Does anyone know how much work it takes to build reporting i

Question

Does anyone know how much work it takes to build reporting into the OSS version of Kolide

zwass · Answer

Assuming you are talking about Fleet There is no reporting in Fleet You would configure your logs to go into an aggregation system Splunk ELK etc and then build reports there

Jan Jacobs · Answer

Yes i was talking about fleet i was wondering because the SAAS version has reporting as far as i can see

sundsta · Answer

The SaaS is also not Fleet Separate code base

Jan Jacobs · Answer

Now ik even more confused and all i wanted was reporting see no evil

seph · Answer

What does reporting mean to you Reporting is generally going to be some kind of server side storage aggregation reporting flow As folks have commented the SaaS is a different codebase from Fleet

Jan Jacobs · Answer

yeah and thats why i came here for help wink we are a small MSSP looking to use osquery for security analytics much like uptycs and zercurity they have logging and reporting but they only offer SaaS or very expensive solutions since we are targetting really small to small company s we cant afford to ask them to pay hundreds of dollars a month so i am basicly left with the option of looking into building it ourselves

Jan Jacobs · Answer

We have looked into Wazuh for this which is tightly integrated with ELK but truth be told im no fan of ELK that might be just me ofcourse wink

sundsta · Answer

ELK is a solid option if you re rolling your own solution Alternatively if you want to keep within the SQL ecosystem Postgres+TimescaleDB seems solid There aren t too many free and open source options in that space

Jan Jacobs · Answer

well Postgres sounds good that i know wink

Jan Jacobs · Answer

the problem with Wazuh ELK for me is that i cant seem to get it working and there are scaling issuesin the future that i worry about slightly smiling face and Kibana and me just dont seem to get along