RepoMirrors/osquery-defense-kit
1
0
Fork 0
mirror of https://github.com/chainguard-dev/osquery-defense-kit synced 2025-02-18 10:36:56 +00:00
Code Issues Packages Projects Releases Wiki Activity
936 Commits 1 Branch 31 Tags 6.9 MiB
838e0f6a4d
Commit Graph

531 Commits

Author SHA1 Message Date
Thomas Stromberg
838e0f6a4d recently created: set cut-off to 30 minutes 2023-06-09 07:29:00 -04:00
Thomas Strömberg
bdecfa4996
Merge pull request #278 from tstromberg/multipass 
launchd: Add Canonical exception
 2023-06-09 07:17:22 -04:00
Thomas Stromberg
6adc121c4d launchd: Add Canonical exception 2023-06-09 07:15:24 -04:00
Thomas Stromberg
d5c6233716 hidden executable: Add provisio exception 2023-06-09 07:12:16 -04:00
Thomas Strömberg
d08fdd38b2
Merge pull request #276 from tstromberg/faster-sockets 
minimal socket client: speed query up
 2023-06-08 20:46:49 -04:00
Thomas Stromberg
cae042cbe5 minimal socket client: speed query up 2023-06-08 20:44:08 -04:00
Thomas Stromberg
9851aaa192 Add exceptions for common hidden directories 2023-06-08 20:27:01 -04:00
Thomas Stromberg
937bcabfec Remove extra file 2023-06-08 18:27:46 -04:00
Thomas Stromberg
ff2ab95431 Remove file sizes from systemd exception key 2023-06-08 18:26:57 -04:00
Thomas Strömberg
06b95a57b3
Merge pull request #272 from tstromberg/unattended 
Add unattended-upgrades.pid (Ubuntu)
 2023-06-07 15:19:58 -04:00
Thomas Stromberg
7a61b5eced Add ~/.config/.* to search criteria 2023-06-07 15:15:02 -04:00
Thomas Stromberg
404b7125f7 Add unattended-upgrades.pid (Ubuntu 2023-06-07 15:14:09 -04:00
Thomas Stromberg
c8760e0ae1 fpr: macOS, Signal, Creative Labs, node, etc 2023-06-07 09:55:17 -04:00
Thomas Stromberg
349ff58fb2 fpr: xfce4, Google Earth, Ubuntu 2023-06-07 08:58:02 -04:00
Thomas Stromberg
1c3d461392 Add lock exception for pipewire 2023-06-02 19:22:26 -04:00
Thomas Stromberg
066c88dc18 fpr: multipass, go, macOS, Ubuntu, Opera, git, ko 2023-06-02 19:08:08 -04:00
Thomas Stromberg
37ce71b94f Decrease download limits to begin with 2023-06-02 18:03:44 -04:00
Thomas Stromberg
c2ce0ce7d7 New queries: excessive Google Drive exports 2023-06-02 18:01:10 -04:00
Thomas Stromberg
9575d18bc2 fpr: FleetDM, Edge, VSCode, dnf, Steam, etc 2023-06-01 11:52:20 -04:00
Thomas Stromberg
7446b55120 Fix missing apostrophe 2023-05-23 11:55:11 -04:00
Thomas Stromberg
4831794034 Rename from missing-parent 2023-05-23 11:31:58 -04:00
Thomas Stromberg
111c15e20b fpr: macOS, yubikey, Premiere, dnf, vagrant, etc 2023-05-23 11:31:37 -04:00
Thomas Stromberg
56ede74c54 fpr: Parallels, Stream Deck, tflint, gitstatus, snyk 2023-05-17 17:52:55 -04:00
Thomas Stromberg
d9d6a836a7 Update minimal socket exceptions to not rely signatures 2023-05-17 13:21:29 -04:00
Thomas Stromberg
c6eec0ee17 Query tuning after Geacon testing 2023-05-17 10:54:16 -04:00
Thomas Stromberg
24c2baef28 Make process times broadly available, minor opts 2023-05-16 17:18:39 -04:00
Thomas Stromberg
7f86db5521 Improve detection for bpfdoor and similar backdoors. 2023-05-16 16:31:31 -04:00
Thomas Stromberg
93f2f2baf4 Fix comma placement 2023-05-16 10:31:46 -04:00
Thomas Stromberg
d5a94b21d1 fpr: Kolide, macOS, nvidia, neko 2023-05-16 10:28:19 -04:00
Thomas Stromberg
9c87838b9f
fpr: Chrome, Kolide 2023-05-12 16:41:17 -04:00
Thomas Stromberg
26b2b9a4c7
fpr: LGHUB, aomshm, Wisdolia, uubyte, eclipse, etc 2023-05-11 11:29:55 -04:00
Thomas Stromberg
099d6664fe
Remove seldom modifier, reformat 2023-05-11 10:33:51 -04:00
Thomas Stromberg
c58cac1a1f
New detector: unexpected /var/run files 2023-05-11 10:32:17 -04:00
Thomas Stromberg
49debb32c6
fix duplicate cloud-sql-proxy exception 2023-05-08 13:23:20 -04:00
Thomas Stromberg
41d83350a1
make reformat 2023-05-08 13:20:47 -04:00
Thomas Stromberg
778d53b169
Address merge conflicts 2023-05-08 13:11:24 -04:00
Thomas Stromberg
4856a0e80a
fpr: LogiTune, sharingd, gnome, sparkle, plex 2023-05-08 13:07:57 -04:00
Thomas Stromberg
785b7c2bde
fpr: LogiTune, EndeavourOS, less 2023-05-08 12:19:19 -04:00
Thomas Stromberg
9eed574026
fpr: sharingd, sparkle, golang, Snagit 2023-05-05 15:10:54 -04:00
Thomas Stromberg
61d503db0e
Add Zed binaries dir 2023-05-05 12:55:14 -04:00
Thomas Stromberg
272711ae7a
fpr: node, nc, busybox, libvirt, etc 2023-05-05 12:44:46 -04:00
Thomas Stromberg
f3fd822a55
Refactor recently-created-executables to fit within complexity limits 2023-05-03 17:57:58 -04:00
Thomas Stromberg
d7937aa532
Fix trailing comma 2023-05-03 16:56:15 -04:00
Thomas Stromberg
e3b9938db2
Fix trailing comma 2023-05-03 16:30:03 -04:00
Thomas Stromberg
0202e87b73
fpr: libopenblas, snapd, k3d, opera, nix, ssh, cargo, adobe installer 2023-05-03 16:28:00 -04:00
Thomas Stromberg
cc221ae011
sysutils: Add /usr/bin/security (Keychain) 2023-05-03 15:53:33 -04:00
Thomas Stromberg
76cf1006c6
fpr: microbit, i3, Grammarly for Safari, wine 2023-05-02 17:49:53 -04:00
Thomas Stromberg
47124daa01
fpr: RetailMeNot, LogiTune, macOS, mediawriter, etc 2023-05-02 15:25:36 -04:00
Thomas Stromberg
cdd112827a
Add 8801 2023-04-28 14:45:51 -04:00
Thomas Stromberg
1961531adf
fpr: more refactor fallout 2023-04-28 14:40:12 -04:00