╗ ╔═╗╦ ╦╔╦╗╔═╗ ╦ ╦╔═╗╔╦╗╔═╗╔╦╗╔═╗
# ╠═╣║ ╦║╣ ║║║ ║ ╠═╣║ ║ ║ ║ ║───║ ║╠═╝ ║║╠═╣ ║ ║╣
# ╩ ╩╚═╝╚═╝╝╚╝ ╩ ╩ ╩╚═╝ ╩ ╚═╝ ╚═╝╩ ═╩╝╩ ╩ ╩ ╚═╝
- industryName: Agent auto-update
friendlyName: Keep agents and extensions up to date
descrption: Keep agents and extensions up to date by loading code from Fleet's free update registry.
documentationUrl: https://fleetdm.com/docs/using-fleet/enroll-hosts
tier: Free
productCategories: [Endpoint operations]
pricingTableCategories: [Endpoint operations]
usualDepartment: IT
# ╦╔╗╔╔═╗╔╦╗╔═╗╦ ╦ ╔═╗╦═╗╔═╗
# ║║║║╚═╗ ║ ╠═╣║ ║ ║╣ ╠╦╝╚═╗
# ╩╝╚╝╚═╝ ╩ ╩ ╩╩═╝╩═╝╚═╝╩╚═╚═╝
- industryName: Installers (self-service)
tier: Free
productCategories: [Endpoint operations]
pricingTableCategories: [Endpoint operations]
usualDepartment: IT
documentationUrl: https://fleetdm.com/docs/using-fleet/enroll-hosts
waysToUse:
- description: Build scripts for Ansible deployments
moreInfoUrl: https://www.youtube.com/watch?v=qflUfLQCnwY&list=PL6-FgoWOoK2YUR4ADGsxTSL3onb-GzCnM&index=4
- description: Deploy osquery to macOS via Jamf
moreInfoUrl: https://www.youtube.com/watch?v=qflUfLQCnwY&list=PL6-FgoWOoK2YUR4ADGsxTSL3onb-GzCnM&index=4
- description: Package osquery for Linux servers via Workspace One and Windows servers via group policies
moreInfoUrl: https://www.youtube.com/watch?v=qflUfLQCnwY&list=PL6-FgoWOoK2YUR4ADGsxTSL3onb-GzCnM&index=4
# ╔╗ ╔═╗╔╦╗╔═╗╦ ╦ ╦╔╗╔╔═╗╔╦╗╔═╗╦ ╦ ╔═╗╔╦╗╦╔═╗╔╗╔
# ╠╩╗╠═╣ ║ ║ ╠═╣ ║║║║╚═╗ ║ ╠═╣║ ║ ╠═╣ ║ ║║ ║║║║
# ╚═╝╩ ╩ ╩ ╚═╝╩ ╩ ╩╝╚╝╚═╝ ╩ ╩ ╩╩═╝╩═╝╩ ╩ ╩ ╩╚═╝╝╚╝
- industryName: Batch installation (Chef, Ansible, Puppet, MDM)
friendlyName: Install agents over the air
documentationUrl: https://fleetdm.com/docs/using-fleet/enroll-hosts
tier: Free
productCategories: [Endpoint operations]
pricingTableCategories: [Endpoint operations]
usualDepartment: IT
# ╦═╗╔═╗╔╦╗╔═╗╔╦╗╔═╗ ╔═╗╔═╗╔╦╗╔╦╗╦╔╗╔╔═╗╔═╗
# ╠╦╝║╣ ║║║║ ║ ║ ║╣ ╚═╗║╣ ║ ║ ║║║║║ ╦╚═╗
# ╩╚═╚═╝╩ ╩╚═╝ ╩ ╚═╝ ╚═╝╚═╝ ╩ ╩ ╩╝╚╝╚═╝╚═╝
- industryName: Remote settings
description: Configure agent options remotely, over the air. (Includes osquery config, and osquery startup flags.).
documentationUrl: https://fleetdm.com/docs/configuration/agent-configuration
moreInfoUrl: https://github.com/fleetdm/fleet/issues/13825
tier: Free
productCategories: [Endpoint operations]
pricingTableCategories: [Endpoint operations]
usualDepartment: Security
# ╦ ╦╔═╗╦═╗╦╔═╗╔╗ ╦ ╔═╗ ╔═╗╔╗╔╦═╗╔═╗╦ ╦ ╔╦╗╔═╗╔╗╔╔╦╗
# ╚╗╔╝╠═╣╠╦╝║╠═╣╠╩╗║ ║╣ ║╣ ║║║╠╦╝║ ║║ ║ ║║║║╣ ║║║ ║
# ╚╝ ╩ ╩╩╚═╩╩ ╩╚═╝╩═╝╚═╝ ╚═╝╝╚╝╩╚═╚═╝╩═╝╩═╝╩ ╩╚═╝╝╚╝ ╩
- industryName: Variable enrollment
description: Enroll hosts in different groups using different enrollment secrets and/or installers per-baseline.
documentationUrl: https://fleetdm.com/docs/configuration/configuration-files#teams
tier: Premium
productCategories: [Endpoint operations, Device management]
pricingTableCategories: [Endpoint operations]
usualDepartment: IT
# ╔═╗╦═╗╦╦ ╦╔═╗╔╦╗╔═╗ ╦ ╦╔═╗╔╦╗╔═╗╔╦╗╔═╗ ╦═╗╔═╗╔═╗╦╔═╗╔╦╗╦═╗╦ ╦
# ╠═╝╠╦╝║╚╗╔╝╠═╣ ║ ║╣ ║ ║╠═╝ ║║╠═╣ ║ ║╣ ╠╦╝║╣ ║ ╦║╚═╗ ║ ╠╦╝╚╦╝
# ╩ ╩╚═╩ ╚╝ ╩ ╩ ╩ ╚═╝ ╚═╝╩ ═╩╝╩ ╩ ╩ ╚═╝ ╩╚═╚═╝╚═╝╩╚═╝ ╩ ╩╚═ ╩
- industryName: Private update registry
friendlyName: Update agents from a secret URL
description: Load agent code from a secret URL that you manage.
documentationUrl: https://fleetdm.com/docs/using-fleet/update-agents
tier: Premium
productCategories: [Endpoint operations]
pricingTableCategories: [Endpoint operations]
usualDepartment: Security
- industryName: Variable agent versions
descrption: Manage agents remotely by setting different versions per-baseline.
documentationUrl: https://fleetdm.com/docs/configuration/agent-configuration#configure-fleetd-update-channels
tier: Premium
productCategories: [Endpoint operations]
pricingTableCategories: [Endpoint operations]
usualDepartment: IT
# ╔═╗╦ ╦╔═╗╔╦╗╔═╗╔╦╗ ╔╦╗╔═╗╔╗ ╦ ╔═╗╔═╗
# ║ ║ ║╚═╗ ║ ║ ║║║║ ║ ╠═╣╠╩╗║ ║╣ ╚═╗
# ╚═╝╚═╝╚═╝ ╩ ╚═╝╩ ╩ ╩ ╩ ╩╚═╝╩═╝╚═╝╚═╝
- industryName: Custom tables
friendlyName: Add tables to osquery with extensions
description: Install osquery extensions over the air. # (GitOptional)
documentationUrl: https://fleetdm.com/docs/configuration/agent-configuration#extensions
moreInfoUrl: https://github.com/trailofbits/osquery-extensions/blob/3df2b72ad78549e25344c79dbc9bce6808c4d92a/README.md#extensions
tier: Premium
productCategories: [Endpoint operations]
pricingTableCategories: [Endpoint operations]
usualDepartment: IT
#
# ╦═╗╔═╗╔═╗╔╦╗ ╔═╗╔═╗╦
# ╠╦╝║╣ ╚═╗ ║ ╠═╣╠═╝║
# ╩╚═╚═╝╚═╝ ╩ ╩ ╩╩ ╩
- industryName: REST API
friendlyName: Automate any feature
description:
productCategories: [Endpoint operations,Device management,Vulnerability management]
pricingTableCategories: [Integrations]
usualDepartment: IT
documentationUrl: https://fleetdm.com/docs/rest-api/rest-api
screenshotSrc:
tier: Free
dri: rachaelshaw
# ╔═╗╔═╗╔╦╗╔╦╗╔═╗╔╗╔╔╦╗ ╦ ╦╔╗╔╔═╗ ╔╦╗╔═╗╔═╗╦ ┌─ ╔═╗╦ ╦ ─┐
# ║ ║ ║║║║║║║╠═╣║║║ ║║ ║ ║║║║║╣ ║ ║ ║║ ║║ │ ║ ║ ║ │
# ╚═╝╚═╝╩ ╩╩ ╩╩ ╩╝╚╝═╩╝ ╩═╝╩╝╚╝╚═╝ ╩ ╚═╝╚═╝╩═╝ └─ ╚═╝╩═╝╩ ─┘
- industryName: Command line tool (CLI)
friendlyName: fleetctl
documentationUrl: https://fleetdm.com/docs/using-fleet/fleetctl-cli
productCategories: [Endpoint operations,Device management]
pricingTableCategories: [Endpoint operations]
usualDepartment: IT
tier: Free
# ╦ ╦╔═╗╔╗ ╦ ╦╔═╗╔═╗╦╔═╔═╗
# ║║║║╣ ╠╩╗╠═╣║ ║║ ║╠╩╗╚═╗
# ╚╩╝╚═╝╚═╝╩ ╩╚═╝╚═╝╩ ╩╚═╝
- industryName: Webhooks
friendlyName: Automations
documentationUrl: https://fleetdm.com/docs/using-fleet/automations#automations
productCategories: [Endpoint operations,Device management,Vulnerability management]
pricingTableCategories: [Integrations]
usualDepartment: IT
tier: Free
# ╔╦╗╔═╗╔═╗╔═╗ ╔═╗╦ ╦╔╦╗╔═╗╔╦╗╔═╗╔╦╗╦╔═╗╔╗╔╔═╗
# ║║║╣ ║╣ ╠═╝ ╠═╣║ ║ ║ ║ ║║║║╠═╣ ║ ║║ ║║║║╚═╗
# ═╩╝╚═╝╚═╝╩ ╩ ╩╚═╝ ╩ ╚═╝╩ ╩╩ ╩ ╩ ╩╚═╝╝╚╝╚═╝
- industryName: Deep automations
friendlyName: Trigger webhooks or run scripts
documentationUrl: https://fleetdm.com/docs/using-fleet/automations#automations
description: Fire off webhooks or run scripts on hosts when certain things happen in Fleet.
productCategories: [Endpoint operations,Device management,Vulnerability management]
pricingTableCategories: [Integrations]
comingSoonOn: 2024-06-30
tier: Free
buzzwords: [Automated remediation,Auto-remediation,Self-healing]
waysToUse:
- description: Use policy automations to automatically remediate issues and mitigate vulnerabilities.
- description: Use osquery and santa to work around inflexibilities in proprietary MDMs and other protection solutions.
- description: Listen to webhooks to perform autonomous self-healing (cloud security engineering)
moreInfoUrl: https://www.fugue.co/blog/automated-remediation-scripts-vs.-self-healing-infrastructure-two-approaches-to-cloud-security
# ╔═╗╦╔╦╗╔═╗╔═╗╔═╗
# ║ ╦║ ║ ║ ║╠═╝╚═╗
# ╚═╝╩ ╩ ╚═╝╩ ╚═╝
- industryName: GitOps
friendlyName: Manage endpoints in git
documentationUrl: https://github.com/fleetdm/fleet-gitops
description: Fork the best practices repo and use the GitHub Action to hook it up to your Fleet instance in minutes. Coming soon (2024-03-31)
moreInfoUrl: https://github.com/fleetdm/fleet/issues/13643
productCategories: [Endpoint operations,Device management,Vulnerability management]
pricingTableCategories: [Deployment]
usualDepartment: IT
tier: Free
demos:
description: A top savings and investment company wanted workflows and automation so that one bad actor can't brick their fleet. This way, they have to make a pull request first.
quote: I don't want one bad actor to brick my fleet. I want them to make a pull request first.
moreInfoUrl: https://docs.google.com/document/d/1hAQL6P--Tt3syq1MTRONAxhQA_2Vjt3oOJJt_O4xbiE/edit?disco=AAABAVnYvns&usp_dm=true#heading=h.7en766pueek4
# ╔═╗╦═╗╔═╗╔═╗ ╦╔╗╔╔╦╗╔═╗╔═╗╦═╗╔═╗╔╦╗╦╔═╗╔╗╔╔═╗
# ╠╣ ╠╦╝║╣ ║╣ ║║║║ ║ ║╣ ║ ╦╠╦╝╠═╣ ║ ║║ ║║║║╚═╗
# ╚ ╩╚═╚═╝╚═╝ ╩╝╚╝ ╩ ╚═╝╚═╝╩╚═╩ ╩ ╩ ╩╚═╝╝╚╝╚═╝
- industryName: Free integrations (Tines, Snowflake, Terraform, Chronicle, Jira, Zendesk, etc)
friendlyName: Borrow off-the-shelf tactics from the community
documentationUrl: https://fleetdm.com/integrations
productCategories: [Endpoint operations,Device management,Vulnerability management]
pricingTableCategories: [Integrations]
usualDepartment: IT
description:
moreInfoUrl: https://fleetdm.com/integrations
tier: Free
waysToUse:
- description: (ActiveDirectory) Know who opened your computer and check their device posture before you let them log into anything.
- description: (Ansible) Easily issue MDM commands and standardize data across operating systems.
- description: (AWS) Deploy your own self-managed Fleet in any AWS environment in minutes.
- description: (Azure) Deploy your own self-managed Fleet in the Microsoft Cloud in minutes.
- description: (Chef) Easily issue MDM commands and standardize data across operating systems.
- description: (Elastic) Ingest osquery data and monitor for important changes or events.
- description: (GitHub) Version control using git, enabling collaboration and a GitOps workflow.
- description: (GitLab) Version control using git, enabling collaboration and a GitOps workflow.
- description: (Chronicle) Ingest osquery data and monitor for important changes or events.
- description: (Google Cloud) Deploy your own self-managed Fleet in any GCP environment in minutes.
- description: (Munki) Easily issue MDM commands and standardize data across operating systems.
- description: (Okta) Know who opened your computer and check their device posture before you let them log into anything.
- description: (Snowflake) Ingest osquery data and monitor for important changes or events.
- description: (Splunk) Ingest osquery data and monitor for important changes or events.
- description: (Tines) Build custom workflows that trigger in various situations.
- description: (Webhooks) Configure automations that send webhooks to specific URLs when Fleet detects changes to host, policy, and CVE statuses.
- description: (Zendesk) Automatically create Zendesk tickets in various situations.
- description: (Jira) Automatically create Jira tickets in various situations, including exporting vulnerabilities to Jira and syncing tickets.
buzzwords: [Snowflake,Okta,Tines,Splunk,Elastic,AWS,ActiveDirectory,Ansible,GitHub,GitLab,Chronicle,Google Cloud,Munki,Vanta,Chef,Zendesk,Jira]
# ╔═╗╦═╗╔═╗╔╦╗╦╦ ╦╔╦╗ ╦╔╗╔╔╦╗╔═╗╔═╗╦═╗╔═╗╔╦╗╦╔═╗╔╗╔╔═╗
# ╠═╝╠╦╝║╣ ║║║║║ ║║║║ ║║║║ ║ ║╣ ║ ╦╠╦╝╠═╣ ║ ║║ ║║║║╚═╗
# ╩ ╩╚═╚═╝╩ ╩╩╚═╝╩ ╩ ╩╝╚╝ ╩ ╚═╝╚═╝╩╚═╩ ╩ ╩ ╩╚═╝╝╚╝╚═╝
- industryName: Premium integrations (Puppet, Vanta, etc)
friendlyName: Borrow off-the-shelf tactics from legendary brands
documentationUrl: https://fleetdm.com/integrations
description: Plug Fleet into other frameworks and tools.
productCategories: [Endpoint operations,Device management,Vulnerability management]
pricingTableCategories: [Integrations]
usualDepartment: IT
moreInfoUrl: https://fleetdm.com/integrations
tier: Premium
waysToUse:
- description: (Vanta) Trigger a workflow based on a failing policy.
- description: (Puppet) Easily issue MDM commands, standardize data across operating systems, and map macOS+Windows settings to computers with the Puppet module.
- description: (Torq) Build custom workflows that trigger in various situations.
- description: (Custom IdP) Manage access to Fleet single sign-on (SSO) through any IdP (using SAML).
buzzwords: [Vanta,Puppet,Custom IdP]
- industryName: Public issue tracker (GitHub)
documentationUrl: https://fleetdm.com/support
productCategories: [Endpoint operations,Device management,Vulnerability management]
pricingTableCategories: [Support]
tier: Free
- industryName: Community Slack channel
documentationUrl: https://fleetdm.com/support
productCategories: [Endpoint operations,Device management,Vulnerability management]
pricingTableCategories: [Support]
tier: Free
- industryName: Unlimited email support (confidential)
documentationUrl: https://fleetdm.com/support
productCategories: [Endpoint operations,Device management,Vulnerability management]
pricingTableCategories: [Support]
tier: Premium
- industryName: Phone and video call support
documentationUrl: https://fleetdm.com/support
productCategories: [Endpoint operations,Device management,Vulnerability management]
pricingTableCategories: [Support]
tier: Premium
- industryName: Self-managed
friendlyName: Host it yourself
description: Deploy Fleet anywhere and host it yourself, even in air-gapped environments except where technologically impossible.
pricingTableCategories: [Deployment]
documentationUrl: https://fleetdm.com/docs/deploy/introduction
productCategories: [Endpoint operations,Device management,Vulnerability management]
tier: Free
buzzwords: [Self-hosted]
- industryName: Deployment tools (Terraform, Helm)
documentationUrl: https://fleetdm.com/docs/deploy/introduction
usualDepartment: IT
tier: Free
productCategories: [Endpoint operations]
pricingTableCategories: [Deployment]
- industryName: Managed Cloud (700+ hosts)
description: Have Fleet host it for you (currently only available for customers with 700+ hosts. PS. Wish we could host for you? We're working on it! Please let us know if you know of a good partner. In the meantime, join fleetdm.com/support and we're happy to help you deploy Fleet yourself.)
pricingTableCategories: [Deployment]
productCategories: [Endpoint operations,Device management,Vulnerability management]
tier: Premium
- industryName: Interactive MDM migration # « end-user initiated MDM migration, with interactive UI
tier: Premium
documentationUrl: https://fleetdm.com/docs/using-fleet/mdm-migration-guide#migrate-automatically-enrolled-dep-hosts
usualDepartment: IT
productCategories: [Device management]
pricingTableCategories: [Device management]
- industryName: Remotely enforce OS settings
documentationUrl: https://fleetdm.com/docs/using-fleet/mdm-custom-os-settings
usualDepartment: IT
tier: Free
waysToUse:
- description: Deploy configuration profiles on macOS and Windows and verify that they're installed.
moreInfoUrl: https://github.com/fleetdm/fleet/issues/13281
- description: Deploy custom declaration (DDM) profiles on macOS. Coming soon (2024-03-31).
moreInfoUrl: https://github.com/fleetdm/fleet/issues/14550
- description: Target profiles to specific hosts using SQL.
moreInfoUrl: https://github.com/fleetdm/fleet/issues/14715
- description: Automatically re-deploy configuration profiles when they're not installed.
productCategories: [Device management]
pricingTableCategories: [Device management]
- industryName: Self service
description: Provide resolution instructions for end users through Fleet Desktop that suggest how an end user can fix a posture issue themselves.
documentationUrl: https://fleetdm.com/docs/using-fleet/fleet-desktop
tier: Premium
usualDepartment: IT
productCategories: [Device management]
pricingTableCategories: [Device management]
- industryName: User-initiated enrollment of macOS computers
documentationUrl: https://fleetdm.com/docs/using-fleet/mdm-migration-guide#migrate-manually-enrolled-hosts
tier: Free
usualDepartment: IT
productCategories: [Device management]
pricingTableCategories: [Device management]
- industryName: Low-level MDM commands for macOS and Windows (e.g. remote restart)
documentationUrl: https://fleetdm.com/docs/using-fleet/mdm-commands
tier: Free
usualDepartment: IT
productCategories: [Device management]
pricingTableCategories: [Device management]
waysToUse:
- description: See a list of the upcoming MDM commands and scripts in unified queue. Coming soon (2024-03-31)
moreInfoUrl: https://github.com/fleetdm/fleet/issues/15920
- industryName: Native macOS update reminders
description: Send low-level MDM commands to tell end users to update their OS.
moreInfoUrl: https://developer.apple.com/documentation/devicemanagement/schedule_an_os_update
tier: Free
usualDepartment: IT
productCategories: [Device management]
pricingTableCategories: [Device management]
- industryName: Zero-touch setup for macOS computers
documentationUrl: https://fleetdm.com/docs/using-fleet/mdm-macos-setup-experience
tier: Premium
usualDepartment: IT
productCategories: [Device management]
pricingTableCategories: [Device management]
waysToUse:
- description: Ship a macOS workstation to the end user's home and have them automatically enroll to Fleet during out-of-the-box setup.
- description: Ship a Windows workstation to the end user's home and have them automatically enroll to Fleet during out-of-the-box setup.
- description: Customize the out-of-the-box setup experience for your end users.
- description: Require end users to authenticate with your identity provider (IdP) and agree to an end user license agreement (EULA) before they can use their new workstation
- industryName: Enforce OS updates
documentationUrl: https://fleetdm.com/docs/using-fleet/mdm-macos-updates
tier: Premium
usualDepartment: IT
productCategories: [Device management,Vulnerability management]
pricingTableCategories: [Device management]
waysToUse:
- description: Enforce macOS updates via Nudge.
- description: Automatically update Windows after the end user reaches a deadline.
- industryName: Cross-platform remote lock and wipe
documentationUrl: https://fleetdm.com/docs/using-fleet/mdm-commands
waysToUse:
- description: High-level remote lock for macOS, Windows, and Linux. Coming soon (2024-03-31)
moreInfoUrl: https://github.com/fleetdm/fleet/issues/9949
- description: High-level remote wipe for macOS, Windows, and Linux. Coming soon (2024-03-31)
moreInfoUrl: https://github.com/fleetdm/fleet/issues/9951
tier: Premium
usualDepartment: IT
productCategories: [Device management]
pricingTableCategories: [Device management]
- industryName: Deploy security agents on macOS, Windows, and Linux computers.
documentationUrl: https://github.com/fleetdm/fleet/issues/14921
description:
moreInfoUrl: https://github.com/fleetdm/fleet/issues/14921
tier: Premium
comingSoonOn: 2024-04-22 #customer-reedtimmer,customer-flacourtia
usualDepartment: IT
productCategories: [Device management]
pricingTableCategories: [Device management]
- industryName: Puppet module
documentationUrl: https://fleetdm.com/docs/using-fleet/puppet-module
friendlyName: Map macOS settings to computers with Puppet module
tier: Premium
usualDepartment: IT
productCategories: [Device management]
pricingTableCategories: [Device management]
- industryName: Software inventory
documentationUrl: https://fleetdm.com/docs/get-started/anatomy#software-library
tier: Free
productCategories: [Endpoint operations,Device management,Vulnerability management]
pricingTableCategories: [Endpoint operations]
waysToUse:
- description: Implement software inventory recommendations from the SANS 20 / CIS 18.
moreInfoUrl: https://docs.google.com/document/d/1E6EQMMqrsRc6Z3YsR6Q33OaF9eAa8zLNaz4K2YzFdyo/edit#heading=h.7en766pueek4
- description: View a list of all software and their versions installed on all your hosts.
- description: View a list of software rolled up by title.
moreInfoUrl: https://github.com/fleetdm/fleet/issues/14674
- industryName: Hardware inventory
documentationUrl: https://fleetdm.com/tables/system_info
productCategories: [Endpoint operations,Device management,Vulnerability management]
pricingTableCategories: [Endpoint operations]
tier: Free
waysToUse:
- description: Implement hardware and infrastructure inventory recommendations from the SANS 20 / CIS 18.
moreInfoUrl: https://docs.google.com/document/d/1E6EQMMqrsRc6Z3YsR6Q33OaF9eAa8zLNaz4K2YzFdyo/edit#heading=h.7en766pueek4
- industryName: Device inventory dashboard
documentationUrl:
productCategories: [Endpoint operations,Device management]
pricingTableCategories: [Endpoint operations]
usualDepartment: IT
tier: Free
- industryName: Browse installed software packages
documentationUrl: https://fleetdm.com/docs/rest-api/rest-api#software
productCategories: [Endpoint operations,Device management,Vulnerability management]
pricingTableCategories: [Endpoint operations]
tier: Free
- industryName: Search devices by IP, serial, hostname, UUID
documentationUrl: https://fleetdm.com/docs/rest-api/rest-api#hosts
productCategories: [Endpoint operations,Device management]
pricingTableCategories: [Endpoint operations]
tier: Free
- industryName: Labels (SQL-driven)
documentationUrl: https://fleetdm.com/docs/configuration/configuration-files#labels
friendlyName: Filter hosts using SQL
productCategories: [Endpoint operations,Device management,Vulnerability management]
pricingTableCategories: [Endpoint operations]
usualDepartment: IT
tier: Free
- industryName: Custom device data for help desk
documentationUrl: https://fleetdm.com/securing/end-user-self-remediation#set-your-enforcement-standards
description:
moreInfoUrl: https://github.com/fleetdm/fleet/issues/14415
tier: Free
usualDepartment: IT
productCategories: [Endpoint operations,Device management]
pricingTableCategories: [Device management]
- industryName: Baselines (device groups)
friendlyName: Manage different endpoints differently
documentationUrl: https://fleetdm.com/docs/using-fleet/segment-hosts
description: Set baselines and strategies for hosts in different situations called "teams", and move hosts between them via API-driven automations or a simple, delegatable user interface with role-based access.
tier: Premium
productCategories: [Endpoint operations,Device management,Vulnerability management]
pricingTableCategories: [Endpoint operations]
waysToUse:
- description: Automate remediation for different applications with different security postures (cloud security engineering)
- industryName: Generate reports for groups of devices
documentationUrl: https://fleetdm.com/docs/configuration/configuration-files#server-settings-query-reports-disabled
productCategories: [Endpoint operations,Device management,Vulnerability management]
pricingTableCategories: [Endpoint operations]
usualDepartment: IT
tier: Premium
- industryName: Versionable queries and config (GitOps)
documentationUrl: https://fleetdm.com/guides/using-github-actions-to-apply-configuration-profiles-with-fleet#basic-article
tier: Free
productCategories: [Endpoint operations,Device management,Vulnerability management]
pricingTableCategories: [Endpoint operations]
usualDepartment: IT
demos:
- description: A top financial services company needed to set up rolling deployments for changes to osquery agents running on their production servers.
moreInfoUrl: https://docs.google.com/document/d/1UdzZMyBLbs9SUXfSXN2x2wZQCbjZZUetYlNWH6-ryqQ/edit#heading=h.2lh6ehprpvl6
- industryName: Scope transparency
tier: Free
documentationUrl: https://fleetdm.com/transparency
productCategories: [Endpoint operations]
pricingTableCategories: [Endpoint operations]
- industryName: Single sign on (SSO, SAML)
documentationUrl: https://fleetdm.com/docs/deploy/single-sign-on-sso#single-sign-on-sso
productCategories: [Endpoint operations,Device management,Vulnerability management]
pricingTableCategories: [Endpoint operations]
usualDepartment: IT
tier: Free
- industryName: Disk encryption
documentationURL: https://fleetdm.com/docs/using-fleet/mdm-disk-encryption
friendlyName: Ensure hard disks are encrypted
productCategories: [Device management]
pricingTableCategories: [Device management]
usualDepartment: Security
description: Encrypt hard disks of macOS and Windows computers, manage escrowed encryption keys, and report on disk encryption status (FileVault, BitLocker).
tier: Premium
waysToUse:
- description: Report on disk encryption status
- description: Encrypt hard disks on macOS with FileVault
- description: Escrow FileVault keys on macOS
- description: Encrypt hard disks on Windows with BitLocker.
- industryName: Grant API-only access
documentationUrl: https://fleetdm.com/docs/using-fleet/fleetctl-cli#using-fleetctl-with-an-api-only-user
productCategories: [Endpoint operations]
pricingTableCategories: [Endpoint operations]
tier: Free
- industryName: Audit log of Fleet activity (queries, scripts, logins, etc)
documentationUrl: https://fleetdm.com/docs/rest-api/rest-api#list-activities
productCategories: [Endpoint operations, Device management]
pricingTableCategories: [Endpoint operations, Device management]
tier: Premium
usualDepartment: Security
waysToUse:
- description: Export activity of Fleet admins to your SIEM or data lake
- industryName: Just-in-time (JIT) provisioning
documentationUrl: https://fleetdm.com/docs/deploy/single-sign-on-sso#just-in-time-jit-user-provisioning
productCategories: [Endpoint operations,Device management,Vulnerability management]
pricingTableCategories: [Endpoint operations]
usualDepartment: IT
tier: Premium
- industryName: Automated user role sync via Okta, AD, or any IDP
documentationUrl:
productCategories: [Endpoint operations,Device management,Vulnerability management]
pricingTableCategories: [Device management]
usualDepartment: IT
tier: Premium
waysToUse:
- description: Automatically set admin access to Fleet based on your IDP
- industryName: Trigger a workflow based on a failing policy
documentationUrl: https://fleetdm.com/docs/using-fleet/automations#automations
productCategories: [Endpoint operations,Device management]
pricingTableCategories: [Integrations]
usualDepartment: IT
tier: Premium
- industryName: Role-based access control
documentationUrl: https://fleetdm.com/docs/using-fleet/manage-access#manage-access
productCategories: [Endpoint operations,Device management,Vulnerability management]
pricingTableCategories: [Endpoint operations]
usualDepartment: IT
tier: Premium
# ╦═╗╦╔═╗╦╔═ ╔╗ ╔═╗╔═╗╔═╗╔╦╗ ╦ ╦╦ ╦╦ ╔╗╔╔═╗╦═╗╔═╗╔╗ ╦╦ ╦╔╦╗╦ ╦ ╔╦╗╔═╗╔╗╔╔═╗╔═╗╔═╗╔╦╗╔═╗╔╗╔╔╦╗
# ╠╦╝║╚═╗╠╩╗───╠╩╗╠═╣╚═╗║╣ ║║ ╚╗╔╝║ ║║ ║║║║╣ ╠╦╝╠═╣╠╩╗║║ ║ ║ ╚╦╝ ║║║╠═╣║║║╠═╣║ ╦║╣ ║║║║╣ ║║║ ║
# ╩╚═╩╚═╝╩ ╩ ╚═╝╩ ╩╚═╝╚═╝═╩╝ ╚╝ ╚═╝╩═╝╝╚╝╚═╝╩╚═╩ ╩╚═╝╩╩═╝╩ ╩ ╩ ╩ ╩╩ ╩╝╚╝╩ ╩╚═╝╚═╝╩ ╩╚═╝╝╚╝ ╩
- industryName: Risk-based vulnerability management
friendlyName: Detect vulnerable software
documentationUrl: https://fleetdm.com/vulnerability-management
productCategories: [Vulnerability management]
pricingTableCategories: [Vulnerability management]
usualDepartment: Security
tier: Free
demos:
- description: A top gaming company wanted to replace Qualys for infrastructure vulnerability detection.
quote: So we have some stuff today through Qualys, but it's just not very good. A lot of it is...it's just really noisy. I'm trying to find out specifically, actually what packages are installed where, and then the ability to live query them.
moreInfoUrl: https://docs.google.com/document/d/1JWtRsW1FUTCkZEESJj9-CvXjLXK4219by-C6vvVVyBY/edit
waysToUse:
- description: Email relevant, actually-installed vulnerabilities to responsible teams so they can fix them.
moreInfoUrl: https://docs.google.com/document/d/1oeCmT077o_5nxzLhnxs7kcg_4Qn1Pn1F5zx10nQOAp8/edit
# ╦ ╦╦ ╦╦ ╔╗╔╔═╗╦═╗╔═╗╔╗ ╦╦ ╦╔╦╗╦ ╦ ╔╦╗╔═╗╔═╗╦ ╦╔╗ ╔═╗╔═╗╦═╗╔╦╗
# ╚╗╔╝║ ║║ ║║║║╣ ╠╦╝╠═╣╠╩╗║║ ║ ║ ╚╦╝ ║║╠═╣╚═╗╠═╣╠╩╗║ ║╠═╣╠╦╝ ║║
# ╚╝ ╚═╝╩═╝╝╚╝╚═╝╩╚═╩ ╩╚═╝╩╩═╝╩ ╩ ╩ ═╩╝╩ ╩╚═╝╩ ╩╚═╝╚═╝╩ ╩╩╚══╩╝
- industryName: Vulnerability dashboard
friendlyName: Vulnerability dashboard
documentationUrl: https://fleetdm.com/vulnerability-management
productCategories: [Vulnerability management]
pricingTableCategories: [Vulnerability management]
usualDepartment: Security
tier: Premium
demos:
- description: See a list of all vulneribilities across your hosts. Coming soon (2024-03-31)
moreInfoUrl: https://github.com/fleetdm/fleet/issues/15919
- description: AI generated CVSS v4 context. Coming soon (2024-03-31)
waysToUse:
- description: Easily communicate to executives regarding the progress of patching vulnerable software. Only show vulnerabilities that you care about. Coming soon (2024-03-31) #Customer-faltona and customer-rialto
# ╦ ╦╦ ╦╦ ╔╗╔╔═╗╦═╗╔═╗╔╗ ╦╦ ╦╔╦╗╦ ╦ ╔═╗╔═╗╔═╗╦═╗╔═╗╔═╗ ╔═╗╔═╗╔═╗╔═╗ ╔═╗╔╗╔╔╦╗ ╔═╗╦ ╦╔═╗╔═╗
# ╚╗╔╝║ ║║ ║║║║╣ ╠╦╝╠═╣╠╩╗║║ ║ ║ ╚╦╝ ╚═╗║ ║ ║╠╦╝║╣ ╚═╗ ─── ║╣ ╠═╝╚═╗╚═╗ ╠═╣║║║ ║║ ║ ╚╗╔╝╚═╗╚═╗
# ╚╝ ╚═╝╩═╝╝╚╝╚═╝╩╚═╩ ╩╚═╝╩╩═╝╩ ╩ ╩ ╚═╝╚═╝╚═╝╩╚═╚═╝╚═╝ ╚═╝╩ ╚═╝╚═╝ ╩ ╩╝╚╝═╩╝ ╚═╝ ╚╝ ╚═╝╚═╝
- industryName: Vulnerability scores (EPSS and CVSS)
documentationUrl: https://fleetdm.com/vulnerability-management
tier: Premium
usualDepartment: Security
productCategories: [Vulnerability management]
pricingTableCategories: [Vulnerability management]
buzzwords: [Risk scores,Cyber risk,Risk reduction,Security operations effectiveness,Peer benchmarking,Security program effectiveness,Risk-based exposure scoring,Threat context,Cyber exposure,Exposure quantification and benchmarking,Optimize security investments,Vulnerability assessment]
demos:
- description: Fleet enables a more modern, threat-first prioritization approach to vulnerability management.
quote: In reality, across our inventory of devices, it's unlikely to ever be exploited. I'd rather do that legwork on my team and then go and ask and prioritize work on these infrastructure teams that are already busy with things that could or could not be vulnerable. Being able to be more exact allows us to go to these teams less, which saves everybody time.
moreInfoUrl: https://www.youtube.com/watch?v=G5Ry_vQPaYc&t=131s
waysToUse:
- description: By leveraging EPSS (Exploit Prediction Scoring System), security professionals gain insight on the true risk behind rated CVEs.
- description: An Introduction to EPSS, The Exploit Prediction Scoring System
- moreInfoUrl: https://www.youtube.com/watch?v=vw1RlZCSRcQ
- description: By extracting metadata from the National Vulnerability Database (NVD) and Microsoft Security Response Center (MSRC), we can determine which version of software is no longer vulnerable.
# ╔═╗╦╔═╗╔═╗ ╦╔═╔═╗╦ ╦╔═╗
# ║ ║╚═╗╠═╣ ╠╩╗║╣ ╚╗╔╝╚═╗
# ╚═╝╩╚═╝╩ ╩ ╩ ╩╚═╝ ╚╝ ╚═╝
- industryName: CISA KEVs (known exploited vulnerabilities)
documentationUrl: https://fleetdm.com/vulnerability-management
tier: Premium
usualDepartment: Security
productCategories: [Vulnerability management]
pricingTableCategories: [Vulnerability management]
demos:
- description:
moreInfoUrl:
waysToUse:
- description: Help teams work on vulnerabilities that have actually been exploited (CISA KEVs) or have a high probability of being exploited (EPSS), or whatever is important in your environment.
- description: Use CISA KEVs for vulnerability management
- moreInfoUrl: https://www.youtube.com/watch?v=Z3mw2oxssYk
- industryName: Query performance monitoring
documentationUrl: https://fleetdm.com/docs/get-started/faq#will-fleet-slow-down-my-servers-what-about-my-employee-laptops
tier: Free
productCategories: [Endpoint operations]
pricingTableCategories: [Endpoint operations]
demos:
- description: A top software company needed to understand the performance impact of osquery queries before running them on all of their production Linux servers.
moreInfoUrl: https://docs.google.com/document/d/1WzMc8GJCRU6tTBb6gLsSTzFysqtXO8CtP2sXMPKgYSk/edit?disco=AAAA6xuVxGg
- description: A top software company wanted to detect regressions when adding/changing queries and fail builds if queries were too expensive.
moreInfoUrl: https://docs.google.com/document/d/1WzMc8GJCRU6tTBb6gLsSTzFysqtXO8CtP2sXMPKgYSk/edit?disco=AAAA6xuVxGg
waysToUse:
- description: Monitor performance for automated queries.
- description: Monitor performance for live queries.
moreInfoUrl: https://github.com/fleetdm/fleet/issues/467
- industryName: Detect and surface issues with devices (policies)
documentationUrl: https://fleetdm.com/docs/get-started/anatomy#policy
productCategories: [Endpoint operations,Device management]
pricingTableCategories: [Endpoint operations]
usualDepartment: IT
tier: Free
- industryName: Policy scoring
documentationUrl:
friendlyName: Mark policies as critical
productCategories: [Endpoint operations,Device management]
pricingTableCategories: [Endpoint operations]
usualDepartment: IT
tier: Premium
waysToUse:
- description: Block access to corporate apps if your end users are failing a specific number of critical policies.
moreInfoUrl: https://github.com/fleetdm/fleet/issues/16206
- industryName: Flexible log destinations (AWS Kinesis, Lambda, GCP, Kafka)
documentationUrl: https://fleetdm.com/docs/using-fleet/log-destinations#log-destinations
tier: Free
usualDepartment: Security
productCategories: [Endpoint operations]
pricingTableCategories: [Endpoint operations]
buzzwords: [Real-time export,Ship logs]
waysToUse:
- description: Choose different file sizes for automated query results and agent logs. Coming soon (2024-04-22) #Customer-blanco
moreInfoUrl: https://github.com/fleetdm/fleet/issues/11999
- industryName: File carving (AWS S3)
documentationUrl: https://fleetdm.com/docs/configuration/fleet-server-configuration#s-3-file-carving-backend
tier: Free
usualDepartment: Security
productCategories: [Endpoint operations]
pricingTableCategories: [Endpoint operations]
- industryName: Asset discovery
documentationUrl:
tier: Premium
comingSoonOn: 2024-06-30
usualDepartment: Security
productCategories: [Vulnerability management]
pricingTableCategories: [Vulnerability management]
Reference in New Issue View Git Blame Copy Permalink