RepoMirrors/osquery-defense-kit
1
0
Fork 0
mirror of https://github.com/chainguard-dev/osquery-defense-kit synced 2024-12-15 10:34:35 +00:00
Code Issues Packages Projects Releases Wiki Activity
246 Commits 1 Branch 31 Tags 5.8 MiB
05ccb9b718
Commit Graph

246 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Thomas Stromberg
05ccb9b718
Allow larger shell/python programs 2022-10-21 11:41:33 -04:00
Thomas Stromberg
6bb1785df9
Add carevout for /nix/store and caskroom 2022-10-21 11:40:47 -04:00
Thomas Stromberg
1afd3f6a75
add exceptions for nix, kde paths, rvictl, and profile 2022-10-21 11:37:55 -04:00
Thomas Stromberg
ed2bede71f
linux https client: Add 1password 2022-10-21 11:28:31 -04:00
Thomas Stromberg
770496edea
dev opener: Add bluetoothd 2022-10-21 11:27:42 -04:00
Thomas Stromberg
2538e7f7ce
macos talkers: add grype, chainctl 2022-10-21 11:26:50 -04:00
Thomas Stromberg
a31108984f
linux talkers: add more ports for thunderbird, chrome, firefox 2022-10-21 11:22:24 -04:00
Thomas Stromberg
1359cdd38d
linux ports: add registry on 5000 2022-10-21 11:15:05 -04:00
Thomas Stromberg
b6af630ad8
linux https clients: add nix, pacman, thunderbird, chainctl, kubectl, socket process, go, tf, webkit, xmobar 2022-10-21 11:12:44 -04:00
Thomas Strömberg
dfe9f64953
Merge pull request #18 from chainguard-dev/reformat2 
Reduce query intervals for some higher overhead queries
 2022-10-20 14:56:38 -04:00
Thomas Stromberg
7d568898c1
Reduce query intervals for some higher overhead queries 2022-10-20 14:56:16 -04:00
Thomas Strömberg
4bbfdcb275
Merge pull request #17 from chainguard-dev/false-positives-npm-exec 
exotic commands: Add UserKnownHostsFile from event-based queries, fix phash join
 2022-10-20 14:33:03 -04:00
Thomas Strömberg
ad67a18549
Merge pull request #16 from gmarnin/patch-1 
Missing a ;
 2022-10-20 14:32:14 -04:00
Thomas Stromberg
1020cd6991
exotic commands (state-based): Add UserKnownHostsFile from event based, fix phash join 2022-10-20 14:31:36 -04:00
Marnin
51b60f9569
Missing a ; 2022-10-20 14:16:17 -04:00
Thomas Strömberg
c8bf0265eb
Merge pull request #15 from chainguard-dev/false-positives-npm-exec 
linux https clients: Add exception for npm exec
 2022-10-20 14:16:14 -04:00
Thomas Stromberg
905046cd2a
linux https clients: Add exception for npm exec 2022-10-20 14:15:57 -04:00
Thomas Strömberg
8b16ce2aa4
Merge pull request #14 from chainguard-dev/false-positives 
False-positive update: Chrome, /usr/local/bin
 2022-10-20 14:13:03 -04:00
Thomas Stromberg
d55d1db202
Add /usr/local/bin 2022-10-20 14:11:35 -04:00
Thomas Stromberg
416bdd8fd1
Add broader port exception for Chrome 2022-10-20 14:11:19 -04:00
Thomas Strömberg
c082d0caa8
Merge pull request #13 from chainguard-dev/reformat 
Run 'make reformat'
 2022-10-20 14:03:17 -04:00
Thomas Strömberg
0c1bf8043e
Merge pull request #12 from chainguard-dev/icmp-events 
Add events-based detector for ICMP sockets
 2022-10-20 14:03:03 -04:00
Thomas Stromberg
ec1a5b6c17
Add events-based detector for ICMP sockets 2022-10-20 14:02:06 -04:00
Thomas Stromberg
a68a3496e9
Run 'make reformat' 2022-10-20 14:01:34 -04:00
Thomas Strömberg
6d535ddc37
Merge pull request #11 from chainguard-dev/talkers 
More net exceptions: ssh, Linear Orbit, Microsoft, Electron
 2022-10-20 13:54:30 -04:00
Thomas Stromberg
26fbe36e77
Linux: Add electron as an HTTPS client 2022-10-20 13:53:18 -04:00
Thomas Stromberg
9ff14203b6
macOS: Allow Linear Orbit and Microsoft to listen on a wider range of ports 2022-10-20 13:52:34 -04:00
Thomas Stromberg
ad832bc280
linux talkers: Treat /snap as /opt 2022-10-20 13:50:14 -04:00
Thomas Stromberg
6624c8c620
linux talkers: Add ssh exception 2022-10-20 13:46:55 -04:00
Thomas Strömberg
31bd0a5558
Merge pull request #10 from chainguard-dev/talkers 
linux talkers: Add snap Slack and NixOS bash exception
 2022-10-20 13:44:25 -04:00
Thomas Stromberg
8ddc3de482
linux talkers: Add snap Slack and NixOS bash exception 2022-10-20 13:44:09 -04:00
Thomas Strömberg
bab02a6295
Merge pull request #9 from chainguard-dev/false-positives 
unexpected-library-entries: Add more /Library entries from the wild
 2022-10-20 13:39:15 -04:00
Thomas Stromberg
44324e3811
Add more /Library entries from the wild 2022-10-20 13:38:33 -04:00
Thomas Stromberg
0706cc458a
listening ports: Add mtr-packet exception 2022-10-20 13:34:49 -04:00
Thomas Strömberg
cb6238e78e
Merge pull request #8 from chainguard-dev/bugfix 
unexpected-talkers-linux: Remove duplicate comma
 2022-10-20 13:20:57 -04:00
Thomas Stromberg
b4776ea60f
Remove duplicate comma 2022-10-20 13:20:33 -04:00
Thomas Strömberg
95e5c925e9
Merge pull request #7 from chainguard-dev/false-positives 
Add exception for gitsign
 2022-10-20 13:18:30 -04:00
Thomas Stromberg
0a92cbb9ce
Add exception for gitsign 2022-10-20 13:17:52 -04:00
Thomas Strömberg
1816e1472e
Merge pull request #6 from chainguard-dev/false-positives 
high-disk-bytes-written: Add exception for flatpak-system-helper
 2022-10-20 13:16:59 -04:00
Thomas Stromberg
e2c41243d4
high-disk-bytes-written: Add exception for flatpak-system-helper 2022-10-20 13:16:33 -04:00
Thomas Strömberg
ce3b58c9f6
Merge pull request #5 from chainguard-dev/false-positives 
touched: Add exception for local kubectl binary
 2022-10-20 13:15:53 -04:00
Thomas Stromberg
9373952f18
Add exception for local kubectl binary 2022-10-20 13:15:26 -04:00
Thomas Strömberg
71147816ec
Merge pull request #4 from chainguard-dev/false-positives 
library-entries: Add exceptions for /Library/Python and /Library/Caches/.0%
 2022-10-20 13:15:07 -04:00
Thomas Stromberg
8e1569164a
Add exceptions for /Library/Python and /Library/Caches/.0% 2022-10-20 13:14:37 -04:00
Thomas Strömberg
e6a60ea1db
Merge pull request #3 from chainguard-dev/false-positives 
Add talker exceptions for curl, firefox, chrome, git-remote-http
 2022-10-20 13:14:16 -04:00
Thomas Stromberg
a973dcbcf2
Add more Linux/macOS talker exceptions 2022-10-20 13:12:46 -04:00
Thomas Strömberg
5e8d0b637b
Merge pull request #2 from chainguard-dev/lib-entry 
Add /Library/DropboxHelperTools/ to expected list of /Library folders
 2022-10-20 13:06:16 -04:00
Thomas Strömberg
074cbed464
Merge pull request #1 from chainguard-dev/false-positives 
Add more real-world exceptions to unexpected-talkers
 2022-10-20 13:06:07 -04:00
Thomas Stromberg
bdce818374
Add /Library/DropboxHelperTools/ to expected list of /Library folders 2022-10-20 13:05:38 -04:00
Thomas Stromberg
186617890c
Add more real-world exceptions to unexpected-talkers 2022-10-20 13:03:46 -04:00