Osquery uses basic SQL commands to leverage a relational data-model to describe a device.

osquery

question on how to enable vulnerabilities.

I am using the following version 4.57.3. Osquery 5.12.2. Fleet server is successfully pulling Software and other details from the hosts that are connected. When I login to the UI vulnerabilities column is all empty. Do I need additional configuration to enable pulling vulnerabilities?

Hi <@U07Q54J6U7L>! Vulnerabilities are enabled by default. Are you seeing any error in the Fleet logs related to vulnerabilities?

<@U02KY9FDA59> this is the error I see in Fleet logs:
```level=error ts=2025-02-11T08:00:18.480079Z cron=vulnerabilities schedule=vulnerabilities instanceID="h72w5qMydU3AM6EGe7xcDdJbUf2DPx7WFy4GBmi1ofMbWb5Qe3/ipSisnobhmTpwUJHvkW3bIdCFnQhBR1vHKQ==" msg="unlock failed" err="context canceled"```

actually let me get the error from another instance. This is from the one I had software inventory disabled.

Here is the first error I see:
```{"cron":"vulnerabilities","err":"sync CPE translations: Get \"<https://api.github.com/repos/fleetdm/nvd/releases?per_page=10>\": tls: failed to verify certificate: x509: certificate signed by unknown authority","level":"error","msg":"syncing vulnerability database","ts":"2025-02-11T11:56:27.233215828Z"}```
Followed by the following errors:
```{"cron":"vulnerabilities","err":"open /tmp/vulndbs/cpe_translations.json: no such file or directory","level":"error","msg":"failed to load cpe translations","ts":"2025-02-11T11:56:27.234909088Z"}
{"cron":"vulnerabilities","err":"getting cpes for: Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.40.33816: no such table: cpe_2","level":"error","msg":"error translating to CPE, skipping","software":"Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.40.33816","source":"programs","ts":"2025-02-11T11:56:27.235761921Z","version":"14.40.33816"}```

<@U02KY9FDA59> let me know if you need any other details

Apologies <@U07Q54J6U7L>, It appears as though your instance is having trouble communicating with the repository containing vulnerability data.  Is Fleet running behind a proxy, if so you may need to configure some environment variables to allow communication with vulnerability datasources:

<https://fleetdm.com/docs/deploy/reference-architectures#using-a-proxy>

Since you're running an older version of Fleet, we'd recommend upgrading to the latest version to see if that resolves your issue. If not, please reach out again and we'll take another look!

Thanks <@U02KY9FDA59> fleet is running in aws. It is deployed using this reference - <https://fleetdm.com/docs/deploy/deploy-fleet#aws>. To answer your question it's not behind a proxy.