RepoMirrors
/
osquery-defense-kit
mirror of https://github.com/chainguard-dev/osquery-defense-kit
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
168 Commits 1 Branch 31 Tags 5.7 MiB
Commit Graph

168 Commits

Author SHA1 Message Date
Thomas Stromberg 8ddd5764e8
Remove some false positives 2022-10-17 20:57:56 -04:00
Thomas Stromberg 9bf85e3137
Flush out more false positives 2022-10-17 20:37:44 -04:00
Thomas Stromberg 2b5ea76729
Apply 'npx sql-formatter -l sqlite' 2022-10-17 19:06:17 -04:00
Thomas Stromberg 984f754990
Add more false positive filters 2022-10-17 19:01:16 -04:00
Thomas Stromberg d89335a21e
Add child/grandchild, filter out zfs recv false positive 2022-10-17 18:46:00 -04:00
Thomas Stromberg 58dec12a49
Remove some false positives 2022-10-17 17:31:47 -04:00
Thomas Stromberg 9c233f5248
Decrease poll time to 60 seconds 2022-10-17 17:31:32 -04:00
Thomas Stromberg 5c7ec52350
Lower polling time to once a minute 2022-10-17 17:30:41 -04:00
Thomas Stromberg de51dcdfcb
Minor adjustments 2022-10-17 17:11:15 -04:00
Thomas Stromberg b72e052c09
Split env-values is case it helps decrease CPU time 2022-10-17 17:10:51 -04:00
Thomas Stromberg 9616a6ab36
Use 'rapid' instead of 'continous' for tagging 2022-10-17 08:43:29 -04:00
Thomas Stromberg 27a3013bba
Split up the unexpected-filesystem-entries by platform 2022-10-14 15:14:24 -04:00
Thomas Stromberg fa49494e36
Add /var/run/current-system/sw/bin 2022-10-14 14:37:22 -04:00
Thomas Stromberg 927d2ab025
Add /etc/periodic/*, resort directories 2022-10-14 14:36:41 -04:00
Thomas Stromberg 9889a9308f
Make unexpected-var-executables safe for execution on macOS 2022-10-14 14:31:39 -04:00
Thomas Stromberg f2023c0021
Update interval tags, mostly for persistence 2022-10-14 14:26:49 -04:00
Thomas Stromberg ab0fad1c47
Add lost files from the rename 2022-10-14 14:19:32 -04:00
Thomas Stromberg d2bdffe89e
Add support for interval tags 2022-10-14 14:19:13 -04:00
Thomas Stromberg 06fd003475
Use single-quotes for Kolide compatibility 2022-10-14 10:29:23 -04:00
Thomas Stromberg d1f1d20192
Fix trailing apostrophe 2022-10-14 10:26:25 -04:00
Thomas Stromberg 8a198b259a
Makefile: Use --verify when packing 2022-10-14 10:25:08 -04:00
Thomas Stromberg 432a727f41
Add Slack Technologies signature 2022-10-14 10:22:50 -04:00
Thomas Stromberg fd9e8106f9
Give unexpected-modules a better name 2022-10-14 10:18:23 -04:00
Thomas Stromberg b9a64e8b99
Janitorial maintenance 2022-10-14 10:18:01 -04:00
Thomas Stromberg 488d1aac96
Show process euid instead of uid. 2022-10-14 09:36:28 -04:00
Thomas Stromberg b2f0c1ca54
Add kernel modules seen on Fedora 2022-10-14 09:30:44 -04:00
Thomas Stromberg 3c6d4968e1
Add two Docker checks that can catch Traitor 2022-10-14 09:16:48 -04:00
Thomas Stromberg dc9493ee1e
Tighten down the field list, update metadata 2022-10-14 09:16:24 -04:00
Thomas Stromberg 4a7f734c81
Add metadata, mark as Linux only. 2022-10-14 08:42:10 -04:00
Thomas Stromberg b92b87c4dd
Remove errant file 2022-10-13 18:35:02 -04:00
Thomas Stromberg 10a7091e62
Decrease exotic-events complexity by splitting & simplifying 2022-10-13 18:31:59 -04:00
Thomas Stromberg 1fb2b694bb
Use single quotes 2022-10-13 18:31:36 -04:00
Thomas Stromberg c6a00b4714
Add markupsafe exception 2022-10-13 18:16:12 -04:00
Thomas Stromberg d6ae20a73e
Add ipheth, resort. 2022-10-13 18:14:50 -04:00
Thomas Stromberg 6a4a12a261
Add Linear Helper, resort 2022-10-13 18:11:24 -04:00
Thomas Stromberg 91157f6180
Add raw socket exception for tailscale 2022-10-13 18:08:52 -04:00
Thomas Stromberg d164591365
Add more localhost entries 2022-10-13 18:08:03 -04:00
Thomas Stromberg 27b9e620f2
Add *.wtf to allow list 2022-10-13 18:06:07 -04:00
Thomas Stromberg 9bbc043953
Add CoLab, remove trailing spaces 2022-10-13 18:05:05 -04:00
Thomas Stromberg 3562bc898e
Remove sshd listener false positive 2022-10-13 18:02:14 -04:00
Thomas Stromberg 59dc85a931
Add pipewire-pulse, sort exceptions 2022-10-13 18:00:14 -04:00
Thomas Stromberg 077c8f36fc
Filter out vaikas dev hostnames 2022-10-13 17:58:29 -04:00
Thomas Stromberg 20452b128b
Migrate query strings from double to single apostrophes 2022-10-13 14:59:32 -04:00
Thomas Stromberg 146afa8c7f
Add more information to the README 2022-10-13 14:58:52 -04:00
Thomas Stromberg 220dfc74ea
Install osqtool (unversioned at the moment) 2022-10-13 10:04:18 -04:00
Thomas Stromberg 97343fc348
Add license file 2022-10-13 09:21:11 -04:00
Thomas Stromberg e785c35614
v0.0.1 2022-10-13 09:11:17 -04:00
Thomas Stromberg 26ee658c4a
Initial re-organization around the MITRE ATT&CK framework 2022-10-11 21:53:36 -04:00
Thomas Stromberg f13a61c5ad
Add query to find hidden LaunchAgent/LaunchDaemon files 2022-10-10 10:42:06 -04:00
Thomas Stromberg 4c8eec7342
Fix broken queries 2022-10-10 08:01:30 -04:00