JoStableford
commented
1 month ago Open ddribeiro opened 1 month ago
JoStableford
commented
1 month ago 
noahtalerman
commented
1 month ago @ddribeiro do you use IntelliJ? Or is this a customer request?
I do not believe there is an osquery table to do the same for IntelliJ plugins.
That's my gut feeling too. Although we could be wrong.
@nonpunctual do you know if there's an IntelliJ plugin osquery table? Maybe an open source one that we can bring into Fleet.
ddribeiro
commented
1 month ago @noahtalerman, This is for customer-stazzema (I forgot to add the label when I created this).
nonpunctual
commented
1 month ago Not that I know of @noahtalerman - we'd be making it I guess or creating an extension.
noahtalerman
commented
6 days ago Hey @ksatter, @pintomi1989 let me know that there's a query we could write to grab IntelliJ plugins.
Do you know what the query would look like? Is there a table that we can use or is Kathy imagining something else?
Mike also mentioned that the query's results would be cut off at 1k results. The cap is 1k results by default but in a recent release we added the ability to increase the cap: https://fleetdm.com/docs/configuration/yaml-files#server-settings
Problem
As a security engineer, I want to see IntelliJ plugins and related CVEs collected in Fleet’s software inventory.
What have you tried?
In the Fleet UI, I tried navigating to the Software tab and checking for IntelliJ plugins, but they are not collected by Fleet’s software inventory query so they do not appear.
Potential solutions
We recently did something similar in #15997 with VSCode extensions by using the
vscode_extensionsosquery table. I do not believe there is an osquery table to do the same for IntelliJ plugins.What is the expected workflow as a result of your proposal?
As a result of this proposal, I would be able to use Fleet to identify which IntelliJ plugins are installed on my hosts and use vulnerability data to remediate vulnerabilities that I am concerned about.