https://github.com/osquery/osquery logo
#fleet
Title
# fleet
o

Ojas

02/09/2023, 3:48 PM
Hey Team, Also just checked that when a fleet desktop window opens that token is active for an hours by default but if you just copy that url and browse it from someother device as well you are able to see all the details. Thats kinda spooky so if someone gets hang of url they can checkout all the details. any way to fix this please?
k

Kathy Satterlee

02/09/2023, 4:06 PM
I can see how that might feel a little spooky. That url was intentionally made to be shareable, to make getting device information from an end user easier when troubleshooting (if, for instance, IT didn't have access to Fleet directly). One strategy I've seen used to lock thins up a bit is to restrict access to the endpoint to internal networks.
o

Ojas

02/09/2023, 4:07 PM
Restriction on the hosting side? like in aws you mean? or is there an option in fleet side
k

Kathy Satterlee

02/09/2023, 4:16 PM
Sorry, yes. In your load balancer or proxy server.
z

zwass

02/09/2023, 4:26 PM
Fleet also rotates this URL every hour for this purpose.
We have also seen folks put their SSO solution in front of this page.
o

Ojas

02/09/2023, 4:58 PM
alrighty thanks, i think sso can be a good option in front