osquery-defense-kit

mirror of https://github.com/chainguard-dev/osquery-defense-kit synced 2025-01-10 07:39:26 +00:00

Author	SHA1	Message	Date
Thomas Stromberg	546d1367eb	Rename unusually-long-uptime	2022-11-23 07:10:41 -05:00
Thomas Stromberg	39e9aee6eb	Split parent-missing-from-disk, address false positives	2022-11-23 07:10:03 -05:00
Thomas Stromberg	4c242773a2	Add ~/Code exception, widen pnpm exception	2022-11-22 16:30:09 -05:00
Thomas Stromberg	8281a825db	Add dnf with python 3.11	2022-11-22 16:29:52 -05:00
Thomas Stromberg	a134827165	Add gdm-session-wor	2022-11-22 09:24:03 -05:00
Thomas Stromberg	6a7c4b6668	Pre-Thanksgiving False Positive cleanup, including Pop!OS support	2022-11-22 09:21:03 -05:00
Thomas Strömberg	df4fdeba30	Merge pull request #90 from tstromberg/last-false-week False positives: melange, ~/dev, debian-sa1, AdBlock, cover, kubelr, etc	2022-11-18 10:29:02 -05:00
Thomas Stromberg	8e3d6a1614	False positives: melange, ~/dev, debian-sa1, AdBlock, cover, kubelr, etc	2022-11-18 10:27:43 -05:00
Thomas Strömberg	967bac31db	Merge pull request #89 from tstromberg/more-alerts empty-environ: only check root pids to reduce false-positives	2022-11-18 09:33:52 -05:00
Thomas Stromberg	85fdfaaa62	empty-environ: only check root pids to reduce false-positives	2022-11-18 09:32:00 -05:00
Thomas Strömberg	f13d52a84c	Merge pull request #88 from tstromberg/more-alerts Add goa-daemon exception (sends telemetry to Google)	2022-11-17 10:19:19 -05:00
Thomas Stromberg	018eb595c5	Add goa-daemon exception (sends telemetry to Google)	2022-11-17 10:17:45 -05:00
Thomas Strömberg	81f0f52bcb	Merge pull request #87 from tstromberg/more-alerts Add exceptions for Microsoft teams, gcloud, qemu, ldconfig, fix go build paths	2022-11-17 07:21:30 -05:00
Thomas Stromberg	eeeaeecda1	Add exceptions for Microsoft teams, ldconfig, fix go build paths	2022-11-17 07:20:19 -05:00
Thomas Strömberg	60d66a5e41	Merge pull request #86 from tstromberg/hidden-exec Add hidden-executable rule	2022-11-16 20:56:14 -05:00
Thomas Stromberg	288ec9e0f5	Add hidden-executable rule	2022-11-16 20:55:49 -05:00
Thomas Strömberg	f04f1cdf94	Merge pull request #85 from tstromberg/alert-cleanup Begin making use of cgroup_paths, clear more false positives	2022-11-16 16:53:23 -05:00
Thomas Stromberg	9f63e3b21d	Begin making use of cgroup_paths, clear more false positives	2022-11-16 16:52:39 -05:00
Thomas Stromberg	205e45a934	Merge branch 'main' into alert-cleanup	2022-11-16 14:49:42 -05:00
Thomas Stromberg	3d7bc8363e	More false positive management	2022-11-16 14:49:36 -05:00
Thomas Strömberg	e844869be8	Merge pull request #84 from tstromberg/alert-cleanup Fedora 37, better touch logic (macOS) and other false-positive cleanup	2022-11-16 11:19:47 -05:00
Thomas Stromberg	18f17bbee8	Complete cleanup phase 1	2022-11-16 11:18:45 -05:00
Thomas Stromberg	b8d66ae814	Allow -sP /usr/sbin/firewalld	2022-11-16 11:03:34 -05:00
Thomas Stromberg	8047c88374	Run 'make reformat'	2022-11-16 11:02:29 -05:00
Thomas Stromberg	5d1e64ecc1	Fix file.mode comparisons	2022-11-16 11:01:22 -05:00
Thomas Stromberg	febf6cfebd	Remove newer access time check, add Sublime/Microsoft exclusion	2022-11-16 10:56:58 -05:00
Thomas Stromberg	2f30604c07	Allow Software Signing procs to be empty	2022-11-16 10:56:36 -05:00
Thomas Stromberg	f78cca5844	Be more lenient about Software Signing processes	2022-11-16 10:54:23 -05:00
Thomas Stromberg	398cbde41f	Add more exception for local webhook development	2022-11-16 10:40:46 -05:00
Thomas Stromberg	e8ee572311	Add exception for snap container mounts	2022-11-16 10:39:21 -05:00
Thomas Stromberg	f36b74c487	Fix ko-app allowance	2022-11-16 10:38:22 -05:00
Thomas Stromberg	7527e11a3b	Add systemd-fsckd, blueman-mechanism	2022-11-16 10:37:38 -05:00
Thomas Strömberg	fba85e03a5	Merge pull request #83 from tstromberg/more-flushing5 var executables: put quote marks around modes with leading zeros	2022-11-11 07:54:20 -05:00
Thomas Stromberg	ac4a0b84df	var executables: put quote marks around modes with leading zeros	2022-11-11 07:53:45 -05:00
Thomas Strömberg	712e0ed183	Merge pull request #82 from tstromberg/more-flushing4 execdir: Add ~/go and ~/bin exceptions	2022-11-10 12:56:58 -05:00
Thomas Stromberg	4a9a967b47	execdir: Add ~/go and ~/bin exceptions	2022-11-10 12:55:09 -05:00
Thomas Strömberg	d04234bea1	Merge pull request #81 from tstromberg/more-flushing4 https client: Add cargo running from homedir	2022-11-10 12:27:49 -05:00
Thomas Stromberg	f7237c3641	https client: Add cargo running from homedir	2022-11-10 12:26:38 -05:00
Thomas Strömberg	aef8d98452	Merge pull request #80 from tstromberg/more-flushing4 etc-executables: Add redhat-lsb back	2022-11-10 12:22:34 -05:00
Thomas Stromberg	875caaf64e	Add redhat-lsb back	2022-11-10 12:14:18 -05:00
Thomas Strömberg	325dad60d8	Merge pull request #79 from tstromberg/more-flushing4 even-timestomping: Accept strace-log-merge anywhere	2022-11-10 11:33:49 -05:00
Thomas Stromberg	32e3657221	Accept strace-log-merge anywhere	2022-11-10 11:31:37 -05:00
Thomas Strömberg	0b7475e37e	Merge pull request #78 from tstromberg/more-flushing4 Add /usr/local/lib/libmimalloc.so to allowed list of LD_PRELOAD	2022-11-10 11:22:21 -05:00
Thomas Stromberg	47bb017183	Add /usr/local/lib/libmimalloc.so to allowed list of LD_PRELOAD	2022-11-10 11:20:58 -05:00
Thomas Strömberg	aa1717fcf4	Merge pull request #77 from tstromberg/more-flushing4 Address false positives: nginx-ingress-controller, dbus, etc	2022-11-10 11:05:52 -05:00
Thomas Stromberg	f1a3354495	Address false positives: nginx-ingress-controller, dbus, etc	2022-11-10 11:04:48 -05:00
Thomas Strömberg	0bdba2b9e8	Merge pull request #76 from tstromberg/more-flushing3 tiny-executable-events: Add child hash & magic data, filter by regular	2022-11-09 09:14:30 -05:00
Thomas Stromberg	9b99b0f657	tiny-executable-events: Add child hash & magic data, filter by regular	2022-11-09 09:14:10 -05:00
Thomas Strömberg	0513cf159f	Merge pull request #75 from tstromberg/more-flushing2 Add exceptions for terraform, hugo, macOS updates	2022-11-08 14:33:24 -05:00
Thomas Stromberg	c9605d1c98	Add exceptions for terraform, hugo, macOS updates	2022-11-08 14:32:38 -05:00

1 2 3 4 5 ...

444 Commits