Code Notebooks


rssd-init	Boostrap SQL		Documentation
ConstructionSqlNotebook	v001_once_initialDDL		SQLite SQL Statements
ConstructionSqlNotebook	session_ephemeral_table		SQLite SQL Statements
ConstructionSqlNotebook	surveilr_table_size		SQLite SQL Statements
ConstructionSqlNotebook	v001_seedDML		SQLite SQL Statements
rssd-init	understand notebooks schema		Generative AI Large Language Model Prompt
rssd-init	understand service schema		Generative AI Large Language Model Prompt
rssd-init	surveilr-code-notebooks-erd.auto.puml		Text Asset (.puml)
rssd-init	surveilr-service-erd.auto.puml		Text Asset (.puml)
rssd-init	models_polygenix.rs		Text Asset (.rs)
osQuery Management Server (Prime)	System Information	System information for identification.	SQLite SQL Statements
osQuery Management Server (Prime)	osquery-ms Boundary (Linux and Macos)	Get the boundary for a node.	SQLite SQL Statements
osQuery Management Server (Prime)	osquery-ms Boundary (Windows)	Get the boundary for a node.	SQLite SQL Statements
osQuery Management Server (Prime)	OS Version (Linux and Macos)	A single row containing the operating system name and version.	SQLite SQL Statements
osQuery Management Server (Prime)	OS Version (Windows)	A single row containing the operating system name and version.	SQLite SQL Statements
osQuery Management Server (Prime)	Users	Local user accounts (including domain accounts that have logged on locally (Windows)).	SQLite SQL Statements
osQuery Management Server (Prime)	Network Interfaces (Windows)	Retrieves information about network interfaces on devices running windows.	SQLite SQL Statements
osQuery Management Server (Prime)	Network Interfaces (Linux and Macos)	Retrieves information about network interfaces on macOS and Linux devices.	SQLite SQL Statements
osQuery Management Server (Prime)	Listening Ports	Processes with listening (bound) network sockets/ports.	SQLite SQL Statements
osQuery Management Server (Prime)	Server Uptime	Track time passed since last boot. Some systems track this as calendar time, some as runtime.	SQLite SQL Statements
osQuery Management Server (Prime)	Available Disk Space (Windows)	Retrieves total amount of free disk space on a Windows host.	SQLite SQL Statements
osQuery Management Server (Prime)	Available Disk Space (Linux and Macos)	Retrieves total amount of free disk space on a host.	SQLite SQL Statements
osQuery Management Server (Prime)	Installed Linux software	Get all software installed on a Linux computer, including browser plugins and installed packages. Note that this does not include other running processes in the processes table.	SQLite SQL Statements
osQuery Management Server (Prime)	Installed Windows software	Get all software installed on a Windows computer, including browser plugins and installed packages. Note that this does not include other running processes in the processes table.	SQLite SQL Statements
osQuery Management Server (Prime)	Installed Macos software	Get all software installed on a Macos computer, including browser plugins and installed packages. Note that this does not include other running processes in the processes table.	SQLite SQL Statements
osQuery Management Server (Policy)	SSH keys encrypted	Policy passes if all keys are encrypted, including if no keys are present.	SQLite SQL Statements
osQuery Management Server (Policy)	Full disk encryption enabled (Linux)	Checks if the root drive is encrypted.	SQLite SQL Statements
osQuery Management Server (Policy)	Full disk encryption enabled (Windows)	Checks if the root drive is encrypted.	SQLite SQL Statements
osQuery Management Server (Policy)	Full disk encryption enabled (Macos)	Checks if the root drive is encrypted.	SQLite SQL Statements
osQuery Management Server Default Filters (Prime)	osQuery Result Filters	Default filters for post-processing the results from osQuery.	SQLite SQL Statements
osQuery Management Server (Prime)	List Containers	List Containers.	SQLite SQL Statements
osQuery Management Server (Prime)	List Container Images	List Container Images.	SQLite SQL Statements
osQuery Management Server (Prime)	Container Network Information	Container Network Information.	SQLite SQL Statements
osQuery Management Server (Prime)	List Container Volumes	List Container Volumes.	SQLite SQL Statements
osQuery Management Server (Prime)	Container Daemon Info	Container Daemon Info.	SQLite SQL Statements
osQuery Management Server (Prime)	Docker host Info	Docker host Info.	SQLite SQL Statements
osQuery Management Server (Prime)	Docker Image	Docker Image.	SQLite SQL Statements
osQuery Management Server (Prime)	Docker Network	Docker Network.	SQLite SQL Statements
osQuery Management Server (Prime)	Docker Version Information	Docker version information.	SQLite SQL Statements
osQuery Management Server (Prime)	Docker Container Ports	Docker Container Ports.	SQLite SQL Statements
osQuery Management Server (Prime)	Osquery Mfa Enabled	Osquery Mfa Enabled.	SQLite SQL Statements
osQuery Management Server (Prime)	Osquery Deny Root Login	Osquery Deny Root Login.	SQLite SQL Statements
osQuery Management Server (Prime)	Osquery Removed User Accounts	Osquery Removed User Accounts.	SQLite SQL Statements
osQuery Management Server (Prime)	Osquery Encrypted Passwords	Osquery Encrypted Passwords.	SQLite SQL Statements
osQuery Management Server (Prime)	Osquery Antivirus Status	Osquery Antivirus Status.	SQLite SQL Statements
osQuery Management Server (Prime)	Asymmetric Cryptography	Asymmetric Cryptography.	SQLite SQL Statements
osQuery Management Server (Prime)	Password Expiry Configurations	Password expiry configuration from /etc/shadow	SQLite SQL Statements
osQuery Management Server (Prime)	Authentication Related Processes	Authentication-related processes (e.g., sshd, pam, login)	SQLite SQL Statements
osQuery Management Server (Prime)	Account Lockout Configurations	Account lockout configuration files (e.g., pam_tally, faillock, pam_faillock) in /etc/pam.d/	SQLite SQL Statements
osQuery Management Server (Prime)	Audit Logging Configurations	Audit logging configurations — checks for active syslog processes like syslog, rsyslog, and syslog-ng	SQLite SQL Statements
osQuery Management Server (Prime)	Osquery MySQL Process Inventory	Inventory: List MySQL database processes	SQLite SQL Statements
osQuery Management Server (Prime)	Osquery PostgreSQL Process Inventory	Inventory: List PostgreSQL database processes	SQLite SQL Statements
osQuery Management Server (Prime)	Osquery Cron Job Inventory	Inventory: List all cron jobs (Scheduled Tools and Tasks)	SQLite SQL Statements
osQuery Management Server (Prime)	Osquery Listening Ports Inventory	Network Inventory: List all listening ports (in-scope services)	SQLite SQL Statements
osQuery Management Server (Prime)	Osquery Interface Addresses Inventory	Network Inventory: List of interface addresses	SQLite SQL Statements
osQuery Management Server (Prime)	Osquery Interface Details Inventory	Network Inventory: Detailed interface configuration	SQLite SQL Statements
osQuery Management Server (Prime)	Osquery SystemInfo	Osquery SystemInfo	SQLite SQL Statements
osQuery Management Server (Prime)	Osquery Listening Ports 443	List services listening on port 443 (HTTPS)	SQLite SQL Statements
osQuery Management Server (Prime)	Osquery VPN Listening Ports	Check if common VPN service ports (443, 1194, 500, 4500) are listening	SQLite SQL Statements
osQuery Management Server (Prime)	Monitor VPN Processes	Monitor VPN-related processes (e.g., OpenVPN)	SQLite SQL Statements
osQuery Management Server (Prime)	Monitor SSHD Processes	Monitor network-related processes like SSH daemon (sshd)	SQLite SQL Statements
osQuery Management Server (Prime)	FTPS/SFTP Listening Ports	Check if FTPS (port 990) or SFTP (port 22) are listening	SQLite SQL Statements
osQuery Management Server (Prime)	Running FTP/SFTP Processes	List running FTP/SFTP related processes (vsftpd, proftpd, sshd)	SQLite SQL Statements
osQuery Management Server (Prime)	List Iptables Rules	List current iptables firewall rules	SQLite SQL Statements
osQuery Management Server (Prime)	Osquery Authentication Log	Osquery Authentication Log	SQLite SQL Statements
osQuery Management Server (Prime)	Osquery IDS Fail2ban Log	Osquery IDS Fail2ban Log	SQLite SQL Statements
osQuery Management Server (Prime)	Osquery IDS PSAD Log	Osquery IDS PSAD Log	SQLite SQL Statements
osQuery Management Server (Prime)	Osquery SSL Cert Files	Check for existence of SSL certificate and private key files	SQLite SQL Statements
osQuery Management Server (Prime)	Osquery SSL Cert File MTIME	Monitor SSL cert and key file modification times	SQLite SQL Statements
osQuery Management Server (Prime)	Osquery Cron Backup Jobs	Check for cron jobs related to backup tasks	SQLite SQL Statements
osQuery Management Server (Prime)	Osquery User List by IT Layer	User-Process Mapping: Get process info with associated user for OS, DB, App, and network services	SQLite SQL Statements
osQuery Management Server (Prime)	Osquery Admin Network Services Processes	Admin Processes: List processes for network services run by superusers	SQLite SQL Statements
osQuery Management Server (Prime)	Osquery Admin Application Processes	Admin Processes: Identify apps run by administrator-level users	SQLite SQL Statements
osQuery Management Server (Prime)	Osquery Application Access Rights	Security Groups: Application-level access by admin or elevated users	SQLite SQL Statements
osQuery Management Server (Prime)	Osquery OS Admin Users	Security Groups: List admin users for operating system layer	SQLite SQL Statements
osQuery Management Server (Prime)	Osquery All Container Processes	Osquery All Container Processes	SQLite SQL Statements
osQuery Management Server (Prime)	Basic Antivirus Process Check	Check for common running antivirus processes (ClamAV, Sophos, chkrootkit)	SQLite SQL Statements
osQuery Management Server (Prime)	Extended Antivirus Process Check	Extended check for antivirus processes (ClamAV, Sophos, Avast, McAfee, Windows Defender)	SQLite SQL Statements
osQuery Management Server (Prime)	Confidential Asset Service Check	Identify running services (databases/web servers) that may handle confidential data	SQLite SQL Statements
Web UI	auto_generate_console_content_tabular_sqlpage_files	A series of idempotent INSERT statements which will auto-generate "default" content for all tables and views	SQLite SQL Statements