RepoMirrors
/
osquery-defense-kit
mirror of https://github.com/chainguard-dev/osquery-defense-kit
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
1,312 Commits 1 Branch 31 Tags 5.6 MiB
Commit Graph

22 Commits

Author SHA1 Message Date
Thomas Stromberg 781f1a33af
fpr + Mark touched-executable as extra on macOS 2024-10-24 11:20:06 -04:00
Thomas Stromberg 61fe50ce72
Add google-cloud-sdk log-streaming 2024-07-12 17:01:34 -04:00
Thomas Stromberg 4df51743d0
fpr: lima, rpm-ostree, gitsign, kde, python, etc 2024-07-01 21:56:28 -04:00
Thomas Stromberg 5ef3c88213
Overdue False Positive Reduction 2024-03-29 10:12:36 -04:00
Thomas Stromberg e42ea9a4bc
massive fpr: Rapid7, Elastic, everything 2024-01-26 14:07:37 -05:00
Thomas Stromberg ceec1718f9
fpr: snap, mutedeck, idea, Chrome exts 2024-01-18 17:15:37 -05:00
Thomas Stromberg c6eec0ee17 Query tuning after Geacon testing 2023-05-17 10:54:16 -04:00
Thomas Stromberg fbdd253d6a
fpr: post-refactor talker reduction 2023-04-28 14:09:57 -04:00
Thomas Stromberg b3825ba2b9
fpr: Canon Universal Installer, melange, GPG, key names 2023-03-06 15:11:11 -05:00
Thomas Stromberg fb7cd56249
fpr: abrt-dbus, gdm, chrome, ff, etc 2023-02-24 16:30:17 -05:00
Thomas Stromberg 76d5c8564b
Resolve latest reported false positives 2022-12-02 11:20:18 -05:00
Thomas Stromberg 8e3d6a1614
False positives: melange, ~/dev, debian-sa1, AdBlock, cover, kubelr, etc 2022-11-18 10:27:43 -05:00
Thomas Stromberg 9f63e3b21d
Begin making use of cgroup_paths, clear more false positives 2022-11-16 16:52:39 -05:00
Thomas Stromberg febf6cfebd
Remove newer access time check, add Sublime/Microsoft exclusion 2022-11-16 10:56:58 -05:00
Thomas Stromberg e7e714c9db
Make another stab at reducing false positives across the map 2022-11-03 11:51:54 -04:00
Thomas Stromberg 576dfb5ed6
Add Cloud SDK exception 2022-10-29 11:44:29 -04:00
Thomas Stromberg 6bb1785df9
Add carevout for /nix/store and caskroom 2022-10-21 11:40:47 -04:00
Thomas Stromberg 9373952f18
Add exception for local kubectl binary 2022-10-20 13:15:26 -04:00
Thomas Stromberg ab94de7770
Add a lot more mitre data 2022-10-19 16:56:32 -04:00
Thomas Stromberg d2bdffe89e
Add support for interval tags 2022-10-14 14:19:13 -04:00
Thomas Stromberg 20452b128b
Migrate query strings from double to single apostrophes 2022-10-13 14:59:32 -04:00
Thomas Stromberg 26ee658c4a
Initial re-organization around the MITRE ATT&CK framework 2022-10-11 21:53:36 -04:00