RepoMirrors/osquery-defense-kit
1
0
Fork 0
mirror of https://github.com/chainguard-dev/osquery-defense-kit synced 2024-12-19 04:24:30 +00:00
Code Issues Packages Projects Releases Wiki Activity
992 Commits 1 Branch 31 Tags 5.8 MiB
b93654a9c9
Commit Graph

570 Commits

Author SHA1 Message Date
Thomas Strömberg
b93654a9c9
Merge pull request #303 from tstromberg/faster-chmod-detection 
Improve unexpected-chmod-exec-event performance
 2023-09-05 12:42:08 -04:00
Thomas Stromberg
f17381eaa3
Improve unexpected-chmod-exec-event performance 2023-09-05 12:14:47 -04:00
Thomas Stromberg
190e8adcfd Merge to master 2023-09-01 17:34:36 -04:00
Thomas Stromberg
b889cde6d5 Additional fixes for Ventura & Capture One 2023-09-01 17:27:27 -04:00
Thomas Stromberg
84125c4bb1
Remove recently common false positives 2023-09-01 17:09:47 -04:00
Thomas Stromberg
188bc78f4c Fix errors 2023-08-15 18:29:27 -04:00
Thomas Stromberg
dce2eb2af5 Add many exceptions 2023-08-15 18:13:06 -04:00
Thomas Stromberg
ce2f0f06cb
fpr; Keybase, grype, UpdateBrainService, OpenOffice, sqlproxy 2023-07-20 10:56:49 -04:00
Thomas Stromberg
921cdc521e
fpr: nvidia drivers, su, agetty, crystalhd, hercules, etc 2023-07-19 15:22:43 -04:00
Thomas Stromberg
485f69a61c fpr: Revolt, Bearly, user executables, melange 2023-07-13 19:43:35 -04:00
Thomas Stromberg
d310dac7cc Fix velociraptor exception 2023-07-12 19:30:05 -04:00
Thomas Stromberg
870ea132ee Decrease search depth for performance 2023-07-12 19:29:48 -04:00
Thomas Stromberg
b22625d38a Add more velociraptor exceptions 2023-07-12 17:42:02 -04:00
Thomas Stromberg
979cef837b fix missing comma 2023-07-12 17:40:06 -04:00
Thomas Stromberg
a0e4183bf4 fpr: Velociraptor, nessus, kandji, java, SteelSeries, etc 2023-07-12 17:38:26 -04:00
Thomas Strömberg
656df2055e
Merge pull request #296 from tstromberg/process-ext 
Add rustbucket comment
 2023-07-12 16:46:24 -04:00
Thomas Stromberg
6acc441dcf Add rustbucket comment 2023-07-12 16:46:00 -04:00
Thomas Strömberg
6182f2957e
Merge pull request #295 from tstromberg/process-ext 
netutil calls: add nscurl
 2023-07-12 16:45:49 -04:00
Thomas Stromberg
8e73ef70d2 netutil calls: add nscurl 2023-07-12 16:45:09 -04:00
Thomas Strömberg
edbe3fa1f6
Merge pull request #294 from tstromberg/process-ext 
macOS sysutils: add csrutil, ditto, unzip, whoami, system_profiler
 2023-07-12 16:44:50 -04:00
Thomas Stromberg
bb5f597b2a macOS sysutils: add csrutil, ditto, unzip, whoami, system_profiler 2023-07-12 16:44:15 -04:00
Thomas Strömberg
46199c7d9b
Merge pull request #293 from tstromberg/process-ext 
new detector: unexpected process extension linux
 2023-07-12 16:28:47 -04:00
Thomas Stromberg
a7cd9abaf3 new detector: unexpected process extension linux 2023-07-12 16:06:05 -04:00
Thomas Stromberg
430f397f1e fpr: Velociraptor, Hyprland, iio 2023-07-12 15:00:36 -04:00
Thomas Stromberg
9d93799cb5
Add 'management' to the list of permissions to check for 2023-07-05 12:47:00 -04:00
Thomas Stromberg
97bfc30b92
Update false positive list, add mtime/btime 2023-07-05 12:26:14 -04:00
Thomas Stromberg
c9f0b2bee5
fpr: Steam, Presenting, Wavebox, multipass, parallels, cargo, dnf, Kindle, DaveTheDiver 2023-07-03 07:16:14 -04:00
Thomas Stromberg
d74405c817
fpr: Brave, Adobe, Signal, Kandji, SteelSeries, etc 2023-06-30 16:38:31 -04:00
Thomas Strömberg
c71952d3a8
Merge pull request #286 from tstromberg/jokerspy 
New detectors based on JokerSpy research
 2023-06-30 15:40:00 -04:00
Thomas Stromberg
ce03badae4
Reformat 2023-06-30 15:38:56 -04:00
Thomas Stromberg
cebf617c82 fpr: terragrunt, mdnsResponder, Spotify, Zoom, etc 2023-06-14 10:58:41 -04:00
Thomas Stromberg
2d8abbaed9 Improve targeting of Unexpected Chrome Extensions 2023-06-14 10:32:11 -04:00
Thomas Stromberg
32328c91f1 fpr: Slack, Gnome, Sigstore, Logitune, etc 2023-06-12 10:10:57 -04:00
Thomas Strömberg
c096acee92
Merge pull request #282 from tstromberg/dns 
Cleanup unexpected-dns-traffic-events
 2023-06-09 09:46:20 -04:00
Thomas Stromberg
b5e765efed Cleanup unexpected-dns-traffic-events 2023-06-09 08:56:17 -04:00
Thomas Strömberg
1654c03677
Merge pull request #281 from tstromberg/less-persist 
recently created: set cutoff to 12h, exclude SteelSeries
 2023-06-09 07:55:46 -04:00
Thomas Stromberg
ccdd5e2d4f set cutoff to 12h, exclude SteelSeries 2023-06-09 07:42:30 -04:00
Thomas Strömberg
57cc0ec64d
Merge pull request #279 from tstromberg/minecraft 
false positive: Minecraft
 2023-06-09 07:35:05 -04:00
Thomas Stromberg
838e0f6a4d recently created: set cut-off to 30 minutes 2023-06-09 07:29:00 -04:00
Thomas Stromberg
35433beb05 false positive: Minecraft 2023-06-09 07:28:05 -04:00
Thomas Strömberg
bdecfa4996
Merge pull request #278 from tstromberg/multipass 
launchd: Add Canonical exception
 2023-06-09 07:17:22 -04:00
Thomas Stromberg
6adc121c4d launchd: Add Canonical exception 2023-06-09 07:15:24 -04:00
Thomas Stromberg
d5c6233716 hidden executable: Add provisio exception 2023-06-09 07:12:16 -04:00
Thomas Strömberg
d08fdd38b2
Merge pull request #276 from tstromberg/faster-sockets 
minimal socket client: speed query up
 2023-06-08 20:46:49 -04:00
Thomas Stromberg
cae042cbe5 minimal socket client: speed query up 2023-06-08 20:44:08 -04:00
Thomas Stromberg
9851aaa192 Add exceptions for common hidden directories 2023-06-08 20:27:01 -04:00
Thomas Stromberg
937bcabfec Remove extra file 2023-06-08 18:27:46 -04:00
Thomas Stromberg
ff2ab95431 Remove file sizes from systemd exception key 2023-06-08 18:26:57 -04:00
Thomas Strömberg
06b95a57b3
Merge pull request #272 from tstromberg/unattended 
Add unattended-upgrades.pid (Ubuntu)
 2023-06-07 15:19:58 -04:00
Thomas Stromberg
7a61b5eced Add ~/.config/.* to search criteria 2023-06-07 15:15:02 -04:00