Remotely run scripts and prompts to complete tasks on every kind of computer, including Linux.
Pulse check anythingUse a live connection to every endpoint to simplify audit, compliance, and reporting from workstations to data centers.
Ship data to any platformShip logs to any platform like Splunk, Snowflake, or any streaming infrastructure like AWS Kinesis and Apache Kafka.
“This is not just production osquery, but actually a way bigger opportunity than even something like Airwatch or Jamf.”
Eric Tan
CIO & Chief Security Officer at Flock Safety
Remote-control IT tasks on every kind of computer – even you, Linux.
Write and run scripts remotely, report progress, and replay queued up tasks on computers that went offline.
Optionally integrate Google Calendar to make changes when certain users’ devices are actually free.
Use a live connection to every endpoint to simplify audit, compliance, and reporting from workstations to data centers.
Talk to online devices in real time with Fleet’s live query API. Implement custom workflows like conditional access based on device posture, Identity, and more.
Get visibility into all endpoints across any operating system*, including support for servers and containers in every cloud infrastructure.
Identify who logs in to any system, including login history and current sessions. Look up any computer by the email address of the person using it.
Keep all your endpoints* compliant with customizable baselines, or use common benchmarks like CIS.
Verify that your EDR tools are installed and working so you can identify and address configuration issues quickly.
Track progress towards deadlines for security posture remediation projects, and enforce due dates through automations.
*Currently limited to: Apple, Linux, Windows, Chromebooks, OT, data centers, Amazon Web Services (AWS), Google Cloud (GCP), and the Microsoft Cloud (Azure).
Export anything. Ship data to any platform like Splunk, Snowflake, or any streaming infrastructure like AWS Kinesis and Apache Kafka.
Extract data and correlate it with your log aggregator, SIEM, or data lake.
Ease your logging burden, pull the data you need.
You can use Fleet’s API to customize every aspect of conditional access – even the stuff your CISO hasn’t thought of yet.
Gate access with common device trust policies from industry peers, or roll out your own device health checks using system data and events.
Show resolution steps or use custom HTML to show employees what they need to do to restore their access without waiting on a ticket. Then give it back automatically, as soon as the problems are fixed.
Give people a way to get back to work quickly and minimize downtime. Fleet’s live query API instantly re-checks the OS version and other device state so users don’t get locked out.
Accelerate deployment and get more out of osquery. You don’t need to be an osquery expert to get the answers you need from your devices.
Remotely disable/enable agent features, choose plugins, and keep osquery up to date.
Import community queries from other security teams at top brands like Palantir and Fastly.
Implement the Center for Internet Security (CIS) benchmarks (one click, 400+ queries, supported by Fleet). Or customize exactly the queries you need.
Monitor sensitive production environments without enabling remote scripting by building the agent in "read-only" mode.