RepoMirrors/osquery-defense-kit
1
0
Fork 0
mirror of https://github.com/chainguard-dev/osquery-defense-kit synced 2025-01-13 00:50:57 +00:00
Code Issues Packages Projects Releases Wiki Activity
1,061 Commits 1 Branch 31 Tags 6.1 MiB
1aaf59c36c
Commit Graph

1061 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Thomas Strömberg
1aaf59c36c
Merge pull request #336 from tstromberg/dec5 
fpr: Capture One, Grammarly, Mullvad, etc
 2023-12-08 16:13:31 -06:00
Thomas Stromberg
310e51d2a2
fpr: Capture One, Grammarly, Mullvad, etc 2023-12-08 17:12:27 -05:00
Thomas Strömberg
803f21cb8a
Merge pull request #335 from tstromberg/fpr-nov2 
fpr: ThingsWidgetExtension
 2023-11-02 11:18:37 -04:00
Thomas Stromberg
40078d357a
fpr: ThingsWidgetExtension 2023-11-02 11:17:58 -04:00
Thomas Strömberg
9e9da1244a
Merge pull request #334 from tstromberg/fpr-nov2 
Optimize YARA process queries by deduping paths
 2023-11-02 10:09:05 -04:00
Thomas Stromberg
5802021124
Optimize YARA process queries by deduping paths 2023-11-02 09:53:26 -04:00
Thomas Strömberg
6a343d09a7
Merge pull request #333 from tstromberg/fpr-nov2 
fpr: dbeaver, AwesomeScreenshot, Hyper, etc
 2023-11-02 09:40:55 -04:00
Thomas Stromberg
6e1e7f29c2
fpr: dbeaver, AwesomeScreenshot, Hyper, etc 2023-11-02 09:39:41 -04:00
Thomas Strömberg
7ce3a5222c
Merge pull request #332 from tstromberg/fpr-oct31 
fpr: aws, java, arch, cody, google, wireshark, etc
 2023-10-31 11:40:36 -04:00
Thomas Stromberg
0060bb087e
fpr: aws, java, arch, cody, google, wireshark, etc 2023-10-31 11:40:10 -04:00
Thomas Strömberg
51baf32292
Merge pull request #331 from tstromberg/fpr-oct25 
fpr: rootlesskit, sshd, Fedora, Oracle Linux
 2023-10-25 13:42:56 -04:00
Thomas Stromberg
23fadda33b
fpr: rootlesskit, sshd, Fedora, Oracle Linux 2023-10-25 13:42:22 -04:00
Thomas Strömberg
ad8d95516c
Merge pull request #330 from chainguard-dev/fpr-oct25 
fpr: Electron, Github
 2023-10-25 09:49:32 -04:00
Thomas Stromberg
d7990dd063
fpr: Electron, Github 2023-10-25 09:49:07 -04:00
Thomas Strömberg
3e25510b8c
Merge pull request #329 from chainguard-dev/fpr-oct25 
fpr: mtr, vscode, cpptools, cron, firefox
 2023-10-25 09:18:55 -04:00
Thomas Stromberg
7d9aced380
fpr: mtr, vscode, cpptools, cron, firefox 2023-10-25 09:18:04 -04:00
Thomas Strömberg
7b76585736
Merge pull request #328 from tstromberg/fpr-oct24 
fpr: osquery release spam
 2023-10-24 18:32:59 -04:00
Thomas Stromberg
9e6df92e3f
fpr: osquery release spam 2023-10-24 18:32:03 -04:00
Thomas Strömberg
5cc769c5a0
Merge pull request #327 from tstromberg/fpr-oct24 
fpr: Kolide, qemu, bash, monday, macOS
 2023-10-24 18:03:49 -04:00
Thomas Stromberg
3c2be1c16e
fpr: Kolide, qemu, bash, monday, macOS 2023-10-24 18:01:36 -04:00
Thomas Strömberg
3e970ed93f
Merge pull request #326 from tstromberg/fpr-sep26 
makefile: Extend timeouts for YARA queries
 2023-10-03 11:21:24 -04:00
Thomas Stromberg
9a03776699 Extend timeouts 2023-10-03 11:20:40 -04:00
Thomas Strömberg
db67613a38
Merge pull request #325 from tstromberg/fpr-oct2 
fpr: containerd, hyper, Docker, Chromium, spotify, busycal
 2023-10-02 16:13:10 -04:00
Thomas Stromberg
bf66053d5c
fpr: containerd, hyper, Docker, Chromium, spotify, busycal 2023-10-02 16:11:44 -04:00
Thomas Strömberg
c8f2fa0cb5
Merge pull request #324 from tstromberg/fpr-sep26 
fpr: Monday, Splunk, Gnome, Git, Grammarly, etc
 2023-10-02 11:46:20 -04:00
Thomas Stromberg
42c0a15e2a Fix vpl, kolide exceptions, increase timeouts for yara 2023-10-02 11:45:27 -04:00
Thomas Stromberg
5f2680ca8b
fpr: Monday, Splunk, Gnome, Git, Grammarly, etc 2023-10-02 11:35:11 -04:00
Thomas Strömberg
d6fc3e09cd
Merge pull request #323 from tstromberg/fpr-sep26 
Broaden the talker exception list
 2023-09-26 16:42:13 -04:00
Thomas Stromberg
ed473f438d
Broaden the talker exception list 2023-09-26 16:41:47 -04:00
Thomas Strömberg
a6c065200c
Merge pull request #322 from tstromberg/fpr-sep26 
fpr: docker, fish, Stream Deck, rsync, lima, macOS
 2023-09-26 15:16:45 -04:00
Thomas Stromberg
f73263bece
fpr: docker, fish, Stream Deck, rsync, lima, macOS 2023-09-26 15:14:38 -04:00
Thomas Strömberg
25f7c2cacd
Merge pull request #321 from tstromberg/unusual-location- 
Add detector for listening from an unusual location
 2023-09-26 13:13:21 -04:00
Thomas Strömberg
c3df9bdea5
Merge pull request #320 from tstromberg/lima-ubuntu-fpr 
Reduce false positives on Ubuntu + Lima
 2023-09-26 13:13:13 -04:00
Thomas Stromberg
d3efd381f0
Add detector for listening from an unusual location 2023-09-26 13:12:51 -04:00
Thomas Stromberg
a7f0b3001d
Reduce false positives on Ubuntu + Lima 2023-09-26 13:09:22 -04:00
Thomas Strömberg
417b0a6408
Merge pull request #319 from tstromberg/fpr-sep21 
Address issues which kept some Linux alerts from firing
 2023-09-25 08:26:09 -04:00
Thomas Stromberg
6b4700c3dd
Address issues which kept these alerts from firing 2023-09-24 22:02:34 -04:00
Thomas Strömberg
715f37b25c
Merge pull request #318 from tstromberg/vuln-no-verify 
Simplify execution queries
 2023-09-20 18:25:41 -04:00
Thomas Stromberg
5e3d1d22bd
Simplify execution queries 2023-09-20 18:24:40 -04:00
Thomas Strömberg
a0547ab7bd
Merge pull request #317 from tstromberg/vuln-no-verify 
Don't verify vulnerabilities as there is only one query
 2023-09-20 18:14:20 -04:00
Thomas Stromberg
7b30ac3208
Don't verify vulnerabilities as there is only one query 2023-09-20 18:13:52 -04:00
Thomas Strömberg
d3e1fe1885
Merge pull request #316 from tstromberg/simplify-execution 
Further simplify exotic-command-events-linux
 2023-09-20 18:13:15 -04:00
Thomas Stromberg
e6f14457fc
Further simplify exotic-command-events-linux 2023-09-20 18:11:50 -04:00
Thomas Strömberg
5e3febc619
Merge pull request #315 from tstromberg/make-specific 
split detection pack into subpacks
 2023-09-20 17:54:20 -04:00
Thomas Stromberg
2bbc2f6c97
split detection pack into subpacks 2023-09-20 17:43:39 -04:00
Thomas Strömberg
547fe50fca
Merge pull request #314 from tstromberg/yara 
YARA rules everywhere!
 2023-09-20 17:13:43 -04:00
Thomas Stromberg
6781b46375
YARA rules everywhere! 2023-09-20 17:03:21 -04:00
Thomas Strömberg
2d920e4d5a
Merge pull request #313 from tstromberg/fpr-sep20 
exotic commands: simplify to avoid Kolide complexity cutoff
 2023-09-20 09:52:15 -04:00
Thomas Stromberg
8a383a9963
exotic commands: simplify to avoid Kolide complexity cutoff 2023-09-20 09:50:10 -04:00
Thomas Strömberg
fe2eb9278e
Merge pull request #312 from tstromberg/fpr-sep20 
fpr: RSA keys, tcpdump, login, crane, souregraph, etc
 2023-09-20 09:32:24 -04:00