RepoMirrors
/
osquery-defense-kit
mirror of https://github.com/chainguard-dev/osquery-defense-kit
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
1,113 Commits 1 Branch 31 Tags 5.6 MiB
Commit Graph

29 Commits

Author SHA1 Message Date
Thomas Stromberg f87a8e8197 fpr: Elastic, IR, Velociraptor, BitDefender, incus, Adguard 2024-02-16 17:14:11 -05:00
Thomas Stromberg c2c29a1a52
Optimize performance with Google Chrome image mounted 2024-01-08 18:47:36 -05:00
Thomas Stromberg bf66053d5c
fpr: containerd, hyper, Docker, Chromium, spotify, busycal 2023-10-02 16:11:44 -04:00
Thomas Stromberg 6781b46375
YARA rules everywhere! 2023-09-20 17:03:21 -04:00
Thomas Strömberg 6adfb1d109
Merge pull request #304 from tstromberg/infostealerz 
Add primitive name-based detection for possible InfoStealers
 2023-09-14 17:14:07 -04:00
Thomas Stromberg e2d6fa58a7
Add primitive name-based detection for possible InfoStealers 2023-09-12 10:19:22 -04:00
Thomas Stromberg dce2eb2af5 Add many exceptions 2023-08-15 18:13:06 -04:00
Thomas Stromberg c9f0b2bee5
fpr: Steam, Presenting, Wavebox, multipass, parallels, cargo, dnf, Kindle, DaveTheDiver 2023-07-03 07:16:14 -04:00
Thomas Stromberg d74405c817
fpr: Brave, Adobe, Signal, Kandji, SteelSeries, etc 2023-06-30 16:38:31 -04:00
Thomas Stromberg cebf617c82 fpr: terragrunt, mdnsResponder, Spotify, Zoom, etc 2023-06-14 10:58:41 -04:00
Thomas Stromberg c8760e0ae1 fpr: macOS, Signal, Creative Labs, node, etc 2023-06-07 09:55:17 -04:00
Thomas Stromberg 349ff58fb2 fpr: xfce4, Google Earth, Ubuntu 2023-06-07 08:58:02 -04:00
Thomas Stromberg 9575d18bc2 fpr: FleetDM, Edge, VSCode, dnf, Steam, etc 2023-06-01 11:52:20 -04:00
Thomas Stromberg 26b2b9a4c7
fpr: LGHUB, aomshm, Wisdolia, uubyte, eclipse, etc 2023-05-11 11:29:55 -04:00
Thomas Stromberg 272711ae7a
fpr: node, nc, busybox, libvirt, etc 2023-05-05 12:44:46 -04:00
Thomas Stromberg 47124daa01
fpr: RetailMeNot, LogiTune, macOS, mediawriter, etc 2023-05-02 15:25:36 -04:00
Thomas Stromberg df925eaa6c
fpr: lghub, brew, pve, chrome exts, etc 2023-04-20 20:45:35 -04:00
Thomas Stromberg 9c3f783491 fpr everything 2023-04-17 16:20:35 -04:00
Thomas Stromberg fbc2b207b4
fpr: Signal, apko, aws, melange, dash, stern 2023-03-16 17:29:11 -04:00
Thomas Stromberg 824efa9705
fpr: yum, systemd, cloud-sql-proxy, image-automation-controller, helm, bom, aws 2023-03-14 19:00:44 -04:00
Thomas Stromberg f25cfe1399
fpr: aws-sdk, melange, Tailscale, Xprotect, etc 2023-03-03 07:24:42 -05:00
Thomas Stromberg f87541c945
False positive flush, particularly in talkers 2023-02-17 11:57:23 -05:00
Thomas Stromberg d897f0b50d
fpr: Nessus, mysql-shell, ntia-checker, Ecamm, CopyClip, etc 2023-02-14 08:33:05 -05:00
Thomas Stromberg 593991adb8
Purge observed false positives 2023-02-09 17:54:41 -05:00
Thomas Stromberg a8ed058d4d
Query performance improvements, add pids, decrease frequency 2023-02-09 17:01:29 -05:00
Thomas Stromberg 72326c3b5c
Massive reduction of false positives across the board 2023-02-08 20:06:26 -05:00
Thomas Stromberg e57f03b89f
fpr: Opera, TextExpander, socket_vmnet, elive, etc 2023-02-08 15:12:10 -05:00
Thomas Stromberg 2634e9d45b
Monday morning false-positive purge 2023-02-08 14:37:09 -05:00
Thomas Stromberg c55c0225ac
Replace unexpected-vol-names with sketchy-mounted-diskimage 2023-02-08 10:14:32 -05:00