osquery-defense-kit

mirror of https://github.com/chainguard-dev/osquery-defense-kit synced 2025-01-10 07:39:26 +00:00

Author	SHA1	Message	Date
Thomas Stromberg	a544ab1f7e	Add exception for vs-kubernetes, add child hash, fix time interval	2022-11-04 10:32:45 -04:00
Thomas Strömberg	03951a790a	Merge pull request #66 from tstromberg/python-dir Add Python exception (signed by Ned Deily)	2022-11-04 10:23:09 -04:00
Thomas Stromberg	87f727fc36	Add Python exception (signed by Ned Deily)	2022-11-04 10:22:35 -04:00
Thomas Strömberg	c1b3ee131f	Merge pull request #65 from tstromberg/main Add karabiner_session_monitor exception	2022-11-04 09:58:49 -04:00
Thomas Stromberg	180efa23e0	Add karabiner_session_monitor exception	2022-11-04 09:57:41 -04:00
Thomas Strömberg	b18c89f3ec	Merge pull request #64 from tstromberg/bugx recently-created-executables: add missing comma	2022-11-04 09:13:10 -04:00
Thomas Stromberg	8de176d191	recently-created-executables: add missing comma	2022-11-04 09:12:38 -04:00
Thomas Strömberg	4aa32afc0d	Merge pull request #63 from tstromberg/hidden-home Add detections for hidden home configuration directories	2022-11-04 08:54:34 -04:00
Thomas Stromberg	d9fd2e9d7c	Add detections for hidden home Library directories	2022-11-04 08:51:17 -04:00
Thomas Stromberg	91f0d3e283	Add detections for hidden home configuration directories	2022-11-04 08:50:34 -04:00
Thomas Strömberg	4350eec870	Merge pull request #62 from tstromberg/more Add more Linux exceptions: spotify-client, ko, jetbrains-toolbox, etc.	2022-11-04 08:12:56 -04:00
Thomas Stromberg	b3fdde9ed7	Add PlayTo for Chromecast	2022-11-04 08:11:33 -04:00
Thomas Stromberg	a29ca8bc2c	jetbrains-toolbox can be owned by anyone	2022-11-04 08:08:43 -04:00
Thomas Stromberg	1790e7b114	Add spotify exception	2022-11-04 08:08:26 -04:00
Thomas Stromberg	35a2162bd7	Add /usr/share/spotify-client	2022-11-04 08:08:09 -04:00
Thomas Stromberg	d74f289c2c	Add snapd and spotify from /usr	2022-11-04 08:07:54 -04:00
Thomas Stromberg	d953cbd0c4	Allow executable tz files in the top-level zoneinfo dir	2022-11-04 08:07:34 -04:00
Thomas Stromberg	948eb2edda	Add tcp/3443 for chrome	2022-11-04 08:07:14 -04:00
Thomas Stromberg	44babb9288	Add exception for ko from a home directory	2022-11-04 08:05:59 -04:00
Thomas Strömberg	a8c020ff30	Merge pull request #61 from tstromberg/fp45 Add pavucontrol and snapd	2022-11-03 16:06:18 -04:00
Thomas Stromberg	2dfc3860ef	Add pavucontrol and snapd	2022-11-03 16:05:07 -04:00
Thomas Strömberg	2ad67759bc	Merge pull request #60 from tstromberg/fp45 Add exception for Discord	2022-11-03 16:03:22 -04:00
Thomas Stromberg	e650ab6abc	Add exception for Discord	2022-11-03 16:02:45 -04:00
Thomas Strömberg	1e2675e8c2	Merge pull request #59 from tstromberg/fp45 Refactor unexpected-execdir-macos-* for fewer false-positives	2022-11-03 16:01:17 -04:00
Thomas Stromberg	f2a9e785fe	Refactor unexpected-execdir events for fewer false-positives	2022-11-03 16:00:19 -04:00
Thomas Strömberg	1049d36ab6	Merge pull request #58 from tstromberg/fp45 New exclsuions: /tmp/.DS_Store, JSON files, LogiTune weirdness, melange build	2022-11-03 14:26:22 -04:00
Thomas Stromberg	187aacf092	Add a melange build exclusion	2022-11-03 14:25:35 -04:00
Thomas Stromberg	fffff696a7	Ignore weird Logitech commands, and add grandparent process info	2022-11-03 14:25:13 -04:00
Thomas Stromberg	dbbe319d72	Ignore JSON files	2022-11-03 14:24:53 -04:00
Thomas Stromberg	baa38a5efb	Ignore /tmp/.DS_Store	2022-11-03 14:24:40 -04:00
Thomas Strömberg	cf3cc1f698	Mention Windows specifically.	2022-11-03 12:31:25 -04:00
Thomas Strömberg	2da4b99781	Merge pull request #57 from tstromberg/fp45 Make another stab at reducing false positives across the map	2022-11-03 11:52:31 -04:00
Thomas Stromberg	e7e714c9db	Make another stab at reducing false positives across the map	2022-11-03 11:51:54 -04:00
Thomas Strömberg	065d358a8b	Merge pull request #56 from tstromberg/fp44 empty environ mac: fix typo in authority field name	2022-11-01 07:21:40 -04:00
Thomas Stromberg	bd8bd02bd3	empty environ mac: fix typo in authority field name	2022-11-01 07:20:57 -04:00
Thomas Strömberg	bdd13408bb	Merge pull request #55 from tstromberg/fp44 talkers-macos: Fix typo in protocol field name	2022-11-01 07:20:29 -04:00
Thomas Stromberg	eb6851df7f	talkers-macos: Fix typo in protocol field name	2022-11-01 07:19:10 -04:00
Thomas Strömberg	b262708555	Merge pull request #54 from tstromberg/fp44 False-positive updates: tailscale, snapd, WPILib, darkfiles	2022-11-01 07:15:50 -04:00
Thomas Stromberg	4464254d62	False-positive updates: tailscale, snapd, WPILib, darkfiles	2022-11-01 07:15:10 -04:00
Thomas Strömberg	eee571888b	Merge pull request #53 from tstromberg/fp44 Loads of fresh new false-positives removal	2022-10-31 17:41:08 -04:00
Thomas Stromberg	caab2a6c82	Loads of fresh new false-positives removal	2022-10-31 17:40:37 -04:00
Thomas Strömberg	3a6b152ab8	Merge pull request #52 from tstromberg/fp44 Add exceptions for Jetbrains/Delve, more for Steam	2022-10-30 12:01:22 -04:00
Thomas Stromberg	3d75593c76	Add exceptions for Jetbrains/Delve, more for Steam	2022-10-30 12:00:43 -04:00
Thomas Strömberg	1543793f3b	Merge pull request #51 from tstromberg/oflow Add exceptions for Steam on Linux	2022-10-30 10:19:56 -04:00
Thomas Stromberg	6e2f7059b5	Add exceptions for Steam on Linux	2022-10-30 10:19:33 -04:00
Thomas Strömberg	cc6ee777c2	Merge pull request #50 from tstromberg/oflow talkers/listeners: Add exceptions for Steam & Java	2022-10-30 10:06:30 -04:00
Thomas Stromberg	cf7b8dcbef	talkers/listeners: Add exceptions for Steam & Java	2022-10-30 10:05:40 -04:00
Thomas Strömberg	05350bbd0e	Merge pull request #49 from tstromberg/oflow More exceptions (whois, go run) + setuid env overflow detection	2022-10-30 09:45:50 -04:00
Thomas Stromberg	5b6a150f81	Address merge conflict	2022-10-30 09:44:25 -04:00
Thomas Stromberg	ee6c532577	Add exception for Twitter on Mac	2022-10-30 09:40:52 -04:00

1 2 3 4 5 ...

427 Commits