mirror of
https://github.com/chainguard-dev/osquery-defense-kit
synced 2024-12-17 19:44:31 +00:00
macos sniffers: back out osquery change until we understand it better, sort exceptions
This commit is contained in:
parent
d6f903bb00
commit
75b7ec5552
@ -57,10 +57,8 @@ FROM
|
||||
LEFT JOIN hash p2_hash ON p2.path = p2_hash.path
|
||||
WHERE
|
||||
et.event_tapped IN ('EventKeyDown', 'EventKeyUp')
|
||||
AND s.authority != 'Software Signing'
|
||||
-- Popular programs that sniff keyboard events, but do not appear to be malware.
|
||||
AND s.authority != 'Software Signing' -- Popular programs that sniff keyboard events, but do not appear to be malware.
|
||||
AND NOT exception_key IN (
|
||||
'TextExpander,com.smileonmymac.textexpander,Developer ID Application: SmileOnMyMac, LLC (7PKJ6G4DXL)',
|
||||
'BetterTouchTool,com.hegenberg.BetterTouchTool,Developer ID Application: folivora.AI GmbH (DAFVSXZ82P)',
|
||||
'Contexts,com.contextsformac.Contexts,Developer ID Application: Usman Khalid (RZ7E748ZSC)',
|
||||
'Hyperkey,com.knollsoft.Hyperkey,Developer ID Application: Ryan Hanson (XSYZ3E4B7D)',
|
||||
@ -69,7 +67,7 @@ WHERE
|
||||
'logioptionsplus_agent,com.logi.cp-dev-mgr,Developer ID Application: Logitech Inc. (QED4VVPZWA)',
|
||||
'MonitorControl,me.guillaumeb.MonitorControl,Developer ID Application: Joni Van Roost (CYC8C8R4K9)',
|
||||
'skhd,skhd,',
|
||||
'osqueryd,io.osquery.agent,Developer ID Application: OSQUERY A Series of LF Projects, LLC (3522FA9PXF)'
|
||||
'TextExpander,com.smileonmymac.textexpander,Developer ID Application: SmileOnMyMac, LLC (7PKJ6G4DXL)'
|
||||
)
|
||||
GROUP BY
|
||||
p0.path
|
||||
|
Loading…
Reference in New Issue
Block a user