RepoMirrors
/
osquery-defense-kit
mirror of https://github.com/chainguard-dev/osquery-defense-kit
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
1,312 Commits 1 Branch 31 Tags 5.6 MiB
Commit Graph

86 Commits

Author SHA1 Message Date
Thomas Stromberg 14a9098a9a
widen query scope 2024-10-16 09:32:00 -04:00
Thomas Stromberg 71282a0a62
Relax checks enough to pass tests 2024-10-11 10:38:07 -04:00
Thomas Stromberg 9a1a4b049e
fpr: prosoft, ujust, kandji-library-manager, etc 2024-09-26 12:40:04 -04:00
Thomas Stromberg 4d0a9fd533
fpr: sequoia, osquery, cups, atops, transmission, etc 2024-09-23 11:07:53 -04:00
Thomas Stromberg 4b10d10520
False-positives be damned 2024-08-27 18:40:43 -04:00
Thomas Stromberg 1facce21f2
fpr: syft, krunner, k9s, espeak, chainctl, supermaven 2024-08-12 13:57:35 -04:00
Thomas Stromberg 00a9f6450b
fpr: sddm-helper, smartd, Xorg, elastic, WebEx, BambuStudio, keepass, etc 2024-07-26 13:26:37 -04:00
Thomas Stromberg 6c292f11af
fpr: kas, bitnami, redis, bincapz, kolide, docker, whatsapp 2024-07-12 16:55:49 -04:00
Thomas Stromberg 4df51743d0
fpr: lima, rpm-ostree, gitsign, kde, python, etc 2024-07-01 21:56:28 -04:00
Thomas Stromberg 6fe74680a0
fpr: June 28 - final rule tuning 2024-06-28 10:08:04 -04:00
Thomas Stromberg 00fa80a0d9
Massive false-positive reduction, particularly for uBlue 2024-06-27 09:23:52 -04:00
Thomas Stromberg 18e05c5a4c
fpr: June 25 2024-06-25 20:48:09 -04:00
Thomas Stromberg ab2535717f
fpr: Fedora Silverblue, MHLinkServer, new terminals 2024-05-23 17:26:33 -04:00
Thomas Stromberg 5dd614f54c
fpr: MHLink, k3d, BlueFin, query tuning 2024-04-26 16:14:02 -04:00
Thomas Stromberg 342d813bf8 fpr: Docker Desktop, code-oss, incus, etc 2024-02-26 17:26:56 -05:00
Thomas Stromberg f87a8e8197 fpr: Elastic, IR, Velociraptor, BitDefender, incus, Adguard 2024-02-16 17:14:11 -05:00
Thomas Stromberg e42ea9a4bc
massive fpr: Rapid7, Elastic, everything 2024-01-26 14:07:37 -05:00
Thomas Stromberg 5d31e8da5f
fpr: psi, arduino, bitdefender, keybase, cody, etc 2024-01-22 10:36:01 -05:00
Thomas Stromberg 310e51d2a2
fpr: Capture One, Grammarly, Mullvad, etc 2023-12-08 17:12:27 -05:00
Thomas Stromberg 6e1e7f29c2
fpr: dbeaver, AwesomeScreenshot, Hyper, etc 2023-11-02 09:39:41 -04:00
Thomas Stromberg 0060bb087e
fpr: aws, java, arch, cody, google, wireshark, etc 2023-10-31 11:40:10 -04:00
Thomas Stromberg 3c2be1c16e
fpr: Kolide, qemu, bash, monday, macOS 2023-10-24 18:01:36 -04:00
Thomas Stromberg bf66053d5c
fpr: containerd, hyper, Docker, Chromium, spotify, busycal 2023-10-02 16:11:44 -04:00
Thomas Stromberg 5f2680ca8b
fpr: Monday, Splunk, Gnome, Git, Grammarly, etc 2023-10-02 11:35:11 -04:00
Thomas Stromberg b39fca4e9f
fpr: RSA keys, tcpdump, login, crane, souregraph, etc 2023-09-20 09:30:46 -04:00
Thomas Stromberg f16c3cdf53 fpr: sourcegraph, nginx, factorio, fan control, emacs, nushell 2023-09-14 17:13:12 -04:00
Thomas Stromberg 84125c4bb1
Remove recently common false positives 2023-09-01 17:09:47 -04:00
Thomas Stromberg 921cdc521e
fpr: nvidia drivers, su, agetty, crystalhd, hercules, etc 2023-07-19 15:22:43 -04:00
Thomas Stromberg d74405c817
fpr: Brave, Adobe, Signal, Kandji, SteelSeries, etc 2023-06-30 16:38:31 -04:00
Thomas Stromberg cebf617c82 fpr: terragrunt, mdnsResponder, Spotify, Zoom, etc 2023-06-14 10:58:41 -04:00
Thomas Stromberg 349ff58fb2 fpr: xfce4, Google Earth, Ubuntu 2023-06-07 08:58:02 -04:00
Thomas Stromberg 066c88dc18 fpr: multipass, go, macOS, Ubuntu, Opera, git, ko 2023-06-02 19:08:08 -04:00
Thomas Stromberg 111c15e20b fpr: macOS, yubikey, Premiere, dnf, vagrant, etc 2023-05-23 11:31:37 -04:00
Thomas Stromberg 272711ae7a
fpr: node, nc, busybox, libvirt, etc 2023-05-05 12:44:46 -04:00
Thomas Stromberg 47124daa01
fpr: RetailMeNot, LogiTune, macOS, mediawriter, etc 2023-05-02 15:25:36 -04:00
Thomas Stromberg 0dc6748dff fpr: LGHUB keys, go, Acrobat, code, yum, fwupdatemgr 2023-03-31 06:19:30 -04:00
Thomas Stromberg 9b0ed09c8e
fpr: xdg, docker, dbus, bpfilter_umh, docker, spotify, mage 2023-03-28 16:25:26 -04:00
Thomas Stromberg 7a78199906
fpr: traceroute, thunderbird, garmin installer, chainctl, etc 2023-03-21 14:07:06 -04:00
Thomas Stromberg fbc2b207b4
fpr: Signal, apko, aws, melange, dash, stern 2023-03-16 17:29:11 -04:00
Thomas Stromberg 824efa9705
fpr: yum, systemd, cloud-sql-proxy, image-automation-controller, helm, bom, aws 2023-03-14 19:00:44 -04:00
Thomas Stromberg b3825ba2b9
fpr: Canon Universal Installer, melange, GPG, key names 2023-03-06 15:11:11 -05:00
Thomas Stromberg f25cfe1399
fpr: aws-sdk, melange, Tailscale, Xprotect, etc 2023-03-03 07:24:42 -05:00
Thomas Stromberg fb7cd56249
fpr: abrt-dbus, gdm, chrome, ff, etc 2023-02-24 16:30:17 -05:00
Thomas Stromberg f87541c945
False positive flush, particularly in talkers 2023-02-17 11:57:23 -05:00
Thomas Stromberg cf858d193d
fpr: ACE, Prusa, steam, pacman, Xcode, Adobe 2023-02-14 20:16:02 -05:00
Thomas Stromberg 8d4531198f
fpr: My ORA, Ecamm, setroubleshootd, etc 2023-02-14 19:46:36 -05:00
Thomas Stromberg d897f0b50d
fpr: Nessus, mysql-shell, ntia-checker, Ecamm, CopyClip, etc 2023-02-14 08:33:05 -05:00
Thomas Stromberg 593991adb8
Purge observed false positives 2023-02-09 17:54:41 -05:00
Thomas Stromberg a8ed058d4d
Query performance improvements, add pids, decrease frequency 2023-02-09 17:01:29 -05:00
Thomas Stromberg 72326c3b5c
Massive reduction of false positives across the board 2023-02-08 20:06:26 -05:00