{"id":20148234,"url":"https://github.com/chainguard-dev/kolide-pipeline-bot","last_synced_at":"2025-04-09T19:51:33.130Z","repository":{"id":157170573,"uuid":"531231945","full_name":"chainguard-dev/kolide-pipeline-bot","owner":"chainguard-dev","description":"Generate Slack notifications from Kolide pipelines","archived":false,"fork":false,"pushed_at":"2025-03-13T02:14:37.000Z","size":186,"stargazers_count":2,"open_issues_count":1,"forks_count":2,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-03-22T00:05:26.258Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/chainguard-dev.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-08-31T19:35:47.000Z","updated_at":"2025-03-02T13:40:01.000Z","dependencies_parsed_at":null,"dependency_job_id":"60b0caeb-2de9-4457-8875-54bfd9b7d5c0","html_url":"https://github.com/chainguard-dev/kolide-pipeline-bot","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chainguard-dev%2Fkolide-pipeline-bot","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chainguard-dev%2Fkolide-pipeline-bot/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chainguard-dev%2Fkolide-pipeline-bot/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chainguard-dev%2Fkolide-pipeline-bot/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/chainguard-dev","download_url":"https://codeload.github.com/chainguard-dev/kolide-pipeline-bot/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248103901,"owners_count":21048244,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-13T22:35:54.380Z","updated_at":"2025-04-09T19:51:33.107Z","avatar_url":"https://github.com/chainguard-dev.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# kolide-pipeline-bot\n\nSend notifications from osquery differential logs uploaded to GCP storage by Kolide\n\n## Features\n\n* Support for Kolide differential logs\n* Rich Slack notifications\n* VirusTotal annotation\n* Google Cloud Storage\n* CLI and HTTP server modes\n* Duplicate event suppression\n* Threading of related events\n\n## Usage\n\nCompile:\n\n```shell\ngo build .\n```\n\nSetup your local credentials:\n\n```shell\ngcloud auth application-default login\n```\n\nInspect output without sending notifications:\n\n```shell\nkolide-pipeline-bot \\\n  --bucket=your-kolide-logs \\\n  --prefix=kolide/results/threat_hunting \\\n  --max-age=8h\n```\n\nTo send notifications, set a SLACK_ACCESS_TOKEN to a Bot User OAuth Token for your Workspace, which typically starts with `xoxb-`. \n\n## Webserver mode\n\nThis will run a web server, that will scan the bucket every time `/refreshz` is hit, as well as send notifications:\n\n```shell\nkolide-pipeline-bot \\\n  --bucket=your-osquery-logs \\\n  --prefix=kolide/results/threat_hunting \\\n  --serve\n```\n\nThis allows the kolide-pipeline-bot to be run in environments that assume an HTTP frontend, such as Google Cloud Run. You can then use a scheduler service to hit `/refreshz` as often as you want to poll for results.\n\n## Environment Variables\n\nFor your deployment, you may find it more useful to use environment variables than arguments. The `kolide-pipeline-bot` supports a handful of them:\n\n* `PORT`\n* `BUCKET_NAME`\n* `BUCKET_PREFIX`\n* `SLACK_ACCESS_TOKEN`\n* `VIRUSTOTAL_KEY`\n\n## Google Cloud Run\n\nUsing `ko`, it is easy to build `kolide-pipeline-notifier` to your local repo and deploy it straight into production:\n\n```shell\nexport KO_DOCKER_REPO=\"gcr.io/\u003cyour project\u003e/pipeline-notifier\"\n\ngcloud run deploy pipeline-notifier \\\n  --image=\"$(ko publish .)\" \\\n  --args=-serve \\\n  --region us-central1 \\\n  --project \"\u003cyour project\u003e\"\n```\n\nYou can see an example automated deployment in `./hacks/deploy-cloud-run.sh`\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fchainguard-dev%2Fkolide-pipeline-bot","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fchainguard-dev%2Fkolide-pipeline-bot","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fchainguard-dev%2Fkolide-pipeline-bot/lists"}