fleet/cmd/fleetctl/testdata/convert_output.yml

---
apiVersion: v1
kind: query
spec:
  automations_enabled: false
  description: Retrieves the list of application scheme/protocol-based IPC handlers.
  discard_data: false
  interval: 86400
  logging: ""
  min_osquery_version: 1.4.7
  name: app_schemes
  observer_can_run: false
  platform: darwin
  query: select * from app_schemes;
  team: ""
---
apiVersion: v1
kind: query
spec:
  automations_enabled: false
  description: Retrieves the current disk encryption status for the target system.
  discard_data: false
  interval: 86400
  logging: ""
  min_osquery_version: 1.4.5
  name: disk_encryption (posix)
  observer_can_run: false
  platform: darwin,linux
  query: select * from disk_encryption;
  team: ""
---
apiVersion: v1
kind: query
spec:
  automations_enabled: false
  description: Retrieves the current disk encryption status for the target system.
  discard_data: false
  interval: 300
  logging: ""
  min_osquery_version: 1.4.5
  name: disk_encryption (darwin,linux)
  observer_can_run: false
  platform: darwin,linux
  query: select * from disk_encryption;
  team: ""
---
apiVersion: v1
kind: query
spec:
  automations_enabled: false
  description: Retrieve basic information about the physical disks of a system.
  discard_data: false
  interval: 86400
  logging: ""
  min_osquery_version: 1.4.7
  name: disk_info
  observer_can_run: false
  platform: chrome,windows
  query: select * from disk_info;
  team: ""
---
apiVersion: v1
kind: query
spec:
  automations_enabled: false
  description: Retrieves the current filters and chains per filter in the target system.
  discard_data: false
  interval: 3600
  logging: ""
  min_osquery_version: 1.4.5
  name: iptables
  observer_can_run: false
  platform: linux
  query: select * from iptables;
  team: ""
---
apiVersion: v1
kind: query
spec:
  automations_enabled: false
  description:
    Retrieves all the daemons that will run in the start of the target
    OSX system.
  discard_data: false
  interval: 3600
  logging: ""
  min_osquery_version: 1.4.5
  name: launchd
  observer_can_run: false
  platform: darwin
  query: select * from launchd;
  team: ""
---
apiVersion: v1
kind: query
spec:
  automations_enabled: false
  description: Retrieves the list of listening ports.
  discard_data: false
  interval: 3600
  logging: ""
  min_osquery_version: 1.4.7
  name: listening_ports (specs)
  observer_can_run: false
  platform: darwin,linux,windows
  query: select * from listening_ports;
  team: ""
---
apiVersion: v1
kind: query
spec:
  automations_enabled: false
  description: Retrieves the list of listening ports.
  discard_data: false
  interval: 3600
  logging: ""
  min_osquery_version: 1.4.7
  name: listening_ports (utility)
  observer_can_run: false
  platform: darwin,linux,windows
  query: select * from listening_ports;
  team: ""
---
apiVersion: v1
kind: query
spec:
  automations_enabled: false
  description: Lists the application bundle that owns a sandbox label.
  discard_data: false
  interval: 86400
  logging: ""
  min_osquery_version: 1.4.7
  name: sandboxes
  observer_can_run: false
  platform: darwin
  query: select * from sandboxes;
  team: ""
---
apiVersion: v1
kind: query
spec:
  automations_enabled: false
  description: System resource usage limits.
  discard_data: false
  interval: 300
  logging: ""
  min_osquery_version: 1.4.7
  name: ulimit_info (smart)
  observer_can_run: false
  platform: darwin,linux
  query: select * from ulimit_info;
  team: ""
---
apiVersion: v1
kind: query
spec:
  automations_enabled: false
  description: System uptime.
  discard_data: false
  interval: 600
  logging: ""
  min_osquery_version: 1.4.7
  name: uptime (kernel)
  observer_can_run: false
  platform: darwin
  query: select * from uptime;
  team: ""
---
apiVersion: v1
kind: query
spec:
  automations_enabled: false
  description: System uptime.
  discard_data: false
  interval: 600
  logging: ""
  min_osquery_version: 1.4.7
  name: uptime (linwin)
  observer_can_run: false
  platform: linux,windows
  query: select * from uptime;
  team: ""
---
apiVersion: v1
kind: query
spec:
  automations_enabled: false
  description: System uptime.
  discard_data: false
  interval: 600
  logging: ""
  min_osquery_version: 1.4.7
  name: uptime (macwin)
  observer_can_run: false
  platform: darwin,windows
  query: select * from uptime;
  team: ""
---
apiVersion: v1
kind: query
spec:
  automations_enabled: false
  description: System uptime.
  discard_data: false
  interval: 600
  logging: ""
  min_osquery_version: 1.4.7
  name: uptime (sleuthkit)
  observer_can_run: false
  platform: darwin,linux
  query: select * from uptime;
  team: ""
---
apiVersion: v1
kind: query
spec:
  automations_enabled: false
  description: Lists the application bundle that owns a sandbox label.
  discard_data: false
  interval: 86400
  logging: ""
  min_osquery_version: 1.4.7
  name: sandboxes
  observer_can_run: false
  platform: darwin
  query: select * from sandboxes;
  team: ""
---
apiVersion: v1
kind: query
spec:
  automations_enabled: false
  description: List of all user groups.
  discard_data: false
  interval: 3600
  logging: ""
  min_osquery_version: 1.4.7
  name: user groups (all)
  observer_can_run: false
  platform: ""
  query: select * from user_groups;
  team: ""
---
apiVersion: v1
kind: query
spec:
  automations_enabled: false
  description: List of all user groups.
  discard_data: false
  interval: 3600
  logging: ""
  min_osquery_version: 1.4.7
  name: user groups (any)
  observer_can_run: false
  platform: ""
  query: select * from user_groups;
  team: ""
---
apiVersion: v1
kind: query
spec:
  automations_enabled: false
  description: List of all user groups.
  discard_data: false
  interval: 3600
  logging: ""
  min_osquery_version: 1.4.7
  name: user groups (darwin,linux)
  observer_can_run: false
  platform: darwin,linux
  query: select * from user_groups;
  team: ""
---
apiVersion: v1
kind: query
spec:
  automations_enabled: false
  description: List of all user groups.
  discard_data: false
  interval: 3600
  logging: ""
  min_osquery_version: ""
  name: user groups (empty string platform, empty string version)
  observer_can_run: false
  platform: ""
  query: select * from user_groups;
  team: ""
---
apiVersion: v1
kind: query
spec:
  automations_enabled: false
  description: List of all user groups.
  discard_data: false
  interval: 3600
  logging: ""
  min_osquery_version: 1.4.7
  name: user groups (linux,darwin)
  observer_can_run: false
  platform: darwin,linux
  query: select * from user_groups;
  team: ""
---
apiVersion: v1
kind: query
spec:
  automations_enabled: false
  description: List of all user groups.
  discard_data: false
  interval: 3600
  logging: ""
  min_osquery_version: 1.4.7
  name: user groups (missing platform)
  observer_can_run: false
  platform: ""
  query: select * from user_groups;
  team: ""
---
apiVersion: v1
kind: query
spec:
  automations_enabled: false
  description: List of all user groups.
  discard_data: false
  interval: 3600
  logging: ""
  min_osquery_version: ""
  name: user groups (missing version)
  observer_can_run: false
  platform: darwin
  query: select * from user_groups;
  team: ""
---
apiVersion: v1
kind: query
spec:
  automations_enabled: false
  description: List of all user groups.
  discard_data: false
  interval: 3600
  logging: ""
  min_osquery_version: 1.4.7
  name: user groups (windows,chrome)
  observer_can_run: false
  platform: chrome,windows
  query: select * from user_groups;
  team: ""
---
apiVersion: v1
kind: query
spec:
  automations_enabled: false
  description: Extracted information from Windows crash logs (Minidumps).
  discard_data: false
  interval: 3600
  logging: ""
  min_osquery_version: 1.4.7
  name: windows crashes
  observer_can_run: false
  platform: windows
  query: select * from windows_crashes;
  team: ""
---
apiVersion: v1
kind: query
spec:
  automations_enabled: false
  description:
    Triggers one-off YARA query for files at the specified path. Requires
    one of sig_group, sigfile, or sigrule.
  discard_data: false
  interval: 0
  logging: ""
  min_osquery_version: 1.4.7
  name: yara (yara)
  observer_can_run: false
  platform: darwin,linux,windows
  query: select * from yara;
  team: ""