If you think a bug might affect users in the 57 release, please set the correct tracking and status flags for Release Management.

[mig client] Add option for target agents from results of previous action

RESOLVED FIXED

Status

Enterprise Information Security
MIG
RESOLVED FIXED
3 years ago
2 years ago

People

(Reporter: ulfr, Assigned: ulfr)

Tracking

Details

(Assignee)

Description

3 years ago
Add options that automatically implements http://mig.mozilla.org/doc/cheatsheet.rst.html#target-agents-that-found-results-in-a-previous-action

mig file -t "id IN ( \
    SELECT agentid FROM commands, json_array_elements(commands.results) AS r \
    WHERE commands.actionid = 12345 AND r#>>'{foundanything}' = 'true')" \
-path /etc/passwd -content "^spongebob"

For example:
* --target-foundanything <actionid> would limit the targets to agents that returned positive results in <actionid>
* --target-foundnothing <actionid> would do the opposite and target agents that did not return positive results in <actionid>

This option should concatenate with the regular -t option such that an investigator could set both and filter the results even further.
(Assignee)

Comment 1

3 years ago
Implementation should take the form of two new options in the command line client at https://github.com/mozilla/mig/blob/master/src/mig/client/cmd/main.go#L75
(Assignee)

Updated

3 years ago
Blocks: 1149503
Group: mozilla-employee-confidential
Component: Operations Security (OpSec): MIG → MIG
Product: mozilla.org → Enterprise Information Security
Version: other → unspecified
(Assignee)

Updated

2 years ago
Group: mozilla-employee-confidential
(Assignee)

Comment 2

2 years ago
Migrated to github issues: https://github.com/mozilla/mig/issues
Status: NEW → RESOLVED
Last Resolved: 2 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.