19 Commits

Author	SHA1	Message	Date
Thomas Stromberg	f5fe9a4aac	Refactor process_events queries for more accurate parenting	2023-01-26 11:40:54 -05:00
Thomas Stromberg	83cc38207e	fpr: minikube, tailscale, dex, pacman, virtualbox, steam, lsmod, busybox, etc	2023-01-23 20:33:52 -05:00
Thomas Stromberg	e6824d87e9	Run 'make reformat'	2023-01-20 09:24:24 -05:00
Thomas Stromberg	710ca28ed9	False positives: apt-daily, github runner, Slack helper, Foxit, syncthing	2023-01-19 11:52:31 -05:00
Thomas Stromberg	d415b36b57	FP removal: Selenium, PolKit helper, gephi, docker-credential-gcloud, firejail, etc	2023-01-16 12:56:39 -05:00
Thomas Stromberg	e3401a07c6	Weekend false-positive flush	2023-01-14 08:19:26 -05:00
Thomas Stromberg	cb896b9e10	Filter out new false positives	2023-01-13 15:24:18 -05:00
Thomas Stromberg	420d269025	Reformat and reduce false positives	2023-01-09 15:10:48 -05:00
Thomas Stromberg	c7e4252af1	Remove false positives, fix some queries that failed to show a parent pid	2023-01-09 10:46:30 -05:00
Thomas Stromberg	ba23df1fef	Catch up to other false positives over winter break	2023-01-04 11:03:38 -05:00
Thomas Stromberg	5d1e64ecc1	Fix file.mode comparisons	2022-11-16 11:01:22 -05:00
Thomas Stromberg	e7e714c9db	Make another stab at reducing false positives across the map	2022-11-03 11:51:54 -04:00
Thomas Stromberg	caab2a6c82	Loads of fresh new false-positives removal	2022-10-31 17:40:37 -04:00
Thomas Stromberg	3d75593c76	Add exceptions for Jetbrains/Delve, more for Steam	2022-10-30 12:00:43 -04:00
Thomas Stromberg	897c96bd33	Remove more in-the-wild false positives	2022-10-27 16:55:00 -04:00
Thomas Stromberg	27a3013bba	Split up the unexpected-filesystem-entries by platform	2022-10-14 15:14:24 -04:00
Thomas Stromberg	d2bdffe89e	Add support for interval tags	2022-10-14 14:19:13 -04:00
Thomas Stromberg	20452b128b	Migrate query strings from double to single apostrophes	2022-10-13 14:59:32 -04:00
Thomas Stromberg	26ee658c4a	Initial re-organization around the MITRE ATT&CK framework	2022-10-11 21:53:36 -04:00