RepoMirrors
/
osquery-defense-kit
mirror of https://github.com/chainguard-dev/osquery-defense-kit
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
1,113 Commits 1 Branch 31 Tags 5.6 MiB
Commit Graph

30 Commits

Author SHA1 Message Date
Thomas Stromberg 24c2baef28 Make process times broadly available, minor opts 2023-05-16 17:18:39 -04:00
Thomas Stromberg 41d83350a1
make reformat 2023-05-08 13:20:47 -04:00
Thomas Stromberg 272711ae7a
fpr: node, nc, busybox, libvirt, etc 2023-05-05 12:44:46 -04:00
Thomas Stromberg b3825ba2b9
fpr: Canon Universal Installer, melange, GPG, key names 2023-03-06 15:11:11 -05:00
Thomas Stromberg f25cfe1399
fpr: aws-sdk, melange, Tailscale, Xprotect, etc 2023-03-03 07:24:42 -05:00
Thomas Stromberg 8d4531198f
fpr: My ORA, Ecamm, setroubleshootd, etc 2023-02-14 19:46:36 -05:00
Thomas Stromberg bb3e1f964e
Run make reformat, update max rows for incident response 2023-02-02 17:58:19 -05:00
Thomas Stromberg cdcb2d48f3
Slow queries down, minor improvements 2023-02-01 16:17:36 -05:00
Thomas Stromberg f9dce0a72d
Include more process information across queries 2023-02-01 13:55:55 -05:00
Thomas Stromberg 66ee3484c0
Remove unused active fields, add WhatsApp ioreg exception 2023-01-27 08:46:48 -05:00
Thomas Stromberg d51bd731a1
fpr: Parallels, nerdctl, Xorg, nvidia, Stream, etc 2023-01-26 20:40:47 -05:00
Thomas Stromberg f5fe9a4aac
Refactor process_events queries for more accurate parenting 2023-01-26 11:40:54 -05:00
Thomas Stromberg 83cc38207e
fpr: minikube, tailscale, dex, pacman, virtualbox, steam, lsmod, busybox, etc 2023-01-23 20:33:52 -05:00
Thomas Stromberg e6824d87e9
Run 'make reformat' 2023-01-20 09:24:24 -05:00
Thomas Stromberg 8e9ae0fda3
Less false positives: particularly among systemctl calls 2023-01-20 08:40:08 -05:00
Thomas Stromberg 7b79b19090
False positive reduction: Messenger, Chrome, Final Cut Pro, etc 2023-01-18 09:49:56 -05:00
Thomas Stromberg e3401a07c6
Weekend false-positive flush 2023-01-14 08:19:26 -05:00
Thomas Stromberg cb896b9e10
Filter out new false positives 2023-01-13 15:24:18 -05:00
Thomas Stromberg 46024618f5
Fix regular expressions, include more commands 2023-01-13 13:50:37 -05:00
Thomas Stromberg 9843def319
Fix more false positives, particularly in shell/fetcher parents 2023-01-06 10:18:19 -05:00
Thomas Stromberg 44ca59c9d6
sketchy fetchers: Remove trailing commas 2022-12-20 08:03:14 -05:00
Thomas Stromberg 40c20825e6
sketchy fetcher: Add grandparents and TLD detector 2022-12-20 07:53:29 -05:00
Thomas Stromberg 6a7c4b6668
Pre-Thanksgiving False Positive cleanup, including Pop!OS support 2022-11-22 09:21:03 -05:00
Thomas Stromberg 7de03e7fbc
Reduce false positives 2022-10-20 08:04:24 -04:00
Thomas Stromberg 1bbd284a3c
Work through another series of false positives 2022-10-19 15:26:03 -04:00
Thomas Stromberg 535d835290
Simplify exotic commands queries, remove more false positives 2022-10-18 11:32:18 -04:00
Thomas Stromberg 9bf85e3137
Flush out more false positives 2022-10-17 20:37:44 -04:00
Thomas Stromberg d2bdffe89e
Add support for interval tags 2022-10-14 14:19:13 -04:00
Thomas Stromberg 20452b128b
Migrate query strings from double to single apostrophes 2022-10-13 14:59:32 -04:00
Thomas Stromberg 26ee658c4a
Initial re-organization around the MITRE ATT&CK framework 2022-10-11 21:53:36 -04:00