v1.0 for Steampipe, Powerpipe, Flowpipe, 116 plugins, and 44 mods →

Plugins

grendel-consulting/kolide

steampipe plugin install grendel-consulting/kolidesteampipe plugin install grendel-consulting/kolide

Kolide + Steampipe

Kolide gives you accurate, valueable and complete fleet visibility across Mac, Windows and Linux endpoints.

Steampipe is an open-source zero-ETL engine to instantly query cloud APIs using SQL.

This is an unofficial plugin, leveraging the public Kolide API through the Steampipe engine. Prospective users are encouraged to undergo their usual due diligence in using third-party software.

List all devices monitored by Kolide

select
  id,
  serial,
  name
from
  kolide_device

+------+------------+---------+
| id   | serial     | name    |
+------+------------+---------+
| 1553 | X02YZ1ZYZX | ikebana |
+------+------------+---------+

Documentation

Table Definitions and Examples

Get Started

Installation

Download and install the latest Kolide plugin:

steampipe plugin install grendel-consulting/kolide

Credentials

Item	Description
Credentials	Kolide requires an API token, which can be created by an administrator with "Full Access" permissions.
Permissions	By default, your Kolide API token will only have access to read-only endpoints; this should be sufficient for using this plugin.
Radius	Each connection represents a single Kolide account. You will need to manage token rotation and revocation, as Kolide API tokens have no in-built expiry.
Resolution	1. Credentials explicitly set in a steampipe config file (`~/.steampipe/config/kolide.spc`) 2. Credentials specified in environment variables, e.g., `KOLIDE_API_TOKEN`.

Configuration

Installing the latest Kolide plugin will create a config file (~/.steampipe/config/kolide.spc) with a single connection named kolide:

Configure your account details in ~/.steampipe/config/kolide.spc:

connection "kolide" {
  plugin = "grendel-consulting/kolide"

  # Your Kolide API key. Required.
  # Get your API key from Kolide, instructions here: https://www.kolide.com/docs/developers/api#creating-an-api-key.
  # Alternately you set with the `KOLIDE_API_TOKEN` environment variable.
  # api_key = "k2sk_v1_thisIsOurExampleKey"
}

Alternatively, and only if the api_token is omitted in the connections, you can use the Kolide environment variable to obtain credentials only if api_token is not specified in the connection:

export KOLIDE_API_TOKEN=k2sk_v1_thisIsOurExampleKey

Rate Limiting

Rate limiting is applied across the Kolide API as a whole, with a maximum of 270 requests per minute. Retries and backoffs are handled within the plugin; however, you may want to set a sensible concurrency limit for heavier uses. You can read up in more detail under Limiters

plugin "kolide" {
  limiter "kolide_global_rate_limit" {
    max_concurrency = 30
  }
}

Multiple Connections

You may create multiple Kolide connecions to aggregate queries across multiple Kolide fleets if, for example, you're managing devices on multiple client organisations. You can read up in more detail under Multi-Account Connections

Get Involved

Open source: https://github.com/grendel-consulting/steampipe-plugin-kolide