From 3a538e9729499c9ce14963ba4ad080de19b8eb79 Mon Sep 17 00:00:00 2001 From: Luke Heath Date: Thu, 25 Apr 2024 09:56:50 -0500 Subject: [PATCH] Update policies via GitOps (#18537) --- .../lib/macos-device-health.policies.yml | 9 --------- it-and-security/teams/workstations-canary.yml | 9 +++++++++ it-and-security/teams/workstations.yml | 13 +++++++++++++ 3 files changed, 22 insertions(+), 9 deletions(-) diff --git a/it-and-security/lib/macos-device-health.policies.yml b/it-and-security/lib/macos-device-health.policies.yml index 427ac7a149..f06480bd50 100644 --- a/it-and-security/lib/macos-device-health.policies.yml +++ b/it-and-security/lib/macos-device-health.policies.yml @@ -64,12 +64,3 @@ description: Looks for PDF files with file names typically used by 1Password for emergency recovery kits. To protect the performance of your devices, the search is one level deep and limited to the Desktop, Documents, Downloads, and Shared folders. resolution: Delete 1Password emergency kits from your computer, and empty the trash. 1Password emergency kits should only be printed and stored in a physically secure location. platform: darwin -- name: macOS - Check if latest version - query: | - SELECT 1 FROM os_version - WHERE (major > 14 OR (major = 14 AND minor > 4) OR (major = 14 AND minor = 4 AND patch >= 1)) --Sonoma - critical: false - description: This policy check if macOS version is most recent version available. - resolution: From the Apple menu, select System Settings. Navigate to General > Software Update. - platform: darwin - calendar_events_enabled: true diff --git a/it-and-security/teams/workstations-canary.yml b/it-and-security/teams/workstations-canary.yml index 4f6c62a93a..5d9334c09c 100644 --- a/it-and-security/teams/workstations-canary.yml +++ b/it-and-security/teams/workstations-canary.yml @@ -109,6 +109,15 @@ policies: - path: ../lib/macos-device-health.policies.yml - path: ../lib/windows-device-health.policies.yml - path: ../lib/linux-device-health.policies.yml + - name: macOS - Check if latest version + query: | + SELECT 1 FROM os_version + WHERE (major > 14 OR (major = 14 AND minor > 4) OR (major = 14 AND minor = 4 AND patch >= 2)) --Sonoma + critical: false + description: This policy check if macOS version is most recent version available. + resolution: From the Apple menu, select System Settings. Navigate to General > Software Update. + platform: darwin + calendar_events_enabled: true queries: - path: ../lib/collect-failed-login-attempts.queries.yml - path: ../lib/collect-fleetd-information.yml diff --git a/it-and-security/teams/workstations.yml b/it-and-security/teams/workstations.yml index 95ca009dc3..491eab9211 100644 --- a/it-and-security/teams/workstations.yml +++ b/it-and-security/teams/workstations.yml @@ -8,6 +8,10 @@ team_settings: host_expiry_window: 0 secrets: - secret: $DOGFOOD_WORKSTATIONS_ENROLL_SECRET + integrations: + google_calendar: + enable_calendar_events: true + webhook_url: $DOGFOOD_WORKSTATIONS_CANARY_CALENDAR_WEBHOOK_URL agent_options: path: ../lib/agent-options.yml controls: @@ -57,6 +61,15 @@ policies: - path: ../lib/macos-device-health.policies.yml - path: ../lib/windows-device-health.policies.yml - path: ../lib/linux-device-health.policies.yml + - name: macOS - Check if latest version + query: | + SELECT 1 FROM os_version + WHERE (major > 14 OR (major = 14 AND minor > 4) OR (major = 14 AND minor = 4 AND patch >= 1)) --Sonoma + critical: false + description: This policy check if macOS version is most recent version available. + resolution: From the Apple menu, select System Settings. Navigate to General > Software Update. + platform: darwin + calendar_events_enabled: true queries: - path: ../lib/collect-failed-login-attempts.queries.yml - path: ../lib/collect-usb-devices.queries.yml