🧹 update query pack descriptions (#6351)

Author: chris-rock

content/mondoo-asset-count.mql.yaml

@@ -11,6 +11,31 @@ packs:
         email: hello@mondoo.com
     tags:
       mondoo.com/category: best-practices
+    docs:
+      desc: |
+        ### Overview
+
+        The Asset Count Query Pack by Mondoo retrieves resource counts across cloud providers and platforms including AWS, Azure, GCP, vSphere, Microsoft 365, GitLab, Kubernetes, and Windows Active Directory.
+
+        ### Run query pack
+
+        To run this query pack against AWS:
+
+        ```bash
+        cnquery scan aws -f mondoo-asset-count.mql.yaml
+        ```
+
+        To run against Azure:
+
+        ```bash
+        cnquery scan azure --subscription <subscription_id> -f mondoo-asset-count.mql.yaml
+        ```
+
+        To run against GCP:
+
+        ```bash
+        cnquery scan gcp project <project_id> -f mondoo-asset-count.mql.yaml
+        ```
     groups:
       - title: ESXi asset counts
         filters: asset.platform == 'vmware-vsphere'

content/mondoo-kubernetes-incident-response.mql.yaml

@@ -12,6 +12,25 @@ packs:
     tags:
       mondoo.com/platform: kubernetes
       mondoo.com/category: security
+    docs:
+      desc: |
+        ### Overview
+
+        The Kubernetes Incident Response Pack by Mondoo retrieves security-related configuration data from Kubernetes clusters for investigation during a security incident. This includes cluster version, role bindings with cluster-admin permissions, pod security contexts, and container image information across various workload types.
+
+        ### Run query pack
+
+        To run this query pack against a Kubernetes cluster:
+
+        ```bash
+        cnquery scan k8s -f mondoo-kubernetes-incident-response.mql.yaml
+        ```
+
+        To run against a specific namespace:
+
+        ```bash
+        cnquery scan k8s --namespace <namespace> -f mondoo-kubernetes-incident-response.mql.yaml
+        ```
     groups:
       - title: Cluster Incident Response
         filters:

content/mondoo-linux-incident-response.mql.yaml

@@ -12,6 +12,25 @@ packs:
     tags:
       mondoo.com/platform: linux
       mondoo.com/category: security
+    docs:
+      desc: |
+        ### Overview
+
+        The Linux Incident Response Pack by Mondoo retrieves configuration data from Linux hosts for investigation during a security incident. This includes kernel information, running processes, mounted devices, listening ports, installed packages, and running services.
+
+        ### Run query pack
+
+        To run this query pack locally on a Linux host:
+
+        ```bash
+        cnquery scan local -f mondoo-linux-incident-response.mql.yaml
+        ```
+
+        To run against a remote Linux host using SSH:
+
+        ```bash
+        cnquery scan ssh <user>@<ip_address> -f mondoo-linux-incident-response.mql.yaml
+        ```
     filters:
       - asset.family.contains("linux")
     queries:

content/mondoo-macos-incident-response.mql.yaml

@@ -12,6 +12,25 @@ packs:
     tags:
       mondoo.com/platform: macos
       mondoo.com/category: security
+    docs:
+      desc: |
+        ### Overview
+
+        The macOS Incident Response Pack by Mondoo retrieves configuration data from macOS hosts for investigation during a security incident. This includes platform information, user accounts, kernel details, running processes, mounted devices, installed packages, running services, firewall exceptions, and pending software updates.
+
+        ### Run query pack
+
+        To run this query pack locally on a macOS host:
+
+        ```bash
+        cnquery scan local -f mondoo-macos-incident-response.mql.yaml
+        ```
+
+        To run against a remote macOS host using SSH:
+
+        ```bash
+        cnquery scan ssh <user>@<ip_address> -f mondoo-macos-incident-response.mql.yaml
+        ```
     filters:
       - asset.platform == "macos"
     queries:

content/mondoo-openssl-incident-response.mql.yaml

@@ -12,6 +12,25 @@ packs:
     tags:
       mondoo.com/platform: linux
       mondoo.com/category: security
+    docs:
+      desc: |
+        ### Overview
+
+        The OpenSSL Incident Response Pack by Mondoo retrieves SSL/TLS library information from Linux hosts for investigation during a security incident. This includes platform details, installed SSL libraries, and listening ports that may be using SSL/TLS.
+
+        ### Run query pack
+
+        To run this query pack locally on a Linux host:
+
+        ```bash
+        cnquery scan local -f mondoo-openssl-incident-response.mql.yaml
+        ```
+
+        To run against a remote Linux host using SSH:
+
+        ```bash
+        cnquery scan ssh <user>@<ip_address> -f mondoo-openssl-incident-response.mql.yaml
+        ```
     filters:
       - asset.family.contains("linux")
     queries:

content/mondoo-windows-incident-response.mql.yaml

@@ -12,6 +12,31 @@ packs:
     tags:
       mondoo.com/platform: windows
       mondoo.com/category: security
+    docs:
+      desc: |
+        ### Overview
+
+        The Windows Incident Response Pack by Mondoo retrieves configuration data from Windows hosts for investigation during a security incident. This includes installed hotfixes, system uptime, installed packages, computer information, and running services.
+
+        ### Run query pack
+
+        To run this query pack locally on a Windows host:
+
+        ```bash
+        cnquery scan local -f mondoo-windows-incident-response.mql.yaml
+        ```
+
+        To run against a remote Windows host using SSH:
+
+        ```bash
+        cnquery scan ssh <user>@<ip_address> -f mondoo-windows-incident-response.mql.yaml
+        ```
+
+        To run against a remote Windows host using WinRM:
+
+        ```bash
+        cnquery scan winrm <user>@<ip_address> -f mondoo-windows-incident-response.mql.yaml
+        ```
     filters:
       - asset.platform == "windows"
     queries: