RepoMirrors/osquery-defense-kit
1
0
Fork 0
mirror of https://github.com/chainguard-dev/osquery-defense-kit synced 2025-02-13 16:07:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #9 from chainguard-dev/false-positives

Browse Source 
unexpected-library-entries: Add more /Library entries from the wild
This commit is contained in:
Thomas Strömberg 2022-10-20 13:39:15 -04:00 committed by GitHub
commit bab02a6295
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
detection/evasion/unexpected-library-entries-macos.sql
View File

@ -39,6 +39,7 @@ WHERE
'/Library/Application Support/', '/Library/Application Support/',
'/Library/Audio/', '/Library/Audio/',
'/Library/AutoBugCapture/', '/Library/AutoBugCapture/',
'/Library/Automator/',
'/Library/Bluetooth/', '/Library/Bluetooth/',
'/Library/Caches/', '/Library/Caches/',
'/Library/Catacomb/', '/Library/Catacomb/',
@ -58,6 +59,7 @@ WHERE
'/Library/DirectoryServices/', '/Library/DirectoryServices/',
'/Library/Documentation/', '/Library/Documentation/',
'/Library/DriverExtensions/', '/Library/DriverExtensions/',
'/Library/DropboxHelperTools/',
'/Library/Extensions/', '/Library/Extensions/',
'/Library/Filesystems/', '/Library/Filesystems/',
'/Library/Fonts/', '/Library/Fonts/',
@ -88,7 +90,10 @@ WHERE
'/Library/Objective-See/', '/Library/Objective-See/',
'/Library/OpenDirectory/', '/Library/OpenDirectory/',
'/Library/OSAnalytics/', '/Library/OSAnalytics/',
'/Library/OSAnalytics/.DS_Store',
'/Library/PDF Services/',
'/Library/Perl/', '/Library/Perl/',
'/Library/Plug-Ins/',
'/Library/PreferencePanes/', '/Library/PreferencePanes/',
'/Library/Preferences/', '/Library/Preferences/',
'/Library/Preferences/.GlobalPreferences.plist', '/Library/Preferences/.GlobalPreferences.plist',