Kolide Fleet: an Open-Source Osquery Fleet Manager
Osquery is a tool that allows users to monitor and ask questions about servers and workstations with an easy and expressive query language. Released three years ago at Facebook’s “Security @ Scale” conference, osquery is the most powerful open-source host instrumentation agent. Though osquery exposes rich capabilities, it only solves part of the host instrumentation problem. Using osquery on more than one host requires a server deployment in order to orchestrate and interact with the fleet of hosts running the agent. Today, Kolide is open-sourcing our osquery management server: Kolide Fleet.
Kolide Fleet is a beautiful, minimal, open-source web application for managing a fleet of hosts running osquery. Fleet gives you a place to store and iterate on osquery queries. You can run these queries on any subset of your hosts and instantly get the results flowing back into your browser.
Fleet has browser-based analytics tools that allow you to interactively filter and search results. For more advanced analytics, you can export the results of a live query, or integrate with the Fleet API server: Fleet’s UI is a React app that interacts with a robust Go-based TLS API. You can easily use this API directly in your own tools.
In addition to running a query once and getting immediate results, Fleet allows you to group those queries into query packs and perform ongoing monitoring. You define how often you want the queries to be executed, whether to track changes to results, etc.
Kolide Fleet also allows grouping of endpoints based on properties defined in queries. Imagine being able to view (and target additional scrutiny towards) machines with processes listening on non-standard ports, or those running out-of-date software. Fleet makes it easy to categorize and target subsets of hosts.
Osquery itself exposes a plethora of capabilities to the user: live queries, proactive differential monitoring, periodic state snapshots, and more. Kolide Fleet provides an intuitive UI for all of this, while still exposing the power and flexibility of osquery. Advanced configuration options, decorators and other features are supported.
We’re excited to introduce Kolide Fleet into the osquery ecosystem. If you’re looking to manage your osquery deployment using on-premises, open-source software, we hope you will consider Fleet. Learn more about Kolide fleet on our website. The source code and documentation is on GitHub at https://github.com/kolide/fleet.