Title
#fleet
Mystery Incorporated

Mystery Incorporated

10/16/2021, 3:11 AM
Hi, how can we get vulnerable software per host not using the UI? Is it possible?
spookerlabs

spookerlabs

10/16/2021, 8:22 AM
We talked about this in previous thread but using this endpoint https://fleetdm.com/docs/using-fleet/rest-api#get-host you will get
Mystery Incorporated

Mystery Incorporated

10/17/2021, 4:27 AM
Oh I should have specified without having to write code that queries an API. So like is it possible to have fleet write to a log or something like that, something that I can ship to elastic so I can alert anytime a vulnerability is detected
Tomas Touceda

Tomas Touceda

10/18/2021, 11:00 AM
hi!
fleetctl get software
lists all software and their CVEs
Mystery Incorporated

Mystery Incorporated

10/18/2021, 1:56 PM
@Tomas Touceda I guess I could run fleetctl on a cronjob and pipe the output to a file I can ingest into elastic?
spookerlabs

spookerlabs

10/18/2021, 2:06 PM
With --json you can easily ingest but there is no host information in this output, Just all software vulnerabilities aggregated
Mystery Incorporated

Mystery Incorporated

10/18/2021, 2:28 PM
Oh that's not going to be useful I need to know the host with the vulnerability!
Tomas Touceda

Tomas Touceda

10/18/2021, 2:41 PM
could you tell me more about the use case you are trying to cover?