Hi guys Could you please give some advices how to securely o

Question

Hi guys Could you please give some advices how to securely open fleet access for osquery from internet

Artem · Answer

Some our hosts are in isolated network segments from each other and have access only to internet

Benjamin Edwards · Answer

Benjamin Edwards · Answer

This is the only API absolutely required to be public for hosts that are running osquery and aren t on the same network as the fleet servers

Artem · Answer

Thank you

Jason · Answer

We expose our fleet server to the internet behind a WAF and restrict the admin interface to known IPs Also we are able to block potential abuse bots etc this way

Artem · Answer

Hi < Jason> Thank you too We ll try to create ACL for such hosts

Andreas Piening · Answer

Just for my understanding The clients osquery nodes needs access to the fleet server at ` api osquery` but not the other way around right So it would be fine to have a local system behind `NAT` which is not directly exposed or reachable from the public network as long as the node can access the `fleet` server via `HTTPS`

Jason · Answer

Correct

Jason · Answer

Double check with the fleet folks Some of the endpoints have changed recently