Expand osquery capabilities from a single machine to your entire fleet. Query dynamic sets of hosts, and watch the data stream in for immediate analysis and investigation. Export results for a closer look in your favorite tools.
If you selected to enable Fleet during the setup, you can now login to Fleet using the email address and password that you entered during the installer. You can edit the password or add a new Fleet user within Fleet itself.
Custom osquery packages were generated for you during setup and you can find them under Downloads in Security Onion Console (SOC). Before you install a package on an endpoint, use
sudo so-allow on your manager node to configure the SO firewall to allow inbound osquery connections.
Fleet configuration can be found in
/opt/so/conf/fleet/. However, please keep in mind that if you make any changes to this directory they may be overwritten since the configuration is managed with Salt.
Fleet logs can be found in