Closed
Bug 1141910
Opened 9 years ago
Closed 9 years ago
[mig client] Add option for target agents from results of previous action
Categories
(Enterprise Information Security Graveyard :: MIG, task)
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: jvehent, Assigned: jvehent)
References
Details
Add options that automatically implements http://mig.mozilla.org/doc/cheatsheet.rst.html#target-agents-that-found-results-in-a-previous-action mig file -t "id IN ( \ SELECT agentid FROM commands, json_array_elements(commands.results) AS r \ WHERE commands.actionid = 12345 AND r#>>'{foundanything}' = 'true')" \ -path /etc/passwd -content "^spongebob" For example: * --target-foundanything <actionid> would limit the targets to agents that returned positive results in <actionid> * --target-foundnothing <actionid> would do the opposite and target agents that did not return positive results in <actionid> This option should concatenate with the regular -t option such that an investigator could set both and filter the results even further.
|
Assignee | |
Comment 1•9 years ago
|
||
Implementation should take the form of two new options in the command line client at https://github.com/mozilla/mig/blob/master/src/mig/client/cmd/main.go#L75
Group: mozilla-employee-confidential
Component: Operations Security (OpSec): MIG → MIG
Product: mozilla.org → Enterprise Information Security
Version: other → unspecified
|
|
Assignee | |
Updated•9 years ago
|
Group: mozilla-employee-confidential
|
|
Assignee | |
Comment 2•9 years ago
|
||
Migrated to github issues: https://github.com/mozilla/mig/issues
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
|
||
Updated•4 years ago
|
Product: Enterprise Information Security → Enterprise Information Security Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•