Fleet integration

Connecting Fleet with ilert enables you to receive alerts on suspicious behavior, policy failures or host issues – and manage them via ilert’s routing, escalation, and alert grouping. This improves visibility, speeds up incident response, and reduces MTTR.

In ilert: Create a Fleet alert source

1. Go to Alert sources -> Alert sources and click Create new alert source.

   
2. Search for Fleet in the search field, click the Fleet tile, and then Next.

   
3. Give your alert source a name, optionally assign teams, and click Next.

4. Select an escalation policy by creating a new one or assigning an existing one.

   
5. Select your Alert grouping preference and click Continue setup. You may click Do not group alerts for now and change it later.

   
6. The next page shows additional settings, such as customer alert templates or notification priority. Click Finish setup for now.

7. On the final page, an API key and/or webhook URL will be generated. You will need it later.

In Fleet: Create a Software Vulnerability Webhook

1. In the top menu bar, click Software.

1. On the next page, click Manage automations.

1. Enable the Vulnerability automations toggle and set the Workflow to Webhook.

2. In the Destination URL field, enter the Fleet DM URL generated earlier in ilert.

3. Click Save to finish the setup.

In Fleet: Create a failing Policy Webhook

1. In the top menu bar, click Policies.

1. On the next page, click Manage automations, then select the Other tab.

1. Enable the toggle and set the Workflow to Webhook.

2. In the Destination URL field, enter the Fleet DM URL generated earlier in ilert.

1. Select the policies for which you want to receive alerts in ilert.

2. Click Save to complete the configuration.

FAQ

Will alerts in ilert be resolved automatically?

No, unfortunately Fleet is not compatible with ilert's resolve event.