osquery-defense-kit

mirror of https://github.com/chainguard-dev/osquery-defense-kit synced 2025-02-17 01:47:06 +00:00

Author	SHA1	Message	Date
Thomas Stromberg	2bbc2f6c97	split detection pack into subpacks	2023-09-20 17:43:39 -04:00
Thomas Strömberg	547fe50fca	Merge pull request #314 from tstromberg/yara YARA rules everywhere!	2023-09-20 17:13:43 -04:00
Thomas Stromberg	6781b46375	YARA rules everywhere!	2023-09-20 17:03:21 -04:00
Thomas Strömberg	2d920e4d5a	Merge pull request #313 from tstromberg/fpr-sep20 exotic commands: simplify to avoid Kolide complexity cutoff	2023-09-20 09:52:15 -04:00
Thomas Stromberg	8a383a9963	exotic commands: simplify to avoid Kolide complexity cutoff	2023-09-20 09:50:10 -04:00
Thomas Strömberg	fe2eb9278e	Merge pull request #312 from tstromberg/fpr-sep20 fpr: RSA keys, tcpdump, login, crane, souregraph, etc	2023-09-20 09:32:24 -04:00
Thomas Stromberg	b39fca4e9f	fpr: RSA keys, tcpdump, login, crane, souregraph, etc	2023-09-20 09:30:46 -04:00
Thomas Stromberg	d0e73093ae	Use correct column name	2023-09-20 08:07:57 -04:00
Thomas Stromberg	4e820ae59e	Improve FDM/cred theft detection	2023-09-20 08:03:25 -04:00
Thomas Strömberg	ddb37c066a	Merge pull request #310 from tstromberg/fpr-sep18 unexpected talker events: address easy false positives	2023-09-19 17:48:09 -04:00
Thomas Strömberg	e958c9f2ac	Merge pull request #311 from tstromberg/hidden-cwd-events new check: hidden cwd events	2023-09-19 17:48:01 -04:00
Thomas Stromberg	bfdc509243	new check: hidden cwd events	2023-09-19 17:18:35 -04:00
Thomas Stromberg	f656aef8be	unexpected talker events: address easy false positives	2023-09-19 17:17:58 -04:00
Thomas Strömberg	41eb8f2a0f	Merge pull request #309 from tstromberg/fpr-sep18 new check: Unexpected talker events	2023-09-19 15:59:06 -04:00
Thomas Stromberg	9722d9f156	new check: Unexpected talker events	2023-09-19 15:57:21 -04:00
Thomas Strömberg	4abe0fa6da	Merge pull request #308 from tstromberg/lusca More checks for unusual process names inspired by Earth Lusca	2023-09-18 14:27:09 -04:00
Thomas Stromberg	cf175ec48d	More checks for unusual process names inspired by Earth Lusca	2023-09-18 14:14:40 -04:00
Thomas Strömberg	9963a4e3c6	Merge pull request #307 from tstromberg/fpr-sep14 fpr: sourcegraph, nginx, factorio, fan control, emacs, nushell	2023-09-14 17:16:30 -04:00
Thomas Strömberg	6adfb1d109	Merge pull request #304 from tstromberg/infostealerz Add primitive name-based detection for possible InfoStealers	2023-09-14 17:14:07 -04:00
Thomas Stromberg	f16c3cdf53	fpr: sourcegraph, nginx, factorio, fan control, emacs, nushell	2023-09-14 17:13:12 -04:00
Thomas Strömberg	e97f2fd344	Merge pull request #306 from tstromberg/apt36-desktop Improve base64/crontab detection	2023-09-14 16:43:47 -04:00
Thomas Stromberg	a041305145	Improve base64/crontab detection	2023-09-14 16:39:35 -04:00
Thomas Strömberg	a9eba00fb6	Merge pull request #305 from tstromberg/acrobat-reader Detect vulnerable versions of Acrobat Reader	2023-09-14 16:37:45 -04:00
Thomas Stromberg	961a673a52	Detect vulnerable versions of Acrobat Reader	2023-09-14 16:30:05 -04:00
Thomas Stromberg	e2d6fa58a7	Add primitive name-based detection for possible InfoStealers	2023-09-12 10:19:22 -04:00
Thomas Strömberg	b93654a9c9	Merge pull request #303 from tstromberg/faster-chmod-detection Improve unexpected-chmod-exec-event performance	2023-09-05 12:42:08 -04:00
Thomas Stromberg	f17381eaa3	Improve unexpected-chmod-exec-event performance	2023-09-05 12:14:47 -04:00
Thomas Strömberg	62d3dfb15b	Merge pull request #302 from tstromberg/fpr-sep1 False positive flush for common issues seen in August	2023-09-01 17:36:06 -04:00
Thomas Stromberg	190e8adcfd	Merge to master	2023-09-01 17:34:36 -04:00
Thomas Stromberg	b889cde6d5	Additional fixes for Ventura & Capture One	2023-09-01 17:27:27 -04:00
Thomas Stromberg	84125c4bb1	Remove recently common false positives	2023-09-01 17:09:47 -04:00
Thomas Strömberg	7ec9de294c	Merge pull request #301 from tstromberg/fpr-aug15 FPR: Fortinet, Epic Games, latest Ubuntu, Keybase, Loom	2023-08-15 18:31:43 -04:00
Thomas Stromberg	188bc78f4c	Fix errors	2023-08-15 18:29:27 -04:00
Thomas Stromberg	dce2eb2af5	Add many exceptions	2023-08-15 18:13:06 -04:00
Thomas Strömberg	d49d9487de	Merge pull request #300 from tstromberg/fpr-jul20 fpr; Keybase, grype, UpdateBrainService, OpenOffice, sqlproxy	2023-07-20 10:57:12 -04:00
Thomas Stromberg	ce2f0f06cb	fpr; Keybase, grype, UpdateBrainService, OpenOffice, sqlproxy	2023-07-20 10:56:49 -04:00
Thomas Strömberg	f7444b8477	Merge pull request #299 from tstromberg/fpr-jul19 fpr: nvidia drivers, su, agetty, crystalhd, hercules, etc	2023-07-19 15:24:36 -04:00
Thomas Stromberg	921cdc521e	fpr: nvidia drivers, su, agetty, crystalhd, hercules, etc	2023-07-19 15:22:43 -04:00
Thomas Strömberg	931ef2ab15	Merge pull request #298 from tstromberg/fpr-jul13 fpr: Revolt, Bearly, user executables, melange	2023-07-13 19:51:32 -04:00
Thomas Stromberg	485f69a61c	fpr: Revolt, Bearly, user executables, melange	2023-07-13 19:43:35 -04:00
Thomas Strömberg	82cd9bc7ff	Merge pull request #297 from tstromberg/fpr-jul12 fpr: Velociraptor, nessus, kandji, java, SteelSeries, etc	2023-07-12 19:44:17 -04:00
Thomas Stromberg	d310dac7cc	Fix velociraptor exception	2023-07-12 19:30:05 -04:00
Thomas Stromberg	870ea132ee	Decrease search depth for performance	2023-07-12 19:29:48 -04:00
Thomas Stromberg	b22625d38a	Add more velociraptor exceptions	2023-07-12 17:42:02 -04:00
Thomas Stromberg	979cef837b	fix missing comma	2023-07-12 17:40:06 -04:00
Thomas Stromberg	a0e4183bf4	fpr: Velociraptor, nessus, kandji, java, SteelSeries, etc	2023-07-12 17:38:26 -04:00
Thomas Strömberg	656df2055e	Merge pull request #296 from tstromberg/process-ext Add rustbucket comment	2023-07-12 16:46:24 -04:00
Thomas Stromberg	6acc441dcf	Add rustbucket comment	2023-07-12 16:46:00 -04:00
Thomas Strömberg	6182f2957e	Merge pull request #295 from tstromberg/process-ext netutil calls: add nscurl	2023-07-12 16:45:49 -04:00
Thomas Stromberg	8e73ef70d2	netutil calls: add nscurl	2023-07-12 16:45:09 -04:00

1 2 3 4 5 ...

1017 Commits