osquery-defense-kit

mirror of https://github.com/chainguard-dev/osquery-defense-kit synced 2025-02-18 02:17:01 +00:00

Author	SHA1	Message	Date
Thomas Stromberg	180efa23e0	Add karabiner_session_monitor exception	2022-11-04 09:57:41 -04:00
Thomas Stromberg	187aacf092	Add a melange build exclusion	2022-11-03 14:25:35 -04:00
Thomas Stromberg	e7e714c9db	Make another stab at reducing false positives across the map	2022-11-03 11:51:54 -04:00
Thomas Stromberg	c1b7829797	Add setxid-cmdline-overflow-attempt.sql	2022-10-29 19:58:59 -04:00
Thomas Stromberg	6c78695b73	Final KubeCon 2022 false-positive cleanup	2022-10-28 19:24:00 -04:00
Thomas Stromberg	897c96bd33	Remove more in-the-wild false positives	2022-10-27 16:55:00 -04:00
Thomas Stromberg	a00af6c1fa	Merge another day worth of false positives	2022-10-27 10:23:15 -04:00
Thomas Stromberg	23351973ea	detection: Reduce Linux desktop false positives	2022-10-25 11:39:51 -04:00
Thomas Stromberg	e6a24545c2	Add update-notifier -> pkexec exception	2022-10-25 09:20:18 -04:00
Thomas Stromberg	13d10c6af1	Add spacing (sqlformat)	2022-10-21 17:39:53 -04:00
Thomas Stromberg	eedfdfb23d	Fix table joins: hash->phash	2022-10-21 17:38:29 -04:00
Thomas Stromberg	e90dc53072	Add newline	2022-10-21 17:37:35 -04:00
Thomas Stromberg	a64465f07b	Add exception for melange/wolfi	2022-10-21 12:13:16 -04:00
Thomas Stromberg	195330da9a	Fix docker-mounting-root query that got stomped on	2022-10-21 12:05:06 -04:00
Thomas Stromberg	ab94de7770	Add a lot more mitre data	2022-10-19 16:56:32 -04:00
Thomas Stromberg	2b5ea76729	Apply 'npx sql-formatter -l sqlite'	2022-10-17 19:06:17 -04:00
Thomas Stromberg	9616a6ab36	Use 'rapid' instead of 'continous' for tagging	2022-10-17 08:43:29 -04:00
Thomas Stromberg	f2023c0021	Update interval tags, mostly for persistence	2022-10-14 14:26:49 -04:00
Thomas Stromberg	d2bdffe89e	Add support for interval tags	2022-10-14 14:19:13 -04:00
Thomas Stromberg	06fd003475	Use single-quotes for Kolide compatibility	2022-10-14 10:29:23 -04:00
Thomas Stromberg	3c6d4968e1	Add two Docker checks that can catch Traitor	2022-10-14 09:16:48 -04:00
Thomas Stromberg	dc9493ee1e	Tighten down the field list, update metadata	2022-10-14 09:16:24 -04:00
Thomas Stromberg	4a7f734c81	Add metadata, mark as Linux only.	2022-10-14 08:42:10 -04:00
Thomas Stromberg	20452b128b	Migrate query strings from double to single apostrophes	2022-10-13 14:59:32 -04:00
Thomas Stromberg	26ee658c4a	Initial re-organization around the MITRE ATT&CK framework	2022-10-11 21:53:36 -04:00

25 Commits