RepoMirrors/osquery-defense-kit
1
0
Fork 0
mirror of https://github.com/chainguard-dev/osquery-defense-kit synced 2024-12-16 02:54:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
215 Commits 1 Branch 31 Tags 5.8 MiB
bab02a6295
Commit Graph

215 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Thomas Strömberg
bab02a6295
Merge pull request #9 from chainguard-dev/false-positives 
unexpected-library-entries: Add more /Library entries from the wild
 2022-10-20 13:39:15 -04:00
Thomas Stromberg
44324e3811
Add more /Library entries from the wild 2022-10-20 13:38:33 -04:00
Thomas Stromberg
0706cc458a
listening ports: Add mtr-packet exception 2022-10-20 13:34:49 -04:00
Thomas Strömberg
cb6238e78e
Merge pull request #8 from chainguard-dev/bugfix 
unexpected-talkers-linux: Remove duplicate comma
 2022-10-20 13:20:57 -04:00
Thomas Stromberg
b4776ea60f
Remove duplicate comma 2022-10-20 13:20:33 -04:00
Thomas Strömberg
95e5c925e9
Merge pull request #7 from chainguard-dev/false-positives 
Add exception for gitsign
 2022-10-20 13:18:30 -04:00
Thomas Stromberg
0a92cbb9ce
Add exception for gitsign 2022-10-20 13:17:52 -04:00
Thomas Strömberg
1816e1472e
Merge pull request #6 from chainguard-dev/false-positives 
high-disk-bytes-written: Add exception for flatpak-system-helper
 2022-10-20 13:16:59 -04:00
Thomas Stromberg
e2c41243d4
high-disk-bytes-written: Add exception for flatpak-system-helper 2022-10-20 13:16:33 -04:00
Thomas Strömberg
ce3b58c9f6
Merge pull request #5 from chainguard-dev/false-positives 
touched: Add exception for local kubectl binary
 2022-10-20 13:15:53 -04:00
Thomas Stromberg
9373952f18
Add exception for local kubectl binary 2022-10-20 13:15:26 -04:00
Thomas Strömberg
71147816ec
Merge pull request #4 from chainguard-dev/false-positives 
library-entries: Add exceptions for /Library/Python and /Library/Caches/.0%
 2022-10-20 13:15:07 -04:00
Thomas Stromberg
8e1569164a
Add exceptions for /Library/Python and /Library/Caches/.0% 2022-10-20 13:14:37 -04:00
Thomas Strömberg
e6a60ea1db
Merge pull request #3 from chainguard-dev/false-positives 
Add talker exceptions for curl, firefox, chrome, git-remote-http
 2022-10-20 13:14:16 -04:00
Thomas Stromberg
a973dcbcf2
Add more Linux/macOS talker exceptions 2022-10-20 13:12:46 -04:00
Thomas Strömberg
5e8d0b637b
Merge pull request #2 from chainguard-dev/lib-entry 
Add /Library/DropboxHelperTools/ to expected list of /Library folders
 2022-10-20 13:06:16 -04:00
Thomas Strömberg
074cbed464
Merge pull request #1 from chainguard-dev/false-positives 
Add more real-world exceptions to unexpected-talkers
 2022-10-20 13:06:07 -04:00
Thomas Stromberg
bdce818374
Add /Library/DropboxHelperTools/ to expected list of /Library folders 2022-10-20 13:05:38 -04:00
Thomas Stromberg
186617890c
Add more real-world exceptions to unexpected-talkers 2022-10-20 13:03:46 -04:00
Thomas Strömberg
69d4c8b829
Improve README 2022-10-20 09:20:42 -04:00
Thomas Stromberg
1c38ef430e
reformat SQL queries 2022-10-20 09:11:29 -04:00
Thomas Stromberg
56b1af7b14
Add 'reformat' rule 2022-10-20 09:10:45 -04:00
Thomas Stromberg
1a54cebb55
Sort talker list 2022-10-20 08:20:06 -04:00
Thomas Stromberg
a43ee03929
Reduce dependency on magic.* 2022-10-20 08:19:56 -04:00
Thomas Stromberg
7de03e7fbc
Reduce false positives 2022-10-20 08:04:24 -04:00
Thomas Stromberg
152887f8d8
Add /Library detector 2022-10-20 07:59:27 -04:00
Thomas Stromberg
14715b602b
Add chronyd back 2022-10-20 07:59:17 -04:00
Thomas Stromberg
a22ca1f2b0
Don't mask directories, run on macOS 2022-10-20 07:59:06 -04:00
Thomas Stromberg
e09e410407
Rewrite and split linux talkers 2022-10-20 07:04:18 -04:00
Thomas Stromberg
f6317c2af8
Further reduction of false positives 2022-10-19 17:07:52 -04:00
Thomas Stromberg
d8e91bac63
Add missing files 2022-10-19 16:56:43 -04:00
Thomas Stromberg
ab94de7770
Add a lot more mitre data 2022-10-19 16:56:32 -04:00
Thomas Stromberg
cee1710f74
Finish out the incident_response refactor 2022-10-19 16:19:53 -04:00
Thomas Stromberg
9b868bfaf5
Improve the README wording 2022-10-19 15:39:13 -04:00
Thomas Stromberg
1bbd284a3c
Work through another series of false positives 2022-10-19 15:26:03 -04:00
Thomas Stromberg
28f52b4c51
Sync module list with known observed 2022-10-19 15:02:44 -04:00
Thomas Stromberg
61294aa8a8
Add dnf 2022-10-19 14:51:33 -04:00
Thomas Stromberg
9f06873ae9
Don't mind shells hanging out in ~/.Trash 2022-10-18 14:51:51 -04:00
Thomas Stromberg
7483c845f4
Split the recently-created-executables between macOS/Linux 2022-10-18 14:42:26 -04:00
Thomas Stromberg
8679ca943d
More false positive management 2022-10-18 14:26:47 -04:00
Thomas Stromberg
12c7f8360d
Filter out more false positives 2022-10-18 11:44:03 -04:00
Thomas Stromberg
83a8c0d589
Improve how we deal with the zfs case 2022-10-18 11:40:42 -04:00
Thomas Stromberg
535d835290
Simplify exotic commands queries, remove more false positives 2022-10-18 11:32:18 -04:00
Thomas Stromberg
5839a20fb3
Detect more 2022-10-18 10:08:34 -04:00
Thomas Stromberg
0160d05ed3
Add new spotlight queries to surface unexpected dmg/iso downloads 2022-10-18 08:52:05 -04:00
Thomas Stromberg
346309f3d2
Add missing apostrophe 2022-10-17 21:08:29 -04:00
Thomas Stromberg
50d1b42f80
Add provisio 2022-10-17 20:59:09 -04:00
Thomas Stromberg
8ddd5764e8
Remove some false positives 2022-10-17 20:57:56 -04:00
Thomas Stromberg
9bf85e3137
Flush out more false positives 2022-10-17 20:37:44 -04:00
Thomas Stromberg
2b5ea76729
Apply 'npx sql-formatter -l sqlite' 2022-10-17 19:06:17 -04:00