RepoMirrors/osquery-defense-kit
1
0
Fork 0
mirror of https://github.com/chainguard-dev/osquery-defense-kit synced 2025-02-16 17:37:06 +00:00
Code Issues Packages Projects Releases Wiki Activity
742 Commits 1 Branch 31 Tags 6.9 MiB
c04901d50a
Commit Graph

742 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Thomas Strömberg
c04901d50a
Merge pull request #202 from tstromberg/ci 
Add Github CI job
 2023-02-24 12:19:08 -05:00
Thomas Stromberg
804a345da7
Add Github CI job 2023-02-24 12:18:29 -05:00
Thomas Strömberg
be31037062
Merge pull request #201 from tstromberg/ci 
Introduce CI testing & 'make verify' command.
 2023-02-24 12:17:16 -05:00
Thomas Stromberg
995c1e1104
Fixes so that ODK can run under CI 2023-02-24 12:15:56 -05:00
Thomas Strömberg
de899a68bb
Merge pull request #200 from tstromberg/makefile 
Makefile: collect as root
 2023-02-23 21:46:11 -05:00
Thomas Stromberg
1ac3d4fbb8
Makefile: collect as root 2023-02-23 21:45:34 -05:00
Thomas Strömberg
6c9f275bbc
Merge pull request #199 from tstromberg/main 
Makefile: add "make collection" target, improve others
 2023-02-23 21:30:43 -05:00
Thomas Stromberg
3984b82701
Makefile: add "make collection" target, improve others 2023-02-23 21:29:28 -05:00
Thomas Strömberg
1ec25c8d53
Merge pull request #198 from tstromberg/ir 
incident_response: bugfixes across queries
 2023-02-23 21:25:36 -05:00
Thomas Stromberg
5fa706805e
incident_response: bugfixes across queries 2023-02-23 21:24:52 -05:00
Thomas Strömberg
e50a84f382
Merge pull request #197 from tstromberg/rootkit-detection 
incident response: remove ever-changing columns from process table
 2023-02-23 17:13:06 -05:00
Thomas Stromberg
db792dc3c2
incident response: remove ever-changing columns from process table 2023-02-23 17:12:45 -05:00
Thomas Strömberg
a7c2b1d2fd
Merge pull request #196 from tstromberg/rootkit-detection 
incident response: Rename files-from-proc to process-files.
 2023-02-23 17:12:18 -05:00
Thomas Stromberg
8ce348dfc4
Rename files-from-proc to process-files. 2023-02-23 17:11:35 -05:00
Thomas Strömberg
6eff54d7f3
Merge pull request #195 from tstromberg/rootkit-detection 
incident response: Add dump of /dev files
 2023-02-23 17:11:10 -05:00
Thomas Strömberg
c198de4133
Merge pull request #194 from tstromberg/rootkit-detection 
Add detectors for the reveng_rtkit rootkit
 2023-02-23 17:10:39 -05:00
Thomas Stromberg
c8ecc36079
incident response: Add dump of /dev files 2023-02-23 17:09:25 -05:00
Thomas Stromberg
a7c2ef97e1
Add detectors for the reveng_rtkit rootkit 2023-02-23 17:05:11 -05:00
Thomas Strömberg
0cba2837bc
Merge pull request #193 from tstromberg/debian 
Debian uid0: add dhclient and unattended-upgr
 2023-02-23 10:39:15 -05:00
Thomas Stromberg
d253820cf2
Debian: add dhclient and unattended-upgr 2023-02-23 10:35:26 -05:00
Thomas Strömberg
ab5c01a998
Merge pull request #190 from zestysoft/fpr-2 
Add osquery to keyboard_sniffer
 2023-02-23 10:34:04 -05:00
Thomas Strömberg
f1e7474b3f
Merge pull request #192 from tstromberg/debian 
Add exceptions for Debian running under lima
 2023-02-23 10:33:46 -05:00
Thomas Stromberg
d904ca60cf
Add exceptions for Debian running under lima 2023-02-23 10:33:10 -05:00
Thomas Strömberg
26099f5fb7
Merge pull request #191 from tstromberg/postmortem 
Add 60 new postmortem queries for before/after analysis
 2023-02-23 09:38:20 -05:00
Thomas Stromberg
4d626923cd
Add many new incident response queries 2023-02-23 09:35:38 -05:00
Ian Brown
737eb93b48
Add osquery to keyboard_sniffer 
Signed-off-by: Ian Brown <ian@zestysoft.com>
 2023-02-21 22:07:08 -08:00
Thomas Strömberg
eeb8792ee8
Merge pull request #189 from tstromberg/ubuntu-lts-lima 
False positive reduction: Ubuntu LTS running on Lima VM
 2023-02-20 19:13:29 -05:00
Thomas Stromberg
baab22e282
Run make reformat-updates 2023-02-20 19:12:51 -05:00
Thomas Stromberg
3a4e0450a6
Uncomment remaining columns 2023-02-20 19:11:23 -05:00
Thomas Stromberg
d3780c0a6c
Remove ubuntu-lts false-positives on lima 2023-02-20 19:10:12 -05:00
Thomas Strömberg
7e2d9bf7eb
Merge pull request #188 from tstromberg/fpr-weekend 
fpr: exceptions for pacman, StreamDeck, gcloud, Rocket, thunderbird
 2023-02-20 18:05:22 -05:00
Thomas Stromberg
e8cf7ecbe3
fpr: exceptions for pacman, StreamDeck, gcloud, Rocket, thunderbird 2023-02-20 18:04:17 -05:00
Thomas Strömberg
9caafd4743
Merge pull request #187 from tstromberg/systemd-refactor 
systemd units: increase size bucket from 100 to 225
 2023-02-20 13:10:54 -05:00
Thomas Stromberg
82de4c9c2a
systemd units: increase size bucket from 100 to 225 2023-02-20 13:10:07 -05:00
Thomas Strömberg
575767eea1
Merge pull request #186 from tstromberg/fix-changes 
macos sniffers: back out osquery change until we understand it better
 2023-02-20 12:01:04 -05:00
Thomas Stromberg
75b7ec5552
macos sniffers: back out osquery change until we understand it better, sort exceptions 2023-02-20 11:58:43 -05:00
Thomas Strömberg
d6f903bb00
Merge pull request #185 from zestysoft/fpr-1 
fpr: Fujitsu, vmware, objective-see, paragon, etc
 2023-02-20 11:53:31 -05:00
Ian Brown
d64fd44604
fix 
Signed-off-by: Ian Brown <ian@zestysoft.com>
 2023-02-19 19:44:31 -08:00
Ian Brown
91f653262c
More osquery matches 
Signed-off-by: Ian Brown <ian@zestysoft.com>
 2023-02-19 11:24:54 -08:00
Ian Brown
96e95a7f37
Add additional talkers 
Signed-off-by: Ian Brown <ian@zestysoft.com>
 2023-02-19 11:11:13 -08:00
Ian Brown
74114dd34e
Swap like for equal 
Signed-off-by: Ian Brown <ian@zestysoft.com>
 2023-02-18 16:11:35 -08:00
Ian Brown
ffd552aa54
Missed one 
Signed-off-by: Ian Brown <ian@zestysoft.com>
 2023-02-18 16:10:48 -08:00
Ian Brown
551d7dbb8c
fpr: Fujitsu, vmware, objective-see, paragon, etc 
Signed-off-by: Ian Brown <ian@zestysoft.com>
 2023-02-18 12:02:40 -08:00
Thomas Strömberg
53b34621d3
Merge pull request #184 from tstromberg/friday-sweep 
overwritten memory: filter out pathless kernel bits
 2023-02-17 17:21:25 -05:00
Thomas Stromberg
5949ad1551
overwritten memory: filter out pathless kernel bits 2023-02-17 17:20:20 -05:00
Thomas Strömberg
31d74f1e68
Merge pull request #183 from tstromberg/friday-sweep 
Rewrite exotic-command-events-linux with INSTR to decrease CPU time
 2023-02-17 16:40:27 -05:00
Thomas Stromberg
c2b0423606
Rewrite exotic-command-events-linux with INSTR to decrease CPU time 2023-02-17 16:39:52 -05:00
Thomas Strömberg
4d90caa0ff
Merge pull request #182 from tstromberg/friday-sweep 
gcloud: filter out last_update_check, last_survey_prompt
 2023-02-17 12:04:10 -05:00
Thomas Stromberg
504ef2c8dd
gcloud: filter out last_update_check, last_survey_prompt 2023-02-17 12:03:36 -05:00
Thomas Strömberg
a4ad9b2aaa
Merge pull request #181 from tstromberg/friday-sweep 
execdir events macOS: Fix ambiguous path
 2023-02-17 12:01:38 -05:00