Thomas Stromberg
|
c60c8ccf39
|
mark https-linux extra, minor query tuning
|
2024-10-11 09:55:04 -04:00 |
Thomas Stromberg
|
9a1a4b049e
|
fpr: prosoft, ujust, kandji-library-manager, etc
|
2024-09-26 12:40:04 -04:00 |
Thomas Stromberg
|
8d583131ca
|
fpr: cups, zed, pycharm, msedge, surfshark, ubiquiti
|
2024-09-24 15:10:21 -04:00 |
Thomas Stromberg
|
4d0a9fd533
|
fpr: sequoia, osquery, cups, atops, transmission, etc
|
2024-09-23 11:07:53 -04:00 |
Thomas Stromberg
|
4b10d10520
|
False-positives be damned
|
2024-08-27 18:40:43 -04:00 |
Thomas Stromberg
|
6c292f11af
|
fpr: kas, bitnami, redis, bincapz, kolide, docker, whatsapp
|
2024-07-12 16:55:49 -04:00 |
Thomas Stromberg
|
4df51743d0
|
fpr: lima, rpm-ostree, gitsign, kde, python, etc
|
2024-07-01 21:56:28 -04:00 |
Thomas Stromberg
|
6fe74680a0
|
fpr: June 28 - final rule tuning
|
2024-06-28 10:08:04 -04:00 |
Thomas Stromberg
|
18e05c5a4c
|
fpr: June 25
|
2024-06-25 20:48:09 -04:00 |
Thomas Stromberg
|
5dd614f54c
|
fpr: MHLink, k3d, BlueFin, query tuning
|
2024-04-26 16:14:02 -04:00 |
Thomas Stromberg
|
5ef3c88213
|
Overdue False Positive Reduction
|
2024-03-29 10:12:36 -04:00 |
Thomas Stromberg
|
d3352610f4
|
fpr: snapd, cups, ubuntu, etc
|
2024-03-07 16:33:01 -05:00 |
Thomas Stromberg
|
342d813bf8
|
fpr: Docker Desktop, code-oss, incus, etc
|
2024-02-26 17:26:56 -05:00 |
Thomas Stromberg
|
b1e05d6612
|
merge conflict
|
2024-02-16 17:17:45 -05:00 |
Thomas Stromberg
|
f87a8e8197
|
fpr: Elastic, IR, Velociraptor, BitDefender, incus, Adguard
|
2024-02-16 17:14:11 -05:00 |
Thomas Stromberg
|
12a55753b5
|
fpr: Elastic Defend, gcloud, Warp, etc
|
2024-02-05 10:45:17 -05:00 |
Thomas Stromberg
|
e42ea9a4bc
|
massive fpr: Rapid7, Elastic, everything
|
2024-01-26 14:07:37 -05:00 |
Thomas Stromberg
|
5d31e8da5f
|
fpr: psi, arduino, bitdefender, keybase, cody, etc
|
2024-01-22 10:36:01 -05:00 |
Thomas Stromberg
|
ceec1718f9
|
fpr: snap, mutedeck, idea, Chrome exts
|
2024-01-18 17:15:37 -05:00 |
Thomas Stromberg
|
fa4e0d0510
|
recently downloaded go-crypt: Fix YARA error
|
2024-01-09 17:22:33 -05:00 |
Thomas Stromberg
|
229a32a61e
|
fpr: sourcegraph,phantombuster,iterm,cody,stickers
|
2024-01-09 16:14:00 -05:00 |
Thomas Stromberg
|
875125fc94
|
Add exceptions for Elastic Defend & Rapid7 InsightIDR
|
2024-01-08 19:07:57 -05:00 |
Thomas Stromberg
|
1304d66783
|
Add more Elastic exceptions
|
2024-01-08 17:55:30 -05:00 |
Thomas Stromberg
|
336a1fca4a
|
Add exceptions for Elastic Defend
|
2024-01-08 17:18:25 -05:00 |
Thomas Stromberg
|
8b9894ec74
|
filter out CSV from yara
|
2023-12-15 17:12:50 -05:00 |
Thomas Stromberg
|
800e4aa2cc
|
fpr: kind of everything
|
2023-12-15 17:10:06 -05:00 |
Thomas Stromberg
|
310e51d2a2
|
fpr: Capture One, Grammarly, Mullvad, etc
|
2023-12-08 17:12:27 -05:00 |
Thomas Stromberg
|
5802021124
|
Optimize YARA process queries by deduping paths
|
2023-11-02 09:53:26 -04:00 |
Thomas Stromberg
|
6e1e7f29c2
|
fpr: dbeaver, AwesomeScreenshot, Hyper, etc
|
2023-11-02 09:39:41 -04:00 |
Thomas Stromberg
|
0060bb087e
|
fpr: aws, java, arch, cody, google, wireshark, etc
|
2023-10-31 11:40:10 -04:00 |
Thomas Stromberg
|
7d9aced380
|
fpr: mtr, vscode, cpptools, cron, firefox
|
2023-10-25 09:18:04 -04:00 |
Thomas Stromberg
|
9e6df92e3f
|
fpr: osquery release spam
|
2023-10-24 18:32:03 -04:00 |
Thomas Stromberg
|
3c2be1c16e
|
fpr: Kolide, qemu, bash, monday, macOS
|
2023-10-24 18:01:36 -04:00 |
Thomas Stromberg
|
5f2680ca8b
|
fpr: Monday, Splunk, Gnome, Git, Grammarly, etc
|
2023-10-02 11:35:11 -04:00 |
Thomas Stromberg
|
f73263bece
|
fpr: docker, fish, Stream Deck, rsync, lima, macOS
|
2023-09-26 15:14:38 -04:00 |
Thomas Stromberg
|
a7f0b3001d
|
Reduce false positives on Ubuntu + Lima
|
2023-09-26 13:09:22 -04:00 |
Thomas Stromberg
|
2bbc2f6c97
|
split detection pack into subpacks
|
2023-09-20 17:43:39 -04:00 |
Thomas Stromberg
|
b39fca4e9f
|
fpr: RSA keys, tcpdump, login, crane, souregraph, etc
|
2023-09-20 09:30:46 -04:00 |
Thomas Stromberg
|
f16c3cdf53
|
fpr: sourcegraph, nginx, factorio, fan control, emacs, nushell
|
2023-09-14 17:13:12 -04:00 |
Thomas Stromberg
|
84125c4bb1
|
Remove recently common false positives
|
2023-09-01 17:09:47 -04:00 |
Thomas Stromberg
|
ce2f0f06cb
|
fpr; Keybase, grype, UpdateBrainService, OpenOffice, sqlproxy
|
2023-07-20 10:56:49 -04:00 |
Thomas Stromberg
|
a0e4183bf4
|
fpr: Velociraptor, nessus, kandji, java, SteelSeries, etc
|
2023-07-12 17:38:26 -04:00 |
Thomas Stromberg
|
cebf617c82
|
fpr: terragrunt, mdnsResponder, Spotify, Zoom, etc
|
2023-06-14 10:58:41 -04:00 |
Thomas Stromberg
|
32328c91f1
|
fpr: Slack, Gnome, Sigstore, Logitune, etc
|
2023-06-12 10:10:57 -04:00 |
Thomas Stromberg
|
9575d18bc2
|
fpr: FleetDM, Edge, VSCode, dnf, Steam, etc
|
2023-06-01 11:52:20 -04:00 |
Thomas Stromberg
|
26b2b9a4c7
|
fpr: LGHUB, aomshm, Wisdolia, uubyte, eclipse, etc
|
2023-05-11 11:29:55 -04:00 |
Thomas Stromberg
|
41d83350a1
|
make reformat
|
2023-05-08 13:20:47 -04:00 |
Thomas Stromberg
|
778d53b169
|
Address merge conflicts
|
2023-05-08 13:11:24 -04:00 |
Thomas Stromberg
|
4856a0e80a
|
fpr: LogiTune, sharingd, gnome, sparkle, plex
|
2023-05-08 13:07:57 -04:00 |
Thomas Stromberg
|
0202e87b73
|
fpr: libopenblas, snapd, k3d, opera, nix, ssh, cargo, adobe installer
|
2023-05-03 16:28:00 -04:00 |