1113 Commits

All Branches

Search

Author	SHA1	Message	Date
Thomas Stromberg	b1e05d6612	merge conflict	2024-02-16 17:17:45 -05:00
Thomas Stromberg	f87a8e8197	fpr: Elastic, IR, Velociraptor, BitDefender, incus, Adguard	2024-02-16 17:14:11 -05:00
Thomas Strömberg	0d5467e72d	Merge pull request #354 from tstromberg/fpr-feb5 ... fpr: Elastic Defend, gcloud, Warp, etc	2024-02-05 10:51:26 -05:00
Thomas Stromberg	a0624c0870	Add Elastic exceptions for osqueryd/packetbeat	2024-02-05 10:49:52 -05:00
Thomas Stromberg	12a55753b5	fpr: Elastic Defend, gcloud, Warp, etc	2024-02-05 10:45:17 -05:00
Thomas Strömberg	9b66ef1d29	Merge pull request #353 from tstromberg/spctl ... Add TTP details from https://www.sentinelone.com/blog/backdoor-activa…	2024-02-05 09:20:19 -05:00
Thomas Stromberg	25c579aa1d	Add TTP details from https://www.sentinelone.com/blog/backdoor-activator-malware-running-rife-through-torrents-of-macos-apps/	2024-02-01 13:04:07 -05:00
Thomas Strömberg	23a0e572df	Merge pull request #352 from tstromberg/fpr-jan22 ... massive fpr: Rapid7, Elastic, everything	2024-01-26 14:25:08 -05:00
Thomas Stromberg	8693fb6d4f	Add more rapid7 excludes	2024-01-26 14:24:11 -05:00
Thomas Stromberg	517b5719c6	address merge conflict	2024-01-26 14:15:53 -05:00
Thomas Stromberg	e42ea9a4bc	massive fpr: Rapid7, Elastic, everything	2024-01-26 14:07:37 -05:00
Thomas Strömberg	0d94ed9f6a	Merge pull request #351 from tstromberg/fpr-jan22 ... Fpr jan22	2024-01-22 10:42:54 -05:00
Thomas Strömberg	2da9171f43	Merge pull request #350 from jedsalazar/pr/jed/pin-action-digests-osquery-defense-kit ... pin to shas and upgrade actions workflows and osquery client	2024-01-22 10:42:18 -05:00
Thomas Stromberg	594bc78833	Add firefox DNS resolution	2024-01-22 10:41:35 -05:00
Thomas Stromberg	4cb050f4cc	Add elastic endpoint	2024-01-22 10:40:23 -05:00
Thomas Stromberg	5d31e8da5f	fpr: psi, arduino, bitdefender, keybase, cody, etc	2024-01-22 10:36:01 -05:00
Jed Salazar	13d5a02cb1	pin to shas and upgrade actions workflows and osquery client ... Signed-off-by: Jed Salazar <jedsalazar@gmail.com>	2024-01-19 13:58:06 -07:00
Thomas Strömberg	54fc45e787	Merge pull request #349 from tstromberg/fpr-jan18-2 ... fpr: snap, mutedeck, idea, Chrome exts	2024-01-18 17:18:43 -05:00
Thomas Stromberg	2762503030	Add missing comma	2024-01-18 17:18:05 -05:00
Thomas Stromberg	ceec1718f9	fpr: snap, mutedeck, idea, Chrome exts	2024-01-18 17:15:37 -05:00
Thomas Strömberg	eaf42fbcd7	Merge pull request #348 from tstromberg/rapid7-elastic-bob ... fpr: elastic, rapid7, zwift	2024-01-10 11:21:02 -05:00
Thomas Stromberg	3cc2af51c1	fpr: elastic, rapid7, zwift	2024-01-10 11:20:04 -05:00
Thomas Strömberg	944b9b7bcd	Merge pull request #347 from tstromberg/new-times ... Set a time limit of 8s for query output	2024-01-10 09:48:48 -05:00
Thomas Stromberg	b6476324ce	Set a time limit of 8s for query output	2024-01-10 09:48:18 -05:00
Thomas Strömberg	568cb3c988	Merge pull request #346 from tstromberg/fix-kolide-err ... Rename current_time column to now_ts to avoid Kolide import issue	2024-01-10 09:42:59 -05:00
Thomas Stromberg	36c2286717	Rename current_time column to now_ts to avoid Kolide import issue	2024-01-10 09:42:29 -05:00
Thomas Strömberg	de2bdd3fd7	Merge pull request #345 from tstromberg/fix-yara-err ... recently downloaded go-crypt: Fix YARA error	2024-01-09 17:23:04 -05:00
Thomas Stromberg	fa4e0d0510	recently downloaded go-crypt: Fix YARA error	2024-01-09 17:22:33 -05:00
Thomas Strömberg	46defeab6f	Merge pull request #344 from tstromberg/simpler-make ... Simplify makefile, reduce config targets to 4	2024-01-09 16:57:34 -05:00
Thomas Stromberg	bdb25643d8	Simplify makefile, reduce config targets to 4	2024-01-09 16:56:40 -05:00
Thomas Strömberg	1462745390	Merge pull request #343 from tstromberg/fpr-jan9 ... fpr: syncthing, sourcegraph, phantombuster, iterm, cody, stickers	2024-01-09 16:21:03 -05:00
Thomas Stromberg	27a0d55737	fpr: syncthing	2024-01-09 16:19:52 -05:00
Thomas Stromberg	229a32a61e	fpr: sourcegraph,phantombuster,iterm,cody,stickers	2024-01-09 16:14:00 -05:00
Thomas Strömberg	16dd48b2f5	Merge pull request #342 from tstromberg/fpr-jan5 ... fpr: Elastic Defend, Rapid7 InsightIDR & others	2024-01-08 19:08:57 -05:00
Thomas Stromberg	875125fc94	Add exceptions for Elastic Defend & Rapid7 InsightIDR	2024-01-08 19:07:57 -05:00
Thomas Stromberg	c2c29a1a52	Optimize performance with Google Chrome image mounted	2024-01-08 18:47:36 -05:00
Thomas Stromberg	1304d66783	Add more Elastic exceptions	2024-01-08 17:55:30 -05:00
Thomas Stromberg	336a1fca4a	Add exceptions for Elastic Defend	2024-01-08 17:18:25 -05:00
Thomas Strömberg	d02d01b62d	Merge pull request #341 from tstromberg/osqtool-141 ... Upgrade osqtool to v1.4.1	2024-01-08 15:56:01 -05:00
Thomas Stromberg	45112c4b70	Upgrade osqtool to v1.4.1	2024-01-08 15:55:29 -05:00
Jed Salazar	3914fa7e40	Merge pull request #340 from jedsalazar/pr/jed/add-macdown-exception ... Add Macdown as an exception to minimal-socket-client-macos	2023-12-26 12:49:20 -07:00
Jed Salazar	243303ef75	Add Macdown as an exception to minimal-socket-client-macos ... Signed-off-by: Jed Salazar <jedsalazar@gmail.com>	2023-12-20 12:14:54 -07:00
Thomas Strömberg	79bbdb0257	Merge pull request #339 from tstromberg/combined-detection ... make: Add combined-detection.conf & osqtool versioning	2023-12-15 16:30:29 -06:00
Thomas Stromberg	3365d81d22	makefile: Add osqtool versioning	2023-12-15 17:29:26 -05:00
Thomas Stromberg	2be637e9c3	Add combined-detection rule	2023-12-15 17:25:54 -05:00
Thomas Strömberg	f8cc56cfde	Merge pull request #338 from tstromberg/dec15 ... fpr: A little bit of everything	2023-12-15 16:21:04 -06:00
Thomas Stromberg	202ce6be45	Ignore syncthing, nuclei, fix typos	2023-12-15 17:19:38 -05:00
Thomas Stromberg	8b9894ec74	filter out CSV from yara	2023-12-15 17:12:50 -05:00
Thomas Stromberg	800e4aa2cc	fpr: kind of everything	2023-12-15 17:10:06 -05:00
Thomas Strömberg	b5f61f4847	Merge pull request #337 from tstromberg/linuxperf ... exotic events linux: optimize query for reduced system CPU	2023-12-12 11:57:55 -06:00