osquery-defense-kit

Commit Graph

Author	SHA1	Message	Date
Thomas Stromberg	ff2ab95431	Remove file sizes from systemd exception key	2023-06-08 18:26:57 -04:00
Thomas Stromberg	c8760e0ae1	fpr: macOS, Signal, Creative Labs, node, etc	2023-06-07 09:55:17 -04:00
Thomas Stromberg	066c88dc18	fpr: multipass, go, macOS, Ubuntu, Opera, git, ko	2023-06-02 19:08:08 -04:00
Thomas Stromberg	9575d18bc2	fpr: FleetDM, Edge, VSCode, dnf, Steam, etc	2023-06-01 11:52:20 -04:00
Thomas Stromberg	24c2baef28	Make process times broadly available, minor opts	2023-05-16 17:18:39 -04:00
Thomas Stromberg	1961531adf	fpr: more refactor fallout	2023-04-28 14:40:12 -04:00
Thomas Stromberg	d4dd423745	fpr: Grammarly, semodule, docker-compose, xdg, etc	2023-03-30 18:44:01 -04:00
Thomas Stromberg	824efa9705	fpr: yum, systemd, cloud-sql-proxy, image-automation-controller, helm, bom, aws	2023-03-14 19:00:44 -04:00
Thomas Stromberg	f25cfe1399	fpr: aws-sdk, melange, Tailscale, Xprotect, etc	2023-03-03 07:24:42 -05:00
Thomas Stromberg	fb7cd56249	fpr: abrt-dbus, gdm, chrome, ff, etc	2023-02-24 16:30:17 -05:00
Thomas Stromberg	bc359d69ce	Linux events: decrease CPU usage of elevated children & execdir	2023-02-17 10:40:58 -05:00
Thomas Stromberg	bb3e1f964e	Run make reformat, update max rows for incident response	2023-02-02 17:58:19 -05:00
Thomas Stromberg	cdcb2d48f3	Slow queries down, minor improvements	2023-02-01 16:17:36 -05:00
Thomas Stromberg	f9dce0a72d	Include more process information across queries	2023-02-01 13:55:55 -05:00
Thomas Stromberg	83cc38207e	fpr: minikube, tailscale, dex, pacman, virtualbox, steam, lsmod, busybox, etc	2023-01-23 20:33:52 -05:00
Thomas Stromberg	e3401a07c6	Weekend false-positive flush	2023-01-14 08:19:26 -05:00
Thomas Stromberg	e8af31a348	false positives: dots, ipn, apport-gtk, homebrew, hyperkey, contexts	2023-01-09 09:34:20 -05:00
Thomas Stromberg	4eb6993272	Catch up to some older false positives we ran into	2023-01-06 17:11:24 -05:00
Thomas Stromberg	49a19a6fd5	Sort out more false positives	2022-12-16 17:37:32 -05:00
Thomas Stromberg	404adf3e1f	Another false positive flush: Capital One, tailscaled, agetty, snap, ninja, epson printers, etc	2022-12-15 16:51:58 -05:00
Thomas Stromberg	16f9b2f3ee	Remove more false positives: kind, gopls, docker.socket, etc	2022-12-15 10:20:16 -05:00
Thomas Stromberg	60e5435ed4	Allow mount-product-files and / (bad data), add cgroup_path	2022-12-15 09:20:41 -05:00
Thomas Stromberg	3dec23370c	More exclusions	2022-11-08 12:59:11 -05:00
Thomas Stromberg	f93a18d112	Refactor execdir, remove false positives	2022-11-07 20:36:37 -05:00

24 Commits