osquery-defense-kit

mirror of https://github.com/chainguard-dev/osquery-defense-kit synced 2025-02-16 01:17:03 +00:00

Author	SHA1	Message	Date
Thomas Stromberg	ed2bede71f	linux https client: Add 1password	2022-10-21 11:28:31 -04:00
Thomas Stromberg	2538e7f7ce	macos talkers: add grype, chainctl	2022-10-21 11:26:50 -04:00
Thomas Stromberg	a31108984f	linux talkers: add more ports for thunderbird, chrome, firefox	2022-10-21 11:22:24 -04:00
Thomas Stromberg	1359cdd38d	linux ports: add registry on 5000	2022-10-21 11:15:05 -04:00
Thomas Stromberg	b6af630ad8	linux https clients: add nix, pacman, thunderbird, chainctl, kubectl, socket process, go, tf, webkit, xmobar	2022-10-21 11:12:44 -04:00
Thomas Strömberg	dfe9f64953	Merge pull request #18 from chainguard-dev/reformat2 Reduce query intervals for some higher overhead queries	2022-10-20 14:56:38 -04:00
Thomas Stromberg	7d568898c1	Reduce query intervals for some higher overhead queries	2022-10-20 14:56:16 -04:00
Thomas Stromberg	905046cd2a	linux https clients: Add exception for npm exec	2022-10-20 14:15:57 -04:00
Thomas Strömberg	8b16ce2aa4	Merge pull request #14 from chainguard-dev/false-positives False-positive update: Chrome, /usr/local/bin	2022-10-20 14:13:03 -04:00
Thomas Stromberg	416bdd8fd1	Add broader port exception for Chrome	2022-10-20 14:11:19 -04:00
Thomas Strömberg	c082d0caa8	Merge pull request #13 from chainguard-dev/reformat Run 'make reformat'	2022-10-20 14:03:17 -04:00
Thomas Stromberg	ec1a5b6c17	Add events-based detector for ICMP sockets	2022-10-20 14:02:06 -04:00
Thomas Stromberg	a68a3496e9	Run 'make reformat'	2022-10-20 14:01:34 -04:00
Thomas Stromberg	26fbe36e77	Linux: Add electron as an HTTPS client	2022-10-20 13:53:18 -04:00
Thomas Stromberg	9ff14203b6	macOS: Allow Linear Orbit and Microsoft to listen on a wider range of ports	2022-10-20 13:52:34 -04:00
Thomas Stromberg	ad832bc280	linux talkers: Treat /snap as /opt	2022-10-20 13:50:14 -04:00
Thomas Stromberg	6624c8c620	linux talkers: Add ssh exception	2022-10-20 13:46:55 -04:00
Thomas Stromberg	8ddc3de482	linux talkers: Add snap Slack and NixOS bash exception	2022-10-20 13:44:09 -04:00
Thomas Stromberg	0706cc458a	listening ports: Add mtr-packet exception	2022-10-20 13:34:49 -04:00
Thomas Stromberg	b4776ea60f	Remove duplicate comma	2022-10-20 13:20:33 -04:00
Thomas Stromberg	0a92cbb9ce	Add exception for gitsign	2022-10-20 13:17:52 -04:00
Thomas Stromberg	a973dcbcf2	Add more Linux/macOS talker exceptions	2022-10-20 13:12:46 -04:00
Thomas Stromberg	186617890c	Add more real-world exceptions to unexpected-talkers	2022-10-20 13:03:46 -04:00
Thomas Stromberg	1c38ef430e	reformat SQL queries	2022-10-20 09:11:29 -04:00
Thomas Stromberg	1a54cebb55	Sort talker list	2022-10-20 08:20:06 -04:00
Thomas Stromberg	7de03e7fbc	Reduce false positives	2022-10-20 08:04:24 -04:00
Thomas Stromberg	14715b602b	Add chronyd back	2022-10-20 07:59:17 -04:00
Thomas Stromberg	e09e410407	Rewrite and split linux talkers	2022-10-20 07:04:18 -04:00
Thomas Stromberg	f6317c2af8	Further reduction of false positives	2022-10-19 17:07:52 -04:00
Thomas Stromberg	ab94de7770	Add a lot more mitre data	2022-10-19 16:56:32 -04:00
Thomas Stromberg	1bbd284a3c	Work through another series of false positives	2022-10-19 15:26:03 -04:00
Thomas Stromberg	12c7f8360d	Filter out more false positives	2022-10-18 11:44:03 -04:00
Thomas Stromberg	535d835290	Simplify exotic commands queries, remove more false positives	2022-10-18 11:32:18 -04:00
Thomas Stromberg	50d1b42f80	Add provisio	2022-10-17 20:59:09 -04:00
Thomas Stromberg	8ddd5764e8	Remove some false positives	2022-10-17 20:57:56 -04:00
Thomas Stromberg	9bf85e3137	Flush out more false positives	2022-10-17 20:37:44 -04:00
Thomas Stromberg	2b5ea76729	Apply 'npx sql-formatter -l sqlite'	2022-10-17 19:06:17 -04:00
Thomas Stromberg	58dec12a49	Remove some false positives	2022-10-17 17:31:47 -04:00
Thomas Stromberg	de51dcdfcb	Minor adjustments	2022-10-17 17:11:15 -04:00
Thomas Stromberg	9616a6ab36	Use 'rapid' instead of 'continous' for tagging	2022-10-17 08:43:29 -04:00
Thomas Stromberg	f2023c0021	Update interval tags, mostly for persistence	2022-10-14 14:26:49 -04:00
Thomas Stromberg	d2bdffe89e	Add support for interval tags	2022-10-14 14:19:13 -04:00
Thomas Stromberg	d1f1d20192	Fix trailing apostrophe	2022-10-14 10:26:25 -04:00
Thomas Stromberg	432a727f41	Add Slack Technologies signature	2022-10-14 10:22:50 -04:00
Thomas Stromberg	b9a64e8b99	Janitorial maintenance	2022-10-14 10:18:01 -04:00
Thomas Stromberg	6a4a12a261	Add Linear Helper, resort	2022-10-13 18:11:24 -04:00
Thomas Stromberg	91157f6180	Add raw socket exception for tailscale	2022-10-13 18:08:52 -04:00
Thomas Stromberg	20452b128b	Migrate query strings from double to single apostrophes	2022-10-13 14:59:32 -04:00
Thomas Stromberg	26ee658c4a	Initial re-organization around the MITRE ATT&CK framework	2022-10-11 21:53:36 -04:00

49 Commits