The developers of osquery and Kolide Fleet (one and the same) have done excellent work in making both open source and provide solid documentation. ![]() For most enterprises, a cloud deployment would be a cost-effective and expedient way to try out Kolide Fleet manager and learn the capabilities for osquery. There are number of ways to deploy the Kolide Fleet manager, such as an on-prem server running the Kolide stack or a cloud deployment with instances running the Kolide stack components. Because osquery natively exposes the OS information as a relational database, there are many tables and each table can be queried using SQL query directly from the Kolide Fleet manager. There is an open source manager just for this purpose called Kolide Fleet, which connects agents and allows admin to query any agent(s) for specific information from their host(s). Having an agent on an endpoint is obviously not enough, you also need something to manage those agents. Typically, in an enterprise deployment you would want it to run as a daemon on *nix machine or a SYSTEM level service on windows. The osquery agent can be deployed as a standalone package which can run as an application or daemon/service. It exposes operating system and events on the system as a high-performance relational database. It can provide an audit trail for user actions. ![]() In my last post Limitations of Data Loss Prevention Solution, in the conclusion, I mentioned that osquery is a formidable open source agent for endpoint visibility on most common operating systems such as Windows, macOS and Linux.
0 Comments
Leave a Reply. |