At the heart of everything we do at Kolide is osquery. Our goal has always been to make it easier to access the powerful data and insights osquery provides. To that end, we've created two distinct platforms - Kolide Fleet and Kolide K2.
There is a common misconception that K2 is simply a hosted version of Kolide Fleet, but other than their mutual utilization of Launcher (https://github.com/kolide/launcher) and osquery, they have little to no overlap in code.
Kolide Fleet is a fully open source osquery management tool. Used by itself, or in combination with Launcher, Fleet provides a web GUI for deploying and managing osquery to your fleet. Fleet is a hands-on tool that requires you to setup and maintain your own servers. In addition, we leave it completely up to you to decide what data you find valuable, and what to do with that data. Support for Fleet, Launcher, and osquery itself is available in the osquery Slack community. Members of our team are active in the #kolide channel. We offer no direct support for this product.
K2 (Kolide) is a paid cloud-hosted SaaS platform for gathering detailed device information across all 3 major platforms. K2 is a rewrite from the ground up, built around the desire to provide a User Focused Security platform. This meant providing an avenue to notify and educate end-users on security best practices. We incorporated a Slackbot to alert your end users when their device is out of compliance, with detailed steps on how to remediate. K2 still retains the core functionality of Fleet with access to osquery power-user tools such as:
- Live Query
- Query Packs
- Configurable Osquery Options
- Configurable Log Output
It seeks to improve upon each of those features and further refine their experiences (for example Live Query reports errors of malformed or incomplete queries per device).The expansion of features include:
- Automatic Device to User Assignment (across all 3 platforms)
- Integration with G Suite / Slack
- Built-in notification functionality (including reaching out to end users with self-fix instructions)
- Persistently browsable and enriched data via a feature we call Inventory (eg. What chrome extensions are installed across my environment? Without having to run a Live Query or rebuild log output)
- Prebuilt packages that automatically enroll into the environment
- Automatic Slack-based onboarding (Helpful for organizations that do not have a software distribution method)
- Dedicated Support
- Audit Logging
- A dedicated Privacy Center, which allows end-users to see what data from their device is being collected by the osquery agent, and who in their organization has access to that data
If you have run Fleet already, the easiest way to see the differences, is by signing up for a trial and enrolling a small test suite of devices in K2. We don't require any payment method up front, so you can noodle around for 30 days to get a better idea of which is a better fit for your environment. https://k2.kolide.com/signup