osquery-defense-kit

Commit Graph

Author	SHA1	Message	Date
Thomas Stromberg	f9dce0a72d	Include more process information across queries	2023-02-01 13:55:55 -05:00
Thomas Stromberg	45ab183557	fpr: New Chrome etxensions, vbox, chrome, gcloud, gdm3, yay, etc	2023-01-30 14:58:47 -05:00
Thomas Stromberg	5621d9ecd1	Add exception for wrapped Firefox talking to port 19305 (Hangouts)	2023-01-27 10:41:55 -05:00
Thomas Stromberg	141ab28310	False positives: autodocs, jupyter, apko	2023-01-27 10:38:01 -05:00
Thomas Stromberg	66ee3484c0	Remove unused active fields, add WhatsApp ioreg exception	2023-01-27 08:46:48 -05:00
Thomas Stromberg	d51bd731a1	fpr: Parallels, nerdctl, Xorg, nvidia, Stream, etc	2023-01-26 20:40:47 -05:00
Thomas Stromberg	7d8fa35eb4	fpr: Github Absolute Date, Snagit, Figma, Seagate, aws, etc	2023-01-26 16:30:14 -05:00
Thomas Stromberg	f5fe9a4aac	Refactor process_events queries for more accurate parenting	2023-01-26 11:40:54 -05:00
Thomas Stromberg	83cc38207e	fpr: minikube, tailscale, dex, pacman, virtualbox, steam, lsmod, busybox, etc	2023-01-23 20:33:52 -05:00
Thomas Stromberg	280b187b20	fpr: systemctl calls, go tests, WebEx, MariaDB, Brave	2023-01-20 17:55:48 -05:00
Thomas Stromberg	e6824d87e9	Run 'make reformat'	2023-01-20 09:24:24 -05:00
Thomas Stromberg	6014ca1e64	Add missing comma	2023-01-20 09:06:21 -05:00
Thomas Stromberg	dc154a6199	FPR: Meta Pixel Helper, systemctl, pia-daemon, 1Passwd, iTerm, Brave	2023-01-20 09:04:00 -05:00
Thomas Stromberg	8e9ae0fda3	Less false positives: particularly among systemctl calls	2023-01-20 08:40:08 -05:00
Thomas Stromberg	b601d6c3b0	Add port 19305 (Google Meet) on Firefox	2023-01-19 12:18:22 -05:00
Thomas Stromberg	710ca28ed9	False positives: apt-daily, github runner, Slack helper, Foxit, syncthing	2023-01-19 11:52:31 -05:00
Thomas Stromberg	f5e08ceec2	False positives: Chrome extensions, Steam games, tmp files, Photoshop	2023-01-18 14:10:33 -05:00
Thomas Stromberg	ef5d8afdd0	False positives: homekit, setxid overflows, buildx, tmp files	2023-01-18 10:57:43 -05:00
Thomas Stromberg	7b79b19090	False positive reduction: Messenger, Chrome, Final Cut Pro, etc	2023-01-18 09:49:56 -05:00
Thomas Stromberg	d415b36b57	FP removal: Selenium, PolKit helper, gephi, docker-credential-gcloud, firejail, etc	2023-01-16 12:56:39 -05:00
Thomas Stromberg	431720103e	Remove dupe entry	2023-01-14 08:20:11 -05:00
Thomas Stromberg	e3401a07c6	Weekend false-positive flush	2023-01-14 08:19:26 -05:00
Thomas Stromberg	cb896b9e10	Filter out new false positives	2023-01-13 15:24:18 -05:00
Thomas Stromberg	1b79359b68	Friday False Positive Flush	2023-01-13 14:10:43 -05:00
Thomas Stromberg	420d269025	Reformat and reduce false positives	2023-01-09 15:10:48 -05:00
Thomas Stromberg	c7e4252af1	Remove false positives, fix some queries that failed to show a parent pid	2023-01-09 10:46:30 -05:00
Thomas Stromberg	e8af31a348	false positives: dots, ipn, apport-gtk, homebrew, hyperkey, contexts	2023-01-09 09:34:20 -05:00
Thomas Stromberg	2bcf9316cf	Add some hash fields, fix some false positives	2023-01-09 09:04:38 -05:00
Thomas Stromberg	4eb6993272	Catch up to some older false positives we ran into	2023-01-06 17:11:24 -05:00
Thomas Stromberg	1aefbe5e91	More false positive removal	2023-01-06 16:01:35 -05:00
Thomas Stromberg	7455c22e3c	Fix missing /	2023-01-06 10:19:33 -05:00
Thomas Stromberg	9843def319	Fix more false positives, particularly in shell/fetcher parents	2023-01-06 10:18:19 -05:00
Thomas Stromberg	ba23df1fef	Catch up to other false positives over winter break	2023-01-04 11:03:38 -05:00
Thomas Stromberg	a8b95a2c9e	New Years cleanup: monitorix, snap-confine, steam, spotify, etc	2023-01-03 08:50:19 -05:00
Thomas Stromberg	15d3251120	False-positive flush: mount.ntfs, docker-credential-desktop, exotic socket refactor	2022-12-19 18:06:06 -05:00
Thomas Stromberg	49a19a6fd5	Sort out more false positives	2022-12-16 17:37:32 -05:00
Thomas Stromberg	404adf3e1f	Another false positive flush: Capital One, tailscaled, agetty, snap, ninja, epson printers, etc	2022-12-15 16:51:58 -05:00
Thomas Stromberg	0b8a67a48f	Add exception for JetBrains Toolbox	2022-12-15 10:25:35 -05:00
Thomas Stromberg	16f9b2f3ee	Remove more false positives: kind, gopls, docker.socket, etc	2022-12-15 10:20:16 -05:00
Thomas Stromberg	2731759d9b	Add Signal Helper	2022-12-15 09:07:11 -05:00
Thomas Stromberg	76d5c8564b	Resolve latest reported false positives	2022-12-02 11:20:18 -05:00
Thomas Stromberg	b9e0ad34a3	Post-Thanksgiving false positive flush	2022-11-28 16:06:07 -05:00
Thomas Stromberg	39e9aee6eb	Split parent-missing-from-disk, address false positives	2022-11-23 07:10:03 -05:00
Thomas Stromberg	8281a825db	Add dnf with python 3.11	2022-11-22 16:29:52 -05:00
Thomas Stromberg	6a7c4b6668	Pre-Thanksgiving False Positive cleanup, including Pop!OS support	2022-11-22 09:21:03 -05:00
Thomas Stromberg	8e3d6a1614	False positives: melange, ~/dev, debian-sa1, AdBlock, cover, kubelr, etc	2022-11-18 10:27:43 -05:00
Thomas Stromberg	018eb595c5	Add goa-daemon exception (sends telemetry to Google)	2022-11-17 10:17:45 -05:00
Thomas Stromberg	eeeaeecda1	Add exceptions for Microsoft teams, ldconfig, fix go build paths	2022-11-17 07:20:19 -05:00
Thomas Stromberg	9f63e3b21d	Begin making use of cgroup_paths, clear more false positives	2022-11-16 16:52:39 -05:00
Thomas Stromberg	3d7bc8363e	More false positive management	2022-11-16 14:49:36 -05:00

1 2 3

138 Commits