Title
#fleet
m

Mike Tonks

10/19/2021, 8:51 AM
Hi, I'm interested in using Fleet for compliance auditing and it looks great but there seems to be something I'm missing. In order to verify basic things like 'installed software is up to date' I need to check not only what software packages and os version are installed, but also compare this to the expected versions. There can be hundreds on software packages on a computer so this is not a trivial task. It seems like there should be a list available of e.g. latest ubuntu package versions, mac and windows software version etc which can easily be updated periodically in order to compare against. Has anything like this been implemented with Fleet? Another approach might be to confirm that the os updates has been run in sat last 24 hours, but I can't see a way to check this. What about utilising the published CVE list. That would be similar but a negative check to show that no vulnerable software is installed. Is anything implemented or on the roadmap for this?
Tomas Touceda

Tomas Touceda

10/19/2021, 1:03 PM
hi Mike, sounds like what you are looking for is policies. You would write queries that would return rows if the policy passes, and no rows otherwise. Exactly what queries you would need, depends on what you need to accomplish. If you want to make sure that certain software versions are installed, the query might be pretty log, but it can be done.
What about utilising the published CVE list. That would be similar but a negative check to show that no vulnerable software is installed. Is anything implemented or on the roadmap for this?
we don't have this kind of functionality implemented just yet, policies work with osquery queries, what you describe would work with fleet directly. Webhooks that depend on state in fleet are in the future roadmap, but I don't think we have a timeline just yet.
m

Mike Tonks

10/19/2021, 3:33 PM
Hi Tomas, great thanks for the info 👍