mirror of
https://github.com/empayre/fleet.git
synced 2024-11-06 17:05:18 +00:00
e9a84dbda0
- Add Q4 features from product planning - "[Best practice GitOps](https://github.com/fleetdm/fleet/issues/13643)" and "[Declaration (DDM) profiles](https://github.com/fleetdm/fleet/issues/14550)" fall into Q1 --------- Co-authored-by: Sam Pfluger <108141731+Sampfluger88@users.noreply.github.com>
661 lines
45 KiB
YAML
661 lines
45 KiB
YAML
- categoryName: Endpoint ops
|
|
features:
|
|
#
|
|
# ╔╦╗╔═╗╦ ╦╦╔═╗╔═╗ ╦ ╦╔═╗╔═╗╦ ╔╦╗╦ ╦
|
|
# ║║║╣ ╚╗╔╝║║ ║╣ ╠═╣║╣ ╠═╣║ ║ ╠═╣
|
|
# ═╩╝╚═╝ ╚╝ ╩╚═╝╚═╝ ╩ ╩╚═╝╩ ╩╩═╝╩ ╩ ╩
|
|
- industryName: Device health
|
|
friendlyName: Automate device health
|
|
description: Automatically report system health issues using webhooks or integrations, to notify or quarantine outdated or misconfigured systems that are at higher risk of vulnerabilities or theft.
|
|
documentationUrl:
|
|
screenshotSrc:
|
|
tier: Free
|
|
productCategories: [Endpoint operations]
|
|
dri: mikermcneil
|
|
demos:
|
|
- description: A large tech company used the Fleet API to block access to corporate apps for outdated operating system versions with certain "celebrity" vulnerabilities.
|
|
quote:
|
|
moreInfoUrl: https://play.goconsensus.com/s4e490bb9
|
|
buzzwords: [Device trust,Zero trust,Layer 7 device trust,Beyondcorp,Device attestation,Conditional access]
|
|
waysToUse:
|
|
- description: Automatically manage the behavior of endpoints that are at higher risk of vulnerabilities or data loss due to their configuration or patch level.
|
|
- description: Block access to corporate apps for users whose devices with unexpected settings, like disabled screen lock, passwords that are too short, unencrypted hard disks, and more
|
|
- description: Quickly implement conditional access based on device health using osquery and a simple device health REST API. Coming soon (2023-12-31)
|
|
moreInfoUrl: https://github.com/fleetdm/fleet/issues/14920
|
|
- description: Control and restore access to applications by automatically restricting access when devices do not meet particular security requirements.
|
|
moreInfoUrl: https://duo.com/docs/device-health
|
|
- description: Control which laptop and desktop devices can access corporate apps and websites based on what vulnerabilities it might be exposed to based on how the device is configured, whether it's up to date, its MDM enrollment status, and anything else you can build in a SQL query of Fleet's 300 data tables representing information about enrolled host systems.
|
|
- description: Implement multivariate device trust
|
|
moreInfoUrl: https://youtu.be/5sFOdpMLXQg?feature=shared&t=1445
|
|
- description: Implement your own version of Google's zero trust model (BeyondCorp)
|
|
moreInfoUrl: https://cloud.google.com/beyondcorp
|
|
- description: Get endpoint data into ServiceNow and make your asset management teams happy
|
|
moreInfoUrl: https://www.youtube.com/watch?v=aVbU6_9JoM0
|
|
#
|
|
# ╔═╗╔═╗╦═╗╦╔═╗╔╦╗ ╔═╗═╗ ╦╔═╗╔═╗╦ ╦╔╦╗╦╔═╗╔╗╔
|
|
# ╚═╗║ ╠╦╝║╠═╝ ║ ║╣ ╔╩╦╝║╣ ║ ║ ║ ║ ║║ ║║║║
|
|
# ╚═╝╚═╝╩╚═╩╩ ╩ ╚═╝╩ ╚═╚═╝╚═╝╚═╝ ╩ ╩╚═╝╝╚╝
|
|
- industryName: Script execution
|
|
friendlyName: Safely execute custom scripts (macOS, Windows, and Linux)
|
|
description: Deploy and execute custom scripts using a REST API, and manage your library of scripts in the UI or a git repo.
|
|
documentationUrl: https://fleetdm.com/docs/using-fleet/scripts
|
|
tier: Premium
|
|
dri: mikermcneil
|
|
productCategories: [Endpoint operations,Device management]
|
|
waysToUse:
|
|
- description: Execute custom macOS scripts (client platform engineering)
|
|
moreInfoUrl: https://www.hexnode.com/blogs/executing-custom-mac-scripts-via-mdm/
|
|
- description: Execute custom Windows scripts (client platform engineering)
|
|
moreInfoUrl: https://www.hexnode.com/blogs/executing-custom-windows-scripts-via-mdm/
|
|
- description: Use PowerShell scripts on Windows devices
|
|
moreInfoUrl: https://learn.microsoft.com/en-us/mem/intune/apps/intune-management-extension
|
|
- description: Run PowerShell scripts for remediations (security engineering)
|
|
moreInfoUrl: https://learn.microsoft.com/en-us/mem/intune/fundamentals/powershell-scripts-remediation
|
|
- description: Download and run remediation scripts
|
|
moreInfoUrl: https://help.zscaler.com/deception/downloading-and-running-remediation-script
|
|
- description: Deploy custom scripts
|
|
moreInfoUrl: https://scalefusion.com/custom-scripting
|
|
#
|
|
# ╔═╗╦ ╦╔╦╗╔═╗╔╦╗╔═╗╔╦╗╦╔═╗ ╔═╗╔═╗╔═╗╔╦╗╦ ╦╦═╗╔═╗ ╔═╗╔═╗╔═╗╔═╗╔═╗╔═╗╔╦╗╔═╗╔╗╔╔╦╗
|
|
# ╠═╣║ ║ ║ ║ ║║║║╠═╣ ║ ║║ ╠═╝║ ║╚═╗ ║ ║ ║╠╦╝║╣ ╠═╣╚═╗╚═╗║╣ ╚═╗╚═╗║║║║╣ ║║║ ║
|
|
# ╩ ╩╚═╝ ╩ ╚═╝╩ ╩╩ ╩ ╩ ╩╚═╝ ╩ ╚═╝╚═╝ ╩ ╚═╝╩╚═╚═╝ ╩ ╩╚═╝╚═╝╚═╝╚═╝╚═╝╩ ╩╚═╝╝╚╝ ╩
|
|
- industryName: Automatic posture assessment
|
|
friendlyName: Verify any security or compliance goal
|
|
description: Simplify security audits, build definitive reports, and discover + verify ongoing compliance for every endpoint, from workstations to data centers.
|
|
documentationUrl:
|
|
screenshotSrc:
|
|
usualDepartment: Security
|
|
tier: Free
|
|
productCategories: [Endpoint operations]
|
|
dri: mikermcneil
|
|
demos:
|
|
- description:
|
|
quote:
|
|
moreInfoUrl:
|
|
buzzwords: [Attack surface management (ASM),Endpoint hardening,Security posture,Cyber hygiene,Anomaly detection,Configuration management,Attack Surface Monitoring,Policy assessment]
|
|
waysToUse:
|
|
- description: Monitor devices that don't meet your organization's custom security policies
|
|
- description: Quickly report your posture and vulnerabilities to auditors, showing remediation status and timing.
|
|
- description: Keep your devices compliant with customizable baselines, or use common benchmarks like CIS.
|
|
- description: Discover security misconfigurations that increase attack surface.
|
|
- description: Detect suspcious services listening on open ports that should not be connected to the internet, such as Remote Desktop Protocol (RDP).
|
|
moreInfoUrl: https://paraflare.com/articles/vulnerability-management-via-osquery/#:~:text=WHERE%20statename%20%3D%20%E2%80%9CEnabled%E2%80%9D-,OPEN%20SOCKETS,-Lastly%2C%20an%20examination
|
|
- description: Discover potentially unwanted programs that increase attack surface.
|
|
moreInfoUrl: https://paraflare.com/articles/vulnerability-management-via-osquery/
|
|
- description: Detect self-signed certifcates
|
|
- description: Detect legacy protocols with safer versions
|
|
moreInfoUrl: https://paraflare.com/articles/vulnerability-management-via-osquery/#:~:text=WHERE%20self_signed%20%3D%201%3B-,LEGACY%20PROTOCOLS,-This%20section%20will
|
|
- description: Detect exposed secrets on the command line
|
|
moreInfoUrl: https://paraflare.com/articles/vulnerability-management-via-osquery/#:~:text=WDigest%20is%20disabled.-,EXPOSED%20SECRETS,-Often%2C%20to%20create
|
|
- description: Detect and surface issues with devices
|
|
- description: Share device health reports
|
|
- description: Align endpoints with your security policies
|
|
moreInfoUrl: https://www.axonius.com/use-cases/cmdb-reconciliation
|
|
- description: Maximize security control coverage
|
|
- description: Uncover gaps in security policies, configurations, and hygiene
|
|
moreInfoUrl: https://www.axonius.com/use-cases/coverage-gap-discovery
|
|
- description: Automatically apply security policies to protect endpoints against attack.
|
|
- description: Surface security issues in all your deployed endpoints even data centers and factories.
|
|
- description: Continually validate controls and policies
|
|
#
|
|
# ╦ ╦╦ ╦╔╦╗╔═╗╔╗╔ ╔═╗╔╗╔╔╦╗╔═╗╔═╗╦╔╗╔╔╦╗ ╔╦╗╔═╗╔═╗╔═╗╦╔╗╔╔═╗
|
|
# ╠═╣║ ║║║║╠═╣║║║───║╣ ║║║ ║║╠═╝║ ║║║║║ ║ ║║║╠═╣╠═╝╠═╝║║║║║ ╦
|
|
# ╩ ╩╚═╝╩ ╩╩ ╩╝╚╝ ╚═╝╝╚╝═╩╝╩ ╚═╝╩╝╚╝ ╩ ╩ ╩╩ ╩╩ ╩ ╩╝╚╝╚═╝
|
|
- industryName: Human-endpoint mapping
|
|
friendlyName: See who logs in on every computer
|
|
description: Identify who logs in to any system, including login history and current sessions. Look up any host by the email address of the person using it.
|
|
documentationUrl:
|
|
screenshotSrc:
|
|
tier: Free
|
|
productCategories: [Endpoint operations]
|
|
dri: mikermcneil
|
|
demos:
|
|
- description: Security engineers at a top gaming company wanted to get demographics off their macOS, Windows, and Linux machines about who the user is and who's logged in.
|
|
moreInfoUrl: https://docs.google.com/document/d/1qFYtMoKh3zyERLhbErJOEOo2me6Bc7KOOkjKn482Sqc/edit
|
|
waysToUse:
|
|
- description: Look up computer by ActiveDirectory account
|
|
- description: Find device by Google Chrome user
|
|
- description: Identify who logs in to any system, including login history and current sessions.
|
|
- description: Look up any host by the email address of the person using it.
|
|
- description: Check user login history
|
|
moreInfoUrl: https://www.lepide.com/how-to/audit-who-logged-into-a-computer-and-when.html#:~:text=To%20find%20out%20the%20details,logs%20in%20%E2%80%9CWindows%20Logs%E2%80%9D.
|
|
- description: See currently logged in users
|
|
moreInfoUrl: https://www.top-password.com/blog/see-currently-logged-in-users-in-windows/
|
|
- description: Get demographics off of our machines about who the user is and who's logged in
|
|
moreInfoUrl: https://docs.google.com/document/d/1qFYtMoKh3zyERLhbErJOEOo2me6Bc7KOOkjKn482Sqc/edit
|
|
- description: See what servers someone is logged-in on
|
|
moreInfoUrl: https://community.spiceworks.com/topic/138171-is-there-a-way-to-see-what-servers-someone-is-logged-in-on
|
|
# ╔═╗═╗ ╦╔═╗╔═╗╦═╗╔╦╗ ┬ ╔═╗╦ ╦╔╗╔╔═╗
|
|
# ║╣ ╔╩╦╝╠═╝║ ║╠╦╝ ║ ┌┼─ ╚═╗╚╦╝║║║║
|
|
# ╚═╝╩ ╚═╩ ╚═╝╩╚═ ╩ └┘ ╚═╝ ╩ ╝╚╝╚═╝
|
|
# TODO: Use a different, more specific industry name for this, to tie it explicitly to query automations. Customer quotes like "feeder for the SIEM" (there are too many types of export for it to be this generic). Also tie this into HIDS. And with the idea of ingesting IoCs. HIDS can be accomplished with query automations or with policies, so it may be worth combining them. i.e. it becomes "Automated posture assessment" and then also "HIDS", where we talk about, in a single entry, how you can do HIDS with query logs and with policies. See "open hids" in https://docs.google.com/document/d/1oeCmT077o_5nxzLhnxs7kcg_4Qn1Pn1F5zx10nQOAp8/edit
|
|
- industryName: Automated export/sync
|
|
friendlyName: Build custom query automations
|
|
description: Ship logs with snapshots of any imaginable report, or monitor results for changes.
|
|
tier: Free
|
|
usualDepartment: Security
|
|
productCategories: [Endpoint operations]
|
|
demos:
|
|
- description: A top media company wanted to share more security data with other departments without slowing down hosts.
|
|
waysToUse:
|
|
- description: Ship logs to Splunk, Snowflake, and more
|
|
- description: Synchronize live state of endpoints to a data lake or SIEM in a consistent shape.
|
|
- description: Export the data to other systems
|
|
moreInfoUrl: https://docs.google.com/document/d/1pE9U-1E4YDiy6h4TorszrTOiFAauFiORikSUFUqW7Pk/edit
|
|
- description: Export data to a third-party SIEM tool
|
|
moreInfoUrl: https://www.websense.com/content/support/library/web/hosted/admin_guide/siem_integration_explain.aspx
|
|
- description: Gather data and log events from endpoints
|
|
moreInfoUrl: https://techbeacon.com/security/how-osquery-can-lift-your-security-teams-game#:~:text=%22If%20security%20teams%20didn%27t%20have%20osquery%2C%20they%20would%20have%20to%20find%20a%20way%20to%20manually%20go%20into%20each%20endpoint%20and%20gather%20data%2C%20or%20buy%20a%20third%2Dparty%20tool%20to%20do%20that%20for%20them
|
|
#
|
|
# ╔═╗╦╔╦╗
|
|
# ╠╣ ║║║║
|
|
# ╚ ╩╩ ╩
|
|
- industryName: File integrity monitoring (FIM) # Short industry phrase
|
|
friendlyName: Detect changes to critical files # Short, Fleet one-liner for the feature, written in the imperative mood. (If easy to do, base this off of the words that an actual customer is saying.)
|
|
description: Specify files to monitor for changes or deletions, then log those events to your SIEM or data lake, including key information such as filepath and checksum. # Clear Mr. Rogers description
|
|
documentationUrl: https://fleetdm.com/guides/osquery-evented-tables-overview#file-integrity-monitoring-fim # URL of the single-best page within the docs which serves as a "jumping-off point" for this feature.
|
|
screenshotSrc: "" # A screenshot of the single, best, simplifying, obvious example
|
|
tier: Free # Either "Free" or "Premium"
|
|
usualDepartment: Security # or omit if there isn't a particular departmental leaning we've noticed
|
|
productCategories: [Endpoint operations] # or omit if this isn't associated with a single product category
|
|
dri: mikermcneil #GitHub user name
|
|
demos:
|
|
- description: A top gaming company needed a way to monitor critical files on production Debian servers.
|
|
quote: The FIM features are kind of a top priority.
|
|
moreInfoUrl: https://docs.google.com/document/d/1pE9U-1E4YDiy6h4TorszrTOiFAauFiORikSUFUqW7Pk/edit
|
|
buzzwords: [File integrity monitoring (FIM),Host-based intrusion detection system (HIDS),Anomaly detection]
|
|
waysToUse:
|
|
- description: Monitor critical files on production Debian servers
|
|
- description: Detect anomalous filesystem activity
|
|
moreInfoUrl: https://www.beyondtrust.com/resources/glossary/file-integrity-monitoring
|
|
- description: Detect unintended changes
|
|
moreInfoUrl: https://www.beyondtrust.com/resources/glossary/file-integrity-monitoring
|
|
- description: Verify update status and monitor system health
|
|
moreInfoUrl: https://www.beyondtrust.com/resources/glossary/file-integrity-monitoring
|
|
- description: Meet compliance mandates
|
|
moreInfoUrl: https://www.beyondtrust.com/resources/glossary/file-integrity-monitoring
|
|
# ╔╦╗╔═╗╦ ╦ ╦╔═╗╦═╗╔═╗ ╔╦╗╔═╗╔╦╗╔═╗╔═╗╔╦╗╦╔═╗╔╗╔ ┌─╦ ╦╔═╗╦═╗╔═╗─┐
|
|
# ║║║╠═╣║ ║║║╠═╣╠╦╝║╣ ║║║╣ ║ ║╣ ║ ║ ║║ ║║║║ │ ╚╦╝╠═╣╠╦╝╠═╣ │
|
|
# ╩ ╩╩ ╩╩═╝╚╩╝╩ ╩╩╚═╚═╝ ═╩╝╚═╝ ╩ ╚═╝╚═╝ ╩ ╩╚═╝╝╚╝ └─ ╩ ╩ ╩╩╚═╩ ╩─┘
|
|
- industryName: Malware detection (YARA) # TODO: consider: technically more than YARA, consider generalizing this and including the concept of comparing known binary hashes (either via live query or in the data lake to compare threat intel feed)
|
|
friendlyName: Scan files for malware signatures
|
|
description: Report and trigger automations when malware or other unexpected files are detected on a host using YARA signatures.
|
|
documentationUrl: https://fleetdm.com/tables/yara
|
|
tier: Free
|
|
dri: mikermcneil
|
|
usualDepartment: Security
|
|
productCategories: [Endpoint operations,Vulnerability management]
|
|
buzzwords: [YARA scanning,Cyber Threat Intelligence (CTI),Indicators of compromise (IOCs),Antivirus (AV),Endpoint protection platform (EPP),Endpoint detection and response (EDR),Malware detection,Signature-based malware detection,Malware scanning,Malware analysis,Anomaly detection]
|
|
demos:
|
|
- description: A top media company used Fleet policies with YARA rules to continuously scan host filesystems for malware signatures provided by internal and external threat intelligence teams.
|
|
moreInfoUrl: # short demo video
|
|
waysToUse:
|
|
- description: Detect suspicious bytecode in JAR files
|
|
- description: Identify suspicious patterns in binaries using YARA signatures # (≈regular expressions for binary)
|
|
- description: Continuously scan host filesystems for malware signatures.
|
|
moreInfoUrl: https://yara.readthedocs.io/en/stable/writingrules.html
|
|
- description: Monitor for relevent filesystem changes (YARA events) and on-demand YARA signature scans.
|
|
moreInfoUrl: https://osquery.readthedocs.io/en/stable/deployment/yara/
|
|
- description: Use YARA for malware detection
|
|
moreInfoUrl: https://www.cisa.gov/sites/default/files/FactSheets/NCCIC%20ICS_FactSheet_YARA_S508C.pdf
|
|
- description: Scan for indicators of compromise (IoC) for common malware.
|
|
moreInfoUrl: https://github.com/Cisco-Talos/osquery_queries
|
|
- description: Analyze malware using data from osquery, such as endpoint certificates and launch daemons (launchd).
|
|
moreInfoUrl: https://medium.com/hackernoon/malware-analysis-using-osquery-part-3-9dc805b67d16
|
|
- description: Detect persistent malware (e.g. WireLurker) in endpoints by generating simple policies that search for their static indicators of compromise (IoCs).
|
|
moreInfoUrl: https://osquery.readthedocs.io/en/stable/deployment/anomaly-detection/
|
|
- description: Run a targeted YARA scan with osquery as a lightweight approach to scan anything on a host filesystem, with minimal performance impact. Unlike full system YARA scans which consume considerable CPU resources, an equivalent YARA scan targeted in Fleet can be 8x cheaper (CPU %).
|
|
moreInfoUrl: https://www.tripwire.com/state-of-security/signature-socket-based-malware-detection-osquery-yara
|
|
- industryName: Detection engineering
|
|
friendlyName: # Ship logs to your data lake and comopare with known bad binary hashes or capture behavioral data and build custom detections (e.g. using a framework like MITRE)
|
|
description:
|
|
documentationUrl:
|
|
tier: Free
|
|
dri: mikermcneil
|
|
usualDepartment: Security
|
|
productCategories: [Endpoint operations]
|
|
buzzwords: [Security analytics,Behavioral analytics,MITRE ATT&CK,Tactics techniques and procedures (TTPs),Security information and event management (SIEM)]
|
|
demos:
|
|
- description:
|
|
moreInfoUrl:
|
|
waysToUse:
|
|
- description:
|
|
- industryName: Threat hunting
|
|
friendlyName: # TODO: live query
|
|
description:
|
|
documentationUrl:
|
|
tier: Free
|
|
dri: mikermcneil
|
|
usualDepartment: Security
|
|
productCategories: [Endpoint operations]
|
|
buzzwords: []
|
|
demos:
|
|
- description:
|
|
moreInfoUrl:
|
|
waysToUse:
|
|
- description:
|
|
- industryName: Incident response
|
|
friendlyName: # TODO: live query, triage, figuring out scope of impact, remediate using scripts, MDM commands (e.g. remote wipe), and quarantine or reimage using other systems and APIs (e.g. remove from network, decommission container)
|
|
description:
|
|
documentationUrl:
|
|
tier: Free
|
|
dri: mikermcneil
|
|
usualDepartment: Security
|
|
productCategories: [Endpoint operations]
|
|
buzzwords: []
|
|
demos:
|
|
- description:
|
|
moreInfoUrl:
|
|
waysToUse:
|
|
- description:
|
|
- industryName: Binary authorization
|
|
friendlyName: Restrict what programs can run, and what files running programs can access.
|
|
description:
|
|
documentationUrl:
|
|
tier: Free
|
|
dri: mikermcneil
|
|
usualDepartment: Security
|
|
productCategories: [Endpoint operations]
|
|
comingSoonOn: YYYY-MM-DD
|
|
buzzwords: [Mandatory Access Control (MAC),Privilege confinement,Binary authorization,Santa,Binary allowlisting,Binary whitelisting]
|
|
demos:
|
|
- description:
|
|
moreInfoUrl:
|
|
waysToUse:
|
|
- description: Confine programs to a limited set of resources.
|
|
- description: Report on AppArmor events
|
|
moreInfoUrl: https://fleetdm.com/tables/apparmor_events
|
|
- description: Confine programs according to a set of rules that specify which files a program can access.
|
|
moreInfoUrl: https://wiki.debian.org/AppArmor
|
|
- description: Proactively protect the system against both known and unknown vulnerabilities.
|
|
# ╔═╗╔═╗╔═╗╔╗╔╔╦╗ ╔═╗╦ ╦╔╦╗╔═╗ ╦ ╦╔═╗╔╦╗╔═╗╔╦╗╔═╗
|
|
# ╠═╣║ ╦║╣ ║║║ ║ ╠═╣║ ║ ║ ║ ║───║ ║╠═╝ ║║╠═╣ ║ ║╣
|
|
# ╩ ╩╚═╝╚═╝╝╚╝ ╩ ╩ ╩╚═╝ ╩ ╚═╝ ╚═╝╩ ═╩╝╩ ╩ ╩ ╚═╝
|
|
- industryName: Agent auto-update
|
|
friendlyName: Keep agents and extensions up to date
|
|
descrption: Keep agents and extensions up to date by loading code from Fleet's free update registry.
|
|
tier: Free
|
|
productCategories: [Endpoint operations]
|
|
# ╦╔╗╔╔═╗╔╦╗╔═╗╦ ╦ ╔═╗╦═╗╔═╗
|
|
# ║║║║╚═╗ ║ ╠═╣║ ║ ║╣ ╠╦╝╚═╗
|
|
# ╩╝╚╝╚═╝ ╩ ╩ ╩╩═╝╩═╝╚═╝╩╚═╚═╝
|
|
- industryName: Installers (self-service)
|
|
tier: Free
|
|
productCategories: [Endpoint operations]
|
|
waysToUse:
|
|
- description: Build scripts for Ansible deployments
|
|
moreInfoUrl: https://www.youtube.com/watch?v=qflUfLQCnwY&list=PL6-FgoWOoK2YUR4ADGsxTSL3onb-GzCnM&index=4
|
|
- description: Deploy osquery to macOS via Jamf
|
|
moreInfoUrl: https://www.youtube.com/watch?v=qflUfLQCnwY&list=PL6-FgoWOoK2YUR4ADGsxTSL3onb-GzCnM&index=4
|
|
- description: Package osquery for Linux servers via Workspace One and Windows servers via group policies
|
|
moreInfoUrl: https://www.youtube.com/watch?v=qflUfLQCnwY&list=PL6-FgoWOoK2YUR4ADGsxTSL3onb-GzCnM&index=4
|
|
# ╔╗ ╔═╗╔╦╗╔═╗╦ ╦ ╦╔╗╔╔═╗╔╦╗╔═╗╦ ╦ ╔═╗╔╦╗╦╔═╗╔╗╔
|
|
# ╠╩╗╠═╣ ║ ║ ╠═╣ ║║║║╚═╗ ║ ╠═╣║ ║ ╠═╣ ║ ║║ ║║║║
|
|
# ╚═╝╩ ╩ ╩ ╚═╝╩ ╩ ╩╝╚╝╚═╝ ╩ ╩ ╩╩═╝╩═╝╩ ╩ ╩ ╩╚═╝╝╚╝
|
|
- industryName: Batch installation (Chef, Ansible, Puppet, MDM)
|
|
friendlyName: Install agents over the air
|
|
tier: Free
|
|
productCategories: [Endpoint operations]
|
|
# ╦═╗╔═╗╔╦╗╔═╗╔╦╗╔═╗ ╔═╗╔═╗╔╦╗╔╦╗╦╔╗╔╔═╗╔═╗
|
|
# ╠╦╝║╣ ║║║║ ║ ║ ║╣ ╚═╗║╣ ║ ║ ║║║║║ ╦╚═╗
|
|
# ╩╚═╚═╝╩ ╩╚═╝ ╩ ╚═╝ ╚═╝╚═╝ ╩ ╩ ╩╝╚╝╚═╝╚═╝
|
|
- industryName: Remote settings
|
|
description: Configure agent options remotely, over the air. (Includes osquery config, and osquery startup flags.). Fleetd startup flags coming soon (2023-12-31) #customer-blanco
|
|
moreInfoUrl: https://github.com/fleetdm/fleet/issues/13825
|
|
tier: Free
|
|
usualDepartment: Security
|
|
productCategories: [Endpoint operations]
|
|
# ╦ ╦╔═╗╦═╗╦╔═╗╔╗ ╦ ╔═╗ ╔═╗╔╗╔╦═╗╔═╗╦ ╦ ╔╦╗╔═╗╔╗╔╔╦╗
|
|
# ╚╗╔╝╠═╣╠╦╝║╠═╣╠╩╗║ ║╣ ║╣ ║║║╠╦╝║ ║║ ║ ║║║║╣ ║║║ ║
|
|
# ╚╝ ╩ ╩╩╚═╩╩ ╩╚═╝╩═╝╚═╝ ╚═╝╝╚╝╩╚═╚═╝╩═╝╩═╝╩ ╩╚═╝╝╚╝ ╩
|
|
- industryName: Variable enrollment
|
|
description: Enroll hosts in different groups using different enrollment secrets and/or installers per-baseline.
|
|
tier: Premium
|
|
# ╔═╗╦═╗╦╦ ╦╔═╗╔╦╗╔═╗ ╦ ╦╔═╗╔╦╗╔═╗╔╦╗╔═╗ ╦═╗╔═╗╔═╗╦╔═╗╔╦╗╦═╗╦ ╦
|
|
# ╠═╝╠╦╝║╚╗╔╝╠═╣ ║ ║╣ ║ ║╠═╝ ║║╠═╣ ║ ║╣ ╠╦╝║╣ ║ ╦║╚═╗ ║ ╠╦╝╚╦╝
|
|
# ╩ ╩╚═╩ ╚╝ ╩ ╩ ╩ ╚═╝ ╚═╝╩ ═╩╝╩ ╩ ╩ ╚═╝ ╩╚═╚═╝╚═╝╩╚═╝ ╩ ╩╚═ ╩
|
|
- industryName: Private update registry
|
|
friendlyName: Update agents from a secret URL
|
|
description: Load agent code from a secret URL that you manage.
|
|
tier: Premium
|
|
usualDepartment: Security
|
|
productCategories: [Endpoint operations]
|
|
# ╔═╗╦ ╦╔═╗╔╦╗╔═╗╔╦╗ ╔╦╗╔═╗╔╗ ╦ ╔═╗╔═╗
|
|
# ║ ║ ║╚═╗ ║ ║ ║║║║ ║ ╠═╣╠╩╗║ ║╣ ╚═╗
|
|
# ╚═╝╚═╝╚═╝ ╩ ╚═╝╩ ╩ ╩ ╩ ╩╚═╝╩═╝╚═╝╚═╝
|
|
- industryName: Custom tables
|
|
friendlyName: Add tables to osquery with extensions
|
|
description: Install osquery extensions over the air. # (GitOptional)
|
|
moreInfoUrl: https://github.com/trailofbits/osquery-extensions/blob/3df2b72ad78549e25344c79dbc9bce6808c4d92a/README.md#extensions
|
|
tier: Premium
|
|
- categoryName: Integrations
|
|
features:
|
|
#
|
|
# ╦═╗╔═╗╔═╗╔╦╗ ╔═╗╔═╗╦
|
|
# ╠╦╝║╣ ╚═╗ ║ ╠═╣╠═╝║
|
|
# ╩╚═╚═╝╚═╝ ╩ ╩ ╩╩ ╩
|
|
- industryName: REST API
|
|
friendlyName: Automate any feature
|
|
description:
|
|
documentationUrl: https://fleetdm.com/docs/rest-api/rest-api
|
|
screenshotSrc:
|
|
tier: Free
|
|
dri: rachaelshaw
|
|
# ╔═╗╔═╗╔╦╗╔╦╗╔═╗╔╗╔╔╦╗ ╦ ╦╔╗╔╔═╗ ╔╦╗╔═╗╔═╗╦ ┌─ ╔═╗╦ ╦ ─┐
|
|
# ║ ║ ║║║║║║║╠═╣║║║ ║║ ║ ║║║║║╣ ║ ║ ║║ ║║ │ ║ ║ ║ │
|
|
# ╚═╝╚═╝╩ ╩╩ ╩╩ ╩╝╚╝═╩╝ ╩═╝╩╝╚╝╚═╝ ╩ ╚═╝╚═╝╩═╝ └─ ╚═╝╩═╝╩ ─┘
|
|
- industryName: Command line tool (CLI)
|
|
friendlyName: fleetctl
|
|
tier: Free
|
|
# ╦ ╦╔═╗╔╗ ╦ ╦╔═╗╔═╗╦╔═╔═╗
|
|
# ║║║║╣ ╠╩╗╠═╣║ ║║ ║╠╩╗╚═╗
|
|
# ╚╩╝╚═╝╚═╝╩ ╩╚═╝╚═╝╩ ╩╚═╝
|
|
- industryName: Webhooks
|
|
friendlyName:
|
|
tier: Free
|
|
# ╔╦╗╔═╗╔═╗╔═╗ ╔═╗╦ ╦╔╦╗╔═╗╔╦╗╔═╗╔╦╗╦╔═╗╔╗╔╔═╗
|
|
# ║║║╣ ║╣ ╠═╝ ╠═╣║ ║ ║ ║ ║║║║╠═╣ ║ ║║ ║║║║╚═╗
|
|
# ═╩╝╚═╝╚═╝╩ ╩ ╩╚═╝ ╩ ╚═╝╩ ╩╩ ╩ ╩ ╩╚═╝╝╚╝╚═╝
|
|
- industryName: Deep automations
|
|
friendlyName: Trigger webhooks or run scripts
|
|
description: Fire off webhooks or run scripts on hosts when certain things happen in Fleet.
|
|
productCategories: [Endpoint operations,Device management,Vulnerability management]
|
|
comingSoonOn: 2024-06-30
|
|
tier: Free
|
|
buzzwords: [Automated remediation,Auto-remediation,Self-healing]
|
|
waysToUse:
|
|
- description: Use policy automations to automatically remediate issues and mitigate vulnerabilities.
|
|
- description: Use osquery and santa to work around inflexibilities in proprietary MDMs and other protection solutions.
|
|
- description: Listen to webhooks to perform autonomous self-healing (cloud security engineering)
|
|
moreInfoUrl: https://www.fugue.co/blog/automated-remediation-scripts-vs.-self-healing-infrastructure-two-approaches-to-cloud-security
|
|
# ╔═╗╦╔╦╗╔═╗╔═╗╔═╗
|
|
# ║ ╦║ ║ ║ ║╠═╝╚═╗
|
|
# ╚═╝╩ ╩ ╚═╝╩ ╚═╝
|
|
- industryName: GitOps
|
|
friendlyName: Manage endpoints in git
|
|
description: Fork the best practices repo and use the GitHub Action to hook it up to your Fleet instance in minutes. Coming soon (2024-03-31)
|
|
moreInfoUrl: https://github.com/fleetdm/fleet/issues/13643
|
|
productCategories: [Endpoint operations,Device management,Vulnerability management]
|
|
tier: Free
|
|
demos:
|
|
description: A top savings and investment company wanted workflows and automation so that one bad actor can't brick their fleet. This way, they have to make a pull request first.
|
|
quote: I don't want one bad actor to brick my fleet. I want them to make a pull request first.
|
|
moreInfoUrl: https://docs.google.com/document/d/1hAQL6P--Tt3syq1MTRONAxhQA_2Vjt3oOJJt_O4xbiE/edit?disco=AAABAVnYvns&usp_dm=true#heading=h.7en766pueek4
|
|
# ╔═╗╦═╗╔═╗╔═╗ ╦╔╗╔╔╦╗╔═╗╔═╗╦═╗╔═╗╔╦╗╦╔═╗╔╗╔╔═╗
|
|
# ╠╣ ╠╦╝║╣ ║╣ ║║║║ ║ ║╣ ║ ╦╠╦╝╠═╣ ║ ║║ ║║║║╚═╗
|
|
# ╚ ╩╚═╚═╝╚═╝ ╩╝╚╝ ╩ ╚═╝╚═╝╩╚═╩ ╩ ╩ ╩╚═╝╝╚╝╚═╝
|
|
- industryName: Free integrations (Tines, Snowflake, Terraform, Chronicle, etc)
|
|
friendlyName: Borrow off-the-shelf tactics from the community
|
|
description:
|
|
moreInfoUrl: https://fleetdm.com/integrations
|
|
tier: Free
|
|
waysToUse:
|
|
- description: (ActiveDirectory) Know who opened your computer and check their device posture before you let them log into anything.
|
|
- description: (Ansible) Easily issue MDM commands and standardize data across operating systems.
|
|
- description: (AWS) Deploy your own self-managed Fleet in any AWS environment in minutes.
|
|
- description: (Azure) Deploy your own self-managed Fleet in the Microsoft Cloud in minutes.
|
|
- description: (Chef) Easily issue MDM commands and standardize data across operating systems.
|
|
- description: (Elastic) Ingest osquery data and monitor for important changes or events.
|
|
- description: (GitHub) Version control using git, enabling collaboration and a GitOps workflow.
|
|
- description: (GitLab) Version control using git, enabling collaboration and a GitOps workflow.
|
|
- description: (Chronicle) Ingest osquery data and monitor for important changes or events.
|
|
- description: (Google Cloud) Deploy your own self-managed Fleet in any GCP environment in minutes.
|
|
- description: (Munki) Easily issue MDM commands and standardize data across operating systems.
|
|
- description: (Okta) Know who opened your computer and check their device posture before you let them log into anything.
|
|
- description: (Snowflake) Ingest osquery data and monitor for important changes or events.
|
|
- description: (Splunk) Ingest osquery data and monitor for important changes or events.
|
|
- description: (Tines) Build custom workflows that trigger in various situations.
|
|
- description: (Webhooks) Configure automations that send webhooks to specific URLs when Fleet detects changes to host, policy, and CVE statuses.
|
|
# ╔═╗╦═╗╔═╗╔╦╗╦╦ ╦╔╦╗ ╦╔╗╔╔╦╗╔═╗╔═╗╦═╗╔═╗╔╦╗╦╔═╗╔╗╔╔═╗
|
|
# ╠═╝╠╦╝║╣ ║║║║║ ║║║║ ║║║║ ║ ║╣ ║ ╦╠╦╝╠═╣ ║ ║║ ║║║║╚═╗
|
|
# ╩ ╩╚═╚═╝╩ ╩╩╚═╝╩ ╩ ╩╝╚╝ ╩ ╚═╝╚═╝╩╚═╩ ╩ ╩ ╩╚═╝╝╚╝╚═╝
|
|
- industryName: Premium integrations (Puppet, Vanta, Jira, Zendesk, etc)
|
|
friendlyName: Borrow off-the-shelf tactics from legendary brands
|
|
description: Plug in to cutting edge frameworks from similar organizations.
|
|
moreInfoUrl: https://fleetdm.com/integrations
|
|
tier: Premium
|
|
buzzwords: [Vanta,Puppet,Jira,Zendesk,Custom IdP]
|
|
waysToUse:
|
|
- description: (Vanta) Trigger a workflow based on a failing policy.
|
|
- description: (Puppet) Easily issue MDM commands, standardize data across operating systems, and map macOS+Windows settings to computers with the Puppet module.
|
|
- description: (Jira) Automatically create Jira tickets in various situations, including exporting vulnerabilities to Jira and syncing tickets.
|
|
- description: (Torq) Build custom workflows that trigger in various situations.
|
|
- description: (Zendesk) Automatically create Zendesk tickets in various situations.
|
|
- description: (Custom IdP) Manage access to Fleet single sign-on (SSO) through any IdP (using SAML).
|
|
- categoryName: Support
|
|
features:
|
|
- industryName: Public issue tracker (GitHub)
|
|
tier: Free
|
|
- industryName: Community Slack channel
|
|
tier: Free
|
|
- industryName: Unlimited email support (confidential)
|
|
tier: Premium
|
|
- industryName: Phone and video call support
|
|
tier: Premium
|
|
- categoryName: Deployment
|
|
features:
|
|
- industryName: Self-managed
|
|
friendlyName: Host it yourself
|
|
tier: Free
|
|
buzzwords: [Self-hosted]
|
|
- industryName: Deployment tools (Terraform, Helm)
|
|
tier: Free
|
|
productCategories: [Endpoint operations]
|
|
- industryName: Managed Cloud
|
|
tier: Premium
|
|
- categoryName: Device management
|
|
features:
|
|
- industryName: Interactive MDM migration # « end-user initiated MDM migration, with interactive UI
|
|
tier: Premium
|
|
usualDepartment: IT
|
|
productCategories: [Device management]
|
|
- industryName: Remotely enforce OS settings
|
|
tier: Free
|
|
usualDepartment: IT
|
|
waysToUse:
|
|
- description: Deploy configuration profiles on macOS and verify that they're installed. Windows coming soon (2023-12-31).
|
|
moreInfoUrl: https://github.com/fleetdm/fleet/issues/13281
|
|
- description: Deploy custom declaration (DDM) profiles on macOS. Coming soon (2024-03-31).
|
|
moreInfoUrl: https://github.com/fleetdm/fleet/issues/14550
|
|
- description: Target profiles to specific hosts using SQL. Coming soon (2023-12-31)
|
|
moreInfoUrl: https://github.com/fleetdm/fleet/issues/14715
|
|
- description: Automatically re-deploy configuration profiles on macOS they're not installed.
|
|
productCategories: [Device management]
|
|
- industryName: Self service
|
|
description: Provide resolution instructions for end users through Fleet Desktop that suggest how an end user can fix a posture issue themselves.
|
|
tier: Premium
|
|
usualDepartment: IT
|
|
productCategories: [Device management]
|
|
- industryName: User-initiated enrollment of macOS computers
|
|
tier: Free
|
|
usualDepartment: IT
|
|
productCategories: [Device management]
|
|
- industryName: Low-level MDM commands for macOS and Windows (e.g. remote restart)
|
|
tier: Free
|
|
usualDepartment: IT
|
|
productCategories: [Device management]
|
|
- industryName: Native macOS update reminders
|
|
tier: Free
|
|
usualDepartment: IT
|
|
productCategories: [Device management]
|
|
- industryName: Zero-touch setup for macOS computers
|
|
tier: Premium
|
|
usualDepartment: IT
|
|
productCategories: [Device management]
|
|
waysToUse:
|
|
- description: Ship a macOS workstation to the end users home and have them automatically enroll to Fleet during out-of-the-box setup.
|
|
- description: Ship a Windows workstation to the end users home and have them automatically enroll to Fleet during out-of-the-box setup. Coming soon (2023-12-31) #Customer-preston
|
|
- description: Customize the out-of-the-box setup experience for your end users.
|
|
- description: Require end users to authenticate with your identity provider (IdP) and agree to an end user license agreement (EULA) before they can use their new workstation
|
|
- industryName: Enforce OS updates
|
|
tier: Premium
|
|
usualDepartment: IT
|
|
productCategories: [Device management,Vulnerability management]
|
|
waysToUse:
|
|
- description: Enforce macOS updates via Nudge.
|
|
- description: Automatically update Windows after the end user reaches a deadline. Coming soon (2023-12-31) #Customer-preston
|
|
- industryName: Encrypt macOS hard disks with FileVault
|
|
tier: Premium
|
|
usualDepartment: IT
|
|
productCategories: [Device management]
|
|
- industryName: Remotely lock and wipe macOS computers
|
|
tier: Premium
|
|
usualDepartment: IT
|
|
productCategories: [Device management]
|
|
- industryName: Install apps and packages on macOS and Windows computers.
|
|
description:
|
|
moreInfoUrl: https://github.com/fleetdm/fleet/issues/14921
|
|
tier: Premium
|
|
comingSoonOn: 2023-12-31 #Customer-reedtimmer and customer-preston
|
|
usualDepartment: IT
|
|
productCategories: [Device management]
|
|
- industryName: Puppet module
|
|
friendlyName: Map macOS settings to computers with Puppet module
|
|
tier: Premium
|
|
usualDepartment: IT
|
|
productCategories: [Device management]
|
|
- categoryName: Inventory management
|
|
features:
|
|
- industryName: Software inventory
|
|
tier: Free
|
|
waysToUse:
|
|
- description: Implement software inventory recommendations from the SANS 20 / CIS 18.
|
|
moreInfoUrl: https://docs.google.com/document/d/1E6EQMMqrsRc6Z3YsR6Q33OaF9eAa8zLNaz4K2YzFdyo/edit#heading=h.7en766pueek4
|
|
- description: View a list of all software and their versions installed on all your hosts.
|
|
- description: View a list of software rolled up by title. Coming soon (2023-12-31)
|
|
moreInfoUrl: https://github.com/fleetdm/fleet/issues/14674
|
|
- industryName: Hardware inventory
|
|
tier: Free
|
|
waysToUse:
|
|
- description: Implement hardware and infrastructure inventory recommendations from the SANS 20 / CIS 18.
|
|
moreInfoUrl: https://docs.google.com/document/d/1E6EQMMqrsRc6Z3YsR6Q33OaF9eAa8zLNaz4K2YzFdyo/edit#heading=h.7en766pueek4
|
|
- industryName: Device inventory dashboard
|
|
tier: Free
|
|
- industryName: Browse installed software packages
|
|
tier: Free
|
|
- industryName: Search devices by IP, serial, hostname, UUID
|
|
tier: Free
|
|
- industryName: Labels (SQL-driven)
|
|
friendlyName: Filter hosts using SQL
|
|
tier: Free
|
|
- industryName: Custom device data for help desk
|
|
description:
|
|
moreInfoUrl: https://github.com/fleetdm/fleet/issues/14415
|
|
tier: Free
|
|
comingSoonOn: 2023-12-31
|
|
usualDepartment: IT
|
|
productCategories: [Endpoint operations,Device management]
|
|
- industryName: Baselines (device groups)
|
|
friendlyName: Manage different endpoints differently
|
|
description: Set baselines and strategies for hosts in different situations called "teams", and move hosts between them via API-driven automations or a simple, delegatable user interface with role-based access.
|
|
tier: Premium
|
|
productCategories: [Endpoint operations,Device management,Vulnerability management]
|
|
waysToUse:
|
|
- description: Automate remediation for different applications with different security postures (cloud security engineering)
|
|
- industryName: Generate reports for groups of devices
|
|
tier: Premium
|
|
- categoryName: Collaboration
|
|
features:
|
|
- industryName: Versionable queries and config (GitOps)
|
|
tier: Free
|
|
demos:
|
|
- description: A top financial services company needed to set up rolling deployments for changes to osquery agents running on their production servers.
|
|
moreInfoUrl: https://docs.google.com/document/d/1UdzZMyBLbs9SUXfSXN2x2wZQCbjZZUetYlNWH6-ryqQ/edit#heading=h.2lh6ehprpvl6
|
|
- industryName: Scope transparency
|
|
tier: Free
|
|
documentationUrl: https://fleetdm.com/transparency
|
|
- categoryName: Security and compliance
|
|
features:
|
|
- industryName: Single sign on (SSO, SAML)
|
|
tier: Free
|
|
- industryName: Disk encryption
|
|
friendlyName: Ensure hard disks are encrypted
|
|
description: Encrypt hard disks of macOS and Windows computers, manage escrowed encryption keys, and report on disk encryption status (FileVault, BitLocker).
|
|
tier: Free
|
|
waysToUse:
|
|
- description: Report on disk encryption status
|
|
- description: Encrypt hard disks on macOS with FileVault
|
|
- description: Escrow FileVault keys on macOS
|
|
- description: Encrypt hard disks on Windows with BitLocker. Coming soon (2023-12-31) #Customer-preston
|
|
- industryName: Audit queries and user activities
|
|
tier: Free
|
|
usualDepartment: Security
|
|
- industryName: Grant API-only access
|
|
tier: Free
|
|
- industryName: Programmable audit log
|
|
tier: Premium
|
|
usualDepartment: Security
|
|
waysToUse:
|
|
- description: Export activity of Fleet admins to your SIEM or data lake
|
|
- industryName: Just-in-time (JIT) provisioning
|
|
tier: Premium
|
|
- industryName: Automated user role sync via Okta, AD, or any IDP
|
|
tier: Premium
|
|
waysToUse:
|
|
- description: Automatically set admin access to Fleet based on your IDP
|
|
- industryName: Vanta integration
|
|
tier: Premium
|
|
- industryName: Trigger a workflow based on a failing policy
|
|
tier: Premium
|
|
- industryName: Role-based access control
|
|
tier: Premium
|
|
- categoryName: Vulnerability management
|
|
features:
|
|
- industryName: Detect vulnerable software #TODO: find a better industryName and make this the friendly name. Maybe separate out export.
|
|
tier: Free
|
|
usualDepartment: Security
|
|
productCategories: [Vulnerability management]
|
|
demos:
|
|
- description: A top gaming company wanted to replace Qualys for infrastructure vulnerability detection.
|
|
quote: So we have some stuff today through Qualys, but it's just not very good. A lot of it is...it's just really noisy. I'm trying to find out specifically, actually what packages are installed where, and then the ability to live query them.
|
|
moreInfoUrl: https://docs.google.com/document/d/1JWtRsW1FUTCkZEESJj9-CvXjLXK4219by-C6vvVVyBY/edit
|
|
waysToUse:
|
|
- description: Email relevant, actually-installed vulnerabilities to responsible teams so they can fix them.
|
|
moreInfoUrl: https://docs.google.com/document/d/1oeCmT077o_5nxzLhnxs7kcg_4Qn1Pn1F5zx10nQOAp8/edit
|
|
- industryName: Query performance monitoring
|
|
tier: Free
|
|
demos:
|
|
- description: A top software company needed to understand the performance impact of osquery queries before running them on all of their production Linux servers.
|
|
moreInfoUrl: https://docs.google.com/document/d/1WzMc8GJCRU6tTBb6gLsSTzFysqtXO8CtP2sXMPKgYSk/edit?disco=AAAA6xuVxGg
|
|
- description: A top software company wanted to detect regressions when adding/changing queries and fail builds if queries were too expensive.
|
|
moreInfoUrl: https://docs.google.com/document/d/1WzMc8GJCRU6tTBb6gLsSTzFysqtXO8CtP2sXMPKgYSk/edit?disco=AAAA6xuVxGg
|
|
waysToUse:
|
|
- description: Monitor performance for automated queries.
|
|
- description: Monitor performance for live queries. Coming soon (2024-01-26) #Customer-blanco
|
|
moreInfoUrl: https://github.com/fleetdm/fleet/issues/467
|
|
- industryName: Detect and surface issues with devices (policies)
|
|
tier: Free
|
|
- industryName: Vulnerability dashboard
|
|
tier: Premium
|
|
comingSoonOn: 2024-03-31
|
|
waysToUse:
|
|
- description: Only show vulnerabilities that you care about. Coming soon (2024-03-31) #Customer-faltona and customer-rialto
|
|
- industryName: Policy scoring
|
|
friendlyName: Mark policies as critical
|
|
tier: Premium
|
|
- industryName: Vulnerability scores (EPSS and CVSS) #TODO: Incorporate this perspective: https://github.com/fleetdm/confidential/issues/4120#issuecomment-1802350614
|
|
tier: Premium
|
|
usualDepartment: Security
|
|
productCategories: [Vulnerability management]
|
|
- industryName: CISA KEVs (known exploited vulnerabilities) #TODO: Incorporate this perspective: https://github.com/fleetdm/confidential/issues/4120#issuecomment-1802350614
|
|
tier: Premium
|
|
usualDepartment: Security
|
|
productCategories: [Vulnerability management]
|
|
- industryName: Patched version #Can be determined using description from National Vulnerability Database (NVD). Description tells you which versions are affected.
|
|
tier: Premium
|
|
usualDepartment: Security
|
|
productCategories: [Vulnerability management]
|
|
- categoryName: Data outputs
|
|
features:
|
|
- industryName: Flexible log destinations (AWS Kinesis, Lambda, GCP, Kafka)
|
|
tier: Free
|
|
usualDepartment: Security
|
|
productCategories: [Endpoint operations]
|
|
waysToUse:
|
|
- description: Choose different file sizes for automated query results and agent logs. Coming soon (2024-01-26) #Customer-blanco
|
|
moreInfoUrl: https://github.com/fleetdm/fleet/issues/11999
|
|
- industryName: File carving (AWS S3)
|
|
tier: Free
|
|
usualDepartment: Security
|
|
productCategories: [Endpoint operations]
|