RepoMirrors/osquery-defense-kit
1
0
Fork 0
mirror of https://github.com/chainguard-dev/osquery-defense-kit synced 2025-01-10 07:39:26 +00:00
Code Issues Packages Projects Releases Wiki Activity
462 Commits 1 Branch 31 Tags 6.1 MiB
49a19a6fd5
Commit Graph

462 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Thomas Strömberg
dca4ece9fc
Merge pull request #42 from tstromberg/fpos 
KubeCon 2022 False-Positive Cleanup for macOS/Linux
 2022-10-29 11:47:25 -04:00
Thomas Stromberg
576dfb5ed6
Add Cloud SDK exception 2022-10-29 11:44:29 -04:00
Thomas Stromberg
1f57719345
Add GPGTools exception 2022-10-29 11:44:13 -04:00
Thomas Stromberg
1c2d605bb0
Include osacompile 2022-10-29 11:43:58 -04:00
Thomas Stromberg
3ac2f07708
Merge branch 'main' into fpos 2022-10-28 19:24:12 -04:00
Thomas Stromberg
6c78695b73
Final KubeCon 2022 false-positive cleanup 2022-10-28 19:24:00 -04:00
Thomas Strömberg
d5c7352344
Merge pull request #41 from tstromberg/fpos 
Reduce in-the-wild false positives, improve performance
 2022-10-28 16:11:58 -04:00
Thomas Stromberg
897c96bd33
Remove more in-the-wild false positives 2022-10-27 16:55:00 -04:00
Thomas Stromberg
4a25a0c410
Improve perforance by re-ordering JOIN's 2022-10-27 16:54:41 -04:00
Thomas Strömberg
208383ccd6
Merge pull request #40 from tstromberg/webmail 
webmail: Add .jfif exception, remove exceptions for .bz2, .gz, .tar, .zstd
 2022-10-27 16:28:14 -04:00
Thomas Stromberg
5bbde18759
webmail: Add JFIF, remove BZ2, TAR, GZ from expectations list 2022-10-27 16:26:43 -04:00
Thomas Strömberg
d7e946f80e
Merge pull request #39 from tstromberg/more-fixes 
Rewrite process_envs queries for faster performance
 2022-10-27 15:42:03 -04:00
Thomas Stromberg
22da8cce66
Rewrite process_envs queries for faster performance 2022-10-27 11:26:35 -04:00
Thomas Strömberg
e2dd9bb528
Merge pull request #38 from tstromberg/more-fixes 
Large scrub of false-positives on macOS/Linux
 2022-10-27 10:57:14 -04:00
Thomas Stromberg
ffbc65697f
Add exception for /usr/bin/bash 2022-10-27 10:41:14 -04:00
Thomas Stromberg
5da942402b
Add an exception for dnf on port 80 2022-10-27 10:38:26 -04:00
Thomas Stromberg
a00af6c1fa
Merge another day worth of false positives 2022-10-27 10:23:15 -04:00
Thomas Strömberg
aa4c6ce411
Merge pull request #36 from tstromberg/false-purge-day2 
detection: Reduce Linux desktop false positives
 2022-10-25 21:31:58 -04:00
Thomas Stromberg
ff7cb5f00f
Address merge conflict 2022-10-25 21:31:32 -04:00
Thomas Strömberg
d44b91b41c
Merge pull request #35 from tstromberg/osascript-alfred 
osascript: Pull parent events data, Add Alfred exclusion
 2022-10-25 21:28:09 -04:00
Thomas Stromberg
239df4ea1f
Reduce more false positives found on macOS and Linux 2022-10-25 21:27:41 -04:00
Thomas Stromberg
23351973ea
detection: Reduce Linux desktop false positives 2022-10-25 11:39:51 -04:00
Thomas Stromberg
e6a24545c2
Add update-notifier -> pkexec exception 2022-10-25 09:20:18 -04:00
Thomas Stromberg
058e74bca9
Merge to head 2022-10-24 14:45:49 -04:00
Thomas Stromberg
7d5503373b
Add Alfred exclusion, fix Zoom exclusion 2022-10-24 14:40:51 -04:00
Thomas Strömberg
159c864e58
Merge pull request #34 from tstromberg/zoom-exc 
osascript: Add exception for Zoom controller
 2022-10-24 13:58:57 -04:00
Thomas Stromberg
04409029cb
Add exception for Zoom controller 2022-10-24 11:28:26 -04:00
Thomas Strömberg
6cfd5a548e
Merge pull request #30 from tstromberg/etc-hosts 
Ignore /etc/hosts records pointing to 127.x.x.x
 2022-10-24 11:11:55 -04:00
Thomas Strömberg
50f4c3d452
Merge pull request #31 from tstromberg/talkers-ff 
Add exception for firefox-wrapper on port 80
 2022-10-24 11:11:13 -04:00
Thomas Strömberg
d6e70ebcc3
Merge pull request #32 from tstromberg/osascript 
osascript: Add parent signing information
 2022-10-24 11:10:59 -04:00
Thomas Strömberg
ed84a59a66
Merge pull request #33 from tstromberg/recent-updates 
CloudNativeSecurityCon Day 1 False-Positive Cleanup
 2022-10-24 11:10:42 -04:00
Thomas Stromberg
17f77468f4
Add coreduetd exception 2022-10-24 11:09:21 -04:00
Thomas Stromberg
2f7e76d23c
Add exception for User-Agent Switcher 2022-10-24 11:09:07 -04:00
Thomas Stromberg
2578d0ab8a
Add exceptions for Chrome subprocesses 2022-10-24 11:08:28 -04:00
Thomas Stromberg
43d143e640
Add GitKraken QUIC exception 2022-10-24 11:07:39 -04:00
Thomas Stromberg
e1e6662345
Add exceptions for java, yay 2022-10-24 11:07:20 -04:00
Thomas Stromberg
5d4d8ff5c0
Add exceptions for java, yay 2022-10-24 11:06:46 -04:00
Thomas Stromberg
a7c26908db
osascript: Add parent signing information 2022-10-24 10:06:22 -04:00
Thomas Stromberg
e9ad2660a2
Address merge conflict 2022-10-24 10:04:26 -04:00
Thomas Strömberg
7db5a93273
Merge pull request #29 from tstromberg/reformat3 
noop: Run 'make reformat' on exotic-commands
 2022-10-24 10:02:15 -04:00
Thomas Stromberg
f0617d5ee2
unexpected-osascript: Include signature data 2022-10-24 10:00:58 -04:00
Thomas Stromberg
cfed94d0d9
Add exception for firefox-wrapper on port 80 2022-10-21 18:15:41 -04:00
Thomas Stromberg
5ebe05daf7
Ignore any /etc/hosts pointing to 127.x.x.x 2022-10-21 17:49:12 -04:00
Thomas Strömberg
e643bf4ab0
Merge pull request #28 from tstromberg/false-positives-again2 
linux talkers: Add another firefox & chainctl exception
 2022-10-21 17:46:40 -04:00
Thomas Strömberg
b10b6d1cbf
Merge pull request #27 from tstromberg/osascript 
Fix broken osascript script, move duplicate check out of exotic
 2022-10-21 17:46:28 -04:00
Thomas Stromberg
f305aae1ca
noop: Run 'make reformat' 2022-10-21 17:45:43 -04:00
Thomas Stromberg
7d3590f9a1
Add another firefox & chainctl exception 2022-10-21 17:44:53 -04:00
Thomas Stromberg
8516aec8c3
Fix broken osascript script, move duplicate check out of exotic 2022-10-21 17:42:44 -04:00
Thomas Strömberg
9351a6cd5b
Merge pull request #26 from tstromberg/bugfixes 
Fix incorrect table joins, incorrect platform names, and apply SQL formatting
 2022-10-21 17:41:30 -04:00
Thomas Stromberg
13d10c6af1
Add spacing (sqlformat) 2022-10-21 17:39:53 -04:00