Hi All, I’m working on setting up an endpoint scanning solution and I’d like to hear your opinions on Kolide vs OSQuery. I’m aware many parts of Kolide are free and open source, such as Kolide Fleet, but I’m particularly wondering what kinds of advantages are seen from the paid OSQuery replacement, Kolide. Thanks!

Keep in mind that no part of Kolide is a replacement for osquery. Kolide Launcher (free OSS) is a convenient wrapper around osquery that includes additional features useful to some folks such as autoupdating. Kolide Fleet (free OSS) is an osquery management server that can do configuration management and orchestrate osquery's live query capabilities. Kolide Cloud (paid) uses Launcher (and therefore osquery) to provide a full product (as described on their site).

Ah I misunderstood, I thought “Launcher” was the paid part. Does Kolide Cloud simply offer hosting of Fleet?

No, Kolide Cloud is a completely different product that does have some overlap with Fleet.

@Christian, @zwass knows what's up. He is also the #1 resource for consulting/contracting if you decide to go the on-prem/oss route. If you decide to consider our paid SaaS solution Kolide K2 we offer a 30 day free trial (no payment info required), where you can examine whether it is a good fit. Kolide Fleet (self hosted - OSS) is intended to be an unopinionated osquery fleet manager, whereas Kolide K2 (SaaS) is a full-featured product that attempts to offer the best presentation/experience possible with the data available via osquery. Some of this is by pre-collecting data that we expect is useful and others by enriching data through external sources. An example of this would be, this is the "device detail" in Kolide Fleet vs the device detail in Kolide K2: