Task Ingestion
By leveraging surveilr ingest tasks
, users can automate the execution of shell
tasks, transforming the outputs into structured JSON data that is inserted into
the uniform_resource
table in the RSSD.
Using surveilr ingest tasks
The surveilr ingest tasks
command is designed to accept one or more lines of
Deno Task Shell commands/tasks through STDIN, executing them sequentially. The
output of each command is then formatted as JSON (or as specified) and stored in
uniform_resource
. Inputs can be categorized into two types:
- Simple Text: A line of text not in JSONL format is treated as an anonymous command string. It is executed assuming the output will be in JSON format.
- JSONL Format: A line of text in JSONL format is considered a JSON object
with specific attributes (
key
and optionalnature
). Thekey
’s value is executed as a command, with its output stored usingkey
as the identifier.
Examples
Without Identifier
This sends a single, unnamed command to surveilr
for execution, with the
output expected in JSON format.
With Identifier and Nature
Multiple Commands
Multiple commands where each line can be a JSONL formatted object. The following
runs Deno to grab a local package.json
file, extracts all scripts starting
with surveilr-
and sends them to surveilr to execute and store.
surveilr ingest tasks
works with remote executions too. The following runs
Deno to grab a remote deno.jsonc
file, extract all tasks starting with
surveilr-
and sends them to surveilr to execute and store.
JSONL Files: Implementation Guide
There are sample JSONL files provided that demonstrate different types of tasks:
- Cloud JSONL (cloud-cnquery.jsonl): This file contains commands that
utilize
cnquery
for running AWS and other cloud-related queries . - Device JSONL (device-security.jsonl): This file contains commands using
osqueryi
for device security tasks such as checking multi-factor authentication (MFA), encrypted passwords, and more.
Refer to the Typical Tasks directory for examples of JSONL files and additional details on the structure and types of tasks. Please review the README for installing pkgx, osquery, and other utilities as per the requirements.
Usage
You can use these JSONL files as input to the surveilr ingest tasks
command.
For example:
Similarly, you can ingest tasks from the device-security.jsonl
file:
This will automate the tasks specified in the JSONL files and store the structured output data in the RSSD.
Testing Shell Tasks
To test the output of shell tasks without persisting with ingest tasks
, take a
look at
capturable executables