How to List Operating Systems Across All Mac, Windows, and Linux Devices
Using Kolide, you can easily view and query Operating Systems across your fleet.
Introduction
An operating system (OS) is system software that runs your computer hardware, software programs, and provides core services so that those programs can operate.
Kolide collects details about the operating system such as its version, its architecture and codenames utilized by the OS vendor for the operating system.
A note on multi-OS devices:
Each device in Kolide is associated with a single operating system. If you have multiple operating systems on the same device, Kolide will need to be installed on each to have visibility. For example, if you have a macOS device which has a Windows Bootcamp partition, it would need Kolide to be installed twice (once on each OS) and it would be represented as two distinct device enrollments in Kolide with OS-specific data.
What Operating System Data Can Kolide Collect?
Kolide's endpoint agent bundles in osquery to efficiently collect Operating Systems from Mac, Windows, and Linux devices in your fleet. Once collected, Kolide will parse, clean up, and centrally store this data in Inventory for your team to view, query, or export via API.
Kolide meticulously documents every piece of data returned so you can understand the results.
Operating Systems Schema
| Column | Type | Description | |
|---|---|---|---|
| id | Primary Key |
Unique identifier for the object |
|
| device_id | Foreign Key |
Device associated with the entry |
|
| device_name | Text |
Display name of the device associated with the entry |
|
| build | Text |
Optional build-specific or variant string |
|
| display_version | Text |
The Display Version for Windows. Ex: Data only available for: Note on data collection: This information is sourced from the |
|
| extra | Text |
Used by Apple for macOS Rapid Security Response (RSR) version identifier (ex: The Data only available for: |
|
| major | Integer |
Major release version |
|
| minor | Integer |
Minor release version |
|
| name | Text |
Distribution or product name |
|
| patch | Integer |
Optional patch release |
|
| release_id | Integer |
The Release ID for Windows Data only available for: |
|
| ubr | Integer |
Update Build Revision for Windows Data only available for: |
|
| version | Text |
Pretty, suitable for presentation, OS version |
|
| collected_at | Timestamp |
Time the row of data was first collected in the database |
|
| updated_at | Timestamp |
Time the row of data was last changed in the database |
|
What Can You Do With This Information?
Kolide enables you to write your own queries against the data the agent collects. This allows you to build your own reports and API endpoints. For example, you can:
SELECT
version,
COUNT(*) AS device_count
FROM device_operating_systems
WHERE name ILIKE '%mac%'
GROUP BY version;
| version | device_count |
|---|---|
| 10.13.2 | 1 |
| 10.14.6 | 1 |
| 10.15.6 | 1 |
| 10.15.7 | 2 |
| 11.2.3 | 1 |
| 11.3 | 1 |
| 11.6 | 1 |
| 11.6.1 | 1 |
| 12.0.1 | 4 |
| 12.2 | 1 |
WITH
reference_version (ref_major,ref_minor,ref_patch) AS (
VALUES
(12,3,1)
),
assemble_data AS (
SELECT rv.*, version, major, minor, patch, build, device_name
FROM reference_version rv,
device_operating_systems dos
JOIN devices d ON d.id = dos.device_id
AND d.type = 'Mac'
)
SELECT version, major, minor, patch, build, device_name
FROM assemble_data WHERE (
-- Check major versions
(ref_major > major)
-- Check minor versions
OR (ref_major >= major
AND ref_minor > minor)
-- Check build versions
OR (ref_major >= major
AND ref_minor >= minor
AND ref_patch > patch)
)| build | major | minor | patch | version | device_name |
|---|---|---|---|---|---|
| 21A559 | 12 | 0 | 1 | 12.0.1 | kneuth |
| 19G73 | 10 | 15 | 6 | 10.15.6 | jans-laptop |
| 21A559 | 12 | 0 | 1 | 12.0.1 | Daves-MacBook-Pro-2 |
| 19H524 | 10 | 15 | 7 | 10.15.7 | Ashleys-MacBook-Pro |
| 20D91 | 11 | 2 | 3 | 11.2.3 | lukes-macbook |
| 18G9323 | 10 | 14 | 6 | 10.14.6 | plover |
SELECT
COUNT(d.*) FILTER (WHERE d.type = 'Mac') AS count_macs,
COUNT(d.*) FILTER (WHERE d.type = 'LinuxDevice')AS count_linux,
COUNT(d.*) FILTER (WHERE d.type = 'WindowsDevice') AS count_windows
FROM devices d;| count_macs | count_linux | count_windows |
|---|---|---|
| 52 | 14 | 9 |
Why Should I Collect Operating Systems?
Collecting information about the operating system of a device is a fundamental necessity of many IT departments. This data is used for a variety of purposes, including but not limited to:
- Monitoring patch deployment
- Identifying devices which are running unsupported or end-of-life operating systems
- Understanding the install-base of various platforms within your organization (eg. Mac vs Linux vs Windows)
- Identifying devices running non-stable (alpha or beta) releases of operating systems.
End-User Privacy Consideration
Kolide practices Honest Security. We believe that data should be collected from end-user devices transparently and with privacy in mind.
No additional personally identifiable data is collected or transmitted as part of this inventory.
When you use Kolide to list Operating System data from end-user devices, Kolide gives the people using those devices insight into exactly what data is collected, the privacy implications, and who on the IT team can see the data. This all happens in our end-user privacy center which can be accessed directly by employees.
