Title
#kolide
m

Martin Langhoff

12/29/2020, 3:18 PM
Couple of questions about current Kolide. • does it perform any malware detection, or integrate with malware detection tools? • how does it escalate to admins? Use/test case - if I drop the eicar file on a random laptop monitored by Kolide… • will it be spotted (or, how do I get things set up so that it is spotted)? • will admins be alerted? how?
terracatta

terracatta

12/29/2020, 4:34 PM
does it perform any malware detection, or integrate with malware detection tools?
Kolide is not an antivirus / malware detection platform. While we do occasionally ship checks that detect malware or chrome extensions (when there is poor coverage on traditional solutions) we encourage our customers to use Kolide to monitor the health of the built-in OS antivirus (ex: XProtect and the Malware Removal Tool on macOS and Defender on Microsoft Windows). Kolide can also be used to monitor the health and presence of your own internal AV solution or other endpoint agents (Sophos, CarbonBlack, CrowdStrike)
how does it escalate to admins?
Checks will automatically escalate to admins after a configurable amount of time (I think the default is 3). To a Slack channel you can specify.
Use/test case - if I drop the eicar file on a random laptop monitored by Kolide…
Kolide is not meant to be used for this type of use-case. While it would be possible to write rules to detect an eicar file though FIM or YARA rules, the purpose of Kolide is to help your team implement honest.security and assist with ensuring compliance.
m

Martin Langhoff

12/30/2020, 2:14 PM
excellent, thank you @terracatta
2:16 PM
how does Kolide integrate with XProtect/MRT.app? If those trigger, does Kolide report?