RepoMirrors/osquery-defense-kit
1
0
Fork 0
mirror of https://github.com/chainguard-dev/osquery-defense-kit synced 2025-02-20 12:06:48 +00:00
Code Issues Packages Projects Releases Wiki Activity
969 Commits 1 Branch 31 Tags 7 MiB
6182f2957e
Commit Graph

969 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Thomas Strömberg
6182f2957e
Merge pull request #295 from tstromberg/process-ext 
netutil calls: add nscurl
 2023-07-12 16:45:49 -04:00
Thomas Stromberg
8e73ef70d2 netutil calls: add nscurl 2023-07-12 16:45:09 -04:00
Thomas Strömberg
edbe3fa1f6
Merge pull request #294 from tstromberg/process-ext 
macOS sysutils: add csrutil, ditto, unzip, whoami, system_profiler
 2023-07-12 16:44:50 -04:00
Thomas Stromberg
bb5f597b2a macOS sysutils: add csrutil, ditto, unzip, whoami, system_profiler 2023-07-12 16:44:15 -04:00
Thomas Strömberg
46199c7d9b
Merge pull request #293 from tstromberg/process-ext 
new detector: unexpected process extension linux
 2023-07-12 16:28:47 -04:00
Thomas Stromberg
a7cd9abaf3 new detector: unexpected process extension linux 2023-07-12 16:06:05 -04:00
Thomas Strömberg
a34a3dc2e2
Merge pull request #292 from tstromberg/fpr-velociraptor 
fpr: Velociraptor, Hyprland, iio
 2023-07-12 16:02:42 -04:00
Thomas Stromberg
430f397f1e fpr: Velociraptor, Hyprland, iio 2023-07-12 15:00:36 -04:00
Thomas Strömberg
3a0902b04b
Merge pull request #291 from tstromberg/chrome-management-perms 
unexpected chrome extension: Check for 'management' permission
 2023-07-05 12:49:28 -04:00
Thomas Stromberg
9d93799cb5
Add 'management' to the list of permissions to check for 2023-07-05 12:47:00 -04:00
Thomas Strömberg
07ce899631
Merge pull request #290 from tstromberg/chrome-management-perms 
Update false positive list, add mtime/btime
 2023-07-05 12:26:38 -04:00
Thomas Stromberg
97bfc30b92
Update false positive list, add mtime/btime 2023-07-05 12:26:14 -04:00
Thomas Strömberg
55d9a4656f
Merge pull request #289 from tstromberg/fpr-jul3 
Update query count from 220 to 250
 2023-07-03 07:38:49 -04:00
Thomas Stromberg
26b50dcf39
Update query count from 220 to 250 2023-07-03 07:37:01 -04:00
Thomas Strömberg
e75b8ecd48
Merge pull request #288 from tstromberg/fpr-jul3 
fpr: Steam, Presenting, Wavebox, multipass, parallels, cargo, dnf, Ki…
 2023-07-03 07:18:25 -04:00
Thomas Stromberg
c9f0b2bee5
fpr: Steam, Presenting, Wavebox, multipass, parallels, cargo, dnf, Kindle, DaveTheDiver 2023-07-03 07:16:14 -04:00
Thomas Strömberg
d59c1de257
Merge pull request #287 from tstromberg/fpr-jun30 
fpr: Brave, Adobe, Signal, Kandji, SteelSeries, etc
 2023-06-30 16:41:49 -04:00
Thomas Stromberg
d74405c817
fpr: Brave, Adobe, Signal, Kandji, SteelSeries, etc 2023-06-30 16:38:31 -04:00
Thomas Strömberg
c71952d3a8
Merge pull request #286 from tstromberg/jokerspy 
New detectors based on JokerSpy research
 2023-06-30 15:40:00 -04:00
Thomas Stromberg
ce03badae4
Reformat 2023-06-30 15:38:56 -04:00
Thomas Strömberg
53a4b60ae1
Merge pull request #285 from tstromberg/jun14 
fpr: terragrunt, mdnsResponder, Spotify, Zoom, VLC, etc
 2023-06-14 11:00:33 -04:00
Thomas Stromberg
cebf617c82 fpr: terragrunt, mdnsResponder, Spotify, Zoom, etc 2023-06-14 10:58:41 -04:00
Thomas Strömberg
77a50ccc18
Merge pull request #284 from tstromberg/jun14 
Improve targeting of Unexpected Chrome Extensions
 2023-06-14 10:34:03 -04:00
Thomas Stromberg
2d8abbaed9 Improve targeting of Unexpected Chrome Extensions 2023-06-14 10:32:11 -04:00
Thomas Strömberg
adfccedb48
Merge pull request #283 from tstromberg/jun12 
fpr: Slack, Gnome, Sigstore, Logitune, etc
 2023-06-12 10:11:30 -04:00
Thomas Stromberg
32328c91f1 fpr: Slack, Gnome, Sigstore, Logitune, etc 2023-06-12 10:10:57 -04:00
Thomas Strömberg
c096acee92
Merge pull request #282 from tstromberg/dns 
Cleanup unexpected-dns-traffic-events
 2023-06-09 09:46:20 -04:00
Thomas Stromberg
b5e765efed Cleanup unexpected-dns-traffic-events 2023-06-09 08:56:17 -04:00
Thomas Strömberg
1654c03677
Merge pull request #281 from tstromberg/less-persist 
recently created: set cutoff to 12h, exclude SteelSeries
 2023-06-09 07:55:46 -04:00
Thomas Stromberg
ccdd5e2d4f set cutoff to 12h, exclude SteelSeries 2023-06-09 07:42:30 -04:00
Thomas Strömberg
57cc0ec64d
Merge pull request #279 from tstromberg/minecraft 
false positive: Minecraft
 2023-06-09 07:35:05 -04:00
Thomas Strömberg
d31c95bac7
Merge pull request #280 from tstromberg/less-persist 
recently created: set cut-off to 30 minutes
 2023-06-09 07:34:54 -04:00
Thomas Stromberg
838e0f6a4d recently created: set cut-off to 30 minutes 2023-06-09 07:29:00 -04:00
Thomas Stromberg
35433beb05 false positive: Minecraft 2023-06-09 07:28:05 -04:00
Thomas Strömberg
bdecfa4996
Merge pull request #278 from tstromberg/multipass 
launchd: Add Canonical exception
 2023-06-09 07:17:22 -04:00
Thomas Stromberg
6adc121c4d launchd: Add Canonical exception 2023-06-09 07:15:24 -04:00
Thomas Strömberg
b8d3eee979
Merge pull request #277 from tstromberg/hidden-provisio 
hidden executable: Add provisio exception
 2023-06-09 07:14:16 -04:00
Thomas Stromberg
d5c6233716 hidden executable: Add provisio exception 2023-06-09 07:12:16 -04:00
Thomas Strömberg
d08fdd38b2
Merge pull request #276 from tstromberg/faster-sockets 
minimal socket client: speed query up
 2023-06-08 20:46:49 -04:00
Thomas Stromberg
cae042cbe5 minimal socket client: speed query up 2023-06-08 20:44:08 -04:00
Thomas Strömberg
e16a74cdc3
Merge pull request #275 from tstromberg/fpr-jun8 
Add exceptions for common hidden directories
 2023-06-08 20:28:48 -04:00
Thomas Stromberg
9851aaa192 Add exceptions for common hidden directories 2023-06-08 20:27:01 -04:00
Thomas Strömberg
a96670dfc3
Merge pull request #274 from tstromberg/fpr-jun8 
Massive false-positive reduction across queries
 2023-06-08 18:30:17 -04:00
Thomas Stromberg
937bcabfec Remove extra file 2023-06-08 18:27:46 -04:00
Thomas Stromberg
ff2ab95431 Remove file sizes from systemd exception key 2023-06-08 18:26:57 -04:00
Thomas Strömberg
06b95a57b3
Merge pull request #272 from tstromberg/unattended 
Add unattended-upgrades.pid (Ubuntu)
 2023-06-07 15:19:58 -04:00
Thomas Strömberg
d6db5838d5
Merge pull request #273 from tstromberg/more-hidden 
hidden home config: Add ~/.config/.* to search criteria
 2023-06-07 15:19:51 -04:00
Thomas Stromberg
7a61b5eced Add ~/.config/.* to search criteria 2023-06-07 15:15:02 -04:00
Thomas Stromberg
404b7125f7 Add unattended-upgrades.pid (Ubuntu 2023-06-07 15:14:09 -04:00
Thomas Strömberg
cd8ec86341
Merge pull request #271 from tstromberg/fpr-jun2 
fpr: macOS, Signal, Creative Labs, node, Ubuntu, Google Earth, xfce4
 2023-06-07 09:58:46 -04:00