RepoMirrors
/
osquery-defense-kit
mirror of https://github.com/chainguard-dev/osquery-defense-kit
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
985 Commits 1 Branch 31 Tags 5.7 MiB
Commit Graph

15 Commits

Author SHA1 Message Date
Thomas Stromberg 84125c4bb1
Remove recently common false positives 2023-09-01 17:09:47 -04:00
Thomas Stromberg 485f69a61c fpr: Revolt, Bearly, user executables, melange 2023-07-13 19:43:35 -04:00
Thomas Stromberg a0e4183bf4 fpr: Velociraptor, nessus, kandji, java, SteelSeries, etc 2023-07-12 17:38:26 -04:00
Thomas Stromberg d74405c817
fpr: Brave, Adobe, Signal, Kandji, SteelSeries, etc 2023-06-30 16:38:31 -04:00
Thomas Stromberg cebf617c82 fpr: terragrunt, mdnsResponder, Spotify, Zoom, etc 2023-06-14 10:58:41 -04:00
Thomas Stromberg d5c6233716 hidden executable: Add provisio exception 2023-06-09 07:12:16 -04:00
Thomas Stromberg 9851aaa192 Add exceptions for common hidden directories 2023-06-08 20:27:01 -04:00
Thomas Stromberg ff2ab95431 Remove file sizes from systemd exception key 2023-06-08 18:26:57 -04:00
Thomas Stromberg fbdd253d6a
fpr: post-refactor talker reduction 2023-04-28 14:09:57 -04:00
Thomas Stromberg 4ec1581cc3
Also include binaries running from a hidden directory (1 deep) 2023-01-13 13:48:47 -05:00
Thomas Stromberg 9843def319
Fix more false positives, particularly in shell/fetcher parents 2023-01-06 10:18:19 -05:00
Thomas Stromberg 49a19a6fd5
Sort out more false positives 2022-12-16 17:37:32 -05:00
Thomas Stromberg 404adf3e1f
Another false positive flush: Capital One, tailscaled, agetty, snap, ninja, epson printers, etc 2022-12-15 16:51:58 -05:00
Thomas Stromberg 8e3d6a1614
False positives: melange, ~/dev, debian-sa1, AdBlock, cover, kubelr, etc 2022-11-18 10:27:43 -05:00
Thomas Stromberg 288ec9e0f5
Add hidden-executable rule 2022-11-16 20:55:49 -05:00