RepoMirrors
/
osquery-defense-kit
mirror of https://github.com/chainguard-dev/osquery-defense-kit
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
1,314 Commits 1 Branch 31 Tags 5.6 MiB
Commit Graph

31 Commits

Author SHA1 Message Date
Thomas Stromberg 71096ba4c7
fpr: mc, colima, webfilterproxyd, headlamp, record it, etc 2024-11-13 16:34:12 -05:00
Thomas Stromberg 9a1a4b049e
fpr: prosoft, ujust, kandji-library-manager, etc 2024-09-26 12:40:04 -04:00
Thomas Stromberg 4d0a9fd533
fpr: sequoia, osquery, cups, atops, transmission, etc 2024-09-23 11:07:53 -04:00
Thomas Stromberg 6c292f11af
fpr: kas, bitnami, redis, bincapz, kolide, docker, whatsapp 2024-07-12 16:55:49 -04:00
Thomas Stromberg ab2535717f
fpr: Fedora Silverblue, MHLinkServer, new terminals 2024-05-23 17:26:33 -04:00
Thomas Stromberg 0e5c8ec11e
Allows for Docker, Yubico, /dev/zero 2024-03-29 08:07:01 -04:00
Thomas Stromberg 342d813bf8 fpr: Docker Desktop, code-oss, incus, etc 2024-02-26 17:26:56 -05:00
Thomas Stromberg b1e05d6612 merge conflict 2024-02-16 17:17:45 -05:00
Thomas Stromberg f87a8e8197 fpr: Elastic, IR, Velociraptor, BitDefender, incus, Adguard 2024-02-16 17:14:11 -05:00
Thomas Stromberg 12a55753b5
fpr: Elastic Defend, gcloud, Warp, etc 2024-02-05 10:45:17 -05:00
Thomas Stromberg e42ea9a4bc
massive fpr: Rapid7, Elastic, everything 2024-01-26 14:07:37 -05:00
Thomas Stromberg 5d31e8da5f
fpr: psi, arduino, bitdefender, keybase, cody, etc 2024-01-22 10:36:01 -05:00
Thomas Stromberg ceec1718f9
fpr: snap, mutedeck, idea, Chrome exts 2024-01-18 17:15:37 -05:00
Thomas Stromberg 875125fc94
Add exceptions for Elastic Defend & Rapid7 InsightIDR 2024-01-08 19:07:57 -05:00
Thomas Stromberg 3c2be1c16e
fpr: Kolide, qemu, bash, monday, macOS 2023-10-24 18:01:36 -04:00
Thomas Stromberg 190e8adcfd Merge to master 2023-09-01 17:34:36 -04:00
Thomas Stromberg 84125c4bb1
Remove recently common false positives 2023-09-01 17:09:47 -04:00
Thomas Stromberg dce2eb2af5 Add many exceptions 2023-08-15 18:13:06 -04:00
Thomas Stromberg ce2f0f06cb
fpr; Keybase, grype, UpdateBrainService, OpenOffice, sqlproxy 2023-07-20 10:56:49 -04:00
Thomas Stromberg fb7cd56249
fpr: abrt-dbus, gdm, chrome, ff, etc 2023-02-24 16:30:17 -05:00
Ian Brown 551d7dbb8c
fpr: Fujitsu, vmware, objective-see, paragon, etc 
Signed-off-by: Ian Brown <ian@zestysoft.com>
 2023-02-18 12:02:40 -08:00
Thomas Stromberg 8d4531198f
fpr: My ORA, Ecamm, setroubleshootd, etc 2023-02-14 19:46:36 -05:00
Thomas Stromberg a8ed058d4d
Query performance improvements, add pids, decrease frequency 2023-02-09 17:01:29 -05:00
echunduri e44dc167e9 Modified detections explicilty targeted towards macOS to not include cgroup_path fields anymore 2023-02-09 10:57:03 +11:00
Thomas Stromberg 2093a26423
Fix broken macOS queries 2023-02-02 15:33:25 -05:00
Thomas Stromberg f9dce0a72d
Include more process information across queries 2023-02-01 13:55:55 -05:00
Thomas Stromberg f2023c0021
Update interval tags, mostly for persistence 2022-10-14 14:26:49 -04:00
Thomas Stromberg d2bdffe89e
Add support for interval tags 2022-10-14 14:19:13 -04:00
Thomas Stromberg 20452b128b
Migrate query strings from double to single apostrophes 2022-10-13 14:59:32 -04:00
Thomas Stromberg e785c35614
v0.0.1 2022-10-13 09:11:17 -04:00
Thomas Stromberg 26ee658c4a
Initial re-organization around the MITRE ATT&CK framework 2022-10-11 21:53:36 -04:00