cnspec provides an interactive shell in which you can explore. It helps you understand the checks that cnspec policies use, and write your own as well. It’s also a great way to interact with both local and remote targets on the fly.
Run the shell:
cnspec shell local
The shell provides a
help command to get information on the resources that power cnspec. Running help without any arguments lists all of the available MQL resources and their fields. You can also run
help RESOURCE to get more information on a specific resource. For
RESOURCE, substitute the name of the resource you want to learn about. For example, this command:
cnspec> help ports
Returns this help:
ports: TCP/IP ports on the system
list port: TCP/IP ports on the system
listening port: All listening ports
The shell features auto-complete, which makes it easy to explore.
Once inside the shell, you can enter MQL checks like this:
ports.listening.none( port == 23 )
To clear the terminal, type
To exit cnspec shell, press
CTRL + D or type
To explore cnspec commands, read the CLI Reference.
To explore MQL resources, read the MQL Reference.
To learn about scanning systems using policies, read Get Started.