kolide-timeline

module

v1.0.1 Latest Latest Go to latest Published: Oct 11, 2023 License: Apache-2.0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/chainguard-dev/kolide-timeline

Links

Open Source Insights

README ¶

kolide-timeline

kolide-timeline generates a timeline in CSV format from Kolide pipeline logs, using both query timestamps and any timestamps returned by the queries.

This tool is geared toward security investigations and incident response.

screenshot

Requirements

Go v1.20 or newer

Installation

go install github.com/chainguard-dev/kolide-timeline/cmd/kolide-timeline@latest
go install github.com/chainguard-dev/kolide-timeline/cmd/copy-from-gs@latest

Usage

Timeline generation assumes that pipeline logs have been locally downloaded:

kolide-timeline </path/to/device/logs>

If your Kolide pipeline logs are stored in Google Cloud Storage, there is a tool to simplify downloading recent logs for a single device:

copy-from-gs \
  --bucket chainguard-kolide-logs \
  --prefix kolide/results \
  --device-id=183909 \
  --max-age=72h

To find the device ID, visit https://k2.kolide.com/, click on the Device, and view its URL: it will end in /inventory/devices/<device id>/overview.

Directories ¶

Path	Synopsis
cmd
copy-from-gs Copy files for a kolide device out of GCP	Copy files for a kolide device out of GCP
kolide-timeline Generate a CSV timeline file from Kolide events	Generate a CSV timeline file from Kolide events

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL