steampipe plugin install grendel-consulting/kolide

Kolide + Steampipe

Kolide gives you accurate, valueable and complete fleet visibility across Mac, Windows and Linux endpoints.

Steampipe is an open-source zero-ETL engine to instantly query cloud APIs using SQL.

This is an unofficial plugin, leveraging the public Kolide API through the Steampipe engine. Prospective users are encouraged to undergo their usual due diligence in using third-party software.

List all devices monitored by Kolide

select
id,
serial,
name
from
kolide_device
+------+------------+---------+
| id | serial | name |
+------+------------+---------+
| 1553 | X02YZ1ZYZX | ikebana |
+------+------------+---------+

Documentation

Get Started

Installation

Download and install the latest Kolide plugin:

steampipe plugin install grendel-consulting/kolide

Credentials

ItemDescription
CredentialsKolide requires an API token, which can be created by an administrator with "Full Access" permissions.
PermissionsBy default, your Kolide API token will only have access to read-only endpoints; this should be sufficient for using this plugin.
RadiusEach connection represents a single Kolide account. You will need to manage token rotation and revocation, as Kolide API tokens have no in-built expiry.
Resolution1. Credentials explicitly set in a steampipe config file (~/.steampipe/config/kolide.spc)
2. Credentials specified in environment variables, e.g., KOLIDE_API_TOKEN.

Configuration

Installing the latest Kolide plugin will create a config file (~/.steampipe/config/kolide.spc) with a single connection named kolide:

Configure your account details in ~/.steampipe/config/kolide.spc:

connection "kolide" {
plugin = "grendel-consulting/kolide"
# Your Kolide API key. Required.
# Get your API key from Kolide, instructions here: https://www.kolide.com/docs/developers/api#creating-an-api-key.
# Alternately you set with the `KOLIDE_API_TOKEN` environment variable.
# api_key = "k2sk_v1_thisIsOurExampleKey"
}

Alternatively, and only if the api_token is omitted in the connections, you can use the Kolide environment variable to obtain credentials only if api_token is not specified in the connection:

export KOLIDE_API_TOKEN=k2sk_v1_thisIsOurExampleKey

Rate Limiting

Rate limiting is applied across the Kolide API as a whole, with a maximum of 270 requests per minute. Retries and backoffs are handled within the plugin; however, you may want to set a sensible concurrency limit for heavier uses. You can read up in more detail under Limiters

plugin "kolide" {
limiter "kolide_global_rate_limit" {
max_concurrency = 30
}
}

Multiple Connections

You may create multiple Kolide connecions to aggregate queries across multiple Kolide fleets if, for example, you're managing devices on multiple client organisations. You can read up in more detail under Multi-Account Connections

Get Involved