search

fleetdm / fleet

Open-source platform for IT, security, and infrastructure teams. (Linux, macOS, Chrome, Windows, cloud, data center)
https://fleetdm.com
Other
2.92k stars 405 forks source link

Display hardware marketing names instead of hardware identifiers in host details #20413

Open ddribeiro opened 1 month ago

ddribeiro commented 1 month ago

Problem

I want to be able to see the hardware marketing name for a particular host in Fleet instead of the hardware identifier. For example, instead of Мас15,7, I want to see MacBook Pro (16-inch, Nov 2023).

Screenshot 2024-07-12 at 10 25 52 AM

What have you tried?

I tried building a query that would return the marketing name for a specific Mac but was unable to come up with something reliable that worked with newer Mac models:

Method 1: Apple maintains an API at https://support-sp.apple.com/sp/product?cc=<last 3 or 4 of serial> that returns an XML file containing the marketing name for that Mac. I was trying to build a query that trimmed the last 3 or 4 digits from a serial number, passed it to the API using the curl table, and would parse the XML response. However, in 2021, Apple started using randomized 10 digit serial numbers, so this method won't work for computers made since then. I was unable to come up with a workaround for this.

Method 2: There's a plist file on every Mac at /System/Library/PrivateFrameworks/ServerInformation.framework/Versions/A/Resources/en.lproj/SIMachineAttributes.plist that maps every Mac's hardware model to the marketing name we're looking for. I attempted to build a query that grabbed the hardware_model from the system_info table and used the plist table to look up the corresponding marketing name. Unfortunately, it seems to have stopped being updated with the transition to Apple Silicon and no recent Macs appear there either.

Potential solutions

I think to solve this, Fleet might need to maintain its own mapping of hardware identifiers to marketing names. This might be a tedious task, but this is information many customers expect to see in their MDM.

What is the expected workflow as a result of your proposal?

When viewing host details via the Fleet UI or the API, a more friendly hardware marketing name will be displayed instead of a less commonly known hardware identifier.

JoStableford commented 1 month ago

Related to a Slack conversation

noahtalerman commented 1 month ago

Apple maintains an API at https://support-sp.apple.com/sp/product?cc=<last 3 or 4 of serial> that returns an XML file containing the marketing name for that Mac.

@ddribeiro nice find!

I think it would make sense to add this info as something like a display_hardware_model or marketing_hardware_model column to the _system_info table_. (macOS only)

@getvictor what do you think?

getvictor commented 1 month ago

Apple maintains an API at https://support-sp.apple.com/sp/product?cc=<last 3 or 4 of serial> that returns an XML file containing the marketing name for that Mac.

@ddribeiro nice find!

I think it would make sense to add this info as something like a display_hardware_model or marketing_hardware_model column to the _system_info table_. (macOS only)

@getvictor what do you think?

@ddribeiro Do you have docs for the Apple API? I tried it and it didn't work for me:

<?xml version="1.0" encoding="utf-8" ?><root><error>0009</error><locale>en_US</locale></root>

@noahtalerman Doing an API call will add latency to the system_info table. Since it is an osquery core table, I doubt we could make this change.

We could just keep this info in our DB. We can cache the mapping from model to display name in Redis, or similar.

ddribeiro commented 1 month ago

@getvictor No, unfortunately the API is undocumented. It doesn't seem to work anymore with the randomized 10 digit serial numbers that Apple started using recently. I only mentioned the API as something that I tried that doesn't work as a reason we should build this into Fleet ourselves.

noahtalerman commented 1 month ago

I only mentioned the API as something that I tried that doesn't work as a reason we should build this into Fleet ourselves.

@ddribeiro oh, I misunderstood. Sorry about that.

Do you know where could we get the mapping of hardware_model Fleet collects => marketing names?

ddribeiro commented 1 month ago

@noahtalerman I came across EveryMac.com when I was looking for how to solve this. The search feature lets you input a hardware_model and returns the marketing name. All done through UI, no API as far as I can tell.

Anecdotally, I've noticed that sometimes different Macs share the same hardware identifier. Not sure how often that happens or how we solve for it.