From ffc04c318cde1a818ce8ae03d3da05cdc4e6b5cb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Patrick=20Mu=CC=88nch?= <patrick.muench1111@gmail.com>
Date: Tue, 9 Jan 2024 09:56:33 -0500
Subject: [PATCH] add more data queries for system_profiler
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Patrick Münch <patrick.muench1111@gmail.com>
---
 core/mondoo-macos-inventory.mql.yaml | 27 +++++++++++++++++++++++----
 1 file changed, 23 insertions(+), 4 deletions(-)

diff --git a/core/mondoo-macos-inventory.mql.yaml b/core/mondoo-macos-inventory.mql.yaml
index 4be4aa6..e7aaf30 100644
--- a/core/mondoo-macos-inventory.mql.yaml
+++ b/core/mondoo-macos-inventory.mql.yaml
@@ -4,7 +4,7 @@
 packs:
   - uid: mondoo-macos-inventory
     name: macOS Inventory Pack
-    version: 1.2.0
+    version: 1.3.0
     license: BUSL-1.1
     authors:
       - name: Mondoo, Inc
@@ -75,13 +75,32 @@ packs:
         mql: packages
       - uid: mondoo-macos-running-services
         title: Running services
-        mql: services.where( running == true )
+        mql: services.where(running == true) { name running enabled masked type }
       - uid: mondoo-macos-ports-listening
         title: Listening ports
-        mql: ports.listening
+        mql: ports.where(state != "close") { user state port address protocol process remoteAddress remotePort }
       - uid: mondoo-macos-interface-configuration
         title: Network interface configuration
         mql: command("ifconfig").stdout
       - uid: mondoo-macos-recommended-software-updates
         title: Recommended software updates
-        mql: parse.plist('/Library/Preferences/com.apple.SoftwareUpdate.plist').params['RecommendedUpdates'] 
+        mql: parse.plist('/Library/Preferences/com.apple.SoftwareUpdate.plist').params['RecommendedUpdates']
+      - uid: mondoo-macos-smbios-system
+        title: SMBIOS System information
+        mql: machine.system { sku serial family version product uuid manufacturer }
+      - uid: mondoo-macos-storage
+        title: Storage Data
+        mql: |
+          parse.json(content: command('system_profiler SPStorageDataType -json').stdout).params
+      - uid: mondoo-macos-power
+        title: Power Data
+        mql: |
+          parse.json(content: command('system_profiler SPPowerDataType -json').stdout).params
+      - uid: mondoo-macos-power
+        title: Network Data
+        mql: |
+          parse.json(content: command('system_profiler SPNetworkDataType -json').stdout).params
+      - uid: mondoo-macos-power
+        title: Configuration Profile Data
+        mql: |
+          parse.json(content: command('system_profiler SPConfigurationProfileDataType -json').stdout).params