RepoMirrors/osquery-defense-kit
1
0
Fork 0
mirror of https://github.com/chainguard-dev/osquery-defense-kit synced 2025-02-17 18:07:10 +00:00
Code Issues Packages Projects Releases Wiki Activity
1,062 Commits 1 Branch 31 Tags 6.9 MiB
2be637e9c3
Commit Graph

611 Commits

Author SHA1 Message Date
Thomas Stromberg
310e51d2a2
fpr: Capture One, Grammarly, Mullvad, etc 2023-12-08 17:12:27 -05:00
Thomas Stromberg
40078d357a
fpr: ThingsWidgetExtension 2023-11-02 11:17:58 -04:00
Thomas Stromberg
5802021124
Optimize YARA process queries by deduping paths 2023-11-02 09:53:26 -04:00
Thomas Stromberg
6e1e7f29c2
fpr: dbeaver, AwesomeScreenshot, Hyper, etc 2023-11-02 09:39:41 -04:00
Thomas Stromberg
0060bb087e
fpr: aws, java, arch, cody, google, wireshark, etc 2023-10-31 11:40:10 -04:00
Thomas Strömberg
51baf32292
Merge pull request #331 from tstromberg/fpr-oct25 
fpr: rootlesskit, sshd, Fedora, Oracle Linux
 2023-10-25 13:42:56 -04:00
Thomas Stromberg
23fadda33b
fpr: rootlesskit, sshd, Fedora, Oracle Linux 2023-10-25 13:42:22 -04:00
Thomas Stromberg
d7990dd063
fpr: Electron, Github 2023-10-25 09:49:07 -04:00
Thomas Stromberg
7d9aced380
fpr: mtr, vscode, cpptools, cron, firefox 2023-10-25 09:18:04 -04:00
Thomas Stromberg
9e6df92e3f
fpr: osquery release spam 2023-10-24 18:32:03 -04:00
Thomas Stromberg
3c2be1c16e
fpr: Kolide, qemu, bash, monday, macOS 2023-10-24 18:01:36 -04:00
Thomas Stromberg
bf66053d5c
fpr: containerd, hyper, Docker, Chromium, spotify, busycal 2023-10-02 16:11:44 -04:00
Thomas Stromberg
42c0a15e2a Fix vpl, kolide exceptions, increase timeouts for yara 2023-10-02 11:45:27 -04:00
Thomas Stromberg
5f2680ca8b
fpr: Monday, Splunk, Gnome, Git, Grammarly, etc 2023-10-02 11:35:11 -04:00
Thomas Stromberg
ed473f438d
Broaden the talker exception list 2023-09-26 16:41:47 -04:00
Thomas Stromberg
f73263bece
fpr: docker, fish, Stream Deck, rsync, lima, macOS 2023-09-26 15:14:38 -04:00
Thomas Strömberg
25f7c2cacd
Merge pull request #321 from tstromberg/unusual-location- 
Add detector for listening from an unusual location
 2023-09-26 13:13:21 -04:00
Thomas Strömberg
c3df9bdea5
Merge pull request #320 from tstromberg/lima-ubuntu-fpr 
Reduce false positives on Ubuntu + Lima
 2023-09-26 13:13:13 -04:00
Thomas Stromberg
d3efd381f0
Add detector for listening from an unusual location 2023-09-26 13:12:51 -04:00
Thomas Stromberg
a7f0b3001d
Reduce false positives on Ubuntu + Lima 2023-09-26 13:09:22 -04:00
Thomas Stromberg
6b4700c3dd
Address issues which kept these alerts from firing 2023-09-24 22:02:34 -04:00
Thomas Stromberg
5e3d1d22bd
Simplify execution queries 2023-09-20 18:24:40 -04:00
Thomas Stromberg
e6f14457fc
Further simplify exotic-command-events-linux 2023-09-20 18:11:50 -04:00
Thomas Stromberg
2bbc2f6c97
split detection pack into subpacks 2023-09-20 17:43:39 -04:00
Thomas Strömberg
547fe50fca
Merge pull request #314 from tstromberg/yara 
YARA rules everywhere!
 2023-09-20 17:13:43 -04:00
Thomas Stromberg
6781b46375
YARA rules everywhere! 2023-09-20 17:03:21 -04:00
Thomas Stromberg
8a383a9963
exotic commands: simplify to avoid Kolide complexity cutoff 2023-09-20 09:50:10 -04:00
Thomas Stromberg
b39fca4e9f
fpr: RSA keys, tcpdump, login, crane, souregraph, etc 2023-09-20 09:30:46 -04:00
Thomas Stromberg
d0e73093ae
Use correct column name 2023-09-20 08:07:57 -04:00
Thomas Stromberg
4e820ae59e
Improve FDM/cred theft detection 2023-09-20 08:03:25 -04:00
Thomas Strömberg
ddb37c066a
Merge pull request #310 from tstromberg/fpr-sep18 
unexpected talker events: address easy false positives
 2023-09-19 17:48:09 -04:00
Thomas Strömberg
e958c9f2ac
Merge pull request #311 from tstromberg/hidden-cwd-events 
new check: hidden cwd events
 2023-09-19 17:48:01 -04:00
Thomas Stromberg
bfdc509243 new check: hidden cwd events 2023-09-19 17:18:35 -04:00
Thomas Stromberg
f656aef8be unexpected talker events: address easy false positives 2023-09-19 17:17:58 -04:00
Thomas Stromberg
9722d9f156 new check: Unexpected talker events 2023-09-19 15:57:21 -04:00
Thomas Stromberg
cf175ec48d More checks for unusual process names inspired by Earth Lusca 2023-09-18 14:14:40 -04:00
Thomas Strömberg
9963a4e3c6
Merge pull request #307 from tstromberg/fpr-sep14 
fpr: sourcegraph, nginx, factorio, fan control, emacs, nushell
 2023-09-14 17:16:30 -04:00
Thomas Strömberg
6adfb1d109
Merge pull request #304 from tstromberg/infostealerz 
Add primitive name-based detection for possible InfoStealers
 2023-09-14 17:14:07 -04:00
Thomas Stromberg
f16c3cdf53 fpr: sourcegraph, nginx, factorio, fan control, emacs, nushell 2023-09-14 17:13:12 -04:00
Thomas Stromberg
a041305145 Improve base64/crontab detection 2023-09-14 16:39:35 -04:00
Thomas Stromberg
e2d6fa58a7
Add primitive name-based detection for possible InfoStealers 2023-09-12 10:19:22 -04:00
Thomas Strömberg
b93654a9c9
Merge pull request #303 from tstromberg/faster-chmod-detection 
Improve unexpected-chmod-exec-event performance
 2023-09-05 12:42:08 -04:00
Thomas Stromberg
f17381eaa3
Improve unexpected-chmod-exec-event performance 2023-09-05 12:14:47 -04:00
Thomas Stromberg
190e8adcfd Merge to master 2023-09-01 17:34:36 -04:00
Thomas Stromberg
b889cde6d5 Additional fixes for Ventura & Capture One 2023-09-01 17:27:27 -04:00
Thomas Stromberg
84125c4bb1
Remove recently common false positives 2023-09-01 17:09:47 -04:00
Thomas Stromberg
188bc78f4c Fix errors 2023-08-15 18:29:27 -04:00
Thomas Stromberg
dce2eb2af5 Add many exceptions 2023-08-15 18:13:06 -04:00
Thomas Stromberg
ce2f0f06cb
fpr; Keybase, grype, UpdateBrainService, OpenOffice, sqlproxy 2023-07-20 10:56:49 -04:00
Thomas Stromberg
921cdc521e
fpr: nvidia drivers, su, agetty, crystalhd, hercules, etc 2023-07-19 15:22:43 -04:00