RepoMirrors
/
osquery-defense-kit
mirror of https://github.com/chainguard-dev/osquery-defense-kit
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
836 Commits 1 Branch 31 Tags 5.7 MiB
Commit Graph

37 Commits

Author SHA1 Message Date
Thomas Stromberg df925eaa6c
fpr: lghub, brew, pve, chrome exts, etc 2023-04-20 20:45:35 -04:00
Thomas Stromberg 21cadbeb28
move missing comma 2023-03-24 11:20:37 -04:00
Thomas Stromberg 284796b895
fpr: snyk-ls, electron 2023-03-24 11:03:55 -04:00
Thomas Stromberg 570c36dc71
fpr: tilt, electron, cilium, write/read improvements 2023-03-24 10:42:06 -04:00
Thomas Stromberg 7a78199906
fpr: traceroute, thunderbird, garmin installer, chainctl, etc 2023-03-21 14:07:06 -04:00
Thomas Stromberg fbab3701c0
fpr: Docker, Zwift, macOS updates, etc 2023-03-20 17:05:02 -04:00
Thomas Stromberg 9eeae99f24
modernize high-disk-bytes queries 2023-03-17 10:48:17 -04:00
Thomas Stromberg 824efa9705
fpr: yum, systemd, cloud-sql-proxy, image-automation-controller, helm, bom, aws 2023-03-14 19:00:44 -04:00
Thomas Stromberg f25cfe1399
fpr: aws-sdk, melange, Tailscale, Xprotect, etc 2023-03-03 07:24:42 -05:00
Thomas Stromberg fb7cd56249
fpr: abrt-dbus, gdm, chrome, ff, etc 2023-02-24 16:30:17 -05:00
Thomas Stromberg 45ab183557
fpr: New Chrome etxensions, vbox, chrome, gcloud, gdm3, yay, etc 2023-01-30 14:58:47 -05:00
Thomas Stromberg f7c1557aee
fpr: libinput, kue, updatedb, mariadb, terraform 2023-01-23 08:13:04 -05:00
Thomas Stromberg e6824d87e9
Run 'make reformat' 2023-01-20 09:24:24 -05:00
Thomas Stromberg d415b36b57
FP removal: Selenium, PolKit helper, gephi, docker-credential-gcloud, firejail, etc 2023-01-16 12:56:39 -05:00
Thomas Stromberg 420d269025
Reformat and reduce false positives 2023-01-09 15:10:48 -05:00
Thomas Stromberg 2bcf9316cf
Add some hash fields, fix some false positives 2023-01-09 09:04:38 -05:00
Thomas Stromberg ba23df1fef
Catch up to other false positives over winter break 2023-01-04 11:03:38 -05:00
Thomas Stromberg a8b95a2c9e
New Years cleanup: monitorix, snap-confine, steam, spotify, etc 2023-01-03 08:50:19 -05:00
Thomas Stromberg 404adf3e1f
Another false positive flush: Capital One, tailscaled, agetty, snap, ninja, epson printers, etc 2022-12-15 16:51:58 -05:00
Thomas Stromberg 6a7c4b6668
Pre-Thanksgiving False Positive cleanup, including Pop!OS support 2022-11-22 09:21:03 -05:00
Thomas Stromberg c9605d1c98
Add exceptions for terraform, hugo, macOS updates 2022-11-08 14:32:38 -05:00
Thomas Stromberg 3dec23370c
More exclusions 2022-11-08 12:59:11 -05:00
Thomas Stromberg caab2a6c82
Loads of fresh new false-positives removal 2022-10-31 17:40:37 -04:00
Thomas Stromberg 6e2f7059b5
Add exceptions for Steam on Linux 2022-10-30 10:19:33 -04:00
Thomas Stromberg a00af6c1fa
Merge another day worth of false positives 2022-10-27 10:23:15 -04:00
Thomas Stromberg 23351973ea
detection: Reduce Linux desktop false positives 2022-10-25 11:39:51 -04:00
Thomas Stromberg 17f77468f4
Add coreduetd exception 2022-10-24 11:09:21 -04:00
Thomas Stromberg 515f51daa6
Raise bps limit, add exception for systemd 2022-10-21 11:46:17 -04:00
Thomas Stromberg ab94de7770
Add a lot more mitre data 2022-10-19 16:56:32 -04:00
Thomas Stromberg 1bbd284a3c
Work through another series of false positives 2022-10-19 15:26:03 -04:00
Thomas Stromberg 9bf85e3137
Flush out more false positives 2022-10-17 20:37:44 -04:00
Thomas Stromberg 2b5ea76729
Apply 'npx sql-formatter -l sqlite' 2022-10-17 19:06:17 -04:00
Thomas Stromberg 984f754990
Add more false positive filters 2022-10-17 19:01:16 -04:00
Thomas Stromberg 58dec12a49
Remove some false positives 2022-10-17 17:31:47 -04:00
Thomas Stromberg d2bdffe89e
Add support for interval tags 2022-10-14 14:19:13 -04:00
Thomas Stromberg 20452b128b
Migrate query strings from double to single apostrophes 2022-10-13 14:59:32 -04:00
Thomas Stromberg 26ee658c4a
Initial re-organization around the MITRE ATT&CK framework 2022-10-11 21:53:36 -04:00