osquery-defense-kit

Commit Graph

Author	SHA1	Message	Date
egibs	9a95064139	Add exceptions for Xcode, Zen browser, Hugo, Krew, and more Signed-off-by: egibs <20933572+egibs@users.noreply.github.com>	2024-10-29 12:18:07 -05:00
Thomas Strömberg	29c2844af0	Merge pull request #412 from r0cketlad/main fpr: bwrap	2024-10-29 10:36:42 -04:00
Dave Smith	f4559b3f97	fpr: bwrap	2024-10-29 09:34:42 -04:00
Dave Smith	a695f5d2f5	Merge pull request #410 from tstromberg/oct25 fpr: kubectl, zoom, /opt, chrome, Autodesk Fusion, GitButler	2024-10-25 16:38:43 -04:00
Dave Smith	98d214e2ad	Merge pull request #411 from chainguard-dev/r0cketlad-patch-1 add extra tag to high_disk_bytes_read.sql	2024-10-25 16:36:47 -04:00
Dave Smith	0c10622a50	add extra tag to high_disk_bytes_read.sql Signed-off-by: Dave Smith <dave.smith@chainguard.dev>	2024-10-25 14:17:32 -04:00
Thomas Strömberg	7fad85ceeb	Merge pull request #409 from chainguard-dev/r0cketlad-patch-1 add extra tag to unified_log_macos.sql	2024-10-25 11:29:55 -04:00
Thomas Stromberg	1c17532ae8	fpr: kubectl, zoom, /opt, chrome, Autodesk Fusion	2024-10-25 11:29:40 -04:00
Dave Smith	3a005452ee	add extra tag to unified_log_macos.sql Signed-off-by: Dave Smith <dave.smith@chainguard.dev>	2024-10-25 10:53:19 -04:00
Dave Smith	f59a4bdb58	Merge pull request #408 from chainguard-dev/r0cketlad-patch-1 add extra tag to setxid-cmdline-overflow-attempt.sql	2024-10-24 19:37:25 -04:00
Dave Smith	7ad81b16c2	add extra tag to setxid-cmdline-overflow-attempt.sql Signed-off-by: Dave Smith <dave.smith@chainguard.dev>	2024-10-24 18:42:46 -04:00
Thomas Strömberg	59575e227b	Merge pull request #407 from tstromberg/oct24 refactor minimal-socket-client-macos, fpr for AWS, Valve, Sparkle, Streamdeck, Python	2024-10-24 15:55:10 -04:00
Thomas Stromberg	462fbef639	Mark as extra, as this query is racey	2024-10-24 15:36:21 -04:00
Thomas Stromberg	bf8b60cd33	Fix cursor placement	2024-10-24 15:36:05 -04:00
Thomas Stromberg	0b41ec5d07	unexpected fetcher parents: add Cursor Helper	2024-10-24 15:34:04 -04:00
Thomas Stromberg	f038dc7557	fpr, refactor minimal-socket-client-macos	2024-10-24 15:12:33 -04:00
Thomas Strömberg	a46fa30676	Merge pull request #406 from tstromberg/talkers-borken-merge unexpected-talkers-macos: fix broken merge	2024-10-24 11:56:25 -04:00
Thomas Strömberg	d4946eb86e	Merge pull request #405 from tstromberg/oct24 fpr, de-extra minimal-socket, +extra touched-executable-macos	2024-10-24 11:56:15 -04:00
Thomas Stromberg	38ced95bc2	fix broken merge	2024-10-24 11:33:35 -04:00
Thomas Stromberg	25f0e14790	add more exceptions	2024-10-24 11:31:28 -04:00
Thomas Stromberg	781f1a33af	fpr + Mark touched-executable as extra on macOS	2024-10-24 11:20:06 -04:00
Thomas Strömberg	c4b6da1596	Merge pull request #403 from tstromberg/oct23	2024-10-23 17:48:48 -04:00
Thomas Stromberg	f3baa1d042	fpr: wider talkers exception, chrome extensions, postgres	2024-10-23 17:28:37 -04:00
Thomas Strömberg	1bbf419bfc	Merge pull request #402 from tstromberg/oct23 fpr: bpftool, curl, pulumi, Docker Desktop, go tests	2024-10-23 11:41:03 -04:00
Thomas Strömberg	c8e99a5ee1	Merge pull request #400 from r0cketlad/21oct2024 small fpr push	2024-10-23 11:40:41 -04:00
Thomas Stromberg	78d243abf0	fpr: bpftool, curl, pulumi, Docker Desktop, go tests	2024-10-23 10:59:37 -04:00
Dave Smith	fbf9a565c6	Update evenly-timestomped.sql Signed-off-by: Dave Smith <dave.smith@chainguard.dev>	2024-10-23 10:02:37 -04:00
Dave Smith	899fc1dfca	Update unexpected-setuid-binaries.sql Signed-off-by: Dave Smith <dave.smith@chainguard.dev>	2024-10-23 08:32:35 -04:00
Dave Smith	fe868f4bbb	Update evenly-timestomped.sql Signed-off-by: Dave Smith <dave.smith@chainguard.dev>	2024-10-23 08:31:20 -04:00
Thomas Strömberg	5c7bdbc31f	Merge pull request #401 from tstromberg/oct22 fpr: tune-ppd, lightdm, nami, brave, grype, gradle, etc	2024-10-22 16:32:07 -04:00
Thomas Stromberg	81180803ae	fpr: tune-ppd, lightdm, nami, gradle, etc	2024-10-22 16:12:21 -04:00
Dave Smith	9a69bb55ba	small fpr push	2024-10-22 08:20:24 -04:00
Thomas Strömberg	67ce4cd92a	Merge pull request #397 from tstromberg/linux-device-refactor	2024-10-21 11:57:08 -04:00
Thomas Strömberg	2ff2fa431e	Merge pull request #399 from tstromberg/fpr-oct21	2024-10-21 11:56:53 -04:00
Thomas Strömberg	638266bddc	Merge pull request #398 from tstromberg/hidden-exec2	2024-10-21 11:56:39 -04:00
Thomas Strömberg	194f3ce17b	Merge pull request #391 from tstromberg/faster-talkers Performance refactor for unexpected-talkers-macos	2024-10-21 10:32:02 -04:00
Thomas Stromberg	56a764ec05	add /dev/std* as characters, fix perm/mode	2024-10-21 10:27:16 -04:00
Thomas Stromberg	5d109ec6fd	minor tweaks	2024-10-21 10:23:43 -04:00
Thomas Stromberg	69850c42af	Add Tailscale/Cisco	2024-10-21 10:22:21 -04:00
Thomas Stromberg	2da853b35e	fpr: bwrap, malcontent, ld, metallb	2024-10-21 10:15:59 -04:00
Thomas Stromberg	f7fd6bb2ae	hidden executable refactor	2024-10-21 10:14:43 -04:00
Thomas Stromberg	122a63c2a3	better /dev/shm handling!	2024-10-21 10:13:38 -04:00
Thomas Stromberg	8667622ef4	unexpected linux device: Include file types	2024-10-21 09:57:54 -04:00
Thomas Stromberg	e22dcbf0ee	Merge branch 'main' into faster-talkers	2024-10-18 09:45:39 -04:00
Thomas Strömberg	1054dfe297	Merge pull request #396 from tstromberg/oct17 fpr: alf, hidden paths, proc names, listeners, systemd	2024-10-17 12:05:16 -04:00
Thomas Stromberg	3cbb0ab34c	fpr: alf, hidden paths, proc names, listeners, systemd	2024-10-17 11:44:47 -04:00
Thomas Strömberg	0090392de3	Merge pull request #395 from r0cketlad/16Oct2024 refactoring alerts to reduce noise	2024-10-16 15:01:44 -04:00
Dave Smith	f71898ca70	refactoring alerts to reduce noise	2024-10-16 14:59:43 -04:00
Thomas Strömberg	575261ac12	Merge pull request #394 from tstromberg/osqtool upgrade osqtool dependency to v1.4.2	2024-10-16 14:12:49 -04:00
Thomas Stromberg	f99e6bdc1e	upgrade osqtool to v1.4.2	2024-10-16 10:24:16 -04:00

1 2 3 4 5 ...

1273 Commits All Branches Search

1273 Commits

All Branches