Open noahtalerman opened 3 years ago
pixelsquared
commented
3 years ago Some ideas I have had:
What are your thoughts?
noahtalerman
commented
3 years ago Hi @pixelsquared, thank you for the ideas!
Map applications to CPE
The CPE dictionary is a new data source for me. Can you help me understand why it would be helpful to map applications to CPE? Is the ultimate goal related to just your 3rd bullet, or are there use cases for CPE mapping other than the ability to check for known vulnerabilities?
Perhaps a query to identify and get the version number for each app maybe in a different repo
We're planning on including the versions along with the application/package name. I've edited this issue description to reflect this plan.
Would it be helpful to reveal the query that's used to get the version number? And what exactly do you mean by "in a different repo?"
pixelsquared
commented
3 years ago The main reason for mapping to CPE is the ability to check for known vulnerabilities.
Let me explain a bit some issues I have had in the past when trying to create a list of all install app as CPE. On windows some applications will not show their version number in the installed programs list or not even show up there such as a installed web application. Also some applications might only show one installed entry but are actually multiple applications with different CPE. And on Linux some application will install without a DEB or RPM and have their own installer. So just doing SELECT * FROM programs; or similar will not get enough data to build a list of all the CPE installed.
So what I am suggesting is creating a database of queries and configuration for gathering applications and their CPE.
pixelsquared
commented
3 years ago This might need to be a separate issue because this issue is about the UI page in the host details or do you want to keep this here?
noahtalerman
commented
3 years ago Let's move this discussion to the Vulnerability management issue #405
noahtalerman
commented
3 years ago Place software inventory behind a feature flag in the Fleet 3.11.0 release (scheduled 4.21.2021)
There are MySQL performance concerns with storing installed software data for all hosts in a Fleet instance. Releasing software inventory behind a feature flag will allow us to ship the feature quickly while warning adopters of potential performance concerns.
QueriesList. software subkey returned by the endpoint.api/v1/fleet/hosts/{id} endpoint. API wireframes are here on Figma
cc @zwass
noahtalerman
commented
3 years ago These two items will be included in the release of Fleet 3.11.0. Now scheduled for Wed April 28, 2021:
software property in the api/v1/fleet/hosts/{id} endpointFrontend changes are included in this draft PR: #643
name, version, and type properties to the api/v1/fleet/hosts/{id} API endpoint.API wireframes are included in this draft PR: #669
Request:
GET api/v1/fleet/hosts/1
Response
"host": {
...
"software": [
{
"name": "CentOS Linux $releasever - AppStream",
"type": "Package (YUM)",
"version": "",
},
{
"name": "curl",
"type": "Package (RPM)",
"version": "7.61.1",
},
]
}The release of Fleet 3.11.0 includes:
api/v1/fleet/hosts/{id} endpointIn 3.11.0, the software inventory is placed behind a feature flag. Fleet's feature flag documentation includes instructions on how to enable the software inventory feature.
This issue will continue to track updates and improvements to the software inventory feature as well as track the task of adding certificate authorities to the Host details page.
This issue tracks the addition of software inventory and certificate authority information on the Hosts details page in the Fleet UI. Each of these items will be presented in the UI within the context of a singular host.