RepoMirrors
/
osquery-defense-kit
mirror of https://github.com/chainguard-dev/osquery-defense-kit
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
901 Commits 1 Branch 31 Tags 5.6 MiB
Commit Graph

901 Commits

Author SHA1 Message Date
Thomas Strömberg 0f94e56abc
Merge pull request #264 from tstromberg/geacon1p 
Query tuning for Geacon detection and reduced CPU usage
 2023-05-17 13:26:46 -04:00
Thomas Stromberg d9d6a836a7 Update minimal socket exceptions to not rely signatures 2023-05-17 13:21:29 -04:00
Thomas Stromberg c6eec0ee17 Query tuning after Geacon testing 2023-05-17 10:54:16 -04:00
Thomas Strömberg 96fd9e7729
Merge pull request #263 from tstromberg/times3 
Make process times broadly available, minor opts
 2023-05-16 20:11:16 -04:00
Thomas Stromberg 24c2baef28 Make process times broadly available, minor opts 2023-05-16 17:18:39 -04:00
Thomas Strömberg fb77f0a811
Merge pull request #262 from tstromberg/bpfdoor-2023 
Improve detection for bpfdoor and similar backdoors.
 2023-05-16 16:32:35 -04:00
Thomas Stromberg 7f86db5521 Improve detection for bpfdoor and similar backdoors. 2023-05-16 16:31:31 -04:00
Thomas Strömberg 5ca54e89b7
Merge pull request #261 from tstromberg/fpr-may15 
fpr: Kolide, macOS, nvidia, neko
 2023-05-16 10:31:59 -04:00
Thomas Stromberg 93f2f2baf4 Fix comma placement 2023-05-16 10:31:46 -04:00
Thomas Stromberg d5a94b21d1 fpr: Kolide, macOS, nvidia, neko 2023-05-16 10:28:19 -04:00
Thomas Strömberg 94947a252f
Merge pull request #260 from tstromberg/fpr-may11 
fpr: Chrome, Kolide
 2023-05-12 16:43:23 -04:00
Thomas Stromberg 9c87838b9f
fpr: Chrome, Kolide 2023-05-12 16:41:17 -04:00
Thomas Strömberg a05089b897
Merge pull request #259 from tstromberg/fpr-may11 
Collect recent file events
 2023-05-12 16:37:29 -04:00
Thomas Stromberg 64d482abcd
Collect recent file events 2023-05-12 16:35:00 -04:00
Thomas Strömberg abba247124
Merge pull request #258 from tstromberg/fpr-may11 
incident_response: Improve macOS coverage
 2023-05-12 16:28:45 -04:00
Thomas Stromberg 08d0235608
Fix bug 2023-05-12 16:26:44 -04:00
Thomas Stromberg 6303ee76b6
Collect more file data 2023-05-12 16:17:10 -04:00
Thomas Stromberg 2645fa41f7
pop is a Linux only table 2023-05-12 11:10:50 -04:00
Thomas Stromberg 99af29e2df
clarify macOS coverage 2023-05-12 11:08:59 -04:00
Thomas Stromberg 0c9e3bbf72
incident_response: Improve macOS coverage 2023-05-12 10:49:50 -04:00
Thomas Strömberg ff9c6459a9
Merge pull request #257 from tstromberg/fpr-may11 
fpr: LGHUB, aomshm, Wisdolia, uubyte, eclipse, etc
 2023-05-11 11:30:46 -04:00
Thomas Stromberg 26b2b9a4c7
fpr: LGHUB, aomshm, Wisdolia, uubyte, eclipse, etc 2023-05-11 11:29:55 -04:00
Thomas Strömberg 53a6d583c3
Merge pull request #256 from tstromberg/var-run 
New detector: unexpected /var/run files
 2023-05-11 10:35:25 -04:00
Thomas Stromberg 099d6664fe
Remove seldom modifier, reformat 2023-05-11 10:33:51 -04:00
Thomas Stromberg c58cac1a1f
New detector: unexpected /var/run files 2023-05-11 10:32:17 -04:00
Thomas Strömberg 240d03463e
Merge pull request #255 from tstromberg/main 
fpr: LogiTune, EndeavourOS, less, LogiTune, sharingd, gnome, plex
 2023-05-08 13:26:28 -04:00
Thomas Stromberg 49debb32c6
fix duplicate cloud-sql-proxy exception 2023-05-08 13:23:20 -04:00
Thomas Stromberg 41d83350a1
make reformat 2023-05-08 13:20:47 -04:00
Thomas Stromberg 778d53b169
Address merge conflicts 2023-05-08 13:11:24 -04:00
Thomas Strömberg 129ef86ecc
Merge pull request #254 from tstromberg/fpr-may 
fpr: sharingd, sparkle, golang, Snagit
 2023-05-08 13:08:31 -04:00
Thomas Stromberg 4856a0e80a
fpr: LogiTune, sharingd, gnome, sparkle, plex 2023-05-08 13:07:57 -04:00
Thomas Stromberg 785b7c2bde
fpr: LogiTune, EndeavourOS, less 2023-05-08 12:19:19 -04:00
Thomas Stromberg 9eed574026
fpr: sharingd, sparkle, golang, Snagit 2023-05-05 15:10:54 -04:00
Thomas Strömberg f71cba9e1c
Merge pull request #253 from tstromberg/fpr-may 
Add Zed binaries dir
 2023-05-05 13:14:02 -04:00
Thomas Stromberg 61d503db0e
Add Zed binaries dir 2023-05-05 12:55:14 -04:00
Thomas Strömberg 011d4a2691
Merge pull request #252 from tstromberg/fpr-may 
fpr: node, nc, busybox, libvirt, etc
 2023-05-05 12:47:26 -04:00
Thomas Stromberg 272711ae7a
fpr: node, nc, busybox, libvirt, etc 2023-05-05 12:44:46 -04:00
Thomas Strömberg e0081715f8
Merge pull request #251 from tstromberg/fpr-may 
Refactor recently-created-executables to fit within complexity limits
 2023-05-03 17:59:00 -04:00
Thomas Stromberg f3fd822a55
Refactor recently-created-executables to fit within complexity limits 2023-05-03 17:57:58 -04:00
Thomas Strömberg 6a4f8fb345
Merge pull request #250 from tstromberg/fpr-may 
fpr: libopenblas, snapd, k3d, opera, nix, ssh, cargo, adobe installer
 2023-05-03 17:05:47 -04:00
Thomas Stromberg d7937aa532
Fix trailing comma 2023-05-03 16:56:15 -04:00
Thomas Stromberg e3b9938db2
Fix trailing comma 2023-05-03 16:30:03 -04:00
Thomas Stromberg 0202e87b73
fpr: libopenblas, snapd, k3d, opera, nix, ssh, cargo, adobe installer 2023-05-03 16:28:00 -04:00
Thomas Strömberg 260e9abb5a
Merge pull request #249 from tstromberg/beef-up 
sysutils: Add /usr/bin/security (Keychain)
 2023-05-03 15:54:03 -04:00
Thomas Stromberg cc221ae011
sysutils: Add /usr/bin/security (Keychain) 2023-05-03 15:53:33 -04:00
Thomas Strömberg cfaab7c2ee
Merge pull request #248 from tstromberg/beef-up 
fpr: microbit, i3, Grammarly for Safari, wine
 2023-05-02 17:51:41 -04:00
Thomas Stromberg 76cf1006c6
fpr: microbit, i3, Grammarly for Safari, wine 2023-05-02 17:49:53 -04:00
Thomas Strömberg a1770c7de0
Merge pull request #247 from tstromberg/beef-up 
fpr: RetailMeNot, LogiTune, macOS, mediawriter, etc
 2023-05-02 15:26:55 -04:00
Thomas Stromberg 47124daa01
fpr: RetailMeNot, LogiTune, macOS, mediawriter, etc 2023-05-02 15:25:36 -04:00
Thomas Strömberg af8366d128
Merge pull request #246 from tstromberg/simpler-talkers 
fpr: Address more refactor exceptions
 2023-04-28 14:46:19 -04:00