RepoMirrors/osquery-defense-kit
1
0
Fork 0
mirror of https://github.com/chainguard-dev/osquery-defense-kit synced 2025-02-09 14:06:53 +00:00
Code Issues Packages Projects Releases Wiki Activity
259 Commits 1 Branch 31 Tags 6.8 MiB
eedfdfb23d
Commit Graph

31 Commits

Author SHA1 Message Date
Thomas Strömberg
c86073ecaf
Merge pull request #24 from chainguard-dev/fp3 
False-positive removal: grype, gedit, mov, abrt-action, dnf
 2022-10-21 14:13:50 -04:00
Thomas Stromberg
fdb891ba0b
False-positive removal: grype, gedit, mov, abrt-action, dnf 2022-10-21 14:13:29 -04:00
Thomas Stromberg
356db76a44
Filter out sh -i if launched by sh, ukh if launchedb by lima, Socket. if launched by compile 2022-10-21 14:11:45 -04:00
Thomas Stromberg
ed6f37e11b
Record children, add known hosts exception for limactl 2022-10-21 11:45:25 -04:00
Thomas Strömberg
dfe9f64953
Merge pull request #18 from chainguard-dev/reformat2 
Reduce query intervals for some higher overhead queries
 2022-10-20 14:56:38 -04:00
Thomas Stromberg
7d568898c1
Reduce query intervals for some higher overhead queries 2022-10-20 14:56:16 -04:00
Thomas Stromberg
1020cd6991
exotic commands (state-based): Add UserKnownHostsFile from event based, fix phash join 2022-10-20 14:31:36 -04:00
Thomas Stromberg
d55d1db202
Add /usr/local/bin 2022-10-20 14:11:35 -04:00
Thomas Stromberg
7de03e7fbc
Reduce false positives 2022-10-20 08:04:24 -04:00
Thomas Stromberg
cee1710f74
Finish out the incident_response refactor 2022-10-19 16:19:53 -04:00
Thomas Stromberg
1bbd284a3c
Work through another series of false positives 2022-10-19 15:26:03 -04:00
Thomas Stromberg
7483c845f4
Split the recently-created-executables between macOS/Linux 2022-10-18 14:42:26 -04:00
Thomas Stromberg
8679ca943d
More false positive management 2022-10-18 14:26:47 -04:00
Thomas Stromberg
535d835290
Simplify exotic commands queries, remove more false positives 2022-10-18 11:32:18 -04:00
Thomas Stromberg
5839a20fb3
Detect more 2022-10-18 10:08:34 -04:00
Thomas Stromberg
346309f3d2
Add missing apostrophe 2022-10-17 21:08:29 -04:00
Thomas Stromberg
9bf85e3137
Flush out more false positives 2022-10-17 20:37:44 -04:00
Thomas Stromberg
2b5ea76729
Apply 'npx sql-formatter -l sqlite' 2022-10-17 19:06:17 -04:00
Thomas Stromberg
984f754990
Add more false positive filters 2022-10-17 19:01:16 -04:00
Thomas Stromberg
58dec12a49
Remove some false positives 2022-10-17 17:31:47 -04:00
Thomas Stromberg
9c233f5248
Decrease poll time to 60 seconds 2022-10-17 17:31:32 -04:00
Thomas Stromberg
5c7ec52350
Lower polling time to once a minute 2022-10-17 17:30:41 -04:00
Thomas Stromberg
b72e052c09
Split env-values is case it helps decrease CPU time 2022-10-17 17:10:51 -04:00
Thomas Stromberg
9616a6ab36
Use 'rapid' instead of 'continous' for tagging 2022-10-17 08:43:29 -04:00
Thomas Stromberg
27a3013bba
Split up the unexpected-filesystem-entries by platform 2022-10-14 15:14:24 -04:00
Thomas Stromberg
ab0fad1c47
Add lost files from the rename 2022-10-14 14:19:32 -04:00
Thomas Stromberg
d2bdffe89e
Add support for interval tags 2022-10-14 14:19:13 -04:00
Thomas Stromberg
10a7091e62
Decrease exotic-events complexity by splitting & simplifying 2022-10-13 18:31:59 -04:00
Thomas Stromberg
c6a00b4714
Add markupsafe exception 2022-10-13 18:16:12 -04:00
Thomas Stromberg
20452b128b
Migrate query strings from double to single apostrophes 2022-10-13 14:59:32 -04:00
Thomas Stromberg
26ee658c4a
Initial re-organization around the MITRE ATT&CK framework 2022-10-11 21:53:36 -04:00