osquery-defense-kit

mirror of https://github.com/chainguard-dev/osquery-defense-kit synced 2024-12-23 14:22:15 +00:00

Author	SHA1	Message	Date
Thomas Stromberg	b39fca4e9f	fpr: RSA keys, tcpdump, login, crane, souregraph, etc	2023-09-20 09:30:46 -04:00
Thomas Stromberg	24c2baef28	Make process times broadly available, minor opts	2023-05-16 17:18:39 -04:00
Thomas Stromberg	df925eaa6c	fpr: lghub, brew, pve, chrome exts, etc	2023-04-20 20:45:35 -04:00
Thomas Stromberg	824efa9705	fpr: yum, systemd, cloud-sql-proxy, image-automation-controller, helm, bom, aws	2023-03-14 19:00:44 -04:00
Thomas Stromberg	f25cfe1399	fpr: aws-sdk, melange, Tailscale, Xprotect, etc	2023-03-03 07:24:42 -05:00
Thomas Stromberg	bb3e1f964e	Run make reformat, update max rows for incident response	2023-02-02 17:58:19 -05:00
Thomas Stromberg	f9dce0a72d	Include more process information across queries	2023-02-01 13:55:55 -05:00
Thomas Stromberg	66ee3484c0	Remove unused active fields, add WhatsApp ioreg exception	2023-01-27 08:46:48 -05:00
Thomas Stromberg	f5fe9a4aac	Refactor process_events queries for more accurate parenting	2023-01-26 11:40:54 -05:00
Thomas Stromberg	c7e4252af1	Remove false positives, fix some queries that failed to show a parent pid	2023-01-09 10:46:30 -05:00
Thomas Stromberg	2bcf9316cf	Add some hash fields, fix some false positives	2023-01-09 09:04:38 -05:00
Thomas Stromberg	4eb6993272	Catch up to some older false positives we ran into	2023-01-06 17:11:24 -05:00
Thomas Stromberg	1aefbe5e91	More false positive removal	2023-01-06 16:01:35 -05:00
Thomas Stromberg	05a39a78d3	Flush out more false positives across the stack	2023-01-06 10:36:48 -05:00
Thomas Stromberg	9843def319	Fix more false positives, particularly in shell/fetcher parents	2023-01-06 10:18:19 -05:00
Thomas Stromberg	9c512c5fd7	new detector: unexpected fetcher parents	2023-01-04 15:48:13 -05:00

16 Commits