osquery-defense-kit

mirror of https://github.com/chainguard-dev/osquery-defense-kit synced 2025-02-18 02:17:01 +00:00

Author	SHA1	Message	Date
Thomas Strömberg	eecc2a3ed0	Merge pull request #368 from tstromberg/fpr-jun25 Massive false-positive reduction, particularly for uBlue	2024-06-27 09:24:44 -04:00
Thomas Stromberg	00fa80a0d9	Massive false-positive reduction, particularly for uBlue	2024-06-27 09:23:52 -04:00
Thomas Strömberg	0ddcb75ce0	Merge pull request #367 from tstromberg/fpr-jun25 fpr: Universal Blue and a little bit of everything else	2024-06-25 20:49:33 -04:00
Thomas Stromberg	18e05c5a4c	fpr: June 25	2024-06-25 20:48:09 -04:00
Thomas Strömberg	4601b6c2fa	Merge pull request #366 from tstromberg/fpr-may22 fpr: Fedora Silverblue, MHLinkServer, Elastic, ptyxis, Zed	2024-05-23 21:25:22 -04:00
Thomas Stromberg	4aeff07118	More SilverBlue/Elastic allows	2024-05-23 21:22:59 -04:00
Thomas Stromberg	ab2535717f	fpr: Fedora Silverblue, MHLinkServer, new terminals	2024-05-23 17:26:33 -04:00
Thomas Strömberg	a0c49efb3f	Merge pull request #365 from tstromberg/fpr-apr25 mark command-events & execdir-events as 'extra' due to high CPU usage	2024-04-29 09:33:44 -04:00
Thomas Stromberg	03ea3bcff2	mark command-events & execdir-events as 'extra' due to high CPU usage	2024-04-29 09:33:06 -04:00
Thomas Strömberg	6dd798c4a0	Merge pull request #364 from tstromberg/fpr-apr25 fpr: MHLink, k3d, BlueFin, query tuning	2024-04-26 16:14:37 -04:00
Thomas Stromberg	5dd614f54c	fpr: MHLink, k3d, BlueFin, query tuning	2024-04-26 16:14:02 -04:00
Thomas Strömberg	2f790f0408	Merge pull request #363 from tstromberg/springbreak FPR: Docker, Yubikey, Aerospace, WhatsApp, nuclei, etc.	2024-03-29 10:13:55 -04:00
Thomas Stromberg	5ef3c88213	Overdue False Positive Reduction	2024-03-29 10:12:36 -04:00
Thomas Stromberg	b61869c062	Merge branch 'main' into springbreak	2024-03-29 08:07:15 -04:00
Thomas Stromberg	0e5c8ec11e	Allows for Docker, Yubico, /dev/zero	2024-03-29 08:07:01 -04:00
Thomas Strömberg	dd6b2e43fb	Merge pull request #360 from jedsalazar/pr/jed/harden-runner-osq-dk Add Harden Runner audit configs	2024-03-15 19:10:28 -04:00
Thomas Strömberg	a673c28222	Merge pull request #362 from tstromberg/kandji Performance tuning, mark some Linux queries as 'extra'	2024-03-15 19:07:10 -04:00
Thomas Stromberg	3447f95d9e	Performance tuning, mark some Linux queries as 'extra'	2024-03-15 19:06:16 -04:00
Thomas Strömberg	6eb5b9ebdb	Merge pull request #361 from tstromberg/kandji Allow Kandji to do weird things with expect	2024-03-15 15:35:44 -04:00
Thomas Stromberg	9342485881	Allow Kandji to do weird things with expect	2024-03-15 15:30:40 -04:00
Jed Salazar	abacf79511	Add Harden Runner audit configs Signed-off-by: Jed Salazar <jedsalazar@gmail.com>	2024-03-12 11:51:40 -06:00
Thomas Strömberg	7c5599c07d	Merge pull request #359 from tstromberg/fpr-mar7 fpr: snapd, cups, ubuntu, etc	2024-03-07 16:34:34 -05:00
Thomas Stromberg	d3352610f4	fpr: snapd, cups, ubuntu, etc	2024-03-07 16:33:01 -05:00
Thomas Strömberg	72f1828475	Merge pull request #358 from tstromberg/fpr-feb26 fpr: Docker Desktop, code-oss, incus, geoclue, etc	2024-02-26 17:29:47 -05:00
Thomas Stromberg	2bdc79bc2b	fix typo	2024-02-26 17:29:23 -05:00
Thomas Stromberg	342d813bf8	fpr: Docker Desktop, code-oss, incus, etc	2024-02-26 17:26:56 -05:00
Thomas Strömberg	51ecee8d9b	Merge pull request #357 from tstromberg/feb16-fpr fpr: Incus, Firefox, mbim, networkd, incus	2024-02-23 16:27:35 -05:00
Thomas Stromberg	a266879668	Merge branch 'main' into feb16-fpr	2024-02-23 16:25:24 -05:00
Thomas Stromberg	5507ae1458	fpr: Firefox, Rapid7, Incus	2024-02-23 16:25:18 -05:00
Thomas Strömberg	d1f6aede22	Merge pull request #356 from tstromberg/ktaint Ignore taint code 4096 (out-of-tree driver)	2024-02-23 15:10:23 -05:00
Thomas Stromberg	af07ef9888	Ignore taint code 4096 (out-of-tree driver)	2024-02-22 11:48:53 -05:00
Thomas Strömberg	6b5d744505	Merge pull request #355 from tstromberg/feb16-fpr fpr: Elastic, IR, Velociraptor, BitDefender, incus, Adguard	2024-02-16 17:24:41 -05:00
Thomas Stromberg	f22d27b1a6	fix Chrome merge conflict	2024-02-16 17:23:23 -05:00
Thomas Stromberg	f72e6424c0	Run reformat	2024-02-16 17:21:00 -05:00
Thomas Stromberg	b1e05d6612	merge conflict	2024-02-16 17:17:45 -05:00
Thomas Stromberg	f87a8e8197	fpr: Elastic, IR, Velociraptor, BitDefender, incus, Adguard	2024-02-16 17:14:11 -05:00
Thomas Strömberg	0d5467e72d	Merge pull request #354 from tstromberg/fpr-feb5 fpr: Elastic Defend, gcloud, Warp, etc	2024-02-05 10:51:26 -05:00
Thomas Stromberg	a0624c0870	Add Elastic exceptions for osqueryd/packetbeat	2024-02-05 10:49:52 -05:00
Thomas Stromberg	12a55753b5	fpr: Elastic Defend, gcloud, Warp, etc	2024-02-05 10:45:17 -05:00
Thomas Strömberg	9b66ef1d29	Merge pull request #353 from tstromberg/spctl Add TTP details from https://www.sentinelone.com/blog/backdoor-activa…	2024-02-05 09:20:19 -05:00
Thomas Stromberg	25c579aa1d	Add TTP details from https://www.sentinelone.com/blog/backdoor-activator-malware-running-rife-through-torrents-of-macos-apps/	2024-02-01 13:04:07 -05:00
Thomas Strömberg	23a0e572df	Merge pull request #352 from tstromberg/fpr-jan22 massive fpr: Rapid7, Elastic, everything	2024-01-26 14:25:08 -05:00
Thomas Stromberg	8693fb6d4f	Add more rapid7 excludes	2024-01-26 14:24:11 -05:00
Thomas Stromberg	517b5719c6	address merge conflict	2024-01-26 14:15:53 -05:00
Thomas Stromberg	e42ea9a4bc	massive fpr: Rapid7, Elastic, everything	2024-01-26 14:07:37 -05:00
Thomas Strömberg	0d94ed9f6a	Merge pull request #351 from tstromberg/fpr-jan22 Fpr jan22	2024-01-22 10:42:54 -05:00
Thomas Strömberg	2da9171f43	Merge pull request #350 from jedsalazar/pr/jed/pin-action-digests-osquery-defense-kit pin to shas and upgrade actions workflows and osquery client	2024-01-22 10:42:18 -05:00
Thomas Stromberg	594bc78833	Add firefox DNS resolution	2024-01-22 10:41:35 -05:00
Thomas Stromberg	4cb050f4cc	Add elastic endpoint	2024-01-22 10:40:23 -05:00
Thomas Stromberg	5d31e8da5f	fpr: psi, arduino, bitdefender, keybase, cody, etc	2024-01-22 10:36:01 -05:00

1 2 3 4 5 ...

1147 Commits