osquery-defense-kit

mirror of https://github.com/chainguard-dev/osquery-defense-kit synced 2025-01-12 00:29:29 +00:00

Author	SHA1	Message	Date
Thomas Stromberg	310e51d2a2	fpr: Capture One, Grammarly, Mullvad, etc	2023-12-08 17:12:27 -05:00
Thomas Stromberg	40078d357a	fpr: ThingsWidgetExtension	2023-11-02 11:17:58 -04:00
Thomas Stromberg	6e1e7f29c2	fpr: dbeaver, AwesomeScreenshot, Hyper, etc	2023-11-02 09:39:41 -04:00
Thomas Stromberg	0060bb087e	fpr: aws, java, arch, cody, google, wireshark, etc	2023-10-31 11:40:10 -04:00
Thomas Strömberg	51baf32292	Merge pull request #331 from tstromberg/fpr-oct25 fpr: rootlesskit, sshd, Fedora, Oracle Linux	2023-10-25 13:42:56 -04:00
Thomas Stromberg	23fadda33b	fpr: rootlesskit, sshd, Fedora, Oracle Linux	2023-10-25 13:42:22 -04:00
Thomas Stromberg	d7990dd063	fpr: Electron, Github	2023-10-25 09:49:07 -04:00
Thomas Stromberg	7d9aced380	fpr: mtr, vscode, cpptools, cron, firefox	2023-10-25 09:18:04 -04:00
Thomas Stromberg	9e6df92e3f	fpr: osquery release spam	2023-10-24 18:32:03 -04:00
Thomas Stromberg	3c2be1c16e	fpr: Kolide, qemu, bash, monday, macOS	2023-10-24 18:01:36 -04:00
Thomas Stromberg	bf66053d5c	fpr: containerd, hyper, Docker, Chromium, spotify, busycal	2023-10-02 16:11:44 -04:00
Thomas Stromberg	42c0a15e2a	Fix vpl, kolide exceptions, increase timeouts for yara	2023-10-02 11:45:27 -04:00
Thomas Stromberg	5f2680ca8b	fpr: Monday, Splunk, Gnome, Git, Grammarly, etc	2023-10-02 11:35:11 -04:00
Thomas Stromberg	f73263bece	fpr: docker, fish, Stream Deck, rsync, lima, macOS	2023-09-26 15:14:38 -04:00
Thomas Strömberg	c3df9bdea5	Merge pull request #320 from tstromberg/lima-ubuntu-fpr Reduce false positives on Ubuntu + Lima	2023-09-26 13:13:13 -04:00
Thomas Stromberg	a7f0b3001d	Reduce false positives on Ubuntu + Lima	2023-09-26 13:09:22 -04:00
Thomas Stromberg	6b4700c3dd	Address issues which kept these alerts from firing	2023-09-24 22:02:34 -04:00
Thomas Stromberg	b39fca4e9f	fpr: RSA keys, tcpdump, login, crane, souregraph, etc	2023-09-20 09:30:46 -04:00
Thomas Stromberg	bfdc509243	new check: hidden cwd events	2023-09-19 17:18:35 -04:00
Thomas Stromberg	cf175ec48d	More checks for unusual process names inspired by Earth Lusca	2023-09-18 14:14:40 -04:00
Thomas Stromberg	f16c3cdf53	fpr: sourcegraph, nginx, factorio, fan control, emacs, nushell	2023-09-14 17:13:12 -04:00
Thomas Stromberg	190e8adcfd	Merge to master	2023-09-01 17:34:36 -04:00
Thomas Stromberg	b889cde6d5	Additional fixes for Ventura & Capture One	2023-09-01 17:27:27 -04:00
Thomas Stromberg	84125c4bb1	Remove recently common false positives	2023-09-01 17:09:47 -04:00
Thomas Stromberg	188bc78f4c	Fix errors	2023-08-15 18:29:27 -04:00
Thomas Stromberg	dce2eb2af5	Add many exceptions	2023-08-15 18:13:06 -04:00
Thomas Stromberg	ce2f0f06cb	fpr; Keybase, grype, UpdateBrainService, OpenOffice, sqlproxy	2023-07-20 10:56:49 -04:00
Thomas Stromberg	921cdc521e	fpr: nvidia drivers, su, agetty, crystalhd, hercules, etc	2023-07-19 15:22:43 -04:00
Thomas Stromberg	485f69a61c	fpr: Revolt, Bearly, user executables, melange	2023-07-13 19:43:35 -04:00
Thomas Stromberg	870ea132ee	Decrease search depth for performance	2023-07-12 19:29:48 -04:00
Thomas Stromberg	a0e4183bf4	fpr: Velociraptor, nessus, kandji, java, SteelSeries, etc	2023-07-12 17:38:26 -04:00
Thomas Stromberg	6acc441dcf	Add rustbucket comment	2023-07-12 16:46:00 -04:00
Thomas Stromberg	a7cd9abaf3	new detector: unexpected process extension linux	2023-07-12 16:06:05 -04:00
Thomas Stromberg	c9f0b2bee5	fpr: Steam, Presenting, Wavebox, multipass, parallels, cargo, dnf, Kindle, DaveTheDiver	2023-07-03 07:16:14 -04:00
Thomas Stromberg	d74405c817	fpr: Brave, Adobe, Signal, Kandji, SteelSeries, etc	2023-06-30 16:38:31 -04:00
Thomas Strömberg	c71952d3a8	Merge pull request #286 from tstromberg/jokerspy New detectors based on JokerSpy research	2023-06-30 15:40:00 -04:00
Thomas Stromberg	ce03badae4	Reformat	2023-06-30 15:38:56 -04:00
Thomas Stromberg	cebf617c82	fpr: terragrunt, mdnsResponder, Spotify, Zoom, etc	2023-06-14 10:58:41 -04:00
Thomas Stromberg	32328c91f1	fpr: Slack, Gnome, Sigstore, Logitune, etc	2023-06-12 10:10:57 -04:00
Thomas Stromberg	d5c6233716	hidden executable: Add provisio exception	2023-06-09 07:12:16 -04:00
Thomas Stromberg	9851aaa192	Add exceptions for common hidden directories	2023-06-08 20:27:01 -04:00
Thomas Stromberg	ff2ab95431	Remove file sizes from systemd exception key	2023-06-08 18:26:57 -04:00
Thomas Strömberg	06b95a57b3	Merge pull request #272 from tstromberg/unattended Add unattended-upgrades.pid (Ubuntu)	2023-06-07 15:19:58 -04:00
Thomas Stromberg	7a61b5eced	Add ~/.config/.* to search criteria	2023-06-07 15:15:02 -04:00
Thomas Stromberg	404b7125f7	Add unattended-upgrades.pid (Ubuntu	2023-06-07 15:14:09 -04:00
Thomas Stromberg	c8760e0ae1	fpr: macOS, Signal, Creative Labs, node, etc	2023-06-07 09:55:17 -04:00
Thomas Stromberg	066c88dc18	fpr: multipass, go, macOS, Ubuntu, Opera, git, ko	2023-06-02 19:08:08 -04:00
Thomas Stromberg	9575d18bc2	fpr: FleetDM, Edge, VSCode, dnf, Steam, etc	2023-06-01 11:52:20 -04:00
Thomas Stromberg	4831794034	Rename from missing-parent	2023-05-23 11:31:58 -04:00
Thomas Stromberg	111c15e20b	fpr: macOS, yubikey, Premiere, dnf, vagrant, etc	2023-05-23 11:31:37 -04:00

1 2 3 4 5 ...

265 Commits