Clik here to view.
How to Find and Fix CVE-2020–0601 Using Osquery and Kolide
On Monday, the NSA announced a critical vulnerability (CVE-2020–060) in Windows 10 which allows an attacker to “undermine how Windows verifies cryptographic trust and can enable remote code...
View ArticleClik here to view.
How to Set up Windows File Integrity Monitoring Using Osquery and Kolide
The Wait for Windows FIM Is Over!Prior to Osquery 4.2.0, Osquery’s FIM capabilities only worked on macOS and supported version of Linux. To fill this gap, Trail of Bits engineer @woodruffw created a...
View ArticleClik here to view.
Are Your Employees Slack Messages Leaking While Their Screen Is Locked?
Customers ask us all the time about ways sensitive information can leak from an unattended Mac. While this discussion is usually centered around Screensaver& Screen Lock policies, there is an...
View ArticleClik here to view.
API - Additional Fields for Devices
Ever wish all the output from the Device CSV download was included in the Device API response? Ever wonder why the failures count for devices in the API seemed to never decrease? Well, we’ve got some...
View ArticleClik here to view.
New AWS EC2 Inventory Features
Starting today, when you enroll an AWS EC2 device into Kolide (or an existing EC2 devices checks in), Kolide will collect additional information about that instance, that you and your team may find...
View ArticleClik here to view.
New Structured OS Info in Device API
We’ve added much more granular detail for device operating system information to the /api/v0/devices endpoints. After hearing some feedback regarding the device OS information field, we decided that it...
View ArticleClik here to view.
New: Run Live Queries Continuously
Ever write a useful Live Query and wish you could run it continuously to keep the results up-to-date? With the newly released Continuous Live Query option, you can now run those queries on a scheduled...
View ArticleClik here to view.
Inventory and Live Query Performance Improvements
If you have thousands of devices enrolled in Kolide, you may have noticed some modest speed improvements when browsing Inventory and using Live Query last week.These speed boosts are part of a major...
View ArticleClik here to view.
Live Log Viewer Now Supports Device Filtering
If you use Kolide’s Log Pipeline Feature, you may be familiar with the Live Log Viewer, which enables you to preview logs that are streaming from the agent into the pipeline in real-time.This viewer is...
View ArticleClik here to view.
Checks: Suppress Certain Failures
Have you ever wanted to suppress failures for a Check that match a certain value? Perhaps you never want Kolide to create failures for an SSH key that is allowed to be unencrypted, or you don’t mind if...
View ArticleClik here to view.
New Checks Sidebar
As part of our effort to improve Check discoverability in Kolide, we have rolled out improvements to the Check listing page that allow you to more easily find Checks that are compatible with certain...
View ArticleClik here to view.
New Checks: Plain-Text MFA Codes Now Available on Windows and Linux
We are excited to announce the immediate availability of six new checks that complete our check coverage of looking for plain-text multi-factor codes and recovery documents for GSuite, Github, and...
View ArticleClik here to view.
New: Custom Check Tags
Starting today, you can now apply your own custom tags to the Checks deployed in your Kolide instance.In addition to the tag’s unique name, each one can be color-coded and include an optional...
View ArticleClik here to view.
New: macOS iCloud Settings & Windows Security Center Widgets
We recently shipped three new widgets on the Device details page: two for Windows Devices, and one for macOS.Widgets are our way of visualizing and summarizing information that we collect about devices...
View ArticleClik here to view.
This Week’s Quality of Life Improvements
We deploy improvements to Kolide daily, but not every individual update deserves its own entry in our change-log. This week however, we’ve shipped a number of small improvements that, when considered...
View ArticleClik here to view.
Log Pipeline - Splunk HEC Support Now Available
Earlier this year, we launched our Log Pipeline; a feature that allows you to tap into the full benefit of osquery—the core component of Kolide’s open-source agent.The Log Pipeline allows your Kolide...
View ArticleClik here to view.
Improvements to Device Deduplication & Deletion
Last week, Kolide rolled out several changes to our deduplication logic. This logic is how our platform decides if incoming device data belongs to existing device record, or, should constitute the...
View ArticleClik here to view.
API - Live Query Status & Device Details
For those of you who are using our beta REST API, we’ve recently shipped two small additions that you may find useful to your workflow!Live Query Campaign Device StatusPreviously, our Live Query...
View ArticleClik here to view.
How Kolide Built Its macOS Screenlock Check
Years ago, we published an article detailing changes made in macOS 10.13 which prevented Mac sysadmins from checking the state of their user’s screenlock settings. It is my pleasure to announce that...
View ArticleClik here to view.
New Check/Inventory: macOS Screenlock
At long last, we are excited to announce the most requested Check at Kolide–macOS Screenlock.You can find this new check and configure notifications for it at...
View Article