RepoMirrors
/
osquery-defense-kit
mirror of https://github.com/chainguard-dev/osquery-defense-kit
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
1,136 Commits 1 Branch 31 Tags 5.6 MiB
Commit Graph

39 Commits

Author SHA1 Message Date
Thomas Stromberg 3447f95d9e
Performance tuning, mark some Linux queries as 'extra' 2024-03-15 19:06:16 -04:00
Thomas Stromberg b6476324ce
Set a time limit of 8s for query output 2024-01-10 09:48:18 -05:00
Thomas Stromberg bdb25643d8
Simplify makefile, reduce config targets to 4 2024-01-09 16:56:40 -05:00
Thomas Stromberg 45112c4b70
Upgrade osqtool to v1.4.1 2024-01-08 15:55:29 -05:00
Thomas Stromberg 3365d81d22
makefile: Add osqtool versioning 2023-12-15 17:29:26 -05:00
Thomas Stromberg 2be637e9c3
Add combined-detection rule 2023-12-15 17:25:54 -05:00
Thomas Stromberg 9a03776699 Extend timeouts 2023-10-03 11:20:40 -04:00
Thomas Stromberg 42c0a15e2a Fix vpl, kolide exceptions, increase timeouts for yara 2023-10-02 11:45:27 -04:00
Thomas Stromberg 5e3d1d22bd
Simplify execution queries 2023-09-20 18:24:40 -04:00
Thomas Stromberg 7b30ac3208
Don't verify vulnerabilities as there is only one query 2023-09-20 18:13:52 -04:00
Thomas Stromberg 2bbc2f6c97
split detection pack into subpacks 2023-09-20 17:43:39 -04:00
Thomas Stromberg d74405c817
fpr: Brave, Adobe, Signal, Kandji, SteelSeries, etc 2023-06-30 16:38:31 -04:00
Thomas Stromberg cebf617c82 fpr: terragrunt, mdnsResponder, Spotify, Zoom, etc 2023-06-14 10:58:41 -04:00
Thomas Stromberg 111c15e20b fpr: macOS, yubikey, Premiere, dnf, vagrant, etc 2023-05-23 11:31:37 -04:00
Thomas Stromberg 56ede74c54 fpr: Parallels, Stream Deck, tflint, gitstatus, snyk 2023-05-17 17:52:55 -04:00
Thomas Stromberg 24c2baef28 Make process times broadly available, minor opts 2023-05-16 17:18:39 -04:00
Thomas Stromberg 2700c780b7
Add a runnable osquery.conf example 2023-03-04 13:03:30 -05:00
Thomas Stromberg 3df885d9bc
Makefile: Add 'detect' rule, fix collection/IR rules 2023-02-24 18:19:22 -05:00
Thomas Stromberg 063eb1691c
Add privacy-aware version of the IR rules 2023-02-24 17:47:07 -05:00
Thomas Stromberg b9cefa0d09
Remove wireless-networks rule, rename collection to collect 2023-02-24 17:30:43 -05:00
Thomas Stromberg fc08a698ec
Fix broken IR non-Wireless rule 2023-02-24 16:56:17 -05:00
Thomas Stromberg fb022f8005
verify: 10s for IR 2023-02-24 16:49:53 -05:00
Thomas Stromberg 39ad038c04
Add verify-ci Makefile rule 2023-02-24 16:44:00 -05:00
Thomas Stromberg 995c1e1104
Fixes so that ODK can run under CI 2023-02-24 12:15:56 -05:00
Thomas Stromberg 1ac3d4fbb8
Makefile: collect as root 2023-02-23 21:45:34 -05:00
Thomas Stromberg 3984b82701
Makefile: add "make collection" target, improve others 2023-02-23 21:29:28 -05:00
Ian Brown ffd552aa54
Missed one 
Signed-off-by: Ian Brown <ian@zestysoft.com>
 2023-02-18 16:10:48 -08:00
Thomas Stromberg ebb9780036
Makefile: Add reformat-updates target 2023-02-10 10:33:04 -05:00
Thomas Stromberg 593991adb8
Purge observed false positives 2023-02-09 17:54:41 -05:00
Thomas Stromberg a8ed058d4d
Query performance improvements, add pids, decrease frequency 2023-02-09 17:01:29 -05:00
Thomas Stromberg 2634e9d45b
Monday morning false-positive purge 2023-02-08 14:37:09 -05:00
Thomas Stromberg bb3e1f964e
Run make reformat, update max rows for incident response 2023-02-02 17:58:19 -05:00
Thomas Stromberg 2d81061df3
Update for osqtool v1.0 2023-02-02 12:04:26 -05:00
Thomas Stromberg 09962c8dca
Add IR no-wifi ruleset 2022-11-23 07:32:52 -05:00
Thomas Stromberg 724e2fbc84
Makefile: Rename .sql targets to .conf, extend max-duration for IR 2022-11-23 07:14:53 -05:00
Thomas Stromberg 56b1af7b14
Add 'reformat' rule 2022-10-20 09:10:45 -04:00
Thomas Stromberg 8a198b259a
Makefile: Use --verify when packing 2022-10-14 10:25:08 -04:00
Thomas Stromberg 220dfc74ea
Install osqtool (unversioned at the moment) 2022-10-13 10:04:18 -04:00
Thomas Stromberg e785c35614
v0.0.1 2022-10-13 09:11:17 -04:00