RepoMirrors/osquery-defense-kit
1
0
Fork 0
mirror of https://github.com/chainguard-dev/osquery-defense-kit synced 2025-01-25 06:42:56 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add exception for snap container mounts

Browse Source
This commit is contained in:
Thomas Stromberg 2022-11-16 10:39:21 -05:00
parent f36b74c487
commit e8ee572311
Failed to extract signature
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
detection/evasion/parent-missing-from-disk.sql
View File

@ -58,6 +58,7 @@ WHERE
) )
AND parent_path NOT LIKE '/app/extra/%' AND parent_path NOT LIKE '/app/extra/%'
AND parent_path NOT LIKE '/opt/homebrew/Cellar/%' AND parent_path NOT LIKE '/opt/homebrew/Cellar/%'
AND parent_path NOT LIKE '/tmp/.mount_%/%'
AND NOT ( AND NOT (
parent_name LIKE 'kworker/%+events_unbound' parent_name LIKE 'kworker/%+events_unbound'
AND child_name IN ('modprobe') AND child_name IN ('modprobe')