osquery-defense-kit

mirror of https://github.com/chainguard-dev/osquery-defense-kit synced 2025-01-10 07:39:26 +00:00

Author	SHA1	Message	Date
Thomas Stromberg	bb496d8916	Add kworker->modprobe exception	2022-09-30 11:14:20 -04:00
Thomas Stromberg	0c2b98addd	Add wrapper -> cache exception	2022-09-30 11:10:06 -04:00
Thomas Stromberg	007332ead4	More false positives removal	2022-09-29 16:19:30 -04:00
Thomas Stromberg	bda98d88b6	Add experimental queries for daemon detection	2022-09-29 16:04:07 -04:00
Thomas Stromberg	c5dc2464aa	Overdue false positive removal	2022-09-29 15:42:27 -04:00
Thomas Stromberg	89cbf9dacf	Detect unexpected uid0 programs on Linux	2022-09-29 15:42:06 -04:00
Thomas Stromberg	578657051c	Reduce false positive events, rename	2022-09-29 12:40:44 -04:00
Thomas Stromberg	2adfcec1ae	Add teams exception	2022-09-29 12:36:26 -04:00
Thomas Stromberg	3713701e76	Add exception for Logitech auto-updating software	2022-09-29 12:33:23 -04:00
Thomas Stromberg	962b012e2c	Be more leniant with lack-of-info filter	2022-09-29 12:29:55 -04:00
Thomas Stromberg	21aa79b2e0	More false positive reduction, widen Go scope	2022-09-29 12:27:52 -04:00
Thomas Stromberg	7611f921e9	Add experimental sensitive file access detector	2022-09-29 11:38:32 -04:00
Thomas Stromberg	49f2d5a579	Add detectors for unexpected executables in strange places	2022-09-29 11:38:14 -04:00
Thomas Stromberg	5b7858e3cf	More false-positive removal	2022-09-27 11:54:17 -04:00
Thomas Stromberg	318d26602f	Remove numerous false positives	2022-09-26 18:27:43 -04:00
Thomas Stromberg	26e1070bc6	Update exceptions for syncthing, geoclue, packagekitd, yum, aws, depmod, pingsender	2022-09-26 18:15:08 -04:00
Thomas Stromberg	b50f06bdfe	Add exceptions for xcode-select, yum, nix-daemon	2022-09-26 18:13:48 -04:00
Thomas Stromberg	997c441b79	Add chainctl exception	2022-09-26 18:12:27 -04:00
Thomas Stromberg	909f907096	Add exceptions for firefox and gjs-console	2022-09-26 18:11:36 -04:00
Thomas Stromberg	796c2af84c	Add exceptions for gnome, python, pipewire	2022-09-26 18:09:00 -04:00
Thomas Stromberg	4ca5233fe8	Add new exceptions	2022-09-26 18:08:21 -04:00
Thomas Stromberg	dfa5ed39e1	Add exceptions for repos/ and homebrew	2022-09-26 18:06:13 -04:00
Thomas Stromberg	b1dd6b7cad	Add exception for /private/tmp go-build	2022-09-26 18:05:23 -04:00
Thomas Stromberg	b1c21d4497	Add vegeta, Slack, nix, etc. etc.	2022-09-26 18:04:20 -04:00
Thomas Stromberg	fe0c4c96f1	Allow more Chrome extensions	2022-09-26 16:01:32 -04:00
Thomas Stromberg	629cc9934a	Weekend false-positive removal	2022-09-26 14:25:32 -04:00
Thomas Stromberg	8b622cc77e	Format everything with 'npx sql-formatter -l sqlite'	2022-09-24 11:12:23 -04:00
Thomas Stromberg	7a1a4972d7	Weekend false-positive removal	2022-09-24 11:07:34 -04:00
Thomas Stromberg	45fa951863	Friday night whitelisting party	2022-09-23 18:07:05 -04:00
Thomas Stromberg	2bea92e57e	Remove more false positives	2022-09-23 16:37:51 -04:00
Thomas Stromberg	a91c9720f3	More false-positive removal	2022-09-23 13:03:11 -04:00
Thomas Stromberg	c9dfaa8376	Add unexpected volume contents (experimental)	2022-09-23 10:36:11 -04:00
Thomas Stromberg	08554e752b	More false-positive removal	2022-09-23 10:35:45 -04:00
Thomas Stromberg	47a1f0cf95	Rewrite systemd alerts to deal better with NixOS where the checksums and file sizes are constantly changing	2022-09-23 09:47:16 -04:00
Thomas Stromberg	fa13acb040	Tune false positives and fields	2022-09-23 09:33:44 -04:00
Thomas Stromberg	16bcba11f7	Productionize	2022-09-23 09:33:18 -04:00
Thomas Stromberg	092bdfe5a3	More post-release fixes, update quoting	2022-09-23 06:54:40 -04:00
Thomas Stromberg	310b528320	Minor output tuning	2022-09-22 19:50:49 -04:00
Thomas Stromberg	481581c616	Launch day final cleanup	2022-09-22 19:35:24 -04:00
Thomas Stromberg	77ba879daa	Launch day fixes	2022-09-22 13:18:16 -04:00
Thomas Stromberg	b1e2a6251d	Add an events-based DNS traffic alert	2022-09-22 05:28:36 -04:00
Thomas Stromberg	37eca56cb5	More whitelisting	2022-09-22 05:18:03 -04:00
Thomas Stromberg	3dfda437ab	More tuning, quiet deaths	2022-09-21 13:34:10 -04:00
Thomas Stromberg	0c54748749	Add detector for mysterious DNS traffic	2022-09-21 13:30:44 -04:00
Thomas Stromberg	d4ea7d411e	Fix many broken queries	2022-09-21 10:30:17 -04:00
Thomas Stromberg	bd5b37b646	More tuning, more queries	2022-09-21 07:42:51 -04:00
Thomas Stromberg	ed90aba6e8	Linux: Whitelist /dev/tty%	2022-09-21 07:42:23 -04:00
Thomas Stromberg	e9c7c97858	Every day I'm tuning it	2022-09-20 21:56:01 -04:00
Thomas Stromberg	1965aaaab4	More Linux/macOS splits to get signature support	2022-09-20 17:46:47 -04:00
Thomas Stromberg	87f5608824	Add more data to privesc, rewrite systemd units	2022-09-20 09:47:52 -04:00

1 2

94 Commits