From 2accdfbecb74762fa3d78abedff4e29d0b5a721e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Patrick=20Mu=CC=88nch?= Date: Sat, 20 Jul 2024 16:34:45 +0200 Subject: [PATCH 1/2] add vmware inventory pack MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Patrick Münch --- core/mondoo-vmware-inventory.mql.yaml | 104 ++++++++++++++++++++++++++ 1 file changed, 104 insertions(+) create mode 100644 core/mondoo-vmware-inventory.mql.yaml diff --git a/core/mondoo-vmware-inventory.mql.yaml b/core/mondoo-vmware-inventory.mql.yaml new file mode 100644 index 0000000..708f750 --- /dev/null +++ b/core/mondoo-vmware-inventory.mql.yaml @@ -0,0 +1,104 @@ +# Copyright (c) Mondoo, Inc. +# SPDX-License-Identifier: BUSL-1.1 + +packs: + - uid: mondoo-vmware-asset-inventory + name: VMware Asset Inventory Pack + version: 1.0.0 + license: BUSL-1.1 + authors: + - name: Mondoo, Inc + email: hello@mondoo.com + tags: + mondoo.com/platform: vmware,vmware-esxi + mondoo.com/category: security + docs: + desc: | + ## Overview + + VMware vCenter Asset Inventory Pack by Mondoo retrieves data about vCenter and its ESXi hosts. + + ### Run query pack + + To run this query pack against VMware vCenter: + + ```bash + cnquery scan vsphere user@domain.local@192.168.5.24 --ask-pass -f core/mondoo-vmware-inventory.mql.yaml + ``` + + ## Join the community! + + Our goal is to build policies that are simple to deploy, accurate, and actionable. + + If you have any suggestions for improving this policy, or if you need support, [join the Mondoo community](https://github.com/orgs/mondoohq/discussions) in GitHub Discussions. + filters: asset.platform == "vmware-esxi" || asset.platform == "vmware-vsphere" + queries: + - uid: mondoo-vmware-asset-inventory-vcenter-datacenters + title: VMware vSphere Datacenters + filters: asset.platform == "vmware-vsphere" + mql: | + vsphere.datacenters { name } + - uid: mondoo-vmware-asset-inventory-vcenter-clusters + title: VMware vSphere Clusters per Datacenter + filters: asset.platform == "vmware-vsphere" + mql: | + vsphere.datacenters { clusters } + - uid: mondoo-vmware-asset-inventory-vcenter-vms + title: VMware vSphere VMs per Datacenters + filters: asset.platform == "vmware-vsphere" + mql: | + vsphere.datacenters { vms } + - uid: mondoo-vmware-asset-inventory-esxi-kernel-modules + title: VMware ESXi Kernel modules + filters: asset.platform == "vmware-esxi" + mql: | + vsphere.host.kernelModules + - uid: mondoo-vmware-asset-inventory-esxi-installed-packages + title: VMware ESXi Installed packages + filters: asset.platform == "vmware-esxi" + mql: | + esxi.host.packages + - uid: mondoo-vmware-asset-inventory-esxi-services + title: VMware ESXi Services + filters: asset.platform == "vmware-esxi" + mql: | + esxi.host.services + - uid: mondoo-vmware-asset-inventory-esxi-acceptance-level + title: VMware ESXi Acceptance Level + filters: asset.platform == "vmware-esxi" + mql: | + esxi.host.acceptanceLevel + - uid: mondoo-vmware-asset-inventory-esxi-ntp-server + title: VMware ESXi NTP servers + filters: asset.platform == "vmware-esxi" + mql: | + esxi.host.ntp.server + - uid: mondoo-vmware-asset-inventory-esxi-ntp-config + title: VMware ESXi NTP configuration + filters: asset.platform == "vmware-esxi" + mql: | + esxi.host.ntp.config + - uid: mondoo-vmware-asset-inventory-esxi-fileSystemVolume + title: VMware ESXi File System Volume + filters: asset.platform == "vmware-esxi" + mql: | + esxi.host.properties["config"]["fileSystemVolume"] + - uid: mondoo-vmware-asset-inventory-esxi-firewall + title: VMware ESXi Firewall + filters: asset.platform == "vmware-esxi" + mql: | + esxi.host.properties["config"]["firewall"] + - uid: mondoo-vmware-asset-inventory-esxi-adapters + title: VMware ESXi Physical Adapters + filters: asset.platform == "vmware-esxi" + mql: | + esxi.host.adapters + - uid: mondoo-vmware-asset-inventory-esxi-standardSwitch + title: VMware ESXi Standard vSwitch + filters: asset.platform == "vmware-esxi" + mql: | + esxi.host.standardSwitch + + + + From 154affd90c01c8d46e0dbe4ad869fa9ca383c7e1 Mon Sep 17 00:00:00 2001 From: Tim Smith Date: Mon, 22 Jul 2024 18:24:39 -0700 Subject: [PATCH 2/2] Apply suggestions from code review --- core/mondoo-vmware-inventory.mql.yaml | 3 --- 1 file changed, 3 deletions(-) diff --git a/core/mondoo-vmware-inventory.mql.yaml b/core/mondoo-vmware-inventory.mql.yaml index 708f750..8a0c87c 100644 --- a/core/mondoo-vmware-inventory.mql.yaml +++ b/core/mondoo-vmware-inventory.mql.yaml @@ -99,6 +99,3 @@ packs: mql: | esxi.host.standardSwitch - - -