Extend Fleet

Okta is an identity and access management (IAM) platform. Configure Fleet as an Okta SAML application so your team signs in with existing corporate credentials, reduces password sprawl, and centralizes access control.

Snowflake is a cloud data warehouse. Stream Fleet host and osquery data into Snowflake to run analytics, build dashboards, and combine endpoint visibility with the rest of your data, so security and BI teams work from one source.

Tines is a no-code SOAR and workflow automation platform. Use Fleet webhooks so Tines runs workflows when hosts go offline, policies fail, or new vulnerabilities appear, automating response without writing code.

runZero is an asset discovery and network visibility platform. Use runZero to deploy osquery and discover assets, then manage and query those hosts in Fleet, giving you one place for asset discovery and endpoint visibility.

Active Directory is an on-premises identity and directory service. Use AD as the identity provider for Fleet so users sign in with existing domain credentials, keeping Fleet aligned with your current identity and access model.

Ansible is a configuration management and automation platform. Run Ansible playbooks from or alongside Fleet to install software, change configs, and enforce state across your hosts, combining Fleet’s visibility with Ansible’s automation.

AWS is a cloud provider. Run a self-managed Fleet server on EC2 (or ECS) so Fleet lives in your AWS account, giving you full control over data, networking, and compliance while using the same cloud you already use.

Azure is a cloud provider. Run a self-managed Fleet server on Azure VMs or containers so Fleet runs in your Azure tenant, keeping endpoint data in your cloud and under your governance.

Chef is a configuration management platform. Deploy and run Chef cookbooks with Fleet to define and enforce desired state across servers and workstations, so Fleet’s visibility pairs with Chef’s configuration automation.

Elastic (Elasticsearch, Kibana) is a search and observability platform. Send Fleet and osquery logs and results to Elastic to search, visualize, and alert on endpoint data, turning Fleet into a rich data source for your SIEM or ops stack.

GitHub is a version control and CI/CD platform. Use GitHub Actions (or similar) to apply Fleet configuration and profiles from a repo, so Fleet config is versioned, reviewed, and deployed via a gitOps workflow.

GitLab is a version control and CI/CD platform. Use GitLab CI to manage and apply Fleet configuration from a repo, so Fleet follows a gitOps workflow with version history and collaboration.

Google Chronicle is a SIEM and security analytics platform. Ingest Fleet and osquery data into Chronicle to run detections and investigations on endpoint telemetry, so Fleet’s host and query data powers your security analytics.

Google Cloud Platform (GCP) is a cloud provider. Run a self-managed Fleet server on Compute Engine or GKE so Fleet operates inside your GCP project, with control over data residency and network topology.

Ilert is an alerting and incident management platform. Route Fleet webhooks (e.g., policy failures, new CVEs) to Ilert to get notified via SMS, push, or voice, so critical endpoint events reach the right people immediately.

Jira is a ticketing and project management platform. Use Fleet’s vulnerability automations to create Jira tickets when new CVEs are detected on hosts, so remediation is tracked in the same tool your team already uses.

Munki is an open-source Mac software management tool. Use Fleet with Munki (e.g., via bootstrap packages) to deploy and update software on macOS hosts, so Mac fleet management and Fleet’s visibility stay in sync.

Puppet is a configuration management platform. Deploy and run Puppet with Fleet to enforce desired state and compliance across infrastructure, so Fleet’s host visibility complements Puppet’s configuration automation.

Salt is a configuration management and orchestration platform. Deploy and run Salt with Fleet to automate configuration and compliance at scale, so Fleet’s endpoint view and Salt’s automation work together.

Splunk is a SIEM and observability platform. Send Fleet logs and osquery results to Splunk to search, correlate, and alert on endpoint data alongside the rest of your security and ops data.

Oomnitza is an IT asset management (ITAM) platform. Sync Fleet host data (serial, user, location, lifecycle) into Oomnitza so asset inventory, lifecycle, and compliance are based on the same endpoint truth.

Adaptive Shield is a SaaS security posture management (SSPM) platform. Use Fleet’s device and configuration data so Adaptive Shield can notify and help remediate when SaaS app configuration drifts, connecting endpoint and SaaS security.

Homebrew is a Mac and Linux package manager. Use Fleet to install and manage software via Homebrew across your fleet, so open-source tools and dependencies are deployed consistently and at scale.

Workbrew manages Homebrew packages across your macOS fleet. Connect Workbrew to Fleet to map those hosts and get a single view of device health, queries, and policies alongside your Homebrew deployment status.

Vanta is a compliance and security automation platform. Send Fleet user and host data to Vanta to automatically collect evidence and demonstrate control over endpoints, speeding up audits and continuous compliance.

Use any SAML-compatible IdP for Fleet. Combine Fleet's device ground truth (e.g., host status, policy) with your IdP so access decisions can factor in both identity and device state.

Webhooks are outbound event notifications. Fleet can send webhooks when host, policy, or CVE status changes, so you can trigger ticketing, SOAR, chat, or custom scripts without polling, and keep the rest of your stack in sync.

Fleet’s REST API exposes hosts, queries, policies, and configuration programmatically. Use it to build custom dashboards, integrate with internal tools, or automate Fleet, so you can extend Fleet to fit your workflows.