How do we get live query results via web apis

Question

sundsta · Answer

The `fleetctl` tool implements an example of how to do this <https github com kolide fleet blob master cmd fleetctl query go>

Saif Abulkhair · Answer

thanks Any idea if i can get these working without using the cli

CptOfEvilMinions · Answer

< Saif Abulkhair> the Kolide platform is built with Go Kit so most actions performed via the webgui is an API call The Kolide API has not been officially documented but reading the will be helpful I don t have access to my homelab Kolide instance because I am at work but here are some starter curl statements and API endpoints First you need to authenticate yourself `curl X POST https lt Kolide gt api v1 kolide login d Username lt Kolide admin e mail gt Password lt Kolide admin password gt ` When you successfully login you should receive a JWT token which you will use for all future API requests to Kolide Here is the Next you can use the JWT to perform API operations such as getting a list of queries Next request query results using

Saif Abulkhair · Answer

Awesome I wll try thhese pointers and hopefully would come back to thank you again grin

Saif Abulkhair · Answer

< CptOfEvilMinions> this is what i tried and reached

Saif Abulkhair · Answer

1 Login using login endpoint 2 Get the lsit of all queires using queries endpoint 3 Execute one of the query using queries run endpoint and passing the body something like this ` query SELECT name Software Name bundle short version Software version bundle identifier Software publisher FROM apps nwhere bundle identifier not like com apple and npath like Applications ||apps name selected hosts labels 7 ` I can see from code that a websocket gets created and its the websocket which returns the queries results How do i consume the websocket which is generted at runitme

sundsta · Answer

See the `fleetctl` source I linked previously it shows an example of how to do so in Golang