https://github.com/osquery/osquery logo
#fleet
Title
# fleet
s

switch

02/08/2023, 10:58 AM
Hello. all new to fleet/osquery. so i was wondering about how to create the installer for windows endpoint. windows doesnt let me use fleetctl on windows. in the fleetdm interface it has this "Add Host" button. and pops up with a window where it gives this command to execute. but i cant get it to work, secret and fleet-url is correct. but main problem would get to actually execute the fleetctl command. anyone that can help ? maybe iv'e missunderstood the method of generating this msi ?
b

Benjamin Edwards

02/08/2023, 1:03 PM
Hey there, first you’ll need to download the fleetctl binary. This can be done via npm or by getting the exe binary from the GitHub repository releases page. The only dependency for packaging is Docker, so you’ll need that installed on Windows too. Currently, package command on Windows can build msi and deb/rpm packages. Personally I’ve had a bit more luck using WSL2.0 but it’s not required.
s

switch

02/08/2023, 1:36 PM
thanks. 😄 one more question. now i see the service running on the computer. also when im looking through the network, i see theres som cummunication happening between the agent and security onion. BUT i do not see the host show up in fleetdm. iv'e allowed the traffic to osquery, any idea why it wont show up ?. even rebootet the whole so-docker.
k

Kathy Satterlee

02/08/2023, 2:51 PM
Hi @switch! If you’re using Security Onion, please see the documentation here: https://docs.securityonion.net/en/2.3/fleet.html#fleetdm If that doesn’t work for you, here’s how you can get support: https://docs.securityonion.net/en/2.3/community-support.html
s

switch

02/09/2023, 6:26 AM
thanks ill try a more SO oriented community then 😄 first link is not pointing me in any direction.
k

Kathy Satterlee

02/09/2023, 2:43 PM
Sorry, could have pointed out the relevant part!
> Custom osquery packages are generated during setup and you can find them on the Downloads page in Security Onion Console (SOC). Before you install a package on an endpoint, use so-allow on your manager node to configure the firewall to allow inbound osquery connections.
There are specific packages set up to connect to Security Onion, as well as some configuration to allow incoming connections.