Self-Remediation via Okta
Engage end-users during auth to self-remediate issues
Security & Compliance Checks
Monitor your entire Linux, Mac, and Windows fleet
Device Inventory
Your fleet represented in thousands of data points
Implement Zero Trust Access
Prevent unsecure devices from accessing your apps
Achieve 100% Device Compliance
Measure, achieve, and maintain your compliance goals
Gain Fleet Visibility
Become "all knowing" across Linux, Mac, and Windows
Help / Docs Product Changelog App Security Company
From the blog

Blog

Contents

Changelog

Summer Tapas: Inventory, Privacy Center, and API Improvements

Jason Meller
July 7th, 2022

Happy summer to everyone in the Northern Hemisphere! With vacation plans in full swing, you may have missed several improvements we’ve shipped to the app this week. Let me get you up to speed!

A New Navigation

Let’s start at the top; by that, I mean the literal top of the app. You may have noticed that we recently made some changes to how we organize the primary navigation:

The biggest change is that we’ve broken out Inventory into two distinct sections, Devices and People. We plan on expanding the capabilities of how you manage People and their associated Slack identities in Kolide, and throwing everything under the moniker Inventory didn’t make sense anymore.

Don’t worry; we haven’t touched any URLs, so all your bookmarks and saved links will still go to the correct place. We also tweaked the icon for Onboarding to better connect it to the Slack feature it relates to.

Reporting Beta and Better Device Property Docs

Exploring Device Properties is one of the most used features in Kolide and allows you to become all-knowing about the devices in your fleet.

While we’ve been continually adding new Device Properties, we’ve also been working diligently to meticulously document them in a codified DB schema in a feature called Reporting DB.

To take advantage of this new documentation, we are now opening up an early preview of the Reporting DB to all customers and linking the docs to the relevant Device Properties you already have access to. Here is an example:

A Device Property with additional documentation will have a dotted underline. Hover over it, and you get a brief description and then links to additional documentation.

If you click View Schema in the link above, you will be whisked away to the new Reporting DB feature and have each column in the table broken down in detail.

The detailed schema can give you a sense of what each column means and even how the data is sourced. In this case, many columns we include are actually not sourced from the device but the VSCode Marketplace!

If you click Read Description, you will be sent to our new Device Properties listing on Kolide.com, which features detailed descriptions, example queries, and a rationale for collecting the data.

The new Device Properties section of Kolide.com features detailed write-ups about many of the Device Properties Kolide can collect.

Finally, if you click the Explore with SQL button in the Device Property’s table, you can write your own queries against the raw data. This enables you to perform complex cross-table joins, aggregations, and transformations that you cannot do by simply querying the agents directly with Live Query.

The new Reporting DB is still in beta, but we’d love to get your feedback as we continue to make improvements!

We plan to improve our Device Property documentation further and integrate it with the Reporting DB experience. We believe writing your own queries against the data Kolide collects will be a powerful concept and would love your feedback on this beta feature so we can refine it over the course of this year.

More Details about Checks in the Issues API and Webhooks

If you are a user of our API or Webhooks features, you may be excited to learn that we now include more details about a Check when you query for a specific Issue.

Starting this week, we now include the entirety of the Check API response under the key check: when enumerating an Issue in the API. The new response looks like this:

{
  "id": 1,
  "check_id": 75659,
  "issue_key": "username",
  "issue_value": "quinn",
  "title": "Google Chrome is out of date",
  "value": {
    "uid": "501",
    "path": "/Users/quinn/Library/Application Support/Google/Chrome/Local State",
    "newest": "0",
    "username": "antigonisinanis",
    "chrome_running": "1",
    "most_recent_update": "103.0.5060.114",
    "update_released_at": "2022-06-21",
    "KOLIDE_CHECK_STATUS": "FAIL",
    "current_running_version": "102.0.5005.115",
    "assumed_next_release_epoch": "1655840041"
  },
  "ignored": false,
  "escalation_status": "Not Escalated",
  "resolved_at": null,
  "timestamp": "2022-06-24T21:54:23.814Z",
  "first_notified_owner_at": null,
  "grace_period_expiration": "2022-06-24T21:54:23.814Z",
  "device": {...},
  "check": {
    "id": 75659,
    "failing_device_count": 1,
    "display_name": "Google - Require Google Chrome is up-to-date",
    "name": "Require Google Chrome is up-to-date",
    "description": "The Google Chrome web browser has been the target of continued attacks by malicious actors looking to exploit vulnerabilities.  This check looks for devices that are running Chrome, and have had a pending update for at least 3 days. It will only generate issues on devices where Google Chrome is running.",
    "compatibility": [
      "macOS",
      "Windows",
      "Linux"
    ],
    "topics": [
      "security-updates"
    ],
    "tags": [],
    "check_tags": [],
    "notification_strategy": "Notifications Off",
    "notification_grace_period": null
  }
}

Additionally, Issue webhooks include pertinent information about their related Checks. Here is an example of the issues.ignored webhook with this new data:

{
    "event": "issues.ignored",
    "id": "01G7A8E1JSGBQ71Q7V3Q6X1VME",
    "timestamp": "2022-07-06T17:20:27Z",
    "data": {
        "issue_id": 10,
        "title": "macOS Automatic Updates Improperly Configured",
        "device_id": 2,
        "check_id": 69,
        "device": {...},
        "check": {
            "id": 69,
            "name": "macOS Software Update - Require Automatic Updates Be Enabled",
            "notification_strategy": "Notifications Off",
            "tags": []
        }
    }
}

We hope you find these additions valuable so you can perform fewer additional API lookups just to get the information you need to process data from Kolide.

There are a few places where we try to use your organization’s logo to make it easier to understand what’s happening. For example, if you use SAML-based SSO to sign into Kolide, you see a screen that tells you are being redirected to your company’s SSO provider. We use your company’s logo on this page to clarify precisely what is happening.

In the past, we just took our best guess at your organization’s logo, but if we didn’t do a good job, you were just stuck with it. But no more! Starting this week, you can customize the logo by visiting your Company’s profile in Settings (accessible to users with full access to Kolide).

Admins can now customize their company’s logo in settings.

New Privacy Center Actions for End Users

Last but not least, I am excited to announce we’ve added some additional features to the Devices section of the End User Privacy Center. These new additions should help end users self-resolve two common situations that come up when personal devices are enrolled in Kolide.

Change Ownership Status

When an end user enrolls their device into Kolide via the Slack app, they are asked to choose if it’s a device owned personally or their employer owns. In the former case, we do not allow Kolide admins to re-assign the device to someone else.

Sometimes though, end users may mistakenly claim a device is owned by them when in fact, it is owned by their company. Previously, this was a state that was challenging to recover from because admins are not allowed to change the ownership of a personally owned device to company-owned.

To help, we now allow end users to access the Privacy Center and change the ownership of any personal device back to company-owned.

If an end user accidentally marks a company-owned device as user-owned, they can correct it in the Privacy Center.

Removing Accidentally Enrolled Personal Devices

While rare, sometimes end users enroll the wrong device into Kolide. After realizing this, users often feel stressed and need to ask either Kolide’s support or an admin on their team to help them remove the device.

Instead of forcing them to wait for someone else if a device is marked as personally owned, we now offer the end user the ability to remove their device and associated data on their own.

End Users receive instructions on how to remove the Kolide agent so that it doesn’t re-enroll after the removal.

Both the end user and all full-access Kolide admins will receive a proactive email notification about the voluntary removal. Additionally, audit logs are generated for both admins and end users (accessible in the Privacy Center sidebar)

In this update, there was a little something for everyone, and we have more planned before the summer is over. Stay tuned!

Share this story:

More articles you
might enjoy:

Changelog
New Inventory: Windows Defender and XProtect Reports
Kolide
Changelog
Support for the New M1 MacBook Pros
Kolide
Changelog
New Inventory: Microsoft Office Add-Ins
Kolide
Watch a Demo
Zero Trust Access
Designed for Okta
Watch a Demo