dknell · November 27, 2020 05:54
diff --git a/queries.json b/queries.json
 {
  "MACOS": {
    "osVersion": {
      "description": "What Operating System is running and what is it's version?",
      "query": "SELECT name, version, platform FROM os_version",
      "isArray": false
    },
    "hwSerial": {
      "description": "What's the workstations serial number?",
      "query": "SELECT hardware_serial FROM system_info",
      "isArray": false
    },
    "hddEncryptionStatus": {
      "description": "Is the hard drive encryption enabled on the workstation?",
      "query": "SELECT de.encrypted FROM mounts m JOIN disk_encryption de on de.name=m.device WHERE m.path ='/'",
      "isArray": false
    },
    "fileVaultEnabled": {
      "description": "Is FileVault enabled on this Mac?",
      "command": "fdesetup status",
      "isArray": false
    },
    "appList": {
      "description": "Return a list of ALL applications installed on the workstation",
      "query": "SELECT name, bundle_short_version, info_string FROM apps",
      "isArray": true
    },
    "firewallStatus": {
      "description": "Is the software firewall enabled on the workstation?",
      "query": "SELECT global_state FROM alf",
      "isArray": false
    },
    "passwordManager": [
      {
        "description": "Is there a password manager application installed on the workstation? - Firefox",
        "query": "SELECT name FROM firefox_addons",
        "isArray": true
      },
      {
        "description": "Is there a password manager application installed on the workstation? - Chrome",
        "query": "SELECT name FROM chrome_extensions",
        "isArray": true
      },
      {
        "description": "Is there a password manager application installed on the workstation? - Apps",
        "query": "SELECT name FROM apps",
        "isArray": true
      }
    ],
    "macAddress": {
      "description": "What is the MAC Address of this machine?",
      "query": "SELECT mac FROM interface_details WHERE interface in (SELECT DISTINCT interface FROM interface_addresses WHERE interface in ('en0', 'en1')) LIMIT 1",
      "isArray": false
    },
    "antivirus": {
      "description": "Is there an Antivirus application installed on this machine?",
      "query": "SELECT name FROM apps",
      "isArray": true
    },
    "autoUpdateEnabled": {
      "description": "Is auto-update enabled on this machine?",
      "query": "SELECT * FROM plist WHERE path = '/Library/Preferences/com.apple.commerce.plist' AND key = 'AutoUpdate'",
      "isArray": false
    },
    "gateKeeperEnabled": {
      "description": "Is Gatekeeper enabled on this Mac?",
      "query": "SELECT assessments_enabled FROM gatekeeper",
      "isArray": false
    },
    "screenLockStatus": [
      {
        "description": "Time for screen to lock",
        "query": "SELECT value FROM preferences WHERE domain='com.apple.screensaver' AND key='idleTime'",
        "isArray": false
      },
      {
        "description": "Is screenlock enabled?",
        "query": "SELECT enabled, grace_period FROM screenlock",
        "isArray": false
      }
    ],
    "adminUsers": {
      "description": "List of users with administrative privileges",
      "query": "SELECT users.uid, users.username FROM user_groups INNER JOIN users ON user_groups.uid = users.uid WHERE user_groups.gid = 80",
      "isArray": true
    },
    "processor": {
      "description": "Processor Information",
      "query": "SELECT cpu_type, cpu_brand FROM system_info",
      "isArray": false
    },
    "memory": {
      "description": "Physical Memory (RAM)",
      "query": "SELECT physical_memory FROM system_info",
      "isArray": false
    },
    "hddSize": {
      "description": "Hard Disk Storage Capacity in GB",
      "query": "SELECT round((blocks * blocks_size * 10e-10), 2) AS hddSize FROM mounts WHERE path='/'",
      "isArray": false
    }
  },
  "WINDOWS": {
    "osVersion": {
      "description": "Which Operating System (OS) and which version is running?",
      "query": "SELECT name, version, platform FROM os_version",
      "isArray": false
    },
    "hwSerial": {
      "description": "What's the workstations serial number?",
      "query": "SELECT hardware_serial FROM system_info",
      "isArray": false
    },
    "hddEncryptionStatus": {
      "description": "Is hard drive encryption enabled on the workstation?",
      "query": "SELECT * from bitlocker_info",
      "isArray": true
    },
    "appList": {
      "description": "Return a list of ALL applications installed on the workstation",
      "query": "SELECT name, version FROM programs",
      "isArray": true
    },
    "firewallStatus": {
      "description": "Is the software firewall enabled on the workstation?",
      "query": "SELECT firewall FROM windows_security_center",
      "isArray": false
    },
    "passwordManager": [
      {
        "description": "Is there a password manager application installed on the workstation? - Firefox",
        "query": "SELECT name FROM firefox_addons",
        "isArray": true
      },
      {
        "description": "Is there a password manager application installed on the workstation? - Chrome",
        "query": "SELECT name FROM chrome_extensions",
        "isArray": true
      },
      {
        "description": "Is there a password manager application installed on the workstation? - Apps",
        "query": "SELECT name FROM programs",
        "isArray": true
      }
    ],
    "macAddress": {
      "description": "What is the MAC Address of this machine?",
      "query": "SELECT mac FROM interface_details WHERE physical_adapter=1",
      "isArray": false
    },
    "antivirus": {
      "description": "Is there an Antivirus application installed on this machine?",
      "query": "SELECT name FROM programs",
      "isArray": true
    },
    "autoUpdateEnabled": {
      "description": "Is auto-update enabled on this machine?",
      "query": "SELECT autoupdate FROM windows_security_center",
      "isArray": false
    },
    "screenLockStatus": {
      "description": "Time for screen to lock",
      "command": "powercfg -attributes SUB_VIDEO VIDEOCONLOCK -ATTRIB_HIDE 2> NUL & powercfg /Q SCHEME_CURRENT SUB_VIDEO VIDEOCONLOCK 2> NUL && powercfg -attributes SUB_NONE CONSOLELOCK -ATTRIB_HIDE 2> NUL & powercfg /Q SCHEME_CURRENT SUB_NONE CONSOLELOCK 2> NUL",
      "isArray": false
    },
    "adminUsers": {
      "description": "List of users with administrative privileges",
      "query": "SELECT u.username FROM users u JOIN user_groups ug ON ug.UID = u.UID JOIN groups g ON g.GID = ug.GID WHERE g.GROUPNAME = 'Administrators'",
      "isArray": true
    },
    "processor": {
      "description": "Processor Information",
      "query": "SELECT cpu_type, cpu_brand FROM system_info",
      "isArray": false
    },
    "memory": {
      "description": "Physical Memory (RAM)",
      "query": "SELECT physical_memory FROM system_info",
      "isArray": false
    },
    "hddSize": {
      "description": "Hard Disk Storage Capacity in GB",
      "query": "SELECT round((disk_size * 10e-10), 2) AS hddSize FROM disk_info",
      "isArray": false
    },
    "graphics": {
      "description": "Physical Memory (RAM)",
      "query": "SELECT manufacturer, model, series FROM video_info",
      "isArray": false
    }
  }
 }
	{
	"MACOS": {
	"osVersion": {
	"description": "What Operating System is running and what is it's version?",
	"query": "SELECT name, version, platform FROM os_version",
	"isArray": false
	},
	"hwSerial": {
	"description": "What's the workstations serial number?",
	"query": "SELECT hardware_serial FROM system_info",
	"isArray": false
	},
	"hddEncryptionStatus": {
	"description": "Is the hard drive encryption enabled on the workstation?",
	"query": "SELECT de.encrypted FROM mounts m JOIN disk_encryption de on de.name=m.device WHERE m.path ='/'",
	"isArray": false
	},
	"fileVaultEnabled": {
	"description": "Is FileVault enabled on this Mac?",
	"command": "fdesetup status",
	"isArray": false
	},
	"appList": {
	"description": "Return a list of ALL applications installed on the workstation",
	"query": "SELECT name, bundle_short_version, info_string FROM apps",
	"isArray": true
	},
	"firewallStatus": {
	"description": "Is the software firewall enabled on the workstation?",
	"query": "SELECT global_state FROM alf",
	"isArray": false
	},
	"passwordManager": [
	{
	"description": "Is there a password manager application installed on the workstation? - Firefox",
	"query": "SELECT name FROM firefox_addons",
	"isArray": true
	},
	{
	"description": "Is there a password manager application installed on the workstation? - Chrome",
	"query": "SELECT name FROM chrome_extensions",
	"isArray": true
	},
	{
	"description": "Is there a password manager application installed on the workstation? - Apps",
	"query": "SELECT name FROM apps",
	"isArray": true
	}
	],
	"macAddress": {
	"description": "What is the MAC Address of this machine?",
	"query": "SELECT mac FROM interface_details WHERE interface in (SELECT DISTINCT interface FROM interface_addresses WHERE interface in ('en0', 'en1')) LIMIT 1",
	"isArray": false
	},
	"antivirus": {
	"description": "Is there an Antivirus application installed on this machine?",
	"query": "SELECT name FROM apps",
	"isArray": true
	},
	"autoUpdateEnabled": {
	"description": "Is auto-update enabled on this machine?",
	"query": "SELECT * FROM plist WHERE path = '/Library/Preferences/com.apple.commerce.plist' AND key = 'AutoUpdate'",
	"isArray": false
	},
	"gateKeeperEnabled": {
	"description": "Is Gatekeeper enabled on this Mac?",
	"query": "SELECT assessments_enabled FROM gatekeeper",
	"isArray": false
	},
	"screenLockStatus": [
	{
	"description": "Time for screen to lock",
	"query": "SELECT value FROM preferences WHERE domain='com.apple.screensaver' AND key='idleTime'",
	"isArray": false
	},
	{
	"description": "Is screenlock enabled?",
	"query": "SELECT enabled, grace_period FROM screenlock",
	"isArray": false
	}
	],
	"adminUsers": {
	"description": "List of users with administrative privileges",
	"query": "SELECT users.uid, users.username FROM user_groups INNER JOIN users ON user_groups.uid = users.uid WHERE user_groups.gid = 80",
	"isArray": true
	},
	"processor": {
	"description": "Processor Information",
	"query": "SELECT cpu_type, cpu_brand FROM system_info",
	"isArray": false
	},
	"memory": {
	"description": "Physical Memory (RAM)",
	"query": "SELECT physical_memory FROM system_info",
	"isArray": false
	},
	"hddSize": {
	"description": "Hard Disk Storage Capacity in GB",
	"query": "SELECT round((blocks * blocks_size * 10e-10), 2) AS hddSize FROM mounts WHERE path='/'",
	"isArray": false
	}
	},
	"WINDOWS": {
	"osVersion": {
	"description": "Which Operating System (OS) and which version is running?",
	"query": "SELECT name, version, platform FROM os_version",
	"isArray": false
	},
	"hwSerial": {
	"description": "What's the workstations serial number?",
	"query": "SELECT hardware_serial FROM system_info",
	"isArray": false
	},
	"hddEncryptionStatus": {
	"description": "Is hard drive encryption enabled on the workstation?",
	"query": "SELECT * from bitlocker_info",
	"isArray": true
	},
	"appList": {
	"description": "Return a list of ALL applications installed on the workstation",
	"query": "SELECT name, version FROM programs",
	"isArray": true
	},
	"firewallStatus": {
	"description": "Is the software firewall enabled on the workstation?",
	"query": "SELECT firewall FROM windows_security_center",
	"isArray": false
	},
	"passwordManager": [
	{
	"description": "Is there a password manager application installed on the workstation? - Firefox",
	"query": "SELECT name FROM firefox_addons",
	"isArray": true
	},
	{
	"description": "Is there a password manager application installed on the workstation? - Chrome",
	"query": "SELECT name FROM chrome_extensions",
	"isArray": true
	},
	{
	"description": "Is there a password manager application installed on the workstation? - Apps",
	"query": "SELECT name FROM programs",
	"isArray": true
	}
	],
	"macAddress": {
	"description": "What is the MAC Address of this machine?",
	"query": "SELECT mac FROM interface_details WHERE physical_adapter=1",
	"isArray": false
	},
	"antivirus": {
	"description": "Is there an Antivirus application installed on this machine?",
	"query": "SELECT name FROM programs",
	"isArray": true
	},
	"autoUpdateEnabled": {
	"description": "Is auto-update enabled on this machine?",
	"query": "SELECT autoupdate FROM windows_security_center",
	"isArray": false
	},
	"screenLockStatus": {
	"description": "Time for screen to lock",
	"command": "powercfg -attributes SUB_VIDEO VIDEOCONLOCK -ATTRIB_HIDE 2> NUL & powercfg /Q SCHEME_CURRENT SUB_VIDEO VIDEOCONLOCK 2> NUL && powercfg -attributes SUB_NONE CONSOLELOCK -ATTRIB_HIDE 2> NUL & powercfg /Q SCHEME_CURRENT SUB_NONE CONSOLELOCK 2> NUL",
	"isArray": false
	},
	"adminUsers": {
	"description": "List of users with administrative privileges",
	"query": "SELECT u.username FROM users u JOIN user_groups ug ON ug.UID = u.UID JOIN groups g ON g.GID = ug.GID WHERE g.GROUPNAME = 'Administrators'",
	"isArray": true
	},
	"processor": {
	"description": "Processor Information",
	"query": "SELECT cpu_type, cpu_brand FROM system_info",
	"isArray": false
	},
	"memory": {
	"description": "Physical Memory (RAM)",
	"query": "SELECT physical_memory FROM system_info",
	"isArray": false
	},
	"hddSize": {
	"description": "Hard Disk Storage Capacity in GB",
	"query": "SELECT round((disk_size * 10e-10), 2) AS hddSize FROM disk_info",
	"isArray": false
	},
	"graphics": {
	"description": "Physical Memory (RAM)",
	"query": "SELECT manufacturer, model, series FROM video_info",
	"isArray": false
	}
	}
	}