Kolide Fleet Open Source Osquery Manager

RUNmacOSVIP Laptops20,459 Total HostsSelect TargetsNo Results Until Query Run// Hosts Unencrypted Disks SELECT * FROM disk_encryption WHERE encrypted = 0 ;1 2 3 4 5 SELECT listening_ports.* , processes.name , processes.path FROM listening_ports , processes WHERE address NOT IN ( "127.0.0.1" , "::1" , "fe80:1::1" , "::" , "" ) AND port != 0 AND processes.pid = listening_ports.pid ;1 2 3 4 520,459 Total Hosts Select TargetsmacOSCentOSUbuntuVIP Laptops0:0:0:0/System/Library/CoreServices/SystemUIServer.app/Contents/MacOS/SystemUIServer /Applications/SkyFonts/SkyFonts.app/Contents/MacOS/Monotype SkyFonts /Applications/SkyFonts/SkyFonts.app/Contents/MacOS/Monotype SkyFonts /Applications/Dropbox.app/Contents/MacOS/Dropbox /Applications/Dropbox.app/Contents/MacOS/Dropbox /private/var/folders/yg/zfvx_k2j1vvbwzd8jqgl94rr0000gn/T/AppTranslocation/732F93A1-A1... /Applications/Spotify.app/Contents/MacOS/Spotify /Applications/Spotify.app/Contents/MacOS/Spotify /Applications/Spotify.app/Contents/MacOS/Spotify /Applications/Sketch.app/Contents/Frameworks/SketchMirrorKit.framework/Versions/A/XP... /Applications/Sketch.app/Contents/Frameworks/SketchMirrorKit.framework/Versions/A/XP... /Applications/Sketch.app/Contents/Frameworks/SketchMirrorKit.framework/Versions/A/XP...SystemUIServer Monotype SkyFonts Monotype SkyFonts Dropbox Dropbox CraftManager Spotify Spotify Spotify SketchMirrorHelper SketchMirrorHelper SketchMirrorHelper0:0:0:0 0:0:0:0 0:0:0:0 0:0:0:0 0:0:0:0 0:0:0:0 0:0:0:0 0:0:0:0 0:0:0:0 0:0:0:0 0:0:0:0 0:0:0:049988 51001 50001 17500 17500 24679 57621 57621 52125 63884 63884 63885UDP TCP TCP TCP UDP TCP TCP UDP UDP TCP TCP TCPMikes-Macbook-Pro.local Mikes-Macbook-Pro.local Mikes-Macbook-Pro.local Mikes-Macbook-Pro.local Mikes-Macbook-Pro.local Mikes-Macbook-Pro.local Mikes-Macbook-Pro.local Mikes-Macbook-Pro.local Mikes-Macbook-Pro.local Mikes-Macbook-Pro.local Fritzs-Macbook-Pro.local Fritzs-Macbook-Pro.localhostaddressportprotocolprocessusernameshellSearch Results13,781 of 20,459 Hosts Returning 28 ResultsSTOPDOWNLOADExport Filtered Results as:Internet Accessible Ports.csv .json .xml .xls

Write Queries on the Fly
Explore Live Stream Results

Curious as to what listening ports have active connections? What hosts are currently unencrypted? The scope and breadth of your searches are totally customizable.

  • Query individual targets, groups or your entire fleet.
  • Drill into results, filter and export for further analysis.
  • Query processes, files, packages, user access and more...
Download Fleet
102387835112361119594112825macOS - Update Needed Compliance - Unencrypted DevOps - with < 10% DiskNew Label QueryALL HOSTSONLINEOFFLINEMIA (offline > 30 days)macOSWindowsLinux macOS - Update Needed Compliance - Unencrypted DevOps - 10% Disk Remaining DevOps - Machines that are on fire112825New Label QueryALL HOST S1023ONLINEOFFLINEMIA (offline > 30 days)macOSWindowsLinux87835112361119594

Every machine at a glance,
organized your way

Track, manage and monitor your entire infrastructure from a single screen. Whether you want to see machines with low disk space, overheating or simply running vulnerable software. Labels will help you group your fleet in an organized and intelligible way.

  • Create dynamic labels that are automatically populated.
  • Organize your fleet by status, platform or custom criteria.
  • Use labels as targets in queries and packs.
Download Fleet
Known vulnerabilities and malicious processes used against the macOS operating system .QueryDescription:macOS Attack sIntervalOSLogKeyloggerCallToMeCareto3600s 6400s 7200s 7200sBundloreAdd QueryQueries27 Known vulnerabilities and malicious processes used against the macOS operating system .Query NameDescription:macOS AttacksQueriesIntervalPlatformLog(http://www.blazingtools.com/ mac_keylogger.html)Artifact used by this malware.2.2.1Blazing KeyloggermacOS6400sSELECT * FROM launchd WHERE name = 'com.BT.BPK.plist' ;intervalplatformsnapshotlogging typeminimum versionSearch QueriesCodeCMBlazingKeyloggerCallToMeCareto3600s 6400s 7200s 7200s 3600sBundloreAdd Query27

Group & Run queries on a
recurring basis with packs

Group queries together by any common purpose or function you can imagine. Run them on a scheduled basis and output the logs together. Craft packs of any size and scope from your saved queries.

  • Run your most important queries in a systematic persistent way.
  • Fine tune packs by setting intervals for individual queries.
  • Choose from Snapshot or Differential Mode for logs.
Download Fleet
Logger PlugintlsLogger TLS Endpoint/api/v1/osquLogger TLS PeriodtlsLogger Mode420Logger TLS Max1048576Logger TLS Compressfalseaws_firehose aws_kinesisfilesystem stdout syslog tlsRefer to Kolide Docs for Available OptionsOsquery Advanced OptionsLogging Configlogs Logging Config10sLogger TLS CompressLogger TLS PeriodLogger_TLS_Max1048576falseLogger_Mode420Logger TLS Endpoint/api/v1/osquLogger Plugintlsaws_firehose aws_kinesisfilesystem stdout syslog tlslogsRefer to Kolide Docs for Available OptionsOsquery Advanced Options

Seamless & Centralized
Osquery Configuration

Let's face it, poring over endless config files and docs to tailor a product's feature-set is not everyone's cup of tea. Kolide provides a method to ensure consistent osquery configuration across your fleet.

  • Create dynamic labels that are automatically populated.
  • Organize your fleet by status, platform or custom criteria.
  • Use labels as targets in queries and packs.
Download Fleet

Also Featuring...

  • Single Sign On Support

    Use your organization's identity provider (via SAML) to control access to your Kolide instance.

  • Manage Decorator Config

    Customize the output of your osquery logs with additional queries and information.

  • Kolide Launcher Compatible

    Works with Kolide's new gRPC enabled osquery launcher.

Ready to try Kolide Fleet?It's free, it's open source, it's available now.

Download Kolide Fleet