osquery-defense-kit

mirror of https://github.com/chainguard-dev/osquery-defense-kit synced 2025-03-01 08:20:26 +00:00

Author	SHA1	Message	Date
Thomas Stromberg	ec675bfb8d	New detector: unexpected ssh-authorized-keys	2023-02-14 20:36:27 -05:00
Thomas Stromberg	cf858d193d	fpr: ACE, Prusa, steam, pacman, Xcode, Adobe	2023-02-14 20:16:02 -05:00
Thomas Stromberg	8d4531198f	fpr: My ORA, Ecamm, setroubleshootd, etc	2023-02-14 19:46:36 -05:00
Thomas Stromberg	d897f0b50d	fpr: Nessus, mysql-shell, ntia-checker, Ecamm, CopyClip, etc	2023-02-14 08:33:05 -05:00
Thomas Stromberg	99f8793169	Remove com.docker.backend (macOS specific)	2023-02-10 10:32:14 -05:00
Thomas Stromberg	e8d86af906	Make sure caddy & kubectl are in the wider listening range	2023-02-10 10:31:19 -05:00
Thomas Stromberg	4f4ae0ed38	False positive removal and minor query perf improvements	2023-02-10 10:21:06 -05:00
Thomas Stromberg	593991adb8	Purge observed false positives	2023-02-09 17:54:41 -05:00
Thomas Stromberg	a8ed058d4d	Query performance improvements, add pids, decrease frequency	2023-02-09 17:01:29 -05:00
Thomas Stromberg	72326c3b5c	Massive reduction of false positives across the board	2023-02-08 20:06:26 -05:00
Thomas Stromberg	e57f03b89f	fpr: Opera, TextExpander, socket_vmnet, elive, etc	2023-02-08 15:12:10 -05:00
Thomas Stromberg	5274198687	Add exceptions for socket_vmnet and pnpd	2023-02-08 14:44:22 -05:00
Thomas Stromberg	2634e9d45b	Monday morning false-positive purge	2023-02-08 14:37:09 -05:00
Thomas Stromberg	d302a9ff55	Purge false positives, again and again	2023-02-02 21:46:53 -05:00
Thomas Stromberg	2bdb9f2f3e	Add more macOS software authorities	2023-02-02 20:53:22 -05:00
Thomas Stromberg	41ee6feced	Merge remote-tracking branch 'upstream/main'	2023-02-02 20:33:46 -05:00
Thomas Stromberg	91b20a98fd	Add uid0 exception for Logitech	2023-02-02 20:33:34 -05:00
Thomas Strömberg	d885578e28	Merge pull request #158 from tstromberg/fpr-again Rewrite unexpecetd uid0 for Linux, include cgroup info	2023-02-02 20:33:01 -05:00
Thomas Stromberg	a3ec1bf2bf	Rewrite unexpecetd uid0 for Linux, include cgroup info	2023-02-02 20:30:55 -05:00
Thomas Stromberg	bb3e1f964e	Run make reformat, update max rows for incident response	2023-02-02 17:58:19 -05:00
Thomas Stromberg	809645a3bf	Add new Kolide id, fix some debug lines	2023-02-02 17:42:46 -05:00
Thomas Stromberg	ba45449f7d	unexpected uid0: fix bug, make faster	2023-02-02 17:16:35 -05:00
Thomas Stromberg	2093a26423	Fix broken macOS queries	2023-02-02 15:33:25 -05:00
Thomas Stromberg	cdcb2d48f3	Slow queries down, minor improvements	2023-02-01 16:17:36 -05:00
Thomas Stromberg	393b83168f	Merge to head	2023-02-01 15:11:51 -05:00
Thomas Stromberg	23f436f906	Minor perf improvements for macOS queries	2023-02-01 15:06:58 -05:00
Thomas Stromberg	f9dce0a72d	Include more process information across queries	2023-02-01 13:55:55 -05:00
Thomas Stromberg	45ab183557	fpr: New Chrome etxensions, vbox, chrome, gcloud, gdm3, yay, etc	2023-01-30 14:58:47 -05:00
Thomas Stromberg	66ee3484c0	Remove unused active fields, add WhatsApp ioreg exception	2023-01-27 08:46:48 -05:00
Thomas Stromberg	d51bd731a1	fpr: Parallels, nerdctl, Xorg, nvidia, Stream, etc	2023-01-26 20:40:47 -05:00
Thomas Stromberg	b671e30fce	Simplify unexpected-chrome-extensions exceptions for maintainability	2023-01-26 20:40:22 -05:00
Thomas Stromberg	7d8fa35eb4	fpr: Github Absolute Date, Snagit, Figma, Seagate, aws, etc	2023-01-26 16:30:14 -05:00
Thomas Stromberg	f5fe9a4aac	Refactor process_events queries for more accurate parenting	2023-01-26 11:40:54 -05:00
Thomas Stromberg	83cc38207e	fpr: minikube, tailscale, dex, pacman, virtualbox, steam, lsmod, busybox, etc	2023-01-23 20:33:52 -05:00
Thomas Stromberg	f7c1557aee	fpr: libinput, kue, updatedb, mariadb, terraform	2023-01-23 08:13:04 -05:00
Thomas Stromberg	280b187b20	fpr: systemctl calls, go tests, WebEx, MariaDB, Brave	2023-01-20 17:55:48 -05:00
Thomas Stromberg	d55bd17154	listening ports: Add goland exception	2023-01-20 10:00:40 -05:00
Thomas Stromberg	e6824d87e9	Run 'make reformat'	2023-01-20 09:24:24 -05:00
Thomas Stromberg	dc154a6199	FPR: Meta Pixel Helper, systemctl, pia-daemon, 1Passwd, iTerm, Brave	2023-01-20 09:04:00 -05:00
Thomas Stromberg	8e9ae0fda3	Less false positives: particularly among systemctl calls	2023-01-20 08:40:08 -05:00
Thomas Stromberg	67fb9cad14	Remove false positive: apt-helper calls to systemctl	2023-01-19 12:16:20 -05:00
Thomas Stromberg	710ca28ed9	False positives: apt-daily, github runner, Slack helper, Foxit, syncthing	2023-01-19 11:52:31 -05:00
Thomas Stromberg	24bdaa243a	New detector: unexpected systemctl calls	2023-01-19 11:39:52 -05:00
Thomas Stromberg	f5e08ceec2	False positives: Chrome extensions, Steam games, tmp files, Photoshop	2023-01-18 14:10:33 -05:00
Thomas Stromberg	7b79b19090	False positive reduction: Messenger, Chrome, Final Cut Pro, etc	2023-01-18 09:49:56 -05:00
Thomas Stromberg	42e9f2721b	FP removal: plymouth, 1Password, firejail, systemd	2023-01-16 13:55:53 -05:00
Thomas Stromberg	d415b36b57	FP removal: Selenium, PolKit helper, gephi, docker-credential-gcloud, firejail, etc	2023-01-16 12:56:39 -05:00
Thomas Stromberg	e3401a07c6	Weekend false-positive flush	2023-01-14 08:19:26 -05:00
Thomas Stromberg	1b79359b68	Friday False Positive Flush	2023-01-13 14:10:43 -05:00
Thomas Stromberg	c7e4252af1	Remove false positives, fix some queries that failed to show a parent pid	2023-01-09 10:46:30 -05:00

1 2

100 Commits