Title
#fleet
o

Ojas

08/10/2022, 6:04 AM
@Kathy Satterlee i got the rest api can fetch us vulnerable softwares. But is there a way i can build a query in fleet to check it for a single host? Is this stored in a particular table from where i can fetch details?
Juan Fernandez

Juan Fernandez

08/10/2022, 1:53 PM
Hi, unfortunately we don't provide a table for that, but the host end point does include all software installed on the host (including vulnerable software). For example, in my test env, a call to this: api/latest/fleet/hosts/20 returns something like this:
{
  "host": {
    "created_at": "2022-08-10T13:16:27Z",
    "updated_at": "2022-08-10T13:21:27Z",
    "software": [
      {
        "id": 10,
        "name": "Common_9",
        "version": "0.0.1",
        "bundle_identifier": "com.fleetdm.osquery-perf",
        "source": "apps",
        "generated_cpe": "",
        "vulnerabilities": null
      },
      {
        "id": 30,
        "name": "zenmate",
        "version": "1.5.4",
        "source": "apps",
        "generated_cpe": "cpe:2.3:a:zenmate:zenmate:1.5.4:*:*:*:*:macos:*:*",
        "vulnerabilities": [
          {
            "cve": "CVE-2018-8076",
            "details_link": "<https://nvd.nist.gov/vuln/detail/CVE-2018-8076>"
          }
        ]
      },
...
Benjamin Edwards

Benjamin Edwards

08/10/2022, 4:04 PM
You could use fleetctl to query hosts live and pipe the results to a file or use jq for more result manipulation https://fleetdm.com/docs/using-fleet/fleetctl-cli#query-hosts