osquery-defense-kit

mirror of https://github.com/chainguard-dev/osquery-defense-kit synced 2025-03-06 02:37:30 +00:00

Author	SHA1	Message	Date
Thomas Stromberg	fb6af4858a	chmod events: broaden snap exception	2023-03-17 10:52:28 -04:00
Thomas Stromberg	2bfd736d37	Use p0_cmd instead of p0.cmdline	2023-03-17 06:37:18 -04:00
Thomas Stromberg	7ceb7b2b19	fpr: NetworkManager, packer, rancher desktop, proxmox, sd	2023-03-17 06:32:54 -04:00
Thomas Stromberg	8154560703	chmod events: Include macOS, improve results	2023-03-17 06:24:26 -04:00
Thomas Stromberg	fbc2b207b4	fpr: Signal, apko, aws, melange, dash, stern	2023-03-16 17:29:11 -04:00
Thomas Stromberg	af9a78236e	New detector: unexpected chmod exec event	2023-03-16 16:53:32 -04:00
Thomas Stromberg	824efa9705	fpr: yum, systemd, cloud-sql-proxy, image-automation-controller, helm, bom, aws	2023-03-14 19:00:44 -04:00
Thomas Stromberg	09652bd91f	fpr: SA keys, libgtop, haproxy, gvproxy, slirp	2023-03-14 16:05:16 -04:00
Thomas Stromberg	b3825ba2b9	fpr: Canon Universal Installer, melange, GPG, key names	2023-03-06 15:11:11 -05:00
Thomas Stromberg	f25cfe1399	fpr: aws-sdk, melange, Tailscale, Xprotect, etc	2023-03-03 07:24:42 -05:00
Thomas Stromberg	12a5507907	Optimize recently-created-executables-macos	2023-02-24 17:24:09 -05:00
Thomas Stromberg	4150b1ee7c	macOS: Exceptions for TestFlight apps & specifically Kindle	2023-02-24 17:04:34 -05:00
Thomas Stromberg	fb7cd56249	fpr: abrt-dbus, gdm, chrome, ff, etc	2023-02-24 16:30:17 -05:00
Thomas Stromberg	995c1e1104	Fixes so that ODK can run under CI	2023-02-24 12:15:56 -05:00
Thomas Stromberg	d904ca60cf	Add exceptions for Debian running under lima	2023-02-23 10:33:10 -05:00
Thomas Stromberg	baab22e282	Run make reformat-updates	2023-02-20 19:12:51 -05:00
Thomas Stromberg	d3780c0a6c	Remove ubuntu-lts false-positives on lima	2023-02-20 19:10:12 -05:00
Thomas Stromberg	e8cf7ecbe3	fpr: exceptions for pacman, StreamDeck, gcloud, Rocket, thunderbird	2023-02-20 18:04:17 -05:00
Thomas Stromberg	c2b0423606	Rewrite exotic-command-events-linux with INSTR to decrease CPU time	2023-02-17 16:39:52 -05:00
Thomas Stromberg	d25a89f241	execdir events macOS: Fix ambiguous path	2023-02-17 12:01:08 -05:00
Thomas Stromberg	f87541c945	False positive flush, particularly in talkers	2023-02-17 11:57:23 -05:00
Thomas Stromberg	00398d447b	Look for setuid binaries in /usr/libexec too	2023-02-17 10:41:28 -05:00
Thomas Stromberg	bc359d69ce	Linux events: decrease CPU usage of elevated children & execdir	2023-02-17 10:40:58 -05:00
Thomas Stromberg	5eefbd0dba	Add chattr, setenforce to unexpected-sysutils	2023-02-14 20:35:24 -05:00
Thomas Stromberg	cf858d193d	fpr: ACE, Prusa, steam, pacman, Xcode, Adobe	2023-02-14 20:16:02 -05:00
Thomas Stromberg	8d4531198f	fpr: My ORA, Ecamm, setroubleshootd, etc	2023-02-14 19:46:36 -05:00
Thomas Stromberg	d897f0b50d	fpr: Nessus, mysql-shell, ntia-checker, Ecamm, CopyClip, etc	2023-02-14 08:33:05 -05:00
Thomas Stromberg	34282eacec	Increase polling interval to 15 min	2023-02-10 10:24:20 -05:00
Thomas Stromberg	0b6e503627	New check: Launch Constraint Violation (macOS)	2023-02-10 10:22:13 -05:00
Thomas Stromberg	4f4ae0ed38	False positive removal and minor query perf improvements	2023-02-10 10:21:06 -05:00
Thomas Stromberg	593991adb8	Purge observed false positives	2023-02-09 17:54:41 -05:00
Thomas Stromberg	a1105fec93	Fix broken updates to exotic-commands-macos	2023-02-09 17:06:09 -05:00
Thomas Stromberg	a8ed058d4d	Query performance improvements, add pids, decrease frequency	2023-02-09 17:01:29 -05:00
Thomas Strömberg	eef833287a	Merge pull request #164 from NACHOSWITHCHEESE/fixing-macos-detection-compatibility Modified detections explicitly targeted towards macOS to not include cgroup field	2023-02-08 20:54:45 -05:00
Thomas Stromberg	72326c3b5c	Massive reduction of false positives across the board	2023-02-08 20:06:26 -05:00
echunduri	e44dc167e9	Modified detections explicilty targeted towards macOS to not include cgroup_path fields anymore	2023-02-09 10:57:03 +11:00
Thomas Stromberg	e57f03b89f	fpr: Opera, TextExpander, socket_vmnet, elive, etc	2023-02-08 15:12:10 -05:00
Thomas Stromberg	2634e9d45b	Monday morning false-positive purge	2023-02-08 14:37:09 -05:00
Thomas Stromberg	9652464b27	Add local port and address to network queries	2023-02-08 10:12:44 -05:00
Thomas Stromberg	d302a9ff55	Purge false positives, again and again	2023-02-02 21:46:53 -05:00
Thomas Stromberg	2bdb9f2f3e	Add more macOS software authorities	2023-02-02 20:53:22 -05:00
Thomas Stromberg	668f012a92	Remove 'launchctl load' as an exotic event (too noisy)	2023-02-02 20:44:14 -05:00
Thomas Stromberg	1cf0a1e89d	Remove zsh from exotic list	2023-02-02 20:35:30 -05:00
Thomas Stromberg	bb3e1f964e	Run make reformat, update max rows for incident response	2023-02-02 17:58:19 -05:00
Thomas Stromberg	809645a3bf	Add new Kolide id, fix some debug lines	2023-02-02 17:42:46 -05:00
Thomas Stromberg	05cfd6fa98	Speed up exotic-commands-macos from minutes to seconds	2023-02-02 17:16:17 -05:00
Thomas Stromberg	bad629b783	Fix errant platform setting	2023-02-02 16:54:43 -05:00
Thomas Stromberg	ccf7ba413e	macOS: Add exceptions for AppleInstallType.plist & osquery	2023-02-02 16:36:17 -05:00
Thomas Stromberg	2093a26423	Fix broken macOS queries	2023-02-02 15:33:25 -05:00
Thomas Stromberg	cdcb2d48f3	Slow queries down, minor improvements	2023-02-01 16:17:36 -05:00

1 2 3 4 5

211 Commits