noahtalerman
commented
1 month ago When the host was included in the scope of a live query When the host changed teams When MDM was turned on or off for the host
Thanks for tracking these @ddribeiro. Adding these makes a lot of sense.
@marko-lisica do you know if we have designs for any of these yet? (in other stories)
marko-lisica
Problem
As an IT admin, Fleet's global activities feature is useful because I can easily audit actions that are being taken on my Fleet server and hosts.
Finding events that happened on a per host basis can be difficult using the Fleet UI. I'd like the ability to see events that a relevant to a specific host on that host's details page.
What have you tried?
I noticed a host changed teams when I did not expect it to. This action is logged in the global activity feed, but as I did not know when it happened, it was difficult to click through the pages to find the event. There is also no search or ability to filter by an event type in the UI.
Potential solutions
There is an existing "Activity" section on the host details page that shows when scripts were ran and when lock/wipe commands were executed on that host.
This FR is to expand the events that are shown here to match what is reported in the Global Activity feed, including:
What is the expected workflow as a result of your proposal?
As a result of this proposal, a Fleet user would navigate to a specific host's details page and see all activities that apply to that host (team changes, queries run). For the previous example where a host change teams: A Fleet admin would notice team membership changed and begin to investigate the cause. They would click into the host defaults page, see the activity section, and easily identify who made the change and when. This is an improvement over having to sort through global activities looking for the event.