Skip to content

Refactor vault details for readability and add new dt reporting query for mac apps #71

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
estoler merged 1 commit into from
Dec 7, 2024
+58 −5
Merged

Refactor vault details for readability and add new dt reporting query for mac apps #71

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 9 additions & 5 deletions account-management/vault-details.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,17 +7,21 @@ op signin
for vault in $(op vault list --format=json | jq --raw-output '.[] .id')
do
echo ""
echo "**************Vault Details**************"
echo "Vault Details"
op vault get $vault --format=json | jq -r '.|{name, items, updated_at}'
sleep 1
echo ""
echo "**************Users**************"
echo "Users"
op vault user list $vault
sleep 1
echo ""
echo "**************Groups**************"
echo "Groups"
op vault group list $vault
sleep 1
echo ""
echo "*****************************************"
echo "*****************************************"
echo "End of Vault Details"
sleep 2
clear
echo ""
echo ""
done
49 changes: 49 additions & 0 deletions device-trust/reporting-db/app_report.sql
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,49 @@
-- "Mac Apps Report"
-- Internal-1P only https://app.kolide.com/4918/reporting/queries/2080

-- Reporting DB query to retrieve all mac_apps installed across the fleet,
-- filtering out a list of "approved apps" such as 1Password and anything
-- built by either Apple or Google using their bundle_identifier.

-- The final report contains an ordered list of "unapproved" apps with a
-- JSON formatted device table containing the device name, serial and admin URL.

WITH device_info AS (
SELECT
id as device_id,
name,
serial,
k2_url,
id || ' (' || name || ')' as device_name
FROM
devices
),

apps AS (
SELECT
*
FROM
mac_apps
WHERE
1=1
AND path LIKE '/Applications%'
AND name NOT LIKE '1Password%.app'
AND bundle_identifier NOT LIKE 'com.apple.%'
AND bundle_identifier NOT LIKE 'com.google.%'
)

SELECT
a.name,
a.bundle_identifier,
COUNT(*) as count,
JSON_AGG(
JSON_BUILD_OBJECT(
'device_name', d.device_name,
'device_serial', d.serial,
'url', d.k2_url
) ORDER BY d.device_name
) as device_table
FROM apps as a
JOIN device_info as d on d.device_id = a.device_id
GROUP BY 1, 2
ORDER BY count DESC