steampipe plugin install grendel-consulting/kolidesteampipe plugin install grendel-consulting/kolide

kolide_admin_user kolide_audit_log kolide_check kolide_deprovisioned_person kolide_device kolide_device_group kolide_device_group_device kolide_device_open_issue kolide_issue kolide_package kolide_person kolide_person_group kolide_person_open_issue kolide_person_registered_device

Table: kolide_check

Lists the checks that Kolide runs on a device on a regular cadence, which are tests that typically produce a passing or failing result.

Examples

Basic info

select
  id,
  name,
  topics,
  compatible_platforms,
  targeted_groups,
  blocking_group_names,
  blocking_enabled
from
  kolide_check;

List all the checks relating to a specific operating system

select
  id,
  name,
  topics,
  compatible_platforms,
  targeted_groups,
  blocking_group_names,
  blocking_enabled
from
  kolide_check
where
  compatible_platforms @> '["darwin"]';

List all the topics that Kolide breaks checks down into

select
  distinct topic
from
  kolide_check,
  jsonb_array_elements_text(topics) as topic;

List all the checks relating to a specific topic

select
  id,
  name,
  topics,
  compatible_platforms,
  targeted_groups,
  blocking_group_names,
  blocking_enabled
from
  kolide_check
where
  topics @> '["remote-services"]';

Schema for kolide_check

Name	Type	Operators	Description
_ctx	jsonb		Steampipe context in JSON form.
blocking_enabled	boolean		Whether or not an issue for this check will block device trust authentication.
blocking_exempt_group_names	jsonb		List of names for the groups whose device members are exemnpt from being blocked by this check.
blocking_group_names	jsonb		List of names for the groups whose device members will be blocked by this check, unless excluded.
check_tags	jsonb	=, ~~	List of Team-set tags associated with the check.
compatible_platforms	jsonb		Array of device platforms this check can run on, taken from linux, windows or darwin.
description	text	=, ~~	Longer-form description of the check's purpose and operation.
excluded_groups	jsonb		List of names for the groups whose device members are excluded from being targets for this check.
grace_period_days	bigint		Number of days that a device is allowed to be failing the check before it will be blocked.
id	text	=	Canonical identifier for this check.
name	text	=, ~~	Descriptive name of the state this check is meant to enforce.
sp_connection_name	text	=, !=, ~~, ~~, !~~, !~~	Steampipe connection name.
sp_ctx	jsonb		Steampipe context in JSON form.
targeted_groups	jsonb		List of names for the groups whose device members will be targets for this check, unless excluded.
title	text		Display name for this check.
topics	jsonb		List of Kolide-set topics associated with the check.