Channels
android_tests
apple-silicon
arm-architecture
auditing-warroom
aws
carving
code-review
community-feeds
core
darkbytes
doorman
ebpf
eclecticiq-polylogyx-extension
extensions
file-carving
fim
fleet
fleet-dev
fleetosquery
foundation
fuzzing
general
golang
goquery
infrastructure
jobs
kolide
linen-dev
linux
macos
officehours
osctrl
plugins
process-auditing
querycon
queryhub
random
selfgroup
sql
tls
uptycs
vendor-feeds
website
windows
zeek
zentral
zercurity
Title
t
Tor Houghton
12/13/2021, 9:22 AMAre there any hints as to where files that are carved, end up? Or is fleet not yet ready for this?
k
koo
12/13/2021, 9:48 AMAs from Fleet 3.6.0 carved files can be stored in AWS S3 buckets. Previously they were stored in Fleet's database.
You can checkout this issue for more info on this.
https://github.com/fleetdm/fleet/issues/111
t
Tor Houghton
12/13/2021, 7:11 PMThanks; I found them in the mysql carve_blocks table. I hope the function(s) to operate on this data will appear. As for S3, that's great, but I couldn't readily see where the configuration for the buckets would be? (I would like to use my own min.io S3 store, for that matter.)
z
zwass
12/13/2021, 10:00 PMUse
fleetctl get carves👍 1
Minio is supported as well.
k
Kathy Satterlee
12/16/2021, 4:05 PMHi, @Tor Houghton! You can check out the docs for more information on setting up the carving backend.
👍 2
t
Tor Houghton
12/16/2021, 4:59 PMThanks! I will check.
By the way, that docs page has a typo at "allow_missing_migations" (headline under Upgrades)
k
koo
12/17/2021, 6:38 AMThanks @Tor Houghton for catching that. I just submitted a PR to fix that typo.
https://github.com/fleetdm/fleet/pull/3405