Title
#general
t

Tilman Bender

03/02/2022, 3:41 PM
Is there anybody in here running osuqery + fleetdm, but NOT using orbit? If so could you explain wh and what you are using instead?
j

Juan Alvarez

03/02/2022, 4:14 PM
we use the core osquery, didnt have the time to look into orbit yet.
Tomas Touceda

Tomas Touceda

03/02/2022, 4:41 PM
what you are using instead?
you mean for keeping osquery updated?
s

seph

03/02/2022, 5:42 PM
I’m not a Fleet person, but I am a Kolide person. I would bet there’s a chunk of people using bare osquery. And a chunk of people still using Kolide’s Launcher.
defensivedepth

defensivedepth

03/02/2022, 6:26 PM
Security Onion is still using Kolide Launcher
6:26 PM
(With FleetDM)
t

Tilman Bender

03/03/2022, 8:25 AM
Thank you. I jumped into fleetdm with little to now knoweldge of osuery and the whole history of fleetdm with kolide. I just noticed when deploying that orbit was not signed binary and started wondering if there are other options
r

ryan

03/03/2022, 7:33 PM
We use the core osquery + fleetdm and push osquery updates with our MDM.
s

seph

03/04/2022, 12:34 AM
You may do better on #fleet. But... Orbit packages unsigned? Are these things you're building for your site? If so, they'll have hard coded secrets for you, and thus cannot have already been signed. I'd have expected orbit to have tools to sign them, but I don't know their process.
zwass

zwass

03/04/2022, 5:00 PM
There are signing tools for Orbit packages on macOS. Still working on signing for every platform.