diff --git a/.github/actions/spelling/expect.txt b/.github/actions/spelling/expect.txt index 7cb50e5..dc9c061 100644 --- a/.github/actions/spelling/expect.txt +++ b/.github/actions/spelling/expect.txt @@ -1,5 +1,6 @@ akic baf +bru cgrp chronos Ckxomxaar diff --git a/README.md b/README.md index 21e7c16..ba97b6c 100644 --- a/README.md +++ b/README.md @@ -13,6 +13,7 @@ Welcome to our comprehensive security scanning repository! In our ongoing effort - [Scanning an AWS EC2 Instance with cnspec using EC2 Instance Connect](#scanning-an-aws-ec2-instance-with-cnspec-using-ec2-instance-connect) - [GitHub](#github) - [Performing CIS GitHub Supply Chain Benchmark with cnspec](#performing-cis-github-supply-chain-benchmark-with-cnspec) +- [GraphQL API Examples](#graphql-api-examples) - [Hack Lab](#hack-lab) - [Demonstrating Container Escape in Kubernetes](#demonstrating-container-escape-in-kubernetes) - [Playing with AWS EC2 Instances](#playing-with-aws-ec2-instances) @@ -72,6 +73,10 @@ This guide provides an example on how to execute the CIS (Center for Internet Se - [Instructions](./github/cis-supply-chain/) +## GraphQL API Examples + +The [examples](./graphql-api) demonstrate how to query and interact with Mondoo Platform using GraphQL. + ## Hack Lab The Hack Lab is a collection of vulnerable systems that can be used to learn and practice security concepts. The Hack Lab is a great way to get started with security scanning and learn how to use `cnspec` and `cnquery` to identify and resolve security issues. diff --git a/graphql-api/.gitignore b/graphql-api/.gitignore new file mode 100644 index 0000000..2eea525 --- /dev/null +++ b/graphql-api/.gitignore @@ -0,0 +1 @@ +.env \ No newline at end of file diff --git a/graphql-api/README.md b/graphql-api/README.md new file mode 100644 index 0000000..2b912e8 --- /dev/null +++ b/graphql-api/README.md @@ -0,0 +1,35 @@ +# Mondoo GraphQL API Samples + +This repository contains sample queries for the Mondoo GraphQL API. The queries are written in GraphQL and can be executed using the [Bruno](https://docs.usebruno.com/). + +## Getting Started + +- Clone this repository +- Install Bruno +- Setup .env file with your Mondoo API key + + +## API Key + +To get started with the Mondoo API, you need to create an API key. You can create an API key in the Mondoo console. Then create a `.env` file in the root of the repository with the following content: + +``` +MONDOO_API_TOKEN=your-api-key +MONDOO_ENDPOINT=us.api.mondoo.com +SPACE_MRN=//captain.api.mondoo.app/spaces/mystifying-jennings-299629 +ORG_MRN=//captain.api.mondoo.app/organizations/lunalectric +``` + +> NOTE: While not technically required, it is recommended to use a organization API token with editor permissions to sure all samples work. + +## CLI + +Follow the installation instructions[https://docs.usebruno.com/bru-cli/overview]. + +``` +bru run search/search.bru --env Mondoo +``` + +## APP + +Follow the installation instructions[https://www.usebruno.com/downloads]. Then you open the collection and run the queries. \ No newline at end of file diff --git a/graphql-api/asset_inventory/list_assets_in_space.bru b/graphql-api/asset_inventory/list_assets_in_space.bru new file mode 100644 index 0000000..7ecc571 --- /dev/null +++ b/graphql-api/asset_inventory/list_assets_in_space.bru @@ -0,0 +1,40 @@ +meta { + name: list_assets_in_space + type: graphql + seq: 1 +} + +post { + url: https://{{endpoint}}/query + body: graphql + auth: bearer +} + +auth:bearer { + token: {{MONDOO_API_TOKEN}} +} + +body:graphql { + query Assets { + assets(spaceMrn: "{{spaceMrn}}") { + totalCount + edges { + cursor + node { + id + mrn + state + name + updatedAt + referenceIDs + asset_type + score { + grade + value + } + } + } + } + } + +} diff --git a/graphql-api/bruno.json b/graphql-api/bruno.json new file mode 100644 index 0000000..929d822 --- /dev/null +++ b/graphql-api/bruno.json @@ -0,0 +1,9 @@ +{ + "version": "1", + "name": "Mondoo GraphQL API Requests", + "type": "collection", + "ignore": [ + "node_modules", + ".git" + ] +} \ No newline at end of file diff --git a/graphql-api/environments/Mondoo.bru b/graphql-api/environments/Mondoo.bru new file mode 100644 index 0000000..251f6d9 --- /dev/null +++ b/graphql-api/environments/Mondoo.bru @@ -0,0 +1,6 @@ +vars { + endpoint: {{process.env.MONDOO_ENDPOINT}} + spaceMrn: {{process.env.SPACE_MRN}} + orgMrn: {{process.env.ORG_MRN}} + MONDOO_API_TOKEN: {{process.env.MONDOO_API_TOKEN}} +} diff --git a/graphql-api/organization/list_members.bru b/graphql-api/organization/list_members.bru new file mode 100644 index 0000000..654df01 --- /dev/null +++ b/graphql-api/organization/list_members.bru @@ -0,0 +1,38 @@ +meta { + name: list_members + type: graphql + seq: 2 +} + +post { + url: https://{{endpoint}}/query + body: graphql + auth: bearer +} + +auth:bearer { + token: {{MONDOO_API_TOKEN}} +} + +body:graphql { + query LoadOrganizationMembers { + organization(mrn: "{{orgMrn}}") { + id + mrn + members { + edges { + node { + user { + email + name + } + roles { + title + } + } + } + } + } + } + +} diff --git a/graphql-api/organization/list_service_accounts.bru b/graphql-api/organization/list_service_accounts.bru new file mode 100644 index 0000000..73822ba --- /dev/null +++ b/graphql-api/organization/list_service_accounts.bru @@ -0,0 +1,86 @@ +meta { + name: list_service_accounts + type: graphql + seq: 3 +} + +post { + url: https://{{endpoint}}/query + body: graphql + auth: bearer +} + +auth:bearer { + token: {{MONDOO_API_TOKEN}} +} + +body:graphql { + # To list all service accounts, the API Token needs Editor permissions + query ServiceAccounts( + $scopeMrn: String + $first: Int + $after: String + $query: String + $queryTerms: [String!] + $orderBy: ServiceAccountOrder + ) { + serviceAccounts( + scopeMrn: $scopeMrn + first: $first + after: $after + query: $query + queryTerms: $queryTerms + orderBy: $orderBy + ) { + ...ServiceAccountFields + __typename + } + } + fragment ServiceAccountFields on ServiceAccountConnection { + totalCount + edges { + cursor + node { + id + mrn + name + description + roles { + mrn + title + __typename + } + createdAt + lastUsed + labels { + key + value + __typename + } + creator { + mrn + email + service + __typename + } + notes + __typename + } + __typename + } + pageInfo { + startCursor + endCursor + hasNextPage + __typename + } + __typename + } + +} + +body:graphql:vars { + { + "scopeMrn": "{{spaceMrn}}" + } +} diff --git a/graphql-api/organization/list_spaces.bru b/graphql-api/organization/list_spaces.bru new file mode 100644 index 0000000..212768e --- /dev/null +++ b/graphql-api/organization/list_spaces.bru @@ -0,0 +1,29 @@ +meta { + name: list_spaces + type: graphql + seq: 1 +} + +post { + url: https://{{endpoint}}/query + body: graphql + auth: bearer +} + +auth:bearer { + token: {{MONDOO_API_TOKEN}} +} + +body:graphql { + query OrganizationOverview { + organizationOverview( + input: { organizationMrn: "{{orgMrn}}" } + ) { + organizationMrn + spacesOverview { + spaceMrn + spaceName + } + } + } +} diff --git a/graphql-api/policies_querypacks/enable_policy.bru b/graphql-api/policies_querypacks/enable_policy.bru new file mode 100644 index 0000000..f2b60e8 --- /dev/null +++ b/graphql-api/policies_querypacks/enable_policy.bru @@ -0,0 +1,28 @@ +meta { + name: enable_policy + type: graphql + seq: 2 +} + +post { + url: https://{{endpoint}}/query + body: graphql + auth: bearer +} + +auth:bearer { + token: {{MONDOO_API_TOKEN}} +} + +body:graphql { + mutation { + assignPolicy( + input: { + assetMrn: "{{spaceMrn}}" + policyMrn: "//policy.api.mondoo.app/policies/mondoo-dns-security" + action: ACTIVE + } + ) + } + +} diff --git a/graphql-api/policies_querypacks/list_active_policies.bru b/graphql-api/policies_querypacks/list_active_policies.bru new file mode 100644 index 0000000..746919d --- /dev/null +++ b/graphql-api/policies_querypacks/list_active_policies.bru @@ -0,0 +1,51 @@ +meta { + name: list_active_policies + type: graphql + seq: 4 +} + +post { + url: https://{{endpoint}}/query + body: graphql + auth: bearer +} + +auth:bearer { + token: {{MONDOO_API_TOKEN}} +} + +body:graphql { + query SpaceReport($input: SpaceReportInput!) { + spaceReport(input: $input) { + ... on SpaceReport { + spaceMrn + policyReportSummaries { + totalCount + edges { + cursor + node { + policy { + mrn + name + assigned + action + version + isPublic + createdAt + updatedAt + } + } + } + } + } + } + } +} + +body:graphql:vars { + { + "input" : { + "spaceMrn" : "{{spaceMrn}}" + } + } +} diff --git a/graphql-api/policies_querypacks/list_available_policies_query_packs.bru b/graphql-api/policies_querypacks/list_available_policies_query_packs.bru new file mode 100644 index 0000000..307b8c3 --- /dev/null +++ b/graphql-api/policies_querypacks/list_available_policies_query_packs.bru @@ -0,0 +1,34 @@ +meta { + name: list_available_policies_query_packs + type: graphql + seq: 3 +} + +post { + url: https://{{endpoint}}/query + body: graphql + auth: bearer +} + +auth:bearer { + token: {{MONDOO_API_TOKEN}} +} + +body:graphql { + { + content( + input: { scopeMrn: "{{spaceMrn}}", catalogType: ALL, assignedOnly: true } + ) { + totalCount + edges { + node { + __typename + ... on Policy { + name + } + } + } + } + } + +} diff --git a/graphql-api/policies_querypacks/unassign_policy.bru b/graphql-api/policies_querypacks/unassign_policy.bru new file mode 100644 index 0000000..665f04c --- /dev/null +++ b/graphql-api/policies_querypacks/unassign_policy.bru @@ -0,0 +1,25 @@ +meta { + name: unassign_policy + type: graphql + seq: 1 +} + +post { + url: https://{{endpoint}}/query + body: graphql + auth: bearer +} + +auth:bearer { + token: {{MONDOO_API_TOKEN}} +} + +body:graphql { + mutation { + unassignPolicy(input: { + assetMrn: "{{spaceMrn}}" + policyMrn: "//policy.api.mondoo.app/policies/github-benchmark-level-1" + action: ACTIVE + }) + } +} diff --git a/graphql-api/search/search_space.bru b/graphql-api/search/search_space.bru new file mode 100644 index 0000000..83cf27a --- /dev/null +++ b/graphql-api/search/search_space.bru @@ -0,0 +1,73 @@ +meta { + name: search_space + type: graphql + seq: 1 +} + +post { + url: https://{{endpoint}}/query + body: graphql + auth: bearer +} + +auth:bearer { + token: {{MONDOO_API_TOKEN}} +} + +body:graphql { + query SearchAggregateScore($scopeMrn:String!, $query:String!) { + search(query: $query, scope:$scopeMrn, type:AGGREGATE_SCORE) { + edges { + node { + ... on AggregateScore { + id + title + description + tags { + key + value + } + scoreType + findingMrn + entity { + __typename + ... on EntityInfoAsset{ + mrn + name + } + ... on EntityInfoSpace { + mrn + name + } + } + rank + riskScore + epss { + probability + percentile + } + blastRadius { + indicator + } + riskFactors { + indicator + title + mrn + } + } + } + } + } + } + + + + +} + +body:graphql:vars { + { + "scopeMrn": "{{orgMrn}}", + "query" : "ebs" + } +}