Dismiss

Ask the questions that matter
Get immediate answers

RUNmacOSVIP Laptops20,459 Total HostsSelect TargetsNo Results Until Query Run// Hosts Unencrypted Disks SELECT * FROM disk_encryption WHERE encrypted = 0 ;1 2 3 4 5 SELECT listening_ports.* , processes.name , processes.path FROM listening_ports , processes WHERE address NOT IN ( "127.0.0.1" , "::1" , "fe80:1::1" , "::" , "" ) AND port != 0 AND processes.pid = listening_ports.pid ;1 2 3 4 520,459 Total Hosts Select TargetsmacOSCentOSUbuntuVIP Laptops0:0:0:0/System/Library/CoreServices/SystemUIServer.app/Contents/MacOS/SystemUIServer /Applications/SkyFonts/SkyFonts.app/Contents/MacOS/Monotype SkyFonts /Applications/SkyFonts/SkyFonts.app/Contents/MacOS/Monotype SkyFonts /Applications/Dropbox.app/Contents/MacOS/Dropbox /Applications/Dropbox.app/Contents/MacOS/Dropbox /private/var/folders/yg/zfvx_k2j1vvbwzd8jqgl94rr0000gn/T/AppTranslocation/732F93A1-A1... /Applications/Spotify.app/Contents/MacOS/Spotify /Applications/Spotify.app/Contents/MacOS/Spotify /Applications/Spotify.app/Contents/MacOS/Spotify /Applications/Sketch.app/Contents/Frameworks/SketchMirrorKit.framework/Versions/A/XP... /Applications/Sketch.app/Contents/Frameworks/SketchMirrorKit.framework/Versions/A/XP... /Applications/Sketch.app/Contents/Frameworks/SketchMirrorKit.framework/Versions/A/XP...SystemUIServer Monotype SkyFonts Monotype SkyFonts Dropbox Dropbox CraftManager Spotify Spotify Spotify SketchMirrorHelper SketchMirrorHelper SketchMirrorHelper0:0:0:0 0:0:0:0 0:0:0:0 0:0:0:0 0:0:0:0 0:0:0:0 0:0:0:0 0:0:0:0 0:0:0:0 0:0:0:0 0:0:0:0 0:0:0:049988 51001 50001 17500 17500 24679 57621 57621 52125 63884 63884 63885UDP TCP TCP TCP UDP TCP TCP UDP UDP TCP TCP TCPMikes-Macbook-Pro.local Mikes-Macbook-Pro.local Mikes-Macbook-Pro.local Mikes-Macbook-Pro.local Mikes-Macbook-Pro.local Mikes-Macbook-Pro.local Mikes-Macbook-Pro.local Mikes-Macbook-Pro.local Mikes-Macbook-Pro.local Mikes-Macbook-Pro.local Fritzs-Macbook-Pro.local Fritzs-Macbook-Pro.localhostaddressportprotocolprocessusernameshellSearch Results13,781 of 20,459 Hosts Returning 28 ResultsSTOPDOWNLOADExport Filtered Results as:Internet Accessible Ports.csv .json .xml .xls

Write Queries on the Fly
Explore Live Stream Results

Curious as to what listening ports have active connections; what hosts are currently unencrypted? The scope and breadth of your searches are are totally customizable.

  • Query individual targets, groups or your entire fleet.
  • Drill into results, filter and export for further analysis.
  • Query processes, files, packages, user access and more...
Get Kolide
102387835112361119594112825macOS - Update Needed Compliance - Unencrypted DevOps - with < 10% DiskNew Label QueryALL HOSTSONLINEOFFLINEMIA (offline > 30 days)macOSWindowsLinux macOS - Update Needed Compliance - Unencrypted DevOps - 10% Disk Remaining DevOps - Machines that are on fire112825New Label QueryALL HOST S1023ONLINEOFFLINEMIA (offline > 30 days)macOSWindowsLinux87835112361119594

Every machine at a glance,
organized your way

Track, manage and monitor your entire infrastructure from a single screen. Whether you want to see machines with low disk space, overheating or simply running vulnerable software. Labels will help you group your fleet in an organized and intelligble way.

  • Create dynamic labels that are automatically populated.
  • Organize your fleet by status, platform or custom criteria.
  • Use labels as targets in queries and packs.
Get Kolide
Known vulnerabilities and malicious processes used against the macOS operating system .QueryDescription:macOS Attack sIntervalOSLogKeyloggerCallToMeCareto3600s 6400s 7200s 7200sBundloreAdd QueryQueries27 Known vulnerabilities and malicious processes used against the macOS operating system .Query NameDescription:macOS AttacksQueriesIntervalPlatformLog(http://www.blazingtools.com/ mac_keylogger.html)Artifact used by this malware.2.2.1Blazing KeyloggermacOS6400sSELECT * FROM launchd WHERE name = 'com.BT.BPK.plist' ;intervalplatformsnapshotlogging typeminimum versionSearch QueriesCodeCMBlazingKeyloggerCallToMeCareto3600s 6400s 7200s 7200s 3600sBundloreAdd Query27

Group & Run queries on a
recurring basis with packs

Group queries together by any common purpose or function you can imagine. Run them on a scheduled basis and output the logs together. Craft packs of any size and scope from your saved queries.

  • Run your most important queries in a systematic persistent way.
  • Fine tune packs by setting intervals for individual queries.
  • Choose from Snapshot or Differential Mode for logs.
Get Kolide
Logger PlugintlsLogger TLS Endpoint/api/v1/osquLogger TLS PeriodtlsLogger Mode420Logger TLS Max1048576Logger TLS Compressfalseaws_firehose aws_kinesisfilesystem stdout syslog tlsRefer to Kolide Docs for Available OptionsOsquery Advanced OptionsLogging Configlogs Logging Config10sLogger TLS CompressLogger TLS PeriodLogger_TLS_Max1048576falseLogger_Mode420Logger TLS Endpoint/api/v1/osquLogger Plugintlsaws_firehose aws_kinesisfilesystem stdout syslog tlslogsRefer to Kolide Docs for Available OptionsOsquery Advanced Options

Seamless & Centralized
Osquery Configuration

Let's face it, pouring over endless config files and docs to tailor a product's feature-set is not everyone's cup of tea. Kolide provides a method to ensure consistent osquery configuration across your fleet.

  • Create dynamic labels that are automatically populated.
  • Organize your fleet by status, platform or custom criteria.
  • Use labels as targets in queries and packs.
Get Kolide

All Kolide Installations Offer:

  • Unlimited Users

    Invite your whole team, any size organization.

  • Official Support

    Access to Kolide-based support.

  • Unlimited Saved Queries

    Write every query you can imagine.

  • Unlimited Host Labels

    Label to your heart’s content.

Ready to try Kolide? Get in touch, or start your free 30 day trial.

Start Free Trial

Text bubbles Contact Sales