RepoMirrors
/
osquery-defense-kit
mirror of https://github.com/chainguard-dev/osquery-defense-kit
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
1,316 Commits 1 Branch 31 Tags 5.7 MiB
Commit Graph

30 Commits

Author SHA1 Message Date
Thomas Stromberg 9a1a4b049e
fpr: prosoft, ujust, kandji-library-manager, etc 2024-09-26 12:40:04 -04:00
Thomas Stromberg 6fe74680a0
fpr: June 28 - final rule tuning 2024-06-28 10:08:04 -04:00
Thomas Stromberg 5dd614f54c
fpr: MHLink, k3d, BlueFin, query tuning 2024-04-26 16:14:02 -04:00
Thomas Stromberg cf175ec48d More checks for unusual process names inspired by Earth Lusca 2023-09-18 14:14:40 -04:00
Thomas Stromberg ff2ab95431 Remove file sizes from systemd exception key 2023-06-08 18:26:57 -04:00
Thomas Stromberg 066c88dc18 fpr: multipass, go, macOS, Ubuntu, Opera, git, ko 2023-06-02 19:08:08 -04:00
Thomas Stromberg 56ede74c54 fpr: Parallels, Stream Deck, tflint, gitstatus, snyk 2023-05-17 17:52:55 -04:00
Thomas Stromberg 24c2baef28 Make process times broadly available, minor opts 2023-05-16 17:18:39 -04:00
Thomas Stromberg 9c87838b9f
fpr: Chrome, Kolide 2023-05-12 16:41:17 -04:00
Thomas Stromberg 26b2b9a4c7
fpr: LGHUB, aomshm, Wisdolia, uubyte, eclipse, etc 2023-05-11 11:29:55 -04:00
Thomas Stromberg df925eaa6c
fpr: lghub, brew, pve, chrome exts, etc 2023-04-20 20:45:35 -04:00
Thomas Stromberg d4dd423745
fpr: Grammarly, semodule, docker-compose, xdg, etc 2023-03-30 18:44:01 -04:00
Thomas Stromberg 9b0ed09c8e
fpr: xdg, docker, dbus, bpfilter_umh, docker, spotify, mage 2023-03-28 16:25:26 -04:00
Thomas Stromberg 7a78199906
fpr: traceroute, thunderbird, garmin installer, chainctl, etc 2023-03-21 14:07:06 -04:00
Thomas Stromberg fbab3701c0
fpr: Docker, Zwift, macOS updates, etc 2023-03-20 17:05:02 -04:00
Thomas Stromberg fb7cd56249
fpr: abrt-dbus, gdm, chrome, ff, etc 2023-02-24 16:30:17 -05:00
Thomas Stromberg d904ca60cf
Add exceptions for Debian running under lima 2023-02-23 10:33:10 -05:00
Thomas Stromberg d897f0b50d
fpr: Nessus, mysql-shell, ntia-checker, Ecamm, CopyClip, etc 2023-02-14 08:33:05 -05:00
Thomas Stromberg a8ed058d4d
Query performance improvements, add pids, decrease frequency 2023-02-09 17:01:29 -05:00
Thomas Stromberg 51151290fb
Refactor unexpected tmp executables for speed & decreased hits 2023-02-08 20:06:10 -05:00
Thomas Stromberg d302a9ff55
Purge false positives, again and again 2023-02-02 21:46:53 -05:00
Thomas Stromberg d51bd731a1
fpr: Parallels, nerdctl, Xorg, nvidia, Stream, etc 2023-01-26 20:40:47 -05:00
Thomas Stromberg 7d8fa35eb4
fpr: Github Absolute Date, Snagit, Figma, Seagate, aws, etc 2023-01-26 16:30:14 -05:00
Thomas Stromberg 83cc38207e
fpr: minikube, tailscale, dex, pacman, virtualbox, steam, lsmod, busybox, etc 2023-01-23 20:33:52 -05:00
Thomas Stromberg e6824d87e9
Run 'make reformat' 2023-01-20 09:24:24 -05:00
Thomas Stromberg dc154a6199
FPR: Meta Pixel Helper, systemctl, pia-daemon, 1Passwd, iTerm, Brave 2023-01-20 09:04:00 -05:00
Thomas Stromberg 8e9ae0fda3
Less false positives: particularly among systemctl calls 2023-01-20 08:40:08 -05:00
Thomas Stromberg 710ca28ed9
False positives: apt-daily, github runner, Slack helper, Foxit, syncthing 2023-01-19 11:52:31 -05:00
Thomas Stromberg 5c421f7c96
Refactor unexpected-tmp-executables for magic awareness 2023-01-18 14:41:36 -05:00
Thomas Stromberg f5e08ceec2
False positives: Chrome extensions, Steam games, tmp files, Photoshop 2023-01-18 14:10:33 -05:00