mirror of
https://github.com/fleetdm/fleet
synced 2026-04-21 13:37:30 +00:00
4f0a2e2af9
For #23531. # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality
47 lines
1.4 KiB
YAML
47 lines
1.4 KiB
YAML
name: Team1
|
|
team_settings:
|
|
path: ./team-settings.yml
|
|
agent_options:
|
|
path: ./agent-options.yml
|
|
controls:
|
|
path: ./controls.yml
|
|
queries:
|
|
- path: ./top.queries.yml
|
|
- path: ./empty.yml
|
|
- name: osquery_info
|
|
query: SELECT * from osquery_info;
|
|
interval: 604800 # 1 week
|
|
platform: darwin,linux,windows,chrome
|
|
min_osquery_version: all
|
|
observer_can_run: false
|
|
automations_enabled: true
|
|
logging: snapshot
|
|
policies:
|
|
- path: ./policies/policies.yml
|
|
- path: ./policies/policies2.yml
|
|
- path: ./empty.yml
|
|
- name: 😊😊 Failing $POLICY
|
|
platform: linux
|
|
description: This policy should always fail.
|
|
resolution: There is no resolution for this policy.
|
|
query: SELECT 1 FROM osquery_info WHERE start_time < 0;
|
|
- path: ./team_install_software.policies.yml
|
|
- name: Slack on macOS is installed
|
|
platform: darwin
|
|
query: SELECT 1 FROM apps WHERE name = 'Slack.app';
|
|
install_software:
|
|
app_store_id: "123456"
|
|
- name: Script run policy
|
|
platform: linux
|
|
description: This should run a script on failure
|
|
query: SELECT * from osquery_info;
|
|
run_script:
|
|
path: ./lib/collect-fleetd-logs.sh
|
|
- path: ./policies/script-policy.yml
|
|
software:
|
|
app_store_apps:
|
|
- app_store_id: "123456"
|
|
packages:
|
|
- path: ./microsoft-teams.pkg.software.yml
|
|
- url: https://ftp.mozilla.org/pub/firefox/releases/129.0.2/mac/en-US/Firefox%20129.0.2.pkg
|
|
self_service: true
|