empayre/fleet
14
0
Fork 0
mirror of https://github.com/empayre/fleet.git synced 2024-11-06 17:05:18 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
e06b00df11
fleet/docs/Using-Fleet/Learn-how-to-use-Fleet.md
Noah Talerman b0e37accc9
Update "Learn how to use Fleet" for Fleet Sandbox (#7142) 
- Update "Learn how to use Fleet" docs page to walk a Fleet Sandbox user through adding their device and running a query
- Add a "Get operating system information" query to standard query library for the "Learn how to use Fleet" walkthrough
- Update Fleet's top level README to point users who want to try Fleet to Fleet Sandbox
- Update "How to install osquery..." (macOS, Windows, Linux) blog posts to point users who want to try Fleet to Fleet Sandbox
- Move `fleetctl preview` questions to "Contributing" FAQ section in docs. This is because `fleetctl preview` is now a testing tool for Fleet contributors
- Update "Deploying" docs to point users who want to try Fleet to Fleet Sandbox
2022-08-19 14:13:15 -04:00

2.4 KiB
Raw Blame History

Learn how to use Fleet

Overview

In this guide, we'll cover the following concepts:

  • How to add your device to Fleet
  • How to ask questions about your device

How to add your device to Fleet

Once you log into Fleet, you are presented with the Home page.

To add your device:

  1. Select Add hosts. In Fleet, devices are referred to as "hosts."
  2. Select your device's platform.
  3. Select Download to download your Fleet osquery installer. The download may take several seconds.
  4. Open the Fleet osquery installer and follow the installation steps.

It may take several seconds for Fleet osquery to send your device's data to Fleet.

In the background, Fleet ran several checks to assess the security hygiene of your device.

In Fleet, these checks are referred to as "policies."

How to ask questions about your device

With Fleet, you can ask a multitude of questions to help you manage, monitor, and identify threats on your devices, but if you are just starting out, and unsure of what to ask, Fleet comes baked in with a query library of common questions.

So, let's start by asking the following question about your device:

  • What operating system is installed on my device and what is its version?

This question can easily be answered by running this simple query: "Get operating system information."

To run this query on your device:

  1. Select Queries in the top navigation.
  2. Enter "Get operating system information" in the search bar.
  3. Select Get operating system information to enter the query console.
  4. Select Run query, then select All hosts (your device may be the only host added to Fleet), and finally select Run to execute the query.

The query may take several seconds to complete, because Fleet has to wait for the osquery agents to respond with results.

Fleet's query response time is inherently variable because of osquery's heartbeat response time. This helps prevent performance issues on hosts.

When the query has finished, you should see several columns in the "Results" table:

  • The "name" column answers: "What operating system is installed on my device?"

  • The "version" column answers: "What version of the installed operating system is on my device?"