osquery-defense-kit

mirror of https://github.com/chainguard-dev/osquery-defense-kit synced 2025-01-09 23:29:39 +00:00

Author	SHA1	Message	Date
Thomas Stromberg	f13a61c5ad	Add query to find hidden LaunchAgent/LaunchDaemon files	2022-10-10 10:42:06 -04:00
Thomas Stromberg	4c8eec7342	Fix broken queries	2022-10-10 08:01:30 -04:00
Thomas Stromberg	75a858b4ee	Optimize queries for lower false positives	2022-10-07 16:19:18 -04:00
Thomas Stromberg	24abbda57e	More clarity	2022-10-07 12:46:55 -04:00
Thomas Stromberg	1f82dce89c	Remove more false positives, add more detail to sensitive file access	2022-10-05 16:15:40 -04:00
Thomas Stromberg	4ad082f27a	Catch osascript events	2022-10-05 08:41:34 -04:00
Thomas Stromberg	4c2767a0d7	Include /home and /Users	2022-10-05 08:36:35 -04:00
Thomas Stromberg	cffc8cb355	Detect touched executables	2022-10-04 09:37:40 -04:00
Thomas Stromberg	c5759262f8	Small false positive update	2022-10-04 09:37:18 -04:00
Thomas Stromberg	4b61c3bddd	Rewrite query to filter out recently upgraded software	2022-10-03 16:46:37 -04:00
Thomas Stromberg	a5820efa5c	False positive purge, including Ventura additions	2022-10-03 16:27:56 -04:00
Thomas Stromberg	1e206f20c3	New query: executables from the future!	2022-10-03 15:45:08 -04:00
Thomas Stromberg	7e2a2f0be2	Add *vim -> vi exception	2022-09-30 17:55:46 -04:00
Thomas Stromberg	7524d8189c	Add /opt/usr/bin, as used by NodeJS	2022-09-30 17:54:13 -04:00
Thomas Stromberg	ff33ab763c	Add NixOS builder exception	2022-09-30 17:53:38 -04:00
Thomas Stromberg	97028002d3	Add more NixOS services	2022-09-30 17:53:25 -04:00
Thomas Stromberg	e82125c3d3	Add NixOS systemd	2022-09-30 17:52:42 -04:00
Thomas Stromberg	822865a0cf	Add nix to exception list	2022-09-30 17:46:25 -04:00
Thomas Stromberg	0520bedb79	Make syncthing port range broader, fix gcloud port number typo	2022-09-30 17:45:45 -04:00
Thomas Stromberg	0875483512	More false removal	2022-09-30 15:42:10 -04:00
Thomas Stromberg	eda6203f34	Improve logic for reducing nix-based false positives	2022-09-30 14:22:01 -04:00
Thomas Stromberg	a19da8f0b8	Add NixOS NetworkManager-dispatcher, sort exceptions	2022-09-30 14:21:40 -04:00
Thomas Stromberg	5cf9ce6859	Update exceptions for vim, tox, and nix	2022-09-30 14:12:45 -04:00
Thomas Stromberg	6bd61b34fd	Fix constraint failure	2022-09-30 14:12:24 -04:00
Thomas Stromberg	1f177246b1	More false positive removal	2022-09-30 13:47:10 -04:00
Thomas Stromberg	9689a5c7e2	New exfil detector, exception improvements	2022-09-30 12:10:18 -04:00
Thomas Stromberg	bb496d8916	Add kworker->modprobe exception	2022-09-30 11:14:20 -04:00
Thomas Stromberg	0c2b98addd	Add wrapper -> cache exception	2022-09-30 11:10:06 -04:00
Thomas Stromberg	007332ead4	More false positives removal	2022-09-29 16:19:30 -04:00
Thomas Stromberg	bda98d88b6	Add experimental queries for daemon detection	2022-09-29 16:04:07 -04:00
Thomas Stromberg	c5dc2464aa	Overdue false positive removal	2022-09-29 15:42:27 -04:00
Thomas Stromberg	89cbf9dacf	Detect unexpected uid0 programs on Linux	2022-09-29 15:42:06 -04:00
Thomas Stromberg	578657051c	Reduce false positive events, rename	2022-09-29 12:40:44 -04:00
Thomas Stromberg	2adfcec1ae	Add teams exception	2022-09-29 12:36:26 -04:00
Thomas Stromberg	3713701e76	Add exception for Logitech auto-updating software	2022-09-29 12:33:23 -04:00
Thomas Stromberg	962b012e2c	Be more leniant with lack-of-info filter	2022-09-29 12:29:55 -04:00
Thomas Stromberg	21aa79b2e0	More false positive reduction, widen Go scope	2022-09-29 12:27:52 -04:00
Thomas Stromberg	7611f921e9	Add experimental sensitive file access detector	2022-09-29 11:38:32 -04:00
Thomas Stromberg	49f2d5a579	Add detectors for unexpected executables in strange places	2022-09-29 11:38:14 -04:00
Thomas Stromberg	5b7858e3cf	More false-positive removal	2022-09-27 11:54:17 -04:00
Thomas Stromberg	318d26602f	Remove numerous false positives	2022-09-26 18:27:43 -04:00
Thomas Stromberg	26e1070bc6	Update exceptions for syncthing, geoclue, packagekitd, yum, aws, depmod, pingsender	2022-09-26 18:15:08 -04:00
Thomas Stromberg	b50f06bdfe	Add exceptions for xcode-select, yum, nix-daemon	2022-09-26 18:13:48 -04:00
Thomas Stromberg	997c441b79	Add chainctl exception	2022-09-26 18:12:27 -04:00
Thomas Stromberg	909f907096	Add exceptions for firefox and gjs-console	2022-09-26 18:11:36 -04:00
Thomas Stromberg	796c2af84c	Add exceptions for gnome, python, pipewire	2022-09-26 18:09:00 -04:00
Thomas Stromberg	4ca5233fe8	Add new exceptions	2022-09-26 18:08:21 -04:00
Thomas Stromberg	dfa5ed39e1	Add exceptions for repos/ and homebrew	2022-09-26 18:06:13 -04:00
Thomas Stromberg	b1dd6b7cad	Add exception for /private/tmp go-build	2022-09-26 18:05:23 -04:00
Thomas Stromberg	b1c21d4497	Add vegeta, Slack, nix, etc. etc.	2022-09-26 18:04:20 -04:00

1 2 3

120 Commits