Contents

News

Kolide Fleet: an Open-Source Osquery Fleet Manager

October 17th, 2017
Attention Reader:
This article was originally published on October 17, 2017 and refers to Kolide Fleet which was formally retired in November of 2020. For posterity, this post is still available, but we encourage you to read the Fleet Retirement Announcement.

Osquery is a tool that allows users to monitor and ask questions about servers and workstations with an easy and expressive query language. Released three years ago at Facebook’s “Security @ Scale” conference, osquery is the most powerful open-source host instrumentation agent. Though osquery exposes rich capabilities, it only solves part of the host instrumentation problem. Using osquery on more than one host requires a server deployment in order to orchestrate and interact with the fleet of hosts running the agent. Today, Kolide is open-sourcing our osquery management server: Kolide Fleet.

A screenshot of Kolide Fleet showing the Live Query feature

Kolide Fleet is a beautiful, minimal, open-source web application for managing a fleet of hosts running osquery. Fleet gives you a place to store and iterate on osquery queries. You can run these queries on any subset of your hosts and instantly get the results flowing back into your browser.

Fleet has browser-based analytics tools that allow you to interactively filter and search results. For more advanced analytics, you can export the results of a live query, or integrate with the Fleet API server: Fleet’s UI is a React app that interacts with a robust Go-based TLS API. You can easily use this API directly in your own tools.

In addition to running a query once and getting immediate results, Fleet allows you to group those queries into query packs and perform ongoing monitoring. You define how often you want the queries to be executed, whether to track changes to results, etc.

A screenshot of Kolide Fleet showing the Query Pack feature

Kolide Fleet also allows grouping of endpoints based on properties defined in queries. Imagine being able to view (and target additional scrutiny towards) machines with processes listening on non-standard ports, or those running out-of-date software. Fleet makes it easy to categorize and target subsets of hosts.

A screenshot of Kolide Fleet showing the Hosts grid view

Osquery itself exposes a plethora of capabilities to the user: live queries, proactive differential monitoring, periodic state snapshots, and more. Kolide Fleet provides an intuitive UI for all of this, while still exposing the power and flexibility of osquery. Advanced configuration options, decorators and other features are supported.

A screenshot of Kolide Fleet showing the Hosts grid view

We’re excited to introduce Kolide Fleet into the osquery ecosystem. If you’re looking to manage your osquery deployment using on-premises, open-source software, we hope you will consider Fleet. Learn more about Kolide fleet on our website. The source code and documentation is on GitHub at https://github.com/kolide/fleet.

Share this story:

More articles you
might enjoy:

Tutorials
How to Manage Osquery With Kolide Launcher and Fleet
Kolide
Tutorials
How to Set up Windows File Integrity Monitoring Using Osquery and Kolide
Fritz Ifert-Miller
Deep Dives
Are Your Employees Slack Messages Leaking While Their Screen Is Locked?
Fritz Ifert-Miller
Try Kolide Free
Try Kolide Free