Table of Contents
*(Under Review for V2)
Introduction
Open-AudIT comes with many queries inbuilt. If you require a specific query and none of the pre-packaged queries fit your needs, it's quite easy to create a new one and load it into Open-AudIT for running.
Join Mark Henry as he discusses how to create your own custom queries.
How Does it Work?
Creating a Query Entry
A query can be created using the web interface if a user has a role that contains the queries::create permission. Go to menu: Manage -> Queries -> Create Queries. There is also a create button on the collection page.
Widget Connector width 600 url https://www.youtube.com/watch?v=lyiYR8gTnak height 400
View Query Details
Go to menu: Manage -> Queries -> List Queries.
You will see a list of queries. You can view the details of a query by clicking on the blue view button.
You can execute a query by clicking the green Execute button in blue on the right side of the screen, the results will be displayed immediately.
You can also edit or delete any query.
You delete the query by clicking the red trash can icon under the delete column as displayed in previous screen shots.
Creating a Query Entry
A query can be created using the web interface if a user has a role that contains the queries::create permission. Go to menu: Manage -> Queries -> Create Queries. There is also a "+" button on the List Queries page.
Details for creating custom queries can be found HERE: Creating a Query, If you need to create a Query that includes a custom Field you should look HERE: Create a Query containing Custom Fields
Database Schema
The database schema
...
can
...
be found in the application
...
is the user has database::read permission by going to menu:
...
Admin -> Database -> List
...
Tables, then clicking on
...
Code Block | ||||
---|---|---|---|---|
| ||||
Create Table: CREATE TABLE `queries` (
`id` int(10) unsigned NOT NULL AUTO_INCREMENT,
`org_id` int(10) unsigned NOT NULL DEFAULT '1',
`name` varchar(200) NOT NULL DEFAULT '',
`category` enum('Change','Device','Hardware','Network','Other','Server','Software','User','') NOT NULL DEFAULT '',
`description` text NOT NULL,
`sql` text NOT NULL,
`link` text NOT NULL,
`expose` enum('y','n') NOT NULL DEFAULT 'y',
`edited_by` varchar(200) NOT NULL DEFAULT '',
`edited_date` datetime NOT NULL DEFAULT '2000-01-01 00:00:00',
PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=40 DEFAULT CHARSET=utf8; |
A typical entry looks as below.
Code Block | ||||
---|---|---|---|---|
| ||||
id: 39
org_id: 1
name: AD Controllers
category: Server
description: Active Directory Domain Controllers
sql: SELECT system.id AS `system.id`, system.icon AS `system.icon`, system.type AS `system.type`, system.name AS `system.name`, system.domain AS `system.domain`, system.ip AS `system.ip`, system.description AS `system.description`, system.os_family AS `system.os_family`, system.status AS `system.status` FROM system LEFT JOIN windows ON (system.id = windows.system_id AND windows.current = 'y') WHERE @filter AND windows.domain_role LIKE '%Domain Controller' AND system.status = 'production'
link:
expose: y
edited_by: system
edited_date: 2000-01-01 00:00:00 |
the details button for the table.
API / Web Access
You can access the
...
collection using the normal Open-AudIT JSON based API. Just like any other collection. Please
...
see The Open-AudIT API documentation for further details.
Access is provided as part of a roles permissions. Queries is a standard resource and can have create, read, update and delete permissions.
The API routes below are usable from both a JSON Restful API and the web interface. The Web application routes are specifically designed to be called from the web interface (a browser).
API Routes
Request Method | ID | Action | Resulting Function | Permission Required | URL Example | Notes | Example Response |
---|---|---|---|---|---|---|---|
POST | n | create | queries::create | /queries | Insert a new query entry. | queries_create.json | |
GET | y | read | queries::read | /queries/{id} | Returns a query details. | queries_read.json | |
PATCH | y | update | queries::update | /queries/{id} | Update an attribute of a query entry. | queries_update.json | |
DELETE | y | delete | queries::delete | /queries/{id} | Delete a query entry. | queries_delete.json | |
GET | n | collection | queries::read | /queries | Returns a list of queries. | queries_collection.json | |
GET | y | execute | execute | queries::read | /queries/{id}/execute | Execute (run) a query and show the results. | queries_execute.json |
summary
Web Application Routes
Request Method | ID | Action | Resulting Function | Permission Required | URL Example | Notes |
---|---|---|---|---|---|---|
GET | n | create | create_form | queries::create | /queries/create | Displays a standard web form for submission to POST /queries. |
GET | y | update | update_form | queries::update | /queries/{id}/update | Show the query details with the option to update attributes using PATCH to /queries/{id} |
...
Default Items
Shipped are a set of default items. These can be found by going to menu: Help → Defaults → Queries.