RepoMirrors
/
osquery-defense-kit
mirror of https://github.com/chainguard-dev/osquery-defense-kit
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
1,075 Commits 1 Branch 31 Tags 5.6 MiB
Commit Graph

1075 Commits

Author SHA1 Message Date
Thomas Strömberg d02d01b62d
Merge pull request #341 from tstromberg/osqtool-141 
Upgrade osqtool to v1.4.1
 2024-01-08 15:56:01 -05:00
Thomas Stromberg 45112c4b70
Upgrade osqtool to v1.4.1 2024-01-08 15:55:29 -05:00
Jed Salazar 3914fa7e40
Merge pull request #340 from jedsalazar/pr/jed/add-macdown-exception 
Add Macdown as an exception to minimal-socket-client-macos
 2023-12-26 12:49:20 -07:00
Jed Salazar 243303ef75
Add Macdown as an exception to minimal-socket-client-macos 
Signed-off-by: Jed Salazar <jedsalazar@gmail.com>
 2023-12-20 12:14:54 -07:00
Thomas Strömberg 79bbdb0257
Merge pull request #339 from tstromberg/combined-detection 
make: Add combined-detection.conf & osqtool versioning
 2023-12-15 16:30:29 -06:00
Thomas Stromberg 3365d81d22
makefile: Add osqtool versioning 2023-12-15 17:29:26 -05:00
Thomas Stromberg 2be637e9c3
Add combined-detection rule 2023-12-15 17:25:54 -05:00
Thomas Strömberg f8cc56cfde
Merge pull request #338 from tstromberg/dec15 
fpr: A little bit of everything
 2023-12-15 16:21:04 -06:00
Thomas Stromberg 202ce6be45
Ignore syncthing, nuclei, fix typos 2023-12-15 17:19:38 -05:00
Thomas Stromberg 8b9894ec74
filter out CSV from yara 2023-12-15 17:12:50 -05:00
Thomas Stromberg 800e4aa2cc
fpr: kind of everything 2023-12-15 17:10:06 -05:00
Thomas Strömberg b5f61f4847
Merge pull request #337 from tstromberg/linuxperf 
exotic events linux: optimize query for reduced system CPU
 2023-12-12 11:57:55 -06:00
Thomas Stromberg 2c783f17f4
exotic events linux: remove uptime join, use empty string 2023-12-12 12:56:09 -05:00
Thomas Stromberg 877b2c495b
exotic events linux: double interval, reduce hash lookups 2023-12-12 12:33:38 -05:00
Thomas Strömberg 1aaf59c36c
Merge pull request #336 from tstromberg/dec5 
fpr: Capture One, Grammarly, Mullvad, etc
 2023-12-08 16:13:31 -06:00
Thomas Stromberg 310e51d2a2
fpr: Capture One, Grammarly, Mullvad, etc 2023-12-08 17:12:27 -05:00
Thomas Strömberg 803f21cb8a
Merge pull request #335 from tstromberg/fpr-nov2 
fpr: ThingsWidgetExtension
 2023-11-02 11:18:37 -04:00
Thomas Stromberg 40078d357a
fpr: ThingsWidgetExtension 2023-11-02 11:17:58 -04:00
Thomas Strömberg 9e9da1244a
Merge pull request #334 from tstromberg/fpr-nov2 
Optimize YARA process queries by deduping paths
 2023-11-02 10:09:05 -04:00
Thomas Stromberg 5802021124
Optimize YARA process queries by deduping paths 2023-11-02 09:53:26 -04:00
Thomas Strömberg 6a343d09a7
Merge pull request #333 from tstromberg/fpr-nov2 
fpr: dbeaver, AwesomeScreenshot, Hyper, etc
 2023-11-02 09:40:55 -04:00
Thomas Stromberg 6e1e7f29c2
fpr: dbeaver, AwesomeScreenshot, Hyper, etc 2023-11-02 09:39:41 -04:00
Thomas Strömberg 7ce3a5222c
Merge pull request #332 from tstromberg/fpr-oct31 
fpr: aws, java, arch, cody, google, wireshark, etc
 2023-10-31 11:40:36 -04:00
Thomas Stromberg 0060bb087e
fpr: aws, java, arch, cody, google, wireshark, etc 2023-10-31 11:40:10 -04:00
Thomas Strömberg 51baf32292
Merge pull request #331 from tstromberg/fpr-oct25 
fpr: rootlesskit, sshd, Fedora, Oracle Linux
 2023-10-25 13:42:56 -04:00
Thomas Stromberg 23fadda33b
fpr: rootlesskit, sshd, Fedora, Oracle Linux 2023-10-25 13:42:22 -04:00
Thomas Strömberg ad8d95516c
Merge pull request #330 from chainguard-dev/fpr-oct25 
fpr: Electron, Github
 2023-10-25 09:49:32 -04:00
Thomas Stromberg d7990dd063
fpr: Electron, Github 2023-10-25 09:49:07 -04:00
Thomas Strömberg 3e25510b8c
Merge pull request #329 from chainguard-dev/fpr-oct25 
fpr: mtr, vscode, cpptools, cron, firefox
 2023-10-25 09:18:55 -04:00
Thomas Stromberg 7d9aced380
fpr: mtr, vscode, cpptools, cron, firefox 2023-10-25 09:18:04 -04:00
Thomas Strömberg 7b76585736
Merge pull request #328 from tstromberg/fpr-oct24 
fpr: osquery release spam
 2023-10-24 18:32:59 -04:00
Thomas Stromberg 9e6df92e3f
fpr: osquery release spam 2023-10-24 18:32:03 -04:00
Thomas Strömberg 5cc769c5a0
Merge pull request #327 from tstromberg/fpr-oct24 
fpr: Kolide, qemu, bash, monday, macOS
 2023-10-24 18:03:49 -04:00
Thomas Stromberg 3c2be1c16e
fpr: Kolide, qemu, bash, monday, macOS 2023-10-24 18:01:36 -04:00
Thomas Strömberg 3e970ed93f
Merge pull request #326 from tstromberg/fpr-sep26 
makefile: Extend timeouts for YARA queries
 2023-10-03 11:21:24 -04:00
Thomas Stromberg 9a03776699 Extend timeouts 2023-10-03 11:20:40 -04:00
Thomas Strömberg db67613a38
Merge pull request #325 from tstromberg/fpr-oct2 
fpr: containerd, hyper, Docker, Chromium, spotify, busycal
 2023-10-02 16:13:10 -04:00
Thomas Stromberg bf66053d5c
fpr: containerd, hyper, Docker, Chromium, spotify, busycal 2023-10-02 16:11:44 -04:00
Thomas Strömberg c8f2fa0cb5
Merge pull request #324 from tstromberg/fpr-sep26 
fpr: Monday, Splunk, Gnome, Git, Grammarly, etc
 2023-10-02 11:46:20 -04:00
Thomas Stromberg 42c0a15e2a Fix vpl, kolide exceptions, increase timeouts for yara 2023-10-02 11:45:27 -04:00
Thomas Stromberg 5f2680ca8b
fpr: Monday, Splunk, Gnome, Git, Grammarly, etc 2023-10-02 11:35:11 -04:00
Thomas Strömberg d6fc3e09cd
Merge pull request #323 from tstromberg/fpr-sep26 
Broaden the talker exception list
 2023-09-26 16:42:13 -04:00
Thomas Stromberg ed473f438d
Broaden the talker exception list 2023-09-26 16:41:47 -04:00
Thomas Strömberg a6c065200c
Merge pull request #322 from tstromberg/fpr-sep26 
fpr: docker, fish, Stream Deck, rsync, lima, macOS
 2023-09-26 15:16:45 -04:00
Thomas Stromberg f73263bece
fpr: docker, fish, Stream Deck, rsync, lima, macOS 2023-09-26 15:14:38 -04:00
Thomas Strömberg 25f7c2cacd
Merge pull request #321 from tstromberg/unusual-location- 
Add detector for listening from an unusual location
 2023-09-26 13:13:21 -04:00
Thomas Strömberg c3df9bdea5
Merge pull request #320 from tstromberg/lima-ubuntu-fpr 
Reduce false positives on Ubuntu + Lima
 2023-09-26 13:13:13 -04:00
Thomas Stromberg d3efd381f0
Add detector for listening from an unusual location 2023-09-26 13:12:51 -04:00
Thomas Stromberg a7f0b3001d
Reduce false positives on Ubuntu + Lima 2023-09-26 13:09:22 -04:00
Thomas Strömberg 417b0a6408
Merge pull request #319 from tstromberg/fpr-sep21 
Address issues which kept some Linux alerts from firing
 2023-09-25 08:26:09 -04:00