RepoMirrors/osquery-defense-kit
1
0
Fork 0
mirror of https://github.com/chainguard-dev/osquery-defense-kit synced 2025-02-17 18:07:10 +00:00
Code Issues Packages Projects Releases Wiki Activity
1,306 Commits 1 Branch 31 Tags 6.9 MiB
4c4423a474
Commit Graph

174 Commits

Author SHA1 Message Date
Thomas Stromberg
71096ba4c7
fpr: mc, colima, webfilterproxyd, headlamp, record it, etc 2024-11-13 16:34:12 -05:00
egibs
b121d1f96c
More exceptions to cut down on alert noise 
Signed-off-by: egibs <20933572+egibs@users.noreply.github.com>
 2024-10-31 15:47:35 -05:00
egibs
e487aac574
Add exceptions for apache2, ChatGPT, and Discord among others 
Signed-off-by: egibs <20933572+egibs@users.noreply.github.com>
 2024-10-30 08:10:07 -05:00
egibs
9a95064139
Add exceptions for Xcode, Zen browser, Hugo, Krew, and more 
Signed-off-by: egibs <20933572+egibs@users.noreply.github.com>
 2024-10-29 12:18:07 -05:00
Thomas Stromberg
1c17532ae8
fpr: kubectl, zoom, /opt, chrome, Autodesk Fusion 2024-10-25 11:29:40 -04:00
Thomas Stromberg
14a9098a9a
widen query scope 2024-10-16 09:32:00 -04:00
Thomas Stromberg
71282a0a62
Relax checks enough to pass tests 2024-10-11 10:38:07 -04:00
Thomas Stromberg
9a1a4b049e
fpr: prosoft, ujust, kandji-library-manager, etc 2024-09-26 12:40:04 -04:00
Thomas Strömberg
a6c38daf2d
Merge pull request #388 from tstromberg/net-events 
Add events and extra tags to relevant event-based queries
 2024-09-24 15:53:07 -04:00
Thomas Stromberg
6aab8fdfb6
Add events and extra tags to relevant event-based queries 2024-09-24 15:36:03 -04:00
Thomas Stromberg
8d583131ca
fpr: cups, zed, pycharm, msedge, surfshark, ubiquiti 2024-09-24 15:10:21 -04:00
Thomas Stromberg
b85b9d550f
fix more linux quirks 2024-09-23 11:18:40 -04:00
Thomas Stromberg
47401947d5
fix verify errors 2024-09-23 11:10:05 -04:00
Thomas Stromberg
4d0a9fd533
fpr: sequoia, osquery, cups, atops, transmission, etc 2024-09-23 11:07:53 -04:00
Thomas Stromberg
b976189cf3
run 'make reformat' 2024-08-27 18:45:06 -04:00
Thomas Stromberg
4b10d10520
False-positives be damned 2024-08-27 18:40:43 -04:00
Thomas Strömberg
7f6078e233
Merge pull request #381 from tstromberg/packed 
new detection: recently downloaded files which have been packed
 2024-08-26 16:10:09 -04:00
Thomas Stromberg
695b403b4b
Detect recently downloaded files which have been packed 2024-08-26 15:03:25 -04:00
Thomas Stromberg
1facce21f2
fpr: syft, krunner, k9s, espeak, chainctl, supermaven 2024-08-12 13:57:35 -04:00
Thomas Stromberg
00a9f6450b
fpr: sddm-helper, smartd, Xorg, elastic, WebEx, BambuStudio, keepass, etc 2024-07-26 13:26:37 -04:00
Thomas Stromberg
6c292f11af
fpr: kas, bitnami, redis, bincapz, kolide, docker, whatsapp 2024-07-12 16:55:49 -04:00
Thomas Stromberg
4df51743d0
fpr: lima, rpm-ostree, gitsign, kde, python, etc 2024-07-01 21:56:28 -04:00
Thomas Stromberg
6fe74680a0
fpr: June 28 - final rule tuning 2024-06-28 10:08:04 -04:00
Thomas Stromberg
00fa80a0d9
Massive false-positive reduction, particularly for uBlue 2024-06-27 09:23:52 -04:00
Thomas Stromberg
18e05c5a4c
fpr: June 25 2024-06-25 20:48:09 -04:00
Thomas Stromberg
4aeff07118
More SilverBlue/Elastic allows 2024-05-23 21:22:59 -04:00
Thomas Stromberg
ab2535717f
fpr: Fedora Silverblue, MHLinkServer, new terminals 2024-05-23 17:26:33 -04:00
Thomas Stromberg
5dd614f54c
fpr: MHLink, k3d, BlueFin, query tuning 2024-04-26 16:14:02 -04:00
Thomas Stromberg
5ef3c88213
Overdue False Positive Reduction 2024-03-29 10:12:36 -04:00
Thomas Stromberg
b61869c062
Merge branch 'main' into springbreak 2024-03-29 08:07:15 -04:00
Thomas Stromberg
0e5c8ec11e
Allows for Docker, Yubico, /dev/zero 2024-03-29 08:07:01 -04:00
Thomas Strömberg
a673c28222
Merge pull request #362 from tstromberg/kandji 
Performance tuning, mark some Linux queries as 'extra'
 2024-03-15 19:07:10 -04:00
Thomas Stromberg
3447f95d9e
Performance tuning, mark some Linux queries as 'extra' 2024-03-15 19:06:16 -04:00
Thomas Strömberg
6eb5b9ebdb
Merge pull request #361 from tstromberg/kandji 
Allow Kandji to do weird things with expect
 2024-03-15 15:35:44 -04:00
Thomas Stromberg
9342485881
Allow Kandji to do weird things with expect 2024-03-15 15:30:40 -04:00
Thomas Stromberg
d3352610f4 fpr: snapd, cups, ubuntu, etc 2024-03-07 16:33:01 -05:00
Thomas Stromberg
342d813bf8 fpr: Docker Desktop, code-oss, incus, etc 2024-02-26 17:26:56 -05:00
Thomas Stromberg
f72e6424c0 Run reformat 2024-02-16 17:21:00 -05:00
Thomas Stromberg
f87a8e8197 fpr: Elastic, IR, Velociraptor, BitDefender, incus, Adguard 2024-02-16 17:14:11 -05:00
Thomas Stromberg
e42ea9a4bc
massive fpr: Rapid7, Elastic, everything 2024-01-26 14:07:37 -05:00
Thomas Stromberg
5d31e8da5f
fpr: psi, arduino, bitdefender, keybase, cody, etc 2024-01-22 10:36:01 -05:00
Thomas Stromberg
ceec1718f9
fpr: snap, mutedeck, idea, Chrome exts 2024-01-18 17:15:37 -05:00
Thomas Stromberg
229a32a61e
fpr: sourcegraph,phantombuster,iterm,cody,stickers 2024-01-09 16:14:00 -05:00
Thomas Stromberg
c2c29a1a52
Optimize performance with Google Chrome image mounted 2024-01-08 18:47:36 -05:00
Thomas Stromberg
1304d66783
Add more Elastic exceptions 2024-01-08 17:55:30 -05:00
Thomas Stromberg
8b9894ec74
filter out CSV from yara 2023-12-15 17:12:50 -05:00
Thomas Stromberg
800e4aa2cc
fpr: kind of everything 2023-12-15 17:10:06 -05:00
Thomas Stromberg
310e51d2a2
fpr: Capture One, Grammarly, Mullvad, etc 2023-12-08 17:12:27 -05:00
Thomas Stromberg
6e1e7f29c2
fpr: dbeaver, AwesomeScreenshot, Hyper, etc 2023-11-02 09:39:41 -04:00
Thomas Stromberg
0060bb087e
fpr: aws, java, arch, cody, google, wireshark, etc 2023-10-31 11:40:10 -04:00