From d57b5b9ec89b89e10604e629b965f99e8dd827ef Mon Sep 17 00:00:00 2001
From: Mo Zhu <mo@fleetdm.com>
Date: Fri, 11 Nov 2022 11:54:01 -0800
Subject: [PATCH] Include emergency geolocation query (#8483)

* Include emergency geolocation query

https://fleetdm.com/guides/locate-assets-with-osquery

* Update standard-query-library.yml

Co-authored-by: Guillaume Ross <guillaume@fleetdm.com>
---
 .../standard-query-library.yml                | 20 ++++++++++++++++++-
 1 file changed, 19 insertions(+), 1 deletion(-)

diff --git a/docs/01-Using-Fleet/standard-query-library/standard-query-library.yml b/docs/01-Using-Fleet/standard-query-library/standard-query-library.yml
index e3a418b581..aec3565fd6 100644
--- a/docs/01-Using-Fleet/standard-query-library/standard-query-library.yml
+++ b/docs/01-Using-Fleet/standard-query-library/standard-query-library.yml
@@ -1015,4 +1015,22 @@ spec:
   tags: compliance, inventory, built-in
   platform: darwin
   contributors: GuillaumeRoss
-  
+---
+apiVersion: v1
+kind: query
+spec:
+  name: 
+  platform: darwin, linux, windows
+  description: Geolocate a host using the (ipapi.co)[https://ipapi.co] in an emergency. Requires the curl table. [Learn more](https://fleetdm.com/guides/locate-assets-with-osquery).
+  query: >- 
+    SELECT JSON_EXTRACT(result, '$.ip') AS ip,
+    JSON_EXTRACT(result, '$.city') AS city,
+    JSON_EXTRACT(result, '$.region') AS region,
+    JSON_EXTRACT(result, '$.country') AS country,
+    JSON_EXTRACT(result, '$.latitude') AS latitude,
+    JSON_EXTRACT(result, '$.longitude') AS longitude,
+    FROM curl
+    WHERE url = 'http://ipapi.co/json';
+  purpose: inventory
+  tags: inventory
+  contributors: zwass