osquery-defense-kit

mirror of https://github.com/chainguard-dev/osquery-defense-kit synced 2025-02-02 18:51:37 +00:00

Author	SHA1	Message	Date
Thomas Stromberg	7a78199906	fpr: traceroute, thunderbird, garmin installer, chainctl, etc	2023-03-21 14:07:06 -04:00
Thomas Stromberg	fbab3701c0	fpr: Docker, Zwift, macOS updates, etc	2023-03-20 17:05:02 -04:00
Thomas Stromberg	7ceb7b2b19	fpr: NetworkManager, packer, rancher desktop, proxmox, sd	2023-03-17 06:32:54 -04:00
Thomas Stromberg	fbc2b207b4	fpr: Signal, apko, aws, melange, dash, stern	2023-03-16 17:29:11 -04:00
Thomas Stromberg	824efa9705	fpr: yum, systemd, cloud-sql-proxy, image-automation-controller, helm, bom, aws	2023-03-14 19:00:44 -04:00
Thomas Stromberg	b3825ba2b9	fpr: Canon Universal Installer, melange, GPG, key names	2023-03-06 15:11:11 -05:00
Thomas Stromberg	f25cfe1399	fpr: aws-sdk, melange, Tailscale, Xprotect, etc	2023-03-03 07:24:42 -05:00
Thomas Stromberg	fb7cd56249	fpr: abrt-dbus, gdm, chrome, ff, etc	2023-02-24 16:30:17 -05:00
Thomas Stromberg	e8cf7ecbe3	fpr: exceptions for pacman, StreamDeck, gcloud, Rocket, thunderbird	2023-02-20 18:04:17 -05:00
Thomas Stromberg	f87541c945	False positive flush, particularly in talkers	2023-02-17 11:57:23 -05:00
Thomas Stromberg	cf858d193d	fpr: ACE, Prusa, steam, pacman, Xcode, Adobe	2023-02-14 20:16:02 -05:00
Thomas Stromberg	8d4531198f	fpr: My ORA, Ecamm, setroubleshootd, etc	2023-02-14 19:46:36 -05:00
Thomas Stromberg	d897f0b50d	fpr: Nessus, mysql-shell, ntia-checker, Ecamm, CopyClip, etc	2023-02-14 08:33:05 -05:00
Thomas Stromberg	4f4ae0ed38	False positive removal and minor query perf improvements	2023-02-10 10:21:06 -05:00
Thomas Stromberg	593991adb8	Purge observed false positives	2023-02-09 17:54:41 -05:00
Thomas Stromberg	a8ed058d4d	Query performance improvements, add pids, decrease frequency	2023-02-09 17:01:29 -05:00
Thomas Stromberg	eddefaae48	Fix gcloud exclusion, sort queries	2023-02-08 20:53:19 -05:00
Thomas Stromberg	72326c3b5c	Massive reduction of false positives across the board	2023-02-08 20:06:26 -05:00
Thomas Stromberg	e57f03b89f	fpr: Opera, TextExpander, socket_vmnet, elive, etc	2023-02-08 15:12:10 -05:00
Thomas Stromberg	2634e9d45b	Monday morning false-positive purge	2023-02-08 14:37:09 -05:00
Thomas Stromberg	c55c0225ac	Replace unexpected-vol-names with sketchy-mounted-diskimage	2023-02-08 10:14:32 -05:00
Thomas Stromberg	d302a9ff55	Purge false positives, again and again	2023-02-02 21:46:53 -05:00
Thomas Stromberg	9ea6486121	Fix start-iap-tunnel matching	2023-02-02 20:55:46 -05:00
Thomas Stromberg	bb3e1f964e	Run make reformat, update max rows for incident response	2023-02-02 17:58:19 -05:00
Thomas Stromberg	2093a26423	Fix broken macOS queries	2023-02-02 15:33:25 -05:00
Thomas Stromberg	f9dce0a72d	Include more process information across queries	2023-02-01 13:55:55 -05:00
Thomas Stromberg	bc2cde9673	Fix typo with zed entry	2023-01-30 15:01:21 -05:00
Thomas Stromberg	45ab183557	fpr: New Chrome etxensions, vbox, chrome, gcloud, gdm3, yay, etc	2023-01-30 14:58:47 -05:00
Thomas Stromberg	141ab28310	False positives: autodocs, jupyter, apko	2023-01-27 10:38:01 -05:00
Thomas Stromberg	bd9320acfa	Include possible volume sources	2023-01-27 10:36:37 -05:00
Thomas Stromberg	66ee3484c0	Remove unused active fields, add WhatsApp ioreg exception	2023-01-27 08:46:48 -05:00
Thomas Stromberg	d51bd731a1	fpr: Parallels, nerdctl, Xorg, nvidia, Stream, etc	2023-01-26 20:40:47 -05:00
Thomas Stromberg	7d8fa35eb4	fpr: Github Absolute Date, Snagit, Figma, Seagate, aws, etc	2023-01-26 16:30:14 -05:00
Thomas Stromberg	f5fe9a4aac	Refactor process_events queries for more accurate parenting	2023-01-26 11:40:54 -05:00
Thomas Stromberg	83cc38207e	fpr: minikube, tailscale, dex, pacman, virtualbox, steam, lsmod, busybox, etc	2023-01-23 20:33:52 -05:00
Thomas Stromberg	f7c1557aee	fpr: libinput, kue, updatedb, mariadb, terraform	2023-01-23 08:13:04 -05:00
Thomas Stromberg	280b187b20	fpr: systemctl calls, go tests, WebEx, MariaDB, Brave	2023-01-20 17:55:48 -05:00
Thomas Stromberg	dc154a6199	FPR: Meta Pixel Helper, systemctl, pia-daemon, 1Passwd, iTerm, Brave	2023-01-20 09:04:00 -05:00
Thomas Stromberg	8e9ae0fda3	Less false positives: particularly among systemctl calls	2023-01-20 08:40:08 -05:00
Thomas Stromberg	710ca28ed9	False positives: apt-daily, github runner, Slack helper, Foxit, syncthing	2023-01-19 11:52:31 -05:00
Thomas Stromberg	ef5d8afdd0	False positives: homekit, setxid overflows, buildx, tmp files	2023-01-18 10:57:43 -05:00
Thomas Stromberg	7b79b19090	False positive reduction: Messenger, Chrome, Final Cut Pro, etc	2023-01-18 09:49:56 -05:00
Thomas Stromberg	d415b36b57	FP removal: Selenium, PolKit helper, gephi, docker-credential-gcloud, firejail, etc	2023-01-16 12:56:39 -05:00
Thomas Stromberg	e3401a07c6	Weekend false-positive flush	2023-01-14 08:19:26 -05:00
Thomas Stromberg	cb896b9e10	Filter out new false positives	2023-01-13 15:24:18 -05:00
Thomas Stromberg	1b79359b68	Friday False Positive Flush	2023-01-13 14:10:43 -05:00
Thomas Strömberg	cb0ed647d8	Merge branch 'main' into bugfixesJan13	2023-01-13 13:56:19 -05:00
Thomas Stromberg	c045daa8f9	Remove Python whitelist, see pymafka	2023-01-13 13:47:19 -05:00
Thomas Stromberg	dd3149a34b	Add support for .pkg files	2023-01-13 13:47:02 -05:00
Thomas Stromberg	420d269025	Reformat and reduce false positives	2023-01-09 15:10:48 -05:00

1 2

85 Commits