Commit Graph

23 Commits

Author SHA1 Message Date
Thomas Stromberg
800e4aa2cc
fpr: kind of everything 2023-12-15 17:10:06 -05:00
Thomas Stromberg
310e51d2a2
fpr: Capture One, Grammarly, Mullvad, etc 2023-12-08 17:12:27 -05:00
Thomas Stromberg
24c2baef28 Make process times broadly available, minor opts 2023-05-16 17:18:39 -04:00
Thomas Stromberg
824efa9705
fpr: yum, systemd, cloud-sql-proxy, image-automation-controller, helm, bom, aws 2023-03-14 19:00:44 -04:00
Thomas Stromberg
b3825ba2b9
fpr: Canon Universal Installer, melange, GPG, key names 2023-03-06 15:11:11 -05:00
Thomas Stromberg
f87541c945
False positive flush, particularly in talkers 2023-02-17 11:57:23 -05:00
Thomas Strömberg
eef833287a
Merge pull request #164 from NACHOSWITHCHEESE/fixing-macos-detection-compatibility
Modified detections explicitly targeted towards macOS to not include cgroup field
2023-02-08 20:54:45 -05:00
Thomas Stromberg
72326c3b5c
Massive reduction of false positives across the board 2023-02-08 20:06:26 -05:00
echunduri
e44dc167e9 Modified detections explicilty targeted towards macOS to not include cgroup_path fields anymore 2023-02-09 10:57:03 +11:00
Thomas Stromberg
bb3e1f964e
Run make reformat, update max rows for incident response 2023-02-02 17:58:19 -05:00
Thomas Stromberg
f9dce0a72d
Include more process information across queries 2023-02-01 13:55:55 -05:00
Thomas Stromberg
66ee3484c0
Remove unused active fields, add WhatsApp ioreg exception 2023-01-27 08:46:48 -05:00
Thomas Stromberg
f5fe9a4aac
Refactor process_events queries for more accurate parenting 2023-01-26 11:40:54 -05:00
Thomas Stromberg
f7c1557aee
fpr: libinput, kue, updatedb, mariadb, terraform 2023-01-23 08:13:04 -05:00
Thomas Stromberg
e6824d87e9
Run 'make reformat' 2023-01-20 09:24:24 -05:00
Thomas Stromberg
dc154a6199
FPR: Meta Pixel Helper, systemctl, pia-daemon, 1Passwd, iTerm, Brave 2023-01-20 09:04:00 -05:00
Thomas Stromberg
8e9ae0fda3
Less false positives: particularly among systemctl calls 2023-01-20 08:40:08 -05:00
Thomas Stromberg
ef5d8afdd0
False positives: homekit, setxid overflows, buildx, tmp files 2023-01-18 10:57:43 -05:00
Thomas Stromberg
7b79b19090
False positive reduction: Messenger, Chrome, Final Cut Pro, etc 2023-01-18 09:49:56 -05:00
Thomas Stromberg
09601ed3f0
Switch interval back to 300 2023-01-16 13:58:24 -05:00
Thomas Stromberg
42e9f2721b
FP removal: plymouth, 1Password, firejail, systemd 2023-01-16 13:55:53 -05:00
Thomas Stromberg
d415b36b57
FP removal: Selenium, PolKit helper, gephi, docker-credential-gcloud, firejail, etc 2023-01-16 12:56:39 -05:00
Thomas Stromberg
53bc99da88
new detector: unexpected xattr calls 2023-01-13 11:38:19 -05:00