OSQuery Training
  • ℹī¸Info
    • What is OSQuery?
  • đŸ–Ĩī¸Installation Guides
    • đŸĨDebian + Ubuntu Based Systems
    • 🎩Red Hat, CentOS and Fedora Systems
    • đŸĒŸWindows Based Systems
  • 🔰Using OSQuery
    • Basic Queries
  • 💠FleetDM Guides
    • FleetDM Setup
    • Joining Hosts to Fleet
    • Creating New Queries on Fleet
  • 📗Lesson 1
    • Mespinoza/Pysa Ransomware
    • Hunting Mespinoza/Pysa
  • 📙Lesson 2
    • Pay2Key Ransomware
    • Hunting Pay2Key
Powered by GitBook
On this page
  1. FleetDM Guides

Creating New Queries on Fleet

Guide on How to Create New Queries on Fleet

PreviousJoining Hosts to FleetNextMespinoza/Pysa Ransomware

Last updated 3 years ago

First, navigate to the queries tab by selecting "Queries" on the left menu pane. Next, select "Create new query". This will redirect to the "New query" page where a new query can be created.

From here, make an appropriate "Query Title" for the query, describing what it does. Then, put in the actual query in the "SQL" box. Finally, put an optional description of the Query if desired in the "description" box. Then hit "Save" and then "Save as new...". When back on the Query page, the newly created query will be there!

A selected saved query can now be run. Select "Edit or run query" when selected, then select "All Hosts" for hosts, then select "Run". After it successfully runs, the query's results can be viewed like this in the browser.

There is a ton more example queries to explore on Fleet's website at .

💠
https://fleetdm.com/queries
"New query" Page
Saved Query on Fleet
Query Results