FleetDM
Visualize your FleetDM policies, hosts, users, and installed software in the JupiterOne graph and detect policy violations with JupterOne Alerts.
- Installation guide
- FleetDM data model
Installation
To use this integration, JupiterOne requires an API-only global admin user's credentials.
Configuration in FleetDM
Using the fleetctl command line tool (installation instructions here), create an API-only user with global admin privileges:
fleetctl user create --name "API User" --email api@example.com --password temp#pass --api-only --global-role admin
NOTE: If you're using FleetDM to manage cloud hosts in addition to user endpoints,
create a custom label that includes the user endpoints you want to ingest as Device
entities. Each of those labeled hosts will be ingested as Device entities, and any
hosts that are not labeled will be ingested as Host entities. If you're not using
FleetDM to manage any cloud hosts, and the only hosts are user endpoints, you do not
need to specify a custom label, and all hosts will be ingested as Device entities.
Configuration in JupiterOne
From the top-bar menu, select Integrations.
Scroll to, or search for, the FleetDM integration tile and click it.
Click the New Instance button and configure the settings:
- Enter the API-only user's email address into the FleetDM User Email field.
- Enter the API-only user's password into the FleetDM User Password field.
- Enter the FleetDM Server URL into the FleetDM Hostname field.
- If you created any custom label(s) for user endpoints, enter them into the User Endpoint Labels field. Separate multiple labels with commas.
- Test your credentials and configuration by clicking the Test Credentials button.
- Enter the Account Name by which you'd like to identify this FleetDM
instance in JupiterOne. Ingested entities will have this value stored in
tag.AccountNamewhen Tag with Account Name is checked.
Click the Create button to complete the integration.
Next steps
Now that your integration instance has been configured, it will begin running on the polling interval you provided, populating data about your FleetDM environment within JupiterOne. Continue on to our Instance management guide to learn more about working with and editing integration instances.
Data Model
Entities
The following entities are created:
| Resources | Entity _type | Entity _class |
|---|---|---|
| Host | fleetdm_host | Host |
| Host | user_endpoint | Device |
| Instance | fleetdm_instance | Account |
| Policy | fleetdm_policy | ControlPolicy |
| User | fleetdm_user | User |
Relationships
The following relationships are created:
Source Entity _type | Relationship _class | Target Entity _type |
|---|---|---|
fleetdm_host | VIOLATES | fleetdm_policy |
fleetdm_instance | HAS | fleetdm_host |
fleetdm_instance | HAS | fleetdm_policy |
fleetdm_instance | HAS | fleetdm_user |
fleetdm_instance | HAS | user_endpoint |
fleetdm_policy | ASSIGNED | fleetdm_host |
fleetdm_policy | ASSIGNED | user_endpoint |
user_endpoint | VIOLATES | fleetdm_policy |
Mapped Relationships
The following mapped relationships are created:
Source Entity _type | Relationship _class | Target Entity _type | Direction |
|---|---|---|---|
fleetdm_host | INSTALLED | *fleetdm_software* | FORWARD |
user_endpoint | INSTALLED | *fleetdm_software* | FORWARD |