RepoMirrors
/
osquery-defense-kit
mirror of https://github.com/chainguard-dev/osquery-defense-kit
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
787 Commits 1 Branch 31 Tags 5.7 MiB
Commit Graph

787 Commits

Author SHA1 Message Date
Thomas Stromberg af9a78236e
New detector: unexpected chmod exec event 2023-03-16 16:53:32 -04:00
Thomas Stromberg 2e10bdf52b
Add unexpected libcurl detector 2023-03-16 16:10:25 -04:00
Thomas Stromberg 824efa9705
fpr: yum, systemd, cloud-sql-proxy, image-automation-controller, helm, bom, aws 2023-03-14 19:00:44 -04:00
Thomas Stromberg 09652bd91f
fpr: SA keys, libgtop, haproxy, gvproxy, slirp 2023-03-14 16:05:16 -04:00
Thomas Strömberg 2f16dda2a7
Merge pull request #217 from tstromberg/mismatch 
Rewrite name/path mismatch for lower maintenance
 2023-03-14 15:25:24 -04:00
Thomas Stromberg 0c03324296
Reduce fuziness of matching 2023-03-14 15:11:33 -04:00
Thomas Stromberg e23b34dc7b
Rewrite name/path mismatch for lower maintenance 2023-03-09 21:11:24 -05:00
Thomas Strömberg 57700fd007
Merge pull request #216 from tstromberg/fpr-mar6 
fpr: Canon Universal Installer, melange, GPG, key names
 2023-03-06 21:14:10 -05:00
Thomas Stromberg b3825ba2b9
fpr: Canon Universal Installer, melange, GPG, key names 2023-03-06 15:11:11 -05:00
Thomas Strömberg cb8162d3c6
Merge pull request #215 from tstromberg/fpr-mar4 
Add dhclient uid0 exception, as appears in Debian
 2023-03-04 13:22:06 -05:00
Thomas Stromberg 89439e7959
Merge to head 2023-03-04 13:21:42 -05:00
Thomas Stromberg 83de333882
Add dhclient uid0 exception, as appears in Debian 2023-03-04 13:20:26 -05:00
Thomas Strömberg 5e9503490a
Merge pull request #214 from tstromberg/main 
Add a runnable osquery.conf example
 2023-03-04 13:04:44 -05:00
Thomas Stromberg 2700c780b7
Add a runnable osquery.conf example 2023-03-04 13:03:30 -05:00
Thomas Strömberg fb583d964b
Merge pull request #213 from tstromberg/fpr-mar3 
fpr: aws certs, AdobePIM, slack
 2023-03-04 12:21:14 -05:00
Thomas Stromberg 81b09ae711
fpr: aws certs, AdobePIM, slack 2023-03-04 12:20:53 -05:00
Thomas Strömberg 158e5fa696
Merge pull request #212 from tstromberg/fpr-mar3 
fpr: aws-sdk, melange, Tailscale, Xprotect, etc
 2023-03-03 07:26:32 -05:00
Thomas Stromberg f25cfe1399
fpr: aws-sdk, melange, Tailscale, Xprotect, etc 2023-03-03 07:24:42 -05:00
Thomas Strömberg 6d05dbc2da
Merge pull request #211 from tstromberg/keyfinder 
Add RSA key finders, and mdfind-based GCP key finder
 2023-03-01 11:08:09 -05:00
Thomas Stromberg fa7a0971d4
Add RSA key finders, and mdfind-based GCP key finder 2023-03-01 11:05:35 -05:00
Thomas Strömberg b7d7ad1a1b
Update README.md 2023-02-24 18:30:31 -05:00
Thomas Strömberg 3f3033ad5c
Merge pull request #210 from tstromberg/make 
Makefile: Add 'detect' rule, fix collection/IR rules
 2023-02-24 18:29:32 -05:00
Thomas Strömberg 4bde3791a3
Update README.md 2023-02-24 18:29:24 -05:00
Thomas Stromberg 3df885d9bc
Makefile: Add 'detect' rule, fix collection/IR rules 2023-02-24 18:19:22 -05:00
Thomas Strömberg fd935d6c89
Update README.md 2023-02-24 18:05:58 -05:00
Thomas Strömberg 713c1babc1
Update README.md 2023-02-24 18:00:25 -05:00
Thomas Strömberg ea01dea23c
Rename response -> incident_response 2023-02-24 17:58:03 -05:00
Thomas Strömberg e58cbbc7a9
Merge pull request #209 from tstromberg/make 
Add privacy-aware version of the IR rules
 2023-02-24 17:48:54 -05:00
Thomas Stromberg 063eb1691c
Add privacy-aware version of the IR rules 2023-02-24 17:47:07 -05:00
Thomas Strömberg 6dba4e03cf
Merge pull request #208 from tstromberg/make 
Remove wireless-networks rule, rename collection to collect
 2023-02-24 17:31:03 -05:00
Thomas Stromberg b9cefa0d09
Remove wireless-networks rule, rename collection to collect 2023-02-24 17:30:43 -05:00
Thomas Strömberg 020145f207
Merge pull request #207 from tstromberg/kindle 
Optimize recently-created-executables-macos
 2023-02-24 17:27:07 -05:00
Thomas Stromberg 12a5507907
Optimize recently-created-executables-macos 2023-02-24 17:24:09 -05:00
Thomas Strömberg 243b4d04e6
Merge pull request #206 from tstromberg/kindle 
macOS: Exceptions for TestFlight apps & specifically Kindle
 2023-02-24 17:08:54 -05:00
Thomas Stromberg 4150b1ee7c
macOS: Exceptions for TestFlight apps & specifically Kindle 2023-02-24 17:04:34 -05:00
Thomas Strömberg 5f1d801b68
Merge pull request #205 from tstromberg/fpr-eow 
Fix broken IR non-Wireless rule
 2023-02-24 16:57:59 -05:00
Thomas Stromberg fc08a698ec
Fix broken IR non-Wireless rule 2023-02-24 16:56:17 -05:00
Thomas Strömberg eaa15112b5
Merge pull request #203 from tstromberg/fpr-eow 
fpr: abrt-dbus, gdm, chrome, ff, act, qemu, lima, etc.
 2023-02-24 16:52:18 -05:00
Thomas Stromberg fb022f8005
verify: 10s for IR 2023-02-24 16:49:53 -05:00
Thomas Stromberg 2f25ce9c2a
Merge branch 'main' into fpr-eow 2023-02-24 16:49:07 -05:00
Thomas Strömberg d359147e57
Merge pull request #204 from tstromberg/ci 
Add verify-ci Makefile rule
 2023-02-24 16:47:57 -05:00
Thomas Stromberg 39ad038c04
Add verify-ci Makefile rule 2023-02-24 16:44:00 -05:00
Thomas Stromberg fe2e1a60b2
verify: increase max duration to 15s for IR 2023-02-24 16:32:02 -05:00
Thomas Stromberg fb7cd56249
fpr: abrt-dbus, gdm, chrome, ff, etc 2023-02-24 16:30:17 -05:00
Thomas Strömberg 98be2abf1b
Fix CI badge 2023-02-24 16:27:20 -05:00
Thomas Strömberg c04901d50a
Merge pull request #202 from tstromberg/ci 
Add Github CI job
 2023-02-24 12:19:08 -05:00
Thomas Stromberg 804a345da7
Add Github CI job 2023-02-24 12:18:29 -05:00
Thomas Strömberg be31037062
Merge pull request #201 from tstromberg/ci 
Introduce CI testing & 'make verify' command.
 2023-02-24 12:17:16 -05:00
Thomas Stromberg 995c1e1104
Fixes so that ODK can run under CI 2023-02-24 12:15:56 -05:00
Thomas Strömberg de899a68bb
Merge pull request #200 from tstromberg/makefile 
Makefile: collect as root
 2023-02-23 21:46:11 -05:00