🐛 Prefix incident reponse queries properly

core/mondoo-kubernetes-incident-response.mql.yaml

@@ -13,11 +13,11 @@ packs:
         filters:
           - asset.platform == "kubernetes" || asset.platform == "k8s-cluster"
         queries:
-          - uid: k8s-cluster-version
+          - uid: mondoo-kubernetes-incident-response-cluster-version
             title: Retrieve Kubernetes Cluster Version
             mql: |
               k8s.serverVersion
-          - uid: role-bindings-with-cluster-admin-permissions
+          - uid: mondoo-kubernetes-incident-response-role-bindings-with-cluster-admin-permissions
             title: Retrieve role bindings with cluster-admin permissions
             mql: |
               k8s.rolebindings.where(roleRef["kind"] == "ClusterRole" && roleRef["name"] == "cluster-admin") {
@@ -26,7 +26,7 @@ packs:
                 subjects
                 roleRef
               }
-          - uid: clusterrole-bindings-with-cluster-admin-permissions
+          - uid: mondoo-kubernetes-incident-response-clusterrole-bindings-with-cluster-admin-permissions
             title: Retrieve ClusterRoleBindings with cluster-admin permissions
             mql: |
               k8s.clusterrolebindings.where(roleRef["kind"] == "ClusterRole" && roleRef["name"] == "cluster-admin") {
@@ -38,7 +38,7 @@ packs:
         filters:
           - asset.platform == "k8s-pod"
         queries:
-          - uid: k8s-pod-security-context
+          - uid: mondoo-kubernetes-incident-response-pod-security-context
             title: Retrieve Pod Security Context
             mql: |
               k8s.pod {
@@ -52,7 +52,7 @@ packs:
                   securityContext
                 }
               }
-          - uid: k8s-pod-container
+          - uid: mondoo-kubernetes-incident-response-pod-container
             title: Retrieve container image information
             mql: |
               k8s.pod { 
@@ -100,7 +100,7 @@ packs:
         filters:
           - asset.platform == "k8s-deployment"
         queries:
-          - uid: k8s-deployment-security-context
+          - uid: mondoo-kubernetes-incident-response-deployment-security-context
             title: Retrieve Deployment Security Context
             mql: |
               k8s.deployment {
@@ -111,7 +111,7 @@ packs:
                   securityContext
                 }
               }
-          - uid: k8s-deployment-container
+          - uid: mondoo-kubernetes-incident-response-deployment-container
             title: Retrieve container image information
             mql: |
               k8s.deployment { 
@@ -146,7 +146,7 @@ packs:
         filters:
           - asset.platform == "k8s-cronjob"
         queries:
-          - uid: k8s-cronjob-security-context
+          - uid: mondoo-kubernetes-incident-response-cronjob-security-context
             title: Retrieve CronJob Security Context
             mql: |
               k8s.cronjob {
@@ -157,7 +157,7 @@ packs:
                   securityContext
                 }
               }
-          - uid: k8s-cronjob-container
+          - uid: mondoo-kubernetes-incident-response-cronjob-container
             title: Retrieve container image information
             mql: |
               k8s.cronjob { 
@@ -192,7 +192,7 @@ packs:
         filters:
           - asset.platform == "k8s-job"
         queries:
-          - uid: k8s-job-security-context
+          - uid: mondoo-kubernetes-incident-response-job-security-context
             title: Retrieve Job Security Context
             mql: |
               k8s.job {
@@ -203,7 +203,7 @@ packs:
                   securityContext
                 }
               }
-          - uid: k8s-job-container
+          - uid: mondoo-kubernetes-incident-response-job-container
             title: Retrieve container image information
             mql: |
               k8s.job { 
@@ -238,7 +238,7 @@ packs:
         filters:
           - asset.platform == "k8s-daemonset"
         queries:
-          - uid: k8s-daemonset-security-context
+          - uid: mondoo-kubernetes-incident-response-daemonset-security-context
             title: Retrieve DaemonSet Security Context
             mql: |
               k8s.daemonset {
@@ -249,7 +249,7 @@ packs:
                   securityContext
                 }
               }
-          - uid: k8s-daemonset-container
+          - uid: mondoo-kubernetes-incident-response-daemonset-container
             title: Retrieve container image information
             mql: |
               k8s.daemonset { 
@@ -284,7 +284,7 @@ packs:
         filters:
           - asset.platform == "k8s-statefulset"
         queries:
-          - uid: k8s-statefulset-security-context
+          - uid: mondoo-kubernetes-incident-response-statefulset-security-context
             title: Retrieve StatefulSet Security Context
             mql: |
               k8s.statefulset {
@@ -295,7 +295,7 @@ packs:
                   securityContext
                 }
               }
-          - uid: k8s-statefulset-container
+          - uid: mondoo-kubernetes-incident-response-statefulset-container
             title: Retrieve container image information
             mql: |
               k8s.statefulset { 
@@ -330,7 +330,7 @@ packs:
         filters:
           - asset.platform == "k8s-replicaset"
         queries:
-          - uid: k8s-replicaset-security-context
+          - uid: mondoo-kubernetes-incident-response-replicaset-security-context
             title: Retrieve ReplicaSet Security Context
             mql: |
               k8s.replicaset {
@@ -341,7 +341,7 @@ packs:
                   securityContext
                 }
               }
-          - uid: k8s-replicaset-container
+          - uid: mondoo-kubernetes-incident-response-replicaset-container
             title: Retrieve container image information
             mql: |
               k8s.replicaset { 

core/mondoo-linux-incident-response.mql.yaml

@@ -11,45 +11,45 @@ packs:
     filters:
       - asset.family.contains("linux")
     queries:
-      - uid: mondoo-linux-installed-kernel
+      - uid: mondoo-linux-incident-response-installed-kernel
         title: Retrieve installed Linux kernels
         mql: |
           if ( mondoo.capabilities.contains('run-command') ) {
             kernel.installed
           }
-      - uid: mondoo-linux-kernel-info
+      - uid: mondoo-linux-incident-response-kernel-info
         title: Retrieve the running Linux kernel
         mql: |
           if ( mondoo.capabilities.contains('run-command') ) {
             kernel.info
           }
-      - uid: mondoo-linux-kernel-modules
+      - uid: mondoo-linux-incident-response-kernel-modules
         title: Retrieve Linux kernel modules
         mql: kernel.modules { name loaded }
-      - uid: mondoo-linux-processes
+      - uid: mondoo-linux-incident-response-processes
         title: Retrieve running processes
         mql: |
           if ( mondoo.capabilities.contains('run-command') ) {
             processes { pid  command }
           }
-      - uid: mondoo-linux-mounts
+      - uid: mondoo-linux-incident-response-mounts
         title: Retrieve mounted devices
         mql: mount.list { * } 
-      - uid: mondoo-linux-listening-ports
+      - uid: mondoo-linux-incident-response-listening-ports
         title: Retrieve all listening ports
         mql: |
           if ( mondoo.capabilities.contains('run-command') ) {
             ports.listening { * }
           }
-      - uid: mondoo-linux-uptime
+      - uid: mondoo-linux-incident-response-uptime
         title: Retrieve operating system uptime
         mql: |
           if ( mondoo.capabilities.contains('run-command') ) {
             os.uptime
           }
-      - uid: mondoo-linux-installed-packages
+      - uid: mondoo-linux-incident-response-installed-packages
         title: Retrieve installed packages
         mql: packages { * }
-      - uid: mondoo-linux-running-services
+      - uid: mondoo-linux-incident-response-running-services
         title: Retrieve running services
-        mql: services { * }
+        mql: services { * }

core/mondoo-macos-incident-response.mql.yaml

@@ -17,30 +17,30 @@ packs:
       - uid: mondoo-macos-incident-response-regular-users
         title: Retrieve regular users
         mql: users.where( name != /^_/ && shell != /\/usr\/bin\/false/ )
-      - uid: mondoo-macos-kernel-info
+      - uid: mondoo-macos-incident-response-kernel-info
         title: Retrieve the running macOS kernel
         mql: kernel.info["version"]
-      - uid: mondoo-macos-kernel-modules
+      - uid: mondoo-macos-incident-response-kernel-modules
         title: Retrieve macOS kernel modules
         mql: kernel.modules { name loaded }
-      - uid: mondoo-macos-processes
+      - uid: mondoo-macos-incident-response-processes
         title: Retrieve running processes
         mql: processes.list { pid  command }
-      - uid: mondoo-macos-mounts
+      - uid: mondoo-macos-incident-response-mounts
         title: Retrieve mounted devices
         mql: mount.list
-      - uid: mondoo-macos-uptime
+      - uid: mondoo-macos-incident-response-uptime
         title: Retrieve operating system uptime
         mql: os.uptime
-      - uid: mondoo-macos-installed-packages
+      - uid: mondoo-macos-incident-response-installed-packages
         title: Retrieve installed packages
         mql: packages
-      - uid: mondoo-macos-running-services
+      - uid: mondoo-macos-incident-response-running-services
         title: Retrieve running services
         mql: services
-      - uid: mondoo-macos-alf-extensions
+      - uid: mondoo-macos-incident-response-alf-extensions
         title: Retrieve exceptions from the Application Layer Firewall
         mql: macos.alf.exceptions
-      - uid: mondoo-macos-check-recommended-updates
+      - uid: mondoo-macos-incident-response-check-recommended-updates
         title: Retrieve any recommended updates
-        mql: parse.plist('/Library/Preferences/com.apple.SoftwareUpdate.plist').params['RecommendedUpdates']
+        mql: parse.plist('/Library/Preferences/com.apple.SoftwareUpdate.plist').params['RecommendedUpdates']

core/mondoo-openssl-incident-response.mql.yaml

@@ -11,18 +11,18 @@ packs:
     filters:
       - asset.family.contains("linux")
     queries:
-      - uid: mondoo-openssl-platform
+      - uid: mondoo-openssl-incident-response-platform
         title: Retrieve platform details
         mql: |
           asset {
             platform
             version
             arch
           }
-      - uid: mondoo-openssl-installed-version
+      - uid: mondoo-openssl-incident-response-installed-version
         title: Retrieve installed ssl libraries
         mql: packages.where(name == /ssl/)
-      - uid: mondoo-openssl-listening-ports
+      - uid: mondoo-openssl-incident-response-listening-ports
         title: Retrieve listening ports from running systems
         mql: |
           if ( mondoo.capabilities.contains('run-command') ) {
@@ -31,4 +31,4 @@ packs:
               address
               port
             }
-          }
+          }

core/mondoo-windows-incident-response.mql.yaml

@@ -11,18 +11,18 @@ packs:
     filters:
       - asset.platform == "windows"
     queries:
-      - uid: mondoo-windows-installed-hotfixes
+      - uid: mondoo-windows-incident-response-installed-hotfixes
         title: Retrieve installed hotfixes
         mql: windows.hotfixes { hotfixId installedOn }
-      - uid: mondoo-windows-uptime
+      - uid: mondoo-windows-incident-response-uptime
         title: Retrieve operating system uptime
         mql: os.uptime
-      - uid: mondoo-windows-installed-packages
+      - uid: mondoo-windows-incident-response-installed-packages
         title: Retrieve list of installed packages
         mql: packages
-      - uid: mondoo-windows-interface-configuration
+      - uid: mondoo-windows-incident-response-interface-configuration
         title: Retrieve all Windows Computer/System information
         mql: windows.computerInfo
-      - uid: mondoo-windows-running-services
+      - uid: mondoo-windows-incident-response-running-services
         title: Retrieve running services
         mql: services