FleetDM
Visualize your FleetDM policies, hosts, users, and installed software in the JupiterOne graph and detect policy violations with JupterOne Alerts.
- Installation
- Data Model
- Types
Installation
To use this integration, JupiterOne requires an API-only global admin user's credentials.
Configuration in FleetDM
Using the fleetctl command line tool (installation instructions here), create an API-only user with global admin privileges:
fleetctl user create --name "API User" --email api@example.com --password temp#pass --api-only --global-role admin
NOTE: If you're using FleetDM to manage cloud hosts in addition to user endpoints,
create a custom label that includes the user endpoints you want to ingest as Device
entities. Each of those labeled hosts will be ingested as Device entities, and any
hosts that are not labeled will be ingested as Host entities. If you're not using
FleetDM to manage any cloud hosts, and the only hosts are user endpoints, you do not
need to specify a custom label, and all hosts will be ingested as Device entities.
Configuration in JupiterOne
To install the FleetDM integration in JupiterOne, navigate to the Integrations tab in JupiterOne and select FleetDM. Click New Instance to begin configuring your integration.
Creating an instance requires the following:
-
The Account Name used to identify the FleetDM account in JupiterOne. Ingested entities will have this value stored in
tag.AccountNamewhen theAccountNametoggle is enabled. -
Description to assist in identifying the integration instance, if desired.
-
Polling Interval that you feel is sufficient for your monitoring needs. You may leave this as
DISABLEDand manually execute the integration. -
Your FleetDM User Email, FleetDM User Password, and FleetDM Hostname.
-
Optionally, User Endpoint Labels (separate multiple labels with commas).
Click Create once all values are provided to finalize the integration.
Next steps
Now that your integration instance has been configured, it will begin running on the polling interval you provided, populating data about your FleetDM environment within JupiterOne. Continue on to our Instance management guide to learn more about working with and editing integration instances.
Entities
The following entities are created:
| Resources | Entity _type | Entity _class |
|---|---|---|
| Host | fleetdm_host | Host |
| Host | user_endpoint | Device |
| Instance | fleetdm_instance | Account |
| Policy | fleetdm_policy | ControlPolicy |
| User | fleetdm_user | User |
Relationships
The following relationships are created:
Source Entity _type | Relationship _class | Target Entity _type |
|---|---|---|
fleetdm_host | VIOLATES | fleetdm_policy |
fleetdm_instance | HAS | fleetdm_user |
fleetdm_instance | HAS | fleetdm_host |
fleetdm_instance | HAS | user_endpoint |
fleetdm_instance | HAS | fleetdm_policy |
fleetdm_policy | ASSIGNED | fleetdm_host |
fleetdm_policy | ASSIGNED | user_endpoint |
user_endpoint | VIOLATES | fleetdm_policy |
Mapped Relationships
The following mapped relationships are created:
Source Entity _type | Relationship _class | Target Entity _type | Direction |
|---|---|---|---|
fleetdm_host | INSTALLED | fleetdm_software | FORWARD |
user_endpoint | INSTALLED | fleetdm_software | FORWARD |