Thomas Stromberg
|
481581c616
|
Launch day final cleanup
|
2022-09-22 19:35:24 -04:00 |
|
Thomas Stromberg
|
77ba879daa
|
Launch day fixes
|
2022-09-22 13:18:16 -04:00 |
|
Thomas Stromberg
|
b1e2a6251d
|
Add an events-based DNS traffic alert
|
2022-09-22 05:28:36 -04:00 |
|
Thomas Stromberg
|
37eca56cb5
|
More whitelisting
|
2022-09-22 05:18:03 -04:00 |
|
Thomas Stromberg
|
3dfda437ab
|
More tuning, quiet deaths
|
2022-09-21 13:34:10 -04:00 |
|
Thomas Stromberg
|
0c54748749
|
Add detector for mysterious DNS traffic
|
2022-09-21 13:30:44 -04:00 |
|
Thomas Stromberg
|
d4ea7d411e
|
Fix many broken queries
|
2022-09-21 10:30:17 -04:00 |
|
Thomas Stromberg
|
bd5b37b646
|
More tuning, more queries
|
2022-09-21 07:42:51 -04:00 |
|
Thomas Stromberg
|
ed90aba6e8
|
Linux: Whitelist /dev/tty%
|
2022-09-21 07:42:23 -04:00 |
|
Thomas Stromberg
|
e9c7c97858
|
Every day I'm tuning it
|
2022-09-20 21:56:01 -04:00 |
|
Thomas Stromberg
|
1965aaaab4
|
More Linux/macOS splits to get signature support
|
2022-09-20 17:46:47 -04:00 |
|
Thomas Stromberg
|
87f5608824
|
Add more data to privesc, rewrite systemd units
|
2022-09-20 09:47:52 -04:00 |
|
Thomas Stromberg
|
0ff3b09f18
|
Rewrite unexpected-listening-port, split Linux/macOS
|
2022-09-20 08:47:52 -04:00 |
|
Thomas Stromberg
|
2ed9d394d5
|
Rewrite sketchy events, remove some false positives
|
2022-09-20 08:16:06 -04:00 |
|
Thomas Stromberg
|
b75c7d5404
|
More tuning
|
2022-09-16 14:21:42 -04:00 |
|
Thomas Stromberg
|
f5696431c7
|
More filtering
|
2022-09-16 11:22:50 -04:00 |
|
Thomas Stromberg
|
0371505d75
|
More tuning
|
2022-09-15 15:34:59 -04:00 |
|
Thomas Stromberg
|
1065e8d9dc
|
More filtering of false positives
|
2022-09-15 11:28:50 -04:00 |
|
Thomas Stromberg
|
8ff5e914eb
|
More tuning
|
2022-09-15 09:34:45 -04:00 |
|
Thomas Stromberg
|
d0569425b7
|
More tuning
|
2022-09-14 10:51:56 -04:00 |
|
Thomas Stromberg
|
f54f2ee527
|
More false-positive removal
|
2022-09-14 07:54:39 -04:00 |
|
Thomas Stromberg
|
8e05e69465
|
whitelist more launchd entries
|
2022-09-13 21:25:04 -04:00 |
|
Thomas Stromberg
|
a512597ace
|
Lots of treats for the boys and girls
|
2022-09-13 20:46:04 -04:00 |
|
Thomas Stromberg
|
11d0d67f74
|
Add more modules
|
2022-09-13 05:36:18 -04:00 |
|
Thomas Stromberg
|
9810fe8e28
|
Detect unexpected modules and try our hand at exotic command access
|
2022-09-12 19:22:41 -04:00 |
|
Thomas Stromberg
|
197804e51b
|
More monday tuning
|
2022-09-12 18:25:18 -04:00 |
|
Thomas Stromberg
|
e919bdde9f
|
Add parent-missing-from-disk whitelists
|
2022-09-12 11:19:28 -04:00 |
|
Thomas Stromberg
|
868f1ff13b
|
Monday morning tuning
|
2022-09-12 11:17:51 -04:00 |
|
Thomas Stromberg
|
78b49a38b2
|
More tuning
|
2022-09-12 06:52:28 -04:00 |
|
Thomas Stromberg
|
6df0447760
|
More tuning, more scripts
|
2022-09-11 15:07:54 -04:00 |
|
Thomas Stromberg
|
58c8161d22
|
Add bpf detector
|
2022-09-10 15:14:46 -04:00 |
|
Thomas Stromberg
|
e5973acc25
|
Second weekend tuning
|
2022-09-10 13:10:54 -04:00 |
|
Thomas Stromberg
|
763b9eaed6
|
Add crontab query
|
2022-09-10 07:56:40 -04:00 |
|
Thomas Stromberg
|
7e210049bf
|
First weekend tuning
|
2022-09-10 07:24:17 -04:00 |
|
Thomas Stromberg
|
c6797e3496
|
Reorganize paths, tune queries a bit
|
2022-09-09 12:51:52 -04:00 |
|
Thomas Stromberg
|
dea818239f
|
More scripts
|
2022-09-09 10:16:28 -04:00 |
|
Thomas Stromberg
|
d7a549759b
|
More tuning
|
2022-09-08 20:50:15 -04:00 |
|
Thomas Stromberg
|
6ef95adf94
|
Revert "Remove duplicate chrome rules"
This reverts commit 78baa9fa00 .
|
2022-09-08 18:25:34 -04:00 |
|
Thomas Stromberg
|
78baa9fa00
|
Remove duplicate chrome rules
|
2022-09-08 18:24:12 -04:00 |
|
Thomas Stromberg
|
dc9de60252
|
More minor tuning
|
2022-09-08 18:23:28 -04:00 |
|
Thomas Stromberg
|
5eab5c51a8
|
Just about done
|
2022-09-08 17:58:56 -04:00 |
|
Thomas Stromberg
|
b4dac11ceb
|
More tuning
|
2022-09-08 14:20:42 -04:00 |
|
Thomas Stromberg
|
cbaf2f989c
|
Query reorganization
|
2022-09-08 09:53:43 -04:00 |
|
Thomas Stromberg
|
ba7755640a
|
Add more queries: preload, setuid, shell parents
|
2022-09-06 22:08:41 -04:00 |
|
Thomas Stromberg
|
7f85b5be90
|
More tuning
|
2022-09-06 22:08:17 -04:00 |
|
Thomas Stromberg
|
caa6bb43ed
|
Add more things
|
2022-09-02 15:04:34 -04:00 |
|
Thomas Stromberg
|
bceacd1572
|
More updates
|
2022-09-02 12:56:31 -04:00 |
|
Thomas Stromberg
|
c2c36e7f24
|
Add /Library/Apple for XProtect
|
2022-09-02 11:17:06 -04:00 |
|
Thomas Stromberg
|
4c2479b79f
|
Add electron/kolide-pipeline
|
2022-09-02 11:16:47 -04:00 |
|
Thomas Stromberg
|
43b2346c22
|
Add configd dhcpv6-client
|
2022-09-02 11:16:32 -04:00 |
|