Title
#fleet
r

Ryan

11/01/2021, 5:07 PM
Just looking at the new API endpoint https://fleetdm.com/docs/using-fleet/rest-api#software for listing vulnerable software. Is there any way to surface that data to Fleet itself, so we could include it our queries and query packs?
Tomas Touceda

Tomas Touceda

11/01/2021, 5:08 PM
it's not currently possible to include this information in queries as this is generated in fleet itself. We are experimenting with ways to expose this though
r

Ryan

11/01/2021, 5:09 PM
Nice, that would be super useful for us. We’d like to create a Grafana dashboard, as we do with data from other query packs, which get logged via ELK and visualised in Grafana
5:09 PM
then we could include that data in “policies” we create too
Tomas Touceda

Tomas Touceda

11/01/2021, 5:10 PM
it's very experimental at the moment, it's unclear whether it'll reach production, but yeah, the idea is to allow users to create policies by using the data that's locally at fleet, rather than depending on a osquery only
r

Ryan

11/01/2021, 5:10 PM
yeah
5:10 PM
sounds like a nice direction
5:11 PM
then the data could be queried in Fleet the same, no matter whether it came from osquery, or Fleet itself?
5:11 PM
and also I guess that opens up the door to other agents other than osquery
Tomas Touceda

Tomas Touceda

11/01/2021, 5:12 PM
maybe, the idea is to potentially make fleet a platform as osquery is for the host, but for the collected data. It's not planned to support other agents to feed data into fleet, but I suppose it is a possible future
r

Ryan

11/03/2021, 4:28 PM
Yeah, for our use case, it loses a bit of the appeal if we can’t use the SQL query interface for all the data. I work in a team of predominately DBAs, and the SQL interface was seen as a very powerful selling point.
Tomas Touceda

Tomas Touceda

11/03/2021, 4:32 PM
that's good feedback. The PoC I've built so far let's you query the db basically, so you would have that with a bit of boilerplate around it