osquery-defense-kit

mirror of https://github.com/chainguard-dev/osquery-defense-kit synced 2024-12-16 02:54:36 +00:00

Author	SHA1	Message	Date
Thomas Stromberg	1965aaaab4	More Linux/macOS splits to get signature support	2022-09-20 17:46:47 -04:00
Thomas Stromberg	87f5608824	Add more data to privesc, rewrite systemd units	2022-09-20 09:47:52 -04:00
Thomas Stromberg	0ff3b09f18	Rewrite unexpected-listening-port, split Linux/macOS	2022-09-20 08:47:52 -04:00
Thomas Stromberg	2ed9d394d5	Rewrite sketchy events, remove some false positives	2022-09-20 08:16:06 -04:00
Thomas Stromberg	b75c7d5404	More tuning	2022-09-16 14:21:42 -04:00
Thomas Stromberg	f5696431c7	More filtering	2022-09-16 11:22:50 -04:00
Thomas Stromberg	0371505d75	More tuning	2022-09-15 15:34:59 -04:00
Thomas Stromberg	1065e8d9dc	More filtering of false positives	2022-09-15 11:28:50 -04:00
Thomas Stromberg	8ff5e914eb	More tuning	2022-09-15 09:34:45 -04:00
Thomas Stromberg	d0569425b7	More tuning	2022-09-14 10:51:56 -04:00
Thomas Stromberg	f54f2ee527	More false-positive removal	2022-09-14 07:54:39 -04:00
Thomas Stromberg	8e05e69465	whitelist more launchd entries	2022-09-13 21:25:04 -04:00
Thomas Stromberg	a512597ace	Lots of treats for the boys and girls	2022-09-13 20:46:04 -04:00
Thomas Stromberg	11d0d67f74	Add more modules	2022-09-13 05:36:18 -04:00
Thomas Stromberg	9810fe8e28	Detect unexpected modules and try our hand at exotic command access	2022-09-12 19:22:41 -04:00
Thomas Stromberg	197804e51b	More monday tuning	2022-09-12 18:25:18 -04:00
Thomas Stromberg	e919bdde9f	Add parent-missing-from-disk whitelists	2022-09-12 11:19:28 -04:00
Thomas Stromberg	868f1ff13b	Monday morning tuning	2022-09-12 11:17:51 -04:00
Thomas Stromberg	78b49a38b2	More tuning	2022-09-12 06:52:28 -04:00
Thomas Stromberg	6df0447760	More tuning, more scripts	2022-09-11 15:07:54 -04:00
Thomas Stromberg	58c8161d22	Add bpf detector	2022-09-10 15:14:46 -04:00
Thomas Stromberg	e5973acc25	Second weekend tuning	2022-09-10 13:10:54 -04:00
Thomas Stromberg	763b9eaed6	Add crontab query	2022-09-10 07:56:40 -04:00
Thomas Stromberg	7e210049bf	First weekend tuning	2022-09-10 07:24:17 -04:00
Thomas Stromberg	c6797e3496	Reorganize paths, tune queries a bit	2022-09-09 12:51:52 -04:00
Thomas Stromberg	dea818239f	More scripts	2022-09-09 10:16:28 -04:00
Thomas Stromberg	d7a549759b	More tuning	2022-09-08 20:50:15 -04:00
Thomas Stromberg	6ef95adf94	Revert "Remove duplicate chrome rules" This reverts commit `78baa9fa00`.	2022-09-08 18:25:34 -04:00
Thomas Stromberg	78baa9fa00	Remove duplicate chrome rules	2022-09-08 18:24:12 -04:00
Thomas Stromberg	dc9de60252	More minor tuning	2022-09-08 18:23:28 -04:00
Thomas Stromberg	5eab5c51a8	Just about done	2022-09-08 17:58:56 -04:00
Thomas Stromberg	b4dac11ceb	More tuning	2022-09-08 14:20:42 -04:00
Thomas Stromberg	cbaf2f989c	Query reorganization	2022-09-08 09:53:43 -04:00
Thomas Stromberg	ba7755640a	Add more queries: preload, setuid, shell parents	2022-09-06 22:08:41 -04:00
Thomas Stromberg	7f85b5be90	More tuning	2022-09-06 22:08:17 -04:00
Thomas Stromberg	caa6bb43ed	Add more things	2022-09-02 15:04:34 -04:00
Thomas Stromberg	bceacd1572	More updates	2022-09-02 12:56:31 -04:00
Thomas Stromberg	c2c36e7f24	Add /Library/Apple for XProtect	2022-09-02 11:17:06 -04:00
Thomas Stromberg	4c2479b79f	Add electron/kolide-pipeline	2022-09-02 11:16:47 -04:00
Thomas Stromberg	43b2346c22	Add configd dhcpv6-client	2022-09-02 11:16:32 -04:00
Thomas Stromberg	313634314e	More tuning	2022-09-02 10:56:04 -04:00
Thomas Stromberg	af8ecbb03e	More additions	2022-09-01 20:36:48 -04:00
Thomas Stromberg	e9dcfbbe2e	Initial configs for the kolide-pipeline-notifier	2022-09-01 16:39:35 -04:00
Thomas Stromberg	d86d87812e	more updates	2022-09-01 14:47:27 -04:00
Thomas Stromberg	68c8aa967f	Add osquery packs	2022-08-31 14:34:42 -04:00
Thomas Strömberg	56a2f59f33	Initial commit	2022-08-31 14:33:47 -04:00

1 2 3 4 5

246 Commits