RepoMirrors/osquery-defense-kit
1
0
Fork 0
mirror of https://github.com/chainguard-dev/osquery-defense-kit synced 2025-01-25 06:42:56 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #141 from tstromberg/fp4

Browse Source 
Add more examples of legit executables, namely ibus-* and *Manager
This commit is contained in:
Thomas Strömberg 2023-01-20 09:30:16 -05:00 committed by GitHub
commit 27362ff966
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 13 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
detection/execution/recently-created-executables-linux.sql
View File

@ -58,9 +58,11 @@ WHERE
'/usr/bin/docker',
'/usr/bin/dockerd',
'/usr/bin/docker-proxy',
'/usr/bin/gedit',
'/usr/bin/gnome-keyring-daemon',
'/usr/bin/fusermount3',
'/usr/bin/gedit',
'/usr/bin/gjs-console',
'/usr/bin/gnome-keyring-daemon',
'/usr/bin/ibus-daemon',
'/usr/bin/kbfsfuse',
'/usr/bin/keybase',
'/usr/bin/keybase-redirector',
@ -70,6 +72,7 @@ WHERE
'/usr/bin/pavucontrol',
'/usr/bin/pipewire',
'/usr/bin/pipewire-pulse',
'/usr/bin/python3.11',
'/usr/bin/rpi-imager',
'/usr/bin/snap',
'/usr/bin/tailscaled',
@ -85,10 +88,14 @@ WHERE
'/usr/libexec/bluetooth/bluetoothd',
'/usr/libexec/docker/docker-proxy',
'/usr/libexec/fwupd/fwupd',
'/usr/libexec/ibus-dconf',
'/usr/libexec/ibus-engine-simple',
'/usr/libexec/ibus-extension-gtk3',
'/usr/libexec/ibus-portal',
'/usr/libexec/ibus-x11',
'/usr/libexec/snapd/snapd',
'/usr/libexec/sssd/sssd_kcm',
'/usr/libexec/tracker-extract-3',
'/usr/lib/tracker-extract-3',
'/usr/libexec/tracker-miner-fs-3',
'/usr/lib/flatpak-session-helper',
'/usr/lib/fwupd/fwupd',
@ -110,6 +117,7 @@ WHERE
'/usr/lib/systemd/systemd-timesyncd',
'/usr/lib/systemd/systemd-userdbd',
'/usr/lib/systemd/systemd-userwork',
'/usr/lib/tracker-extract-3',
'/usr/lib/x86_64-linux-gnu/obs-plugins/obs-browser-page',
'/usr/lib/xdg-desktop-portal-gtk',
'/usr/lib/xf86-video-intel-backlight-helper',
@ -118,6 +126,8 @@ WHERE
'/usr/sbin/avahi-daemon',
'/usr/sbin/chronyd',
'/usr/sbin/cupsd',
'/usr/sbin/ModemManager',
'/usr/sbin/NetworkManager',
'/usr/sbin/rngd',
'/usr/sbin/tailscaled',
'/usr/share/code/chrome_crashpad_handler',