RepoMirrors
/
osquery-defense-kit
mirror of https://github.com/chainguard-dev/osquery-defense-kit
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
1,312 Commits 1 Branch 31 Tags 5.6 MiB
Commit Graph

52 Commits

Author SHA1 Message Date
egibs a24c3d2333
Add exceptions for Autodesk, cloud_sql_proxy, .md downloads, TF providers in /tmp/, and more 
Signed-off-by: egibs <20933572+egibs@users.noreply.github.com>
 2024-11-20 13:45:50 -06:00
Thomas Stromberg 71096ba4c7
fpr: mc, colima, webfilterproxyd, headlamp, record it, etc 2024-11-13 16:34:12 -05:00
Thomas Stromberg 781f1a33af
fpr + Mark touched-executable as extra on macOS 2024-10-24 11:20:06 -04:00
Thomas Stromberg 9a1a4b049e
fpr: prosoft, ujust, kandji-library-manager, etc 2024-09-26 12:40:04 -04:00
Thomas Stromberg 4d0a9fd533
fpr: sequoia, osquery, cups, atops, transmission, etc 2024-09-23 11:07:53 -04:00
Thomas Stromberg 4b10d10520
False-positives be damned 2024-08-27 18:40:43 -04:00
Thomas Stromberg 00fa80a0d9
Massive false-positive reduction, particularly for uBlue 2024-06-27 09:23:52 -04:00
Thomas Stromberg 5dd614f54c
fpr: MHLink, k3d, BlueFin, query tuning 2024-04-26 16:14:02 -04:00
Thomas Stromberg 5ef3c88213
Overdue False Positive Reduction 2024-03-29 10:12:36 -04:00
Thomas Stromberg f87a8e8197 fpr: Elastic, IR, Velociraptor, BitDefender, incus, Adguard 2024-02-16 17:14:11 -05:00
Thomas Stromberg e42ea9a4bc
massive fpr: Rapid7, Elastic, everything 2024-01-26 14:07:37 -05:00
Thomas Stromberg 5d31e8da5f
fpr: psi, arduino, bitdefender, keybase, cody, etc 2024-01-22 10:36:01 -05:00
Thomas Stromberg 875125fc94
Add exceptions for Elastic Defend & Rapid7 InsightIDR 2024-01-08 19:07:57 -05:00
Thomas Stromberg 310e51d2a2
fpr: Capture One, Grammarly, Mullvad, etc 2023-12-08 17:12:27 -05:00
Thomas Stromberg 0060bb087e
fpr: aws, java, arch, cody, google, wireshark, etc 2023-10-31 11:40:10 -04:00
Thomas Stromberg 7d9aced380
fpr: mtr, vscode, cpptools, cron, firefox 2023-10-25 09:18:04 -04:00
Thomas Stromberg f16c3cdf53 fpr: sourcegraph, nginx, factorio, fan control, emacs, nushell 2023-09-14 17:13:12 -04:00
Thomas Stromberg 190e8adcfd Merge to master 2023-09-01 17:34:36 -04:00
Thomas Stromberg 84125c4bb1
Remove recently common false positives 2023-09-01 17:09:47 -04:00
Thomas Stromberg 188bc78f4c Fix errors 2023-08-15 18:29:27 -04:00
Thomas Stromberg dce2eb2af5 Add many exceptions 2023-08-15 18:13:06 -04:00
Thomas Stromberg a0e4183bf4 fpr: Velociraptor, nessus, kandji, java, SteelSeries, etc 2023-07-12 17:38:26 -04:00
Thomas Stromberg c9f0b2bee5
fpr: Steam, Presenting, Wavebox, multipass, parallels, cargo, dnf, Kindle, DaveTheDiver 2023-07-03 07:16:14 -04:00
Thomas Stromberg 32328c91f1 fpr: Slack, Gnome, Sigstore, Logitune, etc 2023-06-12 10:10:57 -04:00
Thomas Stromberg 066c88dc18 fpr: multipass, go, macOS, Ubuntu, Opera, git, ko 2023-06-02 19:08:08 -04:00
Thomas Stromberg 9575d18bc2 fpr: FleetDM, Edge, VSCode, dnf, Steam, etc 2023-06-01 11:52:20 -04:00
Thomas Stromberg c6eec0ee17 Query tuning after Geacon testing 2023-05-17 10:54:16 -04:00
Thomas Stromberg 26b2b9a4c7
fpr: LGHUB, aomshm, Wisdolia, uubyte, eclipse, etc 2023-05-11 11:29:55 -04:00
Thomas Stromberg 9c3f783491 fpr everything 2023-04-17 16:20:35 -04:00
Thomas Stromberg 13a95a4f41
Add exceptions for Kandji 2023-03-17 15:46:00 -04:00
Thomas Stromberg f25cfe1399
fpr: aws-sdk, melange, Tailscale, Xprotect, etc 2023-03-03 07:24:42 -05:00
Ian Brown 551d7dbb8c
fpr: Fujitsu, vmware, objective-see, paragon, etc 
Signed-off-by: Ian Brown <ian@zestysoft.com>
 2023-02-18 12:02:40 -08:00
Thomas Stromberg a8ed058d4d
Query performance improvements, add pids, decrease frequency 2023-02-09 17:01:29 -05:00
Thomas Stromberg 5274198687
Add exceptions for socket_vmnet and pnpd 2023-02-08 14:44:22 -05:00
Thomas Stromberg 2634e9d45b
Monday morning false-positive purge 2023-02-08 14:37:09 -05:00
Thomas Stromberg 2bdb9f2f3e
Add more macOS software authorities 2023-02-02 20:53:22 -05:00
Thomas Stromberg 41ee6feced
Merge remote-tracking branch 'upstream/main' 2023-02-02 20:33:46 -05:00
Thomas Stromberg 91b20a98fd
Add uid0 exception for Logitech 2023-02-02 20:33:34 -05:00
Thomas Stromberg bb3e1f964e
Run make reformat, update max rows for incident response 2023-02-02 17:58:19 -05:00
Thomas Stromberg 809645a3bf
Add new Kolide id, fix some debug lines 2023-02-02 17:42:46 -05:00
Thomas Stromberg ba45449f7d
unexpected uid0: fix bug, make faster 2023-02-02 17:16:35 -05:00
Thomas Stromberg 2093a26423
Fix broken macOS queries 2023-02-02 15:33:25 -05:00
Thomas Stromberg 393b83168f
Merge to head 2023-02-01 15:11:51 -05:00
Thomas Stromberg 23f436f906
Minor perf improvements for macOS queries 2023-02-01 15:06:58 -05:00
Thomas Stromberg f9dce0a72d
Include more process information across queries 2023-02-01 13:55:55 -05:00
Thomas Stromberg ab94de7770
Add a lot more mitre data 2022-10-19 16:56:32 -04:00
Thomas Stromberg 2b5ea76729
Apply 'npx sql-formatter -l sqlite' 2022-10-17 19:06:17 -04:00
Thomas Stromberg f2023c0021
Update interval tags, mostly for persistence 2022-10-14 14:26:49 -04:00
Thomas Stromberg d2bdffe89e
Add support for interval tags 2022-10-14 14:19:13 -04:00
Thomas Stromberg b9a64e8b99
Janitorial maintenance 2022-10-14 10:18:01 -04:00