Thomas Stromberg
|
bb3e1f964e
|
Run make reformat, update max rows for incident response
|
2023-02-02 17:58:19 -05:00 |
|
Thomas Stromberg
|
f9dce0a72d
|
Include more process information across queries
|
2023-02-01 13:55:55 -05:00 |
|
Thomas Stromberg
|
66ee3484c0
|
Remove unused active fields, add WhatsApp ioreg exception
|
2023-01-27 08:46:48 -05:00 |
|
Thomas Stromberg
|
f5fe9a4aac
|
Refactor process_events queries for more accurate parenting
|
2023-01-26 11:40:54 -05:00 |
|
Thomas Stromberg
|
e6824d87e9
|
Run 'make reformat'
|
2023-01-20 09:24:24 -05:00 |
|
Thomas Stromberg
|
d415b36b57
|
FP removal: Selenium, PolKit helper, gephi, docker-credential-gcloud, firejail, etc
|
2023-01-16 12:56:39 -05:00 |
|
Thomas Stromberg
|
cb896b9e10
|
Filter out new false positives
|
2023-01-13 15:24:18 -05:00 |
|
Thomas Stromberg
|
36cac9722b
|
new detector: unexpected file made executable
|
2023-01-13 12:10:43 -05:00 |
|