Fleet 4.26.0 is up and running. Check out the full changelog or continue reading to get the highlights.
For upgrade instructions, see our upgrade guide in the Fleet docs.
Available in Fleet Premium
Fleetd used to only deploy and upgrade osquery and Fleet Desktop on employees’ machines. But many Fleet users require osquery extensions to suit their situations. That meant managing extensions separately with a tool like Munki or a mobile device management (MDM) system.
Fleet 4.26.0 brings the deployment and management of extensions into fleetd — saving you the time and energy it would take to maintain extensions with a separate interface.
Fleetd checks the extension set at a configurable interval (once an hour by default). The osquery versions and extensions specified by your system define the extension set. If the extension differs from the current set (e.g., additions, upgrades, or removals), fleetd will install, upgrade, or delete the appropriate extensions.
Fleetd also checks which team a machine belongs to and applies that team’s extension set. If no team configuration exists, fleetd applies the global extension set. Team extension sets override global sets. Fleetd doesn’t merge global and team options, which was the case before Fleet 4.26.0.
Here’s how to manage extensions with fleetd:
extensions object has a
name and a
channel attribute in the YAML file.
If an extension fails to apply, fleetd will apply the other extensions and then start osquery with the reduced extension set.
Available in Fleet Premium
Security and IT administrators have long to-do lists and short deadlines. Increasing access to Fleet across the company would help lighten the workload, but more users could mean more chances for things to fall through the cracks. Fleet 4.26.0 gives you extra confidence to extend your user base.
Now you can stream Fleet user activities to external destinations, aggregating granular data for greater insights in the event issues occur.
To make sure administrative operations run smoothly, Fleet streams activity to log destinations asynchronously. Activity will still appear in the Fleet UI in real time, but streaming this data may take up to 5 minutes.
Available in Fleet Free and Fleet Premium
You already have a lot of raw data to sift through in your data lake, especially if your organization has hundreds of thousands of devices. What if you could refine your software data before it reaches the lake?
Fleet 4.26.0 reduces the number of calls you have to make to pull software data with the REST API. Each time a host has software added, updated, or deleted, a
host_software_updated_at timestamp gets updated for that host. The
host_software_updated_at timestamp is exposed through the API. This lets you send the latest software data to your data lake, so you can avoid drowning in outdated information.
MDM features are not ready for production and are currently in development. These features are disabled by default.
Fleet is building a cross-platform MDM to give IT and security teams the visibility and openness they need. Here are the latest developments:
fleetctl commands when this is the case.
Are you interested in the Fleet MDM beta? Schedule a call to save your spot.
Visit our upgrade guide in the Fleet docs for instructions on updating to Fleet 4.26.0.