RepoMirrors
/
osquery-defense-kit
mirror of https://github.com/chainguard-dev/osquery-defense-kit
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
1,265 Commits 1 Branch 31 Tags 5.6 MiB
Commit Graph

32 Commits

Author SHA1 Message Date
Dave Smith 3a005452ee
add extra tag to unified_log_macos.sql 
Signed-off-by: Dave Smith <dave.smith@chainguard.dev>
 2024-10-25 10:53:19 -04:00
Thomas Stromberg 6aab8fdfb6
Add events and extra tags to relevant event-based queries 2024-09-24 15:36:03 -04:00
Thomas Stromberg f72e6424c0 Run reformat 2024-02-16 17:21:00 -05:00
Thomas Stromberg c6eec0ee17 Query tuning after Geacon testing 2023-05-17 10:54:16 -04:00
Thomas Stromberg 24c2baef28 Make process times broadly available, minor opts 2023-05-16 17:18:39 -04:00
Thomas Stromberg 64d482abcd
Collect recent file events 2023-05-12 16:35:00 -04:00
Thomas Stromberg 08d0235608
Fix bug 2023-05-12 16:26:44 -04:00
Thomas Stromberg 6303ee76b6
Collect more file data 2023-05-12 16:17:10 -04:00
Thomas Stromberg 2645fa41f7
pop is a Linux only table 2023-05-12 11:10:50 -04:00
Thomas Stromberg 99af29e2df
clarify macOS coverage 2023-05-12 11:08:59 -04:00
Thomas Stromberg 0c9e3bbf72
incident_response: Improve macOS coverage 2023-05-12 10:49:50 -04:00
Thomas Stromberg 41d83350a1
make reformat 2023-05-08 13:20:47 -04:00
Thomas Stromberg 570c36dc71
fpr: tilt, electron, cilium, write/read improvements 2023-03-24 10:42:06 -04:00
Thomas Stromberg 063eb1691c
Add privacy-aware version of the IR rules 2023-02-24 17:47:07 -05:00
Thomas Stromberg b9cefa0d09
Remove wireless-networks rule, rename collection to collect 2023-02-24 17:30:43 -05:00
Thomas Stromberg fb7cd56249
fpr: abrt-dbus, gdm, chrome, ff, etc 2023-02-24 16:30:17 -05:00
Thomas Stromberg 5fa706805e
incident_response: bugfixes across queries 2023-02-23 21:24:52 -05:00
Thomas Stromberg db792dc3c2
incident response: remove ever-changing columns from process table 2023-02-23 17:12:45 -05:00
Thomas Stromberg 8ce348dfc4
Rename files-from-proc to process-files. 2023-02-23 17:11:35 -05:00
Thomas Stromberg c8ecc36079
incident response: Add dump of /dev files 2023-02-23 17:09:25 -05:00
Thomas Stromberg 4d626923cd
Add many new incident response queries 2023-02-23 09:35:38 -05:00
Thomas Stromberg bb3e1f964e
Run make reformat, update max rows for incident response 2023-02-02 17:58:19 -05:00
Thomas Stromberg 5ce1e5c9fa
Decrease number of rows returned by process_memory_map 2023-02-02 17:47:16 -05:00
Marnin 51b60f9569
Missing a ; 2022-10-20 14:16:17 -04:00
Thomas Stromberg 1c38ef430e
reformat SQL queries 2022-10-20 09:11:29 -04:00
Thomas Stromberg d8e91bac63
Add missing files 2022-10-19 16:56:43 -04:00
Thomas Stromberg ab94de7770
Add a lot more mitre data 2022-10-19 16:56:32 -04:00
Thomas Stromberg cee1710f74
Finish out the incident_response refactor 2022-10-19 16:19:53 -04:00
Thomas Stromberg 2b5ea76729
Apply 'npx sql-formatter -l sqlite' 2022-10-17 19:06:17 -04:00
Thomas Stromberg de51dcdfcb
Minor adjustments 2022-10-17 17:11:15 -04:00
Thomas Stromberg 20452b128b
Migrate query strings from double to single apostrophes 2022-10-13 14:59:32 -04:00
Thomas Stromberg e785c35614
v0.0.1 2022-10-13 09:11:17 -04:00