Fleet
Description
Fleet is an open source osquery manager that allows you to remotely manage, query, and configure osquery across a multitude of devices.
Purpose
Using Fleet in osquery allows people to make simple query or configuration changes using a nice WebUI instead of having to modify file contents across multiple hosts.
Configuration Details
- Fleet is installed on logger and can be controlled via
service fleet start/stop - Palantir’s osquery configuration and queries come pre-configured in Fleet when using DetectionLab.
Data Location
- Splunk
- Query results:
index=osquery - INFO/WARN/ERROR logs:
index=osquery-status
- Query results: