Mondoo
Docs

Run a Query Pack

Query packs let you bundle multiple queries together to meet specific needs.

Query packs let you bundle multiple queries and run them together. You can find query packs in the cnquery GitHub repo.

Let cnquery choose the right query pack

cnquery comes with query packs out of the box for most systems:

cnquery scan local

Without any more specifics, cnquery tries to find and run the default query pack for the given system.

Run a specific query pack

To specify a query pack, use the -f flag and --querypack argument:

cnquery scan TARGET -f YAMLFILE --querypack PACKNAME
For...Substitute...
TARGETThe asset to query, such as local or a transport to a remote machine.
YAMLFILEThe query pack file, such as mondoo-aws-incident-response.mql.yaml.
PACKNAMEThe name of the pack to run.

For example:

cnquery scan local --querypack incident-response

Create custom query packs

Custom query packs let you bundle queries to meet your specific needs. You can find simple query pack examples in the cnquery repo's examples folder.

Learn more

Query Your Infrastructure

Learn to run MQL queries from the command line and include MQL queries in automation.

About Providers

Learn about cnquery providers and special considerations for containers and air-gapped or limited access assets

On this page

Let cnquery choose the right query packRun a specific query packCreate custom query packsLearn more