osquery-defense-kit

mirror of https://github.com/chainguard-dev/osquery-defense-kit synced 2025-01-25 23:02:44 +00:00

Author	SHA1	Message	Date
Thomas Stromberg	35433beb05	false positive: Minecraft	2023-06-09 07:28:05 -04:00
Thomas Strömberg	bdecfa4996	Merge pull request #278 from tstromberg/multipass launchd: Add Canonical exception	2023-06-09 07:17:22 -04:00
Thomas Stromberg	6adc121c4d	launchd: Add Canonical exception	2023-06-09 07:15:24 -04:00
Thomas Strömberg	b8d3eee979	Merge pull request #277 from tstromberg/hidden-provisio hidden executable: Add provisio exception	2023-06-09 07:14:16 -04:00
Thomas Stromberg	d5c6233716	hidden executable: Add provisio exception	2023-06-09 07:12:16 -04:00
Thomas Strömberg	d08fdd38b2	Merge pull request #276 from tstromberg/faster-sockets minimal socket client: speed query up	2023-06-08 20:46:49 -04:00
Thomas Stromberg	cae042cbe5	minimal socket client: speed query up	2023-06-08 20:44:08 -04:00
Thomas Strömberg	e16a74cdc3	Merge pull request #275 from tstromberg/fpr-jun8 Add exceptions for common hidden directories	2023-06-08 20:28:48 -04:00
Thomas Stromberg	9851aaa192	Add exceptions for common hidden directories	2023-06-08 20:27:01 -04:00
Thomas Strömberg	a96670dfc3	Merge pull request #274 from tstromberg/fpr-jun8 Massive false-positive reduction across queries	2023-06-08 18:30:17 -04:00
Thomas Stromberg	937bcabfec	Remove extra file	2023-06-08 18:27:46 -04:00
Thomas Stromberg	ff2ab95431	Remove file sizes from systemd exception key	2023-06-08 18:26:57 -04:00
Thomas Strömberg	06b95a57b3	Merge pull request #272 from tstromberg/unattended Add unattended-upgrades.pid (Ubuntu)	2023-06-07 15:19:58 -04:00
Thomas Strömberg	d6db5838d5	Merge pull request #273 from tstromberg/more-hidden hidden home config: Add ~/.config/.* to search criteria	2023-06-07 15:19:51 -04:00
Thomas Stromberg	7a61b5eced	Add ~/.config/.* to search criteria	2023-06-07 15:15:02 -04:00
Thomas Stromberg	404b7125f7	Add unattended-upgrades.pid (Ubuntu	2023-06-07 15:14:09 -04:00
Thomas Strömberg	cd8ec86341	Merge pull request #271 from tstromberg/fpr-jun2 fpr: macOS, Signal, Creative Labs, node, Ubuntu, Google Earth, xfce4	2023-06-07 09:58:46 -04:00
Thomas Stromberg	c8760e0ae1	fpr: macOS, Signal, Creative Labs, node, etc	2023-06-07 09:55:17 -04:00
Thomas Stromberg	91983a000a	Merge branch 'main' into fpr-jun2	2023-06-07 08:58:08 -04:00
Thomas Stromberg	349ff58fb2	fpr: xfce4, Google Earth, Ubuntu	2023-06-07 08:58:02 -04:00
Thomas Strömberg	b6443b06c1	Merge pull request #270 from tstromberg/fpr-jun2 fpr: multipass, go, macOS, Ubuntu, Opera, git, ko	2023-06-02 19:24:51 -04:00
Thomas Stromberg	1c3d461392	Add lock exception for pipewire	2023-06-02 19:22:26 -04:00
Thomas Stromberg	066c88dc18	fpr: multipass, go, macOS, Ubuntu, Opera, git, ko	2023-06-02 19:08:08 -04:00
Thomas Strömberg	bda533eb9f	Merge pull request #269 from tstromberg/gdrive New queries: excessive Google Drive exports	2023-06-02 18:09:50 -04:00
Thomas Stromberg	37ce71b94f	Decrease download limits to begin with	2023-06-02 18:03:44 -04:00
Thomas Stromberg	c2ce0ce7d7	New queries: excessive Google Drive exports	2023-06-02 18:01:10 -04:00
Thomas Strömberg	eba289f996	Merge pull request #268 from tstromberg/fpr-jun1 fpr: FleetDM, Edge, VSCode, dnf, Steam, etc	2023-06-01 11:54:12 -04:00
Thomas Stromberg	9575d18bc2	fpr: FleetDM, Edge, VSCode, dnf, Steam, etc	2023-06-01 11:52:20 -04:00
Thomas Strömberg	13c498aedc	Merge pull request #267 from tstromberg/fpr-may23 Fix missing apostrophe	2023-05-23 11:56:42 -04:00
Thomas Stromberg	7446b55120	Fix missing apostrophe	2023-05-23 11:55:11 -04:00
Thomas Strömberg	3ed6d6271f	Merge pull request #266 from tstromberg/fpr-may23 fpr: macOS, yubikey, Premiere, dnf, vagrant, etc	2023-05-23 11:35:38 -04:00
Thomas Stromberg	4831794034	Rename from missing-parent	2023-05-23 11:31:58 -04:00
Thomas Stromberg	111c15e20b	fpr: macOS, yubikey, Premiere, dnf, vagrant, etc	2023-05-23 11:31:37 -04:00
Thomas Strömberg	82134447fa	Merge pull request #265 from tstromberg/fpr-may17 fpr: Parallels, Stream Deck, tflint, gitstatus, snyk	2023-05-17 17:58:27 -04:00
Thomas Stromberg	56ede74c54	fpr: Parallels, Stream Deck, tflint, gitstatus, snyk	2023-05-17 17:52:55 -04:00
Thomas Strömberg	0f94e56abc	Merge pull request #264 from tstromberg/geacon1p Query tuning for Geacon detection and reduced CPU usage	2023-05-17 13:26:46 -04:00
Thomas Stromberg	d9d6a836a7	Update minimal socket exceptions to not rely signatures	2023-05-17 13:21:29 -04:00
Thomas Stromberg	c6eec0ee17	Query tuning after Geacon testing	2023-05-17 10:54:16 -04:00
Thomas Strömberg	96fd9e7729	Merge pull request #263 from tstromberg/times3 Make process times broadly available, minor opts	2023-05-16 20:11:16 -04:00
Thomas Stromberg	24c2baef28	Make process times broadly available, minor opts	2023-05-16 17:18:39 -04:00
Thomas Strömberg	fb77f0a811	Merge pull request #262 from tstromberg/bpfdoor-2023 Improve detection for bpfdoor and similar backdoors.	2023-05-16 16:32:35 -04:00
Thomas Stromberg	7f86db5521	Improve detection for bpfdoor and similar backdoors.	2023-05-16 16:31:31 -04:00
Thomas Strömberg	5ca54e89b7	Merge pull request #261 from tstromberg/fpr-may15 fpr: Kolide, macOS, nvidia, neko	2023-05-16 10:31:59 -04:00
Thomas Stromberg	93f2f2baf4	Fix comma placement	2023-05-16 10:31:46 -04:00
Thomas Stromberg	d5a94b21d1	fpr: Kolide, macOS, nvidia, neko	2023-05-16 10:28:19 -04:00
Thomas Strömberg	94947a252f	Merge pull request #260 from tstromberg/fpr-may11 fpr: Chrome, Kolide	2023-05-12 16:43:23 -04:00
Thomas Stromberg	9c87838b9f	fpr: Chrome, Kolide	2023-05-12 16:41:17 -04:00
Thomas Strömberg	a05089b897	Merge pull request #259 from tstromberg/fpr-may11 Collect recent file events	2023-05-12 16:37:29 -04:00
Thomas Stromberg	64d482abcd	Collect recent file events	2023-05-12 16:35:00 -04:00
Thomas Strömberg	abba247124	Merge pull request #258 from tstromberg/fpr-may11 incident_response: Improve macOS coverage	2023-05-12 16:28:45 -04:00

... 2 3 4 5 6 ...

1086 Commits