Title
#kolide
k

koba

11/04/2020, 1:19 PM
Hi there, I want to uniquely identify which host is being used by which user? Preferably link host ID with user's email. The basic host info that you see on Fleet GUI (screenshot below) does a great job at identify the fact about the machine but contains no information about the user of that machine. I want to see this machine-user mapping as the part of basic host info. Challenges:- • Hostnames and User accounts in my environment are random and does not identify any thing. • I don't have any configuration management solution yet and I would be deploying osquery and connect host with Fleet server via a deployment script (for Mac and Windows). • I will distribute the deployment script to end users via single page web app behind SSO login. The deployment script has to be silent; any level of interactivity would lose user's interest and they may not complete the deployment. So no asking for inputs as far as possible. Options I am considering: - • Change the hostname to identify as the username (extracted from email login) of the machines during the deployment. That way i will see the username as the hostname on the host info card in Fleet GUI. But this may break something that relies on hostname. I was wondering what are some other ways to achieve this? Is there any config file where I can add this extra info (user ABC@xyz.com, hostID: 1231-asdf-1321) to and query it later?
s

seph

11/04/2020, 6:19 PM
This is a problem we’ve grappled a lot with in our SaaS. Obviously, I’m biased, but you should check it out! (https://kolide.com)
6:19 PM
We’ve probably talked about it a bit. We usually call it “User Device Association” there may be some slack comments.
6:20 PM
Yes, if you drop any kind of config file onto local disk, you should be able to read it. The hard part is baking that config file into a signed and notarized package