2024-05-02 19:30:44 +00:00
// for legacy legacy query stats interface
import PropTypes from "prop-types" ;
2023-07-12 20:22:56 +00:00
import { IFormField } from "./form_field" ;
import { IPack } from "./pack" ;
2024-12-11 18:50:28 +00:00
import {
2025-01-14 00:45:16 +00:00
CommaSeparatedPlatformString ,
2024-12-11 18:50:28 +00:00
QueryablePlatform ,
SelectedPlatform ,
} from "./platform" ;
2025-03-12 18:54:29 +00:00
import { ILabelQuery } from "./label" ;
2023-07-12 20:22:56 +00:00
// Query itself
export interface ISchedulableQuery {
created_at : string ;
updated_at : string ;
id : number ;
name : string ;
description : string ;
query : string ;
team_id : number | null ;
interval : number ;
2025-01-14 00:45:16 +00:00
platform : CommaSeparatedPlatformString ; // Might more accurately be called `platforms_to_query` or `targeted_platforms` –
2023-07-12 20:22:56 +00:00
min_osquery_version : string ;
automations_enabled : boolean ;
logging : QueryLoggingOption ;
saved : boolean ;
author_id : number ;
author_name : string ;
author_email : string ;
observer_can_run : boolean ;
2023-10-04 22:19:26 +00:00
discard_data : boolean ;
2023-07-12 20:22:56 +00:00
packs : IPack [ ] ;
stats : ISchedulableQueryStats ;
2024-05-02 19:30:44 +00:00
editingExistingQuery? : boolean ;
2025-03-12 18:54:29 +00:00
labels_include_any? : ILabelQuery [ ] ;
2023-07-12 20:22:56 +00:00
}
2023-07-27 19:10:22 +00:00
export interface IEnhancedQuery extends ISchedulableQuery {
performance : string ;
2024-12-11 18:50:28 +00:00
targetedPlatforms : QueryablePlatform [ ] ;
2023-07-27 19:10:22 +00:00
}
2023-07-12 20:22:56 +00:00
export interface ISchedulableQueryStats {
2024-05-02 19:30:44 +00:00
user_time_p50? : number | null ;
user_time_p95? : number | null ;
system_time_p50? : number | null ;
system_time_p95? : number | null ;
2023-07-12 20:22:56 +00:00
total_executions? : number ;
}
2024-05-02 19:30:44 +00:00
// legacy
export default PropTypes . shape ( {
user_time_p50 : PropTypes.number ,
user_time_p95 : PropTypes.number ,
system_time_p50 : PropTypes.number ,
system_time_p95 : PropTypes.number ,
total_executions : PropTypes.number ,
} ) ;
2023-07-12 20:22:56 +00:00
// API shapes
// Get a query by id
/** GET /api/v1/fleet/queries/{id}` */
export interface IGetQueryResponse {
query : ISchedulableQuery ;
}
// List global or team queries
/** GET /api/v1/fleet/queries?order_key={column_from_queries_table}&order_direction={asc|desc}&team_id={team_id} */
export interface IListQueriesResponse {
queries : ISchedulableQuery [ ] ;
}
2023-07-19 18:02:53 +00:00
export interface IQueryKeyQueriesLoadAll {
scope : "queries" ;
2024-12-11 18:50:28 +00:00
teamId? : number ;
page? : number ;
perPage? : number ;
query? : string ;
orderDirection ? : "asc" | "desc" ;
orderKey? : string ;
mergeInherited? : boolean ;
targetedPlatform? : SelectedPlatform ;
2023-07-19 18:02:53 +00:00
}
2023-07-12 20:22:56 +00:00
// Create a new query
/** POST /api/v1/fleet/queries */
export interface ICreateQueryRequestBody {
name : string ;
query : string ;
description? : string ;
observer_can_run? : boolean ;
2023-10-04 22:19:26 +00:00
discard_data? : boolean ;
2025-07-03 20:11:06 +00:00
team_id? : number ; // global query if undefined
2023-07-12 20:22:56 +00:00
interval? : number ; // default 0 means never run
2025-01-14 00:45:16 +00:00
platform? : CommaSeparatedPlatformString ; // Might more accurately be called `platforms_to_query` –
2023-07-12 20:22:56 +00:00
min_osquery_version? : string ; // default all versions if ommitted
automations_enabled? : boolean ; // whether to send data to the configured log destination according to the query's `interval`. Default false if ommitted.
logging? : QueryLoggingOption ;
2025-03-12 18:54:29 +00:00
labels_include_any? : string [ ] ;
2023-07-12 20:22:56 +00:00
}
// response is ISchedulableQuery
// Modify a query by id
/** PATCH /api/v1/fleet/queries/{id} */
export interface IModifyQueryRequestBody
2025-07-03 20:11:06 +00:00
extends Omit < ICreateQueryRequestBody , " name " | " query " | " team_id " > {
2023-07-18 20:58:52 +00:00
id? : number ;
2023-07-12 20:22:56 +00:00
name? : string ;
query? : string ;
2023-07-18 20:58:52 +00:00
description? : string ;
observer_can_run? : boolean ;
2023-10-04 22:19:26 +00:00
discard_data? : boolean ;
2023-07-18 20:58:52 +00:00
frequency? : number ;
2025-01-14 00:45:16 +00:00
platform? : CommaSeparatedPlatformString ;
2023-07-18 20:58:52 +00:00
min_osquery_version? : string ;
2024-11-13 14:32:59 +00:00
automations_enabled? : boolean ;
2023-07-12 20:22:56 +00:00
}
// response is ISchedulableQuery // better way to indicate this?
// Delete a query by name
/** DELETE /api/v1/fleet/queries/{name} */
export interface IDeleteQueryRequestBody {
2023-07-17 21:09:59 +00:00
team_id? : number ; // searches for a global query if omitted
2023-07-12 20:22:56 +00:00
}
// Delete a query by id
// DELETE /api/v1/fleet/queries/id/{id}
// (no body)
// Delete queries by id
/** POST /api/v1/fleet/queries/delete */
export interface IDeleteQueriesRequestBody {
ids : number [ ] ;
}
export interface IDeleteQueriesResponse {
deleted : number ; // number of queries deleted
}
2023-10-09 18:31:31 +00:00
export interface IEditQueryFormFields {
2023-07-12 20:22:56 +00:00
name : IFormField < string > ;
description : IFormField < string > ;
query : IFormField < string > ;
observer_can_run : IFormField < boolean > ;
2023-10-04 22:19:26 +00:00
discard_data : IFormField < boolean > ;
2023-07-12 20:22:56 +00:00
frequency : IFormField < number > ;
2024-11-13 14:32:59 +00:00
automations_enabled : IFormField < boolean > ;
2025-01-14 00:45:16 +00:00
platforms : IFormField < CommaSeparatedPlatformString > ;
2023-07-12 20:22:56 +00:00
min_osquery_version : IFormField < string > ;
logging : IFormField < QueryLoggingOption > ;
}
export type QueryLoggingOption =
| "snapshot"
| "differential"
| "differential_ignore_removals" ;
