Commit Graph

78 Commits

Author SHA1 Message Date
Thomas Stromberg
f16c3cdf53 fpr: sourcegraph, nginx, factorio, fan control, emacs, nushell 2023-09-14 17:13:12 -04:00
Thomas Stromberg
190e8adcfd Merge to master 2023-09-01 17:34:36 -04:00
Thomas Stromberg
84125c4bb1
Remove recently common false positives 2023-09-01 17:09:47 -04:00
Thomas Stromberg
188bc78f4c Fix errors 2023-08-15 18:29:27 -04:00
Thomas Stromberg
dce2eb2af5 Add many exceptions 2023-08-15 18:13:06 -04:00
Thomas Stromberg
ce2f0f06cb
fpr; Keybase, grype, UpdateBrainService, OpenOffice, sqlproxy 2023-07-20 10:56:49 -04:00
Thomas Stromberg
921cdc521e
fpr: nvidia drivers, su, agetty, crystalhd, hercules, etc 2023-07-19 15:22:43 -04:00
Thomas Stromberg
485f69a61c fpr: Revolt, Bearly, user executables, melange 2023-07-13 19:43:35 -04:00
Thomas Stromberg
a0e4183bf4 fpr: Velociraptor, nessus, kandji, java, SteelSeries, etc 2023-07-12 17:38:26 -04:00
Thomas Stromberg
c9f0b2bee5
fpr: Steam, Presenting, Wavebox, multipass, parallels, cargo, dnf, Kindle, DaveTheDiver 2023-07-03 07:16:14 -04:00
Thomas Stromberg
cebf617c82 fpr: terragrunt, mdnsResponder, Spotify, Zoom, etc 2023-06-14 10:58:41 -04:00
Thomas Stromberg
ff2ab95431 Remove file sizes from systemd exception key 2023-06-08 18:26:57 -04:00
Thomas Stromberg
c8760e0ae1 fpr: macOS, Signal, Creative Labs, node, etc 2023-06-07 09:55:17 -04:00
Thomas Stromberg
066c88dc18 fpr: multipass, go, macOS, Ubuntu, Opera, git, ko 2023-06-02 19:08:08 -04:00
Thomas Stromberg
9575d18bc2 fpr: FleetDM, Edge, VSCode, dnf, Steam, etc 2023-06-01 11:52:20 -04:00
Thomas Stromberg
111c15e20b fpr: macOS, yubikey, Premiere, dnf, vagrant, etc 2023-05-23 11:31:37 -04:00
Thomas Stromberg
c6eec0ee17 Query tuning after Geacon testing 2023-05-17 10:54:16 -04:00
Thomas Stromberg
24c2baef28 Make process times broadly available, minor opts 2023-05-16 17:18:39 -04:00
Thomas Stromberg
93f2f2baf4 Fix comma placement 2023-05-16 10:31:46 -04:00
Thomas Stromberg
d5a94b21d1 fpr: Kolide, macOS, nvidia, neko 2023-05-16 10:28:19 -04:00
Thomas Stromberg
41d83350a1
make reformat 2023-05-08 13:20:47 -04:00
Thomas Stromberg
272711ae7a
fpr: node, nc, busybox, libvirt, etc 2023-05-05 12:44:46 -04:00
Thomas Stromberg
0202e87b73
fpr: libopenblas, snapd, k3d, opera, nix, ssh, cargo, adobe installer 2023-05-03 16:28:00 -04:00
Thomas Stromberg
76cf1006c6
fpr: microbit, i3, Grammarly for Safari, wine 2023-05-02 17:49:53 -04:00
Thomas Stromberg
47124daa01
fpr: RetailMeNot, LogiTune, macOS, mediawriter, etc 2023-05-02 15:25:36 -04:00
Thomas Stromberg
df925eaa6c
fpr: lghub, brew, pve, chrome exts, etc 2023-04-20 20:45:35 -04:00
Thomas Stromberg
9c3f783491 fpr everything 2023-04-17 16:20:35 -04:00
Thomas Stromberg
d4dd423745
fpr: Grammarly, semodule, docker-compose, xdg, etc 2023-03-30 18:44:01 -04:00
Thomas Stromberg
9b0ed09c8e
fpr: xdg, docker, dbus, bpfilter_umh, docker, spotify, mage 2023-03-28 16:25:26 -04:00
Thomas Stromberg
7a78199906
fpr: traceroute, thunderbird, garmin installer, chainctl, etc 2023-03-21 14:07:06 -04:00
Thomas Strömberg
621967a085
Merge pull request #230 from tstromberg/split-chmod
Add exceptions for Kandji
2023-03-17 15:49:30 -04:00
Thomas Stromberg
13a95a4f41
Add exceptions for Kandji 2023-03-17 15:46:00 -04:00
Thomas Stromberg
6ddc478df4
fpr: Brother, Intel OneAPI, k6, firefox 2023-03-17 15:08:22 -04:00
Thomas Stromberg
824efa9705
fpr: yum, systemd, cloud-sql-proxy, image-automation-controller, helm, bom, aws 2023-03-14 19:00:44 -04:00
Thomas Stromberg
b3825ba2b9
fpr: Canon Universal Installer, melange, GPG, key names 2023-03-06 15:11:11 -05:00
Thomas Stromberg
f25cfe1399
fpr: aws-sdk, melange, Tailscale, Xprotect, etc 2023-03-03 07:24:42 -05:00
Thomas Stromberg
4150b1ee7c
macOS: Exceptions for TestFlight apps & specifically Kindle 2023-02-24 17:04:34 -05:00
Thomas Stromberg
fb7cd56249
fpr: abrt-dbus, gdm, chrome, ff, etc 2023-02-24 16:30:17 -05:00
Thomas Stromberg
d25a89f241
execdir events macOS: Fix ambiguous path 2023-02-17 12:01:08 -05:00
Thomas Stromberg
cf858d193d
fpr: ACE, Prusa, steam, pacman, Xcode, Adobe 2023-02-14 20:16:02 -05:00
Thomas Stromberg
d897f0b50d
fpr: Nessus, mysql-shell, ntia-checker, Ecamm, CopyClip, etc 2023-02-14 08:33:05 -05:00
Thomas Stromberg
4f4ae0ed38
False positive removal and minor query perf improvements 2023-02-10 10:21:06 -05:00
Thomas Strömberg
eef833287a
Merge pull request #164 from NACHOSWITHCHEESE/fixing-macos-detection-compatibility
Modified detections explicitly targeted towards macOS to not include cgroup field
2023-02-08 20:54:45 -05:00
echunduri
e44dc167e9 Modified detections explicilty targeted towards macOS to not include cgroup_path fields anymore 2023-02-09 10:57:03 +11:00
Thomas Stromberg
e57f03b89f
fpr: Opera, TextExpander, socket_vmnet, elive, etc 2023-02-08 15:12:10 -05:00
Thomas Stromberg
2634e9d45b
Monday morning false-positive purge 2023-02-08 14:37:09 -05:00
Thomas Stromberg
bb3e1f964e
Run make reformat, update max rows for incident response 2023-02-02 17:58:19 -05:00
Thomas Stromberg
2093a26423
Fix broken macOS queries 2023-02-02 15:33:25 -05:00
Thomas Stromberg
cdcb2d48f3
Slow queries down, minor improvements 2023-02-01 16:17:36 -05:00
Thomas Stromberg
e6824d87e9
Run 'make reformat' 2023-01-20 09:24:24 -05:00