RepoMirrors
/
osquery-defense-kit
mirror of https://github.com/chainguard-dev/osquery-defense-kit
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #15 from chainguard-dev/false-positives-npm-exec 

linux https clients: Add exception for npm exec
This commit is contained in:
Thomas Strömberg 2022-10-20 14:16:14 -04:00 committed by GitHub
parent 8b16ce2aa4 905046cd2a
commit c8bf0265eb
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
detection/c2/unexpected-https-client-linux.sql
View File

@ -94,5 +94,6 @@ WHERE
'500,/usr/syncthing,0u,0g,syncthing' '500,/usr/syncthing,0u,0g,syncthing'
) -- stay weird, NixOS (Fastly nix mirror) ) -- stay weird, NixOS (Fastly nix mirror)
AND NOT child_cmd = '/run/current-system/sw/bin/bash' AND NOT child_cmd = '/run/current-system/sw/bin/bash'
AND NOT exception_key LIKE '500,/usr/node,0u,0g,npm exec %'
GROUP BY GROUP BY
p.cmdline p.cmdline