Hey!
As far as I understand, the most common case is when a single enroll_secret is used on all clients.
It seems like you can use several enroll_secret, but this is still not about the case of an individual secret (or certificate, as is often the case) for each user.
Suppose an one employee’s workstation was compromised, the attacker knew the Fleet address and port from osquery.flags and enroll_secret.
Please tell me if it is possible to potentially perform DoS or just generate thousands of fake hosts on Fleet and complicate the life of the information security department if it starts to automatically generate and send requests to enrollment (
https://osquery.readthedocs.io/en/stable/deployment/remote/#tls-client-auth-enrollment)?
Are there any rate limits or other protection against this? Is this even possible?
Thank you for continuing to develop and improve Fleet!