RepoMirrors
/
osquery-defense-kit
mirror of https://github.com/chainguard-dev/osquery-defense-kit
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
69 Commits 1 Branch 31 Tags 5.7 MiB
Commit Graph

69 Commits

Author SHA1 Message Date
Thomas Stromberg 629cc9934a
Weekend false-positive removal 2022-09-26 14:25:32 -04:00
Thomas Stromberg 8b622cc77e
Format everything with 'npx sql-formatter -l sqlite' 2022-09-24 11:12:23 -04:00
Thomas Stromberg 7a1a4972d7
Weekend false-positive removal 2022-09-24 11:07:34 -04:00
Thomas Stromberg 45fa951863
Friday night whitelisting party 2022-09-23 18:07:05 -04:00
Thomas Stromberg 2bea92e57e
Remove more false positives 2022-09-23 16:37:51 -04:00
Thomas Stromberg a91c9720f3
More false-positive removal 2022-09-23 13:03:11 -04:00
Thomas Stromberg c9dfaa8376
Add unexpected volume contents (experimental) 2022-09-23 10:36:11 -04:00
Thomas Stromberg 08554e752b
More false-positive removal 2022-09-23 10:35:45 -04:00
Thomas Stromberg 47a1f0cf95
Rewrite systemd alerts to deal better with NixOS where the checksums and file sizes are constantly changing 2022-09-23 09:47:16 -04:00
Thomas Stromberg fa13acb040
Tune false positives and fields 2022-09-23 09:33:44 -04:00
Thomas Stromberg 16bcba11f7
Productionize 2022-09-23 09:33:18 -04:00
Thomas Stromberg 092bdfe5a3
More post-release fixes, update quoting 2022-09-23 06:54:40 -04:00
Thomas Stromberg 310b528320
Minor output tuning 2022-09-22 19:50:49 -04:00
Thomas Stromberg 481581c616
Launch day final cleanup 2022-09-22 19:35:24 -04:00
Thomas Stromberg 77ba879daa
Launch day fixes 2022-09-22 13:18:16 -04:00
Thomas Stromberg b1e2a6251d
Add an events-based DNS traffic alert 2022-09-22 05:28:36 -04:00
Thomas Stromberg 37eca56cb5
More whitelisting 2022-09-22 05:18:03 -04:00
Thomas Stromberg 3dfda437ab
More tuning, quiet deaths 2022-09-21 13:34:10 -04:00
Thomas Stromberg 0c54748749
Add detector for mysterious DNS traffic 2022-09-21 13:30:44 -04:00
Thomas Stromberg d4ea7d411e
Fix many broken queries 2022-09-21 10:30:17 -04:00
Thomas Stromberg bd5b37b646
More tuning, more queries 2022-09-21 07:42:51 -04:00
Thomas Stromberg ed90aba6e8
Linux: Whitelist /dev/tty% 2022-09-21 07:42:23 -04:00
Thomas Stromberg e9c7c97858
Every day I'm tuning it 2022-09-20 21:56:01 -04:00
Thomas Stromberg 1965aaaab4
More Linux/macOS splits to get signature support 2022-09-20 17:46:47 -04:00
Thomas Stromberg 87f5608824
Add more data to privesc, rewrite systemd units 2022-09-20 09:47:52 -04:00
Thomas Stromberg 0ff3b09f18
Rewrite unexpected-listening-port, split Linux/macOS 2022-09-20 08:47:52 -04:00
Thomas Stromberg 2ed9d394d5
Rewrite sketchy events, remove some false positives 2022-09-20 08:16:06 -04:00
Thomas Stromberg b75c7d5404
More tuning 2022-09-16 14:21:42 -04:00
Thomas Stromberg f5696431c7
More filtering 2022-09-16 11:22:50 -04:00
Thomas Stromberg 0371505d75
More tuning 2022-09-15 15:34:59 -04:00
Thomas Stromberg 1065e8d9dc
More filtering of false positives 2022-09-15 11:28:50 -04:00
Thomas Stromberg 8ff5e914eb
More tuning 2022-09-15 09:34:45 -04:00
Thomas Stromberg d0569425b7
More tuning 2022-09-14 10:51:56 -04:00
Thomas Stromberg f54f2ee527
More false-positive removal 2022-09-14 07:54:39 -04:00
Thomas Stromberg 8e05e69465
whitelist more launchd entries 2022-09-13 21:25:04 -04:00
Thomas Stromberg a512597ace
Lots of treats for the boys and girls 2022-09-13 20:46:04 -04:00
Thomas Stromberg 11d0d67f74
Add more modules 2022-09-13 05:36:18 -04:00
Thomas Stromberg 9810fe8e28
Detect unexpected modules and try our hand at exotic command access 2022-09-12 19:22:41 -04:00
Thomas Stromberg 197804e51b
More monday tuning 2022-09-12 18:25:18 -04:00
Thomas Stromberg e919bdde9f
Add parent-missing-from-disk whitelists 2022-09-12 11:19:28 -04:00
Thomas Stromberg 868f1ff13b
Monday morning tuning 2022-09-12 11:17:51 -04:00
Thomas Stromberg 78b49a38b2
More tuning 2022-09-12 06:52:28 -04:00
Thomas Stromberg 6df0447760
More tuning, more scripts 2022-09-11 15:07:54 -04:00
Thomas Stromberg 58c8161d22
Add bpf detector 2022-09-10 15:14:46 -04:00
Thomas Stromberg e5973acc25
Second weekend tuning 2022-09-10 13:10:54 -04:00
Thomas Stromberg 763b9eaed6
Add crontab query 2022-09-10 07:56:40 -04:00
Thomas Stromberg 7e210049bf
First weekend tuning 2022-09-10 07:24:17 -04:00
Thomas Stromberg c6797e3496
Reorganize paths, tune queries a bit 2022-09-09 12:51:52 -04:00
Thomas Stromberg dea818239f
More scripts 2022-09-09 10:16:28 -04:00
Thomas Stromberg d7a549759b
More tuning 2022-09-08 20:50:15 -04:00