Set the interval to 60, the Platform to Linux, the minimum version to All and the Logging to Snapshot. Click that drop down and choose ‘crontab’. Now on the right hand side of the page, you should see Select Query. Under Select Pack Targets, choose All Hosts. Name the pack ‘linux_collection’ and add a description of you’d like. Go to Packs –> Manage Packs –> Create New Pack The importer tool is a bit buggy so for the purpose of this post, we will just configure the queries manually. We need to create some queries now, you can do this with the GUI, or you can run the importer tool found here. Now, if you go to your local browser, you should be redirected to you can create your first Fleet user account. Or if you have time, use the proper procedure to run Redis although totally not necessary for the purpose of this guide! Use the password: ‘kolide’ (Or whatever you want, just adjust accordingly as you go) #Data sets for cyber osquery installI basically customized their install guide to be more fitting for our purpose. You can use Kolides official documentation for most of this if you’d like. #Data sets for cyber osquery updateThis tutorial uses a separate host to run Kolide Fleet so I will let you know what you might need to change to make it work on the same server.īefore we begin, make sure to run: apt update & apt upgrade Kolide Setup:
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |