# Fleet integration

Connecting [Fleet](https://fleetdm.com/) with ilert enables you to receive alerts on suspicious behavior, policy failures or host issues – and manage them via ilert’s routing, escalation, and alert grouping. This improves visibility, speeds up incident response, and reduces MTTR.

## In ilert: Create a Fleet alert source

1. Go to **Alert sources** -> **Alert sources** and click **Create new alert source**.

   <figure><img src="https://3394882078-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-M76ygPnS4HUcFSX8ulm%2Fuploads%2FjX0cS4q7woTXKajZmc1W%2FScreenshot%202023-08-28%20at%2010.21.10.png?alt=media&#x26;token=8ef3666b-84eb-4b51-abee-f07303313941" alt=""><figcaption></figcaption></figure>
2. Search for **Fleet** in the search field, click the Fleet tile, and then **Next**.

   <figure><img src="https://3394882078-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-M76ygPnS4HUcFSX8ulm%2Fuploads%2FlXzQlJpaTFSR49AZk0xA%2FScreenshot%202023-08-28%20at%2010.24.23.png?alt=media&#x26;token=cffeacb4-57b9-47d4-827d-b0f6b1afd914" alt=""><figcaption></figcaption></figure>
3. Give your alert source a name, optionally assign teams, and click **Next**.
4. Select an **escalation policy** by creating a new one or assigning an existing one.

   <figure><img src="https://3394882078-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-M76ygPnS4HUcFSX8ulm%2Fuploads%2FNnuZqONaIhbOf6fn4OkZ%2FScreenshot%202023-08-28%20at%2011.37.47.png?alt=media&#x26;token=8a74f7b5-5bd2-4eea-97fa-1c1dbb041333" alt=""><figcaption></figcaption></figure>
5. Select your [Alert grouping](https://docs.ilert.com/alerting/configure-alerting/alert-sources#alert-grouping) preference and click **Continue setup**. You may click **Do not group alerts** for now and change it later.

   <figure><img src="https://3394882078-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-M76ygPnS4HUcFSX8ulm%2Fuploads%2FueugN4JgHn1c90ggFA6u%2FScreenshot%202023-08-28%20at%2011.38.24.png?alt=media&#x26;token=b8009daf-3ca8-4264-a6fa-e42ef7333205" alt=""><figcaption></figcaption></figure>
6. The next page shows additional settings, such as customer alert templates or notification priority. Click **Finish setup** for now.
7. On the final page, an API key and/or webhook URL will be generated. You will need it later.

<figure><img src="https://3394882078-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-M76ygPnS4HUcFSX8ulm%2Fuploads%2FCgjmYrmcfy0IxyHujQAn%2Fil-1.png?alt=media&#x26;token=c41e3238-6176-4b9d-bb1b-7799e8935c8d" alt=""><figcaption></figcaption></figure>

## In Fleet: Create a Software Vulnerability Webhook

1. In the top menu bar, click **Software**.

<figure><img src="https://3394882078-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-M76ygPnS4HUcFSX8ulm%2Fuploads%2FEVJAL0NEttkimHXh499Y%2F1.png?alt=media&#x26;token=0d353339-00ab-4a3a-a4b9-82c08b9fabc8" alt=""><figcaption></figcaption></figure>

2. On the next page, click **Manage automations**.

<figure><img src="https://3394882078-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-M76ygPnS4HUcFSX8ulm%2Fuploads%2FtSw9ehpmok28uW45YpE7%2F2.png?alt=media&#x26;token=9df8dcce-28c9-4e0b-9026-d6c35b0f0337" alt=""><figcaption></figcaption></figure>

3. Enable the **Vulnerability automations** toggle and set the **Workflow** to **Webhook**.
4. In the **Destination URL** field, enter the Fleet DM URL generated earlier in ilert.
5. Click **Save** to finish the setup.

<figure><img src="https://3394882078-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-M76ygPnS4HUcFSX8ulm%2Fuploads%2FRYWsFtdxEJ5vLZyksFpM%2F3.png?alt=media&#x26;token=28306e93-56ac-48b4-a12e-edc83b477be6" alt=""><figcaption></figcaption></figure>

## In Fleet: Create a failing Policy Webhook

1. In the top menu bar, click **Policies**.

<figure><img src="https://3394882078-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-M76ygPnS4HUcFSX8ulm%2Fuploads%2FOWkH694JeLuA0pLG9UfB%2F4.png?alt=media&#x26;token=ea8368b3-60c9-4a51-8d7e-8e76c6363167" alt=""><figcaption></figcaption></figure>

2. On the next page, click **Manage automations**, then select the **Other** tab.

<figure><img src="https://3394882078-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-M76ygPnS4HUcFSX8ulm%2Fuploads%2F3ke7cZx5GgZYxUMzCCij%2F6.png?alt=media&#x26;token=d0a5fe5b-bdfb-4e49-b2da-da3562481cce" alt=""><figcaption></figcaption></figure>

3. Enable the toggle and set the **Workflow** to **Webhook**.
4. In the **Destination URL** field, enter the Fleet DM URL generated earlier in ilert.

<figure><img src="https://3394882078-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-M76ygPnS4HUcFSX8ulm%2Fuploads%2FIhQggbB855LTuug7nvF9%2F7.png?alt=media&#x26;token=c3ea53aa-0c48-4785-941a-d178ec948821" alt=""><figcaption></figcaption></figure>

5. Select the policies for which you want to receive alerts in ilert.
6. Click **Save** to complete the configuration.

<figure><img src="https://3394882078-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-M76ygPnS4HUcFSX8ulm%2Fuploads%2FPx7UqHhE84xpMHmFfy8h%2F8-2.png?alt=media&#x26;token=65681624-9b12-4461-80dd-ec0d2ae6162c" alt=""><figcaption></figcaption></figure>

## FAQ

**Will alerts in ilert be resolved automatically?**

No, unfortunately Fleet is not compatible with ilert's resolve event.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.ilert.com/integrations/inbound-integrations/fleet.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.