Thomas Stromberg
|
9f63e3b21d
|
Begin making use of cgroup_paths, clear more false positives
|
2022-11-16 16:52:39 -05:00 |
|
Thomas Stromberg
|
18f17bbee8
|
Complete cleanup phase 1
|
2022-11-16 11:18:45 -05:00 |
|
Thomas Stromberg
|
c9605d1c98
|
Add exceptions for terraform, hugo, macOS updates
|
2022-11-08 14:32:38 -05:00 |
|
Thomas Stromberg
|
066d8aec1d
|
Add exceptions for zellij & warp
|
2022-10-29 14:11:33 -04:00 |
|
Thomas Stromberg
|
897c96bd33
|
Remove more in-the-wild false positives
|
2022-10-27 16:55:00 -04:00 |
|
Thomas Stromberg
|
5bbde18759
|
webmail: Add JFIF, remove BZ2, TAR, GZ from expectations list
|
2022-10-27 16:26:43 -04:00 |
|
Thomas Stromberg
|
fdb891ba0b
|
False-positive removal: grype, gedit, mov, abrt-action, dnf
|
2022-10-21 14:13:29 -04:00 |
|
Thomas Stromberg
|
7d568898c1
|
Reduce query intervals for some higher overhead queries
|
2022-10-20 14:56:16 -04:00 |
|
Thomas Stromberg
|
ab94de7770
|
Add a lot more mitre data
|
2022-10-19 16:56:32 -04:00 |
|
Thomas Stromberg
|
cee1710f74
|
Finish out the incident_response refactor
|
2022-10-19 16:19:53 -04:00 |
|
Thomas Stromberg
|
0160d05ed3
|
Add new spotlight queries to surface unexpected dmg/iso downloads
|
2022-10-18 08:52:05 -04:00 |
|
Thomas Stromberg
|
2b5ea76729
|
Apply 'npx sql-formatter -l sqlite'
|
2022-10-17 19:06:17 -04:00 |
|
Thomas Stromberg
|
984f754990
|
Add more false positive filters
|
2022-10-17 19:01:16 -04:00 |
|
Thomas Stromberg
|
58dec12a49
|
Remove some false positives
|
2022-10-17 17:31:47 -04:00 |
|
Thomas Stromberg
|
d2bdffe89e
|
Add support for interval tags
|
2022-10-14 14:19:13 -04:00 |
|
Thomas Stromberg
|
20452b128b
|
Migrate query strings from double to single apostrophes
|
2022-10-13 14:59:32 -04:00 |
|
Thomas Stromberg
|
26ee658c4a
|
Initial re-organization around the MITRE ATT&CK framework
|
2022-10-11 21:53:36 -04:00 |