RepoMirrors/osquery-defense-kit
1
0
Fork 0
mirror of https://github.com/chainguard-dev/osquery-defense-kit synced 2025-02-17 09:57:10 +00:00
Code Issues Packages Projects Releases Wiki Activity
1,223 Commits 1 Branch 31 Tags 6.9 MiB
f99e6bdc1e
Commit Graph

21 Commits

Author SHA1 Message Date
Thomas Stromberg
f72e6424c0 Run reformat 2024-02-16 17:21:00 -05:00
Thomas Stromberg
a0624c0870
Add Elastic exceptions for osqueryd/packetbeat 2024-02-05 10:49:52 -05:00
Thomas Stromberg
5d31e8da5f
fpr: psi, arduino, bitdefender, keybase, cody, etc 2024-01-22 10:36:01 -05:00
Thomas Stromberg
111c15e20b fpr: macOS, yubikey, Premiere, dnf, vagrant, etc 2023-05-23 11:31:37 -04:00
Thomas Stromberg
c6eec0ee17 Query tuning after Geacon testing 2023-05-17 10:54:16 -04:00
Thomas Stromberg
8d4531198f
fpr: My ORA, Ecamm, setroubleshootd, etc 2023-02-14 19:46:36 -05:00
Thomas Stromberg
d51bd731a1
fpr: Parallels, nerdctl, Xorg, nvidia, Stream, etc 2023-01-26 20:40:47 -05:00
Thomas Stromberg
e6824d87e9
Run 'make reformat' 2023-01-20 09:24:24 -05:00
Thomas Stromberg
7b79b19090
False positive reduction: Messenger, Chrome, Final Cut Pro, etc 2023-01-18 09:49:56 -05:00
Thomas Stromberg
e3401a07c6
Weekend false-positive flush 2023-01-14 08:19:26 -05:00
Thomas Stromberg
46024618f5
Fix regular expressions, include more commands 2023-01-13 13:50:37 -05:00
Thomas Stromberg
9843def319
Fix more false positives, particularly in shell/fetcher parents 2023-01-06 10:18:19 -05:00
Thomas Stromberg
44ca59c9d6
sketchy fetchers: Remove trailing commas 2022-12-20 08:03:14 -05:00
Thomas Stromberg
40c20825e6
sketchy fetcher: Add grandparents and TLD detector 2022-12-20 07:53:29 -05:00
Thomas Stromberg
e7e714c9db
Make another stab at reducing false positives across the map 2022-11-03 11:51:54 -04:00
Thomas Stromberg
a00af6c1fa
Merge another day worth of false positives 2022-10-27 10:23:15 -04:00
Thomas Stromberg
7de03e7fbc
Reduce false positives 2022-10-20 08:04:24 -04:00
Thomas Stromberg
535d835290
Simplify exotic commands queries, remove more false positives 2022-10-18 11:32:18 -04:00
Thomas Stromberg
d2bdffe89e
Add support for interval tags 2022-10-14 14:19:13 -04:00
Thomas Stromberg
20452b128b
Migrate query strings from double to single apostrophes 2022-10-13 14:59:32 -04:00
Thomas Stromberg
26ee658c4a
Initial re-organization around the MITRE ATT&CK framework 2022-10-11 21:53:36 -04:00