JoStableford
commented
3 months ago Open ddribeiro opened 3 months ago
JoStableford
commented
3 months ago 
noahtalerman
commented
3 months ago @ddribeiro do you use IntelliJ? Or is this a customer request?
I do not believe there is an osquery table to do the same for IntelliJ plugins.
That's my gut feeling too. Although we could be wrong.
@nonpunctual do you know if there's an IntelliJ plugin osquery table? Maybe an open source one that we can bring into Fleet.
ddribeiro
commented
3 months ago @noahtalerman, This is for customer-stazzema (I forgot to add the label when I created this).
nonpunctual
commented
3 months ago Not that I know of @noahtalerman - we'd be making it I guess or creating an extension.
noahtalerman
commented
2 months ago Hey @ksatter, @pintomi1989 let me know that there's a query we could write to grab IntelliJ plugins.
Do you know what the query would look like? Is there a table that we can use or is Kathy imagining something else?
Mike also mentioned that the query's results would be cut off at 1k results. The cap is 1k results by default but in a recent release we added the ability to increase the cap: https://fleetdm.com/docs/configuration/yaml-files#server-settings
ksatter
commented
2 months ago @noahtalerman I have a query that can grab the plugins, but I haven't found a way to get the installed version. It looks like that's locked away inside of the .jar
SELECT
split(directory, '/', 5) AS product,
filename AS plugin,
datetime(ctime, 'unixepoch', 'localtime') AS installed_at,
datetime(mtime, 'unixepoch', 'localtime') AS last_modified
FROM file
WHERE directory LIKE '/Users/%/Library/Application Support/JetBrains/%/plugins/' AND type='directory';@noahtalerman I sent you DM with information on an extension related to this.
noahtalerman
commented
2 months ago @ksatter nice work on that query 🔥
@nonpunctual, are customer-ufa and customer-stazzema going to deploy the extension?
nonpunctual
commented
2 months ago @noahtalerman @ddribeiro @zayhanlon I don't know what the status is with either customer but customer-stazzema recent support case is what prompted the discovery on this issue.
noahtalerman
commented
1 month ago Hey @nonpunctual, @ddribeiro, and @zayhanlon we peeled a user story here off this request and pulled it into the current design sprint.
noahtalerman
commented
1 month ago Moved the original issue description here for safekeeping:
As a security engineer, I want to see IntelliJ plugins and related CVEs collected in Fleet’s software inventory.
In the Fleet UI, I tried navigating to the Software tab and checking for IntelliJ plugins, but they are not collected by Fleet’s software inventory query so they do not appear.
We recently did something similar in #15997 with VSCode extensions by using the vscode_extensions osquery table. I do not believe there is an osquery table to do the same for IntelliJ plugins.
noahtalerman
commented
1 month ago @zayhanlon @pintomi1989 can you please add Gong snippets for ufa and stazzema? Thanks!
zayhanlon
commented
1 month ago @noahtalerman done - all the context is actually on the customer-stazzema link. ufa is interested in this more from a vuln mangement and visibility standpoint
nonpunctual
commented
1 month ago @ksatter @ddribeiro was the extension found for this used by the customer & added to their config? Thanks.
ksatter
commented
1 month ago @ksatter @ddribeiro was the extension found for this used by the customer & added to their config? Thanks.
Which extension is that @nonpunctual?
customer-ufa: Gong snippetcustomer-stazzema: Gong snippetUser stories
22463