Creating New Queries on Fleet

Guide on How to Create New Queries on Fleet

First, navigate to the queries tab by selecting "Queries" on the left menu pane. Next, select "Create new query". This will redirect to the "New query" page where a new query can be created.

From here, make an appropriate "Query Title" for the query, describing what it does. Then, put in the actual query in the "SQL" box. Finally, put an optional description of the Query if desired in the "description" box. Then hit "Save" and then "Save as new...". When back on the Query page, the newly created query will be there!

A selected saved query can now be run. Select "Edit or run query" when selected, then select "All Hosts" for hosts, then select "Run". After it successfully runs, the query's results can be viewed like this in the browser.

There is a ton more example queries to explore on Fleet's website at https://fleetdm.com/queries.

PreviousJoining Hosts to Fleet NextMespinoza/Pysa Ransomware

Last updated 2 years ago