osquery-defense-kit

mirror of https://github.com/chainguard-dev/osquery-defense-kit synced 2025-01-20 04:20:44 +00:00

Author	SHA1	Message	Date
Thomas Stromberg	342d813bf8	fpr: Docker Desktop, code-oss, incus, etc	2024-02-26 17:26:56 -05:00
Thomas Strömberg	51ecee8d9b	Merge pull request #357 from tstromberg/feb16-fpr fpr: Incus, Firefox, mbim, networkd, incus	2024-02-23 16:27:35 -05:00
Thomas Stromberg	a266879668	Merge branch 'main' into feb16-fpr	2024-02-23 16:25:24 -05:00
Thomas Stromberg	5507ae1458	fpr: Firefox, Rapid7, Incus	2024-02-23 16:25:18 -05:00
Thomas Strömberg	d1f6aede22	Merge pull request #356 from tstromberg/ktaint Ignore taint code 4096 (out-of-tree driver)	2024-02-23 15:10:23 -05:00
Thomas Stromberg	af07ef9888	Ignore taint code 4096 (out-of-tree driver)	2024-02-22 11:48:53 -05:00
Thomas Strömberg	6b5d744505	Merge pull request #355 from tstromberg/feb16-fpr fpr: Elastic, IR, Velociraptor, BitDefender, incus, Adguard	2024-02-16 17:24:41 -05:00
Thomas Stromberg	f22d27b1a6	fix Chrome merge conflict	2024-02-16 17:23:23 -05:00
Thomas Stromberg	f72e6424c0	Run reformat	2024-02-16 17:21:00 -05:00
Thomas Stromberg	b1e05d6612	merge conflict	2024-02-16 17:17:45 -05:00
Thomas Stromberg	f87a8e8197	fpr: Elastic, IR, Velociraptor, BitDefender, incus, Adguard	2024-02-16 17:14:11 -05:00
Thomas Strömberg	0d5467e72d	Merge pull request #354 from tstromberg/fpr-feb5 fpr: Elastic Defend, gcloud, Warp, etc	2024-02-05 10:51:26 -05:00
Thomas Stromberg	a0624c0870	Add Elastic exceptions for osqueryd/packetbeat	2024-02-05 10:49:52 -05:00
Thomas Stromberg	12a55753b5	fpr: Elastic Defend, gcloud, Warp, etc	2024-02-05 10:45:17 -05:00
Thomas Strömberg	9b66ef1d29	Merge pull request #353 from tstromberg/spctl Add TTP details from https://www.sentinelone.com/blog/backdoor-activa…	2024-02-05 09:20:19 -05:00
Thomas Stromberg	25c579aa1d	Add TTP details from https://www.sentinelone.com/blog/backdoor-activator-malware-running-rife-through-torrents-of-macos-apps/	2024-02-01 13:04:07 -05:00
Thomas Strömberg	23a0e572df	Merge pull request #352 from tstromberg/fpr-jan22 massive fpr: Rapid7, Elastic, everything	2024-01-26 14:25:08 -05:00
Thomas Stromberg	8693fb6d4f	Add more rapid7 excludes	2024-01-26 14:24:11 -05:00
Thomas Stromberg	517b5719c6	address merge conflict	2024-01-26 14:15:53 -05:00
Thomas Stromberg	e42ea9a4bc	massive fpr: Rapid7, Elastic, everything	2024-01-26 14:07:37 -05:00
Thomas Strömberg	0d94ed9f6a	Merge pull request #351 from tstromberg/fpr-jan22 Fpr jan22	2024-01-22 10:42:54 -05:00
Thomas Strömberg	2da9171f43	Merge pull request #350 from jedsalazar/pr/jed/pin-action-digests-osquery-defense-kit pin to shas and upgrade actions workflows and osquery client	2024-01-22 10:42:18 -05:00
Thomas Stromberg	594bc78833	Add firefox DNS resolution	2024-01-22 10:41:35 -05:00
Thomas Stromberg	4cb050f4cc	Add elastic endpoint	2024-01-22 10:40:23 -05:00
Thomas Stromberg	5d31e8da5f	fpr: psi, arduino, bitdefender, keybase, cody, etc	2024-01-22 10:36:01 -05:00
Jed Salazar	13d5a02cb1	pin to shas and upgrade actions workflows and osquery client Signed-off-by: Jed Salazar <jedsalazar@gmail.com>	2024-01-19 13:58:06 -07:00
Thomas Strömberg	54fc45e787	Merge pull request #349 from tstromberg/fpr-jan18-2 fpr: snap, mutedeck, idea, Chrome exts	2024-01-18 17:18:43 -05:00
Thomas Stromberg	2762503030	Add missing comma	2024-01-18 17:18:05 -05:00
Thomas Stromberg	ceec1718f9	fpr: snap, mutedeck, idea, Chrome exts	2024-01-18 17:15:37 -05:00
Thomas Strömberg	eaf42fbcd7	Merge pull request #348 from tstromberg/rapid7-elastic-bob fpr: elastic, rapid7, zwift	2024-01-10 11:21:02 -05:00
Thomas Stromberg	3cc2af51c1	fpr: elastic, rapid7, zwift	2024-01-10 11:20:04 -05:00
Thomas Strömberg	944b9b7bcd	Merge pull request #347 from tstromberg/new-times Set a time limit of 8s for query output	2024-01-10 09:48:48 -05:00
Thomas Stromberg	b6476324ce	Set a time limit of 8s for query output	2024-01-10 09:48:18 -05:00
Thomas Strömberg	568cb3c988	Merge pull request #346 from tstromberg/fix-kolide-err Rename current_time column to now_ts to avoid Kolide import issue	2024-01-10 09:42:59 -05:00
Thomas Stromberg	36c2286717	Rename current_time column to now_ts to avoid Kolide import issue	2024-01-10 09:42:29 -05:00
Thomas Strömberg	de2bdd3fd7	Merge pull request #345 from tstromberg/fix-yara-err recently downloaded go-crypt: Fix YARA error	2024-01-09 17:23:04 -05:00
Thomas Stromberg	fa4e0d0510	recently downloaded go-crypt: Fix YARA error	2024-01-09 17:22:33 -05:00
Thomas Strömberg	46defeab6f	Merge pull request #344 from tstromberg/simpler-make Simplify makefile, reduce config targets to 4	2024-01-09 16:57:34 -05:00
Thomas Stromberg	bdb25643d8	Simplify makefile, reduce config targets to 4	2024-01-09 16:56:40 -05:00
Thomas Strömberg	1462745390	Merge pull request #343 from tstromberg/fpr-jan9 fpr: syncthing, sourcegraph, phantombuster, iterm, cody, stickers	2024-01-09 16:21:03 -05:00
Thomas Stromberg	27a0d55737	fpr: syncthing	2024-01-09 16:19:52 -05:00
Thomas Stromberg	229a32a61e	fpr: sourcegraph,phantombuster,iterm,cody,stickers	2024-01-09 16:14:00 -05:00
Thomas Strömberg	16dd48b2f5	Merge pull request #342 from tstromberg/fpr-jan5 fpr: Elastic Defend, Rapid7 InsightIDR & others	2024-01-08 19:08:57 -05:00
Thomas Stromberg	875125fc94	Add exceptions for Elastic Defend & Rapid7 InsightIDR	2024-01-08 19:07:57 -05:00
Thomas Stromberg	c2c29a1a52	Optimize performance with Google Chrome image mounted	2024-01-08 18:47:36 -05:00
Thomas Stromberg	1304d66783	Add more Elastic exceptions	2024-01-08 17:55:30 -05:00
Thomas Stromberg	336a1fca4a	Add exceptions for Elastic Defend	2024-01-08 17:18:25 -05:00
Thomas Strömberg	d02d01b62d	Merge pull request #341 from tstromberg/osqtool-141 Upgrade osqtool to v1.4.1	2024-01-08 15:56:01 -05:00
Thomas Stromberg	45112c4b70	Upgrade osqtool to v1.4.1	2024-01-08 15:55:29 -05:00
Jed Salazar	3914fa7e40	Merge pull request #340 from jedsalazar/pr/jed/add-macdown-exception Add Macdown as an exception to minimal-socket-client-macos	2023-12-26 12:49:20 -07:00

1 2 3 4 5 ...

1122 Commits