I was hoping to avoid dependencies in the Powershel

Question

< zwass> I was hoping to avoid dependencies in the Powershell module code and access kolide directly I haven t tried wrapping PS around fleetctl on windows though Will the kolide API allow for running live queries

zwass · Answer

Sure you can run live queries with the Fleet API That s what the Fleet frontend and `fleetctl` do You can search for old threads in < C1XCLA5DZ|kolide> where I tried to point folks towards those implementations

Jdotmac · Answer

Thanks I was able to get something working pretty quickly I ll check out kolide for Live Query examples as I only tired GETs

zwass · Answer

For the live query you need to open a websocket and reauth for the result stream It s not quite as simple but it s nothing crazy

zwass · Answer

Please post your code when you finish if you are able to

Jdotmac · Answer

Cool thanks for pointing me in the right direction Haven t had a chance to try yet but I see from the JS client example how to go about it I can post a sample in this channel tomorrow

Jdotmac · Answer

I m still struggling with this a bit When setting up the websocket in C I m required to provide a wss scheme url but can t seem to find what url I should use I m seen other implementations that create a tcp connection and send over a special header asking for a connection upgrade but wasn t working for me Any ideas

zwass · Answer

Check this out <https github com kolide fleet blob master server service client live query go L97 L100>

Jdotmac · Answer

Ah perfect Thanks again