RepoMirrors
/
osquery-defense-kit
mirror of https://github.com/chainguard-dev/osquery-defense-kit
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
778 Commits 1 Branch 31 Tags 5.7 MiB
Commit Graph

22 Commits

Author SHA1 Message Date
Thomas Stromberg f25cfe1399
fpr: aws-sdk, melange, Tailscale, Xprotect, etc 2023-03-03 07:24:42 -05:00
Thomas Stromberg cf858d193d
fpr: ACE, Prusa, steam, pacman, Xcode, Adobe 2023-02-14 20:16:02 -05:00
Thomas Stromberg 8d4531198f
fpr: My ORA, Ecamm, setroubleshootd, etc 2023-02-14 19:46:36 -05:00
Thomas Stromberg 72326c3b5c
Massive reduction of false positives across the board 2023-02-08 20:06:26 -05:00
Thomas Stromberg e57f03b89f
fpr: Opera, TextExpander, socket_vmnet, elive, etc 2023-02-08 15:12:10 -05:00
Thomas Stromberg 9652464b27
Add local port and address to network queries 2023-02-08 10:12:44 -05:00
Thomas Stromberg 141ab28310
False positives: autodocs, jupyter, apko 2023-01-27 10:38:01 -05:00
Thomas Stromberg 280b187b20
fpr: systemctl calls, go tests, WebEx, MariaDB, Brave 2023-01-20 17:55:48 -05:00
Thomas Stromberg 420d269025
Reformat and reduce false positives 2023-01-09 15:10:48 -05:00
Thomas Stromberg 2bcf9316cf
Add some hash fields, fix some false positives 2023-01-09 09:04:38 -05:00
Thomas Stromberg 1aefbe5e91
More false positive removal 2023-01-06 16:01:35 -05:00
Thomas Stromberg 404adf3e1f
Another false positive flush: Capital One, tailscaled, agetty, snap, ninja, epson printers, etc 2022-12-15 16:51:58 -05:00
Thomas Stromberg 16f9b2f3ee
Remove more false positives: kind, gopls, docker.socket, etc 2022-12-15 10:20:16 -05:00
Thomas Stromberg 39e9aee6eb
Split parent-missing-from-disk, address false positives 2022-11-23 07:10:03 -05:00
Thomas Stromberg 8047c88374
Run 'make reformat' 2022-11-16 11:02:29 -05:00
Thomas Stromberg f93a18d112
Refactor execdir, remove false positives 2022-11-07 20:36:37 -05:00
Thomas Stromberg 8f873cfd85
Add exception for Tailscale MagicDNS 2022-11-04 11:52:39 -04:00
Thomas Stromberg 6c78695b73
Final KubeCon 2022 false-positive cleanup 2022-10-28 19:24:00 -04:00
Thomas Stromberg f2023c0021
Update interval tags, mostly for persistence 2022-10-14 14:26:49 -04:00
Thomas Stromberg d2bdffe89e
Add support for interval tags 2022-10-14 14:19:13 -04:00
Thomas Stromberg 20452b128b
Migrate query strings from double to single apostrophes 2022-10-13 14:59:32 -04:00
Thomas Stromberg 26ee658c4a
Initial re-organization around the MITRE ATT&CK framework 2022-10-11 21:53:36 -04:00