Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-04-30 01:47:23 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 138
fleet/cmd/fleetctl/testdata/convert_output.yml

354 lines
7.5 KiB
YAML
Raw Blame History

---
apiVersion: v1
kind: query
spec:
automations_enabled: false
description: Retrieves the list of application scheme/protocol-based IPC handlers.
interval: 86400
logging: ""
min_osquery_version: 1.4.7
name: app_schemes
observer_can_run: false
platform: darwin
query: select * from app_schemes;
team: ""
---
apiVersion: v1
kind: query
spec:
automations_enabled: false
description: Retrieves the current disk encryption status for the target system.
interval: 86400
logging: ""
min_osquery_version: 1.4.5
name: disk_encryption (posix)
observer_can_run: false
platform: darwin,linux
query: select * from disk_encryption;
team: ""
---
apiVersion: v1
kind: query
spec:
automations_enabled: false
description: Retrieves the current disk encryption status for the target system.
interval: 300
logging: ""
min_osquery_version: 1.4.5
name: disk_encryption (darwin,linux)
observer_can_run: false
platform: darwin,linux
query: select * from disk_encryption;
team: ""
---
apiVersion: v1
kind: query
spec:
automations_enabled: false
description: Retrieve basic information about the physical disks of a system.
interval: 86400
logging: ""
min_osquery_version: 1.4.7
name: disk_info
observer_can_run: false
platform: chrome,windows
query: select * from disk_info;
team: ""
---
apiVersion: v1
kind: query
spec:
automations_enabled: false
description: Retrieves the current filters and chains per filter in the target system.
interval: 3600
logging: ""
min_osquery_version: 1.4.5
name: iptables
observer_can_run: false
platform: linux
query: select * from iptables;
team: ""
---
apiVersion: v1
kind: query
spec:
automations_enabled: false
description:
Retrieves all the daemons that will run in the start of the target
OSX system.
interval: 3600
logging: ""
min_osquery_version: 1.4.5
name: launchd
observer_can_run: false
platform: darwin
query: select * from launchd;
team: ""
---
apiVersion: v1
kind: query
spec:
automations_enabled: false
description: Retrieves the list of listening ports.
interval: 3600
logging: ""
min_osquery_version: 1.4.7
name: listening_ports (specs)
observer_can_run: false
platform: darwin,linux,windows
query: select * from listening_ports;
team: ""
---
apiVersion: v1
kind: query
spec:
automations_enabled: false
description: Retrieves the list of listening ports.
interval: 3600
logging: ""
min_osquery_version: 1.4.7
name: listening_ports (utility)
observer_can_run: false
platform: darwin,linux,windows
query: select * from listening_ports;
team: ""
---
apiVersion: v1
kind: query
spec:
automations_enabled: false
description: Lists the application bundle that owns a sandbox label.
interval: 86400
logging: ""
min_osquery_version: 1.4.7
name: sandboxes
observer_can_run: false
platform: darwin
query: select * from sandboxes;
team: ""
---
apiVersion: v1
kind: query
spec:
automations_enabled: false
description: System resource usage limits.
interval: 300
logging: ""
min_osquery_version: 1.4.7
name: ulimit_info (smart)
observer_can_run: false
platform: darwin,linux
query: select * from ulimit_info;
team: ""
---
apiVersion: v1
kind: query
spec:
automations_enabled: false
description: System uptime.
interval: 600
logging: ""
min_osquery_version: 1.4.7
name: uptime (kernel)
observer_can_run: false
platform: darwin
query: select * from uptime;
team: ""
---
apiVersion: v1
kind: query
spec:
automations_enabled: false
description: System uptime.
interval: 600
logging: ""
min_osquery_version: 1.4.7
name: uptime (linwin)
observer_can_run: false
platform: linux,windows
query: select * from uptime;
team: ""
---
apiVersion: v1
kind: query
spec:
automations_enabled: false
description: System uptime.
interval: 600
logging: ""
min_osquery_version: 1.4.7
name: uptime (macwin)
observer_can_run: false
platform: darwin,windows
query: select * from uptime;
team: ""
---
apiVersion: v1
kind: query
spec:
automations_enabled: false
description: System uptime.
interval: 600
logging: ""
min_osquery_version: 1.4.7
name: uptime (sleuthkit)
observer_can_run: false
platform: darwin,linux
query: select * from uptime;
team: ""
---
apiVersion: v1
kind: query
spec:
automations_enabled: false
description: Lists the application bundle that owns a sandbox label.
interval: 86400
logging: ""
min_osquery_version: 1.4.7
name: sandboxes
observer_can_run: false
platform: darwin
query: select * from sandboxes;
team: ""
---
apiVersion: v1
kind: query
spec:
automations_enabled: false
description: List of all user groups.
interval: 3600
logging: ""
min_osquery_version: 1.4.7
name: user groups (all)
observer_can_run: false
platform: ""
query: select * from user_groups;
team: ""
---
apiVersion: v1
kind: query
spec:
automations_enabled: false
description: List of all user groups.
interval: 3600
logging: ""
min_osquery_version: 1.4.7
name: user groups (any)
observer_can_run: false
platform: ""
query: select * from user_groups;
team: ""
---
apiVersion: v1
kind: query
spec:
automations_enabled: false
description: List of all user groups.
interval: 3600
logging: ""
min_osquery_version: 1.4.7
name: user groups (darwin,linux)
observer_can_run: false
platform: darwin,linux
query: select * from user_groups;
team: ""
---
apiVersion: v1
kind: query
spec:
automations_enabled: false
description: List of all user groups.
interval: 3600
logging: ""
min_osquery_version: ""
name: user groups (empty string platform, empty string version)
observer_can_run: false
platform: ""
query: select * from user_groups;
team: ""
---
apiVersion: v1
kind: query
spec:
automations_enabled: false
description: List of all user groups.
interval: 3600
logging: ""
min_osquery_version: 1.4.7
name: user groups (linux,darwin)
observer_can_run: false
platform: darwin,linux
query: select * from user_groups;
team: ""
---
apiVersion: v1
kind: query
spec:
automations_enabled: false
description: List of all user groups.
interval: 3600
logging: ""
min_osquery_version: 1.4.7
name: user groups (missing platform)
observer_can_run: false
platform: ""
query: select * from user_groups;
team: ""
---
apiVersion: v1
kind: query
spec:
automations_enabled: false
description: List of all user groups.
interval: 3600
logging: ""
min_osquery_version: ""
name: user groups (missing version)
observer_can_run: false
platform: darwin
query: select * from user_groups;
team: ""
---
apiVersion: v1
kind: query
spec:
automations_enabled: false
description: List of all user groups.
interval: 3600
logging: ""
min_osquery_version: 1.4.7
name: user groups (windows,chrome)
observer_can_run: false
platform: chrome,windows
query: select * from user_groups;
team: ""
---
apiVersion: v1
kind: query
spec:
automations_enabled: false
description: Extracted information from Windows crash logs (Minidumps).
interval: 3600
logging: ""
min_osquery_version: 1.4.7
name: windows crashes
observer_can_run: false
platform: windows
query: select * from windows_crashes;
team: ""
---
apiVersion: v1
kind: query
spec:
automations_enabled: false
description:
Triggers one-off YARA query for files at the specified path. Requires
one of sig_group, sigfile, or sigrule.
interval: 0
logging: ""
min_osquery_version: 1.4.7
name: yara (yara)
observer_can_run: false
platform: darwin,linux,windows
query: select * from yara;
team: ""
Reference in a new issue View git blame Copy permalink