Fleet — Open-Source Device Management and Security Platform

Introduction

Fleet by FleetDM brings IT and security teams a single platform for querying, managing, and securing every device in their organization. Built on osquery, it lets you write SQL to ask questions about your fleet in real time and enforce policies through a GitOps workflow.

What Fleet Does

• Queries real-time device data (OS version, installed software, vulnerabilities) via SQL across all endpoints
• Manages configuration and policies for macOS, Windows, Linux, and ChromeOS devices
• Detects vulnerabilities by cross-referencing installed software with CVE databases
• Enforces compliance policies with automated remediation scripts
• Supports GitOps workflows where device policies are version-controlled in Git

Architecture Overview

Fleet is a Go server backed by MySQL and Redis. It communicates with enrolled devices running the osquery agent via a TLS API. The fleet server distributes queries and collects results, while the web UI and fleetctl CLI provide management interfaces. Policies, queries, and configurations can be stored as YAML in Git and applied via CI.

Self-Hosting & Configuration

• Deploy via Docker Compose, Helm chart for Kubernetes, or prebuilt binaries
• Requires MySQL 8.0+ and Redis 6+ as backend dependencies
• Device enrollment uses installer packages (PKG, MSI, DEB, RPM) generated by Fleet
• SAML and SSO integration for admin authentication
• REST API and webhooks enable integration with SIEM, ticketing, and automation tools

Key Features

• Real-time SQL queries across thousands of devices using osquery
• Automatic vulnerability detection with NVD and OVAL feed integration
• MDM capabilities for macOS and Windows including disk encryption enforcement
• GitOps-first configuration management via YAML files and CI pipelines
• Cross-platform agent enrollment for macOS, Windows, Linux, and ChromeOS

Comparison with Similar Tools

• Osquery standalone — Raw osquery lacks fleet management, enrollment, and policy enforcement that Fleet provides
• Kolide — Commercial product built on osquery; Fleet is fully open-source with a self-hosted option
• JAMF — macOS-focused MDM; Fleet covers macOS, Windows, and Linux with a unified SQL interface
• Microsoft Intune — Cloud-only and Windows-centric; Fleet is self-hosted and cross-platform
• Wazuh — Security-focused SIEM agent; Fleet emphasizes device visibility and IT management alongside security

FAQ

Q: Is Fleet only for security teams? A: No. Fleet serves both IT operations and security, covering device management, software inventory, compliance, and vulnerability detection.

Q: How many devices can Fleet manage? A: Fleet scales to hundreds of thousands of devices. FleetDM publishes benchmarks for large-scale deployments.

Q: Does Fleet require installing osquery on every device? A: Yes. Fleet generates installer packages that bundle osquery with the Fleet enrollment configuration.

Q: Can I use Fleet with GitOps? A: Yes. Fleet policies, queries, and agent options can be defined as YAML files in a Git repo and applied through CI pipelines using fleetctl.

Sources

• https://github.com/fleetdm/fleet
• https://fleetdm.com/docs