Dismiss

any question, every machine

treat your infrastructure like a queryable database

"Which computers in my fleet have no disk encryption?"

Which computers in my organization are unencrypted?

Which servers had root logins in the last hour?

Which macOS hosts need updates?

What processes are running whose binary has been deleted from the disk?

Which servers are exhibiting suspicious network activity?

// Machines with unencrypted primary disk.

SELECT *

FROM mounts m, disk_encryption d

WHERE m.device_alias = d.name

AND m.path = "/" AND d.encrypted = 0;

// Root Logins In The Last Hour

SELECT *

FROM last 

WHERE username = "root"

AND time > ((SELECT unix_time FROM time) - 3600);

// macOS Needs Update

SELECT *

FROM os_version 

WHERE name = "mac os x"

AND minor < 10;

// Processes running whose binary has been deleted from the disk

SELECT name, path, pid

FROM processes 

WHERE on_disk = 0;

// Looks for processes with IP traffic to ports not in (80, 443)

SELECT s.pid, p.name, local_address, remote_address, family, protocol,

local_port, remote_port

FROM process_open_sockets s JOIN processes p ON s.pid = p.pid WHERE

remote_port NOT IN ( 80, 443 ) AND family = 2;

Kolide is Powered by
Facebook's osquery

Kolide is a state of the art host monitoring platform built on top of Facebook’s legendary osquery agent. Built in part by our CTO, Mike Arpaia, Osquery transforms your infrastructure into a rich database that you can query with standard SQL.

  • Osquery runs performantly on hundreds of thousands of real production systems.
  • Osquery allows you to access over 4500 unique data points across macOS, Linux and Windows operating systems.
  • Osquery is 100% open-source and as a result, it receives intense scrutiny, new features, and regular updates from the community.
Get Kolide

Kolide Integrates With
the Tools Your Team Loves

Kolide's mission is to provide everyone with the most performant, accurate, and diverse host inspection capability possible. Our goal is to make your existing security, operations, and IT investments smarter by integrating with top of the line tools.

  • Kolide coalesces important host data in one place for effortless retrieval and transformation.
  • Kolide integrates with existing logging and analytics pipelines including SumoLogic, Splunk, and Logstash
  • Kolide is infrastructure provider agnostic and works across cloud vendors, on premises servers and workstations.
Get Kolide
workstation, engineering, devops, vip, + 3 more104.236.116.7704:01:34:EA:54:011 month 2 day s16 G B55/380 G B1 x 2.4 GH zOS X El Capitan 10.11. 2Jasons-Macbook-Pro-2.loca lONLINEworkstation, engineering, devops, vip, + 3 more104.236.116.7704:01:34:EA:54:011 month 2 day s16 G B55/380 G B1 x 2.4 GH zOS X El Capitan 10.11. 2Jasons-Macbook-Pro-2.loca lONLINEworkstation, engineering, devops, vip, + 3 more104.236.116.7704:01:34:EA:54:011 month 2 day s16 G B55/380 G B1 x 2.4 GH zOS X El Capitan 10.11. 2Jasons-Macbook-Pro-2.loca lONLINE

Top Down Infrastructure Unbelievably Simple

Kolide harnesses rich host data collection so you can track assets that are out of spec in real-time. Whether a policy violation occurred, or a vulnerability is present, Kolide allows you to track progress towards your goals.

  • Collect detailed information about macOS and Linux hosts that other agents fail to obtain.
  • Get detailed information on installed apps, packages, plugins and even browser extensions for all hosts in your organization.
  • Automatically apply data collection policies for infrastructure as they come online.
Get Kolide

Learn About osquery

Kolide is powered by Facebook's open source osquery agent. We encourage you to learn more about its data collection capabilities.

Read the Kolide Docs

Want more technical details on Kolide's product? Our live documentation is a great place to learn the ins and outs.