Is there anybody in here running osuqery + fleetdm, but NOT using orbit? If so could you explain wh and what you are using instead?

we use the core osquery, didnt have the time to look into orbit yet.

what you are using instead?

you mean for keeping osquery updated?

I’m not a Fleet person, but I am a Kolide person. I would bet there’s a chunk of people using bare osquery. And a chunk of people still using Kolide’s Launcher.

Security Onion is still using Kolide Launcher

Thank you. I jumped into fleetdm with little to now knoweldge of osuery and the whole history of fleetdm with kolide. I just noticed when deploying that orbit was not signed binary and started wondering if there are other options

We use the core osquery + fleetdm and push osquery updates with our MDM.

You may do better on #fleet. But... Orbit packages unsigned? Are these things you're building for your site? If so, they'll have hard coded secrets for you, and thus cannot have already been signed. I'd have expected orbit to have tools to sign them, but I don't know their process.

There are signing tools for Orbit packages on macOS. Still working on signing for every platform.