https://github.com/osquery/osquery logo
Title
o

Ojas

08/09/2022, 11:52 AM
Guys is there a way i can get just vulnerable software with the type/path of installation. So rn if i check softwares and then filter vulnerable softwares i see all but not the path. & If i check inside host & then vuln soft then i get the path/type
i need that type field with all vuln software. So is there a query i can do on all to fetch just vulnerable softwares
k

Kathy Satterlee

08/09/2022, 1:59 PM
Hi, @Ojas! You can fetch the vulnerable software using the Rest API. The results will include the source. Hope that helps!
n

Noah Talerman

08/09/2022, 4:31 PM
Hey @Ojas what version of Fleet are you currently running? The “Type” column appears on Software page in the latest version of Fleet (4.18.0).
o

Ojas

08/09/2022, 6:52 PM
i have to update to latest, thaks i’ll update and check. Also rest api docs are helpfull too thankyou
but my updated version is giving me err right now. Failed enrollment request to https://fleet.abc.com/api/v1/osquery/enroll (Request error: certificate verify failed) retrying... any help on this?
k

Kathy Satterlee

08/09/2022, 8:07 PM
What version were you updating from? Any errors in the Fleet server logs?
o

Ojas

08/10/2022, 5:10 AM
i am actually deploying whole new infra with terraform. My older is still working which is about an year old.
k

Kathy Satterlee

08/10/2022, 12:34 PM
Thanks for the context about setting up new infrastructure! What would be helpful are the logs from the server showing what's happening when the host is trying to enroll. Sometimes they have more information than the local logs from Orbit on the host.
o

Ojas

08/11/2022, 5:03 AM
how do i see the logs of server? its deployed on aws fargate
@Kathy Satterlee anything on this?
k

Kathy Satterlee

08/12/2022, 7:33 PM
Thanks for tagging me! I see what looks like probably the request sent with curl down at the bottom of the logs. Are any other enroll requests showing up at all?
o

Ojas

08/16/2022, 5:46 AM
nope no other requests. i tried redeploying from scratch but same certificate err
btw i am generating my agents using fleetctl
also if i use --insecure then it works
@Kathy Satterlee tagging you just incase you missed the message
k

Kathy Satterlee

08/17/2022, 4:25 PM
So sorry @Ojas I have been out of the office. It's odd that what looks like the
curl
request is getting logged in the server, but not the enrollment request. If you attempt enrolling again, do any POST requests show up in the service logs? Is there any chance that the certificate isn't where
fleetctl
is expecting it to be? That would be set with
--fleet-certificate=PATH_TO_YOUR_CERTIFICATE/fleet.pem
when generating the certificate.