Skip to content

chainguard-dev/kolide-timeline

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits
cmd
cmd
 
 
images
images
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 

Repository files navigation

kolide-timeline

stable

kolide-timeline generates a timeline in CSV format from Kolide pipeline logs, using both query timestamps and any timestamps returned by the queries.

This tool is geared toward security investigations and incident response.

screenshot

Requirements

  • Go v1.20 or newer

Installation

go install github.com/chainguard-dev/kolide-timeline/cmd/kolide-timeline@latest
go install github.com/chainguard-dev/kolide-timeline/cmd/copy-from-gs@latest

Usage

Timeline generation assumes that pipeline logs have been locally downloaded:

kolide-timeline </path/to/device/logs>

If your Kolide pipeline logs are stored in Google Cloud Storage, there is a tool to simplify downloading recent logs for a single device:

copy-from-gs \
  --bucket chainguard-kolide-logs \
  --prefix kolide/results \
  --device-id=183909 \
  --max-age=72h

To find the device ID, visit https://k2.kolide.com/, click on the Device, and view its URL: it will end in /inventory/devices/<device id>/overview.

About

Turn Kolide pipeline logs into a timeline

Topics

timeline incident-response kolide

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

2 stars

Watchers

4 watching

Forks

0 forks
Report repository

Releases 2

v1.0.1 Latest
Oct 16, 2023
+ 1 release

Packages

 
 
 

Contributors 3

  •  
  •  
  •  

Languages