-
Notifications
You must be signed in to change notification settings - Fork 3
/
mondoo-vmware-inventory.mql.yaml
101 lines (92 loc) · 3.74 KB
/
mondoo-vmware-inventory.mql.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
# Copyright (c) Mondoo, Inc.
# SPDX-License-Identifier: BUSL-1.1
packs:
- uid: mondoo-vmware-asset-inventory
name: VMware Asset Inventory Pack
version: 1.0.0
license: BUSL-1.1
authors:
- name: Mondoo, Inc
email: [email protected]
tags:
mondoo.com/platform: vmware,vmware-esxi
mondoo.com/category: security
docs:
desc: |
## Overview
VMware vCenter Asset Inventory Pack by Mondoo retrieves data about vCenter and its ESXi hosts.
### Run query pack
To run this query pack against VMware vCenter:
```bash
cnquery scan vsphere [email protected]@192.168.5.24 --ask-pass -f core/mondoo-vmware-inventory.mql.yaml
```
## Join the community!
Our goal is to build policies that are simple to deploy, accurate, and actionable.
If you have any suggestions for improving this policy, or if you need support, [join the Mondoo community](https://github.com/orgs/mondoohq/discussions) in GitHub Discussions.
filters: asset.platform == "vmware-esxi" || asset.platform == "vmware-vsphere"
queries:
- uid: mondoo-vmware-asset-inventory-vcenter-datacenters
title: VMware vSphere Datacenters
filters: asset.platform == "vmware-vsphere"
mql: |
vsphere.datacenters { name }
- uid: mondoo-vmware-asset-inventory-vcenter-clusters
title: VMware vSphere Clusters per Datacenter
filters: asset.platform == "vmware-vsphere"
mql: |
vsphere.datacenters { clusters }
- uid: mondoo-vmware-asset-inventory-vcenter-vms
title: VMware vSphere VMs per Datacenters
filters: asset.platform == "vmware-vsphere"
mql: |
vsphere.datacenters { vms }
- uid: mondoo-vmware-asset-inventory-esxi-kernel-modules
title: VMware ESXi Kernel modules
filters: asset.platform == "vmware-esxi"
mql: |
vsphere.host.kernelModules
- uid: mondoo-vmware-asset-inventory-esxi-installed-packages
title: VMware ESXi Installed packages
filters: asset.platform == "vmware-esxi"
mql: |
esxi.host.packages
- uid: mondoo-vmware-asset-inventory-esxi-services
title: VMware ESXi Services
filters: asset.platform == "vmware-esxi"
mql: |
esxi.host.services
- uid: mondoo-vmware-asset-inventory-esxi-acceptance-level
title: VMware ESXi Acceptance Level
filters: asset.platform == "vmware-esxi"
mql: |
esxi.host.acceptanceLevel
- uid: mondoo-vmware-asset-inventory-esxi-ntp-server
title: VMware ESXi NTP servers
filters: asset.platform == "vmware-esxi"
mql: |
esxi.host.ntp.server
- uid: mondoo-vmware-asset-inventory-esxi-ntp-config
title: VMware ESXi NTP configuration
filters: asset.platform == "vmware-esxi"
mql: |
esxi.host.ntp.config
- uid: mondoo-vmware-asset-inventory-esxi-fileSystemVolume
title: VMware ESXi File System Volume
filters: asset.platform == "vmware-esxi"
mql: |
esxi.host.properties["config"]["fileSystemVolume"]
- uid: mondoo-vmware-asset-inventory-esxi-firewall
title: VMware ESXi Firewall
filters: asset.platform == "vmware-esxi"
mql: |
esxi.host.properties["config"]["firewall"]
- uid: mondoo-vmware-asset-inventory-esxi-adapters
title: VMware ESXi Physical Adapters
filters: asset.platform == "vmware-esxi"
mql: |
esxi.host.adapters
- uid: mondoo-vmware-asset-inventory-esxi-standardSwitch
title: VMware ESXi Standard vSwitch
filters: asset.platform == "vmware-esxi"
mql: |
esxi.host.standardSwitch