Osquery uses basic SQL commands to leverage a relational data-model to describe a device.

osquery

Just looking at the new API endpoint <https://fleetdm.com/docs/using-fleet/rest-api#software> for listing vulnerable software. Is there any way to surface that data to Fleet itself, so we could include it our queries and query packs?

it's not currently possible to include this information in queries as this is generated in fleet itself. We are experimenting with ways to expose this though

Nice, that would be super useful for us. We’d like to create a Grafana dashboard, as we do with data from other query packs, which get logged via ELK and visualised in Grafana

then we could include that data in “policies” we create too

it's very experimental at the moment, it's unclear whether it'll reach production, but yeah, the idea is to allow users to create policies by using the data that's locally at fleet, rather than depending on a osquery only

then the data could be queried in Fleet the same, no matter whether it came from osquery, or Fleet itself?

and also I guess that opens up the door to other agents other than osquery

maybe, the idea is to potentially make fleet a platform as osquery is for the host, but for the collected data. It's not planned to support other agents to feed data into fleet, but I suppose it is a possible future

Yeah, for our use case, it loses a bit of the appeal if we can’t use the SQL query interface for all the data. I work in a team of predominately DBAs, and the SQL interface was seen as a very powerful selling point.

that's good feedback. The PoC I've built so far let's you query the db basically, so you would have that with a bit of boilerplate around it