RepoMirrors
/
osquery-defense-kit
mirror of https://github.com/chainguard-dev/osquery-defense-kit
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
1,108 Commits 1 Branch 31 Tags 5.7 MiB
Commit Graph

135 Commits

Author SHA1 Message Date
Thomas Stromberg e42ea9a4bc
massive fpr: Rapid7, Elastic, everything 2024-01-26 14:07:37 -05:00
Thomas Stromberg 5d31e8da5f
fpr: psi, arduino, bitdefender, keybase, cody, etc 2024-01-22 10:36:01 -05:00
Thomas Stromberg ceec1718f9
fpr: snap, mutedeck, idea, Chrome exts 2024-01-18 17:15:37 -05:00
Thomas Stromberg 229a32a61e
fpr: sourcegraph,phantombuster,iterm,cody,stickers 2024-01-09 16:14:00 -05:00
Thomas Stromberg c2c29a1a52
Optimize performance with Google Chrome image mounted 2024-01-08 18:47:36 -05:00
Thomas Stromberg 1304d66783
Add more Elastic exceptions 2024-01-08 17:55:30 -05:00
Thomas Stromberg 8b9894ec74
filter out CSV from yara 2023-12-15 17:12:50 -05:00
Thomas Stromberg 800e4aa2cc
fpr: kind of everything 2023-12-15 17:10:06 -05:00
Thomas Stromberg 310e51d2a2
fpr: Capture One, Grammarly, Mullvad, etc 2023-12-08 17:12:27 -05:00
Thomas Stromberg 6e1e7f29c2
fpr: dbeaver, AwesomeScreenshot, Hyper, etc 2023-11-02 09:39:41 -04:00
Thomas Stromberg 0060bb087e
fpr: aws, java, arch, cody, google, wireshark, etc 2023-10-31 11:40:10 -04:00
Thomas Stromberg 3c2be1c16e
fpr: Kolide, qemu, bash, monday, macOS 2023-10-24 18:01:36 -04:00
Thomas Stromberg bf66053d5c
fpr: containerd, hyper, Docker, Chromium, spotify, busycal 2023-10-02 16:11:44 -04:00
Thomas Stromberg 5f2680ca8b
fpr: Monday, Splunk, Gnome, Git, Grammarly, etc 2023-10-02 11:35:11 -04:00
Thomas Stromberg f73263bece
fpr: docker, fish, Stream Deck, rsync, lima, macOS 2023-09-26 15:14:38 -04:00
Thomas Stromberg 2bbc2f6c97
split detection pack into subpacks 2023-09-20 17:43:39 -04:00
Thomas Strömberg 547fe50fca
Merge pull request #314 from tstromberg/yara 
YARA rules everywhere!
 2023-09-20 17:13:43 -04:00
Thomas Stromberg 6781b46375
YARA rules everywhere! 2023-09-20 17:03:21 -04:00
Thomas Stromberg b39fca4e9f
fpr: RSA keys, tcpdump, login, crane, souregraph, etc 2023-09-20 09:30:46 -04:00
Thomas Strömberg 9963a4e3c6
Merge pull request #307 from tstromberg/fpr-sep14 
fpr: sourcegraph, nginx, factorio, fan control, emacs, nushell
 2023-09-14 17:16:30 -04:00
Thomas Strömberg 6adfb1d109
Merge pull request #304 from tstromberg/infostealerz 
Add primitive name-based detection for possible InfoStealers
 2023-09-14 17:14:07 -04:00
Thomas Stromberg f16c3cdf53 fpr: sourcegraph, nginx, factorio, fan control, emacs, nushell 2023-09-14 17:13:12 -04:00
Thomas Stromberg e2d6fa58a7
Add primitive name-based detection for possible InfoStealers 2023-09-12 10:19:22 -04:00
Thomas Stromberg 190e8adcfd Merge to master 2023-09-01 17:34:36 -04:00
Thomas Stromberg b889cde6d5 Additional fixes for Ventura & Capture One 2023-09-01 17:27:27 -04:00
Thomas Stromberg 84125c4bb1
Remove recently common false positives 2023-09-01 17:09:47 -04:00
Thomas Stromberg dce2eb2af5 Add many exceptions 2023-08-15 18:13:06 -04:00
Thomas Stromberg 921cdc521e
fpr: nvidia drivers, su, agetty, crystalhd, hercules, etc 2023-07-19 15:22:43 -04:00
Thomas Stromberg 485f69a61c fpr: Revolt, Bearly, user executables, melange 2023-07-13 19:43:35 -04:00
Thomas Stromberg a0e4183bf4 fpr: Velociraptor, nessus, kandji, java, SteelSeries, etc 2023-07-12 17:38:26 -04:00
Thomas Stromberg c9f0b2bee5
fpr: Steam, Presenting, Wavebox, multipass, parallels, cargo, dnf, Kindle, DaveTheDiver 2023-07-03 07:16:14 -04:00
Thomas Stromberg d74405c817
fpr: Brave, Adobe, Signal, Kandji, SteelSeries, etc 2023-06-30 16:38:31 -04:00
Thomas Stromberg cebf617c82 fpr: terragrunt, mdnsResponder, Spotify, Zoom, etc 2023-06-14 10:58:41 -04:00
Thomas Stromberg 32328c91f1 fpr: Slack, Gnome, Sigstore, Logitune, etc 2023-06-12 10:10:57 -04:00
Thomas Stromberg c8760e0ae1 fpr: macOS, Signal, Creative Labs, node, etc 2023-06-07 09:55:17 -04:00
Thomas Stromberg 349ff58fb2 fpr: xfce4, Google Earth, Ubuntu 2023-06-07 08:58:02 -04:00
Thomas Stromberg 066c88dc18 fpr: multipass, go, macOS, Ubuntu, Opera, git, ko 2023-06-02 19:08:08 -04:00
Thomas Stromberg 9575d18bc2 fpr: FleetDM, Edge, VSCode, dnf, Steam, etc 2023-06-01 11:52:20 -04:00
Thomas Stromberg 111c15e20b fpr: macOS, yubikey, Premiere, dnf, vagrant, etc 2023-05-23 11:31:37 -04:00
Thomas Stromberg 24c2baef28 Make process times broadly available, minor opts 2023-05-16 17:18:39 -04:00
Thomas Stromberg 26b2b9a4c7
fpr: LGHUB, aomshm, Wisdolia, uubyte, eclipse, etc 2023-05-11 11:29:55 -04:00
Thomas Stromberg 41d83350a1
make reformat 2023-05-08 13:20:47 -04:00
Thomas Stromberg 272711ae7a
fpr: node, nc, busybox, libvirt, etc 2023-05-05 12:44:46 -04:00
Thomas Stromberg 47124daa01
fpr: RetailMeNot, LogiTune, macOS, mediawriter, etc 2023-05-02 15:25:36 -04:00
Thomas Stromberg 02337c28f0
fpr: cleanup and new additions 2023-04-27 12:00:08 -04:00
Thomas Stromberg df925eaa6c
fpr: lghub, brew, pve, chrome exts, etc 2023-04-20 20:45:35 -04:00
Thomas Stromberg 9c3f783491 fpr everything 2023-04-17 16:20:35 -04:00
Thomas Stromberg 0dc6748dff fpr: LGHUB keys, go, Acrobat, code, yum, fwupdatemgr 2023-03-31 06:19:30 -04:00
Thomas Stromberg d4dd423745
fpr: Grammarly, semodule, docker-compose, xdg, etc 2023-03-30 18:44:01 -04:00
Thomas Stromberg 9b0ed09c8e
fpr: xdg, docker, dbus, bpfilter_umh, docker, spotify, mage 2023-03-28 16:25:26 -04:00