Channels
android_tests
apple-silicon
arm-architecture
auditing-warroom
aws
carving
code-review
community-feeds
core
darkbytes
doorman
ebpf
eclecticiq-polylogyx-extension
extensions
file-carving
fim
fleet
fleet-dev
fleetosquery
foundation
fuzzing
general
golang
goquery
infrastructure
jobs
kolide
linen-dev
linux
macos
officehours
osctrl
plugins
process-auditing
querycon
queryhub
random
selfgroup
sql
tls
uptycs
vendor-feeds
website
windows
zeek
zentral
zercurity
Title
s
spookerlabs
10/15/2021, 3:33 PMGuys! First thanks for this awesome project. I have some questions/points about Vulnerabilty Processing:
1-) What OS is being supported ? I saw some matching for rpm_packages and none for deb_packages. Is it working for Windows and MacOS ?
2-) Using API query is working ? I tried query=instance_hostname
/api/v1/fleet/software?queryvulnerabilities:vulnerability_settings:And tar mapping bit weird
"name": "tar",
"version": "1.26",
"source": "rpm_packages",
"generated_cpe": "cpe:2.3:a:archive\\:\\:tar_project:archive\\:\\:tar:1.26:*:*:*:*:perl:*:*",
"vulnerabilities": [
{
"cve": "CVE-2007-4829",
"details_link": "<https://nvd.nist.gov/vuln/detail/CVE-2007-4829>"
},
{
"cve": "CVE-2018-12015",
"details_link": "<https://nvd.nist.gov/vuln/detail/CVE-2018-12015>"
}
]
},t
Tomas Touceda
10/15/2021, 4:25 PMhi there!
1. are you talking about the fleet server, osquery, or fleetctl?
2. query filters are not applied yet to software. We are working to improve how we allow accessing the different data that we have, if you have a specific request, it would be great to have in the form of a feature request
as for the tar mapping, could you expand what you are finding werid about that?
s
spookerlabs
10/15/2021, 5:14 PMHey @Tomas Touceda, about one talking about fleet server and Vulnerabilty Processing
About number 2 asking since there are "filters" over doc page and I was thnking I'm doing something wrong 😃
t
Tomas Touceda
10/15/2021, 5:16 PMfor fleet server, we recommend Linux, however, we do development both on macOS and Windows, so I don't anticipate many problems running on those servers. As for Vulnerability processing, that works at the package level, and we support all platforms there, so anywhere that osquery runs, it will work with the feature
About number 2 asking since there are "filters" over doc page and I was thnking I'm doing something wrongyeah, that part is confusing, we have a standard way to set pagination and such, but the query part in this case is not wired in, which was a mistake on my part. what kind of data where you hoping to gather from software?
3) the documentation is correct, that is configured as part of the fleet serve config, here are all the options: https://fleetdm.com/docs/deploying/configuration#vulnerabilities
s
spookerlabs
10/15/2021, 5:22 PMwhat kind of data where you hoping to gather from software?t
Tomas Touceda
10/15/2021, 5:23 PMif you want to see software by host, you can search hosts by host name first and then get the host details, which contains software and vulnerabilities. Does that sound like it be what you need?
s
spookerlabs
10/15/2021, 5:27 PMCool. Should work fine =)
👍 1
Thanks
t
Tomas Touceda
10/15/2021, 5:31 PMyou're welcome!