Unify the wording for each query pack (#57)

We're all over the place with how we talk about the data we're gathering in cnquery. Most places we say we're "gathering" data so let's use that everywhere. We don't need to say we're gathering a list or gathering information since that's just assumed. Just stick to a consistent and basic form so the output on the CLI looks clean. --------- Signed-off-by: Tim Smith <[email protected]> Co-authored-by: Letha <[email protected]>
mondoohq · Apr 8, 2023 · 422f7ca · 422f7ca
1 parent 06e13ae
commit 422f7ca
Show file tree

Hide file tree

Showing 20 changed files with 180 additions and 191 deletions.
diff --git a/README.md b/README.md
@@ -1,8 +1,8 @@
-# cnquery-packs
+# cnquery Query Packs
 
-This project contains query packs used with [`cnquery`](https://github.com/mondoohq/cnquery). We've organized them into these directories:
+This project contains inventory and incident response query packs for [`cnquery`](https://github.com/mondoohq/cnquery). We've organized them into these directories:
 
-- [core](core) - Core packs contain baseline queries such as incidence response probes for different targets. Core query packs are maintained by Mondoo and have strict quality requirements.
+- [core](core) - Core packs contain baseline queries such as incident response probes for different targets. Core query packs are maintained by Mondoo and have strict quality requirements.
 - [extra](extra) - Extra packs are are a mix of community- and Mondoo-maintained queries that are outside Mondoo's core support tier.
 - [community](community) - Community packs are primarily maintained by the community with support from the Mondoo team. Community packs may move to extra or core over time.
 

diff --git a/core/mondoo-aws-incident-response.mql.yaml b/core/mondoo-aws-incident-response.mql.yaml
@@ -12,7 +12,7 @@ packs:
       desc: |
         ### Overview
 
-        The AWS Incident Response Pack by Mondoo query pack gathers data about AWS services and resources for investigation during a security incident.
+        The AWS Incident Response Pack by Mondoo query pack retrieves data about AWS services and resources for investigation during a security incident.
 
         ### Run query pack
 
@@ -25,20 +25,20 @@ packs:
       - asset.platform == "aws"
     queries:
       - uid: mondoo-incident-response-aws-account-id
-        title: Gather AWS account ID
+        title: Retrieve AWS account ID
         query: |
           aws.account.id
       - uid: mondoo-incident-response-aws-enabled-regions
-        title: Gather all regions enabled in the AWS account 
+        title: Retrieve all regions enabled in the AWS account 
         docs: 
           desc: |
-            This query gathers a list of all AWS regions enabled in the account
+            This query retrieves all AWS regions enabled in the account
         query: aws { regions }
       - uid: mondoo-incident-response-aws-user-info
-        title: Gather data for users with console access
+        title: Retrieve data for users with console access
         docs:
           desc: |
-            This query gathers data for users with console access. The following fields are gathered:
+            This query retrieves data for users with console access. The following fields are retrieved:
 
             ```
             properties['user'] 
@@ -55,10 +55,10 @@ packs:
               mfaActive 
             }
       - uid: mondoo-incident-response-aws-iam-users-multiple-keys
-        title: Gather data for IAM users with API access
+        title: Retrieve data for IAM users with API access
         docs:
           desc: |
-            This query gathers all of the IAM users that have API access along with the following fields:
+            This query retrieves all of the IAM users that have API access along with the following fields:
 
             ```
             properties['user']
@@ -85,10 +85,10 @@ packs:
               accessKey2LastRotated
             }
       - uid: mondoo-incident-response-aws-iam-administrator-access
-        title: Gather data on IAM Users, Groups, and Roles where AdministratorAccess policy is attached
+        title: Retrieve data on IAM users, groups, and roles to which the AdministratorAccess policy is attached
         docs:
           desc: |
-            This query gathers all IAM Users, Groups, and Roles that have the `AdministratorAccess` role attached.
+            This query retrieves all IAM users, groups, and roles with the `AdministratorAccess` role attached.
         query: |
           aws.iam.attachedPolicies.
             where( arn == "arn:aws:iam::aws:policy/AdministratorAccess" ) { 
@@ -97,10 +97,10 @@ packs:
               attachedRoles 
             }
       - uid: mondoo-incident-response-aws-iam-full-access
-        title: Gather data on IAM Users, Groups, and Roles where any 'FullAccess' policy is attached
+        title: Retrieve data on IAM users, groups, and roles to which any 'FullAccess' policy is attached
         docs:
           desc: |
-            This query gathers all IAM Users, Groups, and Roles that have any one of the AWS FullAccess roles attached.
+            This query retrieves all IAM users, croups, and roles that have any one of the AWS FullAccess roles attached.
         query: |
           aws.iam.policies.
             where( name == /FullAccess/i && attachmentCount != 0) { 
@@ -113,10 +113,10 @@ packs:
             }
 
       - uid: mondoo-incident-response-aws-ec2-instances-public-ip
-        title: Gather EC2 instances that have a public IP address
+        title: Retrieve EC2 instances that have a public IP address
         docs:
           desc: |
-            This query gathers all EC2 instances that have a publicIp address attached along with the following fields:
+            This query retrieves all EC2 instances that have a public IP address attached along with the following fields:
 
             ```
             arn 
@@ -153,10 +153,10 @@ packs:
               tags
             }
       - uid: mondoo-incident-response-aws-ec2-instances-without-tags
-        title: Gather EC2 instances that do not have tags configured
+        title: Retrieve EC2 instances that do not have tags configured
         docs: 
           desc: |
-            This query gathers all EC2 instances that do not have tags configured, along with the following fields:
+            This query retrieves all EC2 instances that do not have tags configured, along with the following fields:
 
             ```mql
             instanceId 
@@ -177,10 +177,10 @@ packs:
               state
             }
       - uid: mondoo-incident-response-aws-s3-buckets-public
-        title: Gather all S3 buckets that are public
+        title: Retrieve all S3 buckets that are public
         docs:
           desc: |
-            This query gathers all S3 buckets that are configured with public access, and returns the following fields:
+            This query retrieves all S3 buckets that are configured with public access and returns the following fields:
 
             ```mql
             arn
@@ -201,6 +201,4 @@ packs:
               encryption
               tags
               policy {*}
-            }
-
-          
+            }
diff --git a/core/mondoo-aws-inventory.mql.yaml b/core/mondoo-aws-inventory.mql.yaml
@@ -10,52 +10,52 @@ packs:
       mondoo.com/category: best-practices
     docs:
       desc: |
-        The AWS Asset Inventory by Mondoo query pack gathers information about AWS accounts for asset inventory.
+        The AWS Asset Inventory by Mondoo query pack retrieves information about AWS accounts for asset inventory.
     filters:
       - asset.platform == "aws"
     queries:
       - uid: mondoo-asset-inventory-aws-account-id
-        title: Gather AWS account ID
+        title: Retrieve AWS account ID
         query: |
           aws.account.id
       - uid: mondoo-asset-inventory-aws-enabled-regions
-        title: Gather all regions enabled in the AWS account 
+        title: Retrieve all regions enabled in the AWS account 
         docs: 
           desc: |
-            This query gathers a list of all AWS regions enabled in the account
+            This query retrieves all AWS regions enabled in the account
         query: aws { regions }
       - uid: mondoo-asset-inventory-aws-vpcs
-        title: Gather data on all VPCs
+        title: Retrieve data on all VPCs
         docs: 
           desc: |
-            This query gathers all of the configuration data for AWS VPCs
+            This query retrieves all of the configuration data for AWS VPCs
         query: aws { vpcs {*} }
       - uid: mondoo-asset-inventory-aws-iam-users
-        title: Gather data for all IAM users
+        title: Retrieve data for all IAM users
         docs:
           desc: |
-            This query gathers data for all IAM users
+            This query retrieves data for all IAM users
         query: |
           aws.iam { users {*} }
       - uid: mondoo-asset-inventory-aws-iam-groups
-        title: Gather data for IAM groups
+        title: Retrieve data for IAM groups
         docs:
           desc: |
-            This query gathers all of the IAM groups.
+            This query retrieves all of the IAM groups.
         query: |
           aws.iam { groups {*} }
       - uid: mondoo-asset-inventory-aws-iam-roles
-        title: Gather data on all IAM Roles.
+        title: Retrieve data on all IAM Roles.
         docs:
           desc: |
-            This query gathers all IAM Roles
+            This query retrieves all IAM Roles
         query: |
           aws.iam { roles {*} }
       - uid: mondoo-asset-inventory-aws-iam-policies
-        title: Gather data on all attached IAM Policies
+        title: Retrieve data on all attached IAM Policies
         docs:
           desc: |
-            This query gathers all IAM policies that are attached to either a User, Group, or Role.
+            This query retrieves all IAM policies attached to a user, group, or role.
         query: |
           aws.iam.policies.
             where( attachmentCount > 0 ) { 
@@ -67,21 +67,21 @@ packs:
               scope
             }
       - uid: mondoo-asset-inventory-aws-ec2-security-groups
-        title: Gather data on all AWS EC2 Security Groups
+        title: Retrieve data on all AWS EC2 Security Groups
         docs:
           desc: |
-            This query gathers all AWS EC2 Security Groups
+            This query retrieves all AWS EC2 Security Groups
         query: |
          aws.ec2.securityGroups {*}
       - uid: mondoo-asset-inventory-aws-ec2-volumes
-        title: Gather data on all AWS EC2 volumes
+        title: Retrieve data on all AWS EC2 volumes
         docs:
           desc: |
-            This query gathers all AWS EC2 volumes
+            This query retrieves all AWS EC2 volumes
         query: |
          aws.ec2.volumes {*}
-      - uid: mondoo-asset-inventory-aws-ec2-gather-all-data
-        title: Gather the configuration for all EC2 instances
+      - uid: mondoo-asset-inventory-aws-ec2-retrieve-all-data
+        title: Retrieve the configuration for all EC2 instances
         query: |
           aws.ec2.instances {
             arn
@@ -110,7 +110,7 @@ packs:
             keypair
           }
       - uid: mondoo-asset-inventory-aws-rds-dbclusters-all-data
-        title: Gather the configuration for all RDS Database Clusters
+        title: Retrieve the configuration for all RDS Database Clusters
         query: |
           aws.rds {
             dbClusters {
@@ -122,7 +122,7 @@ packs:
             }
           }
       - uid: mondoo-asset-inventory-aws-rds-dbinstances-all-data
-        title: Gather the configuration for all RDS Database Instances
+        title: Retrieve the configuration for all RDS Database Instances
         query: |
           aws.rds {
             dbInstances {
@@ -145,8 +145,8 @@ packs:
               status
             }
           }
-      - uid: mondoo-asset-inventory-aws-s3-gather-all-data
-        title: Gather the configuration for all S3 buckets
+      - uid: mondoo-asset-inventory-aws-s3-retrieve-all-data
+        title: Retrieve the configuration for all S3 buckets
         query: |
           aws.s3.buckets {
             arn
@@ -168,20 +168,17 @@ packs:
             exists
           }
       - uid: mondoo-asset-inventory-aws-eks-clusterss
-        title: Gather the configuration for all AWS EKS clusters
+        title: Retrieve the configuration for all AWS EKS clusters
         query: aws.eks { clusters {*} }
       - uid: mondoo-asset-inventory-aws-lambda
-        title: Gather the configuration for all AWS lambda functions
+        title: Retrieve the configuration for all AWS lambda functions
         query: aws.lambda { functions {*} }
       - uid: mondoo-asset-inventory-aws-access-analyzer
-        title: Gather the configuration for all AWS Access Analyzers
+        title: Retrieve the configuration for all AWS Access Analyzers
         query: aws.accessAnalyzer { analyzers {*} }
       - uid: mondoo-asset-inventory-aws-acm-certificates
-        title: Gather the configuration for all AWS Certificate Manager certificates
+        title: Retrieve the configuration for all AWS Certificate Manager certificates
         query: aws.acm { certificates {*} }
       - uid: mondoo-asset-inventory-aws-cloudtrail-trails
-        title: Gather the configuration for all AWS CloudTrail trails
-        query: aws.cloudtrail { trails {*}}
-
-
-
+        title: Retrieve the configuration for all AWS CloudTrail trails
+        query: aws.cloudtrail { trails {*}}
diff --git a/core/mondoo-gcp-inventory.mql.yaml b/core/mondoo-gcp-inventory.mql.yaml
@@ -10,12 +10,12 @@ packs:
       mondoo.com/category: best-practices
     docs:
       desc: |
-        The GCP Asset Inventory by Mondoo query pack gathers information about GCP projects for asset inventory.
+        The GCP Asset Inventory by Mondoo query pack retrieves information about GCP projects for asset inventory.
     filters:
       - asset.platform == "gcp" || asset.platform == "gcp-project"
     queries:
       - uid: mondoo-asset-inventory-gcp-project-info
-        title: Gather GCP Project Information
+        title: Retrieve GCP Project Information
         query: |
           gcp.project { 
             name
@@ -25,70 +25,70 @@ packs:
             labels
           }
       - uid: mondoo-asset-inventory-gcp-project-owners
-        title: Gather data for all owners of the GCP project
+        title: Retrieve data for all owners of the GCP project
         docs:
           desc: |
-            This query gathers data for all owners of the GCP project
+            This query retrieves data for all owners of the GCP project
         query: gcp.project.iamPolicy.where( role == "roles/owner" ) { * }
       - uid: mondoo-asset-inventory-gcp-project-editors
-        title: Gather data for all editors of the GCP project
+        title: Retrieve data for all editors of the GCP project
         docs:
           desc: |
-            This query gathers data for all editors of the GCP project
+            This query retrieves data for all editors of the GCP project
         query: gcp.project.iamPolicy.where( role == "roles/editors" ) { * }
       - uid: mondoo-asset-inventory-gcp-iam-roles
-        title: Gather list of all IAM Policy roles for the GCP project
+        title: Retrieve all IAM Policy roles for the GCP project
         docs:
           desc: |
-            This query gathers a list of all roles defined for a GCP project
+            This query retrieves all roles defined for a GCP project
         query: gcp.project.iamPolicy { role }
       - uid: mondoo-asset-inventory-gcp-enabled-services
-        title: Gather all services enabled in the GCP project 
+        title: Retrieve all services enabled in the GCP project 
         docs: 
           desc: |
-            This query gathers a list of all services enabled in the GCP Project
+            This query retrieves all services enabled in the GCP Project
         query: gcp.project.services.where( enabled == true ) { * }
       - uid: mondoo-asset-inventory-gcp-gke-clusters-count
-        title: Gather count of GKE clusters in a GCP project
+        title: Retrieve count of GKE clusters in a GCP project
         docs: 
           desc: |
-            This query gathers a count of GKE clusters running in a GCP project
+            This query retrieves a count of GKE clusters running in a GCP project
         query: gcp.project.gke.clusters.length
       - uid: mondoo-asset-inventory-gcp-gke-clusters-data
-        title: Gather data on GKE clusters
+        title: Retrieve data on GKE clusters
         docs: 
           desc: |
-            This query gathers all of the configuration data for GKE clusters within a project
+            This query retrieves all of the configuration data for GKE clusters within a project
         query: gcp.project.gke.clusters { * }
       - uid: mondoo-asset-inventory-gcp-compute-instances-count
-        title: Gather a count of GCP compute instances in a GCP project
+        title: Retrieve a count of GCP compute instances in a GCP project
         docs: 
           desc: |
-            This query gathers a count of running GCP compute instances in a GCP project
+            This query retrieves a count of running GCP compute instances in a GCP project
         query: gcp.compute.instances.where( status == "RUNNING" ).length
       - uid: mondoo-asset-inventory-gcp-compute-instances-data
-        title: Gather data from all running GCP compute instances in a GCP project
+        title: Retrieve data from all running GCP compute instances in a GCP project
         docs: 
           desc: |
-            This query gathers the data for all running GCP compute instances in a GCP project
+            This query retrieves the data for all running GCP compute instances in a GCP project
         query: gcp.compute.instances.where( status == "RUNNING" ) { * }
       - uid: mondoo-asset-inventory-gcp-compute-instances-public
-        title: Gather data on public GCP Compute instances
+        title: Retrieve data on public GCP Compute Engine instances
         docs:
           desc: |
-            This query gathers the data for all GCP compute instances that have been configured with an external IP address. 
+            This query retrieves the data for all GCP Compute Engine instances that have been configured with an external IP address. 
         query: |
           gcp.compute.instances
             .where( networkInterfaces[0]['accessConfigs'][0]['name'] == "External NAT" ) { * }
       - uid: mondoo-asset-inventory-gcp-compute-networks-count
-        title: Gather a count of GCP compute networks in a GCP project
+        title: Retrieve a count of GCP Compute Engine networks in a GCP project
         docs: 
           desc: |
-            This query gathers a count of GCP compute networks configured in a GCP project
+            This query retrieves a count of GCP Compute Engine networks configured in a GCP project
         query: gcp.compute.networks.length
       - uid: mondoo-asset-inventory-gcp-compute-networks-data
-        title: Gather data for all GCP compute networks in a GCP project
+        title: Retrieve data for all GCP Compute Engine networks in a GCP project
         docs: 
           desc: |
-            This query gathers the data for all GCP compute networks configured in a GCP project
+            This query retrieves the data for all GCP Compute Engine networks configured in a GCP project.
         query: gcp.compute.networks { * }