Thomas Stromberg
|
4d0a9fd533
|
fpr: sequoia, osquery, cups, atops, transmission, etc
|
2024-09-23 11:07:53 -04:00 |
Thomas Stromberg
|
4b10d10520
|
False-positives be damned
|
2024-08-27 18:40:43 -04:00 |
Thomas Stromberg
|
4aeff07118
|
More SilverBlue/Elastic allows
|
2024-05-23 21:22:59 -04:00 |
Thomas Stromberg
|
5dd614f54c
|
fpr: MHLink, k3d, BlueFin, query tuning
|
2024-04-26 16:14:02 -04:00 |
Thomas Stromberg
|
0e5c8ec11e
|
Allows for Docker, Yubico, /dev/zero
|
2024-03-29 08:07:01 -04:00 |
Thomas Stromberg
|
f87a8e8197
|
fpr: Elastic, IR, Velociraptor, BitDefender, incus, Adguard
|
2024-02-16 17:14:11 -05:00 |
Thomas Stromberg
|
e42ea9a4bc
|
massive fpr: Rapid7, Elastic, everything
|
2024-01-26 14:07:37 -05:00 |
Thomas Stromberg
|
800e4aa2cc
|
fpr: kind of everything
|
2023-12-15 17:10:06 -05:00 |
Thomas Stromberg
|
6e1e7f29c2
|
fpr: dbeaver, AwesomeScreenshot, Hyper, etc
|
2023-11-02 09:39:41 -04:00 |
Thomas Stromberg
|
0060bb087e
|
fpr: aws, java, arch, cody, google, wireshark, etc
|
2023-10-31 11:40:10 -04:00 |
Thomas Stromberg
|
f73263bece
|
fpr: docker, fish, Stream Deck, rsync, lima, macOS
|
2023-09-26 15:14:38 -04:00 |
Thomas Stromberg
|
b39fca4e9f
|
fpr: RSA keys, tcpdump, login, crane, souregraph, etc
|
2023-09-20 09:30:46 -04:00 |
Thomas Stromberg
|
190e8adcfd
|
Merge to master
|
2023-09-01 17:34:36 -04:00 |
Thomas Stromberg
|
b889cde6d5
|
Additional fixes for Ventura & Capture One
|
2023-09-01 17:27:27 -04:00 |
Thomas Stromberg
|
84125c4bb1
|
Remove recently common false positives
|
2023-09-01 17:09:47 -04:00 |
Thomas Stromberg
|
dce2eb2af5
|
Add many exceptions
|
2023-08-15 18:13:06 -04:00 |
Thomas Stromberg
|
485f69a61c
|
fpr: Revolt, Bearly, user executables, melange
|
2023-07-13 19:43:35 -04:00 |
Thomas Stromberg
|
c9f0b2bee5
|
fpr: Steam, Presenting, Wavebox, multipass, parallels, cargo, dnf, Kindle, DaveTheDiver
|
2023-07-03 07:16:14 -04:00 |
Thomas Stromberg
|
d74405c817
|
fpr: Brave, Adobe, Signal, Kandji, SteelSeries, etc
|
2023-06-30 16:38:31 -04:00 |
Thomas Stromberg
|
c8760e0ae1
|
fpr: macOS, Signal, Creative Labs, node, etc
|
2023-06-07 09:55:17 -04:00 |
Thomas Stromberg
|
066c88dc18
|
fpr: multipass, go, macOS, Ubuntu, Opera, git, ko
|
2023-06-02 19:08:08 -04:00 |
Thomas Stromberg
|
9575d18bc2
|
fpr: FleetDM, Edge, VSCode, dnf, Steam, etc
|
2023-06-01 11:52:20 -04:00 |
Thomas Stromberg
|
111c15e20b
|
fpr: macOS, yubikey, Premiere, dnf, vagrant, etc
|
2023-05-23 11:31:37 -04:00 |
Thomas Stromberg
|
26b2b9a4c7
|
fpr: LGHUB, aomshm, Wisdolia, uubyte, eclipse, etc
|
2023-05-11 11:29:55 -04:00 |
Thomas Stromberg
|
df925eaa6c
|
fpr: lghub, brew, pve, chrome exts, etc
|
2023-04-20 20:45:35 -04:00 |
Thomas Stromberg
|
9c3f783491
|
fpr everything
|
2023-04-17 16:20:35 -04:00 |
Thomas Stromberg
|
9b0ed09c8e
|
fpr: xdg, docker, dbus, bpfilter_umh, docker, spotify, mage
|
2023-03-28 16:25:26 -04:00 |
Thomas Stromberg
|
7a78199906
|
fpr: traceroute, thunderbird, garmin installer, chainctl, etc
|
2023-03-21 14:07:06 -04:00 |
Thomas Stromberg
|
7ceb7b2b19
|
fpr: NetworkManager, packer, rancher desktop, proxmox, sd
|
2023-03-17 06:32:54 -04:00 |
Thomas Stromberg
|
824efa9705
|
fpr: yum, systemd, cloud-sql-proxy, image-automation-controller, helm, bom, aws
|
2023-03-14 19:00:44 -04:00 |
Thomas Stromberg
|
fb7cd56249
|
fpr: abrt-dbus, gdm, chrome, ff, etc
|
2023-02-24 16:30:17 -05:00 |
Thomas Stromberg
|
8d4531198f
|
fpr: My ORA, Ecamm, setroubleshootd, etc
|
2023-02-14 19:46:36 -05:00 |
Thomas Stromberg
|
72326c3b5c
|
Massive reduction of false positives across the board
|
2023-02-08 20:06:26 -05:00 |
Thomas Stromberg
|
e57f03b89f
|
fpr: Opera, TextExpander, socket_vmnet, elive, etc
|
2023-02-08 15:12:10 -05:00 |
Thomas Stromberg
|
d302a9ff55
|
Purge false positives, again and again
|
2023-02-02 21:46:53 -05:00 |
Thomas Stromberg
|
45ab183557
|
fpr: New Chrome etxensions, vbox, chrome, gcloud, gdm3, yay, etc
|
2023-01-30 14:58:47 -05:00 |
Thomas Stromberg
|
83cc38207e
|
fpr: minikube, tailscale, dex, pacman, virtualbox, steam, lsmod, busybox, etc
|
2023-01-23 20:33:52 -05:00 |
Thomas Stromberg
|
8e9ae0fda3
|
Less false positives: particularly among systemctl calls
|
2023-01-20 08:40:08 -05:00 |
Thomas Stromberg
|
7b79b19090
|
False positive reduction: Messenger, Chrome, Final Cut Pro, etc
|
2023-01-18 09:49:56 -05:00 |
Thomas Stromberg
|
cb896b9e10
|
Filter out new false positives
|
2023-01-13 15:24:18 -05:00 |
Thomas Stromberg
|
dd3149a34b
|
Add support for .pkg files
|
2023-01-13 13:47:02 -05:00 |
Thomas Stromberg
|
16f9b2f3ee
|
Remove more false positives: kind, gopls, docker.socket, etc
|
2022-12-15 10:20:16 -05:00 |
Thomas Stromberg
|
ab94de7770
|
Add a lot more mitre data
|
2022-10-19 16:56:32 -04:00 |
Thomas Stromberg
|
cee1710f74
|
Finish out the incident_response refactor
|
2022-10-19 16:19:53 -04:00 |
Thomas Stromberg
|
0160d05ed3
|
Add new spotlight queries to surface unexpected dmg/iso downloads
|
2022-10-18 08:52:05 -04:00 |