Kolide + Steampipe
Kolide gives you accurate, valueable and complete fleet visibility across Mac, Windows and Linux endpoints.
Steampipe is an open-source zero-ETL engine to instantly query cloud APIs using SQL.
This is an unofficial plugin, leveraging the public Kolide API through the Steampipe engine. Prospective users are encouraged to undergo their usual due diligence in using third-party software.
List all devices monitored by Kolide
select id, serial, namefrom kolide_device+------+------------+---------+| id | serial | name |+------+------------+---------+| 1553 | X02YZ1ZYZX | ikebana |+------+------------+---------+Documentation
Get Started
Installation
Download and install the latest Kolide plugin:
steampipe plugin install grendel-consulting/kolideCredentials
| Item | Description |
|---|---|
| Credentials | Kolide requires an API token, which can be created by an administrator with "Full Access" permissions. |
| Permissions | By default, your Kolide API token will only have access to read-only endpoints; this should be sufficient for using this plugin. |
| Radius | Each connection represents a single Kolide account. You will need to manage token rotation and revocation, as Kolide API tokens have no in-built expiry. |
| Resolution | 1. Credentials explicitly set in a steampipe config file (~/.steampipe/config/kolide.spc)2. Credentials specified in environment variables, e.g., KOLIDE_API_TOKEN. |
Configuration
Installing the latest Kolide plugin will create a config file (~/.steampipe/config/kolide.spc) with a single connection named kolide:
Configure your account details in ~/.steampipe/config/kolide.spc:
connection "kolide" { plugin = "grendel-consulting/kolide"
# Your Kolide API key. Required. # Get your API key from Kolide, instructions here: https://www.kolide.com/docs/developers/api#creating-an-api-key. # Alternately you set with the `KOLIDE_API_TOKEN` environment variable. # api_key = "k2sk_v1_thisIsOurExampleKey"}Alternatively, and only if the api_token is omitted in the connections, you can use the Kolide environment variable to obtain credentials only if api_token is not specified in the connection:
export KOLIDE_K2_TOKEN=k2sk_v1_thisIsOurExampleKeyRate Limiting
Rate limiting is applied across the Kolide API as a whole, with a maximum of 270 requests per minute. Retries and backoffs are handled within the plugin; however, you may want to set a sensible concurrency limit for heavier uses. You can read up in more detail under Limiters
plugin "kolide" { limiter "kolide_global_rate_limit" { max_concurrency = 30 }}Multiple Connections
You may create multiple Kolide connecions to aggregate queries across multiple Kolide fleets if, for example, you're managing devices on multiple client organisations. You can read up in more detail under Multi-Account Connections