osquery-defense-kit

mirror of https://github.com/chainguard-dev/osquery-defense-kit synced 2025-02-18 02:17:01 +00:00

Author	SHA1	Message	Date
Thomas Stromberg	4df51743d0	fpr: lima, rpm-ostree, gitsign, kde, python, etc	2024-07-01 21:56:28 -04:00
Thomas Stromberg	5dd614f54c	fpr: MHLink, k3d, BlueFin, query tuning	2024-04-26 16:14:02 -04:00
Thomas Stromberg	342d813bf8	fpr: Docker Desktop, code-oss, incus, etc	2024-02-26 17:26:56 -05:00
Thomas Stromberg	e42ea9a4bc	massive fpr: Rapid7, Elastic, everything	2024-01-26 14:07:37 -05:00
Thomas Stromberg	229a32a61e	fpr: sourcegraph,phantombuster,iterm,cody,stickers	2024-01-09 16:14:00 -05:00
Thomas Stromberg	f16c3cdf53	fpr: sourcegraph, nginx, factorio, fan control, emacs, nushell	2023-09-14 17:13:12 -04:00
Thomas Stromberg	84125c4bb1	Remove recently common false positives	2023-09-01 17:09:47 -04:00
Thomas Stromberg	d74405c817	fpr: Brave, Adobe, Signal, Kandji, SteelSeries, etc	2023-06-30 16:38:31 -04:00
Thomas Stromberg	cebf617c82	fpr: terragrunt, mdnsResponder, Spotify, Zoom, etc	2023-06-14 10:58:41 -04:00
Thomas Stromberg	32328c91f1	fpr: Slack, Gnome, Sigstore, Logitune, etc	2023-06-12 10:10:57 -04:00
Thomas Stromberg	ff2ab95431	Remove file sizes from systemd exception key	2023-06-08 18:26:57 -04:00
Thomas Stromberg	c8760e0ae1	fpr: macOS, Signal, Creative Labs, node, etc	2023-06-07 09:55:17 -04:00
Thomas Stromberg	066c88dc18	fpr: multipass, go, macOS, Ubuntu, Opera, git, ko	2023-06-02 19:08:08 -04:00
Thomas Stromberg	9575d18bc2	fpr: FleetDM, Edge, VSCode, dnf, Steam, etc	2023-06-01 11:52:20 -04:00
Thomas Stromberg	111c15e20b	fpr: macOS, yubikey, Premiere, dnf, vagrant, etc	2023-05-23 11:31:37 -04:00
Thomas Stromberg	c6eec0ee17	Query tuning after Geacon testing	2023-05-17 10:54:16 -04:00
Thomas Stromberg	24c2baef28	Make process times broadly available, minor opts	2023-05-16 17:18:39 -04:00
Thomas Stromberg	9c87838b9f	fpr: Chrome, Kolide	2023-05-12 16:41:17 -04:00
Thomas Stromberg	41d83350a1	make reformat	2023-05-08 13:20:47 -04:00
Thomas Stromberg	778d53b169	Address merge conflicts	2023-05-08 13:11:24 -04:00
Thomas Stromberg	4856a0e80a	fpr: LogiTune, sharingd, gnome, sparkle, plex	2023-05-08 13:07:57 -04:00
Thomas Stromberg	785b7c2bde	fpr: LogiTune, EndeavourOS, less	2023-05-08 12:19:19 -04:00
Thomas Stromberg	272711ae7a	fpr: node, nc, busybox, libvirt, etc	2023-05-05 12:44:46 -04:00
Thomas Stromberg	0202e87b73	fpr: libopenblas, snapd, k3d, opera, nix, ssh, cargo, adobe installer	2023-05-03 16:28:00 -04:00
Thomas Stromberg	76cf1006c6	fpr: microbit, i3, Grammarly for Safari, wine	2023-05-02 17:49:53 -04:00
Thomas Stromberg	47124daa01	fpr: RetailMeNot, LogiTune, macOS, mediawriter, etc	2023-05-02 15:25:36 -04:00
Thomas Stromberg	1961531adf	fpr: more refactor fallout	2023-04-28 14:40:12 -04:00
Thomas Stromberg	9c3f783491	fpr everything	2023-04-17 16:20:35 -04:00
Thomas Stromberg	d4dd423745	fpr: Grammarly, semodule, docker-compose, xdg, etc	2023-03-30 18:44:01 -04:00
Thomas Stromberg	9b0ed09c8e	fpr: xdg, docker, dbus, bpfilter_umh, docker, spotify, mage	2023-03-28 16:25:26 -04:00
Thomas Stromberg	fbab3701c0	fpr: Docker, Zwift, macOS updates, etc	2023-03-20 17:05:02 -04:00
Thomas Stromberg	824efa9705	fpr: yum, systemd, cloud-sql-proxy, image-automation-controller, helm, bom, aws	2023-03-14 19:00:44 -04:00
Thomas Stromberg	09652bd91f	fpr: SA keys, libgtop, haproxy, gvproxy, slirp	2023-03-14 16:05:16 -04:00
Thomas Stromberg	b3825ba2b9	fpr: Canon Universal Installer, melange, GPG, key names	2023-03-06 15:11:11 -05:00
Thomas Stromberg	f25cfe1399	fpr: aws-sdk, melange, Tailscale, Xprotect, etc	2023-03-03 07:24:42 -05:00
Thomas Stromberg	fb7cd56249	fpr: abrt-dbus, gdm, chrome, ff, etc	2023-02-24 16:30:17 -05:00
Ian Brown	ffd552aa54	Missed one Signed-off-by: Ian Brown <ian@zestysoft.com>	2023-02-18 16:10:48 -08:00
Ian Brown	551d7dbb8c	fpr: Fujitsu, vmware, objective-see, paragon, etc Signed-off-by: Ian Brown <ian@zestysoft.com>	2023-02-18 12:02:40 -08:00
Thomas Stromberg	f87541c945	False positive flush, particularly in talkers	2023-02-17 11:57:23 -05:00
Thomas Stromberg	bc359d69ce	Linux events: decrease CPU usage of elevated children & execdir	2023-02-17 10:40:58 -05:00
Thomas Stromberg	a8ed058d4d	Query performance improvements, add pids, decrease frequency	2023-02-09 17:01:29 -05:00
Thomas Strömberg	eef833287a	Merge pull request #164 from NACHOSWITHCHEESE/fixing-macos-detection-compatibility Modified detections explicitly targeted towards macOS to not include cgroup field	2023-02-08 20:54:45 -05:00
Thomas Stromberg	72326c3b5c	Massive reduction of false positives across the board	2023-02-08 20:06:26 -05:00
echunduri	e44dc167e9	Modified detections explicilty targeted towards macOS to not include cgroup_path fields anymore	2023-02-09 10:57:03 +11:00
Thomas Stromberg	2634e9d45b	Monday morning false-positive purge	2023-02-08 14:37:09 -05:00
Thomas Stromberg	bb3e1f964e	Run make reformat, update max rows for incident response	2023-02-02 17:58:19 -05:00
Thomas Stromberg	2d81061df3	Update for osqtool v1.0	2023-02-02 12:04:26 -05:00
Thomas Stromberg	cdcb2d48f3	Slow queries down, minor improvements	2023-02-01 16:17:36 -05:00
Thomas Stromberg	f9dce0a72d	Include more process information across queries	2023-02-01 13:55:55 -05:00
Thomas Stromberg	66ee3484c0	Remove unused active fields, add WhatsApp ioreg exception	2023-01-27 08:46:48 -05:00

1 2 3

101 Commits