fleet

mirror of https://github.com/empayre/fleet.git synced 2024-11-06 08:55:24 +00:00

Author	SHA1	Message	Date
Eric	4f8e0dcd0d	Regenerate osquery_fleet_schema.json (#9730 ) Changes: - Ran the `generate-merged-schema` script to regenerate `schema/osquery_fleet_schema.json`	2023-02-07 15:30:19 -06:00
Sharon Katz	84fcee9130	CIS 5.1.3+5.1.4 (#9642 )	2023-02-07 13:26:05 -05:00
Zach Wasserman	f3642b18da	Update xprotect_meta.yml (#9547 ) This refers to Safari extensions, not Chrome extensions.	2023-01-30 17:29:41 -08:00
Mike McNeil	eade58565f	xprotect_meta: Improve table docs: Link to where to get the foreign key (#9543 )	2023-01-27 17:58:11 -06:00
Mike McNeil	73b8f96f71	Make it so chrome_extensions shows up in a search for "browser plugins", same for firefox/ie/safari (#9540 ) .	2023-01-27 17:44:05 -06:00
Mike McNeil	3833ef4c40	Tables: Create ie_extensions.yml (#9541 ) for https://github.com/fleetdm/fleet/pull/9540/files	2023-01-27 17:27:04 -06:00
Sharon Katz	86c4c15d6b	Cis 5.2.x (#9489 )	2023-01-25 15:53:24 -05:00
Eric	055031e19f	Update schema folder readme (#9502 ) Changes: - Updated the `schema/` folder readme to have information about the `schema/tables/` folder, and YAML overrides.	2023-01-25 14:29:03 -06:00
Sharon Katz	cfd24c5af7	CIS 2.11.1 Add Table for 2.11.1 (Ensure Users' Accounts Do Not Have a Password Hint) (#9439 ) fleetdm/fleet#9255	2023-01-23 15:23:59 -05:00
Eric	07f8ec14e6	Update YAML schema table validation (#9302 ) Changes: - Added three errors to `website/api/helpers/get-extended-osquery-schema.js` that are thrown if a YAML schema table has: - A `platforms` value that is not an array - A `description` value that is not a string - A `columns` value that is not an array - Updated the `platforms` of YAML schema tables in `schema/tables/` that had string `platforms` values - Regenerated `/schema/osquery_fleet_schema.json` .	2023-01-13 10:16:36 -06:00
Eric	c28056e36c	Update osquery schema version and regenerate merged schema JSON (#9292 ) Changes: - Updated the version of the osquery schema we merge with Fleet's overrides (`5.6.0` » `5.7.0`) - Ran the `generate-merged-schema` script to regenerate `schema/osquery_fleet_schema.json` . .	2023-01-12 10:06:15 -06:00
Roberto Dip	5919931a4c	fix conflicts in docs about unified_logs vs macadmins_unified_logs (#9214 ) As raised by a community member in [Slack](https://osquery.slack.com/archives/C01DXJL16D8/p1672751794862639), this updates our documentation to account for both `unified_log` and `macadmins_unified_log`. Per my testing, it should also help with the #9158 bug in Fleet's UI. I have updated the columns of `macadmins_unified_log` according to what's in the [source code](`50f94d0d70/tables/unifiedlog/unified_log.go (L47-L69)`), and modified the example to work. Since I was there I have also updated the osquery version we use to pull the JSON to `5.6.0` and fixed a small bug related to the examples we pull from there. . . . . . . . Co-authored-by: Mike McNeil <mikermcneil@users.noreply.github.com>	2023-01-10 17:45:53 -06:00
Eric	5775bbbe0c	add required values to icloud_private_relay & fix markdown link in description (#8955 )	2022-12-07 11:43:58 -08:00
Mo Zhu	149ba5b24a	document new icloud_private_relay table (#8910 ) * document new icloud_private_relay table * Update icloud_private_relay.yml * "enabled" instead of "turned on" Co-authored-by: Guillaume Ross <guillaume@fleetdm.com> Co-authored-by: Guillaume Ross <guillaume@fleetdm.com>	2022-12-07 08:16:06 -08:00
Mike McNeil	bf1c894e7d	Hide browser_plugins table (#8669 ) It is not supported in most modern browsers and we think it is more osquerious-user-confusing than it is potentially security-helpful .	2022-12-07 08:23:20 -06:00
Mike McNeil	6049822df3	Add caveats to "preferences" table (#8652 ) Co-authored-by: Guillaume Ross <guillaume@fleetdm.com>	2022-12-07 08:08:15 -06:00
Eric	11313fd833	Update osquery_fleet_schema.json (#8941 )	2022-12-06 17:28:04 -06:00
Mo Zhu	7fb0589a72	clarify that -1 for uid in password_policy is global (#8664 )	2022-11-28 10:26:25 -08:00
Josh Brower	4c73ccb338	Add additional Windows tables to schema (#8817 ) * Add dns_cache * Add ntdomains * Add userassist * add shimcache * Spacing	2022-11-28 10:00:23 -05:00
RachelElysia	0eff5ce20a	Fleet queries bug: Fix 12 type instances in osquery fleet tables json (#8801 )	2022-11-23 10:17:04 -05:00
Mo Zhu	d69bbbb50c	note bssid and country code not available on wifi_survey and wifi_status tables (#8484 ) * note bssid and country code not available on wifi_survey table * wifi survey	2022-11-11 11:53:41 -08:00
Mike McNeil	0c5ae2bebf	Add link to augeas table docs (#8650 )	2022-11-10 11:36:08 -05:00
Katheryn Satterlee	511ba09185	Improved column descriptions for password_policy (#8611 )	2022-11-09 10:28:49 -06:00
Guillaume Ross	0ef72c36ce	Adding examples (#8500 ) Adding examples to 3 tables!	2022-11-09 11:15:26 -05:00
Eric	403663e1ce	regenerate osquery_fleet_schema.json (#8446 )	2022-10-31 16:05:01 -05:00
Mike McNeil	576d4da11c	Table: Update alf.yml (#8326 ) * Update alf.yml * Update alf.yml Co-authored-by: Guillaume Ross <guillaume@fleetdm.com>	2022-10-27 20:06:33 -05:00
Mike McNeil	55547c3d1a	Table: Update ad_config.yml (#8324 ) * Update ad_config.yml * Update ad_config.yml * Update ad_config.yml Quick fix on the definition! * Fixed wrapping Co-authored-by: Guillaume Ross <guillaume@fleetdm.com>	2022-10-27 19:37:41 -05:00
Eric	7406797d5c	move acpi_tables.yml & update get-extended-osquery-schema (#8364 ) * move acpi_tables.yml & comment out unused fields, update get-extended-osquery-schema * add '/tables/' to filename in fleetRepoUrl	2022-10-25 15:19:11 -05:00
Guillaume Ross	7eacc9fa96	Adding examples to 5 tables (#8424 )	2022-10-25 11:19:51 -07:00
Josh Brower	1f87644a23	Initial cut of Win tables schema (#8351 ) * Initial cut of Win tables schema * Add context * Formatting fixes * Add bitlocker_info * Remove temp stuff * Remove temp stuff redux * Apply suggestions from code review Co-authored-by: Guillaume Ross <guillaume@binaryfactory.ca> * Update bitlocker_info.yml * Edited for clarity Co-authored-by: Guillaume Ross <guillaume@binaryfactory.ca>	2022-10-21 11:21:08 -04:00
Guillaume Ross	d0cfa7bbb3	Add MacAdmins extension tables to schema (#8377 ) * Adding tables from the macadmins extension pack Part 1! * Adding the 2nd set of macadmins extension tables Will review in another commit tomorrow before submitting PR * Fixing typos and example queries	2022-10-21 13:49:11 +00:00
Mike McNeil	995cf025af	Update alf_exceptions.yml (#8327 )	2022-10-19 14:32:20 +00:00
Mike McNeil	d305fc34fb	Hide acpi_tables until we understand better why it's useful (#8323 )	2022-10-19 14:24:58 +00:00
Eric	e82962e4a7	Add Fleet override schema files (#8278 ) * create schema/tables, add yaml schema tables * Update osquery-table-details.ejs * Generate schema from schema/tables/ folder * Create generate-yaml-tables-from-json.js * update created table files * update fleet override validation * update error messages, add fleetRepoUrl * Delete generate-yaml-tables-from-json.js * Update osquery-table-details.ejs * Update whitespace in table examples * Revert "Update osquery-table-details.ejs" This reverts commit 2e9d63208f59997d492375ebaf1d0ec7e4afe468. * add YAML tables generated from updated Fleet schema * lint fixes * update arp_cache and docker_containers tables	2022-10-18 14:13:42 -05:00
Mo Zhu	3b802232d0	Add notes re: OUI and wireshark OUI lookup for arp_cache (#8272 ) * Add notes re: OUI and wireshark OUI lookup for arp_cache * More info on ARP spoofing Co-authored-by: Guillaume Ross <guillaume@fleetdm.com> * Fix links in markdown Co-authored-by: Eric <eashaw@sailsjs.com> Co-authored-by: Guillaume Ross <guillaume@fleetdm.com> Co-authored-by: Eric <eashaw@sailsjs.com>	2022-10-18 18:28:49 +00:00
Mo Zhu	564a4a4ee9	Link to what it means to be "privileged" docker container (#8260 )	2022-10-18 17:08:52 +00:00
Mo Zhu	ee6cf920d7	new example query for arp_cache (#8273 )	2022-10-18 17:08:38 +00:00
Guillaume Ross	f3f7f28e76	Adding examples (#8255 ) Adding 6 examples related to Docker tables, and adding a period at the end of the example on crontabs.	2022-10-17 18:48:04 +00:00
Eric	dfadfa294d	merge file table overrrides (#8231 )	2022-10-14 16:25:56 -04:00
Eric	2baf6bcbcf	update keychain_acls and account_policy_data examples (#8201 )	2022-10-12 17:31:26 -05:00
Mike McNeil	20d617ee67	Fix typo in keychain_items table schema (#8179 ) * Define "certificate authorities" + normalize capitalization * Fix typo in keychain_items table schema * Maybe a bad character? * Fixing problematic comma Co-authored-by: Guillaume Ross <guillaume@fleetdm.com>	2022-10-12 12:17:03 -04:00
Guillaume Ross	eadb3b1081	Adding 6 example queries! (#8165 ) * Adding 6 example queries! * Adding alf_explicit_auths + a note about a current bug with it * Reverting sailsrc changes	2022-10-12 11:13:44 -04:00
Mike McNeil	60a9e4de80	Define "certificate authorities" + normalize capitalization (#8118 )	2022-10-07 09:22:35 -04:00
Eric	8fecef3ed5	Update merged schema helper and script. (#8092 ) * update helper to use the osquery schema from the osquery/osquery-site repo * update script description and generated json filename * Add ritual to digital experience handbook * add merged schema * Update README.md * Update get-extended-osquery-schema.js	2022-10-05 15:10:08 -05:00
Mo Zhu	1592309f7a	Specify where `docker_volumes.name` comes from. (#8075 ) * Update fleet_schema.json * Make description uppercase. Co-authored-by: Guillaume Ross <guillaume@fleetdm.com> Co-authored-by: Guillaume Ross <guillaume@fleetdm.com>	2022-10-04 12:49:56 -07:00
Mo Zhu	3b7926a6b3	Account policy data example query (#8070 ) * query for checking for brute force intrusion attempts * Fixing query Co-authored-by: Guillaume Ross <guillaume@fleetdm.com>	2022-10-04 08:50:41 -07:00
Guillaume Ross	b77113b1b5	Adding a bunch of examples (#8028 ) * Adding a bunch of examples Adding a bunch of examples and fixing missing trailing `;`s in existing ones * Delete .sailsrc Added .sailsrc accidentally form building locally * Replaced sailsrc with original content * Fixed typo in table name * Undoing .sailsrc again Ooops!	2022-10-03 11:32:03 -04:00
Eric	9dbf84fb4b	Website: Add pages for schema tables (#7679 ) * add osquery tables page * update build script, add fleet schema folder * update layout and page script * add edit-page button, search, remove test attribute from fleet schema * update styles * syntax highlighting, update highlight.js, adjust layout * lint fixes * Update view-osquery-tables.js * requested changes from 1:1 * requested changes - Rename osquery-tables to osquery-table-details & update routes and policies - Update wildcard input and tables details route - Fix lint error - adjust self-calling functions in page script - rename function and adjust the order of functions in page script * add osquery tables to builtStaticContent.markdownPages * update schema folder readme * add redirect for /tables * update table input * remove comment from stylesheet, update syntax highlighting, use variable names from colors.less * update inputs in view action * Updates from PR review * fix lint error * update syntax highlighting, table page styles * Update build-static-content.js * requested changes from code review * Update build-static-content.js * fix build script error * remove string.replaceAll() Co-authored-by: Mike Thomas <78363703+mike-j-thomas@users.noreply.github.com> Co-authored-by: Mike McNeil <mikermcneil@users.noreply.github.com>	2022-09-23 19:06:55 -05:00

48 Commits