RepoMirrors
/
osquery-defense-kit
mirror of https://github.com/chainguard-dev/osquery-defense-kit
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
622 Commits 1 Branch 31 Tags 5.6 MiB
Commit Graph

33 Commits

Author SHA1 Message Date
Thomas Stromberg 66ee3484c0
Remove unused active fields, add WhatsApp ioreg exception 2023-01-27 08:46:48 -05:00
Thomas Stromberg 7d8fa35eb4
fpr: Github Absolute Date, Snagit, Figma, Seagate, aws, etc 2023-01-26 16:30:14 -05:00
Thomas Stromberg f7c1557aee
fpr: libinput, kue, updatedb, mariadb, terraform 2023-01-23 08:13:04 -05:00
Thomas Stromberg 280b187b20
fpr: systemctl calls, go tests, WebEx, MariaDB, Brave 2023-01-20 17:55:48 -05:00
Thomas Stromberg 8e9ae0fda3
Less false positives: particularly among systemctl calls 2023-01-20 08:40:08 -05:00
Thomas Stromberg d415b36b57
FP removal: Selenium, PolKit helper, gephi, docker-credential-gcloud, firejail, etc 2023-01-16 12:56:39 -05:00
Thomas Stromberg e3401a07c6
Weekend false-positive flush 2023-01-14 08:19:26 -05:00
Thomas Stromberg cb896b9e10
Filter out new false positives 2023-01-13 15:24:18 -05:00
Thomas Stromberg 420d269025
Reformat and reduce false positives 2023-01-09 15:10:48 -05:00
Thomas Stromberg c7e4252af1
Remove false positives, fix some queries that failed to show a parent pid 2023-01-09 10:46:30 -05:00
Thomas Stromberg e8af31a348
false positives: dots, ipn, apport-gtk, homebrew, hyperkey, contexts 2023-01-09 09:34:20 -05:00
Thomas Stromberg 4eb6993272
Catch up to some older false positives we ran into 2023-01-06 17:11:24 -05:00
Thomas Stromberg 1aefbe5e91
More false positive removal 2023-01-06 16:01:35 -05:00
Thomas Stromberg a8b95a2c9e
New Years cleanup: monitorix, snap-confine, steam, spotify, etc 2023-01-03 08:50:19 -05:00
Thomas Stromberg eeeaeecda1
Add exceptions for Microsoft teams, ldconfig, fix go build paths 2022-11-17 07:20:19 -05:00
Thomas Stromberg 748be4c251
Make all of ~/.% an exclusion 2022-11-08 14:22:12 -05:00
Thomas Stromberg 3dec23370c
More exclusions 2022-11-08 12:59:11 -05:00
Thomas Stromberg 213e29afcc
Simplify macos-execdir, reduce false positives 2022-11-07 10:03:43 -05:00
Thomas Stromberg e7e714c9db
Make another stab at reducing false positives across the map 2022-11-03 11:51:54 -04:00
Thomas Stromberg caab2a6c82
Loads of fresh new false-positives removal 2022-10-31 17:40:37 -04:00
Thomas Stromberg 6e2f7059b5
Add exceptions for Steam on Linux 2022-10-30 10:19:33 -04:00
Thomas Stromberg 6c78695b73
Final KubeCon 2022 false-positive cleanup 2022-10-28 19:24:00 -04:00
Thomas Stromberg a00af6c1fa
Merge another day worth of false positives 2022-10-27 10:23:15 -04:00
Thomas Stromberg 23351973ea
detection: Reduce Linux desktop false positives 2022-10-25 11:39:51 -04:00
Thomas Stromberg f6317c2af8
Further reduction of false positives 2022-10-19 17:07:52 -04:00
Thomas Stromberg ab94de7770
Add a lot more mitre data 2022-10-19 16:56:32 -04:00
Thomas Stromberg 9f06873ae9
Don't mind shells hanging out in ~/.Trash 2022-10-18 14:51:51 -04:00
Thomas Stromberg 12c7f8360d
Filter out more false positives 2022-10-18 11:44:03 -04:00
Thomas Stromberg 8ddd5764e8
Remove some false positives 2022-10-17 20:57:56 -04:00
Thomas Stromberg 9bf85e3137
Flush out more false positives 2022-10-17 20:37:44 -04:00
Thomas Stromberg d2bdffe89e
Add support for interval tags 2022-10-14 14:19:13 -04:00
Thomas Stromberg 20452b128b
Migrate query strings from double to single apostrophes 2022-10-13 14:59:32 -04:00
Thomas Stromberg 26ee658c4a
Initial re-organization around the MITRE ATT&CK framework 2022-10-11 21:53:36 -04:00