osquery-defense-kit

mirror of https://github.com/chainguard-dev/osquery-defense-kit synced 2025-02-09 14:06:53 +00:00

Author	SHA1	Message	Date
Thomas Stromberg	897c96bd33	Remove more in-the-wild false positives	2022-10-27 16:55:00 -04:00
Thomas Stromberg	4a25a0c410	Improve perforance by re-ordering JOIN's	2022-10-27 16:54:41 -04:00
Thomas Stromberg	22da8cce66	Rewrite process_envs queries for faster performance	2022-10-27 11:26:35 -04:00
Thomas Stromberg	ffbc65697f	Add exception for /usr/bin/bash	2022-10-27 10:41:14 -04:00
Thomas Stromberg	a00af6c1fa	Merge another day worth of false positives	2022-10-27 10:23:15 -04:00
Thomas Stromberg	ff7cb5f00f	Address merge conflict	2022-10-25 21:31:32 -04:00
Thomas Stromberg	239df4ea1f	Reduce more false positives found on macOS and Linux	2022-10-25 21:27:41 -04:00
Thomas Stromberg	23351973ea	detection: Reduce Linux desktop false positives	2022-10-25 11:39:51 -04:00
Thomas Stromberg	058e74bca9	Merge to head	2022-10-24 14:45:49 -04:00
Thomas Stromberg	7d5503373b	Add Alfred exclusion, fix Zoom exclusion	2022-10-24 14:40:51 -04:00
Thomas Stromberg	04409029cb	Add exception for Zoom controller	2022-10-24 11:28:26 -04:00
Thomas Strömberg	d6e70ebcc3	Merge pull request #32 from tstromberg/osascript osascript: Add parent signing information	2022-10-24 11:10:59 -04:00
Thomas Stromberg	2578d0ab8a	Add exceptions for Chrome subprocesses	2022-10-24 11:08:28 -04:00
Thomas Stromberg	a7c26908db	osascript: Add parent signing information	2022-10-24 10:06:22 -04:00
Thomas Strömberg	7db5a93273	Merge pull request #29 from tstromberg/reformat3 noop: Run 'make reformat' on exotic-commands	2022-10-24 10:02:15 -04:00
Thomas Strömberg	b10b6d1cbf	Merge pull request #27 from tstromberg/osascript Fix broken osascript script, move duplicate check out of exotic	2022-10-21 17:46:28 -04:00
Thomas Stromberg	f305aae1ca	noop: Run 'make reformat'	2022-10-21 17:45:43 -04:00
Thomas Stromberg	8516aec8c3	Fix broken osascript script, move duplicate check out of exotic	2022-10-21 17:42:44 -04:00
Thomas Stromberg	dab3b3b878	Fix platform name: darwin instead of macos	2022-10-21 17:39:35 -04:00
Thomas Stromberg	878f6e1b71	Fix hash JOIN table name	2022-10-21 17:39:01 -04:00
Thomas Strömberg	c86073ecaf	Merge pull request #24 from chainguard-dev/fp3 False-positive removal: grype, gedit, mov, abrt-action, dnf	2022-10-21 14:13:50 -04:00
Thomas Stromberg	fdb891ba0b	False-positive removal: grype, gedit, mov, abrt-action, dnf	2022-10-21 14:13:29 -04:00
Thomas Stromberg	356db76a44	Filter out sh -i if launched by sh, ukh if launchedb by lima, Socket. if launched by compile	2022-10-21 14:11:45 -04:00
Thomas Stromberg	ed6f37e11b	Record children, add known hosts exception for limactl	2022-10-21 11:45:25 -04:00
Thomas Strömberg	dfe9f64953	Merge pull request #18 from chainguard-dev/reformat2 Reduce query intervals for some higher overhead queries	2022-10-20 14:56:38 -04:00
Thomas Stromberg	7d568898c1	Reduce query intervals for some higher overhead queries	2022-10-20 14:56:16 -04:00
Thomas Stromberg	1020cd6991	exotic commands (state-based): Add UserKnownHostsFile from event based, fix phash join	2022-10-20 14:31:36 -04:00
Thomas Stromberg	d55d1db202	Add /usr/local/bin	2022-10-20 14:11:35 -04:00
Thomas Stromberg	7de03e7fbc	Reduce false positives	2022-10-20 08:04:24 -04:00
Thomas Stromberg	cee1710f74	Finish out the incident_response refactor	2022-10-19 16:19:53 -04:00
Thomas Stromberg	1bbd284a3c	Work through another series of false positives	2022-10-19 15:26:03 -04:00
Thomas Stromberg	7483c845f4	Split the recently-created-executables between macOS/Linux	2022-10-18 14:42:26 -04:00
Thomas Stromberg	8679ca943d	More false positive management	2022-10-18 14:26:47 -04:00
Thomas Stromberg	535d835290	Simplify exotic commands queries, remove more false positives	2022-10-18 11:32:18 -04:00
Thomas Stromberg	5839a20fb3	Detect more	2022-10-18 10:08:34 -04:00
Thomas Stromberg	346309f3d2	Add missing apostrophe	2022-10-17 21:08:29 -04:00
Thomas Stromberg	9bf85e3137	Flush out more false positives	2022-10-17 20:37:44 -04:00
Thomas Stromberg	2b5ea76729	Apply 'npx sql-formatter -l sqlite'	2022-10-17 19:06:17 -04:00
Thomas Stromberg	984f754990	Add more false positive filters	2022-10-17 19:01:16 -04:00
Thomas Stromberg	58dec12a49	Remove some false positives	2022-10-17 17:31:47 -04:00
Thomas Stromberg	9c233f5248	Decrease poll time to 60 seconds	2022-10-17 17:31:32 -04:00
Thomas Stromberg	5c7ec52350	Lower polling time to once a minute	2022-10-17 17:30:41 -04:00
Thomas Stromberg	b72e052c09	Split env-values is case it helps decrease CPU time	2022-10-17 17:10:51 -04:00
Thomas Stromberg	9616a6ab36	Use 'rapid' instead of 'continous' for tagging	2022-10-17 08:43:29 -04:00
Thomas Stromberg	27a3013bba	Split up the unexpected-filesystem-entries by platform	2022-10-14 15:14:24 -04:00
Thomas Stromberg	ab0fad1c47	Add lost files from the rename	2022-10-14 14:19:32 -04:00
Thomas Stromberg	d2bdffe89e	Add support for interval tags	2022-10-14 14:19:13 -04:00
Thomas Stromberg	10a7091e62	Decrease exotic-events complexity by splitting & simplifying	2022-10-13 18:31:59 -04:00
Thomas Stromberg	c6a00b4714	Add markupsafe exception	2022-10-13 18:16:12 -04:00
Thomas Stromberg	20452b128b	Migrate query strings from double to single apostrophes	2022-10-13 14:59:32 -04:00

1 2

51 Commits