Skip to content

Commit

Permalink
🧹 fix asset filters in asset-count query pack
Browse files Browse the repository at this point in the history 
Signed-off-by: Patrick Münch <[email protected]>
  • Loading branch information
@atomic111
atomic111 committed Aug 1, 2023
1 parent d495d50 commit decb4df
Showing 1 changed file with 46 additions and 3 deletions.
49 changes: 46 additions & 3 deletions extra/mondoo-asset-count.mql.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,11 @@ packs:
filters: asset.platform == 'azure' || asset.platform == 'microsoft365'
queries:
- uid: mondoo-asset-count-on-azure
- uid: mondoo-count-users-in-azure
- uid: mondoo-count-users-in-azure
- title: Windows Active Directory asset counts
filters: asset.platform == "windows"
queries:
- uid: mondoo-asset-count-in-windows-domain
- title: AWS asset counts
filters: asset.platform == "aws"
queries:
Expand Down Expand Up @@ -79,165 +83,204 @@ packs:
azuread.users.length
- uid: mondoo-asset-count-aws-account-id
filters: asset.platform == "aws"
title: AWS account ID
mql: aws.account.id

- uid: mondoo-asset-count-aws-acm-certificates
filters: asset.platform == "aws"
title: AWS ACM Certificates
mql: aws.acm.certificates.length

- uid: mondoo-asset-count-aws-acm-certificates
filters: asset.platform == "aws"
title: AWS ACM Certificates
mql: aws.acm.certificates.length

- uid: mondoo-asset-count-aws-api-gateways
filters: asset.platform == "aws"
title: AWS API Gateways
mql: aws.apigateway.restApis.length

- uid: mondoo-asset-count-aws-autoscaling-groups
filters: asset.platform == "aws"
title: AWS Autoscaling Groups (not created by Mondoo)
mql: aws.autoscaling.groups.where( name != "mondoo-scanning-asg" ).length

- uid: mondoo-asset-count-aws-iam-users
filters: asset.platform == "aws"
title: AWS IAM users
mql: aws.iam.users.length

- uid: mondoo-asset-count-aws-iam-groups
filters: asset.platform == "aws"
title: AWS IAM groups
mql: aws.iam.groups.length

- uid: mondoo-asset-count-aws-iam-policies
filters: asset.platform == "aws"
title: AWS IAM custom policies
mql: |
aws_account = aws.account.id
aws.iam.policies.where( arn.contains(aws_account)).length
- uid: mondoo-asset-count-aws-active-regions
filters: asset.platform == "aws"
title: AWS Regions Active
mql: aws.regions.length

- uid: mondoo-asset-count-aws-ec2-instances
filters: asset.platform == "aws"
title: AWS EC2 Instances
mql: aws.ec2.instances.length

- uid: mondoo-asset-count-aws-s3-buckets
filters: asset.platform == "aws"
title: AWS S3 Buckets
mql: aws.s3.buckets.length

- uid: mondoo-asset-count-aws-vpcs
filters: asset.platform == "aws"
title: AWS VPCs
mql: aws.vpcs.length

- uid: mondoo-asset-count-aws-security-groups
filters: asset.platform == "aws"
title: AWS Security Groups
mql: aws.ec2.securityGroups.length

- uid: mondoo-asset-count-aws-eks-clusters
filters: asset.platform == "aws"
title: AWS Elastic Kubernetes Clusters (EKS)
mql: aws.eks.clusters.length

- uid: mondoo-asset-count-aws-private-ecr-container-registries
filters: asset.platform == "aws"
title: AWS Private Elastic Container Registries (ECR)
mql: aws.ecr.privateRepositories.length

- uid: mondoo-asset-count-aws-public-ecr-container-registries
filters: asset.platform == "aws"
title: AWS Public Elastic Container Registries (ECR)
mql: aws.ecr.publicRepositories.length

- uid: mondoo-asset-count-aws-ecr-container-images
filters: asset.platform == "aws"
title: AWS Elastic Container Images (ECR)
mql: aws.ecr.images.length

- uid: mondoo-asset-count-aws-rds-dbclusters
filters: asset.platform == "aws"
title: AWS RDS Database Clusters
mql: aws.rds.dbClusters.length

- uid: mondoo-asset-count-aws-cloudtrails
filters: asset.platform == "aws"
title: AWS CloudTrails
mql: aws.cloudtrail.trails.length

- uid: mondoo-asset-count-aws-dynamodb-tables
filters: asset.platform == "aws"
title: AWS DynamoDB Tables
mql: aws.dynamodb.tables.length

- uid: mondoo-asset-count-aws-dynamodb-global-tables
filters: asset.platform == "aws"
title: AWS DynamoDB Global Tables
mql: aws.dynamodb.globalTables.length

- uid: mondoo-asset-count-aws-ecs-clusters
filters: asset.platform == "aws"
title: AWS ECS Clusters
mql: aws.ecs.clusters.length

- uid: mondoo-asset-count-aws-ecs-container-instances
filters: asset.platform == "aws"
title: AWS ECS Container Instances
mql: aws.ecs.containerInstances.length

- uid: mondoo-asset-count-aws-ecs-containers
filters: asset.platform == "aws"
title: AWS ECS Containers
mql: aws.ecs.containers.length

- uid: mondoo-asset-count-aws-efs-filesystems
filters: asset.platform == "aws"
title: AWS EFS Filesystems
mql: aws.efs.filesystems.length

- uid: mondoo-asset-count-aws-elasticache-clusters
filters: asset.platform == "aws"
title: AWS ElastiCache Clusters
mql: aws.elasticache.clusters.length

- uid: mondoo-asset-count-aws-elasticache-cache-clusters
filters: asset.platform == "aws"
title: AWS ElastiCache Cache Clusters
mql: aws.elasticache.cacheClusters.length

- uid: mondoo-asset-count-aws-elb-application
filters: asset.platform == "aws"
title: AWS Elastic Application Load Balancers
mql: aws.elb.loadBalancers.length

- uid: mondoo-asset-count-aws-elb-classic
filters: asset.platform == "aws"
title: AWS Elastic Classic Load Balancers
mql: aws.elb.classicLoadBalancers.length

- uid: mondoo-asset-count-aws-emr-clusters
filters: asset.platform == "aws"
title: AWS Elastic Map Reduce Clusters
mql: aws.emr.clusters.length

- uid: mondoo-asset-count-aws-es-domains
filters: asset.platform == "aws"
title: AWS Elasticsearch Service Domain
mql: aws.es.domains.length

- uid: mondoo-asset-count-aws-guardduty-detectors
filters: asset.platform == "aws"
title: AWS Guard Duty Detectors
mql: aws.guardduty.detectors.length

- uid: mondoo-asset-count-aws-kms-keys
filters: asset.platform == "aws"
title: AWS KMS Keys
mql: aws.kms.keys.length

- uid: mondoo-asset-count-aws-redshift-clusters
filters: asset.platform == "aws"
title: AWS Redshift Clusters
mql: aws.redshift.clusters.length

- uid: mondoo-asset-count-aws-sagemaker-endpoints
filters: asset.platform == "aws"
title: AWS SageMaker Endpoints
mql: aws.sagemaker.endpoints.length

- uid: mondoo-asset-count-aws-sagemaker-notebook-instances
filters: asset.platform == "aws"
title: AWS SageMaker Notebook Instances
mql: aws.sagemaker.notebookInstances.length

- uid: mondoo-asset-count-aws-secrets-manager-secrets
filters: asset.platform == "aws"
title: AWS Secrets Manager Secrets
mql: aws.secretsmanager.secrets.length

- uid: mondoo-asset-count-aws-security-hub
filters: asset.platform == "aws"
title: AWS Security Hub
mql: aws.securityhub.hubs.length

- uid: mondoo-asset-count-aws-sns-topics
filters: asset.platform == "aws"
title: AWS SNS Topics
mql: aws.sns.topics.length

- uid: mondoo-asset-count-in-windows-domain
title: Retrieve all computer object from the Windows domain
filters: asset.platform == "windows" && windows.computerInfo['OsProductType'] == 2
filters: asset.platform == "windows"
query: |
parse.json(content: powershell('Get-ADComputer -Filter * -properties * | select Name, Enabled,Operatingsystem,OperatingSystemVersion | ConvertTo-Json').stdout).params
parse.json(content: powershell('$time = (Get-Date).Adddays(-(180));Get-ADComputer -Filter {LastLogonTimeStamp -ge $time} -properties * | select Name,Enabled,OperatingSystem,OperatingSystemVersion,LastLogonDate | ConvertTo-Json').stdout).params

Check failure on line 286 in extra/mondoo-asset-count.mql.yaml

View workflow job for this annotation

GitHub Actions / Run spell check 

`Adddays` is not a recognized word. (unrecognized-spelling)

0 comments on commit decb4df

Please sign in to comment.