go.mondoo.com/cnquery@v0.0.0-20231005093811-59568235f6ea/explorer/cnquery_explorer.proto (about) 1 // Copyright (c) Mondoo, Inc. 2 // SPDX-License-Identifier: BUSL-1.1 3 4 syntax = "proto3"; 5 6 package cnquery.explorer; 7 option go_package = "go.mondoo.com/cnquery/explorer"; 8 9 import "llx/llx.proto"; 10 import "providers-sdk/v1/inventory/inventory.proto"; 11 import "google/protobuf/any.proto"; 12 13 message Bundle { 14 string owner_mrn = 1; 15 repeated QueryPack packs = 2; 16 repeated Mquery queries = 3; 17 repeated Property props = 4; 18 } 19 20 message QueryGroup { 21 repeated Mquery queries = 3; 22 23 // filter for the assets this applies to 24 Filters filters = 20; 25 26 // metadata 27 string title = 24; 28 29 int64 created = 32; 30 int64 modified = 33; 31 } 32 33 message DeprecatedV7_Bundle { 34 string owner_mrn = 1; 35 repeated DeprecatedV7_QueryPack packs = 2; 36 } 37 38 message DeprecatedV7_QueryPack { 39 // user-defined UID, which is used to generate the MRN 40 string uid = 36; 41 // MRN to universally identify this query. 42 // UIDs are local to QueryPacks, MRNs are global 43 string mrn = 1; 44 45 string name = 2; 46 string version = 3; 47 string owner_mrn = 4; // auto-generated 48 49 repeated Mquery queries = 6; 50 map<string,Mquery> asset_filters = 7; // key == checksum, internal 51 repeated string filters = 43; // user-defined 52 string context = 8; 53 54 reserved 20; 55 string license = 21; 56 QueryPackDocs docs = 22; 57 58 repeated Author authors = 30; 59 int64 created = 32; 60 int64 modified = 33; 61 map<string,string> tags = 34; 62 63 string local_content_checksum = 23; 64 string local_execution_checksum = 24; 65 } 66 67 message QueryPack { 68 reserved 20; 69 70 // FIXME: DEPRECATED, remove in v9.0 vv and reserve number 71 // This is replaced by the field "filters" 72 map<string,Mquery> asset_filters = 7; // key == checksum 73 // ^^ 74 75 // FIXME: DEPRECATED, remove in v9.0 vv and reserve number 76 // This is replaced by the field "filters" 77 repeated string deprecated_filters = 43; 78 // ^^ 79 80 // user-defined UID, which is used to generate the MRN 81 string uid = 36; 82 // user-defined, only used during query ingest in case they have no context 83 string context = 8; 84 85 // MRN to universally identify this query. 86 // UIDs are local to QueryPacks, MRNs are global 87 string mrn = 1; 88 89 string name = 2; 90 string version = 3; 91 string owner_mrn = 4; // auto-generated 92 93 repeated Mquery queries = 6; 94 repeated QueryGroup groups = 11; 95 96 repeated Property props = 35; 97 Filters computed_filters = 47; // auto-generated 98 Filters filters = 48; 99 100 string license = 21; 101 QueryPackDocs docs = 22; 102 string summary = 46; 103 104 repeated Author authors = 30; 105 int64 created = 32; 106 int64 modified = 33; 107 map<string,string> tags = 34; 108 109 // internal fields 110 string local_content_checksum = 23; 111 string local_execution_checksum = 24; 112 } 113 114 message ObjectRef { 115 string mrn = 1; 116 string uid = 2; 117 } 118 119 // User-defined and internal filters. Users may use: 120 // 1. filters: asset.name == /sth/ 121 // 2. filters: 122 // - mql: asset.name == /sth/ 123 // 124 // Internally we use: 125 // 3. filters: 126 // items: 127 // <checksum>: { ..mquery.. } 128 message Filters { 129 map<string,Mquery> items = 1; 130 } 131 132 message QueryPacks { 133 repeated QueryPack items = 1; 134 } 135 136 message Docs { 137 string desc = 1; 138 repeated MqueryRef refs = 2; 139 } 140 141 // Properties allow users to configure queries and bundles in pre-defined ways. 142 // They return one value only, have a type, and may specify which query they 143 // target, while used in querypacks (or other groupings like policies). 144 // They may contain additional metadata to provide more information. 145 // 146 // Note: At the time of writing properties do not pull from other properties. 147 // They may do that later. 148 message Property { 149 string mql = 1; 150 string code_id = 2; 151 string checksum = 3; 152 string mrn = 4; 153 // UID is only needed on Mquery upload, when the MRN is computed. 154 // It is not be persisted. 155 string uid = 5; 156 string type = 6; 157 string context = 7; 158 repeated ObjectRef for = 8; 159 string title = 20; 160 string desc = 35; 161 } 162 163 enum Action { 164 UNSPECIFIED = 0; 165 MODIFY = 1; 166 DEACTIVATE = 2; 167 ACTIVATE = 3; 168 IGNORE = 4; 169 } 170 171 // Mquery represents the MQL and metadata that form a query 172 message Mquery { 173 // FIXME: DEPRECATED, remove in v9.0 vv 174 // This is replaced by the field "mql" 175 string query = 40; 176 // This is moved into docs.refs 177 repeated MqueryRef refs = 22; 178 // ^^ 179 180 string mql = 1; 181 string code_id = 2; 182 string checksum = 3; 183 string mrn = 4; 184 // UID is only needed on Mquery upload, when the MRN is computed. 185 // It is not be persisted. 186 string uid = 5; 187 string type = 6; 188 string context = 7; 189 string title = 20; 190 MqueryDocs docs = 21; 191 // Desc is only used if docs.desc is not defined. It is not persisted. 192 string desc = 35; 193 Impact impact = 23; 194 map<string,string> tags = 34; 195 Filters filters = 37; 196 repeated Property props = 38; 197 repeated ObjectRef variants = 39; 198 // Action is used for all query overrides (eg: in packs, policies, APIs etc) 199 Action action = 41; 200 } 201 202 enum ScoringSystem { 203 SCORING_UNSPECIFIED = 0; 204 WEIGHTED = 1; 205 WORST = 2; 206 AVERAGE = 3; 207 DATA_ONLY = 4; 208 IGNORE_SCORE = 5; 209 } 210 211 // Impact explains how important certain queries are. They are especially useful 212 // in weighted testing where results need to be prioritized. They can also 213 // serve as a priority list for data that is collected. 214 message Impact { 215 // Value is between 0 to 100 (most impactful). 216 ImpactValue value = 1; 217 // The scoring system to apply for evaluating multiple results 218 ScoringSystem scoring = 2; 219 // The weight of this query. Has to be > 0, otherwise counts as unset. 220 int32 weight = 3; 221 // Action is copied into the impact to correctly reconstruct the v7 ScoringSpec 222 Action action = 4; 223 } 224 225 message QueryPackDocs { 226 string desc = 1; 227 } 228 229 message MqueryDocs { 230 reserved 3; 231 232 string desc = 1; 233 string audit = 2; 234 repeated MqueryRef refs = 4; 235 Remediation remediation = 5; 236 } 237 238 message Remediation { 239 repeated TypedDoc items = 1; 240 } 241 242 message TypedDoc { 243 string id = 1; 244 string desc = 2; 245 } 246 247 message Author { 248 string name = 1; 249 string email = 2; 250 } 251 252 message MqueryRef { 253 string title = 1; 254 string url = 2; 255 } 256 257 // ********** Resolution / Execution ************** 258 259 /* 260 The list of queries that an asset needs to execute 261 May be identical amongst multiple packs 262 */ 263 message ExecutionJob { 264 string checksum = 1; 265 // map of all queries that should be executed, checksum => query 266 map<string,ExecutionQuery> queries = 2; 267 // map of all datapoints to their info 268 map<string,DataQueryInfo> datapoints = 3; 269 } 270 271 message DataQueryInfo { 272 string type = 1; 273 repeated string notify = 2; 274 } 275 276 /* 277 A query which is part of an ExecutionJob 278 Reduced to the bare minimum for the execution 279 */ 280 message ExecutionQuery { 281 string query = 1; 282 string checksum = 2; 283 // mapping from name => checksum, which is in the execution job 284 map<string,string> properties = 3; 285 // list of checksums that we collect as data points 286 repeated string datapoints = 4; 287 cnquery.llx.CodeBundle code = 5; 288 } 289 290 // ********** Query Hub ************** 291 292 service QueryHub { 293 rpc SetBundle(Bundle) returns (Empty) {} 294 rpc DeleteQueryPack(Mrn) returns (Empty) {} 295 rpc ValidateBundle(Bundle) returns (Empty) {} 296 rpc GetBundle(Mrn) returns (Bundle) {} 297 rpc GetQueryPack(Mrn) returns (QueryPack) {} 298 rpc GetFilters(Mrn) returns (Mqueries) {} 299 rpc List(ListReq) returns (QueryPacks) {} 300 rpc DefaultPacks(DefaultPacksReq) returns (URLs) {} 301 } 302 303 message Empty {} 304 305 // MRNs are used to uniquely identify resources. They are globally unique. 306 message Mrn { 307 string mrn = 1; 308 } 309 310 message Mqueries { 311 repeated Mquery items = 1; 312 } 313 314 message ListReq { 315 string owner_mrn = 1; 316 string name = 2; 317 } 318 319 message DefaultPacksReq { 320 string kind = 1; 321 string platform = 2; 322 string runtime = 3; 323 string version = 4; 324 repeated string family = 5; 325 } 326 327 message URLs { 328 repeated string urls = 1; 329 } 330 331 // ********** Query Conductor ************** 332 333 service QueryConductor { 334 rpc Assign(Assignment) returns (Empty) {} 335 rpc Unassign(Assignment) returns (Empty) {} 336 rpc SetProps(PropsReq) returns (Empty) {} 337 rpc Resolve(ResolveReq) returns (ResolvedPack) {} 338 rpc StoreResults(StoreResultsReq) returns (Empty) {} 339 rpc GetReport(EntityDataRequest) returns (Report) {} 340 341 rpc SynchronizeAssets(SynchronizeAssetsReq) returns (SynchronizeAssetsResp) {} 342 } 343 344 // Assign a number of packs to an asset. All of these are identified by MRN. 345 // Generally query packs are assigned (via MRN). 346 message Assignment { 347 string asset_mrn = 1; 348 repeated string pack_mrns = 2; 349 } 350 351 // PropsReq is used to set, change, or remove properties. 352 message PropsReq { 353 string entity_mrn = 1; 354 repeated Property props = 2; 355 } 356 357 // Resolve a given entity via its MRN. Typically used to resolve assets. 358 // Can also be used to resolve query packs. 359 message ResolveReq { 360 string entity_mrn = 1; 361 repeated Mquery asset_filters = 2; 362 } 363 364 // ResolvedPack is returned from a resolve request. It includes the execution job 365 // with all things that need to be run. 366 message ResolvedPack { 367 ExecutionJob execution_job = 2; 368 repeated Mquery filters = 4; 369 string graph_execution_checksum = 7; 370 string filters_checksum = 20; 371 } 372 373 // Update asset jobs forces all jobs for a given asset to get refreshed. 374 message UpdateAssetJobsReq { 375 string asset_mrn = 1; 376 repeated Mquery asset_filters = 2; 377 } 378 379 // Store results for a given asset 380 message StoreResultsReq { 381 string asset_mrn = 1; 382 map<string, cnquery.llx.Result> data = 3; 383 } 384 385 // Retrieve data for a given set of entities which was previously stored 386 message EntityDataRequest { 387 string entity_mrn = 1; 388 string data_mrn = 2; 389 } 390 391 // The report of all the things collected for an entity (typically asset). 392 // The provided pack is used as the root to decide what data fields will be returned. 393 message Report { 394 string pack_mrn = 1; 395 string entity_mrn = 2; 396 map<string, cnquery.llx.Result> data = 5; 397 398 int64 created = 20; 399 int64 modified = 21; 400 401 string resolved_version = 33; 402 } 403 404 // Asset is a lean layer of information about an asset 405 message Asset { 406 string mrn = 1; 407 string name = 18; 408 } 409 410 message ReportCollection { 411 map<string, Asset> assets = 1; 412 Bundle bundle = 2; 413 map<string, Report> reports = 3; 414 map<string, ErrorStatus> errors = 4; 415 map<string, ResolvedPack> resolved = 5; 416 } 417 418 message ErrorStatus { 419 // The status code. 420 int32 code = 1; 421 // A user-facing error message, which should be in English. 422 string message = 2; 423 // A list of messages that carry the error details. 424 repeated google.protobuf.Any details = 3; 425 } 426 427 message AssignmentDelta { 428 string mrn = 1; 429 enum Action { 430 UNKNOWN = 0; 431 ADD = 1; 432 DELETE = 2; 433 } 434 Action action = 2; 435 } 436 437 message BundleMutationDelta { 438 string owner_mrn = 1; 439 map<string,AssignmentDelta> deltas = 2; 440 } 441 442 message SynchronizeAssetsReq { 443 string space_mrn = 1; 444 repeated cnquery.providers.v1.Asset list = 2; 445 } 446 447 message SynchronizeAssetsRespAssetDetail { 448 string platform_mrn = 1; 449 string asset_mrn = 2; 450 string url = 3; 451 } 452 453 message SynchronizeAssetsResp { 454 map<string, SynchronizeAssetsRespAssetDetail> details = 1; 455 } 456 457 message ImpactValue { 458 int32 value = 1; 459 }