RepoMirrors/osquery-defense-kit
1
0
Fork 0
mirror of https://github.com/chainguard-dev/osquery-defense-kit synced 2025-01-10 15:49:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #7 from chainguard-dev/false-positives

Browse Source 
Add exception for gitsign
This commit is contained in:
Thomas Strömberg 2022-10-20 13:18:30 -04:00 committed by GitHub
commit 95e5c925e9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
detection/c2/unexpected-https-client-linux.sql
View File

@ -60,33 +60,33 @@ WHERE
AND s.remote_address NOT LIKE 'fc00:%'
AND p.path != ''
AND NOT exception_key IN (
'0,/usr/dockerd,0u,0g,dockerd',
'0,/usr/flatpak-system-helper,0u,0g,flatpak-system-', -- fedoraproject.org
'0,/usr/launcher,0u,0g,launcher',
'0,/usr/dockerd,0u,0g,dockerd',
'0,/usr/packagekitd,0u,0g,packagekitd',
'0,/usr/packagekitd,0u,0g,packagekitd', -- Google
'0,/usr/tailscaled,0u,0g,tailscaled',
'0,/usr/.tailscaled-wrapped,0u,0g,.tailscaled-wra',
'500,/app/slack,u,g,slack',
'500,/app/zoom.real,u,g,zoom.real',
'500,/home/chainctl,500u,500g,chainctl',
'500,/ko-app/chainctl,u,g,chainctl',
'500,/ko-app/controlplane,u,g,controlplane',
'500,/opt/chrome,0u,0g,chrome',
'500,/opt/spotify,0u,0g,spotify',
'500,/snap/firefox,0u,0g,firefox',
'500,/usr/curl,0u,0g,curl',
'500,/usr/chrome,0u,0g,chrome',
'500,/usr/code,0u,0g,code',
'500,/usr/curl,0u,0g,curl',
'500,/usr/firefox,0u,0g,firefox',
'500,/usr/firefox,0u,0g,.firefox-wrappe',
'500,/usr/flatpak-oci-authenticator,0u,0g,flatpak-oci-aut', -- fedoraproject.org
'500,/usr/geoclue,0u,0g,geoclue',
'500,/usr/gitsign,0u,0g,gitsign',
'500,/usr/gnome-software,0u,0g,gnome-software',
'500,/usr/kubectl,500u,500g,kubectl',
'500,/usr/slack,0u,0g,slack',
'500,/app/zoom.real,u,g,zoom.real',
'500,/usr/syncthing,0u,0g,syncthing'
)
GROUP BY
p.cmdline