osquery-defense-kit

mirror of https://github.com/chainguard-dev/osquery-defense-kit synced 2025-01-28 00:02:52 +00:00

Author	SHA1	Message	Date
Thomas Stromberg	875125fc94	Add exceptions for Elastic Defend & Rapid7 InsightIDR	2024-01-08 19:07:57 -05:00
Thomas Stromberg	1304d66783	Add more Elastic exceptions	2024-01-08 17:55:30 -05:00
Thomas Stromberg	336a1fca4a	Add exceptions for Elastic Defend	2024-01-08 17:18:25 -05:00
Jed Salazar	243303ef75	Add Macdown as an exception to minimal-socket-client-macos Signed-off-by: Jed Salazar <jedsalazar@gmail.com>	2023-12-20 12:14:54 -07:00
Thomas Stromberg	202ce6be45	Ignore syncthing, nuclei, fix typos	2023-12-15 17:19:38 -05:00
Thomas Stromberg	800e4aa2cc	fpr: kind of everything	2023-12-15 17:10:06 -05:00
Thomas Stromberg	310e51d2a2	fpr: Capture One, Grammarly, Mullvad, etc	2023-12-08 17:12:27 -05:00
Thomas Stromberg	5802021124	Optimize YARA process queries by deduping paths	2023-11-02 09:53:26 -04:00
Thomas Stromberg	6e1e7f29c2	fpr: dbeaver, AwesomeScreenshot, Hyper, etc	2023-11-02 09:39:41 -04:00
Thomas Stromberg	0060bb087e	fpr: aws, java, arch, cody, google, wireshark, etc	2023-10-31 11:40:10 -04:00
Thomas Strömberg	51baf32292	Merge pull request #331 from tstromberg/fpr-oct25 fpr: rootlesskit, sshd, Fedora, Oracle Linux	2023-10-25 13:42:56 -04:00
Thomas Stromberg	23fadda33b	fpr: rootlesskit, sshd, Fedora, Oracle Linux	2023-10-25 13:42:22 -04:00
Thomas Stromberg	7d9aced380	fpr: mtr, vscode, cpptools, cron, firefox	2023-10-25 09:18:04 -04:00
Thomas Stromberg	9e6df92e3f	fpr: osquery release spam	2023-10-24 18:32:03 -04:00
Thomas Stromberg	3c2be1c16e	fpr: Kolide, qemu, bash, monday, macOS	2023-10-24 18:01:36 -04:00
Thomas Stromberg	bf66053d5c	fpr: containerd, hyper, Docker, Chromium, spotify, busycal	2023-10-02 16:11:44 -04:00
Thomas Stromberg	42c0a15e2a	Fix vpl, kolide exceptions, increase timeouts for yara	2023-10-02 11:45:27 -04:00
Thomas Stromberg	5f2680ca8b	fpr: Monday, Splunk, Gnome, Git, Grammarly, etc	2023-10-02 11:35:11 -04:00
Thomas Stromberg	f73263bece	fpr: docker, fish, Stream Deck, rsync, lima, macOS	2023-09-26 15:14:38 -04:00
Thomas Strömberg	25f7c2cacd	Merge pull request #321 from tstromberg/unusual-location- Add detector for listening from an unusual location	2023-09-26 13:13:21 -04:00
Thomas Stromberg	d3efd381f0	Add detector for listening from an unusual location	2023-09-26 13:12:51 -04:00
Thomas Stromberg	a7f0b3001d	Reduce false positives on Ubuntu + Lima	2023-09-26 13:09:22 -04:00
Thomas Stromberg	2bbc2f6c97	split detection pack into subpacks	2023-09-20 17:43:39 -04:00
Thomas Strömberg	547fe50fca	Merge pull request #314 from tstromberg/yara YARA rules everywhere!	2023-09-20 17:13:43 -04:00
Thomas Stromberg	6781b46375	YARA rules everywhere!	2023-09-20 17:03:21 -04:00
Thomas Stromberg	b39fca4e9f	fpr: RSA keys, tcpdump, login, crane, souregraph, etc	2023-09-20 09:30:46 -04:00
Thomas Stromberg	f16c3cdf53	fpr: sourcegraph, nginx, factorio, fan control, emacs, nushell	2023-09-14 17:13:12 -04:00
Thomas Stromberg	190e8adcfd	Merge to master	2023-09-01 17:34:36 -04:00
Thomas Stromberg	84125c4bb1	Remove recently common false positives	2023-09-01 17:09:47 -04:00
Thomas Stromberg	188bc78f4c	Fix errors	2023-08-15 18:29:27 -04:00
Thomas Stromberg	dce2eb2af5	Add many exceptions	2023-08-15 18:13:06 -04:00
Thomas Stromberg	921cdc521e	fpr: nvidia drivers, su, agetty, crystalhd, hercules, etc	2023-07-19 15:22:43 -04:00
Thomas Stromberg	485f69a61c	fpr: Revolt, Bearly, user executables, melange	2023-07-13 19:43:35 -04:00
Thomas Stromberg	a0e4183bf4	fpr: Velociraptor, nessus, kandji, java, SteelSeries, etc	2023-07-12 17:38:26 -04:00
Thomas Stromberg	430f397f1e	fpr: Velociraptor, Hyprland, iio	2023-07-12 15:00:36 -04:00
Thomas Stromberg	9d93799cb5	Add 'management' to the list of permissions to check for	2023-07-05 12:47:00 -04:00
Thomas Stromberg	97bfc30b92	Update false positive list, add mtime/btime	2023-07-05 12:26:14 -04:00
Thomas Stromberg	c9f0b2bee5	fpr: Steam, Presenting, Wavebox, multipass, parallels, cargo, dnf, Kindle, DaveTheDiver	2023-07-03 07:16:14 -04:00
Thomas Stromberg	d74405c817	fpr: Brave, Adobe, Signal, Kandji, SteelSeries, etc	2023-06-30 16:38:31 -04:00
Thomas Stromberg	cebf617c82	fpr: terragrunt, mdnsResponder, Spotify, Zoom, etc	2023-06-14 10:58:41 -04:00
Thomas Stromberg	2d8abbaed9	Improve targeting of Unexpected Chrome Extensions	2023-06-14 10:32:11 -04:00
Thomas Stromberg	32328c91f1	fpr: Slack, Gnome, Sigstore, Logitune, etc	2023-06-12 10:10:57 -04:00
Thomas Stromberg	6adc121c4d	launchd: Add Canonical exception	2023-06-09 07:15:24 -04:00
Thomas Strömberg	d08fdd38b2	Merge pull request #276 from tstromberg/faster-sockets minimal socket client: speed query up	2023-06-08 20:46:49 -04:00
Thomas Stromberg	cae042cbe5	minimal socket client: speed query up	2023-06-08 20:44:08 -04:00
Thomas Stromberg	ff2ab95431	Remove file sizes from systemd exception key	2023-06-08 18:26:57 -04:00
Thomas Stromberg	c8760e0ae1	fpr: macOS, Signal, Creative Labs, node, etc	2023-06-07 09:55:17 -04:00
Thomas Stromberg	1c3d461392	Add lock exception for pipewire	2023-06-02 19:22:26 -04:00
Thomas Stromberg	066c88dc18	fpr: multipass, go, macOS, Ubuntu, Opera, git, ko	2023-06-02 19:08:08 -04:00
Thomas Stromberg	9575d18bc2	fpr: FleetDM, Edge, VSCode, dnf, Steam, etc	2023-06-01 11:52:20 -04:00

1 2 3 4

192 Commits