mirror of
https://github.com/fleetdm/fleet
synced 2026-05-23 17:08:53 +00:00
Feature/add query to get apps opened within the last 24 hours (#3513)
* feat: add query to find running docker containers * docs: 📝 add query to get Mac and Linux machines with unencrypted primary disks * feat: add query to find running docker containers * docs: 📝 add query to get Mac and Linux machines with unencrypted primary disks * chore: remove queries from develop * docs: add query to get running docker containers * docs: add query to get machines with unencrypted primary disks * fix: remove trailing --- * fix: remove trailing --- * chore: remove trailing --- * docs: add query to get applications hogging memory * fix: resolve merge conflicts * chore: update PR * chore: update PR * chore: merge previous query * feat: add query to find servers with root logins within the day * fix: remove unneeded period * docs: add instructions for submiting multiple queries * fix: remove duplicate entry * fix: remove period from get running docker containers query description * docs: add instructions for submiting multiple queries * fix: resolve merge conflicts * feat: add description for query to fetch failing batteries * fix: resolve duplicate descriptions * fix: remove typo in deplying docs * fix: reword description * fix: add suggestions to improve description * feat: add description to query to fet windows machines with unencrypted hard disks * feat: update description for count apple applications installed query * docs: 📝 Add query to get apps opened within the last 24 hours * feat: add query to find apps not in Applications directory * feat: add query to find subscription based applications that have not been opened for the last 30 days
This commit is contained in:
Kelvin Oghenerhoro Omereshone
GitHub
parent
4a382d8b4f
commit
897fa82ec1
1 changed files with 30 additions and 0 deletions
|
|
@ -603,3 +603,33 @@ spec:
|
|||
);
|
||||
purpose: Detection
|
||||
contributors: zwass,tgauda
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: query
|
||||
spec:
|
||||
name: Get applications that were opened within the last 24 hours
|
||||
platforms: macOS
|
||||
description: Returns applications that were opened within the last 24 hours starting with the last opened application.
|
||||
query: SELECT * FROM apps WHERE last_opened_time > (( SELECT unix_time FROM time ) - 86400 ) ORDER BY last_opened_time DESC;
|
||||
purpose: Informational
|
||||
contributors: DominusKelvin
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: query
|
||||
spec:
|
||||
name: Get applications that are not in the Applications directory
|
||||
platforms: macOS
|
||||
description: Returns applications that are not in the `/Applications` directory
|
||||
query: SELECT * FROM apps WHERE path NOT LIKE '/Applications/%';
|
||||
purpose: Informational
|
||||
contributors: DominusKelvin
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: query
|
||||
spec:
|
||||
name: Get subscription-based applications that have not been opened for the last 30 days
|
||||
platforms: macOS
|
||||
description: Returns applications that are subscription-based and have not been opened for the last 30 days. You can replace the list of applications with those specific to your use case.
|
||||
query: SELECT * FROM apps WHERE path LIKE '/Applications/%' AND name IN ("Photoshop.app", "Adobe XD.app", "Sketch.app", "Illustrator.app") AND last_opened_time < (( SELECT unix_time FROM time ) - 2592000000000 );
|
||||
purpose: Informational
|
||||
contributors: DominusKelvin
|
||||
|
|
|
|||
Loading…
Reference in a new issue