Clik here to view.
Kolide Launcher: Osquery Deployment Made Easy
Attention Reader: This article was originally published on October 18, 2017 and portions of it discuss Kolide Fleet which was formally retired in November of 2020. For posterity, this post is still...
View ArticleClik here to view.
How to Manage Osquery With Kolide Launcher and Fleet
Attention Reader: This article was originally published on October 20, 2017 and portions of it discuss Kolide Fleet which was formally retired in November of 2020. For posterity, this post is still...
View ArticleClik here to view.
How to Monitor macOS Hosts With Osquery
Modern operating systems hold a wealth of data about their operation. This data is spread across APIs, files and formats, rendering it difficult to find and track the important information. Security...
View ArticleClik here to view.
How We Securely Autoupdate Osquery at Kolide
Osquery is a fast-moving open source project that allows you to monitor a host using SQL. The tables that are provided by osquery are embedded in the tool itself, so getting the latest capabilities...
View ArticleClik here to view.
How to Use Munki Conditions With Osquery
A common capability sought after by MacAdmins, is a method to make changes or install software on a specific subset of Macs. In some cases, this subset is static and easily defined; in other cases,...
View ArticleClik here to view.
How to Check the EFI Version of a Mac With Osquery
This article has portions of it that discuss Kolide Fleet which was formally retired in November of 2020. For posterity, this post is still available, but we encourage you to read our Device Trust...
View ArticleClik here to view.
Using Go for Scalable Operating System Analytics
Attention Reader: This article was originally published on November 16, 2017 and portions of it discuss Kolide Fleet which was formally retired in November of 2020. For posterity, this post is still...
View ArticleClik here to view.
How to Monitor /etc/hosts With Osquery
One of the most powerful features of osquery is tracking how host state changes over time. Let’s use the differential queries feature of osquery to keep tabs on the /etc/hosts file, which can be...
View ArticleClik here to view.
Using a Kubernetes Operator to Manage Tenancy in a B2B SaaS App
Attention Reader: This article was originally published on May 15, 2018 and refers to Kolide Cloud which was formally retired in February of 2019. For posterity, this post is still available, but we...
View ArticleClik here to view.
How to Profile Osquery Performance With Kolide
Attention Reader: This article was originally published on June 2, 2018 and refers to Kolide Cloud which was formally retired in February of 2019. For posterity, this post is still available, but we...
View ArticleClik here to view.
Osquery: Under the Hood
Note: This blog is purely a primer on osquery. Go here to learn more on how osquery works with Kolide.Eight years, 400 contributors, and 6,000 commits (and counting!) have gone into the development of...
View ArticleClik here to view.
How to Spotlight Search Across Every Mac With Osquery
Have you ever wanted to find exactly the right file on your system in a hurry?That’s why those clever folks at Apple built Spotlight.Originally introduced in Mac OS X Tiger, Spotlight continuously...
View ArticleClik here to view.
Running Osquery As Sudo/root vs User
When using osquery (osqueryi or osqueryd) you have to keep in mind whether you are running it in user-space or as sudo/root. By default, vanilla osquery will run as the local user, which means that...
View ArticleClik here to view.
Get Notified When Critical Processes Stop Running Using Kolide + Osquery
Attention Reader: This article was originally published on January 24, 2019 and refers to Kolide Cloud which was formally retired in February of 2019. For posterity, this post is still available, but...
View ArticleClik here to view.
QueryCon 2019 — an Osquery Conference by Trail of Bits and Kolide
Tl;dr Querycon 2019 is finally happening and our great friends at Trail of Bits are hosting the event in New York City!When: June 20th-21stWhere: Convene at 32 Old Slip in downtown Manhattan, just...
View ArticleClik here to view.
Kolide — User Focused Security for Teams That Slack
Tl;dr Kolide is launching a User Focused Security product for teams who use Slack called “K2”. This product is available today as a beta, and you can sign up for free, right here. If you want to know...
View ArticleClik here to view.
UFS Spotlight: Jesse Kriss of Netflix
Welcome to the User Focused Security Spotlight! In this blog series,we interview key figures involved in making security more accessible andtransparent to end-users. We will inquire about their...
View ArticleClik here to view.
Zoom Webcam Hijacking — Are Your Users Vulnerable?
On July 8th, Jonathan Leitschuh published a vulnerability report for the popular teleconferencing application Zoom:“This vulnerability allows any website to forcibly join a user to a Zoom call, with...
View ArticleClik here to view.
macOS Catalina & Osquery
With the release of macOS Catalina, Apple has overhauled its user privacy model, a road they have been on since Mojave. Starting with macOS 10.15 (Catalina), file directories that belong to a user (eg....
View ArticleClik here to view.
How to Read Nested Complex Plists in Osquery
Why Can’t These Rows Be Columns?If you have ever queried the registry or plist tables in osquery, you have encountered results that were formatted unlike any other osquery data.Whereas osquery...
View Article