* App up to date or not installed
Adding "App installed and up to date OR not present" example
* Removed empty last line
* Update standard-query-library.yml
Added right descriptions and resolution for the Docker example, and added a new query to detect unencrypted SSH keys.
* Update docs/01-Using-Fleet/standard-query-library/standard-query-library.yml
Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
* Update docs/01-Using-Fleet/standard-query-library/standard-query-library.yml
Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
* Update docs/01-Using-Fleet/standard-query-library/standard-query-library.yml
Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
* Update standard-query-library.yml
Updated as per @noahtalerman's review
* Update docs/01-Using-Fleet/standard-query-library/standard-query-library.yml
Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
* Renaming files and a lot of find and replace
* pageRank meta tags, sorting by page rank
* reranking
* removing numbers
* revert changing links that are locked to a commit
* update metatag name, uncomment github contributers
* Update basic-documentation.page.js
* revert link change
* more explicit errors, change pageOrderInSection numbers, updated sort
* Update build-static-content.js
* update comment
* update handbook link
* handbook entry
* update sort
* update changelog doc links to use fleetdm.com
* move standard query library back to old location, update links/references to location
* revert unintentional link changes
* Update handbook/community.md
Co-authored-by: Mike Thomas <78363703+mike-j-thomas@users.noreply.github.com>
Co-authored-by: Mike Thomas <78363703+mike-j-thomas@users.noreply.github.com>
Co-authored-by: Mike McNeil <mikermcneil@users.noreply.github.com>
On website + constants.ts. Does not support all Linux encryption scenarios, we will add more to this query as we discover the patterns people need.
Closes#4208
* Adding antivirus queries
Adding 3 antivirus queries in the form of an information query as well as in the form of policy queries
* Update standard-query-library.yml
Adding newline at end of file
* Add remaining policy templates
* Removeempty resolution field
* Update naming for standard policies
* Add enabled word to SIP policy
* Use full SIP
* Also change in constants
* Update windows disk encryption
* Add changes file
* Tweak windows disk encryption policy
* Address lint errors
* Make requested changes
* Reflect changes in policy tempaltes
* Make sure that standard policies and policy templates are the same
* Edit automatic login disabled description
* Also edit in constants
* handle query tags in build-static-content script, update query readme
* show tags in query library, add ability to filter by tags
* fix lint errors
* update mobile styles
* fix CTA link
* update mobile layout
* remove tag line-height and font size
* Update build-static-content.js
* Style update
* remove margin from selected tag, adjust OS logo placement
* requested changes from code review
Co-authored-by: Mike Thomas <mthomas@fleetdm.com>
* feat: add query to find running docker containers
* docs: 📝 add query to get Mac and Linux machines with unencrypted primary disks
* feat: add query to find running docker containers
* docs: 📝 add query to get Mac and Linux machines with unencrypted primary disks
* chore: remove queries from develop
* docs: add query to get running docker containers
* docs: add query to get machines with unencrypted primary disks
* fix: remove trailing ---
* fix: remove trailing ---
* chore: remove trailing ---
* docs: add query to get applications hogging memory
* fix: resolve merge conflicts
* chore: update PR
* chore: update PR
* chore: merge previous query
* feat: add query to find servers with root logins within the day
* fix: remove unneeded period
* docs: add instructions for submiting multiple queries
* fix: remove duplicate entry
* fix: remove period from get running docker containers query description
* docs: add instructions for submiting multiple queries
* fix: resolve merge conflicts
* feat: add description for query to fetch failing batteries
* fix: resolve duplicate descriptions
* fix: remove typo in deplying docs
* fix: reword description
* fix: add suggestions to improve description
* feat: add description to query to fet windows machines with unencrypted hard disks
* feat: update description for count apple applications installed query
* docs: 📝 Add query to get apps opened within the last 24 hours
* feat: add query to find apps not in Applications directory
* feat: add query to find subscription based applications that have not been opened for the last 30 days
Queries:
- Get applications hogging memory
- Get Mac and Linux machines with unencrypted primary disks
- Get servers with root login in the last 24 hours
Fix syntax for the following queries:
- Get user files matching a specific hash
- Check for artifacts of the Floxif trojan
- Get malicious Python backdoors