SPOG
{{ currentViewLabel }}
Results
{{ searchResultUsers.length }} users
{{ searchResultComputers.length }} hosts
AD
ES
Active Directory Users
{{ res.displayName || res.login }}
{{ res.login }} · {{ res.department }}
Endpoints (AD + Elastic)
{{ comp.hostname }}
{{ comp.ip || 'N/A' }}
· {{ comp.os }}
{{ (comp.source || 'unknown').toUpperCase() }}
{{ formatTimeAgo(comp.lastCheckin) || formatTimeAgo(comp.lastLogon) || '' }}
No results found for "{{ searchQuery }}"
Infrastructure Status
{{ svc.name }}
{{ (svc.data?.status || 'unknown').toUpperCase() }}
LINK
AUTH
{{ svc.data.error }}
{{ key }}
{{ val || '—' }}
Search for a user or endpoint to begin triage
Use name, login, hostname, serial number, IP or email
{{ user.displayName || user.login }}
{{ user.login }}
{{ user.ad.disabled ? 'DISABLED' : (user.ad.locked ? 'LOCKED' : 'ACTIVE') }}
PWD NEVER EXPIRES
Profile
{{ f.label }}
{{ user[f.key] || 'N/A' }}
OU Path
{{ ou }}
{{ user.dn }}
Assigned Endpoints (ManagedBy)
{{ comp.hostname }}
{{ comp.os || 'Unknown OS' }}
{{ assignedEndpointStatuses[comp.hostname].toUpperCase() }}
{{ comp.enabled ? 'AD:ON' : 'AD:OFF' }}
Account State & Security
{{ s.label }}
{{ s.value }}
{{ alert.title }}
{{ alert.detail }}
Authentication Events (Elastic)
| Time | Event | Host | OS | Source |
|---|---|---|---|---|
| {{ formatTimestamp(evt['@timestamp']) }} | {{ getLoginEventLabel(evt) }} | {{ getAuthHostName(evt) }} | {{ getAuthOsLabel(evt) }} | {{ getNestedStr(evt, 'source.ip') || getNestedStr(evt, 'system.auth.ssh.ip') || '—' }} |
{{ user ? 'No login events found in Elastic' : 'Select a user to view events' }}
Select an endpoint assigned to {{ user.displayName || user.login }}:
{{ comp.hostname }}
{{ comp.os || 'Unknown' }}
Last Logon{{ comp.lastLogon || 'N/A' }}
Created{{ comp.whenCreated || 'N/A' }}
No assigned endpoints. Search for a hostname directly.
{{ selectedComputer.hostname }}
Endpoint Detail
FLEET {{ (fleetHost.status || 'N/A').toUpperCase() }}
FLEET
FLEET N/A
ELASTIC {{ elasticAgentStatus.toUpperCase() }}
ELASTIC
System Info
{{ f.label }}
{{ f.value || 'N/A' }}
Hardware & Agent Specs
CPU
{{ computerSpecs.cpuModel }}
{{ computerSpecs.cpuCores }} cores{{ computerSpecs.cpuUsagePct.toFixed(1) }}%
Memory
{{ computerSpecs.memoryUsed || '?' }} / {{ computerSpecs.memoryTotal }}{{ computerSpecs.memoryPct.toFixed(1) }}%
Disk
{{ computerSpecs.diskUsed || '?' }} / {{ computerSpecs.diskTotal }}{{ computerSpecs.diskPct.toFixed(1) }}%
{{ f.label }}{{ f.value }}
Local Users
{{ u }}
No specs data from Elastic Agent
Event Logs {{ computerLogs.length }}
{{ formatTimestamp(log['@timestamp']) }}
{{ getLogLevel(log) }}ID:{{ getWinlogEventId(log) }}
{{ log.message || getLogFallbackMessage(log) }}
{{ JSON.stringify(log, null, 2) }}No logs found
Installed Software {{ fleetSoftware.length }}{{ fleetSoftwareVulnCount }} vulns{{ fleetSoftwareCritVulns }} crit
| Name | Version | Source | Vulns |
|---|---|---|---|
| {{ sw.name }} | {{ sw.version }} | {{ sw.source }} | {{ v.cve }}+{{ sw.vulnerabilities.length - 3 }} — |
No software data
Installed Certificates {{ fleetCertificates.length }}
{{ cert.common_name || cert.subject || 'Unknown' }}
Issuer: {{ cert.issuer }}
Serial{{ cert.serial }}
Valid From{{ formatTimestamp(cert.not_valid_before) }}
Valid Until{{ formatTimestamp(cert.not_valid_after) }}
SHA256{{ (cert.sha256 || '').slice(0, 32) }}...
Keychain{{ cert.keychain }}
No certificate data available
Certificates are retrieved via FleetDM API or osquery live query
Saved Scripts {{ fleetScripts.length }}
{{ s.name }}
ID: {{ s.id }}
No saved scripts
Script Result
Waiting for result...
EXIT {{ scriptExecResult.exit_code }}{{ scriptExecResult.runtime }}sTIMEOUT
{{ scriptExecResult.output || '(no output)' }}
Run a script to see results
Compliance Policies {{ fleetPolicies.length }}
{{ p.name }}
{{ p.description }}
{{ p.resolution }}
No policy data
FleetDM Host Detail
{{ f.label }}{{ f.value }}
Host not found in FleetDM
MDM Status
Enrollment{{ fleetHost.mdm.enrollment_status || 'N/A' }}
MDM Name{{ fleetHost.mdm.name }}
Event Logs (Elastic) {{ computerLogs.length }}
{{ formatTimestamp(log['@timestamp']) }}
{{ getLogLevel(log) }}ID:{{ getWinlogEventId(log) }}
{{ log.message || getLogFallbackMessage(log) }}
{{ JSON.stringify(log, null, 2) }}No logs found
Device Security
Lock Device
Remotely lock the device screen.
Wipe Device
Erase all data. IRREVERSIBLE!
Fleet Quick Summary
Status
{{ (fleetHost.status || 'N/A').toUpperCase() }}
Platform
{{ fleetHost.platform || 'N/A' }}
Policies
{{ fleetHost.issues?.failing_policies_count || 0 }} failing
Disk Free
{{ fleetHost.percent_disk_space_available ? fleetHost.percent_disk_space_available.toFixed(0) + '%' : 'N/A' }}
Last seen: {{ formatTimestamp(fleetHost.seen_time) }}