Fleet 4.28.0 is up and running. Check out the full changelog or continue reading to get the highlights.
For upgrade instructions, see our upgrade guide in the Fleet docs.
Available in Fleet Premium and Fleet Ultimate
Fleet now includes scheduling and running a complete set of CIS benchmark policies as part of Premium and Ultimate. The Center for Internet Security publishes benchmark documents that describe how computers should be configured in order for them to avoid vulnerabilities addressed therein. Today, we have 100% coverage for all automatable macOS 13 Ventura CIS benchmarks.*
CIS benchmark policies represent the consensus-based effort of cybersecurity experts globally to help you protect your systems against threats more confidently. Fleet takes 🟠 Ownership toward providing the most comprehensive set of CIS benchmark policies available. Using Fleet to apply CIS policies will assist you in quickly bringing your fleet into compliance, saving your organization time and money.
Premium and Ultimate Fleet plans have the ability to import the CIS benchmarks into your queries list, where you can schedule or edit them. Once imported, you would see something like this:
*Some CIS Benchmarks require manual intervention.
For more information on adding CIS Benchmarks, check out the documentation here.
A false negative occurs when a policy reports there is not a vulnerability, but there actually is a vulnerability. Even if a policy reports zero vulnerabilities, that does not imply there are no vulnerabilities present. Both of these types of errors can cause problems when trying to identify vulnerabilities that need attention.
Due to limitations with the National Vulnerability Database (NVD), the Common Platform Enumeration (CPE), a structured naming scheme, maps to a suite version (e.g., Microsoft Word 2019) instead of the software version number (e.g., 16.11201) provided by osquery for product vulnerabilities. To reduce false negatives, Fleet has worked to process vulnerabilities directly from the Microsoft Security Response Center (MSRC). Fleet now pulls vulnerability data from the MSRC for Microsoft Office products. Fleet will exclude Microsoft product vulnerabilities provided by the NVD, prioritizing vulnerabilities enumerated by the MSRC and product release notes.
The new method for collecting and establishing vulnerability profiles for Fleet provides for more accurate CVE policy creation. It reduces the chance of false negatives or the potential to miss alerting to a vulnerability. Reducing false negatives in Fleet’s policies increases your security standing, bringing you 🟢 Results through 🔵 Objectivity by prioritizing a source of truth and 🟣 Openness in our vulnerability discovery process.
Learn more about Fleet’s vulnerability processing.
Fleet is working diligently to reduce the overhead associated with running several background jobs, including vulnerability processing. Background jobs with significant resource needs have been moved from scheduled to on-demand. These changes help reduce resource needs and, ultimately, infrastructure costs.
Utilizing smaller instances, reducing resource needs, and lowering your expenditure aligns with Fleet’s values of 🟠 Ownership and 🟢 Results. The changes allow you to allocate lower resources to your running Fleet servers, run an occasional job on-demand to do resource-intensive processing, and have more control over how background jobs and resources are allocated.
For more information on enabling this functionality, check out the documentation here.
Visit our upgrade guide in the Fleet docs for instructions on updating to Fleet 4.28.0.