https://github.com/osquery/osquery logo
Powered by
#fleet
Title
# fleet
s

spookerlabs

10/15/2021, 3:33 PM
Guys! First thanks for this awesome project. I have some questions/points about Vulnerabilty Processing: 1-) What OS is being supported ? I saw some matching for rpm_packages and none for deb_packages. Is it working for Windows and MacOS ? 2-) Using API query is working ? I tried query=instance_hostname 
/api/v1/fleet/software?query
and it returned all information even if I use any value. https://fleetdm.com/docs/using-fleet/rest-api#example108 3-) Documentation (https://fleetdm.com/docs/using-fleet/vulnerability-processing#setup ) tells to change config in wrong place 
vulnerabilities:
and correct seems like 
vulnerability_settings:
And tar mapping bit weird
Copy code
"name": "tar",
      "version": "1.26",
      "source": "rpm_packages",
      "generated_cpe": "cpe:2.3:a:archive\\:\\:tar_project:archive\\:\\:tar:1.26:*:*:*:*:perl:*:*",
      "vulnerabilities": [
        {
          "cve": "CVE-2007-4829",
          "details_link": "<https://nvd.nist.gov/vuln/detail/CVE-2007-4829>"
        },
        {
          "cve": "CVE-2018-12015",
          "details_link": "<https://nvd.nist.gov/vuln/detail/CVE-2018-12015>"
        }
      ]
    },
t

Tomas Touceda

10/15/2021, 4:25 PM
hi there! 1. are you talking about the fleet server, osquery, or fleetctl? 2. query filters are not applied yet to software. We are working to improve how we allow accessing the different data that we have, if you have a specific request, it would be great to have in the form of a feature request as for the tar mapping, could you expand what you are finding werid about that?
s

spookerlabs

10/15/2021, 5:14 PM
Hey @Tomas Touceda, about one talking about fleet server and Vulnerabilty Processing
About number 2 asking since there are "filters" over doc page and I was thnking I'm doing something wrong 😃
t

Tomas Touceda

10/15/2021, 5:16 PM
for fleet server, we recommend Linux, however, we do development both on macOS and Windows, so I don't anticipate many problems running on those servers. As for Vulnerability processing, that works at the package level, and we support all platforms there, so anywhere that osquery runs, it will work with the feature
About number 2 asking since there are "filters" over doc page and I was thnking I'm doing something wrong
yeah, that part is confusing, we have a standard way to set pagination and such, but the query part in this case is not wired in, which was a mistake on my part. what kind of data where you hoping to gather from software?
3) the documentation is correct, that is configured as part of the fleet serve config, here are all the options: https://fleetdm.com/docs/deploying/configuration#vulnerabilities
s

spookerlabs

10/15/2021, 5:22 PM
what kind of data where you hoping to gather from software?
I'd like to have hostname there or filter by hostname.
t

Tomas Touceda

10/15/2021, 5:23 PM
if you want to see software by host, you can search hosts by host name first and then get the host details, which contains software and vulnerabilities. Does that sound like it be what you need?
s

spookerlabs

10/15/2021, 5:27 PM
Cool. Should work fine =)
👍 1
Thanks
t

Tomas Touceda

10/15/2021, 5:31 PM
you're welcome!
2 Views
Powered by