osquery-defense-kit

mirror of https://github.com/chainguard-dev/osquery-defense-kit synced 2025-01-10 07:39:26 +00:00

Author	SHA1	Message	Date
Thomas Stromberg	75a858b4ee	Optimize queries for lower false positives	2022-10-07 16:19:18 -04:00
Thomas Stromberg	1f82dce89c	Remove more false positives, add more detail to sensitive file access	2022-10-05 16:15:40 -04:00
Thomas Stromberg	c5759262f8	Small false positive update	2022-10-04 09:37:18 -04:00
Thomas Stromberg	a5820efa5c	False positive purge, including Ventura additions	2022-10-03 16:27:56 -04:00
Thomas Stromberg	0520bedb79	Make syncthing port range broader, fix gcloud port number typo	2022-09-30 17:45:45 -04:00
Thomas Stromberg	0875483512	More false removal	2022-09-30 15:42:10 -04:00
Thomas Stromberg	eda6203f34	Improve logic for reducing nix-based false positives	2022-09-30 14:22:01 -04:00
Thomas Stromberg	5cf9ce6859	Update exceptions for vim, tox, and nix	2022-09-30 14:12:45 -04:00
Thomas Stromberg	1f177246b1	More false positive removal	2022-09-30 13:47:10 -04:00
Thomas Stromberg	9689a5c7e2	New exfil detector, exception improvements	2022-09-30 12:10:18 -04:00
Thomas Stromberg	007332ead4	More false positives removal	2022-09-29 16:19:30 -04:00
Thomas Stromberg	c5dc2464aa	Overdue false positive removal	2022-09-29 15:42:27 -04:00
Thomas Stromberg	5b7858e3cf	More false-positive removal	2022-09-27 11:54:17 -04:00
Thomas Stromberg	318d26602f	Remove numerous false positives	2022-09-26 18:27:43 -04:00
Thomas Stromberg	26e1070bc6	Update exceptions for syncthing, geoclue, packagekitd, yum, aws, depmod, pingsender	2022-09-26 18:15:08 -04:00
Thomas Stromberg	b1c21d4497	Add vegeta, Slack, nix, etc. etc.	2022-09-26 18:04:20 -04:00
Thomas Stromberg	629cc9934a	Weekend false-positive removal	2022-09-26 14:25:32 -04:00
Thomas Stromberg	8b622cc77e	Format everything with 'npx sql-formatter -l sqlite'	2022-09-24 11:12:23 -04:00
Thomas Stromberg	7a1a4972d7	Weekend false-positive removal	2022-09-24 11:07:34 -04:00
Thomas Stromberg	45fa951863	Friday night whitelisting party	2022-09-23 18:07:05 -04:00
Thomas Stromberg	2bea92e57e	Remove more false positives	2022-09-23 16:37:51 -04:00
Thomas Stromberg	a91c9720f3	More false-positive removal	2022-09-23 13:03:11 -04:00
Thomas Stromberg	08554e752b	More false-positive removal	2022-09-23 10:35:45 -04:00
Thomas Stromberg	fa13acb040	Tune false positives and fields	2022-09-23 09:33:44 -04:00
Thomas Stromberg	092bdfe5a3	More post-release fixes, update quoting	2022-09-23 06:54:40 -04:00
Thomas Stromberg	310b528320	Minor output tuning	2022-09-22 19:50:49 -04:00
Thomas Stromberg	481581c616	Launch day final cleanup	2022-09-22 19:35:24 -04:00
Thomas Stromberg	77ba879daa	Launch day fixes	2022-09-22 13:18:16 -04:00
Thomas Stromberg	b1e2a6251d	Add an events-based DNS traffic alert	2022-09-22 05:28:36 -04:00
Thomas Stromberg	37eca56cb5	More whitelisting	2022-09-22 05:18:03 -04:00
Thomas Stromberg	3dfda437ab	More tuning, quiet deaths	2022-09-21 13:34:10 -04:00
Thomas Stromberg	0c54748749	Add detector for mysterious DNS traffic	2022-09-21 13:30:44 -04:00
Thomas Stromberg	d4ea7d411e	Fix many broken queries	2022-09-21 10:30:17 -04:00
Thomas Stromberg	bd5b37b646	More tuning, more queries	2022-09-21 07:42:51 -04:00
Thomas Stromberg	e9c7c97858	Every day I'm tuning it	2022-09-20 21:56:01 -04:00
Thomas Stromberg	1965aaaab4	More Linux/macOS splits to get signature support	2022-09-20 17:46:47 -04:00
Thomas Stromberg	0ff3b09f18	Rewrite unexpected-listening-port, split Linux/macOS	2022-09-20 08:47:52 -04:00
Thomas Stromberg	2ed9d394d5	Rewrite sketchy events, remove some false positives	2022-09-20 08:16:06 -04:00
Thomas Stromberg	f5696431c7	More filtering	2022-09-16 11:22:50 -04:00
Thomas Stromberg	0371505d75	More tuning	2022-09-15 15:34:59 -04:00
Thomas Stromberg	8ff5e914eb	More tuning	2022-09-15 09:34:45 -04:00
Thomas Stromberg	d0569425b7	More tuning	2022-09-14 10:51:56 -04:00
Thomas Stromberg	f54f2ee527	More false-positive removal	2022-09-14 07:54:39 -04:00
Thomas Stromberg	a512597ace	Lots of treats for the boys and girls	2022-09-13 20:46:04 -04:00
Thomas Stromberg	868f1ff13b	Monday morning tuning	2022-09-12 11:17:51 -04:00
Thomas Stromberg	6df0447760	More tuning, more scripts	2022-09-11 15:07:54 -04:00
Thomas Stromberg	7e210049bf	First weekend tuning	2022-09-10 07:24:17 -04:00
Thomas Stromberg	c6797e3496	Reorganize paths, tune queries a bit	2022-09-09 12:51:52 -04:00
Thomas Stromberg	d7a549759b	More tuning	2022-09-08 20:50:15 -04:00
Thomas Stromberg	5eab5c51a8	Just about done	2022-09-08 17:58:56 -04:00

50 Commits