osquery-defense-kit

mirror of https://github.com/chainguard-dev/osquery-defense-kit synced 2025-02-20 03:36:55 +00:00

Author	SHA1	Message	Date
Thomas Stromberg	1c38ef430e	reformat SQL queries	2022-10-20 09:11:29 -04:00
Thomas Stromberg	a43ee03929	Reduce dependency on magic.*	2022-10-20 08:19:56 -04:00
Thomas Stromberg	152887f8d8	Add /Library detector	2022-10-20 07:59:27 -04:00
Thomas Stromberg	a22ca1f2b0	Don't mask directories, run on macOS	2022-10-20 07:59:06 -04:00
Thomas Stromberg	f6317c2af8	Further reduction of false positives	2022-10-19 17:07:52 -04:00
Thomas Stromberg	ab94de7770	Add a lot more mitre data	2022-10-19 16:56:32 -04:00
Thomas Stromberg	cee1710f74	Finish out the incident_response refactor	2022-10-19 16:19:53 -04:00
Thomas Stromberg	1bbd284a3c	Work through another series of false positives	2022-10-19 15:26:03 -04:00
Thomas Stromberg	28f52b4c51	Sync module list with known observed	2022-10-19 15:02:44 -04:00
Thomas Stromberg	9f06873ae9	Don't mind shells hanging out in ~/.Trash	2022-10-18 14:51:51 -04:00
Thomas Stromberg	8679ca943d	More false positive management	2022-10-18 14:26:47 -04:00
Thomas Stromberg	12c7f8360d	Filter out more false positives	2022-10-18 11:44:03 -04:00
Thomas Stromberg	83a8c0d589	Improve how we deal with the zfs case	2022-10-18 11:40:42 -04:00
Thomas Stromberg	5839a20fb3	Detect more	2022-10-18 10:08:34 -04:00
Thomas Stromberg	8ddd5764e8	Remove some false positives	2022-10-17 20:57:56 -04:00
Thomas Stromberg	9bf85e3137	Flush out more false positives	2022-10-17 20:37:44 -04:00
Thomas Stromberg	2b5ea76729	Apply 'npx sql-formatter -l sqlite'	2022-10-17 19:06:17 -04:00
Thomas Stromberg	984f754990	Add more false positive filters	2022-10-17 19:01:16 -04:00
Thomas Stromberg	d89335a21e	Add child/grandchild, filter out zfs recv false positive	2022-10-17 18:46:00 -04:00
Thomas Stromberg	27a3013bba	Split up the unexpected-filesystem-entries by platform	2022-10-14 15:14:24 -04:00
Thomas Stromberg	fa49494e36	Add /var/run/current-system/sw/bin	2022-10-14 14:37:22 -04:00
Thomas Stromberg	927d2ab025	Add /etc/periodic/*, resort directories	2022-10-14 14:36:41 -04:00
Thomas Stromberg	9889a9308f	Make unexpected-var-executables safe for execution on macOS	2022-10-14 14:31:39 -04:00
Thomas Stromberg	f2023c0021	Update interval tags, mostly for persistence	2022-10-14 14:26:49 -04:00
Thomas Stromberg	ab0fad1c47	Add lost files from the rename	2022-10-14 14:19:32 -04:00
Thomas Stromberg	d2bdffe89e	Add support for interval tags	2022-10-14 14:19:13 -04:00
Thomas Stromberg	fd9e8106f9	Give unexpected-modules a better name	2022-10-14 10:18:23 -04:00
Thomas Stromberg	488d1aac96	Show process euid instead of uid.	2022-10-14 09:36:28 -04:00
Thomas Stromberg	1fb2b694bb	Use single quotes	2022-10-13 18:31:36 -04:00
Thomas Stromberg	3562bc898e	Remove sshd listener false positive	2022-10-13 18:02:14 -04:00
Thomas Stromberg	59dc85a931	Add pipewire-pulse, sort exceptions	2022-10-13 18:00:14 -04:00
Thomas Stromberg	20452b128b	Migrate query strings from double to single apostrophes	2022-10-13 14:59:32 -04:00
Thomas Stromberg	26ee658c4a	Initial re-organization around the MITRE ATT&CK framework	2022-10-11 21:53:36 -04:00

33 Commits