search

fleetdm / fleet

Open-source platform for IT, security, and infrastructure teams. (Linux, macOS, Chrome, Windows, cloud, data center)
https://fleetdm.com
Other
3.17k stars 434 forks source link

Add ability to query all available parameters on host details page #20942

Open ddribeiro opened 4 months ago

ddribeiro commented 4 months ago

Problem

As a Fleet Admin, I want the ability to query all attributes that are presented on the host details page.

For example, an environment with the GeoIP location database enabled will show the general location of a host on the host details page. This information is not obtained directly from osquery, so it is not queryable today.

What have you tried?

I tried to create a dynamic label to find all my hosts in the European Union, but there is no table that allows me to query attributes stored in the Fleet database. I am unable to build a query to find hosts in a geographic location even though that information exists in the Fleet UI.

Potential solutions

Today, I could write a query to obtain the IP address of a host and use the curl table to send it to a geolocation service to get general location information. I’d prefer not to do this as I would like to avoid sending host IP information to a 3rd party, especially when this information is already available in Fleet.

Ideally, there would be a table that would allow me to query attributes stored in the Fleet database. That way, whatever information Fleet knows about my device can be used to group my devices via a label.

What is the expected workflow as a result of your proposal?

I might want to deploy a configuration profile only to my hosts in the European Union. To do this, I would create a dynamic label using a query that identifies hosts in the EU as reported by the location field on the host details page. I would then upload my configuration profile and use the dynamic label to scope the profile only to hosts in the EU.
noahtalerman commented 3 months ago

Thanks @ddribeiro!

I might want to deploy a configuration profile only to my hosts in the European Union.

It's super helpful when you include the specific workflow/use case. This way, we can see if we've heard similar workflows from other customers. Helps use prioritize smaller, more iterative features.

Using this use case, it seems like we could bite off a smaller chunk and ship a story that's like "Configuration profiles based on location"

Or, if customers are trying to run queries, or install different software the feature might look like "Labels based on location"

Or, the full blown "Query based on host details (non osquery)" might be the best solution if users are really trying to filter by many different things.

To get help us get there, can you please help collect as many specific workflows? I think a way we could approach customers is with a question like "If you could query based on host details what would your queries look like? And, how would you apply these labels?"