RepoMirrors/osquery-defense-kit
1
0
Fork 0
mirror of https://github.com/chainguard-dev/osquery-defense-kit synced 2025-03-02 17:00:33 +00:00
Code Issues Packages Projects Releases Wiki Activity
359 Commits 1 Branch 31 Tags 7.4 MiB
44babb9288
Commit Graph

359 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Thomas Stromberg
44babb9288
Add exception for ko from a home directory 2022-11-04 08:05:59 -04:00
Thomas Strömberg
a8c020ff30
Merge pull request #61 from tstromberg/fp45 
Add pavucontrol and snapd
 2022-11-03 16:06:18 -04:00
Thomas Stromberg
2dfc3860ef
Add pavucontrol and snapd 2022-11-03 16:05:07 -04:00
Thomas Strömberg
2ad67759bc
Merge pull request #60 from tstromberg/fp45 
Add exception for Discord
 2022-11-03 16:03:22 -04:00
Thomas Stromberg
e650ab6abc
Add exception for Discord 2022-11-03 16:02:45 -04:00
Thomas Strömberg
1e2675e8c2
Merge pull request #59 from tstromberg/fp45 
Refactor unexpected-execdir-macos-* for fewer false-positives
 2022-11-03 16:01:17 -04:00
Thomas Stromberg
f2a9e785fe
Refactor unexpected-execdir events for fewer false-positives 2022-11-03 16:00:19 -04:00
Thomas Strömberg
1049d36ab6
Merge pull request #58 from tstromberg/fp45 
New exclsuions: /tmp/.DS_Store, JSON files, LogiTune weirdness, melange build
 2022-11-03 14:26:22 -04:00
Thomas Stromberg
187aacf092
Add a melange build exclusion 2022-11-03 14:25:35 -04:00
Thomas Stromberg
fffff696a7
Ignore weird Logitech commands, and add grandparent process info 2022-11-03 14:25:13 -04:00
Thomas Stromberg
dbbe319d72
Ignore JSON files 2022-11-03 14:24:53 -04:00
Thomas Stromberg
baa38a5efb
Ignore /tmp/.DS_Store 2022-11-03 14:24:40 -04:00
Thomas Strömberg
cf3cc1f698
Mention Windows specifically. 2022-11-03 12:31:25 -04:00
Thomas Strömberg
2da4b99781
Merge pull request #57 from tstromberg/fp45 
Make another stab at reducing false positives across the map
 2022-11-03 11:52:31 -04:00
Thomas Stromberg
e7e714c9db
Make another stab at reducing false positives across the map 2022-11-03 11:51:54 -04:00
Thomas Strömberg
065d358a8b
Merge pull request #56 from tstromberg/fp44 
empty environ mac: fix typo in authority field name
 2022-11-01 07:21:40 -04:00
Thomas Stromberg
bd8bd02bd3
empty environ mac: fix typo in authority field name 2022-11-01 07:20:57 -04:00
Thomas Strömberg
bdd13408bb
Merge pull request #55 from tstromberg/fp44 
talkers-macos: Fix typo in protocol field name
 2022-11-01 07:20:29 -04:00
Thomas Stromberg
eb6851df7f
talkers-macos: Fix typo in protocol field name 2022-11-01 07:19:10 -04:00
Thomas Strömberg
b262708555
Merge pull request #54 from tstromberg/fp44 
False-positive updates: tailscale, snapd, WPILib, darkfiles
 2022-11-01 07:15:50 -04:00
Thomas Stromberg
4464254d62
False-positive updates: tailscale, snapd, WPILib, darkfiles 2022-11-01 07:15:10 -04:00
Thomas Strömberg
eee571888b
Merge pull request #53 from tstromberg/fp44 
Loads of fresh new false-positives removal
 2022-10-31 17:41:08 -04:00
Thomas Stromberg
caab2a6c82
Loads of fresh new false-positives removal 2022-10-31 17:40:37 -04:00
Thomas Strömberg
3a6b152ab8
Merge pull request #52 from tstromberg/fp44 
Add exceptions for Jetbrains/Delve, more for Steam
 2022-10-30 12:01:22 -04:00
Thomas Stromberg
3d75593c76
Add exceptions for Jetbrains/Delve, more for Steam 2022-10-30 12:00:43 -04:00
Thomas Strömberg
1543793f3b
Merge pull request #51 from tstromberg/oflow 
Add exceptions for Steam on Linux
 2022-10-30 10:19:56 -04:00
Thomas Stromberg
6e2f7059b5
Add exceptions for Steam on Linux 2022-10-30 10:19:33 -04:00
Thomas Strömberg
cc6ee777c2
Merge pull request #50 from tstromberg/oflow 
talkers/listeners: Add exceptions for Steam & Java
 2022-10-30 10:06:30 -04:00
Thomas Stromberg
cf7b8dcbef
talkers/listeners: Add exceptions for Steam & Java 2022-10-30 10:05:40 -04:00
Thomas Strömberg
05350bbd0e
Merge pull request #49 from tstromberg/oflow 
More exceptions (whois, go run) + setuid env overflow detection
 2022-10-30 09:45:50 -04:00
Thomas Stromberg
5b6a150f81
Address merge conflict 2022-10-30 09:44:25 -04:00
Thomas Stromberg
ee6c532577
Add exception for Twitter on Mac 2022-10-30 09:40:52 -04:00
Thomas Stromberg
1652037355
Add initial setuid env overflow detection 2022-10-30 09:40:31 -04:00
Thomas Stromberg
46ef9668d7
Add exception for 'go run' 2022-10-30 09:39:48 -04:00
Thomas Stromberg
889ad9a5fd
Add exception for whois 2022-10-30 09:39:10 -04:00
Thomas Strömberg
5021d24e23
Merge pull request #48 from tstromberg/oflow 
Add setxid-cmdline-overflow-attempt.sql
 2022-10-29 19:59:53 -04:00
Thomas Stromberg
c1b7829797
Add setxid-cmdline-overflow-attempt.sql 2022-10-29 19:58:59 -04:00
Thomas Strömberg
c7f5a23fad
Merge pull request #47 from tstromberg/fp 
talkrs/empty environ: Filter out more Electron apps
 2022-10-29 19:57:03 -04:00
Thomas Stromberg
b74b07af8e
Filter out more Electron apps 2022-10-29 19:56:27 -04:00
Thomas Strömberg
79c8136aad
Merge pull request #46 from tstromberg/fp 
Add 'garmin_gps' kernel module into expectation list
 2022-10-29 14:14:05 -04:00
Thomas Stromberg
ecc8a89ed4
Add 'garmin_gps' kernel module 2022-10-29 14:13:16 -04:00
Thomas Strömberg
635712dc68
Merge pull request #45 from tstromberg/fp 
Add exceptions for zellij & warp
 2022-10-29 14:12:12 -04:00
Thomas Stromberg
066d8aec1d
Add exceptions for zellij & warp 2022-10-29 14:11:33 -04:00
Thomas Strömberg
62b4e2bd9b
Merge pull request #44 from tstromberg/exotic-rm 
exotic cmdline macos: Exclude locatedb updates
 2022-10-29 12:12:20 -04:00
Thomas Stromberg
81b97536e9
Exclude locatedb updates 2022-10-29 12:11:46 -04:00
Thomas Strömberg
0c0a38df44
Merge pull request #43 from tstromberg/bwrap-empty 
empty environ: add exception for bwrap
 2022-10-29 11:53:46 -04:00
Thomas Stromberg
d869ff2197
empty environ: add exception for bwrap 2022-10-29 11:53:05 -04:00
Thomas Strömberg
dca4ece9fc
Merge pull request #42 from tstromberg/fpos 
KubeCon 2022 False-Positive Cleanup for macOS/Linux
 2022-10-29 11:47:25 -04:00
Thomas Stromberg
576dfb5ed6
Add Cloud SDK exception 2022-10-29 11:44:29 -04:00
Thomas Stromberg
1f57719345
Add GPGTools exception 2022-10-29 11:44:13 -04:00