This issue corresponds to the following Product goal in the Q2 OKRs:
Update documentation for vuln processing so that it answers “what software does Fleet check for vulns? What software does Fleet not check?”
Goal
As a Fleet user, I want to understand what installed software Fleet collects so that I know what I can rely on Fleet for in terms of coverage when comparing Fleet to other vulnerability management tools.
Notes
This is important because there are many tools that offer vulnerability management products. Each tool helps achieve a slightly different use case and as a result differ in coverage.
For example, vulnerability management tools that use scanning technologies attempt to detect vulnerabilities for installed software, cloud configurations, networks, dependencies, and more. These solutions seem to serve a use case of "show me all vulnerabilities in my organization."
The software inventory feature is the backbone of the vulnerability management product because Fleet must collect the installed software for all devices in order to flag this software as vulnerable.
Currently, Fleet detects vulnerabilities for installed software that falls into the following categories (types):
- Apps
- Browser plugins
- macOS
- Chrome extensions (Check if this is true)
- Firefox extensions (Check if this is true)
- Windows
- Chrome extensions (Check if this is true)
- Firefox extensions (Check if this is true)
- Linux
- Chrome extensions (Check if this is true)
- Firefox extensions (Check if this is true)
- Packages
- macOS
- Python
- All software installed using Homebrew
- Windows
- Python
- Atom
- All software installed using Chocolatey
- Linux
- deb
- RPM
- Atom
- Python
- All software installed using APT (Debian)
- All software installed using Portage (Gentoo)
- All software installed using YUM (Red Hat)
- All software installed using NPM
Fleet collects this software by running a software collection osquery query on all hosts.
If the host is running macOS, the "Get installed macOS software" query is run to collect software.
If the host is running Windows, the "Get installed Windows software" query is run to collect software.
If the host is running Linux, the "Get installed Linux software" query is run to collect software.
This is important because there are many tools that offer vulnerability management products. Each tool helps achieve a slightly different use case and as a result differ in coverage.
This objective will be measured by all Fleet users and contributors being able to answer "what does Fleet check for vulnerabilities?"
How?
This issue corresponds to the following Product goal in the Q2 OKRs:
Goal
As a Fleet user, I want to understand what installed software Fleet collects so that I know what I can rely on Fleet for in terms of coverage when comparing Fleet to other vulnerability management tools.
Notes
This is important because there are many tools that offer vulnerability management products. Each tool helps achieve a slightly different use case and as a result differ in coverage.
For example, vulnerability management tools that use scanning technologies attempt to detect vulnerabilities for installed software, cloud configurations, networks, dependencies, and more. These solutions seem to serve a use case of "show me all vulnerabilities in my organization."
The software inventory feature is the backbone of the vulnerability management product because Fleet must collect the installed software for all devices in order to flag this software as vulnerable.
Currently, Fleet detects vulnerabilities for installed software that falls into the following categories (types):
Fleet collects this software by running a software collection osquery query on all hosts.
If the host is running macOS, the "Get installed macOS software" query is run to collect software.
If the host is running Windows, the "Get installed Windows software" query is run to collect software.
If the host is running Linux, the "Get installed Linux software" query is run to collect software.
This is important because there are many tools that offer vulnerability management products. Each tool helps achieve a slightly different use case and as a result differ in coverage.
This objective will be measured by all Fleet users and contributors being able to answer "what does Fleet check for vulnerabilities?"
How?