RepoMirrors/osquery-defense-kit
1
0
Fork 0
mirror of https://github.com/chainguard-dev/osquery-defense-kit synced 2024-12-13 17:44:33 +00:00
Code Issues Packages Projects Releases Wiki Activity
296 Commits 1 Branch 31 Tags 5.8 MiB
a00af6c1fa
Commit Graph

296 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Thomas Stromberg
a00af6c1fa
Merge another day worth of false positives 2022-10-27 10:23:15 -04:00
Thomas Strömberg
aa4c6ce411
Merge pull request #36 from tstromberg/false-purge-day2 
detection: Reduce Linux desktop false positives
 2022-10-25 21:31:58 -04:00
Thomas Stromberg
ff7cb5f00f
Address merge conflict 2022-10-25 21:31:32 -04:00
Thomas Strömberg
d44b91b41c
Merge pull request #35 from tstromberg/osascript-alfred 
osascript: Pull parent events data, Add Alfred exclusion
 2022-10-25 21:28:09 -04:00
Thomas Stromberg
239df4ea1f
Reduce more false positives found on macOS and Linux 2022-10-25 21:27:41 -04:00
Thomas Stromberg
23351973ea
detection: Reduce Linux desktop false positives 2022-10-25 11:39:51 -04:00
Thomas Stromberg
e6a24545c2
Add update-notifier -> pkexec exception 2022-10-25 09:20:18 -04:00
Thomas Stromberg
058e74bca9
Merge to head 2022-10-24 14:45:49 -04:00
Thomas Stromberg
7d5503373b
Add Alfred exclusion, fix Zoom exclusion 2022-10-24 14:40:51 -04:00
Thomas Strömberg
159c864e58
Merge pull request #34 from tstromberg/zoom-exc 
osascript: Add exception for Zoom controller
 2022-10-24 13:58:57 -04:00
Thomas Stromberg
04409029cb
Add exception for Zoom controller 2022-10-24 11:28:26 -04:00
Thomas Strömberg
6cfd5a548e
Merge pull request #30 from tstromberg/etc-hosts 
Ignore /etc/hosts records pointing to 127.x.x.x
 2022-10-24 11:11:55 -04:00
Thomas Strömberg
50f4c3d452
Merge pull request #31 from tstromberg/talkers-ff 
Add exception for firefox-wrapper on port 80
 2022-10-24 11:11:13 -04:00
Thomas Strömberg
d6e70ebcc3
Merge pull request #32 from tstromberg/osascript 
osascript: Add parent signing information
 2022-10-24 11:10:59 -04:00
Thomas Strömberg
ed84a59a66
Merge pull request #33 from tstromberg/recent-updates 
CloudNativeSecurityCon Day 1 False-Positive Cleanup
 2022-10-24 11:10:42 -04:00
Thomas Stromberg
17f77468f4
Add coreduetd exception 2022-10-24 11:09:21 -04:00
Thomas Stromberg
2f7e76d23c
Add exception for User-Agent Switcher 2022-10-24 11:09:07 -04:00
Thomas Stromberg
2578d0ab8a
Add exceptions for Chrome subprocesses 2022-10-24 11:08:28 -04:00
Thomas Stromberg
43d143e640
Add GitKraken QUIC exception 2022-10-24 11:07:39 -04:00
Thomas Stromberg
e1e6662345
Add exceptions for java, yay 2022-10-24 11:07:20 -04:00
Thomas Stromberg
5d4d8ff5c0
Add exceptions for java, yay 2022-10-24 11:06:46 -04:00
Thomas Stromberg
a7c26908db
osascript: Add parent signing information 2022-10-24 10:06:22 -04:00
Thomas Stromberg
e9ad2660a2
Address merge conflict 2022-10-24 10:04:26 -04:00
Thomas Strömberg
7db5a93273
Merge pull request #29 from tstromberg/reformat3 
noop: Run 'make reformat' on exotic-commands
 2022-10-24 10:02:15 -04:00
Thomas Stromberg
f0617d5ee2
unexpected-osascript: Include signature data 2022-10-24 10:00:58 -04:00
Thomas Stromberg
cfed94d0d9
Add exception for firefox-wrapper on port 80 2022-10-21 18:15:41 -04:00
Thomas Stromberg
5ebe05daf7
Ignore any /etc/hosts pointing to 127.x.x.x 2022-10-21 17:49:12 -04:00
Thomas Strömberg
e643bf4ab0
Merge pull request #28 from tstromberg/false-positives-again2 
linux talkers: Add another firefox & chainctl exception
 2022-10-21 17:46:40 -04:00
Thomas Strömberg
b10b6d1cbf
Merge pull request #27 from tstromberg/osascript 
Fix broken osascript script, move duplicate check out of exotic
 2022-10-21 17:46:28 -04:00
Thomas Stromberg
f305aae1ca
noop: Run 'make reformat' 2022-10-21 17:45:43 -04:00
Thomas Stromberg
7d3590f9a1
Add another firefox & chainctl exception 2022-10-21 17:44:53 -04:00
Thomas Stromberg
8516aec8c3
Fix broken osascript script, move duplicate check out of exotic 2022-10-21 17:42:44 -04:00
Thomas Strömberg
9351a6cd5b
Merge pull request #26 from tstromberg/bugfixes 
Fix incorrect table joins, incorrect platform names, and apply SQL formatting
 2022-10-21 17:41:30 -04:00
Thomas Stromberg
13d10c6af1
Add spacing (sqlformat) 2022-10-21 17:39:53 -04:00
Thomas Stromberg
dab3b3b878
Fix platform name: darwin instead of macos 2022-10-21 17:39:35 -04:00
Thomas Stromberg
878f6e1b71
Fix hash JOIN table name 2022-10-21 17:39:01 -04:00
Thomas Stromberg
3a944b2af8
Fix platform name: darwin 2022-10-21 17:38:47 -04:00
Thomas Stromberg
eedfdfb23d
Fix table joins: hash->phash 2022-10-21 17:38:29 -04:00
Thomas Stromberg
e90dc53072
Add newline 2022-10-21 17:37:35 -04:00
Thomas Strömberg
c86073ecaf
Merge pull request #24 from chainguard-dev/fp3 
False-positive removal: grype, gedit, mov, abrt-action, dnf
 2022-10-21 14:13:50 -04:00
Thomas Stromberg
fdb891ba0b
False-positive removal: grype, gedit, mov, abrt-action, dnf 2022-10-21 14:13:29 -04:00
Thomas Strömberg
c1807aa19a
Merge pull request #23 from chainguard-dev/exotica 
Filter out sh -i if launched by sh, ukh if launchedb by lima, Socket.…
 2022-10-21 14:12:48 -04:00
Thomas Stromberg
356db76a44
Filter out sh -i if launched by sh, ukh if launchedb by lima, Socket. if launched by compile 2022-10-21 14:11:45 -04:00
Thomas Strömberg
f9b411d27b
Merge pull request #19 from chainguard-dev/false-positives-again 
Fix corrupt docker-container-mounting-root query, flush out false positives
 2022-10-21 12:19:10 -04:00
Thomas Stromberg
a64465f07b
Add exception for melange/wolfi 2022-10-21 12:13:16 -04:00
Thomas Stromberg
195330da9a
Fix docker-mounting-root query that got stomped on 2022-10-21 12:05:06 -04:00
Thomas Stromberg
9f2423a51e
Add exception for Fumihiko Takayama (Karabiner-Elements) 2022-10-21 11:50:52 -04:00
Thomas Stromberg
ffead2f717
Add Google Chat, Youtube, Bardeen, Leadjet 2022-10-21 11:49:54 -04:00
Thomas Stromberg
515f51daa6
Raise bps limit, add exception for systemd 2022-10-21 11:46:17 -04:00
Thomas Stromberg
ed6f37e11b
Record children, add known hosts exception for limactl 2022-10-21 11:45:25 -04:00