Thomas Stromberg
|
d415b36b57
|
FP removal: Selenium, PolKit helper, gephi, docker-credential-gcloud, firejail, etc
|
2023-01-16 12:56:39 -05:00 |
|
Thomas Stromberg
|
e3401a07c6
|
Weekend false-positive flush
|
2023-01-14 08:19:26 -05:00 |
|
Thomas Stromberg
|
cb896b9e10
|
Filter out new false positives
|
2023-01-13 15:24:18 -05:00 |
|
Thomas Stromberg
|
1b79359b68
|
Friday False Positive Flush
|
2023-01-13 14:10:43 -05:00 |
|
Thomas Strömberg
|
cb0ed647d8
|
Merge branch 'main' into bugfixesJan13
|
2023-01-13 13:56:19 -05:00 |
|
Thomas Stromberg
|
c045daa8f9
|
Remove Python whitelist, see pymafka
|
2023-01-13 13:47:19 -05:00 |
|
Thomas Stromberg
|
420d269025
|
Reformat and reduce false positives
|
2023-01-09 15:10:48 -05:00 |
|
Thomas Stromberg
|
c7e4252af1
|
Remove false positives, fix some queries that failed to show a parent pid
|
2023-01-09 10:46:30 -05:00 |
|
Thomas Stromberg
|
e8af31a348
|
false positives: dots, ipn, apport-gtk, homebrew, hyperkey, contexts
|
2023-01-09 09:34:20 -05:00 |
|
Thomas Stromberg
|
2bcf9316cf
|
Add some hash fields, fix some false positives
|
2023-01-09 09:04:38 -05:00 |
|
Thomas Stromberg
|
4eb6993272
|
Catch up to some older false positives we ran into
|
2023-01-06 17:11:24 -05:00 |
|
Thomas Stromberg
|
1aefbe5e91
|
More false positive removal
|
2023-01-06 16:01:35 -05:00 |
|
Thomas Stromberg
|
cd0b7872c1
|
Rewrite unexpected-osascript-calls for simplicity
|
2023-01-06 15:31:08 -05:00 |
|
Thomas Stromberg
|
05a39a78d3
|
Flush out more false positives across the stack
|
2023-01-06 10:36:48 -05:00 |
|
Thomas Stromberg
|
9843def319
|
Fix more false positives, particularly in shell/fetcher parents
|
2023-01-06 10:18:19 -05:00 |
|
Thomas Stromberg
|
02881f7a0c
|
Remove empty line
|
2023-01-04 15:49:21 -05:00 |
|
Thomas Stromberg
|
1dbd98c57e
|
Add enough exceptions to make this useful
|
2023-01-04 11:58:54 -05:00 |
|
Thomas Stromberg
|
0ad0b3be8c
|
detection/initial_access/unexpected-shell-parent-events.sql
new detector: unexpected shell parent events
|
2023-01-04 11:43:26 -05:00 |