osquery-defense-kit

mirror of https://github.com/chainguard-dev/osquery-defense-kit synced 2025-03-04 17:57:37 +00:00

Author	SHA1	Message	Date
Thomas Stromberg	47bb017183	Add /usr/local/lib/libmimalloc.so to allowed list of LD_PRELOAD	2022-11-10 11:20:58 -05:00
Thomas Stromberg	f1a3354495	Address false positives: nginx-ingress-controller, dbus, etc	2022-11-10 11:04:48 -05:00
Thomas Stromberg	9b99b0f657	tiny-executable-events: Add child hash & magic data, filter by regular	2022-11-09 09:14:10 -05:00
Thomas Stromberg	c9605d1c98	Add exceptions for terraform, hugo, macOS updates	2022-11-08 14:32:38 -05:00
Thomas Stromberg	748be4c251	Make all of ~/.% an exclusion	2022-11-08 14:22:12 -05:00
Thomas Stromberg	3dec23370c	More exclusions	2022-11-08 12:59:11 -05:00
Thomas Stromberg	f93a18d112	Refactor execdir, remove false positives	2022-11-07 20:36:37 -05:00
Thomas Stromberg	213e29afcc	Simplify macos-execdir, reduce false positives	2022-11-07 10:03:43 -05:00
Thomas Stromberg	cafe37af26	macOS: Add exceptions for SUSE/rancher and DHCP servers	2022-11-04 19:04:31 -04:00
Thomas Stromberg	0e4f49ce78	Allow more gcloud auth paths	2022-11-04 11:57:47 -04:00
Thomas Stromberg	4bf5be2960	Add exception for Wireshark usbmon	2022-11-04 11:52:52 -04:00
Thomas Stromberg	8f873cfd85	Add exception for Tailscale MagicDNS	2022-11-04 11:52:39 -04:00
Thomas Stromberg	8931530901	Populate the initial set of exceptions	2022-11-04 11:52:24 -04:00
Thomas Stromberg	a544ab1f7e	Add exception for vs-kubernetes, add child hash, fix time interval	2022-11-04 10:32:45 -04:00
Thomas Stromberg	87f727fc36	Add Python exception (signed by Ned Deily)	2022-11-04 10:22:35 -04:00
Thomas Stromberg	180efa23e0	Add karabiner_session_monitor exception	2022-11-04 09:57:41 -04:00
Thomas Stromberg	8de176d191	recently-created-executables: add missing comma	2022-11-04 09:12:38 -04:00
Thomas Strömberg	4aa32afc0d	Merge pull request #63 from tstromberg/hidden-home Add detections for hidden home configuration directories	2022-11-04 08:54:34 -04:00
Thomas Stromberg	d9fd2e9d7c	Add detections for hidden home Library directories	2022-11-04 08:51:17 -04:00
Thomas Stromberg	91f0d3e283	Add detections for hidden home configuration directories	2022-11-04 08:50:34 -04:00
Thomas Stromberg	b3fdde9ed7	Add PlayTo for Chromecast	2022-11-04 08:11:33 -04:00
Thomas Stromberg	a29ca8bc2c	jetbrains-toolbox can be owned by anyone	2022-11-04 08:08:43 -04:00
Thomas Stromberg	1790e7b114	Add spotify exception	2022-11-04 08:08:26 -04:00
Thomas Stromberg	35a2162bd7	Add /usr/share/spotify-client	2022-11-04 08:08:09 -04:00
Thomas Stromberg	d74f289c2c	Add snapd and spotify from /usr	2022-11-04 08:07:54 -04:00
Thomas Stromberg	d953cbd0c4	Allow executable tz files in the top-level zoneinfo dir	2022-11-04 08:07:34 -04:00
Thomas Stromberg	948eb2edda	Add tcp/3443 for chrome	2022-11-04 08:07:14 -04:00
Thomas Stromberg	44babb9288	Add exception for ko from a home directory	2022-11-04 08:05:59 -04:00
Thomas Stromberg	2dfc3860ef	Add pavucontrol and snapd	2022-11-03 16:05:07 -04:00
Thomas Stromberg	e650ab6abc	Add exception for Discord	2022-11-03 16:02:45 -04:00
Thomas Stromberg	f2a9e785fe	Refactor unexpected-execdir events for fewer false-positives	2022-11-03 16:00:19 -04:00
Thomas Stromberg	187aacf092	Add a melange build exclusion	2022-11-03 14:25:35 -04:00
Thomas Stromberg	fffff696a7	Ignore weird Logitech commands, and add grandparent process info	2022-11-03 14:25:13 -04:00
Thomas Stromberg	dbbe319d72	Ignore JSON files	2022-11-03 14:24:53 -04:00
Thomas Stromberg	baa38a5efb	Ignore /tmp/.DS_Store	2022-11-03 14:24:40 -04:00
Thomas Stromberg	e7e714c9db	Make another stab at reducing false positives across the map	2022-11-03 11:51:54 -04:00
Thomas Stromberg	bd8bd02bd3	empty environ mac: fix typo in authority field name	2022-11-01 07:20:57 -04:00
Thomas Stromberg	eb6851df7f	talkers-macos: Fix typo in protocol field name	2022-11-01 07:19:10 -04:00
Thomas Stromberg	4464254d62	False-positive updates: tailscale, snapd, WPILib, darkfiles	2022-11-01 07:15:10 -04:00
Thomas Stromberg	caab2a6c82	Loads of fresh new false-positives removal	2022-10-31 17:40:37 -04:00
Thomas Stromberg	3d75593c76	Add exceptions for Jetbrains/Delve, more for Steam	2022-10-30 12:00:43 -04:00
Thomas Stromberg	6e2f7059b5	Add exceptions for Steam on Linux	2022-10-30 10:19:33 -04:00
Thomas Stromberg	cf7b8dcbef	talkers/listeners: Add exceptions for Steam & Java	2022-10-30 10:05:40 -04:00
Thomas Stromberg	5b6a150f81	Address merge conflict	2022-10-30 09:44:25 -04:00
Thomas Stromberg	ee6c532577	Add exception for Twitter on Mac	2022-10-30 09:40:52 -04:00
Thomas Stromberg	1652037355	Add initial setuid env overflow detection	2022-10-30 09:40:31 -04:00
Thomas Stromberg	46ef9668d7	Add exception for 'go run'	2022-10-30 09:39:48 -04:00
Thomas Stromberg	889ad9a5fd	Add exception for whois	2022-10-30 09:39:10 -04:00
Thomas Strömberg	5021d24e23	Merge pull request #48 from tstromberg/oflow Add setxid-cmdline-overflow-attempt.sql	2022-10-29 19:59:53 -04:00
Thomas Stromberg	c1b7829797	Add setxid-cmdline-overflow-attempt.sql	2022-10-29 19:58:59 -04:00

1 2 3 4 5

217 Commits