RepoMirrors/osquery-defense-kit
1
0
Fork 0
mirror of https://github.com/chainguard-dev/osquery-defense-kit synced 2025-02-19 19:26:55 +00:00
Code Issues Packages Projects Releases Wiki Activity
1,051 Commits 1 Branch 31 Tags 7 MiB
51baf32292
Commit Graph

295 Commits

Author SHA1 Message Date
Thomas Stromberg
9e6df92e3f
fpr: osquery release spam 2023-10-24 18:32:03 -04:00
Thomas Stromberg
3c2be1c16e
fpr: Kolide, qemu, bash, monday, macOS 2023-10-24 18:01:36 -04:00
Thomas Stromberg
bf66053d5c
fpr: containerd, hyper, Docker, Chromium, spotify, busycal 2023-10-02 16:11:44 -04:00
Thomas Stromberg
5f2680ca8b
fpr: Monday, Splunk, Gnome, Git, Grammarly, etc 2023-10-02 11:35:11 -04:00
Thomas Stromberg
f73263bece
fpr: docker, fish, Stream Deck, rsync, lima, macOS 2023-09-26 15:14:38 -04:00
Thomas Stromberg
6b4700c3dd
Address issues which kept these alerts from firing 2023-09-24 22:02:34 -04:00
Thomas Stromberg
5e3d1d22bd
Simplify execution queries 2023-09-20 18:24:40 -04:00
Thomas Stromberg
e6f14457fc
Further simplify exotic-command-events-linux 2023-09-20 18:11:50 -04:00
Thomas Stromberg
2bbc2f6c97
split detection pack into subpacks 2023-09-20 17:43:39 -04:00
Thomas Stromberg
8a383a9963
exotic commands: simplify to avoid Kolide complexity cutoff 2023-09-20 09:50:10 -04:00
Thomas Stromberg
b39fca4e9f
fpr: RSA keys, tcpdump, login, crane, souregraph, etc 2023-09-20 09:30:46 -04:00
Thomas Stromberg
d0e73093ae
Use correct column name 2023-09-20 08:07:57 -04:00
Thomas Stromberg
4e820ae59e
Improve FDM/cred theft detection 2023-09-20 08:03:25 -04:00
Thomas Stromberg
f16c3cdf53 fpr: sourcegraph, nginx, factorio, fan control, emacs, nushell 2023-09-14 17:13:12 -04:00
Thomas Stromberg
a041305145 Improve base64/crontab detection 2023-09-14 16:39:35 -04:00
Thomas Strömberg
b93654a9c9
Merge pull request #303 from tstromberg/faster-chmod-detection 
Improve unexpected-chmod-exec-event performance
 2023-09-05 12:42:08 -04:00
Thomas Stromberg
f17381eaa3
Improve unexpected-chmod-exec-event performance 2023-09-05 12:14:47 -04:00
Thomas Stromberg
190e8adcfd Merge to master 2023-09-01 17:34:36 -04:00
Thomas Stromberg
b889cde6d5 Additional fixes for Ventura & Capture One 2023-09-01 17:27:27 -04:00
Thomas Stromberg
84125c4bb1
Remove recently common false positives 2023-09-01 17:09:47 -04:00
Thomas Stromberg
188bc78f4c Fix errors 2023-08-15 18:29:27 -04:00
Thomas Stromberg
dce2eb2af5 Add many exceptions 2023-08-15 18:13:06 -04:00
Thomas Stromberg
ce2f0f06cb
fpr; Keybase, grype, UpdateBrainService, OpenOffice, sqlproxy 2023-07-20 10:56:49 -04:00
Thomas Stromberg
921cdc521e
fpr: nvidia drivers, su, agetty, crystalhd, hercules, etc 2023-07-19 15:22:43 -04:00
Thomas Stromberg
485f69a61c fpr: Revolt, Bearly, user executables, melange 2023-07-13 19:43:35 -04:00
Thomas Stromberg
d310dac7cc Fix velociraptor exception 2023-07-12 19:30:05 -04:00
Thomas Stromberg
b22625d38a Add more velociraptor exceptions 2023-07-12 17:42:02 -04:00
Thomas Stromberg
a0e4183bf4 fpr: Velociraptor, nessus, kandji, java, SteelSeries, etc 2023-07-12 17:38:26 -04:00
Thomas Stromberg
bb5f597b2a macOS sysutils: add csrutil, ditto, unzip, whoami, system_profiler 2023-07-12 16:44:15 -04:00
Thomas Stromberg
c9f0b2bee5
fpr: Steam, Presenting, Wavebox, multipass, parallels, cargo, dnf, Kindle, DaveTheDiver 2023-07-03 07:16:14 -04:00
Thomas Stromberg
cebf617c82 fpr: terragrunt, mdnsResponder, Spotify, Zoom, etc 2023-06-14 10:58:41 -04:00
Thomas Stromberg
32328c91f1 fpr: Slack, Gnome, Sigstore, Logitune, etc 2023-06-12 10:10:57 -04:00
Thomas Strömberg
1654c03677
Merge pull request #281 from tstromberg/less-persist 
recently created: set cutoff to 12h, exclude SteelSeries
 2023-06-09 07:55:46 -04:00
Thomas Stromberg
ccdd5e2d4f set cutoff to 12h, exclude SteelSeries 2023-06-09 07:42:30 -04:00
Thomas Strömberg
57cc0ec64d
Merge pull request #279 from tstromberg/minecraft 
false positive: Minecraft
 2023-06-09 07:35:05 -04:00
Thomas Stromberg
838e0f6a4d recently created: set cut-off to 30 minutes 2023-06-09 07:29:00 -04:00
Thomas Stromberg
35433beb05 false positive: Minecraft 2023-06-09 07:28:05 -04:00
Thomas Stromberg
ff2ab95431 Remove file sizes from systemd exception key 2023-06-08 18:26:57 -04:00
Thomas Stromberg
c8760e0ae1 fpr: macOS, Signal, Creative Labs, node, etc 2023-06-07 09:55:17 -04:00
Thomas Stromberg
066c88dc18 fpr: multipass, go, macOS, Ubuntu, Opera, git, ko 2023-06-02 19:08:08 -04:00
Thomas Stromberg
9575d18bc2 fpr: FleetDM, Edge, VSCode, dnf, Steam, etc 2023-06-01 11:52:20 -04:00
Thomas Stromberg
7446b55120 Fix missing apostrophe 2023-05-23 11:55:11 -04:00
Thomas Stromberg
111c15e20b fpr: macOS, yubikey, Premiere, dnf, vagrant, etc 2023-05-23 11:31:37 -04:00
Thomas Stromberg
56ede74c54 fpr: Parallels, Stream Deck, tflint, gitstatus, snyk 2023-05-17 17:52:55 -04:00
Thomas Stromberg
c6eec0ee17 Query tuning after Geacon testing 2023-05-17 10:54:16 -04:00
Thomas Stromberg
24c2baef28 Make process times broadly available, minor opts 2023-05-16 17:18:39 -04:00
Thomas Stromberg
7f86db5521 Improve detection for bpfdoor and similar backdoors. 2023-05-16 16:31:31 -04:00
Thomas Stromberg
93f2f2baf4 Fix comma placement 2023-05-16 10:31:46 -04:00
Thomas Stromberg
d5a94b21d1 fpr: Kolide, macOS, nvidia, neko 2023-05-16 10:28:19 -04:00
Thomas Stromberg
9c87838b9f
fpr: Chrome, Kolide 2023-05-12 16:41:17 -04:00