Skip to content
kolide-fleet-chart Chart for Kubernetes includes kolide-fleet, MySQL Database and Redis cache
Branch: master
Clone or download
Latest commit 263c44c Mar 4, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
docs first commit Aug 1, 2018
fleet Update README.md Aug 1, 2018
mysql first commit Aug 1, 2018
ops/scripts first commit Aug 1, 2018
redis
.gitignore first commit Aug 1, 2018
README.md Update README.md Mar 4, 2019

README.md

Kolide Fleet k8s Helm Chart

This chart is a combination of tools, including Kolide's Fleet OSQuery orchestrator that allows us to query all of our hosts on demand for APT (Advanced Persistent Threat) IOC’s (Indicators Of Comprimise).

Scheduled queries feed all of these results into a search Index. Osquery is even platform agnostic so we can deploy it across all endpoints, regardless of host OS.

  • Osquery – Is a tool that allows us to query devices as if they are databases. It was built by Facebook and is built with performance in mind.

  • Kolide FleetKolide Fleet
    A flexible control server for osquery fleets. Fleet allows us query multiple hosts on demand as well as create query packs, build schedules and manage the hosts in our environment.

  • Elastic Stack – Elasticsearch, Logstash and Kibana are tools that allow for the collection, normalizing and visualization of logs.

This solution implies Kubernetes Operator Framework based ELK Stack Fleet Output is fed into ELK via container native EFK FluentD sends the JSON formatted stdout and stderr to the k8s embedded elk stack. Therefore we do not include the ELK solution with this chart.

TL;DR; How to install

Follow the README.md for each sub-chart, install in this order:

  1. Install Redis chart
  2. Install MySQL chart
  3. Install Fleet chart
$ helm install --namespace fleet --name fleet fleet

We can automate endpoint security monitoring with a combination of OSQuery Packs targeting IOCs:

And a set of query packs:

EUC Intelligence

Some use-cases for the Kolide Fleet solution include:
Systematically monitor EUC (End User Compute)

  • IOC's (Indicators of Comprimise)
  • Configuration Compliance
  • Operations issues & support
  • General fleet management & capacity management

Kolide Fleet implements an OSQuery TLS Service

Kolide Fleet is an Open Source Osquery Manager

Kolide Fleet is an application that allows you to take advantage of the power of osquery in order to maintain constant insight into the state of your infrastructure (security, health, stability, performance, compliance, etc).

https://kolide.com/fleet https://github.com/kolide/fleet/blob/master/docs/application/README.md

Kolide Diagram

Utilities

  • Build agent installer packages package-build.sh

  • Import OSQuery Pack files fleetctl

  • Pack import guidance: Import examples

  • Files to run stuff on Minikube minikube-files

  • To run Elastic Stack on Minikube you must run the systcl pod to increase shmmax m.max_map_count=262166

2018 ACME InfoSec
You can’t perform that action at this time.