osquery-defense-kit

mirror of https://github.com/chainguard-dev/osquery-defense-kit synced 2025-02-17 18:07:10 +00:00

Author	SHA1	Message	Date
Thomas Stromberg	41d83350a1	make reformat	2023-05-08 13:20:47 -04:00
Thomas Stromberg	9eed574026	fpr: sharingd, sparkle, golang, Snagit	2023-05-05 15:10:54 -04:00
Thomas Stromberg	272711ae7a	fpr: node, nc, busybox, libvirt, etc	2023-05-05 12:44:46 -04:00
Thomas Stromberg	0202e87b73	fpr: libopenblas, snapd, k3d, opera, nix, ssh, cargo, adobe installer	2023-05-03 16:28:00 -04:00
Thomas Stromberg	76cf1006c6	fpr: microbit, i3, Grammarly for Safari, wine	2023-05-02 17:49:53 -04:00
Thomas Stromberg	47124daa01	fpr: RetailMeNot, LogiTune, macOS, mediawriter, etc	2023-05-02 15:25:36 -04:00
Thomas Stromberg	02337c28f0	fpr: cleanup and new additions	2023-04-27 12:00:08 -04:00
Thomas Stromberg	ed772cb369	Filter out targets, add more entries	2023-04-27 11:59:02 -04:00
Thomas Stromberg	df925eaa6c	fpr: lghub, brew, pve, chrome exts, etc	2023-04-20 20:45:35 -04:00
Thomas Stromberg	9c3f783491	fpr everything	2023-04-17 16:20:35 -04:00
Thomas Stromberg	d4dd423745	fpr: Grammarly, semodule, docker-compose, xdg, etc	2023-03-30 18:44:01 -04:00
Thomas Stromberg	98e502b039	fpr: add new containerd systemd file	2023-03-28 16:31:02 -04:00
Thomas Stromberg	9b0ed09c8e	fpr: xdg, docker, dbus, bpfilter_umh, docker, spotify, mage	2023-03-28 16:25:26 -04:00
Thomas Stromberg	fbab3701c0	fpr: Docker, Zwift, macOS updates, etc	2023-03-20 17:05:02 -04:00
Thomas Stromberg	13a95a4f41	Add exceptions for Kandji	2023-03-17 15:46:00 -04:00
Thomas Stromberg	7ceb7b2b19	fpr: NetworkManager, packer, rancher desktop, proxmox, sd	2023-03-17 06:32:54 -04:00
Thomas Stromberg	6473469e72	revert euid change in exception key	2023-03-16 17:31:31 -04:00
Thomas Stromberg	fbc2b207b4	fpr: Signal, apko, aws, melange, dash, stern	2023-03-16 17:29:11 -04:00
Thomas Stromberg	824efa9705	fpr: yum, systemd, cloud-sql-proxy, image-automation-controller, helm, bom, aws	2023-03-14 19:00:44 -04:00
Thomas Stromberg	09652bd91f	fpr: SA keys, libgtop, haproxy, gvproxy, slirp	2023-03-14 16:05:16 -04:00
Thomas Stromberg	b3825ba2b9	fpr: Canon Universal Installer, melange, GPG, key names	2023-03-06 15:11:11 -05:00
Thomas Stromberg	89439e7959	Merge to head	2023-03-04 13:21:42 -05:00
Thomas Stromberg	83de333882	Add dhclient uid0 exception, as appears in Debian	2023-03-04 13:20:26 -05:00
Thomas Stromberg	f25cfe1399	fpr: aws-sdk, melange, Tailscale, Xprotect, etc	2023-03-03 07:24:42 -05:00
Thomas Stromberg	fb7cd56249	fpr: abrt-dbus, gdm, chrome, ff, etc	2023-02-24 16:30:17 -05:00
Thomas Stromberg	995c1e1104	Fixes so that ODK can run under CI	2023-02-24 12:15:56 -05:00
Thomas Stromberg	a7c2ef97e1	Add detectors for the reveng_rtkit rootkit	2023-02-23 17:05:11 -05:00
Thomas Stromberg	d253820cf2	Debian: add dhclient and unattended-upgr	2023-02-23 10:35:26 -05:00
Thomas Stromberg	d904ca60cf	Add exceptions for Debian running under lima	2023-02-23 10:33:10 -05:00
Thomas Stromberg	3a4e0450a6	Uncomment remaining columns	2023-02-20 19:11:23 -05:00
Thomas Stromberg	d3780c0a6c	Remove ubuntu-lts false-positives on lima	2023-02-20 19:10:12 -05:00
Thomas Stromberg	82de4c9c2a	systemd units: increase size bucket from 100 to 225	2023-02-20 13:10:07 -05:00
Ian Brown	74114dd34e	Swap like for equal Signed-off-by: Ian Brown <ian@zestysoft.com>	2023-02-18 16:11:35 -08:00
Ian Brown	551d7dbb8c	fpr: Fujitsu, vmware, objective-see, paragon, etc Signed-off-by: Ian Brown <ian@zestysoft.com>	2023-02-18 12:02:40 -08:00
Thomas Stromberg	f87541c945	False positive flush, particularly in talkers	2023-02-17 11:57:23 -05:00
Thomas Stromberg	ec675bfb8d	New detector: unexpected ssh-authorized-keys	2023-02-14 20:36:27 -05:00
Thomas Stromberg	cf858d193d	fpr: ACE, Prusa, steam, pacman, Xcode, Adobe	2023-02-14 20:16:02 -05:00
Thomas Stromberg	8d4531198f	fpr: My ORA, Ecamm, setroubleshootd, etc	2023-02-14 19:46:36 -05:00
Thomas Stromberg	d897f0b50d	fpr: Nessus, mysql-shell, ntia-checker, Ecamm, CopyClip, etc	2023-02-14 08:33:05 -05:00
Thomas Stromberg	99f8793169	Remove com.docker.backend (macOS specific)	2023-02-10 10:32:14 -05:00
Thomas Stromberg	e8d86af906	Make sure caddy & kubectl are in the wider listening range	2023-02-10 10:31:19 -05:00
Thomas Stromberg	4f4ae0ed38	False positive removal and minor query perf improvements	2023-02-10 10:21:06 -05:00
Thomas Stromberg	593991adb8	Purge observed false positives	2023-02-09 17:54:41 -05:00
Thomas Stromberg	a8ed058d4d	Query performance improvements, add pids, decrease frequency	2023-02-09 17:01:29 -05:00
Thomas Stromberg	72326c3b5c	Massive reduction of false positives across the board	2023-02-08 20:06:26 -05:00
Thomas Stromberg	e57f03b89f	fpr: Opera, TextExpander, socket_vmnet, elive, etc	2023-02-08 15:12:10 -05:00
Thomas Stromberg	5274198687	Add exceptions for socket_vmnet and pnpd	2023-02-08 14:44:22 -05:00
Thomas Stromberg	2634e9d45b	Monday morning false-positive purge	2023-02-08 14:37:09 -05:00
Thomas Stromberg	d302a9ff55	Purge false positives, again and again	2023-02-02 21:46:53 -05:00
Thomas Stromberg	2bdb9f2f3e	Add more macOS software authorities	2023-02-02 20:53:22 -05:00

1 2 3

135 Commits