RepoMirrors
/
osquery-defense-kit
mirror of https://github.com/chainguard-dev/osquery-defense-kit
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #14 from chainguard-dev/false-positives 

False-positive update: Chrome, /usr/local/bin
This commit is contained in:
Thomas Strömberg 2022-10-20 14:13:03 -04:00 committed by GitHub
parent c082d0caa8 d55d1db202
commit 8b16ce2aa4
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
detection/c2/unexpected-talkers-linux.sql
View File

@ -109,5 +109,12 @@ WHERE
AND s.protocol = 6
AND p.euid > 500
)
AND NOT (
p.name = 'chrome'
AND f.filename = 'chrome'
AND s.remote_port > 5000
AND s.protocol = 6
AND p.euid > 500
)
GROUP BY
p.cmdline

1
detection/execution/unexpected-gatekeeper-approvals-macos.sql
View File

@ -27,6 +27,7 @@ FROM
WHERE
gap.path NOT LIKE '/Users/%/bin/%'
AND gap.path NOT LIKE '/Users/%/rekor-cli'
AND gap.path NOT LIKE '/usr/local/bin/%'
AND gap.path NOT LIKE '/Users/%/scorecard-darwin-amd64'
AND gap.path NOT LIKE '/Users/%/scorecard-darwin-amd64'
AND gap.path NOT LIKE '/Users/%/configure'