In dogfood, collect expiration for MDM SCEP certificates (#17848)

- Add query that runs every 5 minutes to the workstations team - Plan is to remove the query after the issue tracking renewing all SCEP certs is closed: fleetdm/confidential#4518
fleetdm · Mar 26, 2024 · 8f24649 · 8f24649
1 parent 4271ca7
commit 8f24649
Showing 1 changed file with 8 additions and 0 deletions.
diff --git a/it-and-security/teams/workstations.yml b/it-and-security/teams/workstations.yml
@@ -61,3 +61,11 @@ queries:
   - path: ../lib/collect-failed-login-attempts.queries.yml
   - path: ../lib/collect-usb-devices.queries.yml
   - path: ../lib/collect-vs-code-extensions.queries.yml
+  - name: Collect expiration date for MDM SCEP certificates
+    description: "For the following issue: https://github.com/fleetdm/confidential/issues/4518. Returns expiration date for macOS hosts's MDM SCEP certs."
+    query: "SELECT common_name, datetime(not_valid_after,'unixepoch') AS expires FROM certificates WHERE 'common_name' LIKE '%FleetDM Identity%';"
+    platform: darwin
+    interval: 300
+    automations_enabled: false
+    observer_can_run: true
+