ur_ingest_session (table) Content
| 01JZ5HZKG7999HV0YET3T8NMCZ | 01JZ5HZKG50TWD2XC71SJ0H00M | { "lines": [ "# Steampipe", "{ \"SteampipeListAllawsS3Buckets\": \"steampipe query \\\"select * from aws_s3_bucket\\\" --output json\", \"nature\": \"json\" }", "", "# Steampipe", "{ \"SteampipeListDoFirewalls\": \"steampipe query \\\"SELECT status, count(d.*) as Firewalls from demoocean_firewall as d group by status\\\" --output json\", \"nature\": \"json\" }", "{ \"SteampipeListDoFirewallInboundRules\": steampipe query \\\"SELECT ru.id, ru.title, ru.category, ru.from_id, ru.to_id FROM ( with rules as ( select urn, title, id, i ->> 'protocol' as protocol_number, cidr as cidr_block, i ->> 'ports' as ports, case when i ->> 'protocol' = 'icmp' and i ->> 'ports' = '0' then 'All ICMP' when i ->> 'protocol' = 'tcp' and i ->> 'ports' = '0' then 'All TCP' when i ->> 'protocol' = 'udp' and i ->> 'ports' = '0' then 'All UDP' when i ->> 'protocol' = 'tcp' and i ->> 'ports' <> '0' then concat(i ->> 'ports', '/TCP') when i ->> 'protocol' = 'udp' and i ->> 'ports' <> '0' then concat(i ->> 'ports', '/UDP') else concat('Procotol: ', i ->> 'protocol') end as rule_description from demoocean_firewall, jsonb_array_elements(inbound_rules) as i, jsonb_array_elements_text(i -> 'sources' -> 'addresses') as cidr union select urn, title, id, i ->> 'protocol' as protocol_number, cidr as cidr_block, i ->> 'ports' as ports, case when i ->> 'protocol' = 'icmp' and i ->> 'ports' = '0' then 'All ICMP' when i ->> 'protocol' = 'tcp' and i ->> 'ports' = '0' then 'All TCP' when i ->> 'protocol' = 'udp' and i ->> 'ports' = '0' then 'All UDP' when i ->> 'protocol' = 'tcp' and i ->> 'ports' <> '0' then concat(i ->> 'ports', '/TCP') when i ->> 'protocol' = 'udp' and i ->> 'ports' <> '0' then concat(i ->> 'ports', '/UDP') else concat('Procotol: ', i ->> 'protocol') end as rule_description from demoocean_firewall, jsonb_array_elements(inbound_rules) as i, jsonb_array_elements_text(i -> 'sources' -> 'droplet_ids') as cidr union select urn, title, id, i ->> 'protocol' as protocol_number, cidr as cidr_block, i ->> 'ports' as ports, case when i ->> 'protocol' = 'icmp' and i ->> 'ports' = '0' then 'All ICMP' when i ->> 'protocol' = 'tcp' and i ->> 'ports' = '0' then 'All TCP' when i ->> 'protocol' = 'udp' and i ->> 'ports' = '0' then 'All UDP' when i ->> 'protocol' = 'tcp' and i ->> 'ports' <> '0' then concat(i ->> 'ports', '/TCP') when i ->> 'protocol' = 'udp' and i ->> 'ports' <> '0' then concat(i ->> 'ports', '/UDP') else concat('Procotol: ', i ->> 'protocol') end as rule_description from demoocean_firewall, jsonb_array_elements(inbound_rules) as i, jsonb_array_elements_text(i -> 'sources' -> 'kubernetes_ids') as cidr union select urn, title, id, i ->> 'protocol' as protocol_number, cidr as cidr_block, i ->> 'ports' as ports, case when i ->> 'protocol' = 'icmp' and i ->> 'ports' = '0' then 'All ICMP' when i ->> 'protocol' = 'tcp' and i ->> 'ports' = '0' then 'All TCP' when i ->> 'protocol' = 'udp' and i ->> 'ports' = '0' then 'All UDP' when i ->> 'protocol' = 'tcp' and i ->> 'ports' <> '0' then concat(i ->> 'ports', '/TCP') when i ->> 'protocol' = 'udp' and i ->> 'ports' <> '0' then concat(i ->> 'ports', '/UDP') else concat('Procotol: ', i ->> 'protocol') end as rule_description from demoocean_firewall, jsonb_array_elements(inbound_rules) as i, jsonb_array_elements_text(i -> 'sources' -> 'load_balancer_uids') as cidr) select distinct cidr_block as id, cidr_block as title, 'cidr_block' as category, null as from_id, null as to_id from rules union select concat(title, '_', rule_description) as id, rule_description as title, 'rule' as category, null as from_id, null as to_id from rules union select distinct title as id, title as title, 'inbound' as category, null as from_id, null as to_id from rules union select null as id, null as title, protocol_number as category, cidr_block as from_id, concat(title, '_', rule_description) as to_id from rules union select null as id, null as title, protocol_number as category, concat(title, '_', rule_description) as from_id, title as to_id from rules ) ru\\\" --output json\", \"nature\": \"json\" }", "{ \"SteampipeListDoFirewallOutboundRules\":\"steampipe query \\\"SELECT ru.id, ru.title, ru.category, ru.from_id, ru.to_id FROM (with rules as ( select urn, title, id, r ->> 'protocol' as protocol_number, cidr as cidr_block, r ->> 'ports' as ports, case when r ->> 'protocol' = 'icmp' and r ->> 'ports' = '0' then 'All ICMP' when r ->> 'protocol' = 'tcp' and r ->> 'ports' = '0' then 'All TCP' when r ->> 'protocol' = 'udp' and r ->> 'ports' = '0' then 'All UDP' when r ->> 'protocol' = 'tcp' and r ->> 'ports' <> '0' then concat(r ->> 'ports', '/TCP') when r ->> 'protocol' = 'udp' and r ->> 'ports' <> '0' then concat(r ->> 'ports', '/UDP') else concat('Procotol: ', r ->> 'protocol') end as rule_description from demoocean_firewall, jsonb_array_elements(outbound_rules) as r, jsonb_array_elements_text(r -> 'destinations' -> 'addresses') as cidr union select urn, title, id, r ->> 'protocol' as protocol_number, cidr as cidr_block, r ->> 'ports' as ports, case when r ->> 'protocol' = 'icmp' and r ->> 'ports' = '0' then 'All ICMP' when r ->> 'protocol' = 'tcp' and r ->> 'ports' = '0' then 'All TCP' when r ->> 'protocol' = 'udp' and r ->> 'ports' = '0' then 'All UDP' when r ->> 'protocol' = 'tcp' and r ->> 'ports' <> '0' then concat(r ->> 'ports', '/TCP') when r ->> 'protocol' = 'udp' and r ->> 'ports' <> '0' then concat(r ->> 'ports', '/UDP') else concat('Procotol: ', r ->> 'protocol') end as rule_description from demoocean_firewall, jsonb_array_elements(outbound_rules) as r, jsonb_array_elements_text(r -> 'destinations' -> 'droplet_ids') as cidr union select urn, title, id, r ->> 'protocol' as protocol_number, cidr as cidr_block, r ->> 'ports' as ports, case when r ->> 'protocol' = 'icmp' and r ->> 'ports' = '0' then 'All ICMP' when r ->> 'protocol' = 'tcp' and r ->> 'ports' = '0' then 'All TCP' when r ->> 'protocol' = 'udp' and r ->> 'ports' = '0' then 'All UDP' when r ->> 'protocol' = 'tcp' and r ->> 'ports' <> '0' then concat(r ->> 'ports', '/TCP') when r ->> 'protocol' = 'udp' and r ->> 'ports' <> '0' then concat(r ->> 'ports', '/UDP') else concat('Procotol: ', r ->> 'protocol') end as rule_description from demoocean_firewall, jsonb_array_elements(outbound_rules) as r, jsonb_array_elements_text(r -> 'destinations' -> 'kubernetes_ids') as cidr union select urn, title, id, r ->> 'protocol' as protocol_number, cidr as cidr_block, r ->> 'ports' as ports, case when r ->> 'protocol' = 'icmp' and r ->> 'ports' = '0' then 'All ICMP' when r ->> 'protocol' = 'tcp' and r ->> 'ports' = '0' then 'All TCP' when r ->> 'protocol' = 'udp' and r ->> 'ports' = '0' then 'All UDP' when r ->> 'protocol' = 'tcp' and r ->> 'ports' <> '0' then concat(r ->> 'ports', '/TCP') when r ->> 'protocol' = 'udp' and r ->> 'ports' <> '0' then concat(r ->> 'ports', '/UDP') else concat('Procotol: ', r ->> 'protocol') end as rule_description from demoocean_firewall, jsonb_array_elements(outbound_rules) as r, jsonb_array_elements_text(r -> 'destinations' -> 'load_balancer_uids') as cidr) select distinct title as id, title as title, 'inbound' as category, null as from_id, null as to_id, 0 as depth from rules union select concat(title, '_', rule_description) as id, rule_description as title, 'rule' as category, null as from_id, null as to_id, 1 as depth from rules union select distinct cidr_block as id, cidr_block as title, 'cidr_block' as category, null as from_id, null as to_id, 2 as depth from rules union select null as id, null as title, protocol_number as category, concat(title, '_', rule_description) as from_id, title as to_id, null as depth from rules union select null as id, null as title, protocol_number as category, cidr_block as from_id, concat(title, '_', rule_description) as from_id, null as depth from rules) ru\\\" --output json\", \"nature\": \"json\" }", "", "##AWS Account Info", "{ \"SteampipeawsAccountInfo\": \"steampipe query \\\"select alias.value as alias, a.arn, a.organization_id, a.account_id, a.title, a.partition, a.region, a.organization_master_account_email, a.organization_master_account_id from aws_account as a cross join jsonb_array_elements(a.account_aliases) as alias(value)\\\" --output json\", \"nature\": \"json\" }", "", "## AWS Monthly Cost Info by Account", "{ \"SteampipeawsMonthlyCostByAccount\": \"steampipe query \\\"select linked_account_id, period_start, blended_cost_amount :: numeric :: money, unblended_cost_amount :: numeric :: money, amortized_cost_amount :: numeric :: money, net_unblended_cost_amount :: numeric :: money, net_amortized_cost_amount :: numeric :: money from aws_cost_by_account_monthly order by linked_account_id, period_start\\\" --output json\", \"nature\": \"json\" }", "", "##AWS EC2 Instances", "{ \"SteampipeawsEC2Instances\": \"steampipe query \\\"SELECT placement_availability_zone AS az, instance_type, instance_id, account_id, instance_state, user_data, title, image_id, architecture, cpu_options_core_count, launch_time, platform_details, root_device_name, network_interfaces, COUNT(*) FROM aws_ec2_instance GROUP BY placement_availability_zone, instance_type, instance_id, account_id, instance_state, user_data, title, image_id, architecture, cpu_options_core_count, launch_time, platform_details, root_device_name, network_interfaces\\\" --output json\", \"nature\": \"json\" }", "", "###AWS IAM User Info", "{ \"SteampipeawsIAMUserInfo\": \"steampipe query \\\"SELECT user_id,name,path,arn,create_date,mfa_enabled,password_last_used,permissions_boundary_type,partition,region,account_id FROM aws_iam_user\\\" --output json\", \"nature\": \"json\" }", "", "##AWS VPC", "{ \"SteampipeListAllAwsVPCs\": \"steampipe query \\\"SELECT vpc_id, arn, cidr_block, state, is_default, dhcp_options_id, owner_id, title, partition, region, account_id FROM aws_vpc\\\" --output json\", \"nature\": \"json\" }", "", "###AWS ALB", "{ \"SteampipeawsEC2ApplicationLoadBalancers\": \"steampipe query \\\"SELECT name, arn, type, scheme, canonical_hosted_zone_id, vpc_id, created_time, dns_name, ip_address_type, security_groups, load_balancer_attributes, title, region, account_id FROM aws_ec2_application_load_balancer\\\" --output json\", \"nature\": \"json\" }", "", "###AWS VPC Security Groups", "{ \"SteampipeawsVPCSecurityGroups\": \"steampipe query \\\"SELECT group_id, group_name, title, arn, description, vpc_id, owner_id, ip_permissions, region, account_id FROM aws_vpc_security_group\\\" --output json\", \"nature\": \"json\" }", "", "", "### ECS", "{ \"SteampipeAwsEcsClusterInfo\": \"steampipe query \\\"SELECT cluster_arn, cluster_name, active_services_count, attachments, attachments_status, status FROM aws_ecs_cluster\\\" --output json\", \"nature\": \"json\" }", "{ \"SteampipeAwsEcsServiceInfo\": \"steampipe query \\\"SELECT service_name, arn, cluster_arn, task_definition, status FROM aws_ecs_service\\\" --output json\", \"nature\": \"json\" }", "{ \"SteampipeAwsEcsTaskInfo\": \"steampipe query \\\"SELECT cluster_name, desired_status, launch_type, task_arn FROM aws_ecs_task\\\" --output json\", \"nature\": \"json\" }", "", "", "### RDS", "{ \"SteampipeAwsRdsDbClusterInfo\": \"steampipe query \\\"SELECT db_cluster_identifier, allocated_storage, kms_key_id FROM aws_rds_db_cluster WHERE kms_key_id IS NULL\\\" --output json\", \"nature\": \"json\" }", "{ \"SteampipeAwsRdsDbInstanceInfo\": \"steampipe query \\\"SELECT db_instance_identifier, class, engine, engine_version, publicly_accessible FROM aws_rds_db_instance\\\" --output json\", \"nature\": \"json\" }", "", "", "### VPC Peering", "{ \"SteampipeAwsVpcPeeringConnectionInfo\": \"steampipe query \\\"SELECT id, accepter_owner_id, accepter_region, accepter_vpc_id, expiration_time, requester_owner_id, requester_region, requester_vpc_id FROM aws_vpc_peering_connection\\\" --output json\", \"nature\": \"json\" }", "", "", "### Fargate ECS", "{ \"SteampipeAwsEksFargateProfileInfo\": \"steampipe query \\\"SELECT fargate_profile_name, fargate_profile_arn, cluster_name, created_at, status, tags FROM aws_eks_fargate_profile\\\" --output json\", \"nature\": \"json\" }", "", "", "### SQS", "{ \"SteampipeAwsSqsQueueInfo\": \"steampipe query \\\"SELECT title, delay_seconds, max_message_size, receive_wait_time_seconds, message_retention_seconds, visibility_timeout_seconds FROM aws_sqs_queue\\\" --output json\", \"nature\": \"json\" }", "", "", "### Target Group", "{ \"SteampipeAwsEc2TargetGroupInfo\": \"steampipe query \\\"SELECT target_group_name, target_type, load_balancer_arns, vpc_id FROM aws_ec2_target_group\\\" --output json\", \"nature\": \"json\" }", "", "", "### ACM Certificate", "{ \"SteampipeAwsAcmCertificateInfo\": \"steampipe query \\\"SELECT certificate_arn, domain_name, failure_reason, in_use_by, status, key_algorithm FROM aws_acm_certificate\\\" --output json\", \"nature\": \"json\" }" ], "encounterable": [ "{ \"SteampipeListAllawsS3Buckets\": \"steampipe query \\\"select * from aws_s3_bucket\\\" --output json\", \"nature\": \"json\" }", "{ \"SteampipeListDoFirewalls\": \"steampipe query \\\"SELECT status, count(d.*) as Firewalls from demoocean_firewall as d group by status\\\" --output json\", \"nature\": \"json\" }", "{ \"SteampipeListDoFirewallInboundRules\": steampipe query \\\"SELECT ru.id, ru.title, ru.category, ru.from_id, ru.to_id FROM ( with rules as ( select urn, title, id, i ->> 'protocol' as protocol_number, cidr as cidr_block, i ->> 'ports' as ports, case when i ->> 'protocol' = 'icmp' and i ->> 'ports' = '0' then 'All ICMP' when i ->> 'protocol' = 'tcp' and i ->> 'ports' = '0' then 'All TCP' when i ->> 'protocol' = 'udp' and i ->> 'ports' = '0' then 'All UDP' when i ->> 'protocol' = 'tcp' and i ->> 'ports' <> '0' then concat(i ->> 'ports', '/TCP') when i ->> 'protocol' = 'udp' and i ->> 'ports' <> '0' then concat(i ->> 'ports', '/UDP') else concat('Procotol: ', i ->> 'protocol') end as rule_description from demoocean_firewall, jsonb_array_elements(inbound_rules) as i, jsonb_array_elements_text(i -> 'sources' -> 'addresses') as cidr union select urn, title, id, i ->> 'protocol' as protocol_number, cidr as cidr_block, i ->> 'ports' as ports, case when i ->> 'protocol' = 'icmp' and i ->> 'ports' = '0' then 'All ICMP' when i ->> 'protocol' = 'tcp' and i ->> 'ports' = '0' then 'All TCP' when i ->> 'protocol' = 'udp' and i ->> 'ports' = '0' then 'All UDP' when i ->> 'protocol' = 'tcp' and i ->> 'ports' <> '0' then concat(i ->> 'ports', '/TCP') when i ->> 'protocol' = 'udp' and i ->> 'ports' <> '0' then concat(i ->> 'ports', '/UDP') else concat('Procotol: ', i ->> 'protocol') end as rule_description from demoocean_firewall, jsonb_array_elements(inbound_rules) as i, jsonb_array_elements_text(i -> 'sources' -> 'droplet_ids') as cidr union select urn, title, id, i ->> 'protocol' as protocol_number, cidr as cidr_block, i ->> 'ports' as ports, case when i ->> 'protocol' = 'icmp' and i ->> 'ports' = '0' then 'All ICMP' when i ->> 'protocol' = 'tcp' and i ->> 'ports' = '0' then 'All TCP' when i ->> 'protocol' = 'udp' and i ->> 'ports' = '0' then 'All UDP' when i ->> 'protocol' = 'tcp' and i ->> 'ports' <> '0' then concat(i ->> 'ports', '/TCP') when i ->> 'protocol' = 'udp' and i ->> 'ports' <> '0' then concat(i ->> 'ports', '/UDP') else concat('Procotol: ', i ->> 'protocol') end as rule_description from demoocean_firewall, jsonb_array_elements(inbound_rules) as i, jsonb_array_elements_text(i -> 'sources' -> 'kubernetes_ids') as cidr union select urn, title, id, i ->> 'protocol' as protocol_number, cidr as cidr_block, i ->> 'ports' as ports, case when i ->> 'protocol' = 'icmp' and i ->> 'ports' = '0' then 'All ICMP' when i ->> 'protocol' = 'tcp' and i ->> 'ports' = '0' then 'All TCP' when i ->> 'protocol' = 'udp' and i ->> 'ports' = '0' then 'All UDP' when i ->> 'protocol' = 'tcp' and i ->> 'ports' <> '0' then concat(i ->> 'ports', '/TCP') when i ->> 'protocol' = 'udp' and i ->> 'ports' <> '0' then concat(i ->> 'ports', '/UDP') else concat('Procotol: ', i ->> 'protocol') end as rule_description from demoocean_firewall, jsonb_array_elements(inbound_rules) as i, jsonb_array_elements_text(i -> 'sources' -> 'load_balancer_uids') as cidr) select distinct cidr_block as id, cidr_block as title, 'cidr_block' as category, null as from_id, null as to_id from rules union select concat(title, '_', rule_description) as id, rule_description as title, 'rule' as category, null as from_id, null as to_id from rules union select distinct title as id, title as title, 'inbound' as category, null as from_id, null as to_id from rules union select null as id, null as title, protocol_number as category, cidr_block as from_id, concat(title, '_', rule_description) as to_id from rules union select null as id, null as title, protocol_number as category, concat(title, '_', rule_description) as from_id, title as to_id from rules ) ru\\\" --output json\", \"nature\": \"json\" }", "{ \"SteampipeListDoFirewallOutboundRules\":\"steampipe query \\\"SELECT ru.id, ru.title, ru.category, ru.from_id, ru.to_id FROM (with rules as ( select urn, title, id, r ->> 'protocol' as protocol_number, cidr as cidr_block, r ->> 'ports' as ports, case when r ->> 'protocol' = 'icmp' and r ->> 'ports' = '0' then 'All ICMP' when r ->> 'protocol' = 'tcp' and r ->> 'ports' = '0' then 'All TCP' when r ->> 'protocol' = 'udp' and r ->> 'ports' = '0' then 'All UDP' when r ->> 'protocol' = 'tcp' and r ->> 'ports' <> '0' then concat(r ->> 'ports', '/TCP') when r ->> 'protocol' = 'udp' and r ->> 'ports' <> '0' then concat(r ->> 'ports', '/UDP') else concat('Procotol: ', r ->> 'protocol') end as rule_description from demoocean_firewall, jsonb_array_elements(outbound_rules) as r, jsonb_array_elements_text(r -> 'destinations' -> 'addresses') as cidr union select urn, title, id, r ->> 'protocol' as protocol_number, cidr as cidr_block, r ->> 'ports' as ports, case when r ->> 'protocol' = 'icmp' and r ->> 'ports' = '0' then 'All ICMP' when r ->> 'protocol' = 'tcp' and r ->> 'ports' = '0' then 'All TCP' when r ->> 'protocol' = 'udp' and r ->> 'ports' = '0' then 'All UDP' when r ->> 'protocol' = 'tcp' and r ->> 'ports' <> '0' then concat(r ->> 'ports', '/TCP') when r ->> 'protocol' = 'udp' and r ->> 'ports' <> '0' then concat(r ->> 'ports', '/UDP') else concat('Procotol: ', r ->> 'protocol') end as rule_description from demoocean_firewall, jsonb_array_elements(outbound_rules) as r, jsonb_array_elements_text(r -> 'destinations' -> 'droplet_ids') as cidr union select urn, title, id, r ->> 'protocol' as protocol_number, cidr as cidr_block, r ->> 'ports' as ports, case when r ->> 'protocol' = 'icmp' and r ->> 'ports' = '0' then 'All ICMP' when r ->> 'protocol' = 'tcp' and r ->> 'ports' = '0' then 'All TCP' when r ->> 'protocol' = 'udp' and r ->> 'ports' = '0' then 'All UDP' when r ->> 'protocol' = 'tcp' and r ->> 'ports' <> '0' then concat(r ->> 'ports', '/TCP') when r ->> 'protocol' = 'udp' and r ->> 'ports' <> '0' then concat(r ->> 'ports', '/UDP') else concat('Procotol: ', r ->> 'protocol') end as rule_description from demoocean_firewall, jsonb_array_elements(outbound_rules) as r, jsonb_array_elements_text(r -> 'destinations' -> 'kubernetes_ids') as cidr union select urn, title, id, r ->> 'protocol' as protocol_number, cidr as cidr_block, r ->> 'ports' as ports, case when r ->> 'protocol' = 'icmp' and r ->> 'ports' = '0' then 'All ICMP' when r ->> 'protocol' = 'tcp' and r ->> 'ports' = '0' then 'All TCP' when r ->> 'protocol' = 'udp' and r ->> 'ports' = '0' then 'All UDP' when r ->> 'protocol' = 'tcp' and r ->> 'ports' <> '0' then concat(r ->> 'ports', '/TCP') when r ->> 'protocol' = 'udp' and r ->> 'ports' <> '0' then concat(r ->> 'ports', '/UDP') else concat('Procotol: ', r ->> 'protocol') end as rule_description from demoocean_firewall, jsonb_array_elements(outbound_rules) as r, jsonb_array_elements_text(r -> 'destinations' -> 'load_balancer_uids') as cidr) select distinct title as id, title as title, 'inbound' as category, null as from_id, null as to_id, 0 as depth from rules union select concat(title, '_', rule_description) as id, rule_description as title, 'rule' as category, null as from_id, null as to_id, 1 as depth from rules union select distinct cidr_block as id, cidr_block as title, 'cidr_block' as category, null as from_id, null as to_id, 2 as depth from rules union select null as id, null as title, protocol_number as category, concat(title, '_', rule_description) as from_id, title as to_id, null as depth from rules union select null as id, null as title, protocol_number as category, cidr_block as from_id, concat(title, '_', rule_description) as from_id, null as depth from rules) ru\\\" --output json\", \"nature\": \"json\" }", "{ \"SteampipeawsAccountInfo\": \"steampipe query \\\"select alias.value as alias, a.arn, a.organization_id, a.account_id, a.title, a.partition, a.region, a.organization_master_account_email, a.organization_master_account_id from aws_account as a cross join jsonb_array_elements(a.account_aliases) as alias(value)\\\" --output json\", \"nature\": \"json\" }", "{ \"SteampipeawsMonthlyCostByAccount\": \"steampipe query \\\"select linked_account_id, period_start, blended_cost_amount :: numeric :: money, unblended_cost_amount :: numeric :: money, amortized_cost_amount :: numeric :: money, net_unblended_cost_amount :: numeric :: money, net_amortized_cost_amount :: numeric :: money from aws_cost_by_account_monthly order by linked_account_id, period_start\\\" --output json\", \"nature\": \"json\" }", "{ \"SteampipeawsEC2Instances\": \"steampipe query \\\"SELECT placement_availability_zone AS az, instance_type, instance_id, account_id, instance_state, user_data, title, image_id, architecture, cpu_options_core_count, launch_time, platform_details, root_device_name, network_interfaces, COUNT(*) FROM aws_ec2_instance GROUP BY placement_availability_zone, instance_type, instance_id, account_id, instance_state, user_data, title, image_id, architecture, cpu_options_core_count, launch_time, platform_details, root_device_name, network_interfaces\\\" --output json\", \"nature\": \"json\" }", "{ \"SteampipeawsIAMUserInfo\": \"steampipe query \\\"SELECT user_id,name,path,arn,create_date,mfa_enabled,password_last_used,permissions_boundary_type,partition,region,account_id FROM aws_iam_user\\\" --output json\", \"nature\": \"json\" }", "{ \"SteampipeListAllAwsVPCs\": \"steampipe query \\\"SELECT vpc_id, arn, cidr_block, state, is_default, dhcp_options_id, owner_id, title, partition, region, account_id FROM aws_vpc\\\" --output json\", \"nature\": \"json\" }", "{ \"SteampipeawsEC2ApplicationLoadBalancers\": \"steampipe query \\\"SELECT name, arn, type, scheme, canonical_hosted_zone_id, vpc_id, created_time, dns_name, ip_address_type, security_groups, load_balancer_attributes, title, region, account_id FROM aws_ec2_application_load_balancer\\\" --output json\", \"nature\": \"json\" }", "{ \"SteampipeawsVPCSecurityGroups\": \"steampipe query \\\"SELECT group_id, group_name, title, arn, description, vpc_id, owner_id, ip_permissions, region, account_id FROM aws_vpc_security_group\\\" --output json\", \"nature\": \"json\" }", "{ \"SteampipeAwsEcsClusterInfo\": \"steampipe query \\\"SELECT cluster_arn, cluster_name, active_services_count, attachments, attachments_status, status FROM aws_ecs_cluster\\\" --output json\", \"nature\": \"json\" }", "{ \"SteampipeAwsEcsServiceInfo\": \"steampipe query \\\"SELECT service_name, arn, cluster_arn, task_definition, status FROM aws_ecs_service\\\" --output json\", \"nature\": \"json\" }", "{ \"SteampipeAwsEcsTaskInfo\": \"steampipe query \\\"SELECT cluster_name, desired_status, launch_type, task_arn FROM aws_ecs_task\\\" --output json\", \"nature\": \"json\" }", "{ \"SteampipeAwsRdsDbClusterInfo\": \"steampipe query \\\"SELECT db_cluster_identifier, allocated_storage, kms_key_id FROM aws_rds_db_cluster WHERE kms_key_id IS NULL\\\" --output json\", \"nature\": \"json\" }", "{ \"SteampipeAwsRdsDbInstanceInfo\": \"steampipe query \\\"SELECT db_instance_identifier, class, engine, engine_version, publicly_accessible FROM aws_rds_db_instance\\\" --output json\", \"nature\": \"json\" }", "{ \"SteampipeAwsVpcPeeringConnectionInfo\": \"steampipe query \\\"SELECT id, accepter_owner_id, accepter_region, accepter_vpc_id, expiration_time, requester_owner_id, requester_region, requester_vpc_id FROM aws_vpc_peering_connection\\\" --output json\", \"nature\": \"json\" }", "{ \"SteampipeAwsEksFargateProfileInfo\": \"steampipe query \\\"SELECT fargate_profile_name, fargate_profile_arn, cluster_name, created_at, status, tags FROM aws_eks_fargate_profile\\\" --output json\", \"nature\": \"json\" }", "{ \"SteampipeAwsSqsQueueInfo\": \"steampipe query \\\"SELECT title, delay_seconds, max_message_size, receive_wait_time_seconds, message_retention_seconds, visibility_timeout_seconds FROM aws_sqs_queue\\\" --output json\", \"nature\": \"json\" }", "{ \"SteampipeAwsEc2TargetGroupInfo\": \"steampipe query \\\"SELECT target_group_name, target_type, load_balancer_arns, vpc_id FROM aws_ec2_target_group\\\" --output json\", \"nature\": \"json\" }", "{ \"SteampipeAwsAcmCertificateInfo\": \"steampipe query \\\"SELECT certificate_arn, domain_name, failure_reason, in_use_by, status, key_algorithm FROM aws_acm_certificate\\\" --output json\", \"nature\": \"json\" }" ] } | 2025-07-02 12:32:28 | {"agent":"surveilr","version":"1.8.6"} | UNKNOWN | |||||||||
| 01JTN9TPJXHY2DTBC0E26J5NHM | 01JTN9TPJXG51BP1KMJ1NFX7PD | 2025-05-07 11:59:21 | 2025-05-07 12:00:28 | {"agent":"surveilr","version":"1.8.2"} | { "imap_configuration": { "username": null, "password": null, "addr": null, "port": 993, "folder": "Inbox", "mailboxes": [], "batch_size": 2000, "extract_attachments": true, "microsoft365": { "client_id": "abac056d-557b-407f-95f9-a8a4677c263c", "client_secret": "49622a36-e040-44f2-84d0-a0f93e67bf3a", "redirect_uri": "http://127.0.0.1:8000/redirect", "mode": "DeviceCode", "auth_server": { "addr": "http://127.0.0.1:8000", "base_url": "/redirect", "port": 8000 } }, "progress": false, "status": null, "filters": { "subject": null, "to": null, "cc": null, "bcc": null, "filter_text": null, "sent_on": null, "from": null } }, "email_fetch_duration": null, "email_ingest_duration": "35.73s", "discovered_folder_count": 9, "folders": { "Inbox": { "name": "Inbox", "fetched_message_count": 2000, "folder_process_duration": null, "text_plain_count": 0, "html_content_count": 2000 } }, "folders_available": [], "folders_ingested": [] } | UNKNOWN | ||||||||
| 01JXKT7KRHPTHP2EW8PV65QBMS | 01JTN9TPJXG51BP1KMJ1NFX7PD | 2025-06-13 04:54:38 | 2025-06-13 04:58:11 | {"agent":"surveilr","version":"1.8.4"} | { "imap_configuration": { "username": null, "password": null, "addr": null, "port": 993, "folder": "Inbox", "mailboxes": [], "batch_size": 2000, "extract_attachments": true, "microsoft365": { "client_id": "abac056d-557b-407f-95f9-a8a4677c263c", "client_secret": "49622a36-e040-44f2-84d0-a0f93e67bf3a", "redirect_uri": "http://127.0.0.1:8000/redirect", "mode": "DeviceCode", "auth_server": { "addr": "http://127.0.0.1:8000", "base_url": "/redirect", "port": 8000 } }, "progress": false, "status": null, "filters": { "subject": null, "to": null, "cc": null, "bcc": null, "filter_text": null, "sent_on": null, "from": null } }, "email_fetch_duration": null, "email_ingest_duration": "83.67s", "discovered_folder_count": 9, "folders": { "Inbox": { "name": "Inbox", "fetched_message_count": 2000, "folder_process_duration": null, "text_plain_count": 0, "html_content_count": 2000 } }, "folders_available": [], "folders_ingested": [] } | UNKNOWN | ||||||||
| 01JZ51EGHSFECZY7HNAT06611F | 01JZ51DTQ4TQZDNR1SMFDAX814 | 01JZ51EGGZ8PKAAV8WNY9JCV5H | { "surveilr-cli": { "ingest": { "files": { "classifier": { "flaggables": [ { "regex": "/(\\.git|node_modules)/", "flags": "IGNORE_RESOURCE", "nature": null }, { "regex": "\\.(?P<nature>md|mdx|html|json|jsonc|puml|txt|toml|yml|xml|tap|csv|tsv|ssv|psv|tm7|pdf|docx|doc|pptx|ppt|xlsx|xls)$", "flags": "CONTENT_ACQUIRABLE", "nature": "?P<nature>" }, { "regex": "surveilr\\[(?P<nature>[^\\]]*)\\]", "flags": "CAPTURABLE_EXECUTABLE", "nature": "?P<nature>" }, { "regex": "surveilr-SQL", "flags": "CAPTURABLE_EXECUTABLE | CAPTURABLE_SQL", "nature": null } ], "rewrite_path_regexs": [ { "regex": "(\\.plantuml)$", "replace": ".puml" }, { "regex": "(\\.text)$", "replace": ".txt" }, { "regex": "(\\.yaml)$", "replace": ".yml" } ], "smart_ignore_conf_files": [ ".surveilr_ignore" ] }, "root_fs_paths": [] }, "imap": null, "plm": null }, "shell": null, "osquery_ms": { "code_notebook_name": "osQuery Management Server (Prime)", "policy_notebook_name": "osQuery Management Server (Policy)", "result_filters_notebook_name": "osQuery Management Server Default Filters (Prime)", "query": null } } } | 2025-07-02 07:43:31 | {} | UNKNOWN | ||||||||
| 01JZ51EKWS6H3T18EESM299NBP | 01JZ51DTQ4TQZDNR1SMFDAX814 | 01JZ51EHFPZ406V5TJG7XRYVAY | { "surveilr-cli": { "ingest": { "files": { "classifier": { "flaggables": [ { "regex": "/(\\.git|node_modules)/", "flags": "IGNORE_RESOURCE", "nature": null }, { "regex": "\\.(?P<nature>md|mdx|html|json|jsonc|puml|txt|toml|yml|xml|tap|csv|tsv|ssv|psv|tm7|pdf|docx|doc|pptx|ppt|xlsx|xls)$", "flags": "CONTENT_ACQUIRABLE", "nature": "?P<nature>" }, { "regex": "surveilr\\[(?P<nature>[^\\]]*)\\]", "flags": "CAPTURABLE_EXECUTABLE", "nature": "?P<nature>" }, { "regex": "surveilr-SQL", "flags": "CAPTURABLE_EXECUTABLE | CAPTURABLE_SQL", "nature": null } ], "rewrite_path_regexs": [ { "regex": "(\\.plantuml)$", "replace": ".puml" }, { "regex": "(\\.text)$", "replace": ".txt" }, { "regex": "(\\.yaml)$", "replace": ".yml" } ], "smart_ignore_conf_files": [ ".surveilr_ignore" ] }, "root_fs_paths": [] }, "imap": null, "plm": null }, "shell": null, "osquery_ms": { "code_notebook_name": "osQuery Management Server (Prime)", "policy_notebook_name": "osQuery Management Server (Policy)", "result_filters_notebook_name": "osQuery Management Server Default Filters (Prime)", "query": null } } } | 2025-07-02 07:43:34 | {} | UNKNOWN | ||||||||
| 01JZ51EKYQHMHZY822ZYBV7AH8 | 01JZ51DTQ4TQZDNR1SMFDAX814 | 01JZ51EKWJRC3C506KS2744VDN | { "surveilr-cli": { "ingest": { "files": { "classifier": { "flaggables": [ { "regex": "/(\\.git|node_modules)/", "flags": "IGNORE_RESOURCE", "nature": null }, { "regex": "\\.(?P<nature>md|mdx|html|json|jsonc|puml|txt|toml|yml|xml|tap|csv|tsv|ssv|psv|tm7|pdf|docx|doc|pptx|ppt|xlsx|xls)$", "flags": "CONTENT_ACQUIRABLE", "nature": "?P<nature>" }, { "regex": "surveilr\\[(?P<nature>[^\\]]*)\\]", "flags": "CAPTURABLE_EXECUTABLE", "nature": "?P<nature>" }, { "regex": "surveilr-SQL", "flags": "CAPTURABLE_EXECUTABLE | CAPTURABLE_SQL", "nature": null } ], "rewrite_path_regexs": [ { "regex": "(\\.plantuml)$", "replace": ".puml" }, { "regex": "(\\.text)$", "replace": ".txt" }, { "regex": "(\\.yaml)$", "replace": ".yml" } ], "smart_ignore_conf_files": [ ".surveilr_ignore" ] }, "root_fs_paths": [] }, "imap": null, "plm": null }, "shell": null, "osquery_ms": { "code_notebook_name": "osQuery Management Server (Prime)", "policy_notebook_name": "osQuery Management Server (Policy)", "result_filters_notebook_name": "osQuery Management Server Default Filters (Prime)", "query": null } } } | 2025-07-02 07:43:34 | {} | UNKNOWN | ||||||||
| 01JZ51EP3SMRHEY65V58JTV3W6 | 01JZ51DTQ4TQZDNR1SMFDAX814 | 01JZ51EK338PWKM59AXEXWM136 | { "surveilr-cli": { "ingest": { "files": { "classifier": { "flaggables": [ { "regex": "/(\\.git|node_modules)/", "flags": "IGNORE_RESOURCE", "nature": null }, { "regex": "\\.(?P<nature>md|mdx|html|json|jsonc|puml|txt|toml|yml|xml|tap|csv|tsv|ssv|psv|tm7|pdf|docx|doc|pptx|ppt|xlsx|xls)$", "flags": "CONTENT_ACQUIRABLE", "nature": "?P<nature>" }, { "regex": "surveilr\\[(?P<nature>[^\\]]*)\\]", "flags": "CAPTURABLE_EXECUTABLE", "nature": "?P<nature>" }, { "regex": "surveilr-SQL", "flags": "CAPTURABLE_EXECUTABLE | CAPTURABLE_SQL", "nature": null } ], "rewrite_path_regexs": [ { "regex": "(\\.plantuml)$", "replace": ".puml" }, { "regex": "(\\.text)$", "replace": ".txt" }, { "regex": "(\\.yaml)$", "replace": ".yml" } ], "smart_ignore_conf_files": [ ".surveilr_ignore" ] }, "root_fs_paths": [] }, "imap": null, "plm": null }, "shell": null, "osquery_ms": { "code_notebook_name": "osQuery Management Server (Prime)", "policy_notebook_name": "osQuery Management Server (Policy)", "result_filters_notebook_name": "osQuery Management Server Default Filters (Prime)", "query": null } } } | 2025-07-02 07:43:37 | {} | UNKNOWN | ||||||||
| 01JZ51ER451Q6NYYQA03N44ZS1 | 01JZ51DTQ4TQZDNR1SMFDAX814 | 01JZ51EKWJRC3C506KS2744VDN | { "surveilr-cli": { "ingest": { "files": { "classifier": { "flaggables": [ { "regex": "/(\\.git|node_modules)/", "flags": "IGNORE_RESOURCE", "nature": null }, { "regex": "\\.(?P<nature>md|mdx|html|json|jsonc|puml|txt|toml|yml|xml|tap|csv|tsv|ssv|psv|tm7|pdf|docx|doc|pptx|ppt|xlsx|xls)$", "flags": "CONTENT_ACQUIRABLE", "nature": "?P<nature>" }, { "regex": "surveilr\\[(?P<nature>[^\\]]*)\\]", "flags": "CAPTURABLE_EXECUTABLE", "nature": "?P<nature>" }, { "regex": "surveilr-SQL", "flags": "CAPTURABLE_EXECUTABLE | CAPTURABLE_SQL", "nature": null } ], "rewrite_path_regexs": [ { "regex": "(\\.plantuml)$", "replace": ".puml" }, { "regex": "(\\.text)$", "replace": ".txt" }, { "regex": "(\\.yaml)$", "replace": ".yml" } ], "smart_ignore_conf_files": [ ".surveilr_ignore" ] }, "root_fs_paths": [] }, "imap": null, "plm": null }, "shell": null, "osquery_ms": { "code_notebook_name": "osQuery Management Server (Prime)", "policy_notebook_name": "osQuery Management Server (Policy)", "result_filters_notebook_name": "osQuery Management Server Default Filters (Prime)", "query": null } } } | 2025-07-02 07:43:39 | {} | UNKNOWN | ||||||||
| 01JZ51ER753DAKPKTZHA3W2SXQ | 01JZ51DTQ4TQZDNR1SMFDAX814 | 01JZ51EHFPZ406V5TJG7XRYVAY | { "surveilr-cli": { "ingest": { "files": { "classifier": { "flaggables": [ { "regex": "/(\\.git|node_modules)/", "flags": "IGNORE_RESOURCE", "nature": null }, { "regex": "\\.(?P<nature>md|mdx|html|json|jsonc|puml|txt|toml|yml|xml|tap|csv|tsv|ssv|psv|tm7|pdf|docx|doc|pptx|ppt|xlsx|xls)$", "flags": "CONTENT_ACQUIRABLE", "nature": "?P<nature>" }, { "regex": "surveilr\\[(?P<nature>[^\\]]*)\\]", "flags": "CAPTURABLE_EXECUTABLE", "nature": "?P<nature>" }, { "regex": "surveilr-SQL", "flags": "CAPTURABLE_EXECUTABLE | CAPTURABLE_SQL", "nature": null } ], "rewrite_path_regexs": [ { "regex": "(\\.plantuml)$", "replace": ".puml" }, { "regex": "(\\.text)$", "replace": ".txt" }, { "regex": "(\\.yaml)$", "replace": ".yml" } ], "smart_ignore_conf_files": [ ".surveilr_ignore" ] }, "root_fs_paths": [] }, "imap": null, "plm": null }, "shell": null, "osquery_ms": { "code_notebook_name": "osQuery Management Server (Prime)", "policy_notebook_name": "osQuery Management Server (Policy)", "result_filters_notebook_name": "osQuery Management Server Default Filters (Prime)", "query": null } } } | 2025-07-02 07:43:39 | {} | UNKNOWN | ||||||||
| 01JZ51ERJC1DR7KASNAH1Z6CD6 | 01JZ51DTQ4TQZDNR1SMFDAX814 | 01JZ51EJ8GK686RAHX6NSNFM9P | { "surveilr-cli": { "ingest": { "files": { "classifier": { "flaggables": [ { "regex": "/(\\.git|node_modules)/", "flags": "IGNORE_RESOURCE", "nature": null }, { "regex": "\\.(?P<nature>md|mdx|html|json|jsonc|puml|txt|toml|yml|xml|tap|csv|tsv|ssv|psv|tm7|pdf|docx|doc|pptx|ppt|xlsx|xls)$", "flags": "CONTENT_ACQUIRABLE", "nature": "?P<nature>" }, { "regex": "surveilr\\[(?P<nature>[^\\]]*)\\]", "flags": "CAPTURABLE_EXECUTABLE", "nature": "?P<nature>" }, { "regex": "surveilr-SQL", "flags": "CAPTURABLE_EXECUTABLE | CAPTURABLE_SQL", "nature": null } ], "rewrite_path_regexs": [ { "regex": "(\\.plantuml)$", "replace": ".puml" }, { "regex": "(\\.text)$", "replace": ".txt" }, { "regex": "(\\.yaml)$", "replace": ".yml" } ], "smart_ignore_conf_files": [ ".surveilr_ignore" ] }, "root_fs_paths": [] }, "imap": null, "plm": null }, "shell": null, "osquery_ms": { "code_notebook_name": "osQuery Management Server (Prime)", "policy_notebook_name": "osQuery Management Server (Policy)", "result_filters_notebook_name": "osQuery Management Server Default Filters (Prime)", "query": null } } } | 2025-07-02 07:43:39 | {} | UNKNOWN | ||||||||
| 01JZ51EV0Y2ER9ZN90Z44RG1PM | 01JZ51DTQ4TQZDNR1SMFDAX814 | 01JZ51EGGZ8PKAAV8WNY9JCV5H | { "surveilr-cli": { "ingest": { "files": { "classifier": { "flaggables": [ { "regex": "/(\\.git|node_modules)/", "flags": "IGNORE_RESOURCE", "nature": null }, { "regex": "\\.(?P<nature>md|mdx|html|json|jsonc|puml|txt|toml|yml|xml|tap|csv|tsv|ssv|psv|tm7|pdf|docx|doc|pptx|ppt|xlsx|xls)$", "flags": "CONTENT_ACQUIRABLE", "nature": "?P<nature>" }, { "regex": "surveilr\\[(?P<nature>[^\\]]*)\\]", "flags": "CAPTURABLE_EXECUTABLE", "nature": "?P<nature>" }, { "regex": "surveilr-SQL", "flags": "CAPTURABLE_EXECUTABLE | CAPTURABLE_SQL", "nature": null } ], "rewrite_path_regexs": [ { "regex": "(\\.plantuml)$", "replace": ".puml" }, { "regex": "(\\.text)$", "replace": ".txt" }, { "regex": "(\\.yaml)$", "replace": ".yml" } ], "smart_ignore_conf_files": [ ".surveilr_ignore" ] }, "root_fs_paths": [] }, "imap": null, "plm": null }, "shell": null, "osquery_ms": { "code_notebook_name": "osQuery Management Server (Prime)", "policy_notebook_name": "osQuery Management Server (Policy)", "result_filters_notebook_name": "osQuery Management Server Default Filters (Prime)", "query": null } } } | 2025-07-02 07:43:42 | {} | UNKNOWN | ||||||||
| 01JZ51EV8N9VZB4WZ7B61QWRGG | 01JZ51DTQ4TQZDNR1SMFDAX814 | 01JZ51EK338PWKM59AXEXWM136 | { "surveilr-cli": { "ingest": { "files": { "classifier": { "flaggables": [ { "regex": "/(\\.git|node_modules)/", "flags": "IGNORE_RESOURCE", "nature": null }, { "regex": "\\.(?P<nature>md|mdx|html|json|jsonc|puml|txt|toml|yml|xml|tap|csv|tsv|ssv|psv|tm7|pdf|docx|doc|pptx|ppt|xlsx|xls)$", "flags": "CONTENT_ACQUIRABLE", "nature": "?P<nature>" }, { "regex": "surveilr\\[(?P<nature>[^\\]]*)\\]", "flags": "CAPTURABLE_EXECUTABLE", "nature": "?P<nature>" }, { "regex": "surveilr-SQL", "flags": "CAPTURABLE_EXECUTABLE | CAPTURABLE_SQL", "nature": null } ], "rewrite_path_regexs": [ { "regex": "(\\.plantuml)$", "replace": ".puml" }, { "regex": "(\\.text)$", "replace": ".txt" }, { "regex": "(\\.yaml)$", "replace": ".yml" } ], "smart_ignore_conf_files": [ ".surveilr_ignore" ] }, "root_fs_paths": [] }, "imap": null, "plm": null }, "shell": null, "osquery_ms": { "code_notebook_name": "osQuery Management Server (Prime)", "policy_notebook_name": "osQuery Management Server (Policy)", "result_filters_notebook_name": "osQuery Management Server Default Filters (Prime)", "query": null } } } | 2025-07-02 07:43:42 | {} | UNKNOWN | ||||||||
| 01JZ51EW5Y8WB2RTCH3NF3T4JE | 01JZ51DTQ4TQZDNR1SMFDAX814 | 01JZ51EKWJRC3C506KS2744VDN | { "surveilr-cli": { "ingest": { "files": { "classifier": { "flaggables": [ { "regex": "/(\\.git|node_modules)/", "flags": "IGNORE_RESOURCE", "nature": null }, { "regex": "\\.(?P<nature>md|mdx|html|json|jsonc|puml|txt|toml|yml|xml|tap|csv|tsv|ssv|psv|tm7|pdf|docx|doc|pptx|ppt|xlsx|xls)$", "flags": "CONTENT_ACQUIRABLE", "nature": "?P<nature>" }, { "regex": "surveilr\\[(?P<nature>[^\\]]*)\\]", "flags": "CAPTURABLE_EXECUTABLE", "nature": "?P<nature>" }, { "regex": "surveilr-SQL", "flags": "CAPTURABLE_EXECUTABLE | CAPTURABLE_SQL", "nature": null } ], "rewrite_path_regexs": [ { "regex": "(\\.plantuml)$", "replace": ".puml" }, { "regex": "(\\.text)$", "replace": ".txt" }, { "regex": "(\\.yaml)$", "replace": ".yml" } ], "smart_ignore_conf_files": [ ".surveilr_ignore" ] }, "root_fs_paths": [] }, "imap": null, "plm": null }, "shell": null, "osquery_ms": { "code_notebook_name": "osQuery Management Server (Prime)", "policy_notebook_name": "osQuery Management Server (Policy)", "result_filters_notebook_name": "osQuery Management Server Default Filters (Prime)", "query": null } } } | 2025-07-02 07:43:43 | {} | UNKNOWN | ||||||||
| 01JZ51FBVZ1K537HC3VDK97GTZ | 01JZ51DTQ4TQZDNR1SMFDAX814 | 01JZ51EKWJRC3C506KS2744VDN | { "surveilr-cli": { "ingest": { "files": { "classifier": { "flaggables": [ { "regex": "/(\\.git|node_modules)/", "flags": "IGNORE_RESOURCE", "nature": null }, { "regex": "\\.(?P<nature>md|mdx|html|json|jsonc|puml|txt|toml|yml|xml|tap|csv|tsv|ssv|psv|tm7|pdf|docx|doc|pptx|ppt|xlsx|xls)$", "flags": "CONTENT_ACQUIRABLE", "nature": "?P<nature>" }, { "regex": "surveilr\\[(?P<nature>[^\\]]*)\\]", "flags": "CAPTURABLE_EXECUTABLE", "nature": "?P<nature>" }, { "regex": "surveilr-SQL", "flags": "CAPTURABLE_EXECUTABLE | CAPTURABLE_SQL", "nature": null } ], "rewrite_path_regexs": [ { "regex": "(\\.plantuml)$", "replace": ".puml" }, { "regex": "(\\.text)$", "replace": ".txt" }, { "regex": "(\\.yaml)$", "replace": ".yml" } ], "smart_ignore_conf_files": [ ".surveilr_ignore" ] }, "root_fs_paths": [] }, "imap": null, "plm": null }, "shell": null, "osquery_ms": { "code_notebook_name": "osQuery Management Server (Prime)", "policy_notebook_name": "osQuery Management Server (Policy)", "result_filters_notebook_name": "osQuery Management Server Default Filters (Prime)", "query": null } } } | 2025-07-02 07:43:59 | {} | UNKNOWN | ||||||||
| 01JZ51FE98Q1FYC4683CQ3AZVF | 01JZ51DTQ4TQZDNR1SMFDAX814 | 01JZ51EJ8GK686RAHX6NSNFM9P | { "surveilr-cli": { "ingest": { "files": { "classifier": { "flaggables": [ { "regex": "/(\\.git|node_modules)/", "flags": "IGNORE_RESOURCE", "nature": null }, { "regex": "\\.(?P<nature>md|mdx|html|json|jsonc|puml|txt|toml|yml|xml|tap|csv|tsv|ssv|psv|tm7|pdf|docx|doc|pptx|ppt|xlsx|xls)$", "flags": "CONTENT_ACQUIRABLE", "nature": "?P<nature>" }, { "regex": "surveilr\\[(?P<nature>[^\\]]*)\\]", "flags": "CAPTURABLE_EXECUTABLE", "nature": "?P<nature>" }, { "regex": "surveilr-SQL", "flags": "CAPTURABLE_EXECUTABLE | CAPTURABLE_SQL", "nature": null } ], "rewrite_path_regexs": [ { "regex": "(\\.plantuml)$", "replace": ".puml" }, { "regex": "(\\.text)$", "replace": ".txt" }, { "regex": "(\\.yaml)$", "replace": ".yml" } ], "smart_ignore_conf_files": [ ".surveilr_ignore" ] }, "root_fs_paths": [] }, "imap": null, "plm": null }, "shell": null, "osquery_ms": { "code_notebook_name": "osQuery Management Server (Prime)", "policy_notebook_name": "osQuery Management Server (Policy)", "result_filters_notebook_name": "osQuery Management Server Default Filters (Prime)", "query": null } } } | 2025-07-02 07:44:01 | {} | UNKNOWN | ||||||||
| 01JZ51FEN61GJX5ZVN447KW7R5 | 01JZ51DTQ4TQZDNR1SMFDAX814 | 01JZ51EGGZ8PKAAV8WNY9JCV5H | { "surveilr-cli": { "ingest": { "files": { "classifier": { "flaggables": [ { "regex": "/(\\.git|node_modules)/", "flags": "IGNORE_RESOURCE", "nature": null }, { "regex": "\\.(?P<nature>md|mdx|html|json|jsonc|puml|txt|toml|yml|xml|tap|csv|tsv|ssv|psv|tm7|pdf|docx|doc|pptx|ppt|xlsx|xls)$", "flags": "CONTENT_ACQUIRABLE", "nature": "?P<nature>" }, { "regex": "surveilr\\[(?P<nature>[^\\]]*)\\]", "flags": "CAPTURABLE_EXECUTABLE", "nature": "?P<nature>" }, { "regex": "surveilr-SQL", "flags": "CAPTURABLE_EXECUTABLE | CAPTURABLE_SQL", "nature": null } ], "rewrite_path_regexs": [ { "regex": "(\\.plantuml)$", "replace": ".puml" }, { "regex": "(\\.text)$", "replace": ".txt" }, { "regex": "(\\.yaml)$", "replace": ".yml" } ], "smart_ignore_conf_files": [ ".surveilr_ignore" ] }, "root_fs_paths": [] }, "imap": null, "plm": null }, "shell": null, "osquery_ms": { "code_notebook_name": "osQuery Management Server (Prime)", "policy_notebook_name": "osQuery Management Server (Policy)", "result_filters_notebook_name": "osQuery Management Server Default Filters (Prime)", "query": null } } } | 2025-07-02 07:44:02 | {} | UNKNOWN | ||||||||
| 01JZ51FJRG6HNV2GZZ4KXDZNBS | 01JZ51DTQ4TQZDNR1SMFDAX814 | 01JZ51EGGZ8PKAAV8WNY9JCV5H | { "surveilr-cli": { "ingest": { "files": { "classifier": { "flaggables": [ { "regex": "/(\\.git|node_modules)/", "flags": "IGNORE_RESOURCE", "nature": null }, { "regex": "\\.(?P<nature>md|mdx|html|json|jsonc|puml|txt|toml|yml|xml|tap|csv|tsv|ssv|psv|tm7|pdf|docx|doc|pptx|ppt|xlsx|xls)$", "flags": "CONTENT_ACQUIRABLE", "nature": "?P<nature>" }, { "regex": "surveilr\\[(?P<nature>[^\\]]*)\\]", "flags": "CAPTURABLE_EXECUTABLE", "nature": "?P<nature>" }, { "regex": "surveilr-SQL", "flags": "CAPTURABLE_EXECUTABLE | CAPTURABLE_SQL", "nature": null } ], "rewrite_path_regexs": [ { "regex": "(\\.plantuml)$", "replace": ".puml" }, { "regex": "(\\.text)$", "replace": ".txt" }, { "regex": "(\\.yaml)$", "replace": ".yml" } ], "smart_ignore_conf_files": [ ".surveilr_ignore" ] }, "root_fs_paths": [] }, "imap": null, "plm": null }, "shell": null, "osquery_ms": { "code_notebook_name": "osQuery Management Server (Prime)", "policy_notebook_name": "osQuery Management Server (Policy)", "result_filters_notebook_name": "osQuery Management Server Default Filters (Prime)", "query": null } } } | 2025-07-02 07:44:06 | {} | UNKNOWN | ||||||||
| 01JZ51FK26DA4VWTSFG53PMYST | 01JZ51DTQ4TQZDNR1SMFDAX814 | 01JZ51EJ8GK686RAHX6NSNFM9P | { "surveilr-cli": { "ingest": { "files": { "classifier": { "flaggables": [ { "regex": "/(\\.git|node_modules)/", "flags": "IGNORE_RESOURCE", "nature": null }, { "regex": "\\.(?P<nature>md|mdx|html|json|jsonc|puml|txt|toml|yml|xml|tap|csv|tsv|ssv|psv|tm7|pdf|docx|doc|pptx|ppt|xlsx|xls)$", "flags": "CONTENT_ACQUIRABLE", "nature": "?P<nature>" }, { "regex": "surveilr\\[(?P<nature>[^\\]]*)\\]", "flags": "CAPTURABLE_EXECUTABLE", "nature": "?P<nature>" }, { "regex": "surveilr-SQL", "flags": "CAPTURABLE_EXECUTABLE | CAPTURABLE_SQL", "nature": null } ], "rewrite_path_regexs": [ { "regex": "(\\.plantuml)$", "replace": ".puml" }, { "regex": "(\\.text)$", "replace": ".txt" }, { "regex": "(\\.yaml)$", "replace": ".yml" } ], "smart_ignore_conf_files": [ ".surveilr_ignore" ] }, "root_fs_paths": [] }, "imap": null, "plm": null }, "shell": null, "osquery_ms": { "code_notebook_name": "osQuery Management Server (Prime)", "policy_notebook_name": "osQuery Management Server (Policy)", "result_filters_notebook_name": "osQuery Management Server Default Filters (Prime)", "query": null } } } | 2025-07-02 07:44:06 | {} | UNKNOWN | ||||||||
| 01JZ51FKQA4C91X41ET48WYBHG | 01JZ51DTQ4TQZDNR1SMFDAX814 | 01JZ51EKWJRC3C506KS2744VDN | { "surveilr-cli": { "ingest": { "files": { "classifier": { "flaggables": [ { "regex": "/(\\.git|node_modules)/", "flags": "IGNORE_RESOURCE", "nature": null }, { "regex": "\\.(?P<nature>md|mdx|html|json|jsonc|puml|txt|toml|yml|xml|tap|csv|tsv|ssv|psv|tm7|pdf|docx|doc|pptx|ppt|xlsx|xls)$", "flags": "CONTENT_ACQUIRABLE", "nature": "?P<nature>" }, { "regex": "surveilr\\[(?P<nature>[^\\]]*)\\]", "flags": "CAPTURABLE_EXECUTABLE", "nature": "?P<nature>" }, { "regex": "surveilr-SQL", "flags": "CAPTURABLE_EXECUTABLE | CAPTURABLE_SQL", "nature": null } ], "rewrite_path_regexs": [ { "regex": "(\\.plantuml)$", "replace": ".puml" }, { "regex": "(\\.text)$", "replace": ".txt" }, { "regex": "(\\.yaml)$", "replace": ".yml" } ], "smart_ignore_conf_files": [ ".surveilr_ignore" ] }, "root_fs_paths": [] }, "imap": null, "plm": null }, "shell": null, "osquery_ms": { "code_notebook_name": "osQuery Management Server (Prime)", "policy_notebook_name": "osQuery Management Server (Policy)", "result_filters_notebook_name": "osQuery Management Server Default Filters (Prime)", "query": null } } } | 2025-07-02 07:44:07 | {} | UNKNOWN | ||||||||
| 01JZ51FMJTJ7WQE54BGF39P5HZ | 01JZ51DTQ4TQZDNR1SMFDAX814 | 01JZ51EK338PWKM59AXEXWM136 | { "surveilr-cli": { "ingest": { "files": { "classifier": { "flaggables": [ { "regex": "/(\\.git|node_modules)/", "flags": "IGNORE_RESOURCE", "nature": null }, { "regex": "\\.(?P<nature>md|mdx|html|json|jsonc|puml|txt|toml|yml|xml|tap|csv|tsv|ssv|psv|tm7|pdf|docx|doc|pptx|ppt|xlsx|xls)$", "flags": "CONTENT_ACQUIRABLE", "nature": "?P<nature>" }, { "regex": "surveilr\\[(?P<nature>[^\\]]*)\\]", "flags": "CAPTURABLE_EXECUTABLE", "nature": "?P<nature>" }, { "regex": "surveilr-SQL", "flags": "CAPTURABLE_EXECUTABLE | CAPTURABLE_SQL", "nature": null } ], "rewrite_path_regexs": [ { "regex": "(\\.plantuml)$", "replace": ".puml" }, { "regex": "(\\.text)$", "replace": ".txt" }, { "regex": "(\\.yaml)$", "replace": ".yml" } ], "smart_ignore_conf_files": [ ".surveilr_ignore" ] }, "root_fs_paths": [] }, "imap": null, "plm": null }, "shell": null, "osquery_ms": { "code_notebook_name": "osQuery Management Server (Prime)", "policy_notebook_name": "osQuery Management Server (Policy)", "result_filters_notebook_name": "osQuery Management Server Default Filters (Prime)", "query": null } } } | 2025-07-02 07:44:08 | {} | UNKNOWN | ||||||||
| 01JZ51FN6F0XWBBX407SFZQ1V2 | 01JZ51DTQ4TQZDNR1SMFDAX814 | 01JZ51EHFPZ406V5TJG7XRYVAY | { "surveilr-cli": { "ingest": { "files": { "classifier": { "flaggables": [ { "regex": "/(\\.git|node_modules)/", "flags": "IGNORE_RESOURCE", "nature": null }, { "regex": "\\.(?P<nature>md|mdx|html|json|jsonc|puml|txt|toml|yml|xml|tap|csv|tsv|ssv|psv|tm7|pdf|docx|doc|pptx|ppt|xlsx|xls)$", "flags": "CONTENT_ACQUIRABLE", "nature": "?P<nature>" }, { "regex": "surveilr\\[(?P<nature>[^\\]]*)\\]", "flags": "CAPTURABLE_EXECUTABLE", "nature": "?P<nature>" }, { "regex": "surveilr-SQL", "flags": "CAPTURABLE_EXECUTABLE | CAPTURABLE_SQL", "nature": null } ], "rewrite_path_regexs": [ { "regex": "(\\.plantuml)$", "replace": ".puml" }, { "regex": "(\\.text)$", "replace": ".txt" }, { "regex": "(\\.yaml)$", "replace": ".yml" } ], "smart_ignore_conf_files": [ ".surveilr_ignore" ] }, "root_fs_paths": [] }, "imap": null, "plm": null }, "shell": null, "osquery_ms": { "code_notebook_name": "osQuery Management Server (Prime)", "policy_notebook_name": "osQuery Management Server (Policy)", "result_filters_notebook_name": "osQuery Management Server Default Filters (Prime)", "query": null } } } | 2025-07-02 07:44:08 | {} | UNKNOWN | ||||||||
| 01JZ51FPTBSM9P676J1WYQQN79 | 01JZ51DTQ4TQZDNR1SMFDAX814 | 01JZ51EGGZ8PKAAV8WNY9JCV5H | { "surveilr-cli": { "ingest": { "files": { "classifier": { "flaggables": [ { "regex": "/(\\.git|node_modules)/", "flags": "IGNORE_RESOURCE", "nature": null }, { "regex": "\\.(?P<nature>md|mdx|html|json|jsonc|puml|txt|toml|yml|xml|tap|csv|tsv|ssv|psv|tm7|pdf|docx|doc|pptx|ppt|xlsx|xls)$", "flags": "CONTENT_ACQUIRABLE", "nature": "?P<nature>" }, { "regex": "surveilr\\[(?P<nature>[^\\]]*)\\]", "flags": "CAPTURABLE_EXECUTABLE", "nature": "?P<nature>" }, { "regex": "surveilr-SQL", "flags": "CAPTURABLE_EXECUTABLE | CAPTURABLE_SQL", "nature": null } ], "rewrite_path_regexs": [ { "regex": "(\\.plantuml)$", "replace": ".puml" }, { "regex": "(\\.text)$", "replace": ".txt" }, { "regex": "(\\.yaml)$", "replace": ".yml" } ], "smart_ignore_conf_files": [ ".surveilr_ignore" ] }, "root_fs_paths": [] }, "imap": null, "plm": null }, "shell": null, "osquery_ms": { "code_notebook_name": "osQuery Management Server (Prime)", "policy_notebook_name": "osQuery Management Server (Policy)", "result_filters_notebook_name": "osQuery Management Server Default Filters (Prime)", "query": null } } } | 2025-07-02 07:44:10 | {} | UNKNOWN | ||||||||
| 01JZ51FQN3SA0Y632CEPXZAWBC | 01JZ51DTQ4TQZDNR1SMFDAX814 | 01JZ51EKWJRC3C506KS2744VDN | { "surveilr-cli": { "ingest": { "files": { "classifier": { "flaggables": [ { "regex": "/(\\.git|node_modules)/", "flags": "IGNORE_RESOURCE", "nature": null }, { "regex": "\\.(?P<nature>md|mdx|html|json|jsonc|puml|txt|toml|yml|xml|tap|csv|tsv|ssv|psv|tm7|pdf|docx|doc|pptx|ppt|xlsx|xls)$", "flags": "CONTENT_ACQUIRABLE", "nature": "?P<nature>" }, { "regex": "surveilr\\[(?P<nature>[^\\]]*)\\]", "flags": "CAPTURABLE_EXECUTABLE", "nature": "?P<nature>" }, { "regex": "surveilr-SQL", "flags": "CAPTURABLE_EXECUTABLE | CAPTURABLE_SQL", "nature": null } ], "rewrite_path_regexs": [ { "regex": "(\\.plantuml)$", "replace": ".puml" }, { "regex": "(\\.text)$", "replace": ".txt" }, { "regex": "(\\.yaml)$", "replace": ".yml" } ], "smart_ignore_conf_files": [ ".surveilr_ignore" ] }, "root_fs_paths": [] }, "imap": null, "plm": null }, "shell": null, "osquery_ms": { "code_notebook_name": "osQuery Management Server (Prime)", "policy_notebook_name": "osQuery Management Server (Policy)", "result_filters_notebook_name": "osQuery Management Server Default Filters (Prime)", "query": null } } } | 2025-07-02 07:44:11 | {} | UNKNOWN | ||||||||
| 01JZ51FQPM806Z8PEHR2STMDH4 | 01JZ51DTQ4TQZDNR1SMFDAX814 | 01JZ51EJ8GK686RAHX6NSNFM9P | { "surveilr-cli": { "ingest": { "files": { "classifier": { "flaggables": [ { "regex": "/(\\.git|node_modules)/", "flags": "IGNORE_RESOURCE", "nature": null }, { "regex": "\\.(?P<nature>md|mdx|html|json|jsonc|puml|txt|toml|yml|xml|tap|csv|tsv|ssv|psv|tm7|pdf|docx|doc|pptx|ppt|xlsx|xls)$", "flags": "CONTENT_ACQUIRABLE", "nature": "?P<nature>" }, { "regex": "surveilr\\[(?P<nature>[^\\]]*)\\]", "flags": "CAPTURABLE_EXECUTABLE", "nature": "?P<nature>" }, { "regex": "surveilr-SQL", "flags": "CAPTURABLE_EXECUTABLE | CAPTURABLE_SQL", "nature": null } ], "rewrite_path_regexs": [ { "regex": "(\\.plantuml)$", "replace": ".puml" }, { "regex": "(\\.text)$", "replace": ".txt" }, { "regex": "(\\.yaml)$", "replace": ".yml" } ], "smart_ignore_conf_files": [ ".surveilr_ignore" ] }, "root_fs_paths": [] }, "imap": null, "plm": null }, "shell": null, "osquery_ms": { "code_notebook_name": "osQuery Management Server (Prime)", "policy_notebook_name": "osQuery Management Server (Policy)", "result_filters_notebook_name": "osQuery Management Server Default Filters (Prime)", "query": null } } } | 2025-07-02 07:44:11 | {} | UNKNOWN | ||||||||
| 01JZ51FSFJTWD45TGMP9JNYJM9 | 01JZ51DTQ4TQZDNR1SMFDAX814 | 01JZ51EK338PWKM59AXEXWM136 | { "surveilr-cli": { "ingest": { "files": { "classifier": { "flaggables": [ { "regex": "/(\\.git|node_modules)/", "flags": "IGNORE_RESOURCE", "nature": null }, { "regex": "\\.(?P<nature>md|mdx|html|json|jsonc|puml|txt|toml|yml|xml|tap|csv|tsv|ssv|psv|tm7|pdf|docx|doc|pptx|ppt|xlsx|xls)$", "flags": "CONTENT_ACQUIRABLE", "nature": "?P<nature>" }, { "regex": "surveilr\\[(?P<nature>[^\\]]*)\\]", "flags": "CAPTURABLE_EXECUTABLE", "nature": "?P<nature>" }, { "regex": "surveilr-SQL", "flags": "CAPTURABLE_EXECUTABLE | CAPTURABLE_SQL", "nature": null } ], "rewrite_path_regexs": [ { "regex": "(\\.plantuml)$", "replace": ".puml" }, { "regex": "(\\.text)$", "replace": ".txt" }, { "regex": "(\\.yaml)$", "replace": ".yml" } ], "smart_ignore_conf_files": [ ".surveilr_ignore" ] }, "root_fs_paths": [] }, "imap": null, "plm": null }, "shell": null, "osquery_ms": { "code_notebook_name": "osQuery Management Server (Prime)", "policy_notebook_name": "osQuery Management Server (Policy)", "result_filters_notebook_name": "osQuery Management Server Default Filters (Prime)", "query": null } } } | 2025-07-02 07:44:13 | {} | UNKNOWN | ||||||||
| 01JZ51FYQ94YSNP2JDG2SRH68F | 01JZ51DTQ4TQZDNR1SMFDAX814 | 01JZ51EGGZ8PKAAV8WNY9JCV5H | { "surveilr-cli": { "ingest": { "files": { "classifier": { "flaggables": [ { "regex": "/(\\.git|node_modules)/", "flags": "IGNORE_RESOURCE", "nature": null }, { "regex": "\\.(?P<nature>md|mdx|html|json|jsonc|puml|txt|toml|yml|xml|tap|csv|tsv|ssv|psv|tm7|pdf|docx|doc|pptx|ppt|xlsx|xls)$", "flags": "CONTENT_ACQUIRABLE", "nature": "?P<nature>" }, { "regex": "surveilr\\[(?P<nature>[^\\]]*)\\]", "flags": "CAPTURABLE_EXECUTABLE", "nature": "?P<nature>" }, { "regex": "surveilr-SQL", "flags": "CAPTURABLE_EXECUTABLE | CAPTURABLE_SQL", "nature": null } ], "rewrite_path_regexs": [ { "regex": "(\\.plantuml)$", "replace": ".puml" }, { "regex": "(\\.text)$", "replace": ".txt" }, { "regex": "(\\.yaml)$", "replace": ".yml" } ], "smart_ignore_conf_files": [ ".surveilr_ignore" ] }, "root_fs_paths": [] }, "imap": null, "plm": null }, "shell": null, "osquery_ms": { "code_notebook_name": "osQuery Management Server (Prime)", "policy_notebook_name": "osQuery Management Server (Policy)", "result_filters_notebook_name": "osQuery Management Server Default Filters (Prime)", "query": null } } } | 2025-07-02 07:44:18 | {} | UNKNOWN | ||||||||
| 01JZ51G0JYZCEZ4AXVDG875ABJ | 01JZ51DTQ4TQZDNR1SMFDAX814 | 01JZ51EJ8GK686RAHX6NSNFM9P | { "surveilr-cli": { "ingest": { "files": { "classifier": { "flaggables": [ { "regex": "/(\\.git|node_modules)/", "flags": "IGNORE_RESOURCE", "nature": null }, { "regex": "\\.(?P<nature>md|mdx|html|json|jsonc|puml|txt|toml|yml|xml|tap|csv|tsv|ssv|psv|tm7|pdf|docx|doc|pptx|ppt|xlsx|xls)$", "flags": "CONTENT_ACQUIRABLE", "nature": "?P<nature>" }, { "regex": "surveilr\\[(?P<nature>[^\\]]*)\\]", "flags": "CAPTURABLE_EXECUTABLE", "nature": "?P<nature>" }, { "regex": "surveilr-SQL", "flags": "CAPTURABLE_EXECUTABLE | CAPTURABLE_SQL", "nature": null } ], "rewrite_path_regexs": [ { "regex": "(\\.plantuml)$", "replace": ".puml" }, { "regex": "(\\.text)$", "replace": ".txt" }, { "regex": "(\\.yaml)$", "replace": ".yml" } ], "smart_ignore_conf_files": [ ".surveilr_ignore" ] }, "root_fs_paths": [] }, "imap": null, "plm": null }, "shell": null, "osquery_ms": { "code_notebook_name": "osQuery Management Server (Prime)", "policy_notebook_name": "osQuery Management Server (Policy)", "result_filters_notebook_name": "osQuery Management Server Default Filters (Prime)", "query": null } } } | 2025-07-02 07:44:20 | {} | UNKNOWN | ||||||||
| 01JZ51G2M2EANSPWR1PR806M4F | 01JZ51DTQ4TQZDNR1SMFDAX814 | 01JZ51EK338PWKM59AXEXWM136 | { "surveilr-cli": { "ingest": { "files": { "classifier": { "flaggables": [ { "regex": "/(\\.git|node_modules)/", "flags": "IGNORE_RESOURCE", "nature": null }, { "regex": "\\.(?P<nature>md|mdx|html|json|jsonc|puml|txt|toml|yml|xml|tap|csv|tsv|ssv|psv|tm7|pdf|docx|doc|pptx|ppt|xlsx|xls)$", "flags": "CONTENT_ACQUIRABLE", "nature": "?P<nature>" }, { "regex": "surveilr\\[(?P<nature>[^\\]]*)\\]", "flags": "CAPTURABLE_EXECUTABLE", "nature": "?P<nature>" }, { "regex": "surveilr-SQL", "flags": "CAPTURABLE_EXECUTABLE | CAPTURABLE_SQL", "nature": null } ], "rewrite_path_regexs": [ { "regex": "(\\.plantuml)$", "replace": ".puml" }, { "regex": "(\\.text)$", "replace": ".txt" }, { "regex": "(\\.yaml)$", "replace": ".yml" } ], "smart_ignore_conf_files": [ ".surveilr_ignore" ] }, "root_fs_paths": [] }, "imap": null, "plm": null }, "shell": null, "osquery_ms": { "code_notebook_name": "osQuery Management Server (Prime)", "policy_notebook_name": "osQuery Management Server (Policy)", "result_filters_notebook_name": "osQuery Management Server Default Filters (Prime)", "query": null } } } | 2025-07-02 07:44:22 | {} | UNKNOWN | ||||||||
| 01JZ51G5A6FEN9MHSMFRX57Z77 | 01JZ51DTQ4TQZDNR1SMFDAX814 | 01JZ51EJ8GK686RAHX6NSNFM9P | { "surveilr-cli": { "ingest": { "files": { "classifier": { "flaggables": [ { "regex": "/(\\.git|node_modules)/", "flags": "IGNORE_RESOURCE", "nature": null }, { "regex": "\\.(?P<nature>md|mdx|html|json|jsonc|puml|txt|toml|yml|xml|tap|csv|tsv|ssv|psv|tm7|pdf|docx|doc|pptx|ppt|xlsx|xls)$", "flags": "CONTENT_ACQUIRABLE", "nature": "?P<nature>" }, { "regex": "surveilr\\[(?P<nature>[^\\]]*)\\]", "flags": "CAPTURABLE_EXECUTABLE", "nature": "?P<nature>" }, { "regex": "surveilr-SQL", "flags": "CAPTURABLE_EXECUTABLE | CAPTURABLE_SQL", "nature": null } ], "rewrite_path_regexs": [ { "regex": "(\\.plantuml)$", "replace": ".puml" }, { "regex": "(\\.text)$", "replace": ".txt" }, { "regex": "(\\.yaml)$", "replace": ".yml" } ], "smart_ignore_conf_files": [ ".surveilr_ignore" ] }, "root_fs_paths": [] }, "imap": null, "plm": null }, "shell": null, "osquery_ms": { "code_notebook_name": "osQuery Management Server (Prime)", "policy_notebook_name": "osQuery Management Server (Policy)", "result_filters_notebook_name": "osQuery Management Server Default Filters (Prime)", "query": null } } } | 2025-07-02 07:44:25 | {} | UNKNOWN | ||||||||
| 01JZ51G7BCJ6FY7GCHP1RP9F0S | 01JZ51DTQ4TQZDNR1SMFDAX814 | 01JZ51EKWJRC3C506KS2744VDN | { "surveilr-cli": { "ingest": { "files": { "classifier": { "flaggables": [ { "regex": "/(\\.git|node_modules)/", "flags": "IGNORE_RESOURCE", "nature": null }, { "regex": "\\.(?P<nature>md|mdx|html|json|jsonc|puml|txt|toml|yml|xml|tap|csv|tsv|ssv|psv|tm7|pdf|docx|doc|pptx|ppt|xlsx|xls)$", "flags": "CONTENT_ACQUIRABLE", "nature": "?P<nature>" }, { "regex": "surveilr\\[(?P<nature>[^\\]]*)\\]", "flags": "CAPTURABLE_EXECUTABLE", "nature": "?P<nature>" }, { "regex": "surveilr-SQL", "flags": "CAPTURABLE_EXECUTABLE | CAPTURABLE_SQL", "nature": null } ], "rewrite_path_regexs": [ { "regex": "(\\.plantuml)$", "replace": ".puml" }, { "regex": "(\\.text)$", "replace": ".txt" }, { "regex": "(\\.yaml)$", "replace": ".yml" } ], "smart_ignore_conf_files": [ ".surveilr_ignore" ] }, "root_fs_paths": [] }, "imap": null, "plm": null }, "shell": null, "osquery_ms": { "code_notebook_name": "osQuery Management Server (Prime)", "policy_notebook_name": "osQuery Management Server (Policy)", "result_filters_notebook_name": "osQuery Management Server Default Filters (Prime)", "query": null } } } | 2025-07-02 07:44:27 | {} | UNKNOWN | ||||||||
| 01JZ51G7EDNXCEQ9E3FY159FA4 | 01JZ51DTQ4TQZDNR1SMFDAX814 | 01JZ51EK338PWKM59AXEXWM136 | { "surveilr-cli": { "ingest": { "files": { "classifier": { "flaggables": [ { "regex": "/(\\.git|node_modules)/", "flags": "IGNORE_RESOURCE", "nature": null }, { "regex": "\\.(?P<nature>md|mdx|html|json|jsonc|puml|txt|toml|yml|xml|tap|csv|tsv|ssv|psv|tm7|pdf|docx|doc|pptx|ppt|xlsx|xls)$", "flags": "CONTENT_ACQUIRABLE", "nature": "?P<nature>" }, { "regex": "surveilr\\[(?P<nature>[^\\]]*)\\]", "flags": "CAPTURABLE_EXECUTABLE", "nature": "?P<nature>" }, { "regex": "surveilr-SQL", "flags": "CAPTURABLE_EXECUTABLE | CAPTURABLE_SQL", "nature": null } ], "rewrite_path_regexs": [ { "regex": "(\\.plantuml)$", "replace": ".puml" }, { "regex": "(\\.text)$", "replace": ".txt" }, { "regex": "(\\.yaml)$", "replace": ".yml" } ], "smart_ignore_conf_files": [ ".surveilr_ignore" ] }, "root_fs_paths": [] }, "imap": null, "plm": null }, "shell": null, "osquery_ms": { "code_notebook_name": "osQuery Management Server (Prime)", "policy_notebook_name": "osQuery Management Server (Policy)", "result_filters_notebook_name": "osQuery Management Server Default Filters (Prime)", "query": null } } } | 2025-07-02 07:44:27 | {} | UNKNOWN | ||||||||
| 01JZ51GE6B39HNJ85ZQ70E2MFQ | 01JZ51DTQ4TQZDNR1SMFDAX814 | 01JZ51EJ8GK686RAHX6NSNFM9P | { "surveilr-cli": { "ingest": { "files": { "classifier": { "flaggables": [ { "regex": "/(\\.git|node_modules)/", "flags": "IGNORE_RESOURCE", "nature": null }, { "regex": "\\.(?P<nature>md|mdx|html|json|jsonc|puml|txt|toml|yml|xml|tap|csv|tsv|ssv|psv|tm7|pdf|docx|doc|pptx|ppt|xlsx|xls)$", "flags": "CONTENT_ACQUIRABLE", "nature": "?P<nature>" }, { "regex": "surveilr\\[(?P<nature>[^\\]]*)\\]", "flags": "CAPTURABLE_EXECUTABLE", "nature": "?P<nature>" }, { "regex": "surveilr-SQL", "flags": "CAPTURABLE_EXECUTABLE | CAPTURABLE_SQL", "nature": null } ], "rewrite_path_regexs": [ { "regex": "(\\.plantuml)$", "replace": ".puml" }, { "regex": "(\\.text)$", "replace": ".txt" }, { "regex": "(\\.yaml)$", "replace": ".yml" } ], "smart_ignore_conf_files": [ ".surveilr_ignore" ] }, "root_fs_paths": [] }, "imap": null, "plm": null }, "shell": null, "osquery_ms": { "code_notebook_name": "osQuery Management Server (Prime)", "policy_notebook_name": "osQuery Management Server (Policy)", "result_filters_notebook_name": "osQuery Management Server Default Filters (Prime)", "query": null } } } | 2025-07-02 07:44:34 | {} | UNKNOWN | ||||||||
| 01JZ51GEF3Q4YKVB6XHW127SPT | 01JZ51DTQ4TQZDNR1SMFDAX814 | 01JZ51EGGZ8PKAAV8WNY9JCV5H | { "surveilr-cli": { "ingest": { "files": { "classifier": { "flaggables": [ { "regex": "/(\\.git|node_modules)/", "flags": "IGNORE_RESOURCE", "nature": null }, { "regex": "\\.(?P<nature>md|mdx|html|json|jsonc|puml|txt|toml|yml|xml|tap|csv|tsv|ssv|psv|tm7|pdf|docx|doc|pptx|ppt|xlsx|xls)$", "flags": "CONTENT_ACQUIRABLE", "nature": "?P<nature>" }, { "regex": "surveilr\\[(?P<nature>[^\\]]*)\\]", "flags": "CAPTURABLE_EXECUTABLE", "nature": "?P<nature>" }, { "regex": "surveilr-SQL", "flags": "CAPTURABLE_EXECUTABLE | CAPTURABLE_SQL", "nature": null } ], "rewrite_path_regexs": [ { "regex": "(\\.plantuml)$", "replace": ".puml" }, { "regex": "(\\.text)$", "replace": ".txt" }, { "regex": "(\\.yaml)$", "replace": ".yml" } ], "smart_ignore_conf_files": [ ".surveilr_ignore" ] }, "root_fs_paths": [] }, "imap": null, "plm": null }, "shell": null, "osquery_ms": { "code_notebook_name": "osQuery Management Server (Prime)", "policy_notebook_name": "osQuery Management Server (Policy)", "result_filters_notebook_name": "osQuery Management Server Default Filters (Prime)", "query": null } } } | 2025-07-02 07:44:34 | {} | UNKNOWN | ||||||||
| 01JZ51GF4YY5E7FC0ZN42652XN | 01JZ51DTQ4TQZDNR1SMFDAX814 | 01JZ51EHFPZ406V5TJG7XRYVAY | { "surveilr-cli": { "ingest": { "files": { "classifier": { "flaggables": [ { "regex": "/(\\.git|node_modules)/", "flags": "IGNORE_RESOURCE", "nature": null }, { "regex": "\\.(?P<nature>md|mdx|html|json|jsonc|puml|txt|toml|yml|xml|tap|csv|tsv|ssv|psv|tm7|pdf|docx|doc|pptx|ppt|xlsx|xls)$", "flags": "CONTENT_ACQUIRABLE", "nature": "?P<nature>" }, { "regex": "surveilr\\[(?P<nature>[^\\]]*)\\]", "flags": "CAPTURABLE_EXECUTABLE", "nature": "?P<nature>" }, { "regex": "surveilr-SQL", "flags": "CAPTURABLE_EXECUTABLE | CAPTURABLE_SQL", "nature": null } ], "rewrite_path_regexs": [ { "regex": "(\\.plantuml)$", "replace": ".puml" }, { "regex": "(\\.text)$", "replace": ".txt" }, { "regex": "(\\.yaml)$", "replace": ".yml" } ], "smart_ignore_conf_files": [ ".surveilr_ignore" ] }, "root_fs_paths": [] }, "imap": null, "plm": null }, "shell": null, "osquery_ms": { "code_notebook_name": "osQuery Management Server (Prime)", "policy_notebook_name": "osQuery Management Server (Policy)", "result_filters_notebook_name": "osQuery Management Server Default Filters (Prime)", "query": null } } } | 2025-07-02 07:44:35 | {} | UNKNOWN | ||||||||
| 01JZ51GF84SNHK4TACJ04MWBNC | 01JZ51DTQ4TQZDNR1SMFDAX814 | 01JZ51EKWJRC3C506KS2744VDN | { "surveilr-cli": { "ingest": { "files": { "classifier": { "flaggables": [ { "regex": "/(\\.git|node_modules)/", "flags": "IGNORE_RESOURCE", "nature": null }, { "regex": "\\.(?P<nature>md|mdx|html|json|jsonc|puml|txt|toml|yml|xml|tap|csv|tsv|ssv|psv|tm7|pdf|docx|doc|pptx|ppt|xlsx|xls)$", "flags": "CONTENT_ACQUIRABLE", "nature": "?P<nature>" }, { "regex": "surveilr\\[(?P<nature>[^\\]]*)\\]", "flags": "CAPTURABLE_EXECUTABLE", "nature": "?P<nature>" }, { "regex": "surveilr-SQL", "flags": "CAPTURABLE_EXECUTABLE | CAPTURABLE_SQL", "nature": null } ], "rewrite_path_regexs": [ { "regex": "(\\.plantuml)$", "replace": ".puml" }, { "regex": "(\\.text)$", "replace": ".txt" }, { "regex": "(\\.yaml)$", "replace": ".yml" } ], "smart_ignore_conf_files": [ ".surveilr_ignore" ] }, "root_fs_paths": [] }, "imap": null, "plm": null }, "shell": null, "osquery_ms": { "code_notebook_name": "osQuery Management Server (Prime)", "policy_notebook_name": "osQuery Management Server (Policy)", "result_filters_notebook_name": "osQuery Management Server Default Filters (Prime)", "query": null } } } | 2025-07-02 07:44:35 | {} | UNKNOWN | ||||||||
| 01JZ51GGH5GRTX0R1YFQ9176CX | 01JZ51DTQ4TQZDNR1SMFDAX814 | 01JZ51EK338PWKM59AXEXWM136 | { "surveilr-cli": { "ingest": { "files": { "classifier": { "flaggables": [ { "regex": "/(\\.git|node_modules)/", "flags": "IGNORE_RESOURCE", "nature": null }, { "regex": "\\.(?P<nature>md|mdx|html|json|jsonc|puml|txt|toml|yml|xml|tap|csv|tsv|ssv|psv|tm7|pdf|docx|doc|pptx|ppt|xlsx|xls)$", "flags": "CONTENT_ACQUIRABLE", "nature": "?P<nature>" }, { "regex": "surveilr\\[(?P<nature>[^\\]]*)\\]", "flags": "CAPTURABLE_EXECUTABLE", "nature": "?P<nature>" }, { "regex": "surveilr-SQL", "flags": "CAPTURABLE_EXECUTABLE | CAPTURABLE_SQL", "nature": null } ], "rewrite_path_regexs": [ { "regex": "(\\.plantuml)$", "replace": ".puml" }, { "regex": "(\\.text)$", "replace": ".txt" }, { "regex": "(\\.yaml)$", "replace": ".yml" } ], "smart_ignore_conf_files": [ ".surveilr_ignore" ] }, "root_fs_paths": [] }, "imap": null, "plm": null }, "shell": null, "osquery_ms": { "code_notebook_name": "osQuery Management Server (Prime)", "policy_notebook_name": "osQuery Management Server (Policy)", "result_filters_notebook_name": "osQuery Management Server Default Filters (Prime)", "query": null } } } | 2025-07-02 07:44:36 | {} | UNKNOWN | ||||||||
| 01JZ51GJDFA10TKV2KH4NR1PJH | 01JZ51DTQ4TQZDNR1SMFDAX814 | 01JZ51EGGZ8PKAAV8WNY9JCV5H | { "surveilr-cli": { "ingest": { "files": { "classifier": { "flaggables": [ { "regex": "/(\\.git|node_modules)/", "flags": "IGNORE_RESOURCE", "nature": null }, { "regex": "\\.(?P<nature>md|mdx|html|json|jsonc|puml|txt|toml|yml|xml|tap|csv|tsv|ssv|psv|tm7|pdf|docx|doc|pptx|ppt|xlsx|xls)$", "flags": "CONTENT_ACQUIRABLE", "nature": "?P<nature>" }, { "regex": "surveilr\\[(?P<nature>[^\\]]*)\\]", "flags": "CAPTURABLE_EXECUTABLE", "nature": "?P<nature>" }, { "regex": "surveilr-SQL", "flags": "CAPTURABLE_EXECUTABLE | CAPTURABLE_SQL", "nature": null } ], "rewrite_path_regexs": [ { "regex": "(\\.plantuml)$", "replace": ".puml" }, { "regex": "(\\.text)$", "replace": ".txt" }, { "regex": "(\\.yaml)$", "replace": ".yml" } ], "smart_ignore_conf_files": [ ".surveilr_ignore" ] }, "root_fs_paths": [] }, "imap": null, "plm": null }, "shell": null, "osquery_ms": { "code_notebook_name": "osQuery Management Server (Prime)", "policy_notebook_name": "osQuery Management Server (Policy)", "result_filters_notebook_name": "osQuery Management Server Default Filters (Prime)", "query": null } } } | 2025-07-02 07:44:38 | {} | UNKNOWN | ||||||||
| 01JZ51GJTAZ1J4H6A2HTRHW558 | 01JZ51DTQ4TQZDNR1SMFDAX814 | 01JZ51EJ8GK686RAHX6NSNFM9P | { "surveilr-cli": { "ingest": { "files": { "classifier": { "flaggables": [ { "regex": "/(\\.git|node_modules)/", "flags": "IGNORE_RESOURCE", "nature": null }, { "regex": "\\.(?P<nature>md|mdx|html|json|jsonc|puml|txt|toml|yml|xml|tap|csv|tsv|ssv|psv|tm7|pdf|docx|doc|pptx|ppt|xlsx|xls)$", "flags": "CONTENT_ACQUIRABLE", "nature": "?P<nature>" }, { "regex": "surveilr\\[(?P<nature>[^\\]]*)\\]", "flags": "CAPTURABLE_EXECUTABLE", "nature": "?P<nature>" }, { "regex": "surveilr-SQL", "flags": "CAPTURABLE_EXECUTABLE | CAPTURABLE_SQL", "nature": null } ], "rewrite_path_regexs": [ { "regex": "(\\.plantuml)$", "replace": ".puml" }, { "regex": "(\\.text)$", "replace": ".txt" }, { "regex": "(\\.yaml)$", "replace": ".yml" } ], "smart_ignore_conf_files": [ ".surveilr_ignore" ] }, "root_fs_paths": [] }, "imap": null, "plm": null }, "shell": null, "osquery_ms": { "code_notebook_name": "osQuery Management Server (Prime)", "policy_notebook_name": "osQuery Management Server (Policy)", "result_filters_notebook_name": "osQuery Management Server Default Filters (Prime)", "query": null } } } | 2025-07-02 07:44:39 | {} | UNKNOWN | ||||||||
| 01JZ51GKRW8T8J32BP3PD6SQ9B | 01JZ51DTQ4TQZDNR1SMFDAX814 | 01JZ51EHFPZ406V5TJG7XRYVAY | { "surveilr-cli": { "ingest": { "files": { "classifier": { "flaggables": [ { "regex": "/(\\.git|node_modules)/", "flags": "IGNORE_RESOURCE", "nature": null }, { "regex": "\\.(?P<nature>md|mdx|html|json|jsonc|puml|txt|toml|yml|xml|tap|csv|tsv|ssv|psv|tm7|pdf|docx|doc|pptx|ppt|xlsx|xls)$", "flags": "CONTENT_ACQUIRABLE", "nature": "?P<nature>" }, { "regex": "surveilr\\[(?P<nature>[^\\]]*)\\]", "flags": "CAPTURABLE_EXECUTABLE", "nature": "?P<nature>" }, { "regex": "surveilr-SQL", "flags": "CAPTURABLE_EXECUTABLE | CAPTURABLE_SQL", "nature": null } ], "rewrite_path_regexs": [ { "regex": "(\\.plantuml)$", "replace": ".puml" }, { "regex": "(\\.text)$", "replace": ".txt" }, { "regex": "(\\.yaml)$", "replace": ".yml" } ], "smart_ignore_conf_files": [ ".surveilr_ignore" ] }, "root_fs_paths": [] }, "imap": null, "plm": null }, "shell": null, "osquery_ms": { "code_notebook_name": "osQuery Management Server (Prime)", "policy_notebook_name": "osQuery Management Server (Policy)", "result_filters_notebook_name": "osQuery Management Server Default Filters (Prime)", "query": null } } } | 2025-07-02 07:44:40 | {} | UNKNOWN | ||||||||
| 01JZ51GNA2DR9GXP7Q25V5WJTB | 01JZ51DTQ4TQZDNR1SMFDAX814 | 01JZ51EK338PWKM59AXEXWM136 | { "surveilr-cli": { "ingest": { "files": { "classifier": { "flaggables": [ { "regex": "/(\\.git|node_modules)/", "flags": "IGNORE_RESOURCE", "nature": null }, { "regex": "\\.(?P<nature>md|mdx|html|json|jsonc|puml|txt|toml|yml|xml|tap|csv|tsv|ssv|psv|tm7|pdf|docx|doc|pptx|ppt|xlsx|xls)$", "flags": "CONTENT_ACQUIRABLE", "nature": "?P<nature>" }, { "regex": "surveilr\\[(?P<nature>[^\\]]*)\\]", "flags": "CAPTURABLE_EXECUTABLE", "nature": "?P<nature>" }, { "regex": "surveilr-SQL", "flags": "CAPTURABLE_EXECUTABLE | CAPTURABLE_SQL", "nature": null } ], "rewrite_path_regexs": [ { "regex": "(\\.plantuml)$", "replace": ".puml" }, { "regex": "(\\.text)$", "replace": ".txt" }, { "regex": "(\\.yaml)$", "replace": ".yml" } ], "smart_ignore_conf_files": [ ".surveilr_ignore" ] }, "root_fs_paths": [] }, "imap": null, "plm": null }, "shell": null, "osquery_ms": { "code_notebook_name": "osQuery Management Server (Prime)", "policy_notebook_name": "osQuery Management Server (Policy)", "result_filters_notebook_name": "osQuery Management Server Default Filters (Prime)", "query": null } } } | 2025-07-02 07:44:41 | {} | UNKNOWN | ||||||||
| 01JZ51GQ6BYBQJ07J3ABDQPG57 | 01JZ51DTQ4TQZDNR1SMFDAX814 | 01JZ51EKWJRC3C506KS2744VDN | { "surveilr-cli": { "ingest": { "files": { "classifier": { "flaggables": [ { "regex": "/(\\.git|node_modules)/", "flags": "IGNORE_RESOURCE", "nature": null }, { "regex": "\\.(?P<nature>md|mdx|html|json|jsonc|puml|txt|toml|yml|xml|tap|csv|tsv|ssv|psv|tm7|pdf|docx|doc|pptx|ppt|xlsx|xls)$", "flags": "CONTENT_ACQUIRABLE", "nature": "?P<nature>" }, { "regex": "surveilr\\[(?P<nature>[^\\]]*)\\]", "flags": "CAPTURABLE_EXECUTABLE", "nature": "?P<nature>" }, { "regex": "surveilr-SQL", "flags": "CAPTURABLE_EXECUTABLE | CAPTURABLE_SQL", "nature": null } ], "rewrite_path_regexs": [ { "regex": "(\\.plantuml)$", "replace": ".puml" }, { "regex": "(\\.text)$", "replace": ".txt" }, { "regex": "(\\.yaml)$", "replace": ".yml" } ], "smart_ignore_conf_files": [ ".surveilr_ignore" ] }, "root_fs_paths": [] }, "imap": null, "plm": null }, "shell": null, "osquery_ms": { "code_notebook_name": "osQuery Management Server (Prime)", "policy_notebook_name": "osQuery Management Server (Policy)", "result_filters_notebook_name": "osQuery Management Server Default Filters (Prime)", "query": null } } } | 2025-07-02 07:44:43 | {} | UNKNOWN | ||||||||
| 01JZ51GQE8B5RWZYKWGNJ4156N | 01JZ51DTQ4TQZDNR1SMFDAX814 | 01JZ51EJ8GK686RAHX6NSNFM9P | { "surveilr-cli": { "ingest": { "files": { "classifier": { "flaggables": [ { "regex": "/(\\.git|node_modules)/", "flags": "IGNORE_RESOURCE", "nature": null }, { "regex": "\\.(?P<nature>md|mdx|html|json|jsonc|puml|txt|toml|yml|xml|tap|csv|tsv|ssv|psv|tm7|pdf|docx|doc|pptx|ppt|xlsx|xls)$", "flags": "CONTENT_ACQUIRABLE", "nature": "?P<nature>" }, { "regex": "surveilr\\[(?P<nature>[^\\]]*)\\]", "flags": "CAPTURABLE_EXECUTABLE", "nature": "?P<nature>" }, { "regex": "surveilr-SQL", "flags": "CAPTURABLE_EXECUTABLE | CAPTURABLE_SQL", "nature": null } ], "rewrite_path_regexs": [ { "regex": "(\\.plantuml)$", "replace": ".puml" }, { "regex": "(\\.text)$", "replace": ".txt" }, { "regex": "(\\.yaml)$", "replace": ".yml" } ], "smart_ignore_conf_files": [ ".surveilr_ignore" ] }, "root_fs_paths": [] }, "imap": null, "plm": null }, "shell": null, "osquery_ms": { "code_notebook_name": "osQuery Management Server (Prime)", "policy_notebook_name": "osQuery Management Server (Policy)", "result_filters_notebook_name": "osQuery Management Server Default Filters (Prime)", "query": null } } } | 2025-07-02 07:44:43 | {} | UNKNOWN | ||||||||
| 01JZ51GY9KHC11TBY4WQTZ5H5N | 01JZ51DTQ4TQZDNR1SMFDAX814 | 01JZ51EGGZ8PKAAV8WNY9JCV5H | { "surveilr-cli": { "ingest": { "files": { "classifier": { "flaggables": [ { "regex": "/(\\.git|node_modules)/", "flags": "IGNORE_RESOURCE", "nature": null }, { "regex": "\\.(?P<nature>md|mdx|html|json|jsonc|puml|txt|toml|yml|xml|tap|csv|tsv|ssv|psv|tm7|pdf|docx|doc|pptx|ppt|xlsx|xls)$", "flags": "CONTENT_ACQUIRABLE", "nature": "?P<nature>" }, { "regex": "surveilr\\[(?P<nature>[^\\]]*)\\]", "flags": "CAPTURABLE_EXECUTABLE", "nature": "?P<nature>" }, { "regex": "surveilr-SQL", "flags": "CAPTURABLE_EXECUTABLE | CAPTURABLE_SQL", "nature": null } ], "rewrite_path_regexs": [ { "regex": "(\\.plantuml)$", "replace": ".puml" }, { "regex": "(\\.text)$", "replace": ".txt" }, { "regex": "(\\.yaml)$", "replace": ".yml" } ], "smart_ignore_conf_files": [ ".surveilr_ignore" ] }, "root_fs_paths": [] }, "imap": null, "plm": null }, "shell": null, "osquery_ms": { "code_notebook_name": "osQuery Management Server (Prime)", "policy_notebook_name": "osQuery Management Server (Policy)", "result_filters_notebook_name": "osQuery Management Server Default Filters (Prime)", "query": null } } } | 2025-07-02 07:44:50 | {} | UNKNOWN | ||||||||
| 01JZ51GZ2867ERZSJ870ZG9015 | 01JZ51DTQ4TQZDNR1SMFDAX814 | 01JZ51EKWJRC3C506KS2744VDN | { "surveilr-cli": { "ingest": { "files": { "classifier": { "flaggables": [ { "regex": "/(\\.git|node_modules)/", "flags": "IGNORE_RESOURCE", "nature": null }, { "regex": "\\.(?P<nature>md|mdx|html|json|jsonc|puml|txt|toml|yml|xml|tap|csv|tsv|ssv|psv|tm7|pdf|docx|doc|pptx|ppt|xlsx|xls)$", "flags": "CONTENT_ACQUIRABLE", "nature": "?P<nature>" }, { "regex": "surveilr\\[(?P<nature>[^\\]]*)\\]", "flags": "CAPTURABLE_EXECUTABLE", "nature": "?P<nature>" }, { "regex": "surveilr-SQL", "flags": "CAPTURABLE_EXECUTABLE | CAPTURABLE_SQL", "nature": null } ], "rewrite_path_regexs": [ { "regex": "(\\.plantuml)$", "replace": ".puml" }, { "regex": "(\\.text)$", "replace": ".txt" }, { "regex": "(\\.yaml)$", "replace": ".yml" } ], "smart_ignore_conf_files": [ ".surveilr_ignore" ] }, "root_fs_paths": [] }, "imap": null, "plm": null }, "shell": null, "osquery_ms": { "code_notebook_name": "osQuery Management Server (Prime)", "policy_notebook_name": "osQuery Management Server (Policy)", "result_filters_notebook_name": "osQuery Management Server Default Filters (Prime)", "query": null } } } | 2025-07-02 07:44:51 | {} | UNKNOWN | ||||||||
| 01JZ51H0CEVX3ADZ4WRZE37FPY | 01JZ51DTQ4TQZDNR1SMFDAX814 | 01JZ51EJ8GK686RAHX6NSNFM9P | { "surveilr-cli": { "ingest": { "files": { "classifier": { "flaggables": [ { "regex": "/(\\.git|node_modules)/", "flags": "IGNORE_RESOURCE", "nature": null }, { "regex": "\\.(?P<nature>md|mdx|html|json|jsonc|puml|txt|toml|yml|xml|tap|csv|tsv|ssv|psv|tm7|pdf|docx|doc|pptx|ppt|xlsx|xls)$", "flags": "CONTENT_ACQUIRABLE", "nature": "?P<nature>" }, { "regex": "surveilr\\[(?P<nature>[^\\]]*)\\]", "flags": "CAPTURABLE_EXECUTABLE", "nature": "?P<nature>" }, { "regex": "surveilr-SQL", "flags": "CAPTURABLE_EXECUTABLE | CAPTURABLE_SQL", "nature": null } ], "rewrite_path_regexs": [ { "regex": "(\\.plantuml)$", "replace": ".puml" }, { "regex": "(\\.text)$", "replace": ".txt" }, { "regex": "(\\.yaml)$", "replace": ".yml" } ], "smart_ignore_conf_files": [ ".surveilr_ignore" ] }, "root_fs_paths": [] }, "imap": null, "plm": null }, "shell": null, "osquery_ms": { "code_notebook_name": "osQuery Management Server (Prime)", "policy_notebook_name": "osQuery Management Server (Policy)", "result_filters_notebook_name": "osQuery Management Server Default Filters (Prime)", "query": null } } } | 2025-07-02 07:44:53 | {} | UNKNOWN | ||||||||
| 01JZ51H2S60690NZ87CRJXBTT6 | 01JZ51DTQ4TQZDNR1SMFDAX814 | 01JZ51EK338PWKM59AXEXWM136 | { "surveilr-cli": { "ingest": { "files": { "classifier": { "flaggables": [ { "regex": "/(\\.git|node_modules)/", "flags": "IGNORE_RESOURCE", "nature": null }, { "regex": "\\.(?P<nature>md|mdx|html|json|jsonc|puml|txt|toml|yml|xml|tap|csv|tsv|ssv|psv|tm7|pdf|docx|doc|pptx|ppt|xlsx|xls)$", "flags": "CONTENT_ACQUIRABLE", "nature": "?P<nature>" }, { "regex": "surveilr\\[(?P<nature>[^\\]]*)\\]", "flags": "CAPTURABLE_EXECUTABLE", "nature": "?P<nature>" }, { "regex": "surveilr-SQL", "flags": "CAPTURABLE_EXECUTABLE | CAPTURABLE_SQL", "nature": null } ], "rewrite_path_regexs": [ { "regex": "(\\.plantuml)$", "replace": ".puml" }, { "regex": "(\\.text)$", "replace": ".txt" }, { "regex": "(\\.yaml)$", "replace": ".yml" } ], "smart_ignore_conf_files": [ ".surveilr_ignore" ] }, "root_fs_paths": [] }, "imap": null, "plm": null }, "shell": null, "osquery_ms": { "code_notebook_name": "osQuery Management Server (Prime)", "policy_notebook_name": "osQuery Management Server (Policy)", "result_filters_notebook_name": "osQuery Management Server Default Filters (Prime)", "query": null } } } | 2025-07-02 07:44:55 | {} | UNKNOWN | ||||||||
| 01JZ51H58FR71XC7TH03Z40J8Y | 01JZ51DTQ4TQZDNR1SMFDAX814 | 01JZ51EHFPZ406V5TJG7XRYVAY | { "surveilr-cli": { "ingest": { "files": { "classifier": { "flaggables": [ { "regex": "/(\\.git|node_modules)/", "flags": "IGNORE_RESOURCE", "nature": null }, { "regex": "\\.(?P<nature>md|mdx|html|json|jsonc|puml|txt|toml|yml|xml|tap|csv|tsv|ssv|psv|tm7|pdf|docx|doc|pptx|ppt|xlsx|xls)$", "flags": "CONTENT_ACQUIRABLE", "nature": "?P<nature>" }, { "regex": "surveilr\\[(?P<nature>[^\\]]*)\\]", "flags": "CAPTURABLE_EXECUTABLE", "nature": "?P<nature>" }, { "regex": "surveilr-SQL", "flags": "CAPTURABLE_EXECUTABLE | CAPTURABLE_SQL", "nature": null } ], "rewrite_path_regexs": [ { "regex": "(\\.plantuml)$", "replace": ".puml" }, { "regex": "(\\.text)$", "replace": ".txt" }, { "regex": "(\\.yaml)$", "replace": ".yml" } ], "smart_ignore_conf_files": [ ".surveilr_ignore" ] }, "root_fs_paths": [] }, "imap": null, "plm": null }, "shell": null, "osquery_ms": { "code_notebook_name": "osQuery Management Server (Prime)", "policy_notebook_name": "osQuery Management Server (Policy)", "result_filters_notebook_name": "osQuery Management Server Default Filters (Prime)", "query": null } } } | 2025-07-02 07:44:58 | {} | UNKNOWN | ||||||||
| 01JZ51H5GWK0VVA5Z512FE0WB8 | 01JZ51DTQ4TQZDNR1SMFDAX814 | 01JZ51EP3GGHX70NVBJMMR7PK2 | { "surveilr-cli": { "ingest": { "files": { "classifier": { "flaggables": [ { "regex": "/(\\.git|node_modules)/", "flags": "IGNORE_RESOURCE", "nature": null }, { "regex": "\\.(?P<nature>md|mdx|html|json|jsonc|puml|txt|toml|yml|xml|tap|csv|tsv|ssv|psv|tm7|pdf|docx|doc|pptx|ppt|xlsx|xls)$", "flags": "CONTENT_ACQUIRABLE", "nature": "?P<nature>" }, { "regex": "surveilr\\[(?P<nature>[^\\]]*)\\]", "flags": "CAPTURABLE_EXECUTABLE", "nature": "?P<nature>" }, { "regex": "surveilr-SQL", "flags": "CAPTURABLE_EXECUTABLE | CAPTURABLE_SQL", "nature": null } ], "rewrite_path_regexs": [ { "regex": "(\\.plantuml)$", "replace": ".puml" }, { "regex": "(\\.text)$", "replace": ".txt" }, { "regex": "(\\.yaml)$", "replace": ".yml" } ], "smart_ignore_conf_files": [ ".surveilr_ignore" ] }, "root_fs_paths": [] }, "imap": null, "plm": null }, "shell": null, "osquery_ms": { "code_notebook_name": "osQuery Management Server (Prime)", "policy_notebook_name": "osQuery Management Server (Policy)", "result_filters_notebook_name": "osQuery Management Server Default Filters (Prime)", "query": null } } } | 2025-07-02 07:44:58 | {} | UNKNOWN | ||||||||
| 01JZ51H71GQRR9ATQPBWXK1T59 | 01JZ51DTQ4TQZDNR1SMFDAX814 | 01JZ51EKWJRC3C506KS2744VDN | { "surveilr-cli": { "ingest": { "files": { "classifier": { "flaggables": [ { "regex": "/(\\.git|node_modules)/", "flags": "IGNORE_RESOURCE", "nature": null }, { "regex": "\\.(?P<nature>md|mdx|html|json|jsonc|puml|txt|toml|yml|xml|tap|csv|tsv|ssv|psv|tm7|pdf|docx|doc|pptx|ppt|xlsx|xls)$", "flags": "CONTENT_ACQUIRABLE", "nature": "?P<nature>" }, { "regex": "surveilr\\[(?P<nature>[^\\]]*)\\]", "flags": "CAPTURABLE_EXECUTABLE", "nature": "?P<nature>" }, { "regex": "surveilr-SQL", "flags": "CAPTURABLE_EXECUTABLE | CAPTURABLE_SQL", "nature": null } ], "rewrite_path_regexs": [ { "regex": "(\\.plantuml)$", "replace": ".puml" }, { "regex": "(\\.text)$", "replace": ".txt" }, { "regex": "(\\.yaml)$", "replace": ".yml" } ], "smart_ignore_conf_files": [ ".surveilr_ignore" ] }, "root_fs_paths": [] }, "imap": null, "plm": null }, "shell": null, "osquery_ms": { "code_notebook_name": "osQuery Management Server (Prime)", "policy_notebook_name": "osQuery Management Server (Policy)", "result_filters_notebook_name": "osQuery Management Server Default Filters (Prime)", "query": null } } } | 2025-07-02 07:44:59 | {} | UNKNOWN | ||||||||
| 01JZ51H98KHYJCVQT615A5D7X9 | 01JZ51DTQ4TQZDNR1SMFDAX814 | 01JZ51EJ8GK686RAHX6NSNFM9P | { "surveilr-cli": { "ingest": { "files": { "classifier": { "flaggables": [ { "regex": "/(\\.git|node_modules)/", "flags": "IGNORE_RESOURCE", "nature": null }, { "regex": "\\.(?P<nature>md|mdx|html|json|jsonc|puml|txt|toml|yml|xml|tap|csv|tsv|ssv|psv|tm7|pdf|docx|doc|pptx|ppt|xlsx|xls)$", "flags": "CONTENT_ACQUIRABLE", "nature": "?P<nature>" }, { "regex": "surveilr\\[(?P<nature>[^\\]]*)\\]", "flags": "CAPTURABLE_EXECUTABLE", "nature": "?P<nature>" }, { "regex": "surveilr-SQL", "flags": "CAPTURABLE_EXECUTABLE | CAPTURABLE_SQL", "nature": null } ], "rewrite_path_regexs": [ { "regex": "(\\.plantuml)$", "replace": ".puml" }, { "regex": "(\\.text)$", "replace": ".txt" }, { "regex": "(\\.yaml)$", "replace": ".yml" } ], "smart_ignore_conf_files": [ ".surveilr_ignore" ] }, "root_fs_paths": [] }, "imap": null, "plm": null }, "shell": null, "osquery_ms": { "code_notebook_name": "osQuery Management Server (Prime)", "policy_notebook_name": "osQuery Management Server (Policy)", "result_filters_notebook_name": "osQuery Management Server Default Filters (Prime)", "query": null } } } | 2025-07-02 07:45:02 | {} | UNKNOWN |
Error We are sorry, but an error occurred while generating this page. You should contact the site's administrator.
Error in query number 6:
Parsing failed: SQLPage couldn't understand the SQL file. Please check for syntax errors:
SELECT 'text' AS component,
(SELECT CASE WHEN $current_page > 1 THEN '[Previous](?limit=' || $limit || '&offset=' || ($offset - $limit) || ')' ELSE ' END) || ' ' ||
⬆️
'(Page ' || $current_page || ' of ' || $total_pages || ') ' ||
Backtrace
sql parser error: Expected: ), found: $current_page at Line: 42, Column: 35"console/content/table/ur_ingest_session.auto.sql" contains a syntax error preventing SQLPage from parsing and preparing its SQL statements.You can hide error messages like this one from your users by setting the 'environment' configuration option to 'production'.