osquery-defense-kit

mirror of https://github.com/chainguard-dev/osquery-defense-kit synced 2024-12-16 19:14:33 +00:00

Author	SHA1	Message	Date
Thomas Stromberg	e09e410407	Rewrite and split linux talkers	2022-10-20 07:04:18 -04:00
Thomas Stromberg	f6317c2af8	Further reduction of false positives	2022-10-19 17:07:52 -04:00
Thomas Stromberg	d8e91bac63	Add missing files	2022-10-19 16:56:43 -04:00
Thomas Stromberg	ab94de7770	Add a lot more mitre data	2022-10-19 16:56:32 -04:00
Thomas Stromberg	cee1710f74	Finish out the incident_response refactor	2022-10-19 16:19:53 -04:00
Thomas Stromberg	9b868bfaf5	Improve the README wording	2022-10-19 15:39:13 -04:00
Thomas Stromberg	1bbd284a3c	Work through another series of false positives	2022-10-19 15:26:03 -04:00
Thomas Stromberg	28f52b4c51	Sync module list with known observed	2022-10-19 15:02:44 -04:00
Thomas Stromberg	61294aa8a8	Add dnf	2022-10-19 14:51:33 -04:00
Thomas Stromberg	9f06873ae9	Don't mind shells hanging out in ~/.Trash	2022-10-18 14:51:51 -04:00
Thomas Stromberg	7483c845f4	Split the recently-created-executables between macOS/Linux	2022-10-18 14:42:26 -04:00
Thomas Stromberg	8679ca943d	More false positive management	2022-10-18 14:26:47 -04:00
Thomas Stromberg	12c7f8360d	Filter out more false positives	2022-10-18 11:44:03 -04:00
Thomas Stromberg	83a8c0d589	Improve how we deal with the zfs case	2022-10-18 11:40:42 -04:00
Thomas Stromberg	535d835290	Simplify exotic commands queries, remove more false positives	2022-10-18 11:32:18 -04:00
Thomas Stromberg	5839a20fb3	Detect more	2022-10-18 10:08:34 -04:00
Thomas Stromberg	0160d05ed3	Add new spotlight queries to surface unexpected dmg/iso downloads	2022-10-18 08:52:05 -04:00
Thomas Stromberg	346309f3d2	Add missing apostrophe	2022-10-17 21:08:29 -04:00
Thomas Stromberg	50d1b42f80	Add provisio	2022-10-17 20:59:09 -04:00
Thomas Stromberg	8ddd5764e8	Remove some false positives	2022-10-17 20:57:56 -04:00
Thomas Stromberg	9bf85e3137	Flush out more false positives	2022-10-17 20:37:44 -04:00
Thomas Stromberg	2b5ea76729	Apply 'npx sql-formatter -l sqlite'	2022-10-17 19:06:17 -04:00
Thomas Stromberg	984f754990	Add more false positive filters	2022-10-17 19:01:16 -04:00
Thomas Stromberg	d89335a21e	Add child/grandchild, filter out zfs recv false positive	2022-10-17 18:46:00 -04:00
Thomas Stromberg	58dec12a49	Remove some false positives	2022-10-17 17:31:47 -04:00
Thomas Stromberg	9c233f5248	Decrease poll time to 60 seconds	2022-10-17 17:31:32 -04:00
Thomas Stromberg	5c7ec52350	Lower polling time to once a minute	2022-10-17 17:30:41 -04:00
Thomas Stromberg	de51dcdfcb	Minor adjustments	2022-10-17 17:11:15 -04:00
Thomas Stromberg	b72e052c09	Split env-values is case it helps decrease CPU time	2022-10-17 17:10:51 -04:00
Thomas Stromberg	9616a6ab36	Use 'rapid' instead of 'continous' for tagging	2022-10-17 08:43:29 -04:00
Thomas Stromberg	27a3013bba	Split up the unexpected-filesystem-entries by platform	2022-10-14 15:14:24 -04:00
Thomas Stromberg	fa49494e36	Add /var/run/current-system/sw/bin	2022-10-14 14:37:22 -04:00
Thomas Stromberg	927d2ab025	Add /etc/periodic/*, resort directories	2022-10-14 14:36:41 -04:00
Thomas Stromberg	9889a9308f	Make unexpected-var-executables safe for execution on macOS	2022-10-14 14:31:39 -04:00
Thomas Stromberg	f2023c0021	Update interval tags, mostly for persistence	2022-10-14 14:26:49 -04:00
Thomas Stromberg	ab0fad1c47	Add lost files from the rename	2022-10-14 14:19:32 -04:00
Thomas Stromberg	d2bdffe89e	Add support for interval tags	2022-10-14 14:19:13 -04:00
Thomas Stromberg	06fd003475	Use single-quotes for Kolide compatibility	2022-10-14 10:29:23 -04:00
Thomas Stromberg	d1f1d20192	Fix trailing apostrophe	2022-10-14 10:26:25 -04:00
Thomas Stromberg	8a198b259a	Makefile: Use --verify when packing	2022-10-14 10:25:08 -04:00
Thomas Stromberg	432a727f41	Add Slack Technologies signature	2022-10-14 10:22:50 -04:00
Thomas Stromberg	fd9e8106f9	Give unexpected-modules a better name	2022-10-14 10:18:23 -04:00
Thomas Stromberg	b9a64e8b99	Janitorial maintenance	2022-10-14 10:18:01 -04:00
Thomas Stromberg	488d1aac96	Show process euid instead of uid.	2022-10-14 09:36:28 -04:00
Thomas Stromberg	b2f0c1ca54	Add kernel modules seen on Fedora	2022-10-14 09:30:44 -04:00
Thomas Stromberg	3c6d4968e1	Add two Docker checks that can catch Traitor	2022-10-14 09:16:48 -04:00
Thomas Stromberg	dc9493ee1e	Tighten down the field list, update metadata	2022-10-14 09:16:24 -04:00
Thomas Stromberg	4a7f734c81	Add metadata, mark as Linux only.	2022-10-14 08:42:10 -04:00
Thomas Stromberg	b92b87c4dd	Remove errant file	2022-10-13 18:35:02 -04:00
Thomas Stromberg	10a7091e62	Decrease exotic-events complexity by splitting & simplifying	2022-10-13 18:31:59 -04:00

1 2 3 4

187 Commits