RepoMirrors/osquery-defense-kit
1
0
Fork 0
mirror of https://github.com/chainguard-dev/osquery-defense-kit synced 2025-02-19 19:26:55 +00:00
Code Issues Packages Projects Releases Wiki Activity
756 Commits 1 Branch 31 Tags 7 MiB
020145f207
Commit Graph

756 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Thomas Strömberg
020145f207
Merge pull request #207 from tstromberg/kindle 
Optimize recently-created-executables-macos
 2023-02-24 17:27:07 -05:00
Thomas Stromberg
12a5507907
Optimize recently-created-executables-macos 2023-02-24 17:24:09 -05:00
Thomas Strömberg
243b4d04e6
Merge pull request #206 from tstromberg/kindle 
macOS: Exceptions for TestFlight apps & specifically Kindle
 2023-02-24 17:08:54 -05:00
Thomas Stromberg
4150b1ee7c
macOS: Exceptions for TestFlight apps & specifically Kindle 2023-02-24 17:04:34 -05:00
Thomas Strömberg
5f1d801b68
Merge pull request #205 from tstromberg/fpr-eow 
Fix broken IR non-Wireless rule
 2023-02-24 16:57:59 -05:00
Thomas Stromberg
fc08a698ec
Fix broken IR non-Wireless rule 2023-02-24 16:56:17 -05:00
Thomas Strömberg
eaa15112b5
Merge pull request #203 from tstromberg/fpr-eow 
fpr: abrt-dbus, gdm, chrome, ff, act, qemu, lima, etc.
 2023-02-24 16:52:18 -05:00
Thomas Stromberg
fb022f8005
verify: 10s for IR 2023-02-24 16:49:53 -05:00
Thomas Stromberg
2f25ce9c2a
Merge branch 'main' into fpr-eow 2023-02-24 16:49:07 -05:00
Thomas Strömberg
d359147e57
Merge pull request #204 from tstromberg/ci 
Add verify-ci Makefile rule
 2023-02-24 16:47:57 -05:00
Thomas Stromberg
39ad038c04
Add verify-ci Makefile rule 2023-02-24 16:44:00 -05:00
Thomas Stromberg
fe2e1a60b2
verify: increase max duration to 15s for IR 2023-02-24 16:32:02 -05:00
Thomas Stromberg
fb7cd56249
fpr: abrt-dbus, gdm, chrome, ff, etc 2023-02-24 16:30:17 -05:00
Thomas Strömberg
98be2abf1b
Fix CI badge 2023-02-24 16:27:20 -05:00
Thomas Strömberg
c04901d50a
Merge pull request #202 from tstromberg/ci 
Add Github CI job
 2023-02-24 12:19:08 -05:00
Thomas Stromberg
804a345da7
Add Github CI job 2023-02-24 12:18:29 -05:00
Thomas Strömberg
be31037062
Merge pull request #201 from tstromberg/ci 
Introduce CI testing & 'make verify' command.
 2023-02-24 12:17:16 -05:00
Thomas Stromberg
995c1e1104
Fixes so that ODK can run under CI 2023-02-24 12:15:56 -05:00
Thomas Strömberg
de899a68bb
Merge pull request #200 from tstromberg/makefile 
Makefile: collect as root
 2023-02-23 21:46:11 -05:00
Thomas Stromberg
1ac3d4fbb8
Makefile: collect as root 2023-02-23 21:45:34 -05:00
Thomas Strömberg
6c9f275bbc
Merge pull request #199 from tstromberg/main 
Makefile: add "make collection" target, improve others
 2023-02-23 21:30:43 -05:00
Thomas Stromberg
3984b82701
Makefile: add "make collection" target, improve others 2023-02-23 21:29:28 -05:00
Thomas Strömberg
1ec25c8d53
Merge pull request #198 from tstromberg/ir 
incident_response: bugfixes across queries
 2023-02-23 21:25:36 -05:00
Thomas Stromberg
5fa706805e
incident_response: bugfixes across queries 2023-02-23 21:24:52 -05:00
Thomas Strömberg
e50a84f382
Merge pull request #197 from tstromberg/rootkit-detection 
incident response: remove ever-changing columns from process table
 2023-02-23 17:13:06 -05:00
Thomas Stromberg
db792dc3c2
incident response: remove ever-changing columns from process table 2023-02-23 17:12:45 -05:00
Thomas Strömberg
a7c2b1d2fd
Merge pull request #196 from tstromberg/rootkit-detection 
incident response: Rename files-from-proc to process-files.
 2023-02-23 17:12:18 -05:00
Thomas Stromberg
8ce348dfc4
Rename files-from-proc to process-files. 2023-02-23 17:11:35 -05:00
Thomas Strömberg
6eff54d7f3
Merge pull request #195 from tstromberg/rootkit-detection 
incident response: Add dump of /dev files
 2023-02-23 17:11:10 -05:00
Thomas Strömberg
c198de4133
Merge pull request #194 from tstromberg/rootkit-detection 
Add detectors for the reveng_rtkit rootkit
 2023-02-23 17:10:39 -05:00
Thomas Stromberg
c8ecc36079
incident response: Add dump of /dev files 2023-02-23 17:09:25 -05:00
Thomas Stromberg
a7c2ef97e1
Add detectors for the reveng_rtkit rootkit 2023-02-23 17:05:11 -05:00
Thomas Strömberg
0cba2837bc
Merge pull request #193 from tstromberg/debian 
Debian uid0: add dhclient and unattended-upgr
 2023-02-23 10:39:15 -05:00
Thomas Stromberg
d253820cf2
Debian: add dhclient and unattended-upgr 2023-02-23 10:35:26 -05:00
Thomas Strömberg
ab5c01a998
Merge pull request #190 from zestysoft/fpr-2 
Add osquery to keyboard_sniffer
 2023-02-23 10:34:04 -05:00
Thomas Strömberg
f1e7474b3f
Merge pull request #192 from tstromberg/debian 
Add exceptions for Debian running under lima
 2023-02-23 10:33:46 -05:00
Thomas Stromberg
d904ca60cf
Add exceptions for Debian running under lima 2023-02-23 10:33:10 -05:00
Thomas Strömberg
26099f5fb7
Merge pull request #191 from tstromberg/postmortem 
Add 60 new postmortem queries for before/after analysis
 2023-02-23 09:38:20 -05:00
Thomas Stromberg
4d626923cd
Add many new incident response queries 2023-02-23 09:35:38 -05:00
Ian Brown
737eb93b48
Add osquery to keyboard_sniffer 
Signed-off-by: Ian Brown <ian@zestysoft.com>
 2023-02-21 22:07:08 -08:00
Thomas Strömberg
eeb8792ee8
Merge pull request #189 from tstromberg/ubuntu-lts-lima 
False positive reduction: Ubuntu LTS running on Lima VM
 2023-02-20 19:13:29 -05:00
Thomas Stromberg
baab22e282
Run make reformat-updates 2023-02-20 19:12:51 -05:00
Thomas Stromberg
3a4e0450a6
Uncomment remaining columns 2023-02-20 19:11:23 -05:00
Thomas Stromberg
d3780c0a6c
Remove ubuntu-lts false-positives on lima 2023-02-20 19:10:12 -05:00
Thomas Strömberg
7e2d9bf7eb
Merge pull request #188 from tstromberg/fpr-weekend 
fpr: exceptions for pacman, StreamDeck, gcloud, Rocket, thunderbird
 2023-02-20 18:05:22 -05:00
Thomas Stromberg
e8cf7ecbe3
fpr: exceptions for pacman, StreamDeck, gcloud, Rocket, thunderbird 2023-02-20 18:04:17 -05:00
Thomas Strömberg
9caafd4743
Merge pull request #187 from tstromberg/systemd-refactor 
systemd units: increase size bucket from 100 to 225
 2023-02-20 13:10:54 -05:00
Thomas Stromberg
82de4c9c2a
systemd units: increase size bucket from 100 to 225 2023-02-20 13:10:07 -05:00
Thomas Strömberg
575767eea1
Merge pull request #186 from tstromberg/fix-changes 
macos sniffers: back out osquery change until we understand it better
 2023-02-20 12:01:04 -05:00
Thomas Stromberg
75b7ec5552
macos sniffers: back out osquery change until we understand it better, sort exceptions 2023-02-20 11:58:43 -05:00