RepoMirrors/osquery-defense-kit
1
0
Fork 0
mirror of https://github.com/chainguard-dev/osquery-defense-kit synced 2025-01-10 15:49:31 +00:00
Code Issues Packages Projects Releases Wiki Activity
329 Commits 1 Branch 31 Tags 6.1 MiB
5b6a150f81
Commit Graph

329 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Thomas Stromberg
5b6a150f81
Address merge conflict 2022-10-30 09:44:25 -04:00
Thomas Stromberg
ee6c532577
Add exception for Twitter on Mac 2022-10-30 09:40:52 -04:00
Thomas Stromberg
1652037355
Add initial setuid env overflow detection 2022-10-30 09:40:31 -04:00
Thomas Stromberg
46ef9668d7
Add exception for 'go run' 2022-10-30 09:39:48 -04:00
Thomas Stromberg
889ad9a5fd
Add exception for whois 2022-10-30 09:39:10 -04:00
Thomas Strömberg
5021d24e23
Merge pull request #48 from tstromberg/oflow 
Add setxid-cmdline-overflow-attempt.sql
 2022-10-29 19:59:53 -04:00
Thomas Stromberg
c1b7829797
Add setxid-cmdline-overflow-attempt.sql 2022-10-29 19:58:59 -04:00
Thomas Strömberg
c7f5a23fad
Merge pull request #47 from tstromberg/fp 
talkrs/empty environ: Filter out more Electron apps
 2022-10-29 19:57:03 -04:00
Thomas Stromberg
b74b07af8e
Filter out more Electron apps 2022-10-29 19:56:27 -04:00
Thomas Strömberg
79c8136aad
Merge pull request #46 from tstromberg/fp 
Add 'garmin_gps' kernel module into expectation list
 2022-10-29 14:14:05 -04:00
Thomas Stromberg
ecc8a89ed4
Add 'garmin_gps' kernel module 2022-10-29 14:13:16 -04:00
Thomas Strömberg
635712dc68
Merge pull request #45 from tstromberg/fp 
Add exceptions for zellij & warp
 2022-10-29 14:12:12 -04:00
Thomas Stromberg
066d8aec1d
Add exceptions for zellij & warp 2022-10-29 14:11:33 -04:00
Thomas Strömberg
62b4e2bd9b
Merge pull request #44 from tstromberg/exotic-rm 
exotic cmdline macos: Exclude locatedb updates
 2022-10-29 12:12:20 -04:00
Thomas Stromberg
81b97536e9
Exclude locatedb updates 2022-10-29 12:11:46 -04:00
Thomas Strömberg
0c0a38df44
Merge pull request #43 from tstromberg/bwrap-empty 
empty environ: add exception for bwrap
 2022-10-29 11:53:46 -04:00
Thomas Stromberg
d869ff2197
empty environ: add exception for bwrap 2022-10-29 11:53:05 -04:00
Thomas Strömberg
dca4ece9fc
Merge pull request #42 from tstromberg/fpos 
KubeCon 2022 False-Positive Cleanup for macOS/Linux
 2022-10-29 11:47:25 -04:00
Thomas Stromberg
576dfb5ed6
Add Cloud SDK exception 2022-10-29 11:44:29 -04:00
Thomas Stromberg
1f57719345
Add GPGTools exception 2022-10-29 11:44:13 -04:00
Thomas Stromberg
1c2d605bb0
Include osacompile 2022-10-29 11:43:58 -04:00
Thomas Stromberg
3ac2f07708
Merge branch 'main' into fpos 2022-10-28 19:24:12 -04:00
Thomas Stromberg
6c78695b73
Final KubeCon 2022 false-positive cleanup 2022-10-28 19:24:00 -04:00
Thomas Strömberg
d5c7352344
Merge pull request #41 from tstromberg/fpos 
Reduce in-the-wild false positives, improve performance
 2022-10-28 16:11:58 -04:00
Thomas Stromberg
897c96bd33
Remove more in-the-wild false positives 2022-10-27 16:55:00 -04:00
Thomas Stromberg
4a25a0c410
Improve perforance by re-ordering JOIN's 2022-10-27 16:54:41 -04:00
Thomas Strömberg
208383ccd6
Merge pull request #40 from tstromberg/webmail 
webmail: Add .jfif exception, remove exceptions for .bz2, .gz, .tar, .zstd
 2022-10-27 16:28:14 -04:00
Thomas Stromberg
5bbde18759
webmail: Add JFIF, remove BZ2, TAR, GZ from expectations list 2022-10-27 16:26:43 -04:00
Thomas Strömberg
d7e946f80e
Merge pull request #39 from tstromberg/more-fixes 
Rewrite process_envs queries for faster performance
 2022-10-27 15:42:03 -04:00
Thomas Stromberg
22da8cce66
Rewrite process_envs queries for faster performance 2022-10-27 11:26:35 -04:00
Thomas Strömberg
e2dd9bb528
Merge pull request #38 from tstromberg/more-fixes 
Large scrub of false-positives on macOS/Linux
 2022-10-27 10:57:14 -04:00
Thomas Stromberg
ffbc65697f
Add exception for /usr/bin/bash 2022-10-27 10:41:14 -04:00
Thomas Stromberg
5da942402b
Add an exception for dnf on port 80 2022-10-27 10:38:26 -04:00
Thomas Stromberg
a00af6c1fa
Merge another day worth of false positives 2022-10-27 10:23:15 -04:00
Thomas Strömberg
aa4c6ce411
Merge pull request #36 from tstromberg/false-purge-day2 
detection: Reduce Linux desktop false positives
 2022-10-25 21:31:58 -04:00
Thomas Stromberg
ff7cb5f00f
Address merge conflict 2022-10-25 21:31:32 -04:00
Thomas Strömberg
d44b91b41c
Merge pull request #35 from tstromberg/osascript-alfred 
osascript: Pull parent events data, Add Alfred exclusion
 2022-10-25 21:28:09 -04:00
Thomas Stromberg
239df4ea1f
Reduce more false positives found on macOS and Linux 2022-10-25 21:27:41 -04:00
Thomas Stromberg
23351973ea
detection: Reduce Linux desktop false positives 2022-10-25 11:39:51 -04:00
Thomas Stromberg
e6a24545c2
Add update-notifier -> pkexec exception 2022-10-25 09:20:18 -04:00
Thomas Stromberg
058e74bca9
Merge to head 2022-10-24 14:45:49 -04:00
Thomas Stromberg
7d5503373b
Add Alfred exclusion, fix Zoom exclusion 2022-10-24 14:40:51 -04:00
Thomas Strömberg
159c864e58
Merge pull request #34 from tstromberg/zoom-exc 
osascript: Add exception for Zoom controller
 2022-10-24 13:58:57 -04:00
Thomas Stromberg
04409029cb
Add exception for Zoom controller 2022-10-24 11:28:26 -04:00
Thomas Strömberg
6cfd5a548e
Merge pull request #30 from tstromberg/etc-hosts 
Ignore /etc/hosts records pointing to 127.x.x.x
 2022-10-24 11:11:55 -04:00
Thomas Strömberg
50f4c3d452
Merge pull request #31 from tstromberg/talkers-ff 
Add exception for firefox-wrapper on port 80
 2022-10-24 11:11:13 -04:00
Thomas Strömberg
d6e70ebcc3
Merge pull request #32 from tstromberg/osascript 
osascript: Add parent signing information
 2022-10-24 11:10:59 -04:00
Thomas Strömberg
ed84a59a66
Merge pull request #33 from tstromberg/recent-updates 
CloudNativeSecurityCon Day 1 False-Positive Cleanup
 2022-10-24 11:10:42 -04:00
Thomas Stromberg
17f77468f4
Add coreduetd exception 2022-10-24 11:09:21 -04:00
Thomas Stromberg
2f7e76d23c
Add exception for User-Agent Switcher 2022-10-24 11:09:07 -04:00