mirror of
https://github.com/chainguard-dev/osquery-defense-kit
synced 2025-02-16 17:37:06 +00:00
Fix velociraptor exception
This commit is contained in:
Thomas Stromberg
parent
870ea132ee
commit
d310dac7cc
@ -80,19 +80,20 @@ WHERE
|
||||
AND exception_key NOT IN (
|
||||
'0,nix,nix,',
|
||||
'0,osqueryd,osqueryd,Developer ID Application: OSQUERY A Series of LF Projects, LLC (3522FA9PXF)',
|
||||
'0,velociraptor,a.out,',
|
||||
'500,.cargo-wrapped,.cargo-wrapped,',
|
||||
'500,bash,bash,',
|
||||
'500,bash,com.apple.bash,Software Signing',
|
||||
'500,Bazecor Helper,,',
|
||||
'500,Bitwarden,com.bitwarden.desktop,Apple Mac OS Application Signing',
|
||||
'500,Bitwarden Helper,com.bitwarden.desktop.helper,Apple Mac OS Application Signing',
|
||||
'500,Bitwarden Helper (GPU),com.bitwarden.desktop.helper.GPU,Apple Mac OS Application Signing',
|
||||
'500,Bitwarden Helper (Renderer),com.bitwarden.desktop.helper.Renderer,Apple Mac OS Application Signing',
|
||||
'500,Bitwarden Helper,com.bitwarden.desktop.helper,Apple Mac OS Application Signing',
|
||||
'500,Bitwarden,com.bitwarden.desktop,Apple Mac OS Application Signing',
|
||||
'500,BloomRPC Helper,,',
|
||||
'500,bufls,a.out,',
|
||||
'500,.cargo-wrapped,.cargo-wrapped,',
|
||||
'500,chainctl,a.out,',
|
||||
'500,cloud-sql-proxy,a.out,',
|
||||
'500,cloud_sql_proxy,a.out,',
|
||||
'500,cloud-sql-proxy,a.out,',
|
||||
'500,cloud-sql-proxy.darwin.arm64,a.out,',
|
||||
'500,copilot-agent-macos-arm64,copilot-agent-macos-arm64-5555494405ae226b796431f588804b65cad1040e,',
|
||||
'500,CopyClip,com.fiplab.clipboard,Apple Mac OS Application Signing',
|
||||
@ -103,78 +104,77 @@ WHERE
|
||||
'500,dive,a.out,',
|
||||
'500,Divvy,com.mizage.Divvy,Apple Mac OS Application Signing',
|
||||
'500,dlv,a.out,',
|
||||
'500,Duckly,Electron,',
|
||||
'500,Duckly Helper,Electron Helper,',
|
||||
'500,Duckly Helper (Renderer),Electron Helper (Renderer),',
|
||||
'500,Duckly Helper,Electron Helper,',
|
||||
'500,Duckly,Electron,',
|
||||
'500,Emacs-arm64-11,Emacs-arm64-11,Developer ID Application: Galvanix (5BRAQAFB8B)',
|
||||
'500,epdfinfo,epdfinfo,',
|
||||
'500,esbuild,,',
|
||||
'500,esbuild,a.out,',
|
||||
'500,fake,a.out,',
|
||||
'500,Final Cut Pro,com.apple.FinalCut,Apple Mac OS Application Signing',
|
||||
'500,git,git,',
|
||||
'500,gitsign,a.out,',
|
||||
'500,ko,,',
|
||||
'500,gitsign-credential-cache,a.out,',
|
||||
'500,gitsign,a.out,',
|
||||
'500,GitterHelperApp,com.troupe.gitter.mac.GitterHelperApp,Developer ID Application: Troupe Technology Limited (A86QBWJ43W)',
|
||||
'500,go,a.out,',
|
||||
'500,gopls,a.out,',
|
||||
'500,gopls,gopls,',
|
||||
'500,gpg-agent,gpg-agent,',
|
||||
'500,Grammarly for Safari,com.grammarly.safari.extension,Apple Mac OS Application Signing',
|
||||
'500,Grammarly Safari Extension,com.grammarly.safari.extension.ext2,Apple Mac OS Application Signing',
|
||||
'500,hugo,a.out,',
|
||||
'500,InternalFiltersXPC,com.apple.InternalFiltersXPC,Apple Mac OS Application Signing',
|
||||
'500,ipcserver,com.valvesoftware.steam,Developer ID Application: Valve Corporation (MXGJJ98X76)',
|
||||
'500,ipcserver.old,,',
|
||||
'0,velociraptor,a.out',
|
||||
'500,k9s,a.out,',
|
||||
'500,ko,,',
|
||||
'500,ko,a.out,',
|
||||
'500,kubectl,a.out,',
|
||||
'500,lua-language-server,lua-language-server,',
|
||||
'500,Magnet,com.crowdcafe.windowmagnet,Apple Mac OS Application Signing',
|
||||
'500,mattermost,a.out,',
|
||||
'500,Mattermost Helper (GPU),Mattermost.Desktop.helper.GPU,Apple Mac OS Application Signing',
|
||||
'500,Mattermost Helper,Mattermost.Desktop.helper,Apple Mac OS Application Signing',
|
||||
'500,Mattermost Helper (Renderer),Mattermost.Desktop.helper.Renderer,Apple Mac OS Application Signing',
|
||||
'500,Mattermost Helper,Mattermost.Desktop.helper,Apple Mac OS Application Signing',
|
||||
'500,mattermost,a.out,',
|
||||
'500,Mattermost,Mattermost.Desktop,Apple Mac OS Application Signing',
|
||||
'500,melange-run,a.out,',
|
||||
'500,monorail,a.out,',
|
||||
'500,OOPProResRawService,com.apple.videoapps.OOPProResRawService,Apple Mac OS Application Signing',
|
||||
'500,osqueryd,osqueryd,Developer ID Application: OSQUERY A Series of LF Projects, LLC (3522FA9PXF)',
|
||||
'500,plugin-darwin-arm64,a.out,',
|
||||
'500,tflint,a.out,',
|
||||
'500,PrinterProxy,com.apple.print.PrinterProxy,',
|
||||
'500,registry,a.out,',
|
||||
'500,registry-redirect,a.out,',
|
||||
'500,tflint-ruleset-google,a.out,',
|
||||
'500,registry,a.out,',
|
||||
'500,Runner.Listener,apphost-55554944a938bab90f04347d83659c53dd1197d6,',
|
||||
'500,rust-analyzer,rust_analyzer-d11ae4e1bae4360d,',
|
||||
'500,scdaemon,scdaemon,',
|
||||
'500,tflint-ruleset-aws,a.out,',
|
||||
'500,sdaudioswitch,,',
|
||||
'500,monorail,a.out,',
|
||||
'500,sdaudioswitch,sdaudioswitch,',
|
||||
'500,k9s,a.out,',
|
||||
'500,sdzoomplugin,,',
|
||||
'500,Slack,com.tinyspeck.slackmacgap,Apple Mac OS Application Signing',
|
||||
'500,Slack Helper,com.tinyspeck.slackmacgap.helper,Apple Mac OS Application Signing',
|
||||
'500,Slack Helper (GPU),com.tinyspeck.slackmacgap.helper,Apple Mac OS Application Signing',
|
||||
'500,Slack Helper (Plugin),com.tinyspeck.slackmacgap.helper,Apple Mac OS Application Signing',
|
||||
'500,Slack Helper (Renderer),com.tinyspeck.slackmacgap.helper,Apple Mac OS Application Signing',
|
||||
'500,Slack Helper,com.tinyspeck.slackmacgap.helper,Apple Mac OS Application Signing',
|
||||
'500,Slack,com.tinyspeck.slackmacgap,Apple Mac OS Application Signing',
|
||||
'500,snyk-ls_darwin_arm64,a.out,',
|
||||
'500,ssh,ssh,',
|
||||
'500,Steam Helper,com.valvesoftware.steam.helper,Developer ID Application: Valve Corporation (MXGJJ98X76)',
|
||||
'500,steam_osx,com.valvesoftware.steam,Developer ID Application: Valve Corporation (MXGJJ98X76)',
|
||||
'500,stern,a.out,',
|
||||
'500,Grammarly Safari Extension,com.grammarly.safari.extension.ext2,Apple Mac OS Application Signing',
|
||||
'500,syncthing,syncthing,',
|
||||
'500,OOPProResRawService,com.apple.videoapps.OOPProResRawService,Apple Mac OS Application Signing',
|
||||
'500,Telegram,ru.keepcoder.Telegram,Apple Mac OS Application Signing',
|
||||
'500,testing,com.yourcompany.testing,', -- Xcode iPhone emulator
|
||||
'500,Todoist,com.todoist.mac.Todoist,Apple Mac OS Application Signing',
|
||||
'500,Todoist Helper,com.todoist.mac.Todoist.helper,Apple Mac OS Application Signing',
|
||||
'500,tflint-ruleset-aws,a.out,',
|
||||
'500,tflint-ruleset-google,a.out,',
|
||||
'500,tflint,a.out,',
|
||||
'500,Todoist Helper (GPU),com.todoist.mac.Todoist.helper.GPU,Apple Mac OS Application Signing',
|
||||
'500,Todoist Helper (Renderer),com.todoist.mac.Todoist.helper.Renderer,Apple Mac OS Application Signing',
|
||||
'500,Todoist Helper,com.todoist.mac.Todoist.helper,Apple Mac OS Application Signing',
|
||||
'500,Todoist,com.todoist.mac.Todoist,Apple Mac OS Application Signing',
|
||||
'500,TwitchStudioStreamDeck,TwitchStudioStreamDeck,Developer ID Application: Corsair Memory, Inc. (Y93VXCB8Q5)',
|
||||
'500,vim,,',
|
||||
'500,vim,vim,',
|
||||
'500,esbuild,,',
|
||||
'500,WinAppHelper,,',
|
||||
'500,WinAppHelper,WinAppHelper,'
|
||||
)
|
||||
|
||||
Loading…
Reference in New Issue
Block a user