Commit Graph

255 Commits

Author SHA1 Message Date
Thomas Strömberg
c1807aa19a
Merge pull request #23 from chainguard-dev/exotica
Filter out sh -i if launched by sh, ukh if launchedb by lima, Socket.…
2022-10-21 14:12:48 -04:00
Thomas Stromberg
356db76a44
Filter out sh -i if launched by sh, ukh if launchedb by lima, Socket. if launched by compile 2022-10-21 14:11:45 -04:00
Thomas Strömberg
f9b411d27b
Merge pull request #19 from chainguard-dev/false-positives-again
Fix corrupt docker-container-mounting-root query, flush out false positives
2022-10-21 12:19:10 -04:00
Thomas Stromberg
a64465f07b
Add exception for melange/wolfi 2022-10-21 12:13:16 -04:00
Thomas Stromberg
195330da9a
Fix docker-mounting-root query that got stomped on 2022-10-21 12:05:06 -04:00
Thomas Stromberg
9f2423a51e
Add exception for Fumihiko Takayama (Karabiner-Elements) 2022-10-21 11:50:52 -04:00
Thomas Stromberg
ffead2f717
Add Google Chat, Youtube, Bardeen, Leadjet 2022-10-21 11:49:54 -04:00
Thomas Stromberg
515f51daa6
Raise bps limit, add exception for systemd 2022-10-21 11:46:17 -04:00
Thomas Stromberg
ed6f37e11b
Record children, add known hosts exception for limactl 2022-10-21 11:45:25 -04:00
Thomas Stromberg
05ccb9b718
Allow larger shell/python programs 2022-10-21 11:41:33 -04:00
Thomas Stromberg
6bb1785df9
Add carevout for /nix/store and caskroom 2022-10-21 11:40:47 -04:00
Thomas Stromberg
1afd3f6a75
add exceptions for nix, kde paths, rvictl, and profile 2022-10-21 11:37:55 -04:00
Thomas Stromberg
ed2bede71f
linux https client: Add 1password 2022-10-21 11:28:31 -04:00
Thomas Stromberg
770496edea
dev opener: Add bluetoothd 2022-10-21 11:27:42 -04:00
Thomas Stromberg
2538e7f7ce
macos talkers: add grype, chainctl 2022-10-21 11:26:50 -04:00
Thomas Stromberg
a31108984f
linux talkers: add more ports for thunderbird, chrome, firefox 2022-10-21 11:22:24 -04:00
Thomas Stromberg
1359cdd38d
linux ports: add registry on 5000 2022-10-21 11:15:05 -04:00
Thomas Stromberg
b6af630ad8
linux https clients: add nix, pacman, thunderbird, chainctl, kubectl, socket process, go, tf, webkit, xmobar 2022-10-21 11:12:44 -04:00
Thomas Strömberg
dfe9f64953
Merge pull request #18 from chainguard-dev/reformat2
Reduce query intervals for some higher overhead queries
2022-10-20 14:56:38 -04:00
Thomas Stromberg
7d568898c1
Reduce query intervals for some higher overhead queries 2022-10-20 14:56:16 -04:00
Thomas Strömberg
4bbfdcb275
Merge pull request #17 from chainguard-dev/false-positives-npm-exec
exotic commands: Add UserKnownHostsFile from event-based queries, fix phash join
2022-10-20 14:33:03 -04:00
Thomas Strömberg
ad67a18549
Merge pull request #16 from gmarnin/patch-1
Missing a ;
2022-10-20 14:32:14 -04:00
Thomas Stromberg
1020cd6991
exotic commands (state-based): Add UserKnownHostsFile from event based, fix phash join 2022-10-20 14:31:36 -04:00
Marnin
51b60f9569
Missing a ; 2022-10-20 14:16:17 -04:00
Thomas Strömberg
c8bf0265eb
Merge pull request #15 from chainguard-dev/false-positives-npm-exec
linux https clients: Add exception for npm exec
2022-10-20 14:16:14 -04:00
Thomas Stromberg
905046cd2a
linux https clients: Add exception for npm exec 2022-10-20 14:15:57 -04:00
Thomas Strömberg
8b16ce2aa4
Merge pull request #14 from chainguard-dev/false-positives
False-positive update: Chrome, /usr/local/bin
2022-10-20 14:13:03 -04:00
Thomas Stromberg
d55d1db202
Add /usr/local/bin 2022-10-20 14:11:35 -04:00
Thomas Stromberg
416bdd8fd1
Add broader port exception for Chrome 2022-10-20 14:11:19 -04:00
Thomas Strömberg
c082d0caa8
Merge pull request #13 from chainguard-dev/reformat
Run 'make reformat'
2022-10-20 14:03:17 -04:00
Thomas Strömberg
0c1bf8043e
Merge pull request #12 from chainguard-dev/icmp-events
Add events-based detector for ICMP sockets
2022-10-20 14:03:03 -04:00
Thomas Stromberg
ec1a5b6c17
Add events-based detector for ICMP sockets 2022-10-20 14:02:06 -04:00
Thomas Stromberg
a68a3496e9
Run 'make reformat' 2022-10-20 14:01:34 -04:00
Thomas Strömberg
6d535ddc37
Merge pull request #11 from chainguard-dev/talkers
More net exceptions: ssh, Linear Orbit, Microsoft, Electron
2022-10-20 13:54:30 -04:00
Thomas Stromberg
26fbe36e77
Linux: Add electron as an HTTPS client 2022-10-20 13:53:18 -04:00
Thomas Stromberg
9ff14203b6
macOS: Allow Linear Orbit and Microsoft to listen on a wider range of ports 2022-10-20 13:52:34 -04:00
Thomas Stromberg
ad832bc280
linux talkers: Treat /snap as /opt 2022-10-20 13:50:14 -04:00
Thomas Stromberg
6624c8c620
linux talkers: Add ssh exception 2022-10-20 13:46:55 -04:00
Thomas Strömberg
31bd0a5558
Merge pull request #10 from chainguard-dev/talkers
linux talkers: Add snap Slack and NixOS bash exception
2022-10-20 13:44:25 -04:00
Thomas Stromberg
8ddc3de482
linux talkers: Add snap Slack and NixOS bash exception 2022-10-20 13:44:09 -04:00
Thomas Strömberg
bab02a6295
Merge pull request #9 from chainguard-dev/false-positives
unexpected-library-entries: Add more /Library entries from the wild
2022-10-20 13:39:15 -04:00
Thomas Stromberg
44324e3811
Add more /Library entries from the wild 2022-10-20 13:38:33 -04:00
Thomas Stromberg
0706cc458a
listening ports: Add mtr-packet exception 2022-10-20 13:34:49 -04:00
Thomas Strömberg
cb6238e78e
Merge pull request #8 from chainguard-dev/bugfix
unexpected-talkers-linux: Remove duplicate comma
2022-10-20 13:20:57 -04:00
Thomas Stromberg
b4776ea60f
Remove duplicate comma 2022-10-20 13:20:33 -04:00
Thomas Strömberg
95e5c925e9
Merge pull request #7 from chainguard-dev/false-positives
Add exception for gitsign
2022-10-20 13:18:30 -04:00
Thomas Stromberg
0a92cbb9ce
Add exception for gitsign 2022-10-20 13:17:52 -04:00
Thomas Strömberg
1816e1472e
Merge pull request #6 from chainguard-dev/false-positives
high-disk-bytes-written: Add exception for flatpak-system-helper
2022-10-20 13:16:59 -04:00
Thomas Stromberg
e2c41243d4
high-disk-bytes-written: Add exception for flatpak-system-helper 2022-10-20 13:16:33 -04:00
Thomas Strömberg
ce3b58c9f6
Merge pull request #5 from chainguard-dev/false-positives
touched: Add exception for local kubectl binary
2022-10-20 13:15:53 -04:00