Commit Graph

88 Commits

Author SHA1 Message Date
Thomas Stromberg c60c8ccf39
mark https-linux extra, minor query tuning 2024-10-11 09:55:04 -04:00
Thomas Stromberg 9a1a4b049e
fpr: prosoft, ujust, kandji-library-manager, etc 2024-09-26 12:40:04 -04:00
Thomas Stromberg 8d583131ca
fpr: cups, zed, pycharm, msedge, surfshark, ubiquiti 2024-09-24 15:10:21 -04:00
Thomas Stromberg 4d0a9fd533
fpr: sequoia, osquery, cups, atops, transmission, etc 2024-09-23 11:07:53 -04:00
Thomas Stromberg 4b10d10520
False-positives be damned 2024-08-27 18:40:43 -04:00
Thomas Stromberg 6c292f11af
fpr: kas, bitnami, redis, bincapz, kolide, docker, whatsapp 2024-07-12 16:55:49 -04:00
Thomas Stromberg 4df51743d0
fpr: lima, rpm-ostree, gitsign, kde, python, etc 2024-07-01 21:56:28 -04:00
Thomas Stromberg 6fe74680a0
fpr: June 28 - final rule tuning 2024-06-28 10:08:04 -04:00
Thomas Stromberg 18e05c5a4c
fpr: June 25 2024-06-25 20:48:09 -04:00
Thomas Stromberg 5dd614f54c
fpr: MHLink, k3d, BlueFin, query tuning 2024-04-26 16:14:02 -04:00
Thomas Stromberg 5ef3c88213
Overdue False Positive Reduction 2024-03-29 10:12:36 -04:00
Thomas Stromberg d3352610f4 fpr: snapd, cups, ubuntu, etc 2024-03-07 16:33:01 -05:00
Thomas Stromberg 342d813bf8 fpr: Docker Desktop, code-oss, incus, etc 2024-02-26 17:26:56 -05:00
Thomas Stromberg b1e05d6612 merge conflict 2024-02-16 17:17:45 -05:00
Thomas Stromberg f87a8e8197 fpr: Elastic, IR, Velociraptor, BitDefender, incus, Adguard 2024-02-16 17:14:11 -05:00
Thomas Stromberg 12a55753b5
fpr: Elastic Defend, gcloud, Warp, etc 2024-02-05 10:45:17 -05:00
Thomas Stromberg e42ea9a4bc
massive fpr: Rapid7, Elastic, everything 2024-01-26 14:07:37 -05:00
Thomas Stromberg 5d31e8da5f
fpr: psi, arduino, bitdefender, keybase, cody, etc 2024-01-22 10:36:01 -05:00
Thomas Stromberg ceec1718f9
fpr: snap, mutedeck, idea, Chrome exts 2024-01-18 17:15:37 -05:00
Thomas Stromberg fa4e0d0510
recently downloaded go-crypt: Fix YARA error 2024-01-09 17:22:33 -05:00
Thomas Stromberg 229a32a61e
fpr: sourcegraph,phantombuster,iterm,cody,stickers 2024-01-09 16:14:00 -05:00
Thomas Stromberg 875125fc94
Add exceptions for Elastic Defend & Rapid7 InsightIDR 2024-01-08 19:07:57 -05:00
Thomas Stromberg 1304d66783
Add more Elastic exceptions 2024-01-08 17:55:30 -05:00
Thomas Stromberg 336a1fca4a
Add exceptions for Elastic Defend 2024-01-08 17:18:25 -05:00
Thomas Stromberg 8b9894ec74
filter out CSV from yara 2023-12-15 17:12:50 -05:00
Thomas Stromberg 800e4aa2cc
fpr: kind of everything 2023-12-15 17:10:06 -05:00
Thomas Stromberg 310e51d2a2
fpr: Capture One, Grammarly, Mullvad, etc 2023-12-08 17:12:27 -05:00
Thomas Stromberg 5802021124
Optimize YARA process queries by deduping paths 2023-11-02 09:53:26 -04:00
Thomas Stromberg 6e1e7f29c2
fpr: dbeaver, AwesomeScreenshot, Hyper, etc 2023-11-02 09:39:41 -04:00
Thomas Stromberg 0060bb087e
fpr: aws, java, arch, cody, google, wireshark, etc 2023-10-31 11:40:10 -04:00
Thomas Stromberg 7d9aced380
fpr: mtr, vscode, cpptools, cron, firefox 2023-10-25 09:18:04 -04:00
Thomas Stromberg 9e6df92e3f
fpr: osquery release spam 2023-10-24 18:32:03 -04:00
Thomas Stromberg 3c2be1c16e
fpr: Kolide, qemu, bash, monday, macOS 2023-10-24 18:01:36 -04:00
Thomas Stromberg 5f2680ca8b
fpr: Monday, Splunk, Gnome, Git, Grammarly, etc 2023-10-02 11:35:11 -04:00
Thomas Stromberg f73263bece
fpr: docker, fish, Stream Deck, rsync, lima, macOS 2023-09-26 15:14:38 -04:00
Thomas Stromberg a7f0b3001d
Reduce false positives on Ubuntu + Lima 2023-09-26 13:09:22 -04:00
Thomas Stromberg 2bbc2f6c97
split detection pack into subpacks 2023-09-20 17:43:39 -04:00
Thomas Stromberg b39fca4e9f
fpr: RSA keys, tcpdump, login, crane, souregraph, etc 2023-09-20 09:30:46 -04:00
Thomas Stromberg f16c3cdf53 fpr: sourcegraph, nginx, factorio, fan control, emacs, nushell 2023-09-14 17:13:12 -04:00
Thomas Stromberg 84125c4bb1
Remove recently common false positives 2023-09-01 17:09:47 -04:00
Thomas Stromberg ce2f0f06cb
fpr; Keybase, grype, UpdateBrainService, OpenOffice, sqlproxy 2023-07-20 10:56:49 -04:00
Thomas Stromberg a0e4183bf4 fpr: Velociraptor, nessus, kandji, java, SteelSeries, etc 2023-07-12 17:38:26 -04:00
Thomas Stromberg cebf617c82 fpr: terragrunt, mdnsResponder, Spotify, Zoom, etc 2023-06-14 10:58:41 -04:00
Thomas Stromberg 32328c91f1 fpr: Slack, Gnome, Sigstore, Logitune, etc 2023-06-12 10:10:57 -04:00
Thomas Stromberg 9575d18bc2 fpr: FleetDM, Edge, VSCode, dnf, Steam, etc 2023-06-01 11:52:20 -04:00
Thomas Stromberg 26b2b9a4c7
fpr: LGHUB, aomshm, Wisdolia, uubyte, eclipse, etc 2023-05-11 11:29:55 -04:00
Thomas Stromberg 41d83350a1
make reformat 2023-05-08 13:20:47 -04:00
Thomas Stromberg 778d53b169
Address merge conflicts 2023-05-08 13:11:24 -04:00
Thomas Stromberg 4856a0e80a
fpr: LogiTune, sharingd, gnome, sparkle, plex 2023-05-08 13:07:57 -04:00
Thomas Stromberg 0202e87b73
fpr: libopenblas, snapd, k3d, opera, nix, ssh, cargo, adobe installer 2023-05-03 16:28:00 -04:00