Channels
android_tests
apple-silicon
arm-architecture
auditing-warroom
aws
carving
code-review
community-feeds
core
darkbytes
doorman
ebpf
eclecticiq-polylogyx-extension
extensions
file-carving
fim
fleet
fleet-dev
fleetosquery
foundation
fuzzing
general
golang
goquery
infrastructure
jobs
kolide
linen-dev
linux
macos
officehours
osctrl
plugins
process-auditing
querycon
queryhub
random
selfgroup
sql
tls
uptycs
vendor-feeds
website
windows
zeek
zentral
zercurity
Title
d
Dayvidson Bezerra
03/22/2023, 12:54 PMHi, fleet community.
I'm new working with fleet, When I install the osquery in my Windows machines the vulnerabilities doesn't in the fleet frontend.
The software list is ok, But when exist the vulnerable software the cve doesn't show in the list and the KBs microsoft doesn't list too.
m
Marcos Oviedo
03/22/2023, 2:04 PMHi Dayvidson, can you mention which version of Fleet + Orbit are you using? Thanks!
d
Dayvidson Bezerra
03/22/2023, 5:45 PM@Marcos Oviedo
My fleet version is fleet-v4.28.1 and I am using direct osquery and not orbit.
I`m starting the osquery:
osqueryd --flagfile=flagfile.txt --verbose
k
Kathy Satterlee
03/22/2023, 6:59 PMAre you seeing any errors in the Fleet server logs?
d
Dayvidson Bezerra
03/22/2023, 7:18 PM@Kathy Satterlee
I don't receive error in my fleet server.
I started my fleet server with de code below:
fleet serve --mysql_address=127.0.0.1:3306 --mysql_database=fleet --mysql_username=root --mysql_password=xxxxx --redis_address=127.0.0.1:6379 --server_cert=/root/cert/fleet.crt --server_key=/root/cert/fleetdm.key --logging_json
k
Kathy Satterlee
03/22/2023, 8:37 PMDo you see any logging for the vulnerabilities cron?
d
Dayvidson Bezerra
03/23/2023, 1:52 AMHow can I see?
@Kathy Satterlee
"cron":"integrations","level":"info","schedule":"integrations","status":"pending","ts":"2023-03-22T19:20:01.120461911Z"}
{"cron":"integrations","level":"info","schedule":"integrations","status":"completed","ts":"2023-03-22T19:20:01.132937009Z"}
{"cron":"integrations","level":"info","schedule":"integrations","status":"pending","ts":"2023-03-22T19:30:01.133331835Z"}
{"cron":"integrations","level":"info","schedule":"integrations","status":"completed","ts":"2023-03-22T19:30:01.139184242Z"}
{"level":"warn","op":"directIngestWindowsUpdateHistory","skipped":"KB id not found in VMware, Inc. - Display - 8.17.2.14","ts":"2023-03-22T19:36:27.973314812Z"}
{"level":"warn","op":"directIngestWindowsUpdateHistory","skipped":"KB id not found in VMware, Inc. - System - 9.8.16.0","ts":"2023-03-22T19:36:27.982176598Z"}
{"cron":"integrations","level":"info","schedule":"integrations","status":"pending","ts":"2023-03-22T19:40:01.15125487Z"}
{"cron":"integrations","level":"info","schedule":"integrations","status":"completed","ts":"2023-03-22T19:40:01.156754915Z"}
{"cron":"integrations","level":"info","schedule":"integrations","status":"pending","ts":"2023-03-22T19:50:01.154214169Z"}
{"cron":"integrations","level":"info","schedule":"integrations","status":"completed","ts":"2023-03-22T19:50:01.160045812Z"}
{"cron":"usage_statistics","level":"info","schedule":"usage_statistics","status":"pending","ts":"2023-03-22T20:00:00.119581574Z"}
{"cron":"vulnerabilities","level":"info","schedule":"vulnerabilities","status":"pending","ts":"2023-03-22T20:00:00.123562544Z"}
{"cron":"vulnerabilities","level":"info","periodicity":"1h0m0s","ts":"2023-03-22T20:00:00.123614043Z"}
{"cron":"vulnerabilities","level":"info","msg":"scanning vulnerabilities","ts":"2023-03-22T20:00:00.123638822Z"}
{"cron":"cleanups_then_aggregation","level":"info","schedule":"cleanups_then_aggregation","status":"pending","ts":"2023-03-22T20:00:00.12652871Z"}
{"cron":"usage_statistics","level":"info","schedule":"usage_statistics","status":"completed","ts":"2023-03-22T20:00:00.129209978Z"}
{"inf":"skipping verification of encryption keys as MDM is not fully configured","ts":"2023-03-22T20:00:00.835483778Z"}
{"cron":"cleanups_then_aggregation","level":"info","schedule":"cleanups_then_aggregation","status":"completed","ts":"2023-03-22T20:00:00.841888503Z"}
{"cron":"integrations","level":"info","schedule":"integrations","status":"pending","ts":"2023-03-22T20:00:01.161294244Z"}
{"cron":"integrations","level":"info","schedule":"integrations","status":"completed","ts":"2023-03-22T20:00:01.165771901Z"}
{"cron":"vulnerabilities","level":"info","msg":"skipping cve_meta parsing due to license check","ts":"2023-03-22T20:00:14.157928414Z"}
{"cron":"vulnerabilities","level":"info","schedule":"vulnerabilities","status":"completed","ts":"2023-03-22T20:00:40.877345283Z"}
{"cron":"integrations","level":"info","schedule":"integrations","status":"pending","ts":"2023-03-22T20:10:01.17078952Z"}
{"cron":"integrations","level":"info","schedule":"integrations","status":"completed","ts":"2023-03-22T20:10:01.175972666Z"}
{"level":"warn","op":"directIngestWindowsUpdateHistory","skipped":"KB id not found in VMware, Inc. - Display - 8.17.2.14","ts":"2023-03-23T01:52:05.202972858Z"}
{"level":"warn","op":"directIngestWindowsUpdateHistory","skipped":"KB id not found in VMware, Inc. - System - 9.8.16.0","ts":"2023-03-23T01:52:05.203064608Z"}
This info about cron?