RepoMirrors/osquery-defense-kit
1
0
Fork 0
mirror of https://github.com/chainguard-dev/osquery-defense-kit synced 2025-01-12 08:39:27 +00:00
Code Issues Packages Projects Releases Wiki Activity
1,051 Commits 1 Branch 31 Tags 6.1 MiB
51baf32292
Commit Graph

1051 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Thomas Strömberg
51baf32292
Merge pull request #331 from tstromberg/fpr-oct25 
fpr: rootlesskit, sshd, Fedora, Oracle Linux
 2023-10-25 13:42:56 -04:00
Thomas Stromberg
23fadda33b
fpr: rootlesskit, sshd, Fedora, Oracle Linux 2023-10-25 13:42:22 -04:00
Thomas Strömberg
ad8d95516c
Merge pull request #330 from chainguard-dev/fpr-oct25 
fpr: Electron, Github
 2023-10-25 09:49:32 -04:00
Thomas Stromberg
d7990dd063
fpr: Electron, Github 2023-10-25 09:49:07 -04:00
Thomas Strömberg
3e25510b8c
Merge pull request #329 from chainguard-dev/fpr-oct25 
fpr: mtr, vscode, cpptools, cron, firefox
 2023-10-25 09:18:55 -04:00
Thomas Stromberg
7d9aced380
fpr: mtr, vscode, cpptools, cron, firefox 2023-10-25 09:18:04 -04:00
Thomas Strömberg
7b76585736
Merge pull request #328 from tstromberg/fpr-oct24 
fpr: osquery release spam
 2023-10-24 18:32:59 -04:00
Thomas Stromberg
9e6df92e3f
fpr: osquery release spam 2023-10-24 18:32:03 -04:00
Thomas Strömberg
5cc769c5a0
Merge pull request #327 from tstromberg/fpr-oct24 
fpr: Kolide, qemu, bash, monday, macOS
 2023-10-24 18:03:49 -04:00
Thomas Stromberg
3c2be1c16e
fpr: Kolide, qemu, bash, monday, macOS 2023-10-24 18:01:36 -04:00
Thomas Strömberg
3e970ed93f
Merge pull request #326 from tstromberg/fpr-sep26 
makefile: Extend timeouts for YARA queries
 2023-10-03 11:21:24 -04:00
Thomas Stromberg
9a03776699 Extend timeouts 2023-10-03 11:20:40 -04:00
Thomas Strömberg
db67613a38
Merge pull request #325 from tstromberg/fpr-oct2 
fpr: containerd, hyper, Docker, Chromium, spotify, busycal
 2023-10-02 16:13:10 -04:00
Thomas Stromberg
bf66053d5c
fpr: containerd, hyper, Docker, Chromium, spotify, busycal 2023-10-02 16:11:44 -04:00
Thomas Strömberg
c8f2fa0cb5
Merge pull request #324 from tstromberg/fpr-sep26 
fpr: Monday, Splunk, Gnome, Git, Grammarly, etc
 2023-10-02 11:46:20 -04:00
Thomas Stromberg
42c0a15e2a Fix vpl, kolide exceptions, increase timeouts for yara 2023-10-02 11:45:27 -04:00
Thomas Stromberg
5f2680ca8b
fpr: Monday, Splunk, Gnome, Git, Grammarly, etc 2023-10-02 11:35:11 -04:00
Thomas Strömberg
d6fc3e09cd
Merge pull request #323 from tstromberg/fpr-sep26 
Broaden the talker exception list
 2023-09-26 16:42:13 -04:00
Thomas Stromberg
ed473f438d
Broaden the talker exception list 2023-09-26 16:41:47 -04:00
Thomas Strömberg
a6c065200c
Merge pull request #322 from tstromberg/fpr-sep26 
fpr: docker, fish, Stream Deck, rsync, lima, macOS
 2023-09-26 15:16:45 -04:00
Thomas Stromberg
f73263bece
fpr: docker, fish, Stream Deck, rsync, lima, macOS 2023-09-26 15:14:38 -04:00
Thomas Strömberg
25f7c2cacd
Merge pull request #321 from tstromberg/unusual-location- 
Add detector for listening from an unusual location
 2023-09-26 13:13:21 -04:00
Thomas Strömberg
c3df9bdea5
Merge pull request #320 from tstromberg/lima-ubuntu-fpr 
Reduce false positives on Ubuntu + Lima
 2023-09-26 13:13:13 -04:00
Thomas Stromberg
d3efd381f0
Add detector for listening from an unusual location 2023-09-26 13:12:51 -04:00
Thomas Stromberg
a7f0b3001d
Reduce false positives on Ubuntu + Lima 2023-09-26 13:09:22 -04:00
Thomas Strömberg
417b0a6408
Merge pull request #319 from tstromberg/fpr-sep21 
Address issues which kept some Linux alerts from firing
 2023-09-25 08:26:09 -04:00
Thomas Stromberg
6b4700c3dd
Address issues which kept these alerts from firing 2023-09-24 22:02:34 -04:00
Thomas Strömberg
715f37b25c
Merge pull request #318 from tstromberg/vuln-no-verify 
Simplify execution queries
 2023-09-20 18:25:41 -04:00
Thomas Stromberg
5e3d1d22bd
Simplify execution queries 2023-09-20 18:24:40 -04:00
Thomas Strömberg
a0547ab7bd
Merge pull request #317 from tstromberg/vuln-no-verify 
Don't verify vulnerabilities as there is only one query
 2023-09-20 18:14:20 -04:00
Thomas Stromberg
7b30ac3208
Don't verify vulnerabilities as there is only one query 2023-09-20 18:13:52 -04:00
Thomas Strömberg
d3e1fe1885
Merge pull request #316 from tstromberg/simplify-execution 
Further simplify exotic-command-events-linux
 2023-09-20 18:13:15 -04:00
Thomas Stromberg
e6f14457fc
Further simplify exotic-command-events-linux 2023-09-20 18:11:50 -04:00
Thomas Strömberg
5e3febc619
Merge pull request #315 from tstromberg/make-specific 
split detection pack into subpacks
 2023-09-20 17:54:20 -04:00
Thomas Stromberg
2bbc2f6c97
split detection pack into subpacks 2023-09-20 17:43:39 -04:00
Thomas Strömberg
547fe50fca
Merge pull request #314 from tstromberg/yara 
YARA rules everywhere!
 2023-09-20 17:13:43 -04:00
Thomas Stromberg
6781b46375
YARA rules everywhere! 2023-09-20 17:03:21 -04:00
Thomas Strömberg
2d920e4d5a
Merge pull request #313 from tstromberg/fpr-sep20 
exotic commands: simplify to avoid Kolide complexity cutoff
 2023-09-20 09:52:15 -04:00
Thomas Stromberg
8a383a9963
exotic commands: simplify to avoid Kolide complexity cutoff 2023-09-20 09:50:10 -04:00
Thomas Strömberg
fe2eb9278e
Merge pull request #312 from tstromberg/fpr-sep20 
fpr: RSA keys, tcpdump, login, crane, souregraph, etc
 2023-09-20 09:32:24 -04:00
Thomas Stromberg
b39fca4e9f
fpr: RSA keys, tcpdump, login, crane, souregraph, etc 2023-09-20 09:30:46 -04:00
Thomas Stromberg
d0e73093ae
Use correct column name 2023-09-20 08:07:57 -04:00
Thomas Stromberg
4e820ae59e
Improve FDM/cred theft detection 2023-09-20 08:03:25 -04:00
Thomas Strömberg
ddb37c066a
Merge pull request #310 from tstromberg/fpr-sep18 
unexpected talker events: address easy false positives
 2023-09-19 17:48:09 -04:00
Thomas Strömberg
e958c9f2ac
Merge pull request #311 from tstromberg/hidden-cwd-events 
new check: hidden cwd events
 2023-09-19 17:48:01 -04:00
Thomas Stromberg
bfdc509243 new check: hidden cwd events 2023-09-19 17:18:35 -04:00
Thomas Stromberg
f656aef8be unexpected talker events: address easy false positives 2023-09-19 17:17:58 -04:00
Thomas Strömberg
41eb8f2a0f
Merge pull request #309 from tstromberg/fpr-sep18 
new check: Unexpected talker events
 2023-09-19 15:59:06 -04:00
Thomas Stromberg
9722d9f156 new check: Unexpected talker events 2023-09-19 15:57:21 -04:00
Thomas Strömberg
4abe0fa6da
Merge pull request #308 from tstromberg/lusca 
More checks for unusual process names inspired by Earth Lusca
 2023-09-18 14:27:09 -04:00