From 3b7f56347baeb3e6956feb1db33fdf4335b69e0c Mon Sep 17 00:00:00 2001 From: Tim Smith Date: Fri, 10 Nov 2023 11:46:01 -0800 Subject: [PATCH] Improve the data query titles They're queries. We don't need to say retrieved. It's implied. Signed-off-by: Tim Smith --- core/mondoo-aws-incident-response.mql.yaml | 18 ++++---- core/mondoo-aws-inventory.mql.yaml | 38 ++++++++-------- core/mondoo-github-incident-response.mql.yaml | 18 ++++---- core/mondoo-kubernetes-inventory.mql.yaml | 44 +++++++++---------- core/mondoo-linux-inventory.mql.yaml | 42 +++++++++--------- core/mondoo-macos-inventory.mql.yaml | 26 +++++------ core/mondoo-slack-inventory.mql.yaml | 2 +- ...tls-certificate-incident-response.mql.yaml | 12 ++--- .../mondoo-windows-incident-response.mql.yaml | 10 ++--- core/mondoo-windows-inventory.mql.yaml | 20 ++++----- 10 files changed, 115 insertions(+), 115 deletions(-) diff --git a/core/mondoo-aws-incident-response.mql.yaml b/core/mondoo-aws-incident-response.mql.yaml index d1ea79f..6e5b2d3 100644 --- a/core/mondoo-aws-incident-response.mql.yaml +++ b/core/mondoo-aws-incident-response.mql.yaml @@ -29,17 +29,17 @@ packs: - asset.platform == "aws" queries: - uid: mondoo-incident-response-aws-account-id - title: Retrieve AWS account ID + title: AWS account ID mql: | aws.account.id - uid: mondoo-incident-response-aws-enabled-regions - title: Retrieve all regions enabled in the AWS account + title: All regions enabled in the AWS account docs: desc: | This query retrieves all AWS regions enabled in the account mql: aws { regions } - uid: mondoo-incident-response-aws-user-info - title: Retrieve data for users with console access + title: IAM users with console access docs: desc: | This query retrieves data for users with console access. The following fields are retrieved: @@ -59,7 +59,7 @@ packs: mfaActive } - uid: mondoo-incident-response-aws-iam-users-multiple-keys - title: Retrieve data for IAM users with API access + title: IAM users with API access docs: desc: | This query retrieves all of the IAM users that have API access along with the following fields: @@ -89,7 +89,7 @@ packs: accessKey2LastRotated } - uid: mondoo-incident-response-aws-iam-administrator-access - title: Retrieve data on IAM users, groups, and roles to which the AdministratorAccess policy is attached + title: IAM users, groups, and roles to which the AdministratorAccess policy is attached docs: desc: | This query retrieves all IAM users, groups, and roles with the `AdministratorAccess` role attached. @@ -101,7 +101,7 @@ packs: attachedRoles } - uid: mondoo-incident-response-aws-iam-full-access - title: Retrieve data on IAM users, groups, and roles to which any 'FullAccess' policy is attached + title: IAM users, groups, and roles to which any 'FullAccess' policy is attached docs: desc: | This query retrieves all IAM users, groups, and roles with an AWS FullAccess role attached. @@ -117,7 +117,7 @@ packs: } - uid: mondoo-incident-response-aws-ec2-instances-public-ip - title: Retrieve EC2 instances that have a public IP address + title: EC2 instances that have a public IP address docs: desc: | This query retrieves all EC2 instances that have a public IP address attached along with the following fields: @@ -157,7 +157,7 @@ packs: tags } - uid: mondoo-incident-response-aws-ec2-instances-without-tags - title: Retrieve EC2 instances that do not have tags configured + title: EC2 instances that do not have tags configured docs: desc: | This query retrieves all EC2 instances that do not have tags configured, along with the following fields: @@ -181,7 +181,7 @@ packs: state } - uid: mondoo-incident-response-aws-s3-buckets-public - title: Retrieve all S3 buckets that are public + title: S3 buckets that are public docs: desc: | This query retrieves all S3 buckets that are configured with public access and returns the following fields: diff --git a/core/mondoo-aws-inventory.mql.yaml b/core/mondoo-aws-inventory.mql.yaml index bc088d2..a5592d2 100644 --- a/core/mondoo-aws-inventory.mql.yaml +++ b/core/mondoo-aws-inventory.mql.yaml @@ -19,81 +19,81 @@ packs: - asset.platform == "aws" queries: - uid: mondoo-asset-inventory-aws-account-id - title: Retrieve AWS account ID + title: AWS account ID mql: | aws.account.id - uid: mondoo-asset-inventory-aws-enabled-regions - title: Retrieve all regions enabled in the AWS account + title: Regions enabled in the AWS account docs: desc: | This query retrieves all AWS regions enabled in the account mql: aws { regions } - uid: mondoo-asset-inventory-aws-vpcs - title: Retrieve data on all VPCs + title: VPCs docs: desc: | This query retrieves all of the configuration data for AWS VPCs mql: aws.vpcs - uid: mondoo-asset-inventory-aws-iam-users - title: Retrieve data for all IAM users + title: IAM users docs: desc: | This query retrieves data for all IAM users mql: aws.iam.users - uid: mondoo-asset-inventory-aws-iam-groups - title: Retrieve data for IAM groups + title: IAM groups docs: desc: | This query retrieves all of the IAM groups. mql: aws.iam.groups - uid: mondoo-asset-inventory-aws-iam-roles - title: Retrieve data on all IAM Roles + title: IAM roles docs: desc: | This query retrieves all IAM Roles mql: aws.iam.roles - uid: mondoo-asset-inventory-aws-iam-policies - title: Retrieve data on all attached IAM Policies + title: Attached IAM policies docs: desc: | This query retrieves all IAM policies attached to a user, group, or role. mql: aws.iam.policies.where( attachmentCount > 0 ) - uid: mondoo-asset-inventory-aws-ec2-security-groups - title: Retrieve data on all AWS EC2 Security Groups + title: EC2 Security Groups docs: desc: | This query retrieves all AWS EC2 Security Groups mql: aws.ec2.securityGroups - uid: mondoo-asset-inventory-aws-ec2-volumes - title: Retrieve data on all AWS EC2 volumes + title: EBS volumes docs: desc: | - This query retrieves all AWS EC2 volumes + This query retrieves all AWS EBS volumes mql: aws.ec2.volumes - uid: mondoo-asset-inventory-aws-ec2-retrieve-all-data - title: Retrieves all running EC2 instances + title: Running EC2 instances mql: aws.ec2.instances.where( state == "running" ) - uid: mondoo-asset-inventory-aws-rds-dbclusters-all-data - title: Retrieve the configuration for all RDS Database Clusters + title: RDS database clusters configuration mql: aws.rds.dbClusters - uid: mondoo-asset-inventory-aws-rds-dbinstances-all-data - title: Retrieve the configuration for all RDS Database Instances + title: RDS database instances mql: aws.rds.dbInstances - uid: mondoo-asset-inventory-aws-s3-retrieve-all-data - title: Retrieve the configuration for all S3 buckets + title: S3 buckets mql: aws.s3.buckets - uid: mondoo-asset-inventory-aws-eks-clusters - title: Retrieve the configuration for all AWS EKS clusters + title: EKS clusters mql: aws.eks.clusters - uid: mondoo-asset-inventory-aws-lambda - title: Retrieve the configuration for all AWS lambda functions + title: Lambda functions mql: aws.lambda.functions - uid: mondoo-asset-inventory-aws-access-analyzer - title: Retrieve the configuration for all AWS Access Analyzers + title: Access Analyzers mql: aws.accessAnalyzer.analyzers - uid: mondoo-asset-inventory-aws-acm-certificates - title: Retrieve the configuration for all AWS Certificate Manager certificates + title: Certificate Manager certificates mql: aws.acm.certificates - uid: mondoo-asset-inventory-aws-cloudtrail-trails - title: Retrieve the configuration for all AWS CloudTrail trails + title: CloudTrail trails mql: aws.cloudtrail.trails diff --git a/core/mondoo-github-incident-response.mql.yaml b/core/mondoo-github-incident-response.mql.yaml index ac940d6..9205372 100644 --- a/core/mondoo-github-incident-response.mql.yaml +++ b/core/mondoo-github-incident-response.mql.yaml @@ -34,26 +34,26 @@ packs: - asset.platform == "github-org" queries: - uid: mondoo-incident-response-github-org-name - title: Retrieve GitHub Organization Name + title: GitHub Organization Name mql: | github.organization.name - uid: mondoo-incident-response-github-org-login - title: Retrieve GitHub Organization Login + title: GitHub Organization Login mql: | github.organization.login - uid: mondoo-incident-response-github-org-description - title: Retrieve GitHub Organization description + title: GitHub Organization description mql: | github.organization.description - uid: mondoo-incident-response-github-org-mfa-status - title: Retrieve GitHub Organization MFA status + title: GitHub Organization MFA status docs: desc: | This query retrieves whether MFA is required for users of the organization. mql: | github.organization.twoFactorRequirementEnabled - uid: mondoo-incident-response-github-org-owners - title: Retrieve GitHub Organization Owners + title: GitHub Organization Owners docs: desc: | This query retrieves all GitHub organization owners. @@ -61,7 +61,7 @@ packs: github.organization.owners.length github.organization { owners { name email login } } - uid: mondoo-incident-response-github-org-members - title: Retrieve GitHub Organization Members + title: GitHub Organization Members docs: desc: | This query retrieves all of the members of the GitHub organization. @@ -77,7 +77,7 @@ packs: } } - uid: mondoo-incident-response-github-org-teams - title: Retrieve GitHub Organization Teams + title: GitHub Organization Teams docs: desc: | This query retrieves all GitHub organization teams. @@ -96,7 +96,7 @@ packs: } } - uid: mondoo-incident-response-github-private-repos - title: Retrieve GitHub Organization private repositories + title: GitHub Organization private repositories docs: desc: | This query retrieves all of the public repositories within the GitHub organization. The query returns the repo's name and whether the default branch is [protected](https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/defining-the-mergeability-of-pull-requests/about-protected-branches) using protection rules. @@ -110,7 +110,7 @@ packs: } } - uid: mondoo-incident-response-github-packages - title: Retrieve GitHub Organization private repositories + title: GitHub Organization private repositories docs: desc: | This query retrieves the packages published to GHCR.io. diff --git a/core/mondoo-kubernetes-inventory.mql.yaml b/core/mondoo-kubernetes-inventory.mql.yaml index 7ac10e0..e1d7532 100644 --- a/core/mondoo-kubernetes-inventory.mql.yaml +++ b/core/mondoo-kubernetes-inventory.mql.yaml @@ -32,31 +32,31 @@ packs: - asset.platform == "kubernetes" || asset.platform == "k8s-cluster" queries: - uid: k8s-cluster-version - title: Retrieve Kubernetes cluster version + title: Kubernetes cluster version mql: | k8s.serverVersion - uid: k8s-cluster-namespaces - title: Retrieve Kubernetes cluster namespaces + title: Kubernetes cluster namespaces mql: | k8s.namespaces - uid: k8s-cluster-nodes - title: Retrieve cluster modes + title: Cluster modes mql: | k8s.nodes - uid: k8s-cluster-clusterroles - title: Retrieve cluster RBAC ClusterRoles + title: Cluster RBAC ClusterRoles mql: | k8s.clusterroles - uid: k8s-cluster-roles - title: Retrieve RBAC Roles + title: RBAC Roles mql: | k8s.roles - uid: k8s-cluster-clusterrolebindings - title: Retrieve RBAC cluster-rolebindings + title: RBAC cluster-rolebindings mql: | k8s.clusterrolebindings - uid: k8s-cluster-rolebindings - title: Retrieve RBAC rolebindings + title: RBAC rolebindings mql: | k8s.rolebindings - title: Pods inventory @@ -64,11 +64,11 @@ packs: - asset.platform == "k8s-pod" queries: - uid: k8s-pod - title: Retrieve Pod information + title: Pod information mql: | k8s.pod - uid: k8s-pod-container - title: Retrieve container information + title: Container information mql: | k8s.pod.containers - title: Deployments inventory @@ -76,11 +76,11 @@ packs: - asset.platform == "k8s-deployment" queries: - uid: k8s-deployment - title: Retrieve deployment information + title: Deployment information mql: | k8s.deployments - uid: k8s-deployment-container - title: Retrieve container information + title: Container information mql: | k8s.deployment.containers { * } - title: CronJobs inventory @@ -88,11 +88,11 @@ packs: - asset.platform == "k8s-cronjob" queries: - uid: k8s-cronjob - title: Retrieve CronJob information + title: CronJob information mql: | k8s.cronjob { * } - uid: k8s-cronjob-container - title: Retrieve container information + title: Container information mql: | k8s.cronjob.containers { * } - title: Jobs inventory @@ -100,11 +100,11 @@ packs: - asset.platform == "k8s-job" queries: - uid: k8s-job - title: Retrieve Job information + title: Job information mql: | k8s.job { * } - uid: k8s-job-container - title: Retrieve container information + title: Container information mql: | k8s.job.containers { * } - title: DaemonSets inventory @@ -112,11 +112,11 @@ packs: - asset.platform == "k8s-daemonset" queries: - uid: k8s-daemonset - title: Retrieve DaemonSet information + title: DaemonSet information mql: | k8s.daemonset { * } - uid: k8s-daemonset-container - title: Retrieve container information + title: Container information mql: | k8s.daemonset.containers { * } - title: StatefulSets inventory @@ -124,11 +124,11 @@ packs: - asset.platform == "k8s-statefulset" queries: - uid: k8s-statefulset - title: Retrieve StatefulSet information + title: StatefulSet information mql: | k8s.statefulset { * } - uid: k8s-statefulset-container - title: Retrieve Container information + title: Container information mql: | k8s.statefulset.containers { * } - title: ReplicaSets inventory @@ -136,11 +136,11 @@ packs: - asset.platform == "k8s-replicaset" queries: - uid: k8s-replicaset - title: Retrieve ReplicaSet information + title: ReplicaSet information mql: | k8s.replicaset { * } - uid: k8s-replicaset-container - title: Retrieve container information + title: Container information mql: | k8s.replicaset.containers { * } - title: Ingresses inventory @@ -148,6 +148,6 @@ packs: - asset.platform == "k8s-ingress" queries: - uid: k8s-ingress - title: Retrieve Ingress information + title: Ingress information mql: | k8s.ingress { * } diff --git a/core/mondoo-linux-inventory.mql.yaml b/core/mondoo-linux-inventory.mql.yaml index 258729c..024895c 100644 --- a/core/mondoo-linux-inventory.mql.yaml +++ b/core/mondoo-linux-inventory.mql.yaml @@ -38,76 +38,76 @@ packs: - asset.family.contains("linux") queries: - uid: mondoo-linux-asset-info - title: Retrieve asset information + title: Asset information mql: asset { kind title platform name arch runtime } - uid: mondoo-linux-hostname - title: Retrieve the hostname + title: Hostname mql: os.hostname - uid: mondoo-linux-platform - title: Retrieve the platform + title: Platform mql: asset.platform - uid: mondoo-linux-users - title: Retrieve regular users with shell access + title: Regular users with shell access mql: users.where( shell != "/sbin/nologin" && uid >= 1000 && name != "root") - uid: mondoo-linux-groups-wheel - title: Retrieve members of the wheel group + title: Members of the wheel group mql: groups.where( name == "wheel") { members } - uid: mondoo-linux-installed-kernel - title: Retrieve installed Linux kernels + title: Installed Linux kernels filters: mondoo.capabilities.contains("run-command") mql: kernel.installed - uid: mondoo-linux-kernel-info - title: Retrieve the running Linux kernel + title: Running Linux kernel filters: mondoo.capabilities.contains("run-command") mql: kernel.info - uid: mondoo-linux-kernel-modules - title: Retrieve Linux kernel modules + title: Linux kernel modules mql: kernel.modules { name loaded } - uid: mondoo-linux-processes - title: Retrieve running processes + title: Running processes filters: mondoo.capabilities.contains("run-command") mql: processes { pid command } - uid: mondoo-linux-mounts - title: Retrieve mounted devices + title: Mounted devices mql: mount.list - uid: mondoo-linux-listening-ports - title: Retrieve all listening ports + title: Listening ports filters: mondoo.capabilities.contains("run-command") mql: ports.listening - uid: mondoo-linux-uptime - title: Retrieve operating system uptime + title: Operating system uptime filters: mondoo.capabilities.contains("run-command") mql: os.uptime - uid: mondoo-linux-installed-packages - title: Retrieve installed packages + title: Installed packages mql: packages - uid: mondoo-linux-running-services - title: Retrieve running services + title: Running services mql: services.where( running == true ) - uid: mondoo-linux-interface-configuration - title: Retrieve interface configuration of the system + title: Network interface configuration filters: mondoo.capabilities.contains("run-command") mql: | parse.json(content: command('ip -j a').stdout).params - uid: mondoo-sshd-interface-configuration - title: Retrieve sshd configuration of the system + title: sshd configuration of the system filters: package('openssh-server').installed || package('openssh').installed mql: sshd.config.params - uid: mondoo-linux-system-manufacturer - title: Retrieve the system manufacturer + title: System manufacturer mql: machine.baseboard.manufacturer - uid: mondoo-linux-system-product-name - title: Retrieve the system product name + title: System product name mql: machine.baseboard.product - uid: mondoo-linux-cpu-type - title: Retrieve the type of CPU + title: CPU type mql: | command('cat /proc/cpuinfo | grep "model name" | sort -u | cut -d : -f 2-').stdout.trim - uid: mondoo-linux-root-volume - title: Retrieve the size and filesystem type of the root volume + title: Root volume size and filesystem type mql: | command("df -TH / | grep '/dev' | awk '{ print $3 "+'" "'+" $2 }'").stdout.trim - uid: mondoo-linux-physical-memory - title: Retrieve the amount of physical memory + title: Physical memory size mql: | command("free --mega | grep Mem | awk '{ print $2}'").stdout.trim + "M" diff --git a/core/mondoo-macos-inventory.mql.yaml b/core/mondoo-macos-inventory.mql.yaml index 0df1a7b..29db3bf 100644 --- a/core/mondoo-macos-inventory.mql.yaml +++ b/core/mondoo-macos-inventory.mql.yaml @@ -38,47 +38,47 @@ packs: - asset.platform.contains("macos") queries: - uid: mondoo-macos-machine-model-identifier - title: Retrieve the machine model identifier + title: Machine model identifier mql: | parse.json(content: command('system_profiler SPHardwareDataType -json').stdout).params['SPHardwareDataType'].first['machine_model'] - uid: mondoo-macos-machine-model-name - title: Retrieve the machine model name + title: Machine model name mql: | parse.json(content: command('system_profiler SPHardwareDataType -json').stdout).params['SPHardwareDataType'].first['machine_name'] - uid: mondoo-macos-model-part-number - title: Retrieve the model part number + title: Model part number mql: | parse.json(content: command('system_profiler SPHardwareDataType -json').stdout).params['SPHardwareDataType'].first['model_number'] - uid: mondoo-macos-serial-number - title: Retrieve the system serial number + title: System serial number mql: | parse.json(content: command('system_profiler SPHardwareDataType -json').stdout).params['SPHardwareDataType'].first['serial_number'] - uid: mondoo-macos-cpu-type - title: Retrieve the type of CPU + title: CPU type mql: | parse.json(content: command('system_profiler SPHardwareDataType -json').stdout).params['SPHardwareDataType'].first['chip_type'] - uid: mondoo-macos-physical-memory - title: Retrieve the amount of physical memory + title: Physical memory size mql: | parse.json(content: command('system_profiler SPHardwareDataType -json').stdout).params['SPHardwareDataType'].first['physical_memory'] - uid: mondoo-asset-info - title: Retrieve asset information + title: Asset information mql: asset { kind title platform name arch runtime version } - uid: mondoo-hostname - title: Retrieve the hostname + title: Hostname mql: os.hostname - uid: mondoo-macos-users - title: Retrieve regular users + title: Regular users mql: users.where( name != /^_/ && shell != "/usr/bin/false" && name != "root") - uid: mondoo-macos-packages - title: Retrieve macOS packages + title: Installed packages mql: packages - uid: mondoo-macos-running-services - title: Retrieve data on running services + title: Running services mql: services.where( running == true ) - uid: mondoo-macos-ports-listening - title: Retrieve data on listening ports + title: Listening ports mql: ports.listening - uid: mondoo-macos-interface-configuration - title: Retrieve interface configuration of the system + title: Network interface configuration mql: command("ifconfig").stdout diff --git a/core/mondoo-slack-inventory.mql.yaml b/core/mondoo-slack-inventory.mql.yaml index 119a0e3..76b3a06 100644 --- a/core/mondoo-slack-inventory.mql.yaml +++ b/core/mondoo-slack-inventory.mql.yaml @@ -74,7 +74,7 @@ packs: mql: | slack.users { id name profile["email"] isBot teamId has2FA } - uid: mondoo-slack-inventory-owners - title: Retrieve Slack Team Owners + title: Slack Team Owners docs: desc: | This query retrieves the list of all users with the Owner privilege. diff --git a/core/mondoo-ssl-tls-certificate-incident-response.mql.yaml b/core/mondoo-ssl-tls-certificate-incident-response.mql.yaml index d17e512..49ee974 100644 --- a/core/mondoo-ssl-tls-certificate-incident-response.mql.yaml +++ b/core/mondoo-ssl-tls-certificate-incident-response.mql.yaml @@ -33,26 +33,26 @@ packs: - asset.family.contains('network') queries: - uid: mondoo-ssl-tls-certificate-incident-response-domain-name - title: Retrieve Domain Name + title: Domain Name mql: | tls.domainName - uid: mondoo-ssl-tls-certificate-incident-response-versions - title: Retrieve supported SSL and TLS versions + title: Supported SSL and TLS versions mql: | tls.versions - uid: mondoo-ssl-tls-certificate-incident-response-ciphers - title: Retrieve supported SSl/TLS ciphers + title: Supported SSl/TLS ciphers mql: | tls.ciphers - uid: mondoo-ssl-tls-certificate-incident-response-signing-algo - title: Retrieve the signature algorithm of all certificates in the certificate chain + title: Signature algorithm of all certificates in the certificate chain mql: | tls.certificates { signingAlgorithm subject.commonName } - uid: mondoo-ssl-tls-certificate-incident-response-is-revoked - title: Retrieve revoked, verified, and CA status of all certificates in the certificate chain + title: Revoked, verified, and CA status of all certificates in the certificate chain mql: | tls.certificates { subject.commonName @@ -61,7 +61,7 @@ packs: isVerified } - uid: mondoo-ssl-tls-certificate-incident-response-when-expire - title: Retrieve the expiration dates for all certificates in the certificate chain + title: Expiration dates for all certificates in the certificate chain mql: | tls.certificates { subject.commonName diff --git a/core/mondoo-windows-incident-response.mql.yaml b/core/mondoo-windows-incident-response.mql.yaml index 8d1e632..d9c0492 100644 --- a/core/mondoo-windows-incident-response.mql.yaml +++ b/core/mondoo-windows-incident-response.mql.yaml @@ -16,17 +16,17 @@ packs: - asset.platform == "windows" queries: - uid: mondoo-windows-incident-response-installed-hotfixes - title: Retrieve installed hotfixes + title: Installed hotfixes mql: windows.hotfixes { hotfixId installedOn } - uid: mondoo-windows-incident-response-uptime - title: Retrieve operating system uptime + title: Operating system uptime mql: os.uptime - uid: mondoo-windows-incident-response-installed-packages - title: Retrieve list of installed packages + title: Installed packages mql: packages - uid: mondoo-windows-incident-response-interface-configuration - title: Retrieve all Windows Computer/System information + title: Windows Computer/System information mql: windows.computerInfo - uid: mondoo-windows-incident-response-running-services - title: Retrieve running services + title: Running services mql: services diff --git a/core/mondoo-windows-inventory.mql.yaml b/core/mondoo-windows-inventory.mql.yaml index 6cbe9a3..6b6c89b 100644 --- a/core/mondoo-windows-inventory.mql.yaml +++ b/core/mondoo-windows-inventory.mql.yaml @@ -38,32 +38,32 @@ packs: - asset.platform.contains("windows") queries: - uid: mondoo-windows-asset-info - title: Retrieve asset information + title: Asset information mql: asset { kind title platform name arch runtime } - uid: mondoo-windows-hostname - title: Retrieve the hostname + title: Hostname mql: os.hostname - uid: mondoo-windows-users - title: Retrieve regular users + title: Regular users mql: users - uid: mondoo-windows-packages - title: Retrieve installed packages + title: Installed packages mql: packages - uid: mondoo-windows-hotfixes - title: Retrieve all installed Windows hotfixes + title: All installed Windows hotfixes mql: windows.hotfixes { hotfixId installedOn } - uid: mondoo-windows-features - title: Retrieve all installed Windows features + title: Installed Windows features mql: windows.features - uid: mondoo-windows-running-services - title: Retrieve data on running services + title: Running services mql: services.where( running == true ) - uid: mondoo-windows-ports-listening - title: Retrieve data on listening ports + title: Listening ports mql: ports.listening - uid: mondoo-windows-interface-configuration - title: Retrieve interface configuration of the system + title: Network interfaces mql: windows.computerInfo['CsNetworkAdapters'] - uid: mondoo-windows-computer-info - title: Retrieve all Windows Computer/ System information + title: Windows Computer/ System information mql: windows.computerInfo