From 518c4c7774d7539da0bb4265438771b06c93aaa1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Patrick=20M=C3=BCnch?= <patrick.muench1111@gmail.com>
Date: Wed, 9 Oct 2024 00:34:08 +0200
Subject: [PATCH] add a windows operational pack to collect cpu, memory and
 disk usage (#168)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Patrick Münch <patrick.muench1111@gmail.com>
---
 ...doo-windows-operational-inventory.mql.yaml | 52 +++++++++++++++++++
 1 file changed, 52 insertions(+)
 create mode 100644 community/mondoo-windows-operational-inventory.mql.yaml
diff --git a/community/mondoo-windows-operational-inventory.mql.yaml b/community/mondoo-windows-operational-inventory.mql.yaml
new file mode 100644
index 0000000..8ea402c
--- /dev/null
+++ b/community/mondoo-windows-operational-inventory.mql.yaml
@@ -0,0 +1,52 @@
+# Copyright (c) Mondoo, Inc.
+# SPDX-License-Identifier: BUSL-1.1
+
+packs:
+  - uid: mondoo-windows-operational-inventory
+    name: Windows Client/Server Operational Inventory Pack
+    version: 1.0.0
+    license: BUSL-1.1
+    authors:
+      - name: Mondoo, Inc
+        email: hello@mondoo.com
+    tags:
+      mondoo.com/platform: windows
+      mondoo.com/category: best-practices
+    docs:
+      desc: |-
+        The Windows Operational Inventory Pack by Mondoo retrieves monitoring data about Windows hosts.
+
+        ## Local scan
+        To run this pack locally on a Windows host:
+
+        ```bash
+        cnquery scan local -f mondoo-windows-operational-inventory.mql.yaml
+        ```
+
+        ## Remote execution
+        To run this pack against a remote Windows host using SSH:
+
+        ```bash
+        cnquery scan ssh <user>@<ip_address> -f mondoo-windows-operational-inventory.mql.yaml
+        ```
+
+        ## Join the community!
+        Our goal is to build query packs that are simple to deploy and provide accurate and useful data.
+
+        If you have any suggestions for improving this query pack, or if you need support, [join the Mondoo community](https://github.com/orgs/mondoohq/discussions) in GitHub Discussions.
+    filters:
+      - mql: asset.family.contains("windows")
+    queries:
+      - uid: mondoo-windows-operational-inventory-memory-usage
+        title: Memory usage in %
+        mql: |
+          parse.json(content: powershell("Get-Counter '\\Memory\\% Committed Bytes In Use' | ConvertTo-Json -Compress").stdout).params['CounterSamples'] { Path CookedValue }
+      - uid: mondoo-windows-operational-inventory-cpu-usage
+        title: CPU usage in %
+        mql: |
+          parse.json(content: powershell("Get-Counter '\\Processor(*)\\% Processor Time' | ConvertTo-Json -Compress").stdout).params['CounterSamples'] { Path CookedValue }
+      - uid: mondoo-windows-operational-inventory-disk-usage
+        title: Disk usage in %
+        mql: |
+          parse.json(content: powershell("Get-Counter '\\LogicalDisk(*)\\% Free Space' | ConvertTo-Json -Compress").stdout).params['CounterSamples'] { Path CookedValue }
+    
\ No newline at end of file
