Setup OSQuery Packs on Kolide Fleet
Login to your Kolide Fleet instance using fleetctl:
fleetctl config set --address https://localhost:8080
fleetctl login
Download the osquery repository:
git clone https://github.com/facebook/osquery
Then use fleetctl to convert the packs and upload them to the server one at a time:
mkdir new-packs
fleetctl convert -f osquery/packs/osx-attacks.conf >> new-packs/osx-attacks.yaml
fleetctl apply -f ./new-packs/osx-attacks.yaml
Additional link: https://gist.github.com/marpaia/9e061f81fa60b2825f4b6bb8e0cd2c77
Written on January 12, 2019