View Other Properties

Contents

View Other Properties

How to List Chocolatey Packages Across All Windows Devices

Using Kolide, You Can Easily View and Query Windows Chocolatey Packages Across Your Fleet.

Introduction

"Chocolatey" is a software package manager built for Windows that uses the NuGet packaging infrastructure. Chocolatey provides a simple, repeatable automated way to install and deploy Windows software.

What Windows Chocolatey Package Data Can Kolide Collect?

Kolide's endpoint agent bundles in osquery to performantly collect Windows Chocolatey Packages from Windows devices in your fleet. Once collected, Kolide will parse, clean up, and centrally store this data in Inventory for your team to view, query, or export via API.

Kolide metliciously documents every piece of data returned so you can understand the results.

Windows Chocolatey Packages Schema

Column Type Description
id Primary Key

Unique identifier for the object

device_id Foreign Key

Device associated with the entry

device_name Text

Display name of the device associated with the entry

author Text

The Chocolatey Package author (if applicable)

license Text

The author supplied license of the Chocolatey Package

name Text

The display name for the Chocolatey Package

path Text

The path where the Chocolatey Package is installed

summary Text

The author supplied description of the Chocolatey Package

version Text

The text representation of the version

version_major Bigint

version's semver major version (ex: 4.2.1 would yield 4)

version_minor Bigint

version's semver minor version (ex: 4.2.1 would yield 2)

version_patch Bigint

version's semver patch version (ex: 4.2.1 would yield 1)

version_subpatch Bigint

version's numeric status fourth position number (ex: 4.2.1.6 would yield 6)

version_pre Text

version's semver pre-release version (ex: 1.2.3-prerelease+build would yield pre-release)

version_build Text

version's semver build version (ex: 1.2.3-prerelease+build would yield build)

collected_at Timestamp

Time the row of data was first collected in the database

updated_at Timestamp

Time the row of data was last changed in the database

Why Should I Collect Windows Chocolatey Packages?

Since chocolatey is a widely used avenue for installing software, there is the potential for malicious actors to try and use it to distribute malware. Given the wide range of possible software that can be installed via chocolatey, it is important to regularly audit the list of installed packages on a machine.

Chocolatey packages are cataloged and tracked to allow:

  • Reviewing installed packages to verify desired device configuration
  • Discovering potential malicious software
  • Identifying out-of-date or otherwise vulnerable software packages

Kolide collects metadata about chocolatey packages including name, version, description, author and license.

End-User Privacy Consideration

Kolide practices Honest Security. We believe that data should be collected from end-user devices transparently and with privacy in mind.

Chocolatey package installations may reveal a partial list of the applications installed on your device. This could include software used for personal or sensitive reasons.

When you use Kolide to list Windows Chocolatey Package data from end-user devices, Kolide gives the people using those devices insight into exactly what data is collected, the privacy implications, and who on the IT team can see the data. This all happens in our end-user privacy center which can be accessed by employees through Slack or Google Workspace account.

Share this story:

Related Device Properties:

New
Mac Homebrew Packages
software, packages, developers
New
Python Packages
developers, software, packages
New
Linux RPM Packages
centos, rpm, software, packages
View full list of Kolide's Device Properties
Try Kolide Free
Try Kolide Free