osquery-defense-kit

mirror of https://github.com/chainguard-dev/osquery-defense-kit synced 2025-01-10 15:49:31 +00:00

Author	SHA1	Message	Date
Thomas Stromberg	927d2ab025	Add /etc/periodic/*, resort directories	2022-10-14 14:36:41 -04:00
Thomas Stromberg	9889a9308f	Make unexpected-var-executables safe for execution on macOS	2022-10-14 14:31:39 -04:00
Thomas Stromberg	f2023c0021	Update interval tags, mostly for persistence	2022-10-14 14:26:49 -04:00
Thomas Stromberg	ab0fad1c47	Add lost files from the rename	2022-10-14 14:19:32 -04:00
Thomas Stromberg	d2bdffe89e	Add support for interval tags	2022-10-14 14:19:13 -04:00
Thomas Stromberg	06fd003475	Use single-quotes for Kolide compatibility	2022-10-14 10:29:23 -04:00
Thomas Stromberg	d1f1d20192	Fix trailing apostrophe	2022-10-14 10:26:25 -04:00
Thomas Stromberg	8a198b259a	Makefile: Use --verify when packing	2022-10-14 10:25:08 -04:00
Thomas Stromberg	432a727f41	Add Slack Technologies signature	2022-10-14 10:22:50 -04:00
Thomas Stromberg	fd9e8106f9	Give unexpected-modules a better name	2022-10-14 10:18:23 -04:00
Thomas Stromberg	b9a64e8b99	Janitorial maintenance	2022-10-14 10:18:01 -04:00
Thomas Stromberg	488d1aac96	Show process euid instead of uid.	2022-10-14 09:36:28 -04:00
Thomas Stromberg	b2f0c1ca54	Add kernel modules seen on Fedora	2022-10-14 09:30:44 -04:00
Thomas Stromberg	3c6d4968e1	Add two Docker checks that can catch Traitor	2022-10-14 09:16:48 -04:00
Thomas Stromberg	dc9493ee1e	Tighten down the field list, update metadata	2022-10-14 09:16:24 -04:00
Thomas Stromberg	4a7f734c81	Add metadata, mark as Linux only.	2022-10-14 08:42:10 -04:00
Thomas Stromberg	b92b87c4dd	Remove errant file	2022-10-13 18:35:02 -04:00
Thomas Stromberg	10a7091e62	Decrease exotic-events complexity by splitting & simplifying	2022-10-13 18:31:59 -04:00
Thomas Stromberg	1fb2b694bb	Use single quotes	2022-10-13 18:31:36 -04:00
Thomas Stromberg	c6a00b4714	Add markupsafe exception	2022-10-13 18:16:12 -04:00
Thomas Stromberg	d6ae20a73e	Add ipheth, resort.	2022-10-13 18:14:50 -04:00
Thomas Stromberg	6a4a12a261	Add Linear Helper, resort	2022-10-13 18:11:24 -04:00
Thomas Stromberg	91157f6180	Add raw socket exception for tailscale	2022-10-13 18:08:52 -04:00
Thomas Stromberg	d164591365	Add more localhost entries	2022-10-13 18:08:03 -04:00
Thomas Stromberg	27b9e620f2	Add *.wtf to allow list	2022-10-13 18:06:07 -04:00
Thomas Stromberg	9bbc043953	Add CoLab, remove trailing spaces	2022-10-13 18:05:05 -04:00
Thomas Stromberg	3562bc898e	Remove sshd listener false positive	2022-10-13 18:02:14 -04:00
Thomas Stromberg	59dc85a931	Add pipewire-pulse, sort exceptions	2022-10-13 18:00:14 -04:00
Thomas Stromberg	077c8f36fc	Filter out vaikas dev hostnames	2022-10-13 17:58:29 -04:00
Thomas Stromberg	20452b128b	Migrate query strings from double to single apostrophes	2022-10-13 14:59:32 -04:00
Thomas Stromberg	146afa8c7f	Add more information to the README	2022-10-13 14:58:52 -04:00
Thomas Stromberg	220dfc74ea	Install osqtool (unversioned at the moment)	2022-10-13 10:04:18 -04:00
Thomas Stromberg	97343fc348	Add license file	2022-10-13 09:21:11 -04:00
Thomas Stromberg	e785c35614	v0.0.1	2022-10-13 09:11:17 -04:00
Thomas Stromberg	26ee658c4a	Initial re-organization around the MITRE ATT&CK framework	2022-10-11 21:53:36 -04:00
Thomas Stromberg	f13a61c5ad	Add query to find hidden LaunchAgent/LaunchDaemon files	2022-10-10 10:42:06 -04:00
Thomas Stromberg	4c8eec7342	Fix broken queries	2022-10-10 08:01:30 -04:00
Thomas Stromberg	75a858b4ee	Optimize queries for lower false positives	2022-10-07 16:19:18 -04:00
Thomas Stromberg	24abbda57e	More clarity	2022-10-07 12:46:55 -04:00
Thomas Stromberg	1f82dce89c	Remove more false positives, add more detail to sensitive file access	2022-10-05 16:15:40 -04:00
Thomas Stromberg	4ad082f27a	Catch osascript events	2022-10-05 08:41:34 -04:00
Thomas Stromberg	4c2767a0d7	Include /home and /Users	2022-10-05 08:36:35 -04:00
Thomas Stromberg	cffc8cb355	Detect touched executables	2022-10-04 09:37:40 -04:00
Thomas Stromberg	c5759262f8	Small false positive update	2022-10-04 09:37:18 -04:00
Thomas Stromberg	4b61c3bddd	Rewrite query to filter out recently upgraded software	2022-10-03 16:46:37 -04:00
Thomas Stromberg	a5820efa5c	False positive purge, including Ventura additions	2022-10-03 16:27:56 -04:00
Thomas Stromberg	1e206f20c3	New query: executables from the future!	2022-10-03 15:45:08 -04:00
Thomas Stromberg	7e2a2f0be2	Add *vim -> vi exception	2022-09-30 17:55:46 -04:00
Thomas Stromberg	7524d8189c	Add /opt/usr/bin, as used by NodeJS	2022-09-30 17:54:13 -04:00
Thomas Stromberg	ff33ab763c	Add NixOS builder exception	2022-09-30 17:53:38 -04:00

1 2 3 4

155 Commits