fleet/docs/1-Using-Fleet/3-REST-API.md
noahtalerman 54f46b944e
Add packs endpoints docs to REST API docs (#242)
Reformat the anchor links for specific endpoints by moving these links to their respective sections.

The endpoints included in these changes:
- /api/v1/kolide/packs POST
- /api/v1/kolide/packs/{id} PATCH "modify_pack"
- /api/v1/kolide/packs/{id} GET "get_pack"
- /api/v1/kolide/packs GET "list_packs"
- /api/v1/kolide/packs/{name} DELETE "delete_pack"
- /api/v1/kolide/packs/id/{id} DELETE "delete_pack_by_id"
- /api/v1/kolide/packs/{id}/scheduled GET "get_scheduled_queries_in_pack"
- /api/v1/kolide/schedule POST "schedule_query"
- /api/v1/kolide/schedule/{id} GET "get_scheduled_query"
- /api/v1/kolide/schedule/{id} PATCH "modify_scheduled_query"
- /api/v1/kolide/schedule/{id} DELETE "delete_scheduled_query"
- /api/v1/kolide/spec/packs POST "apply_pack_specs"
- /api/v1/kolide/spec/packs GET "get_pack_specs"
- /api/v1/kolide/spec/packs/{name} GET "get_pack_spec"
2021-01-28 15:40:49 -08:00

73 KiB

REST API

Overview

Fleet is powered by a Go API server which serves three types of endpoints:

  • Endpoints starting with /api/v1/osquery/ are osquery TLS server API endpoints. All of these endpoints are used for talking to osqueryd agents and that's it.
  • Endpoints starting with /api/v1/kolide/ are endpoints to interact with the Fleet data model (packs, queries, scheduled queries, labels, hosts, etc) as well as application endpoints (configuring settings, logging in, session management, etc).
  • All other endpoints are served the React single page application bundle. The React app uses React Router to determine whether or not the URI is a valid route and what to do.

Only osquery agents should interact with the osquery API, but we'd like to support the eventual use of the Fleet API extensively. The API is not very well documented at all right now, but we have plans to:

  • Generate and publish detailed documentation via a tool built using test2doc (or similar).
  • Release a JavaScript Fleet API client library (which would be derived from the current JavaScript API client).
  • Commit to a stable, standardized API format.

fleetctl

Many of the operations that a user may wish to perform with an API are currently best performed via the fleetctl tooling. These CLI tools allow updating of the osquery configuration entities, as well as performing live queries.

Current API

The general idea with the current API is that there are many entities throughout the Fleet application, such as:

  • Queries
  • Packs
  • Labels
  • Hosts

Each set of objects follows a similar REST access pattern.

  • You can GET /api/v1/kolide/packs to get all packs
  • You can GET /api/v1/kolide/packs/1 to get a specific pack.
  • You can DELETE /api/v1/kolide/packs/1 to delete a specific pack.
  • You can POST /api/v1/kolide/packs (with a valid body) to create a new pack.
  • You can PATCH /api/v1/kolide/packs/1 (with a valid body) to modify a specific pack.

Queries, packs, scheduled queries, labels, invites, users, sessions all behave this way. Some objects, like invites, have additional HTTP methods for additional functionality. Some objects, such as scheduled queries, are merely a relationship between two other objects (in this case, a query and a pack) with some details attached.

All of these objects are put together and distributed to the appropriate osquery agents at the appropriate time. At this time, the best source of truth for the API is the HTTP handler file in the Go application. The REST API is exposed via a transport layer on top of an RPC service which is implemented using a micro-service library called Go Kit. If using the Fleet API is important to you right now, being familiar with Go Kit would definitely be helpful.

Authentication

Making authenticated requests to the Fleet server requires that you are granted permission to access data. The Fleet Authentication API enables you to receive an authorization token.

All Fleet API requests are authenticated unless noted in the documentation. This means that almost all Fleet API requests will require sending the API token in the request header.

The typical steps to making an authenticated API request are outlined below.

First, utilize the /login endpoint to receive an API token. For SSO users, username/password login is disabled and the API token can be retrieved from the "Settings" page in the UI.

POST /api/v1/kolide/login

Request body

{
  "username": "janedoe@example.com",
  "passsword": "VArCjNW7CfsxGp67"
}

Default response

Status: 200

{
  "user": {
    "created_at": "2020-11-13T22:57:12Z",
    "updated_at": "2020-11-13T22:57:12Z",
    "id": 1,
    "username": "jane",
    "name": "",
    "email": "janedoe@example.com",
    "admin": true,
    "enabled": true,
    "force_password_reset": false,
    "gravatar_url": "",
    "sso_enabled": false
  },
  "token": "{your token}"
}

Then, use the token returned from the /login endpoint to authenticate further API requests. The example below utilizes the /hosts endpoint.

GET /api/v1/kolide/hosts

Request header

Authorization: Bearer <your token>

Default response

Status: 200

{
  "hosts": [
    {
      "created_at": "2020-11-05T05:09:44Z",
      "updated_at": "2020-11-05T06:03:39Z",
      "id": 1,
      "detail_updated_at": "2020-11-05T05:09:45Z",
      "label_updated_at": "2020-11-05T05:14:51Z",
      "seen_time": "2020-11-05T06:03:39Z",
      "hostname": "2ceca32fe484",
      "uuid": "392547dc-0000-0000-a87a-d701ff75bc65",
      "platform": "centos",
      "osquery_version": "2.7.0",
      "os_version": "CentOS Linux 7",
      "build": "",
      "platform_like": "rhel fedora",
      "code_name": "",
      "uptime": 8305000000000,
      "memory": 2084032512,
      "cpu_type": "6",
      "cpu_subtype": "142",
      "cpu_brand": "Intel(R) Core(TM) i5-8279U CPU @ 2.40GHz",
      "cpu_physical_cores": 4,
      "cpu_logical_cores": 4,
      "hardware_vendor": "",
      "hardware_model": "",
      "hardware_version": "",
      "hardware_serial": "",
      "computer_name": "2ceca32fe484",
      "primary_ip": "",
      "primary_mac": "",
      "distributed_interval": 10,
      "config_tls_refresh": 10,
      "logger_tls_period": 8,
      "additional": {},
      "enroll_secret_name": "default",
      "status": "offline",
      "display_text": "2ceca32fe484"
    },
    {
      "created_at": "2020-11-05T05:09:44Z",
      "updated_at": "2020-11-05T06:03:39Z",
      "id": 2,
      "detail_updated_at": "2020-11-05T05:09:45Z",
      "label_updated_at": "2020-11-05T05:14:52Z",
      "seen_time": "2020-11-05T06:03:40Z",
      "hostname": "4cc885c20110",
      "uuid": "392547dc-0000-0000-a87a-d701ff75bc65",
      "platform": "centos",
      "osquery_version": "2.7.0",
      "os_version": "CentOS 6.8.0",
      "build": "",
      "platform_like": "rhel",
      "code_name": "",
      "uptime": 8305000000000,
      "memory": 2084032512,
      "cpu_type": "6",
      "cpu_subtype": "142",
      "cpu_brand": "Intel(R) Core(TM) i5-8279U CPU @ 2.40GHz",
      "cpu_physical_cores": 4,
      "cpu_logical_cores": 4,
      "hardware_vendor": "",
      "hardware_model": "",
      "hardware_version": "",
      "hardware_serial": "",
      "computer_name": "4cc885c20110",
      "primary_ip": "",
      "primary_mac": "",
      "distributed_interval": 10,
      "config_tls_refresh": 10,
      "logger_tls_period": 8,
      "additional": {},
      "enroll_secret_name": "default",
      "status": "offline",
      "display_text": "4cc885c20110"
    },
  ]
}

Log in

Authenticates the user with the specified credentials. Use the token returned from this endpoint to authenticate further API requests.

POST /api/v1/kolide/login

Parameters

Name Type In Description
username string body Required. The user's email.
password string body Required. The user's plain text password.

Example

POST /api/v1/kolide/login

Request body
{
  "username": "janedoe@example.com",
  "passsword": "VArCjNW7CfsxGp67"
}
Default response

Status: 200

{
  "user": {
    "created_at": "2020-11-13T22:57:12Z",
    "updated_at": "2020-11-13T22:57:12Z",
    "id": 1,
    "username": "jane",
    "name": "",
    "email": "janedoe@example.com",
    "admin": true,
    "enabled": true,
    "force_password_reset": false,
    "gravatar_url": "",
    "sso_enabled": false
  },
  "token": "{your token}"
}

Log out

Logs out the authenticated user.

POST /api/v1/kolide/logout

Example

POST /api/v1/kolide/logout

Default response

Status: 200


Forgot password

Sends a password reset email to the specified email. Requires that SMTP is configured for your Fleet server.

POST /api/v1/kolide/forgot_password

Parameters

Name Type In Description
email string body Required. The email of the user requesting the reset password link.

Example

POST /api/v1/kolide/forgot_password

Request body
{
  "email": "janedoe@example.com"
}
Default response

Status: 200

Unknown error

Status: 500

{
  "message": "Unknown Error",
  "errors": [
    {
      "name": "base",
      "reason": "email not configured",
    }
  ]
}

Change password

POST /api/v1/kolide/change_password

Changes the password for the authenticated user.

Parameters

Name Type In Description
old_password string body Required. The user's old password.
new_password string body Required. The user's new password.

Example

POST /api/v1/kolide/change_password

Request body
{
  "old_password": "VArCjNW7CfsxGp67",
  "new_password": "zGq7mCLA6z4PzArC",
}
Default response

Status: 200

Validation failed

Status: 422 Unprocessable entity

{
  "message": "Validation Failed",
  "errors": [
    {
      "name": "old_password",
      "reason": "old password does not match"
    }
  ]
}

Me

Retrieves the user data for the authenticated user.

POST /api/v1/kolide/me

Example

POST /api/v1/kolide/me

Default response

Status: 200

{
  "user": {
    "created_at": "2020-11-13T22:57:12Z",
    "updated_at": "2020-11-16T23:49:41Z",
    "id": 1,
    "username": "jane",
    "name": "",
    "email": "janedoe@example.com",
    "admin": true,
    "enabled": true,
    "force_password_reset": false,
    "gravatar_url": "",
    "sso_enabled": false
  }
}

Perform required password reset

Resets the password of the authenticated user. Requires that force_password_reset is set to true prior to the request.

POST /api/v1/kolide/perform_require_password_reset

Example

POST /api/v1/kolide/perform_required_password_reset

Request body
{
  "new_password": "sdPz8CV5YhzH47nK"
}
Default response

Status: 200

{
  "user": {
    "created_at": "2020-11-13T22:57:12Z",
    "updated_at": "2020-11-17T00:09:23Z",
    "id": 1,
    "username": "jane",
    "name": "",
    "email": "janedoe@example.com",
    "admin": true,
    "enabled": true,
    "force_password_reset": false,
    "gravatar_url": "",
    "sso_enabled": false
  }
}

SSO config

Gets the current SSO configuration.

GET /api/v1/kolide/sso

Example

GET /api/v1/kolide/sso

Default response

Status: 200

{
  "settings": {
    "idp_name": "IDP Vendor 1",
    "idp_image_url": "",
    "sso_enabled": false
  }
}

Initiate SSO

POST /api/v1/kolide/sso

Parameters

Name Type In Description
relay_url string body Required. The relative url to be navigated to after succesful sign in.

Example

POST /api/v1/kolide/sso

Request body
{
  "relay_url": "/hosts/manage"
}
Default response

Status: 200

Unknown error

Status: 500

{
  "message": "Unknown Error",
  "errors": [
    {
      "name": "base",
      "reason": "InitiateSSO getting metadata: Get \"https://idp.example.org/idp-meta.xml\": dial tcp: lookup idp.example.org on [2001:558:feed::1]:53: no such host"
    }
  ]
}

Hosts

List hosts

GET /api/v1/kolide/hosts

Parameters

Name Type In Description
page integer query Page number of the results to fetch.
per_page integer query Results per page.
order_key string query What to order results by. Can be any column in the hosts table.
status string query Indicates the status of the hosts to return. Can either be new, online, offline, or mia.
additional_info_filters string query A comma-delimited list of fields to include in each host's additional information object. See Fleet Configuration Options for an example configuration with hosts' additional information.

Example

GET /api/v1/kolide/hosts?page=0&per_page=100&order_key=host_name

Request query parameters
{
  "page": 0,
  "per_page": 100,
  "order_key": "host_name",
}
Default response

Status: 200

{
  "hosts": [
    {
      "created_at": "2020-11-05T05:09:44Z",
      "updated_at": "2020-11-05T06:03:39Z",
      "id": 1,
      "detail_updated_at": "2020-11-05T05:09:45Z",
      "label_updated_at": "2020-11-05T05:14:51Z",
      "seen_time": "2020-11-05T06:03:39Z",
      "hostname": "2ceca32fe484",
      "uuid": "392547dc-0000-0000-a87a-d701ff75bc65",
      "platform": "centos",
      "osquery_version": "2.7.0",
      "os_version": "CentOS Linux 7",
      "build": "",
      "platform_like": "rhel fedora",
      "code_name": "",
      "uptime": 8305000000000,
      "memory": 2084032512,
      "cpu_type": "6",
      "cpu_subtype": "142",
      "cpu_brand": "Intel(R) Core(TM) i5-8279U CPU @ 2.40GHz",
      "cpu_physical_cores": 4,
      "cpu_logical_cores": 4,
      "hardware_vendor": "",
      "hardware_model": "",
      "hardware_version": "",
      "hardware_serial": "",
      "computer_name": "2ceca32fe484",
      "primary_ip": "",
      "primary_mac": "",
      "distributed_interval": 10,
      "config_tls_refresh": 10,
      "logger_tls_period": 8,
      "additional": {},
      "enroll_secret_name": "default",
      "status": "offline",
      "display_text": "2ceca32fe484"
    },
    {
      "created_at": "2020-11-05T05:09:44Z",
      "updated_at": "2020-11-05T06:03:39Z",
      "id": 2,
      "detail_updated_at": "2020-11-05T05:09:45Z",
      "label_updated_at": "2020-11-05T05:14:52Z",
      "seen_time": "2020-11-05T06:03:40Z",
      "hostname": "4cc885c20110",
      "uuid": "392547dc-0000-0000-a87a-d701ff75bc65",
      "platform": "centos",
      "osquery_version": "2.7.0",
      "os_version": "CentOS 6.8.0",
      "build": "",
      "platform_like": "rhel",
      "code_name": "",
      "uptime": 8305000000000,
      "memory": 2084032512,
      "cpu_type": "6",
      "cpu_subtype": "142",
      "cpu_brand": "Intel(R) Core(TM) i5-8279U CPU @ 2.40GHz",
      "cpu_physical_cores": 4,
      "cpu_logical_cores": 4,
      "hardware_vendor": "",
      "hardware_model": "",
      "hardware_version": "",
      "hardware_serial": "",
      "computer_name": "4cc885c20110",
      "primary_ip": "",
      "primary_mac": "",
      "distributed_interval": 10,
      "config_tls_refresh": 10,
      "logger_tls_period": 8,
      "additional": {},
      "enroll_secret_name": "default",
      "status": "offline",
      "display_text": "4cc885c20110"
    },
  ]
}

Get hosts summary

Returns the count of all hosts organized by status. online_count includes all hosts currently enrolled in Fleet. offline_count includes all hosts that haven't checked into Fleet recently. mia_count includes all hosts that haven't been seen by Fleet in more than 30 days. new_count includes the hosts that have been enrolled to Fleet in the last 24 hours.

GET /api/v1/kolide/host_summary

Parameters

None.

Example

GET /api/v1/kolide/host_summary

Default response

Status: 200

{
  "online_count": 2267,
  "offline_count": 141,
  "mia_count": 0,
  "new_count": 0
}

Get host

Returns the information of the specified host.

GET /api/v1/kolide/hosts/{id}

Parameters

Name Type In Description
id integer path Required. The host's id.

Example

GET /api/v1/kolide/hosts/121

Default response

Status: 200

{
    "host": {
        "created_at": "2021-01-19T18:04:12Z",
        "updated_at": "2021-01-19T20:21:27Z",
        "id": 121,
        "detail_updated_at": "2021-01-19T20:04:22Z",
        "label_updated_at": "2021-01-19T20:04:22Z",
        "last_enrolled_at": "2021-01-19T18:04:12Z",
        "seen_time": "2021-01-19T20:21:27Z",
        "hostname": "259404d30eb6",
        "uuid": "f01c4390-0000-0000-a1e5-14346a5724dc",
        "platform": "ubuntu",
        "osquery_version": "2.10.2",
        "os_version": "Ubuntu 14.4.0",
        "build": "",
        "platform_like": "debian",
        "code_name": "",
        "uptime": 11202000000000,
        "memory": 2085326848,
        "cpu_type": "6",
        "cpu_subtype": "142",
        "cpu_brand": "Intel(R) Core(TM) i5-8279U CPU @ 2.40GHz",
        "cpu_physical_cores": 4,
        "cpu_logical_cores": 4,
        "hardware_vendor": "",
        "hardware_model": "",
        "hardware_version": "",
        "hardware_serial": "",
        "computer_name": "259404d30eb6",
        "primary_ip": "172.19.0.4",
        "primary_mac": "02:42:ac:13:00:04",
        "distributed_interval": 10,
        "config_tls_refresh": 10,
        "logger_tls_period": 10,
        "additional": {},
        "enroll_secret_name": "bar",
        "status": "offline",
        "display_text": "259404d30eb6"
    }
}

Get host by identifier

Returns the information of the host specified using the uuid, osquery_host_id, hostname, or node_key as an identifier

GET /api/v1/kolide/hosts/identifier/{identifier}

Parameters

Name Type In Description
identifier integer or string path Required. The host's uuid, osquery_host_id, hostname, or node_key

Example

GET /api/v1/kolide/hosts/identifier/f01c4390-0000-0000-a1e5-14346a5724dc

Default response

Status: 200

{
    "host": {
        "created_at": "2021-01-19T18:04:12Z",
        "updated_at": "2021-01-19T20:21:27Z",
        "id": 121,
        "detail_updated_at": "2021-01-19T20:04:22Z",
        "label_updated_at": "2021-01-19T20:04:22Z",
        "last_enrolled_at": "2021-01-19T18:04:12Z",
        "seen_time": "2021-01-19T20:21:27Z",
        "hostname": "259404d30eb6",
        "uuid": "f01c4390-0000-0000-a1e5-14346a5724dc",
        "platform": "ubuntu",
        "osquery_version": "2.10.2",
        "os_version": "Ubuntu 14.4.0",
        "build": "",
        "platform_like": "debian",
        "code_name": "",
        "uptime": 11202000000000,
        "memory": 2085326848,
        "cpu_type": "6",
        "cpu_subtype": "142",
        "cpu_brand": "Intel(R) Core(TM) i5-8279U CPU @ 2.40GHz",
        "cpu_physical_cores": 4,
        "cpu_logical_cores": 4,
        "hardware_vendor": "",
        "hardware_model": "",
        "hardware_version": "",
        "hardware_serial": "",
        "computer_name": "259404d30eb6",
        "primary_ip": "172.19.0.4",
        "primary_mac": "02:42:ac:13:00:04",
        "distributed_interval": 10,
        "config_tls_refresh": 10,
        "logger_tls_period": 10,
        "additional": {},
        "enroll_secret_name": "bar",
        "status": "offline",
        "display_text": "259404d30eb6"
    }
}

Delete host

Deletes the specified host from Fleet. Note that a deleted host will fail authentication with the previous node key, and in most osquery configurations will attempt to re-enroll automatically. If the host still has a valid enroll secret, it will re-enroll successfully.

DELETE /api/v1/kolide/hosts/{id}

Parameters

Name Type In Description
id integer path Required. The host's id.

Example

DELETE /api/v1/kolide/hosts/121

Default response

Status: 200

{}

Users

The Fleet server exposes a handful of API endpoints that handles common user management operations. All the following endpoints require prior authentication meaning you must first log in successfully before calling any of the endpoints documented below.

List all users

Returns a list of all enabled users

GET /api/v1/kolide/users

Parameters

None.

Example

GET /api/v1/kolide/users

Request query parameters

None.

Default response

Status: 200

{
  "users": [
    {
      "created_at": "2020-12-10T03:52:53Z",
      "updated_at": "2020-12-10T03:52:53Z",
      "id": 1,
      "username": "janedoe",
      "name": "",
      "email": "janedoe@example.com",
      "admin": true,
      "enabled": true,
      "force_password_reset": false,
      "gravatar_url": "",
      "sso_enabled": false
    }
  ]
}
Failed authentication

Status: 401 Authentication Failed

{
  "message": "Authentication Failed",
  "errors": [
    {
      "name": "base",
      "reason": "username or email and password do not match"
    }
  ]
}

Create a user account with an invitation

Creates a user account after an invited user provides registration information and submits the form.

POST /api/v1/kolide/users

Parameters

Name Type In Description
email string body Required. The email address of the user.
invite_token string body Required. Token provided to the user in the invitation email.
name string body The name of the user.
username string body Required. The username chosen by the user
password string body Required. The password chosen by the user.
password_confirmation string body Required. Confirmation of the password chosen by the user.

Example

POST /api/v1/kolide/users

Request query parameters
{
  "email": "janedoe@example.com",
  "invite_token": "SjdReDNuZW5jd3dCbTJtQTQ5WjJTc2txWWlEcGpiM3c=",
  "name": "janedoe",
  "username": "janedoe",
  "password": "test-123",
  "password_confirmation": "test-123"
}
Default response

Status: 200

{
  "user": {
    "created_at": "0001-01-01T00:00:00Z",
    "updated_at": "0001-01-01T00:00:00Z",
    "id": 2,
    "username": "janedoe",
    "name": "janedoe",
    "email": "janedoe@example.com",
    "admin": false,
    "enabled": true,
    "force_password_reset": false,
    "gravatar_url": "",
    "sso_enabled": false
  }
}
Failed authentication

Status: 401 Authentication Failed

{
  "message": "Authentication Failed",
  "errors": [
    {
      "name": "base",
      "reason": "username or email and password do not match"
    }
  ]
}
Expired or used invite code

Status: 404 Resource Not Found

{
  "message": "Resource Not Found",
  "errors": [
    {
      "name": "base",
      "reason": "Invite with token SjdReDNuZW5jd3dCbTJtQTQ5WjJTc2txWWlEcGpiM3c= was not found in the datastore"
    }
  ]
}
Validation failed

Status: 422 Validation Failed

The same error will be returned whenever one of the required parameters fails the validation.

{
  "message": "Validation Failed",
  "errors": [
    {
      "name": "username",
      "reason": "cannot be empty"
    }
  ]
}

Create a user account without an invitation

Creates a user account without requiring an invitation, the user is enabled immediately.

POST /api/v1/kolide/users/admin

Parameters

Name Type In Description
username string body Required. The user's username.
email string body Required. The user's email address.
password string body Required. The user's password.
invited_by integer body Required. ID of the admin creating the user.
admin boolean body Required. Whether the user has admin privileges.

Example

POST /api/v1/kolide/users/admin

Request query parameters
{
  "username": "janedoe",
  "email": "janedoe@example.com",
  "password": "test-123",
  "invited_by":1,
  "admin":true
}
Default response

Status: 200

{
  "user": {
    "created_at": "0001-01-01T00:00:00Z",
    "updated_at": "0001-01-01T00:00:00Z",
    "id": 5,
    "username": "janedoe",
    "name": "",
    "email": "janedoe@example.com",
    "admin": false,
    "enabled": true,
    "force_password_reset": false,
    "gravatar_url": "",
    "sso_enabled": false
  }
}
Failed authentication

Status: 401 Authentication Failed

{
  "message": "Authentication Failed",
  "errors": [
    {
      "name": "base",
      "reason": "username or email and password do not match"
    }
  ]
}
User doesn't exist

Status: 404 Resource Not Found

{
  "message": "Resource Not Found",
  "errors": [
    {
      "name": "base",
      "reason": "User with id=1 was not found in the datastore"
    }
  ]
}

Get user information

Returns all information about a specific user.

GET /api/v1/kolide/users/{id}

Parameters

Name Type In Description
id integer path Required. The user's id.

Example

GET /api/v1/kolide/users/2

Request query parameters
{
  "id": 1
}
Default response

Status: 200

{
  "user": {
    "created_at": "2020-12-10T05:20:25Z",
    "updated_at": "2020-12-10T05:24:27Z",
    "id": 2,
    "username": "janedoe",
    "name": "janedoe",
    "email": "janedoe@example.com",
    "admin": true,
    "enabled": true,
    "force_password_reset": false,
    "gravatar_url": "",
    "sso_enabled": false
  }
}
Failed authentication

Status: 401 Authentication Failed

{
  "message": "Authentication Failed",
  "errors": [
    {
      "name": "base",
      "reason": "username or email and password do not match"
    }
  ]
}
User doesn't exist

Status: 404 Resource Not Found

{
  "message": "Resource Not Found",
  "errors": [
    {
      "name": "base",
      "reason": "User with id=5 was not found in the datastore"
    }
  ]
}

Queries

Get query

Returns the query specified by ID.

GET /api/v1/kolide/queries/{id}

Parameters

Name Type In Description
id integer path Required. The id of the desired query.

Example

GET /api/v1/kolide/queries/31

Default response

Status: 200

{
  "query": {
    "created_at": "2021-01-19T17:08:24Z",
    "updated_at": "2021-01-19T17:08:24Z",
    "id": 31,
    "name": "centos_hosts",
    "description": "",
    "query": "select 1 from os_version where platform = \"centos\";",
    "saved": true,
    "author_id": 1,
    "author_name": "John",
    "packs": [
      {
        "created_at": "2021-01-19T17:08:31Z",
        "updated_at": "2021-01-19T17:08:31Z",
        "id": 14,
        "name": "test_pack",
        "description": "",
        "platform": "",
        "disabled": false
      }
    ]
  }
}

List queries

Returns a list of all queries in the Fleet instance.

GET /api/v1/kolide/queries

Parameters

None.

Example

GET /api/v1/kolide/queries

Default response

Status: 200

{
"queries": [
  {
    "created_at": "2021-01-04T21:19:57Z",
    "updated_at": "2021-01-04T21:19:57Z",
    "id": 1,
    "name": "query1",
    "description": "query",
    "query": "SELECT * FROM osquery_info",
    "saved": true,
    "author_id": 1,
    "author_name": "noah",
    "packs": [
      {
        "created_at": "2021-01-05T21:13:04Z",
        "updated_at": "2021-01-07T19:12:54Z",
        "id": 1,
        "name": "Pack",
        "description": "Pack",
        "platform": "",
        "disabled": true
      }
    ]
  },
  {
    "created_at": "2021-01-19T17:08:24Z",
    "updated_at": "2021-01-19T17:08:24Z",
    "id": 2,
    "name": "osquery_version",
    "description": "The version of the Launcher and Osquery process",
    "query": "select launcher.version, osquery.version from kolide_launcher_info launcher, osquery_info osquery;",
    "saved": true,
    "author_id": 1,
    "author_name": "noah",
    "packs": [
      {
        "created_at": "2021-01-19T17:08:31Z",
        "updated_at": "2021-01-19T17:08:31Z",
        "id": 14,
        "name": "test_pack",
        "description": "",
        "platform": "",
        "disabled": false
      },
      {
        "created_at": "2021-01-19T17:08:31Z",
        "updated_at": "2021-01-19T17:08:31Z",
        "id": 14,
        "name": "test_pack",
        "description": "",
        "platform": "",
        "disabled": false
      }
    ]
  },
  {
    "created_at": "2021-01-19T17:08:24Z",
    "updated_at": "2021-01-19T17:08:24Z",
    "id": 3,
    "name": "osquery_schedule",
    "description": "Report performance stats for each file in the query schedule.",
    "query": "select name, interval, executions, output_size, wall_time, (user_time/executions) as avg_user_time, (system_time/executions) as avg_system_time, average_memory, last_executed from osquery_schedule;",
    "saved": true,
    "author_id": 1,
    "author_name": "noah",
    "packs": [
      {
        "created_at": "2021-01-19T17:08:31Z",
        "updated_at": "2021-01-19T17:08:31Z",
        "id": 14,
        "name": "test_pack",
        "description": "",
        "platform": "",
        "disabled": false
      }
    ]
  },
]

Create query

POST /api/v1/kolide/queries

Parameters

Name Type In Description
name string body Required. The name of the query.
query string body Required. The query in SQL syntax.
description string body The query's description.

Example

POST /api/v1/kolide/queries

Request body
{
  "description": "This is a new query."
  "name": "new_query"
  "query": "SELECT * FROM osquery_info"
}
Default response

Status: 200

{
  "query": {
    "created_at": "0001-01-01T00:00:00Z",
    "updated_at": "0001-01-01T00:00:00Z",
    "id": 288,
    "name": "new_query",
    "description": "This is a new query.",
    "query": "SELECT * FROM osquery_info",
    "saved": true,
    "author_id": 1,
    "author_name": "",
    "packs": []
  }
}

Modify query

Returns the query specified by ID.

PATCH /api/v1/kolide/queries/{id}

Parameters

Name Type In Description
id integer path Required. The ID of the query.
name string body The name of the query.
query string body The query in SQL syntax.
description string body The query's description.

Example

PATCH /api/v1/kolide/queries/2

Request body
{
  "name": "new_title_for_my_query"
}
Default response

Status: 200

{
  "query": {
    "created_at": "2021-01-22T17:23:27Z",
    "updated_at": "2021-01-22T17:23:27Z",
    "id": 288,
    "name": "new_title_for_my_query",
    "description": "This is a new query.",
    "query": "SELECT * FROM osquery_info",
    "saved": true,
    "author_id": 1,
    "author_name": "noah",
    "packs": []
  }
}

Delete query

Deletes the query specified by name.

DELETE /api/v1/kolide/queries/{name}

Parameters

Name Type In Description
name string path Required. The name of the query.

Example

DELETE /api/v1/kolide/queries/{name}

Default response

Status: 200

{}

Delete query by ID

Deletes the query specified by ID.

DELETE /api/v1/kolide/queries/id/{id}

Parameters

Name Type In Description
id integer path Required. The ID of the query.

Example

DELETE /api/v1/kolide/queries/id/28

Default response

Status: 200

{}

Get queries specs

Returns a list of all queries in the Fleet instance. Each item returned includes the name, description, and SQL of the query.

GET /api/v1/kolide/spec/queries

Parameters

None.

Example

GET /api/v1/kolide/spec/queries

Default response

Status: 200

{
  "specs": [
    {
        "name": "query1",
        "description": "query",
        "query": "SELECT * FROM osquery_info"
    },
    {
        "name": "osquery_version",
        "description": "The version of the Launcher and Osquery process",
        "query": "select launcher.version, osquery.version from kolide_launcher_info launcher, osquery_info osquery;"
    },
    {
        "name": "osquery_schedule",
        "description": "Report performance stats for each file in the query schedule.",
        "query": "select name, interval, executions, output_size, wall_time, (user_time/executions) as avg_user_time, (system_time/executions) as avg_system_time, average_memory, last_executed from osquery_schedule;"
    },
  ]
}

Get query spec

Returns the name, description, and SQL of the query specified by name.

GET /api/v1/kolide/spec/queries/{name}

Parameters

Name Type In Description
name string path Required. The name of the query.

Example

GET /api/v1/kolide/spec/queries/query1

Default response

Status: 200

{
    "specs": {
        "name": "query1",
        "description": "query",
        "query": "SELECT * FROM osquery_info"
    }
}

Apply queries specs

Creates and/or modifies the queries included in the specs list. To modify an existing query, the name of the query included in specs must already be used by an existing query. If a query with the specified name doesn't exist in Fleet, a new query will be created.

POST /api/v1/kolide/spec/queries

Parameters

Name Type In Description
specs list body Required. The list of the queries to be created or modified.

Example

POST /api/v1/kolide/spec/queries

Request body
{
  "specs": [
    {
        "name": "new_query",
        "description": "This will be a new query because a query with the name 'new_query' doesn't exist in Fleet.",
        "query": "SELECT * FROM osquery_info"
    },
    {
        "name": "osquery_version",
        "description": "Only this queries description will be modified because a query with the name 'osquery_version' exists in Fleet.",
        "query": "select launcher.version, osquery.version from kolide_launcher_info launcher, osquery_info osquery;"
    },
    {
        "name": "osquery_schedule",
        "description": "This queries description and SQL will be modified because a query with the name 'osquery_schedule' exists in Fleet.",
        "query": "SELECT * FROM osquery_info"
    }
  ]
}
Default response

Status: 200

{}

Run live query

Runs the specified query as a live query on the specified hosts or group of hosts. Returns a new live query campaign. Individual hosts must be specified with the host's ID. Groups of hosts are specified by label ID.

POST /api/v1/kolide/spec/queries/run

Parameters

Name Type In Description
query string body Required. The SQL of the query
selected object body Required. The desired targets for the query. This object must contain hosts and labels properties. See example below

Example with one host targeted by ID

POST /api/v1/kolide/spec/queries/run

Request body
{
  "query": "select instance_id from system_info;"
  "selected": { "hosts": [171], "labels": []}
}
Default response

Status: 200

{
  "campaign": {
    "created_at": "0001-01-01T00:00:00Z",
    "updated_at": "0001-01-01T00:00:00Z",
    "Metrics": {
      "TotalHosts": 1,
      "OnlineHosts": 0,
      "OfflineHosts": 1,
      "MissingInActionHosts": 0,
      "NewHosts": 1
    },
    "id": 273,
    "query_id": 293,
    "status": 0,
    "user_id": 1
  }
}

Example with multiple hosts targeted by label ID

POST /api/v1/kolide/spec/queries/run

Request body
{
  "query": "select instance_id from system_info;"
  "selected": { "hosts": [171], "labels": []}
}
Default response

Status: 200

{
  "campaign": {
    "created_at": "0001-01-01T00:00:00Z",
    "updated_at": "0001-01-01T00:00:00Z",
    "Metrics": {
      "TotalHosts": 1,
      "OnlineHosts": 0,
      "OfflineHosts": 1,
      "MissingInActionHosts": 0,
      "NewHosts": 1
    },
    "id": 273,
    "query_id": 293,
    "status": 0,
    "user_id": 1
  }
}

Run live query by query name

Runs the specified query by name as a live query on the specified hosts or group of hosts. Returns a new live query campaign. Individual hosts must be specified with the host's ID. Groups of hosts are specified by label.

POST /api/v1/kolide/spec/queries/run

Parameters

Name Type In Description
name string body Required. The name of the query.
selected object body Required. The desired targets for the query. This object must contain hosts and labels properties. See example below.

Example with one host targeted

POST /api/v1/kolide/spec/queries/run

Request body
{
  "name": "instance_id"
  "selected": { "hosts": [171], "labels": [] }
}
Default response

Status: 200

{
  "campaign": {
      "created_at": "0001-01-01T00:00:00Z",
      "updated_at": "0001-01-01T00:00:00Z",
      "Metrics": {
          "TotalHosts": 1,
          "OnlineHosts": 0,
          "OfflineHosts": 1,
          "MissingInActionHosts": 0,
          "NewHosts": 1
      },
      "id": 275,
      "query_id": 295,
      "status": 0,
      "user_id": 1
  }
}

Packs

Create pack

POST /api/v1/kolide/packs

Parameters

Name Type In Description
name string body Required. The pack's name.
description string body The pack's description.
host_ids list body A list containing the targeted host IDs.
label_ids list body A list containing the targeted label's IDs.

Example

POST /api/v1/kolide/packs

Request query parameters
{
  "description": "Collects osquery data."
  "host_ids": []
  "label_ids": [6]
  "name": "query_pack_1"
}
Default response

Status: 200

{
  "pack": {
    "created_at": "0001-01-01T00:00:00Z",
    "updated_at": "0001-01-01T00:00:00Z",
    "id": 17,
    "name": "query_pack_1",
    "description": "Collects osquery data.",
    "query_count": 0,
    "total_hosts_count": 223,
    "host_ids": [],
    "label_ids": [
      6
    ]
  }
}

Modify pack

PATCH /api/v1/kolide/packs/{id}

Parameters

Name Type In Description
id integer path Required. The pack's id.
name string body The pack's name.
description string body The pack's description.
host_ids list body A list containing the targeted host IDs.
label_ids list body A list containing the targeted label's IDs.

Example

PATCH /api/v1/kolide/packs/{id}

Request query parameters
{
  "description": "MacOS hosts are targeted"
  "host_ids": []
  "label_ids": [7]
}
Default response

Status: 200

{
  "pack": {
    "created_at": "2021-01-25T22:32:45Z",
    "updated_at": "2021-01-25T22:32:45Z",
    "id": 17,
    "name": "Title2",
    "description": "MacOS hosts are targeted",
    "query_count": 0,
    "total_hosts_count": 110,
    "host_ids": [],
    "label_ids": [
      7
    ]
  }
}

Get pack

GET /api/v1/kolide/packs/{id}

Parameters

Name Type In Description
id integer path Required. The pack's id.

Example

GET /api/v1/kolide/packs/17

Default response

Status: 200

{
  "pack": {
    "created_at": "2021-01-25T22:32:45Z",
    "updated_at": "2021-01-25T22:32:45Z",
    "id": 17,
    "name": "Title2",
    "description": "MacOS hosts are targeted",
    "query_count": 0,
    "total_hosts_count": 110,
    "host_ids": [],
    "label_ids": [
      7
    ]
  }
}

List packs

GET /api/v1/kolide/packs

Parameters

None.

Example

GET /api/v1/kolide/packs

Default response

Status: 200

{
  "packs": [
    {
      "created_at": "2021-01-05T21:13:04Z",
      "updated_at": "2021-01-07T19:12:54Z",
      "id": 1,
      "name": "pack_number_one",
      "description": "This pack has a description",
      "disabled": true,
      "query_count": 1,
      "total_hosts_count": 53,
      "host_ids": [],
      "label_ids": [
        8
      ]
    },
    {
      "created_at": "2021-01-19T17:08:31Z",
      "updated_at": "2021-01-19T17:08:31Z",
      "id": 2,
      "name": "query_pack_2",
      "query_count": 5,
      "total_hosts_count": 223,
      "host_ids": [],
      "label_ids": [
        6
      ]
    },
  ]
}

Delete pack

DELETE /api/v1/kolide/packs/{name}

Parameters

Name Type In Description
name string path Required. The pack's name.

Example

DELETE /api/v1/kolide/packs/pack_number_one

Default response

Status: 200

{}

Delete pack by ID

DELETE /api/v1/kolide/packs/id/{id}

Parameters

Name Type In Description
id integer path Required. The pack's ID.

Example

DELETE /api/v1/kolide/packs/id/1

Default response

Status: 200

{}

Get scheduled queries in a pack

GET /api/v1/kolide/packs/{id}/scheduled

Parameters

Name Type In Description
id integer path Required. The pack's ID.

Example

GET /api/v1/kolide/packs/1/scheduled

Default response

Status: 200

{
  "scheduled": [
    {
      "created_at": "0001-01-01T00:00:00Z",
      "updated_at": "0001-01-01T00:00:00Z",
      "id": 49,
      "pack_id": 15,
      "name": "new_query",
      "query_id": 289,
      "query_name": "new_query",
      "query": "SELECT * FROM osquery_info",
      "interval": 456,
      "snapshot": false,
      "removed": true,
      "shard": null
    },
    {
      "created_at": "0001-01-01T00:00:00Z",
      "updated_at": "0001-01-01T00:00:00Z",
      "id": 50,
      "pack_id": 15,
      "name": "new_title_for_my_query",
      "query_id": 288,
      "query_name": "new_title_for_my_query",
      "query": "SELECT * FROM osquery_info",
      "interval": 677,
      "snapshot": true,
      "removed": false,
      "shard": null
    },
    {
      "created_at": "0001-01-01T00:00:00Z",
      "updated_at": "0001-01-01T00:00:00Z",
      "id": 51,
      "pack_id": 15,
      "name": "osquery_info",
      "query_id": 22,
      "query_name": "osquery_info",
      "query": "select i.*, p.resident_size, p.user_time, p.system_time, time.minutes as counter from osquery_info i, processes p, time where p.pid = i.pid;",
      "interval": 6667,
      "snapshot": true,
      "removed": false,
      "shard": null
    },
  ]
}

Add scheduled query to a pack

POST /api/v1/kolide/schedule

Parameters

Name Type In Description
pack_id integer body Required. The pack's ID.
query_id integer body Required. The query's ID.
interval integer body Required. The amount of time, in seconds, the query waits before running.
snapshot boolean body Required. Whether the queries logs show everything in its current state.
removed boolean body Required. Whether "removed" actions should be logged.
platform string body The computer platform where this query will run (other platforms ignored). Empty value runs on all platforms.
shard integer body Restrict this query to a percentage (1-100) of target hosts.
version string body The minimum required osqueryd version installed on a host.

Example

POST /api/v1/kolide/schedule

Request body

{
  "interval": 120,
  "pack_id": 15,
  "query_id": 23,
  "removed": true,
  "shard": null,
  "snapshot": false,
  "version": "4.5.0",
  "platform": "windows"
}
Default response

Status: 200

{
  "scheduled": {
    "created_at": "0001-01-01T00:00:00Z",
    "updated_at": "0001-01-01T00:00:00Z",
    "id": 56,
    "pack_id": 17,
    "name": "osquery_events",
    "query_id": 23,
    "query_name": "osquery_events",
    "query": "select name, publisher, type, subscriptions, events, active from osquery_events;",
    "interval": 120,
    "snapshot": false,
    "removed": true,
    "platform": "windows",
    "version": "4.5.0",
    "shard": 10
  }
}

Get scheduled query

GET /api/v1/kolide/schedule/{id}

Parameters

Name Type In Description
id integer path Required. The scheduled query's ID.

Example

GET /api/v1/kolide/schedule/56

Default response

Status: 200

{
  "scheduled": {
    "created_at": "0001-01-01T00:00:00Z",
    "updated_at": "0001-01-01T00:00:00Z",
    "id": 56,
    "pack_id": 17,
    "name": "osquery_events",
    "query_id": 23,
    "query_name": "osquery_events",
    "query": "select name, publisher, type, subscriptions, events, active from osquery_events;",
    "interval": 120,
    "snapshot": false,
    "removed": true,
    "platform": "windows",
    "version": "4.5.0",
    "shard": 10
  }
}

Modify scheduled query

PATCH /api/v1/kolide/schedule/{id}

Parameters

Name Type In Description
id integer path Required. The scheduled query's ID.
interval integer body The amount of time, in seconds, the query waits before running.
snapshot boolean body Whether the queries logs show everything in its current state.
removed boolean body Whether "removed" actions should be logged.
platform string body The computer platform where this query will run (other platforms ignored). Empty value runs on all platforms.
shard integer body Restrict this query to a percentage (1-100) of target hosts.
version string body The minimum required osqueryd version installed on a host.

Example

PATCH /api/v1/kolide/schedule/56

Request body

{
  "platform": "",
}
Default response

Status: 200

{
  "scheduled": {
    "created_at": "2021-01-28T19:40:04Z",
    "updated_at": "2021-01-28T19:40:04Z",
    "id": 56,
    "pack_id": 17,
    "name": "osquery_events",
    "query_id": 23,
    "query_name": "osquery_events",
    "query": "select name, publisher, type, subscriptions, events, active from osquery_events;",
    "interval": 120,
    "snapshot": false,
    "removed": true,
    "platform": "",
    "version": "4.5.0",
    "shard": 10
  }
}

Delete scheduled query

DELETE /api/v1/kolide/schedule/{id}

Parameters

Name Type In Description
id integer path Required. The scheduled query's ID.

Example

DELETE /api/v1/kolide/schedule/56

Default response

Status: 200

{}

Get packs specs

Returns the specs for all packs in the Fleet instance.

GET /api/v1/kolide/spec/packs

Example

GET /api/v1/kolide/spec/packs

Default response

Status: 200

{
  "specs": [
    {
      "id": 1,
      "name": "pack_1",
      "description": "Description",
      "disabled": false,
      "targets": {
        "labels": [
          "All Hosts"
        ]
      },
      "queries": [
        {
          "query": "new_query",
          "name": "new_query",
          "description": "",
          "interval": 456,
          "snapshot": false,
          "removed": true
        },
        {
          "query": "new_title_for_my_query",
          "name": "new_title_for_my_query",
          "description": "",
          "interval": 677,
          "snapshot": true,
          "removed": false
        },
        {
          "query": "osquery_info",
          "name": "osquery_info",
          "description": "",
          "interval": 6667,
          "snapshot": true,
          "removed": false
        },
        {
          "query": "query1",
          "name": "query1",
          "description": "",
          "interval": 7767,
          "snapshot": false,
          "removed": true
        },
        {
          "query": "osquery_events",
          "name": "osquery_events",
          "description": "",
          "interval": 454,
          "snapshot": false,
          "removed": true
        },
        {
          "query": "osquery_events",
          "name": "osquery_events-1",
          "description": "",
          "interval": 120,
          "snapshot": false,
          "removed": true
        }
      ]
    },
    {
      "id": 2,
      "name": "pack_2",
      "disabled": false,
      "targets": {
        "labels": null
      },
      "queries": [
        {
          "query": "new_query",
          "name": "new_query",
          "description": "",
          "interval": 333,
          "snapshot": false,
          "removed": true,
          "platform": "windows"
        }
      ]
    },
  ]
}

Apply packs specs

Returns the specs for all packs in the Fleet instance.

POST /api/v1/kolide/spec/packs

Parameters

Name Type In Description
specs list body Required. A list that includes the specs for each pack to be added to the Fleet instance.

Example

POST /api/v1/kolide/spec/packs

Request body
{
  "specs": [
    {
      "id": 1,
      "name": "pack_1",
      "description": "Description",
      "disabled": false,
      "targets": {
        "labels": [
          "All Hosts"
        ]
      },
      "queries": [
        {
          "query": "new_query",
          "name": "new_query",
          "description": "",
          "interval": 456,
          "snapshot": false,
          "removed": true
        },
        {
          "query": "new_title_for_my_query",
          "name": "new_title_for_my_query",
          "description": "",
          "interval": 677,
          "snapshot": true,
          "removed": false
        },
        {
          "query": "osquery_info",
          "name": "osquery_info",
          "description": "",
          "interval": 6667,
          "snapshot": true,
          "removed": false
        },
        {
          "query": "query1",
          "name": "query1",
          "description": "",
          "interval": 7767,
          "snapshot": false,
          "removed": true
        },
        {
          "query": "osquery_events",
          "name": "osquery_events",
          "description": "",
          "interval": 454,
          "snapshot": false,
          "removed": true
        },
        {
          "query": "osquery_events",
          "name": "osquery_events-1",
          "description": "",
          "interval": 120,
          "snapshot": false,
          "removed": true
        }
      ]
    },
    {
      "id": 2,
      "name": "pack_2",
      "disabled": false,
      "targets": {
        "labels": null
      },
      "queries": [
        {
          "query": "new_query",
          "name": "new_query",
          "description": "",
          "interval": 333,
          "snapshot": false,
          "removed": true,
          "platform": "windows"
        }
      ]
    },
  ]
}
Default response

Status: 200

{}

Get pack spec by name

Returns the spec for the specified pack by pack name.

GET /api/v1/kolide/spec/packs/{name}

Parameters

Name Type In Description
name string path Required. The pack's name.

Example

GET /api/v1/kolide/spec/packs/pack_1

Default response

Status: 200

{
  "specs": {
    "id": 15,
    "name": "pack_1",
    "description": "Description",
    "disabled": false,
    "targets": {
      "labels": [
        "All Hosts"
      ]
    },
    "queries": [
      {
        "query": "new_title_for_my_query",
        "name": "new_title_for_my_query",
        "description": "",
        "interval": 677,
        "snapshot": true,
        "removed": false
      },
      {
        "query": "osquery_info",
        "name": "osquery_info",
        "description": "",
        "interval": 6667,
        "snapshot": true,
        "removed": false
      },
      {
        "query": "query1",
        "name": "query1",
        "description": "",
        "interval": 7767,
        "snapshot": false,
        "removed": true
      },
      {
        "query": "osquery_events",
        "name": "osquery_events",
        "description": "",
        "interval": 454,
        "snapshot": false,
        "removed": true
      },
      {
        "query": "osquery_events",
        "name": "osquery_events-1",
        "description": "",
        "interval": 120,
        "snapshot": false,
        "removed": true
      }
    ]
  }
}

Fleet configuration

The Fleet server exposes a handful of API endpoints that handle the configuration of Fleet as well as endpoints that manage invitation and enroll secret operations. All the following endpoints require prior authentication meaning you must first log in successfully before calling any of the endpoints documented below.

Get certificate

Returns the Fleet certificate.

GET /api/v1/kolide/config/certificate

Parameters

None.

Example

GET /api/v1/kolide/config/certificate

Default response

Status: 200

{
  "certificate_chain": <certificate_chain>
}

Get configuration

Returns all information about the Fleet's configuration.

GET /api/v1/kolide/config

Parameters

None.

Example

GET /api/v1/kolide/config

Default response

Status: 200

{
  "org_info": {
    "org_name": "fleet",
    "org_logo_url": ""
  },
  "server_settings": {
    "kolide_server_url": "https://localhost:8080",
    "live_query_disabled": false
  },
  "smtp_settings": {
    "enable_smtp": false,
    "configured": false,
    "sender_address": "",
    "server": "",
    "port": 587,
    "authentication_type": "authtype_username_password",
    "user_name": "",
    "password": "********",
    "enable_ssl_tls": true,
    "authentication_method": "authmethod_plain",
    "domain": "",
    "verify_ssl_certs": true,
    "enable_start_tls": true
  },
  "sso_settings": {
    "entity_id": "",
    "issuer_uri": "",
    "idp_image_url": "",
    "metadata": "",
    "metadata_url": "",
    "idp_name": "",
    "enable_sso": false
  },
  "host_expiry_settings": {
    "host_expiry_enabled": false,
    "host_expiry_window": 0
  },
  "host_settings": {
    "additional_queries": null
  }
}

Modify configuration

Modifies the Fleet's configuration with the supplied information.

PATCH /api/v1/kolide/config

Parameters

Name Type In Description
org_name string body Organization information. The organization name.
org_logo_url string body Organization information. The URL for the organization logo.
kolide_server_url string body Server settings. The Fleet server URL.
live_query_disabled boolean body Server settings. Whether the live query capabilities are disabled.
enable_smtp boolean body SMTP settings. Whether SMTP is enabled for the Fleet app.
sender_address string body SMTP settings. The sender email address for the Fleet app. An invitation email is an example of the emails that may use this sender address
server string body SMTP settings. The SMTP server for the Fleet app.
port integer body SMTP settings. The SMTP port for the Fleet app.
authetication_type string body SMTP settings. The authentication type used by the SMTP server. Options include "authtype_username_and_password" or "none"
username_name string body SMTP settings. The username used to authenticate requests made to the SMTP server.
password string body SMTP settings. The password used to authenticate requests made to the SMTP server.
enable_ssl_tls boolean body SMTP settings. Whether or not SSL and TLS are enabled for the SMTP server.
authentication_method string body SMTP settings. The authentication method used to make authenticate requests to SMTP server. Options include "authmethod_plain", "authmethod_cram_md5", and "authmethod_login".
domain string body SMTP settings. The domain for the SMTP server.
verify_ssl_certs boolean body SMTP settings. Whether or not SSL certificates are verified by the SMTP server. Turn this off (not recommended) if you use a self-signed certificate.
enabled_start_tls boolean body SMTP settings. Detects if STARTTLS is enabled in your SMTP server and starts to use it.
enabled_sso boolean body SSO settings. Whether or not SSO is enabled for the Fleet application. If this value is true, you must also include most of the SSO settings parameters below.
entity_id string body SSO settings. The required entity ID is a URI that you use to identify Fleet when configuring the identity provider.
issuer_uri string body SSO settings. The URI you provide here must exactly match the Entity ID field used in the identity provider configuration.
idp_image_url string body SSO settings. An optional link to an image such as a logo for the identity provider.
metadata string body SSO settings. Metadata provided by the identity provider. Either metadata or a metadata URL must be provided.
metadata_url string body SSO settings. A URL that references the identity provider metadata. If available from the identity provider, this is the preferred means of providing metadata.
host_expiry_enabled boolean body Host expiry settings. When enabled, allows automatic cleanup of hosts that have not communicated with Fleet in some number of days.
host_expiry_window integer body Host expiry settings. If a host has not communicated with Fleet in the specified number of days, it will be removed.
additional_queries boolean body Whether or not additional queries are enabled on hosts.

Example

PATCH /api/v1/kolide/config

Request body
{
  "org_info": {
    "org_name": "Fleet Device Management",
    "org_logo_url": "https://fleetdm.com/logo.png"
  },
  "smtp_settings: {
    "enable_smtp": true,
    "server": "localhost",
    "port": "1025"
  }
}
Default response

Status: 200

{
  "org_info": {
    "org_name": "Fleet Device Management",
    "org_logo_url": "https://fleetdm.com/logo.png"
  },
  "server_settings": {
    "kolide_server_url": "https://localhost:8080",
    "live_query_disabled": false
  },
  "smtp_settings": {
    "enable_smtp": true,
    "configured": true,
    "sender_address": "",
    "server": "localhost",
    "port": 1025,
    "authentication_type": "authtype_username_none",
    "user_name": "",
    "password": "********",
    "enable_ssl_tls": true,
    "authentication_method": "authmethod_plain",
    "domain": "",
    "verify_ssl_certs": true,
    "enable_start_tls": true
  },
  "sso_settings": {
    "entity_id": "",
    "issuer_uri": "",
    "idp_image_url": "",
    "metadata": "",
    "metadata_url": "",
    "idp_name": "",
    "enable_sso": false
  },
  "host_expiry_settings": {
    "host_expiry_enabled": false,
    "host_expiry_window": 0
  },
  "host_settings": {
    "additional_queries": null
  }
}

Get enroll secret(s)

Returns all the enroll secrets used by the Fleet server.

GET /api/v1/kolide/spec/enroll_secret

Parameters

None.

Example

GET /api/v1/kolide/spec/enroll_secret

Default response

Status: 200

{
  "specs": {
    "secrets": [
      {
        "name": "bar",
        "secret": "fTp52/twaxBU6gIi0J6PHp8o5Sm1k1kn",
        "active": true,
        "created_at": "2021-01-07T19:40:04Z"
      },
      {
        "name": "default",
        "secret": "fTp52/twaxBU6gIi0J6PHp8o5Sm1k1kn",
        "active": true,
        "created_at": "2021-01-04T21:18:07Z"
      },
      {
        "name": "foo",
        "secret": "fTp52/twaxBU6gIi0J6PHp8o5Sm1k1kn",
        "active": true,
        "created_at": "2021-01-07T19:40:04Z"
      }
    ]
  }
}

Modify enroll secret(s)

Modifies and/or creates the specified enroll secret(s).

POST /api/v1/kolide/spec/enroll_secret

Parameters

Name Type In Description
name string body Required. The name of the enroll secret
secret string body Required. The plain text string used as the enroll secret.
active boolean body Whether or not the enroll secret is active. Must be set to true for hosts to enroll using the enroll secret.

Example

Request body
{
  "spec": {
    "secrets": [
      {
        "name": "bar",
        "secret": "fTp52/twaxBU6gIi0J6PHp8o5Sm1k1kn",
        "active": false,
      },
    ]
  }
}

POST /api/v1/kolide/spec/enroll_secret

Default response

Status: 200

{}

Create invite

POST /api/v1/kolide/invites

Parameters

Name Type In Description
admin boolean body Required. Whether or not the invited user will be granted admin privileges.
email string body Required. The email of the invited user. This email will receive the invitation link.
invited_by integer body Required. The id of the user that is extending the invitation. See the Get user information endpoint for how to retrieve a user's id.
name string body Required. The name of the invited user.
sso_enabled boolean body Required. Whether or not SSO will be enabled for the invited user.

Example

Request body
{
  "admin": false,
  "email": "john_appleseed@example.com",
  "invited_by": 1,
  "name": John,
  "sso_enabled": false
}

POST /api/v1/kolide/invites

Default response

Status: 200

{
  "invite": {
    "created_at": "0001-01-01T00:00:00Z",
    "updated_at": "0001-01-01T00:00:00Z",
    "id": 3,
    "invited_by": 1,
    "email": "john_appleseed@example.com",
    "admin": false,
    "name": "John",
    "sso_enabled": false
  }
}

List invites

Returns a list of the active invitations in Fleet.

GET /api/v1/kolide/invites

Parameters

None.

Example

GET /api/v1/kolide/invites

Default response

Status: 200

{
  "invites": [
    {
      "created_at": "0001-01-01T00:00:00Z",
      "updated_at": "0001-01-01T00:00:00Z",
      "id": 3,
      "invited_by": 1,
      "email": "john_appleseed@example.com",
      "admin": false,
      "name": "John",
      "sso_enabled": false
    },
    {
      "created_at": "0001-01-01T00:00:00Z",
      "updated_at": "0001-01-01T00:00:00Z",
      "id": 4,
      "invited_by": 1,
      "email": "bob_marks@example.com",
      "admin": true,
      "name": "Bob",
      "sso_enabled": false
    },
  ]
}

Delete invite

Delete the specified invite from Fleet.

DELETE /api/v1/kolide/invites/{id}

Parameters

Name Type In Description
id integer path Required. The user's id.

Example

DELETE /api/v1/kolide/invites/{id}

Default response

Status: 200

{}

Verify invite

Verify the specified invite.

GET /api/v1/kolide/invites/{token}

Parameters

Name Type In Description
token integer path Required. The user's invite token.

Example

GET /api/v1/kolide/invites/{token}

Default response

Status: 200

{
    "invite": {
        "created_at": "2021-01-15T00:58:33Z",
        "updated_at": "2021-01-15T00:58:33Z",
        "id": 4,
        "invited_by": 1,
        "email": "steve@example.com",
        "admin": false,
        "name": "Steve",
        "sso_enabled": false
    }
}
Not found

Status: 404

{
    "message": "Resource Not Found",
    "errors": [
        {
            "name": "base",
            "reason": "Invite with token <token> was not found in the datastore"
        }
    ]
}

Osquery options

Get osquery options spec

Retrieve the osquery options configured via Fleet.

GET /api/v1/kolide/spec/osquery_options

Parameters

None.

Example

GET /api/v1/kolide/spec/osquery_options

Default response

Status: 200

{
  "spec": {
    "config": {
      "options": {
        "logger_plugin": "tls",
        "pack_delimiter": "/",
        "logger_tls_period": 10,
        "distributed_plugin": "tls",
        "disable_distributed": false,
        "logger_tls_endpoint": "/api/v1/osquery/log",
        "distributed_interval": 10,
        "distributed_tls_max_attempts": 3
      },
      "decorators": {
        "load": [
          "SELECT uuid AS host_uuid FROM system_info;",
          "SELECT hostname AS hostname FROM system_info;"
        ]
      }
    },
    "overrides": {}
  }
}

Modify osquery options spec

Modifies the osquery options configuration set in Fleet.

POST /api/v1/kolide/spec/osquery_options

Parameters

Name Type In Description
spec JSON body Required. The modified osquery spec.

Example

POST /api/v1/kolide/spec/osquery_options

Request body
{
  "spec": {
    "config": {
      "options": {
        "logger_plugin": "tls",
        "pack_delimiter": "/",
        "logger_tls_period": 10,
        "distributed_plugin": "tls",
        "disable_distributed": false,
        "logger_tls_endpoint": "/api/v1/osquery/log",
        "distributed_interval": 12,
        "distributed_tls_max_attempts": 4
      },
      "decorators": {
        "load": [
          "SELECT uuid AS host_uuid FROM system_info;",
          "SELECT hostname AS hostname FROM system_info;"
        ]
      }
    },
    "overrides": {}
  }
}
Default response

Status: 200

{}