Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/chainguard-dev/kolide-timeline
Turn Kolide pipeline logs into a timeline
https://github.com/chainguard-dev/kolide-timeline
incident-response kolide timeline
Last synced: about 2 months ago
JSON representation
Turn Kolide pipeline logs into a timeline
- Host: GitHub
- URL: https://github.com/chainguard-dev/kolide-timeline
- Owner: chainguard-dev
- License: apache-2.0
- Created: 2023-05-12T20:49:24.000Z (over 1 year ago)
- Default Branch: main
- Last Pushed: 2023-10-11T23:49:17.000Z (about 1 year ago)
- Last Synced: 2023-10-12T14:40:16.979Z (about 1 year ago)
- Topics: incident-response, kolide, timeline
- Language: Go
- Homepage:
- Size: 178 KB
- Stars: 2
- Watchers: 4
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# kolide-timeline
[](http://github.com/badges/stability-badges)
kolide-timeline generates a timeline in CSV format from Kolide pipeline logs, using both query timestamps and any
timestamps returned by the queries.
This tool is geared toward security investigations and incident response.
## Requirements
* Go v1.20 or newer
## Installation
```shell
go install github.com/chainguard-dev/kolide-timeline/cmd/kolide-timeline@latest
go install github.com/chainguard-dev/kolide-timeline/cmd/copy-from-gs@latest
```
## Usage
Timeline generation assumes that pipeline logs have been locally downloaded:
```
kolide-timeline
```
If your Kolide pipeline logs are stored in Google Cloud Storage, there is a tool to simplify downloading recent logs for a single device:
```
copy-from-gs \
--bucket chainguard-kolide-logs \
--prefix kolide/results \
--device-id=183909 \
--max-age=72h
```
To find the device ID, visit https://k2.kolide.com/, click on the Device, and view its URL: it will end in `/inventory/devices//overview`.