Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improve the data query titles #115

Merged
merged 1 commit into from
Nov 23, 2023
Merged

Improve the data query titles #115

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 9 additions & 9 deletions core/mondoo-aws-incident-response.mql.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,17 +29,17 @@ packs:
- asset.platform == "aws"
queries:
- uid: mondoo-incident-response-aws-account-id
title: Retrieve AWS account ID
title: AWS account ID
mql: |
aws.account.id
- uid: mondoo-incident-response-aws-enabled-regions
title: Retrieve all regions enabled in the AWS account
title: All regions enabled in the AWS account
docs:
desc: |
This query retrieves all AWS regions enabled in the account
mql: aws { regions }
- uid: mondoo-incident-response-aws-user-info
title: Retrieve data for users with console access
title: IAM users with console access
docs:
desc: |
This query retrieves data for users with console access. The following fields are retrieved:
Expand All @@ -59,7 +59,7 @@ packs:
mfaActive
}
- uid: mondoo-incident-response-aws-iam-users-multiple-keys
title: Retrieve data for IAM users with API access
title: IAM users with API access
docs:
desc: |
This query retrieves all of the IAM users that have API access along with the following fields:
Expand Down Expand Up @@ -89,7 +89,7 @@ packs:
accessKey2LastRotated
}
- uid: mondoo-incident-response-aws-iam-administrator-access
title: Retrieve data on IAM users, groups, and roles to which the AdministratorAccess policy is attached
title: IAM users, groups, and roles to which the AdministratorAccess policy is attached
docs:
desc: |
This query retrieves all IAM users, groups, and roles with the `AdministratorAccess` role attached.
Expand All @@ -101,7 +101,7 @@ packs:
attachedRoles
}
- uid: mondoo-incident-response-aws-iam-full-access
title: Retrieve data on IAM users, groups, and roles to which any 'FullAccess' policy is attached
title: IAM users, groups, and roles to which any 'FullAccess' policy is attached
docs:
desc: |
This query retrieves all IAM users, groups, and roles with an AWS FullAccess role attached.
Expand All @@ -117,7 +117,7 @@ packs:
}

- uid: mondoo-incident-response-aws-ec2-instances-public-ip
title: Retrieve EC2 instances that have a public IP address
title: EC2 instances that have a public IP address
docs:
desc: |
This query retrieves all EC2 instances that have a public IP address attached along with the following fields:
Expand Down Expand Up @@ -157,7 +157,7 @@ packs:
tags
}
- uid: mondoo-incident-response-aws-ec2-instances-without-tags
title: Retrieve EC2 instances that do not have tags configured
title: EC2 instances that do not have tags configured
docs:
desc: |
This query retrieves all EC2 instances that do not have tags configured, along with the following fields:
Expand All @@ -181,7 +181,7 @@ packs:
state
}
- uid: mondoo-incident-response-aws-s3-buckets-public
title: Retrieve all S3 buckets that are public
title: S3 buckets that are public
docs:
desc: |
This query retrieves all S3 buckets that are configured with public access and returns the following fields:
Expand Down
38 changes: 19 additions & 19 deletions core/mondoo-aws-inventory.mql.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,81 +19,81 @@ packs:
- asset.platform == "aws"
queries:
- uid: mondoo-asset-inventory-aws-account-id
title: Retrieve AWS account ID
title: AWS account ID
mql: |
aws.account.id
- uid: mondoo-asset-inventory-aws-enabled-regions
title: Retrieve all regions enabled in the AWS account
title: Regions enabled in the AWS account
docs:
desc: |
This query retrieves all AWS regions enabled in the account
mql: aws { regions }
- uid: mondoo-asset-inventory-aws-vpcs
title: Retrieve data on all VPCs
title: VPCs
docs:
desc: |
This query retrieves all of the configuration data for AWS VPCs
mql: aws.vpcs
- uid: mondoo-asset-inventory-aws-iam-users
title: Retrieve data for all IAM users
title: IAM users
docs:
desc: |
This query retrieves data for all IAM users
mql: aws.iam.users
- uid: mondoo-asset-inventory-aws-iam-groups
title: Retrieve data for IAM groups
title: IAM groups
docs:
desc: |
This query retrieves all of the IAM groups.
mql: aws.iam.groups
- uid: mondoo-asset-inventory-aws-iam-roles
title: Retrieve data on all IAM Roles
title: IAM roles
docs:
desc: |
This query retrieves all IAM Roles
mql: aws.iam.roles
- uid: mondoo-asset-inventory-aws-iam-policies
title: Retrieve data on all attached IAM Policies
title: Attached IAM policies
docs:
desc: |
This query retrieves all IAM policies attached to a user, group, or role.
mql: aws.iam.policies.where( attachmentCount > 0 )
- uid: mondoo-asset-inventory-aws-ec2-security-groups
title: Retrieve data on all AWS EC2 Security Groups
title: EC2 Security Groups
docs:
desc: |
This query retrieves all AWS EC2 Security Groups
mql: aws.ec2.securityGroups
- uid: mondoo-asset-inventory-aws-ec2-volumes
title: Retrieve data on all AWS EC2 volumes
title: EBS volumes
docs:
desc: |
This query retrieves all AWS EC2 volumes
This query retrieves all AWS EBS volumes
mql: aws.ec2.volumes
- uid: mondoo-asset-inventory-aws-ec2-retrieve-all-data
title: Retrieves all running EC2 instances
title: Running EC2 instances
mql: aws.ec2.instances.where( state == "running" )
- uid: mondoo-asset-inventory-aws-rds-dbclusters-all-data
title: Retrieve the configuration for all RDS Database Clusters
title: RDS database clusters configuration
mql: aws.rds.dbClusters
- uid: mondoo-asset-inventory-aws-rds-dbinstances-all-data
title: Retrieve the configuration for all RDS Database Instances
title: RDS database instances
mql: aws.rds.dbInstances
- uid: mondoo-asset-inventory-aws-s3-retrieve-all-data
title: Retrieve the configuration for all S3 buckets
title: S3 buckets
mql: aws.s3.buckets
- uid: mondoo-asset-inventory-aws-eks-clusters
title: Retrieve the configuration for all AWS EKS clusters
title: EKS clusters
mql: aws.eks.clusters
- uid: mondoo-asset-inventory-aws-lambda
title: Retrieve the configuration for all AWS lambda functions
title: Lambda functions
mql: aws.lambda.functions
- uid: mondoo-asset-inventory-aws-access-analyzer
title: Retrieve the configuration for all AWS Access Analyzers
title: Access Analyzers
mql: aws.accessAnalyzer.analyzers
- uid: mondoo-asset-inventory-aws-acm-certificates
title: Retrieve the configuration for all AWS Certificate Manager certificates
title: Certificate Manager certificates
mql: aws.acm.certificates
- uid: mondoo-asset-inventory-aws-cloudtrail-trails
title: Retrieve the configuration for all AWS CloudTrail trails
title: CloudTrail trails
mql: aws.cloudtrail.trails
18 changes: 9 additions & 9 deletions core/mondoo-github-incident-response.mql.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,34 +34,34 @@ packs:
- asset.platform == "github-org"
queries:
- uid: mondoo-incident-response-github-org-name
title: Retrieve GitHub Organization Name
title: GitHub Organization Name
mql: |
github.organization.name
- uid: mondoo-incident-response-github-org-login
title: Retrieve GitHub Organization Login
title: GitHub Organization Login
mql: |
github.organization.login
- uid: mondoo-incident-response-github-org-description
title: Retrieve GitHub Organization description
title: GitHub Organization description
mql: |
github.organization.description
- uid: mondoo-incident-response-github-org-mfa-status
title: Retrieve GitHub Organization MFA status
title: GitHub Organization MFA status
docs:
desc: |
This query retrieves whether MFA is required for users of the organization.
mql: |
github.organization.twoFactorRequirementEnabled
- uid: mondoo-incident-response-github-org-owners
title: Retrieve GitHub Organization Owners
title: GitHub Organization Owners
docs:
desc: |
This query retrieves all GitHub organization owners.
mql: |
github.organization.owners.length
github.organization { owners { name email login } }
- uid: mondoo-incident-response-github-org-members
title: Retrieve GitHub Organization Members
title: GitHub Organization Members
docs:
desc: |
This query retrieves all of the members of the GitHub organization.
Expand All @@ -77,7 +77,7 @@ packs:
}
}
- uid: mondoo-incident-response-github-org-teams
title: Retrieve GitHub Organization Teams
title: GitHub Organization Teams
docs:
desc: |
This query retrieves all GitHub organization teams.
Expand All @@ -96,7 +96,7 @@ packs:
}
}
- uid: mondoo-incident-response-github-private-repos
title: Retrieve GitHub Organization private repositories
title: GitHub Organization private repositories
docs:
desc: |
This query retrieves all of the public repositories within the GitHub organization. The query returns the repo's name and whether the default branch is [protected](https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/defining-the-mergeability-of-pull-requests/about-protected-branches) using protection rules.
Expand All @@ -110,7 +110,7 @@ packs:
}
}
- uid: mondoo-incident-response-github-packages
title: Retrieve GitHub Organization private repositories
title: GitHub Organization private repositories
docs:
desc: |
This query retrieves the packages published to GHCR.io.
Expand Down
44 changes: 22 additions & 22 deletions core/mondoo-kubernetes-inventory.mql.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,122 +32,122 @@ packs:
- asset.platform == "kubernetes" || asset.platform == "k8s-cluster"
queries:
- uid: k8s-cluster-version
title: Retrieve Kubernetes cluster version
title: Kubernetes cluster version
mql: |
k8s.serverVersion
- uid: k8s-cluster-namespaces
title: Retrieve Kubernetes cluster namespaces
title: Kubernetes cluster namespaces
mql: |
k8s.namespaces
- uid: k8s-cluster-nodes
title: Retrieve cluster modes
title: Cluster modes
mql: |
k8s.nodes
- uid: k8s-cluster-clusterroles
title: Retrieve cluster RBAC ClusterRoles
title: Cluster RBAC ClusterRoles
mql: |
k8s.clusterroles
- uid: k8s-cluster-roles
title: Retrieve RBAC Roles
title: RBAC Roles
mql: |
k8s.roles
- uid: k8s-cluster-clusterrolebindings
title: Retrieve RBAC cluster-rolebindings
title: RBAC cluster-rolebindings
mql: |
k8s.clusterrolebindings
- uid: k8s-cluster-rolebindings
title: Retrieve RBAC rolebindings
title: RBAC rolebindings
mql: |
k8s.rolebindings
- title: Pods inventory
filters:
- asset.platform == "k8s-pod"
queries:
- uid: k8s-pod
title: Retrieve Pod information
title: Pod information
mql: |
k8s.pod
- uid: k8s-pod-container
title: Retrieve container information
title: Container information
mql: |
k8s.pod.containers
- title: Deployments inventory
filters:
- asset.platform == "k8s-deployment"
queries:
- uid: k8s-deployment
title: Retrieve deployment information
title: Deployment information
mql: |
k8s.deployments
- uid: k8s-deployment-container
title: Retrieve container information
title: Container information
mql: |
k8s.deployment.containers { * }
- title: CronJobs inventory
filters:
- asset.platform == "k8s-cronjob"
queries:
- uid: k8s-cronjob
title: Retrieve CronJob information
title: CronJob information
mql: |
k8s.cronjob { * }
- uid: k8s-cronjob-container
title: Retrieve container information
title: Container information
mql: |
k8s.cronjob.containers { * }
- title: Jobs inventory
filters:
- asset.platform == "k8s-job"
queries:
- uid: k8s-job
title: Retrieve Job information
title: Job information
mql: |
k8s.job { * }
- uid: k8s-job-container
title: Retrieve container information
title: Container information
mql: |
k8s.job.containers { * }
- title: DaemonSets inventory
filters:
- asset.platform == "k8s-daemonset"
queries:
- uid: k8s-daemonset
title: Retrieve DaemonSet information
title: DaemonSet information
mql: |
k8s.daemonset { * }
- uid: k8s-daemonset-container
title: Retrieve container information
title: Container information
mql: |
k8s.daemonset.containers { * }
- title: StatefulSets inventory
filters:
- asset.platform == "k8s-statefulset"
queries:
- uid: k8s-statefulset
title: Retrieve StatefulSet information
title: StatefulSet information
mql: |
k8s.statefulset { * }
- uid: k8s-statefulset-container
title: Retrieve Container information
title: Container information
mql: |
k8s.statefulset.containers { * }
- title: ReplicaSets inventory
filters:
- asset.platform == "k8s-replicaset"
queries:
- uid: k8s-replicaset
title: Retrieve ReplicaSet information
title: ReplicaSet information
mql: |
k8s.replicaset { * }
- uid: k8s-replicaset-container
title: Retrieve container information
title: Container information
mql: |
k8s.replicaset.containers { * }
- title: Ingresses inventory
filters:
- asset.platform == "k8s-ingress"
queries:
- uid: k8s-ingress
title: Retrieve Ingress information
title: Ingress information
mql: |
k8s.ingress { * }
Loading