From c95d70f924e2a9854d225ab78be93ec4f21bbdb2 Mon Sep 17 00:00:00 2001 From: Tim Smith Date: Wed, 24 Jan 2024 16:21:20 -0800 Subject: [PATCH] Fix running services queries to only be running We have the same titles queries in the asset overview policies. Just copy the MQL bits from those. Signed-off-by: Tim Smith --- core/mondoo-linux-incident-response.mql.yaml | 2 +- core/mondoo-macos-incident-response.mql.yaml | 2 +- core/mondoo-windows-incident-response.mql.yaml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/core/mondoo-linux-incident-response.mql.yaml b/core/mondoo-linux-incident-response.mql.yaml index 3f2ef5e..0f8f70c 100644 --- a/core/mondoo-linux-incident-response.mql.yaml +++ b/core/mondoo-linux-incident-response.mql.yaml @@ -46,4 +46,4 @@ packs: mql: packages { name version arch installed } - uid: mondoo-linux-running-services title: Running services - mql: services { name running enabled masked type } + mql: services.where(running == true) { name running enabled masked type } diff --git a/core/mondoo-macos-incident-response.mql.yaml b/core/mondoo-macos-incident-response.mql.yaml index 1b26105..0f463eb 100644 --- a/core/mondoo-macos-incident-response.mql.yaml +++ b/core/mondoo-macos-incident-response.mql.yaml @@ -41,7 +41,7 @@ packs: mql: packages - uid: mondoo-macos-incident-response-running-services title: Running services - mql: services + mql: services.where(running == true) { name running enabled masked type } - uid: mondoo-macos-incident-response-alf-extensions title: Exceptions from the Application Layer Firewall mql: macos.alf.exceptions diff --git a/core/mondoo-windows-incident-response.mql.yaml b/core/mondoo-windows-incident-response.mql.yaml index e3bd6d5..486592b 100644 --- a/core/mondoo-windows-incident-response.mql.yaml +++ b/core/mondoo-windows-incident-response.mql.yaml @@ -29,4 +29,4 @@ packs: mql: windows.computerInfo - uid: mondoo-windows-incident-response-running-services title: Running services - mql: services + mql: services.where(running == true)