Thomas Stromberg
|
97343fc348
|
Add license file
|
2022-10-13 09:21:11 -04:00 |
|
Thomas Stromberg
|
e785c35614
|
v0.0.1
|
2022-10-13 09:11:17 -04:00 |
|
Thomas Stromberg
|
26ee658c4a
|
Initial re-organization around the MITRE ATT&CK framework
|
2022-10-11 21:53:36 -04:00 |
|
Thomas Stromberg
|
f13a61c5ad
|
Add query to find hidden LaunchAgent/LaunchDaemon files
|
2022-10-10 10:42:06 -04:00 |
|
Thomas Stromberg
|
4c8eec7342
|
Fix broken queries
|
2022-10-10 08:01:30 -04:00 |
|
Thomas Stromberg
|
75a858b4ee
|
Optimize queries for lower false positives
|
2022-10-07 16:19:18 -04:00 |
|
Thomas Stromberg
|
24abbda57e
|
More clarity
|
2022-10-07 12:46:55 -04:00 |
|
Thomas Stromberg
|
1f82dce89c
|
Remove more false positives, add more detail to sensitive file access
|
2022-10-05 16:15:40 -04:00 |
|
Thomas Stromberg
|
4ad082f27a
|
Catch osascript events
|
2022-10-05 08:41:34 -04:00 |
|
Thomas Stromberg
|
4c2767a0d7
|
Include /home and /Users
|
2022-10-05 08:36:35 -04:00 |
|
Thomas Stromberg
|
cffc8cb355
|
Detect touched executables
|
2022-10-04 09:37:40 -04:00 |
|
Thomas Stromberg
|
c5759262f8
|
Small false positive update
|
2022-10-04 09:37:18 -04:00 |
|
Thomas Stromberg
|
4b61c3bddd
|
Rewrite query to filter out recently upgraded software
|
2022-10-03 16:46:37 -04:00 |
|
Thomas Stromberg
|
a5820efa5c
|
False positive purge, including Ventura additions
|
2022-10-03 16:27:56 -04:00 |
|
Thomas Stromberg
|
1e206f20c3
|
New query: executables from the future!
|
2022-10-03 15:45:08 -04:00 |
|
Thomas Stromberg
|
7e2a2f0be2
|
Add *vim -> vi exception
|
2022-09-30 17:55:46 -04:00 |
|
Thomas Stromberg
|
7524d8189c
|
Add /opt/usr/bin, as used by NodeJS
|
2022-09-30 17:54:13 -04:00 |
|
Thomas Stromberg
|
ff33ab763c
|
Add NixOS builder exception
|
2022-09-30 17:53:38 -04:00 |
|
Thomas Stromberg
|
97028002d3
|
Add more NixOS services
|
2022-09-30 17:53:25 -04:00 |
|
Thomas Stromberg
|
e82125c3d3
|
Add NixOS systemd
|
2022-09-30 17:52:42 -04:00 |
|
Thomas Stromberg
|
822865a0cf
|
Add nix to exception list
|
2022-09-30 17:46:25 -04:00 |
|
Thomas Stromberg
|
0520bedb79
|
Make syncthing port range broader, fix gcloud port number typo
|
2022-09-30 17:45:45 -04:00 |
|
Thomas Stromberg
|
0875483512
|
More false removal
|
2022-09-30 15:42:10 -04:00 |
|
Thomas Stromberg
|
eda6203f34
|
Improve logic for reducing nix-based false positives
|
2022-09-30 14:22:01 -04:00 |
|
Thomas Stromberg
|
a19da8f0b8
|
Add NixOS NetworkManager-dispatcher, sort exceptions
|
2022-09-30 14:21:40 -04:00 |
|
Thomas Stromberg
|
5cf9ce6859
|
Update exceptions for vim, tox, and nix
|
2022-09-30 14:12:45 -04:00 |
|
Thomas Stromberg
|
6bd61b34fd
|
Fix constraint failure
|
2022-09-30 14:12:24 -04:00 |
|
Thomas Stromberg
|
1f177246b1
|
More false positive removal
|
2022-09-30 13:47:10 -04:00 |
|
Thomas Stromberg
|
9689a5c7e2
|
New exfil detector, exception improvements
|
2022-09-30 12:10:18 -04:00 |
|
Thomas Stromberg
|
bb496d8916
|
Add kworker->modprobe exception
|
2022-09-30 11:14:20 -04:00 |
|
Thomas Stromberg
|
0c2b98addd
|
Add wrapper -> cache exception
|
2022-09-30 11:10:06 -04:00 |
|
Thomas Stromberg
|
007332ead4
|
More false positives removal
|
2022-09-29 16:19:30 -04:00 |
|
Thomas Stromberg
|
bda98d88b6
|
Add experimental queries for daemon detection
|
2022-09-29 16:04:07 -04:00 |
|
Thomas Stromberg
|
c5dc2464aa
|
Overdue false positive removal
|
2022-09-29 15:42:27 -04:00 |
|
Thomas Stromberg
|
89cbf9dacf
|
Detect unexpected uid0 programs on Linux
|
2022-09-29 15:42:06 -04:00 |
|
Thomas Stromberg
|
578657051c
|
Reduce false positive events, rename
|
2022-09-29 12:40:44 -04:00 |
|
Thomas Stromberg
|
2adfcec1ae
|
Add teams exception
|
2022-09-29 12:36:26 -04:00 |
|
Thomas Stromberg
|
3713701e76
|
Add exception for Logitech auto-updating software
|
2022-09-29 12:33:23 -04:00 |
|
Thomas Stromberg
|
962b012e2c
|
Be more leniant with lack-of-info filter
|
2022-09-29 12:29:55 -04:00 |
|
Thomas Stromberg
|
21aa79b2e0
|
More false positive reduction, widen Go scope
|
2022-09-29 12:27:52 -04:00 |
|
Thomas Stromberg
|
7611f921e9
|
Add experimental sensitive file access detector
|
2022-09-29 11:38:32 -04:00 |
|
Thomas Stromberg
|
49f2d5a579
|
Add detectors for unexpected executables in strange places
|
2022-09-29 11:38:14 -04:00 |
|
Thomas Stromberg
|
5b7858e3cf
|
More false-positive removal
|
2022-09-27 11:54:17 -04:00 |
|
Thomas Stromberg
|
318d26602f
|
Remove numerous false positives
|
2022-09-26 18:27:43 -04:00 |
|
Thomas Stromberg
|
26e1070bc6
|
Update exceptions for syncthing, geoclue, packagekitd, yum, aws, depmod, pingsender
|
2022-09-26 18:15:08 -04:00 |
|
Thomas Stromberg
|
b50f06bdfe
|
Add exceptions for xcode-select, yum, nix-daemon
|
2022-09-26 18:13:48 -04:00 |
|
Thomas Stromberg
|
997c441b79
|
Add chainctl exception
|
2022-09-26 18:12:27 -04:00 |
|
Thomas Stromberg
|
909f907096
|
Add exceptions for firefox and gjs-console
|
2022-09-26 18:11:36 -04:00 |
|
Thomas Stromberg
|
796c2af84c
|
Add exceptions for gnome, python, pipewire
|
2022-09-26 18:09:00 -04:00 |
|
Thomas Stromberg
|
4ca5233fe8
|
Add new exceptions
|
2022-09-26 18:08:21 -04:00 |