osquery-defense-kit

mirror of https://github.com/chainguard-dev/osquery-defense-kit synced 2025-02-18 02:17:01 +00:00

Author	SHA1	Message	Date
Thomas Stromberg	fbab3701c0	fpr: Docker, Zwift, macOS updates, etc	2023-03-20 17:05:02 -04:00
Thomas Strömberg	621967a085	Merge pull request #230 from tstromberg/split-chmod Add exceptions for Kandji	2023-03-17 15:49:30 -04:00
Thomas Stromberg	13a95a4f41	Add exceptions for Kandji	2023-03-17 15:46:00 -04:00
Thomas Strömberg	1b9e2a6ec1	Merge pull request #229 from tstromberg/split-chmod unexpected-chmod-exec: Split and Linux/macOS queries	2023-03-17 15:39:26 -04:00
Thomas Stromberg	15c666a170	Fix references to p0.cmdline	2023-03-17 15:38:22 -04:00
Thomas Stromberg	e1db6fc2de	Fix split chmod detector	2023-03-17 15:19:33 -04:00
Thomas Stromberg	feb7c234e7	split unexpected-chmod-exec-event into Linux/macOS	2023-03-17 15:13:36 -04:00
Thomas Strömberg	c527625c98	Merge pull request #228 from tstromberg/more-exotic fpr: Brother, Intel OneAPI, k6, firefox	2023-03-17 15:13:05 -04:00
Thomas Stromberg	6ddc478df4	fpr: Brother, Intel OneAPI, k6, firefox	2023-03-17 15:08:22 -04:00
Thomas Strömberg	6c9759b003	Merge pull request #227 from tstromberg/more-exotic chmod events: broaden snap .config exception	2023-03-17 10:54:26 -04:00
Thomas Stromberg	fb6af4858a	chmod events: broaden snap exception	2023-03-17 10:52:28 -04:00
Thomas Strömberg	acd162410a	Merge pull request #226 from tstromberg/more-exotic modernize high-disk-bytes queries	2023-03-17 10:52:06 -04:00
Thomas Stromberg	9eeae99f24	modernize high-disk-bytes queries	2023-03-17 10:48:17 -04:00
Thomas Strömberg	56d4ab208f	Merge pull request #225 from tstromberg/more-exotic gcp keys mdfind: filter out more filenames	2023-03-17 10:15:28 -04:00
Thomas Stromberg	0aac121cbb	gcp keys mdfind: filter out more filenames	2023-03-17 10:15:07 -04:00
Thomas Strömberg	5d637e7698	Merge pull request #224 from tstromberg/more-exotic fpr: NetworkManager, packer, rancher desktop, proxmox, sd	2023-03-17 06:39:11 -04:00
Thomas Stromberg	2bfd736d37	Use p0_cmd instead of p0.cmdline	2023-03-17 06:37:18 -04:00
Thomas Stromberg	7ee331b399	Add missing comma	2023-03-17 06:35:15 -04:00
Thomas Stromberg	7ceb7b2b19	fpr: NetworkManager, packer, rancher desktop, proxmox, sd	2023-03-17 06:32:54 -04:00
Thomas Strömberg	e8c6a8b723	Merge pull request #223 from tstromberg/more-exotic chmod events: Include macOS, improve results	2023-03-17 06:31:43 -04:00
Thomas Stromberg	8154560703	chmod events: Include macOS, improve results	2023-03-17 06:24:26 -04:00
Thomas Strömberg	c586ae9997	Merge pull request #222 from tstromberg/fpr-mar14 fpr: Signal, apko, aws, melange, dash, stern	2023-03-16 17:32:57 -04:00
Thomas Stromberg	6473469e72	revert euid change in exception key	2023-03-16 17:31:31 -04:00
Thomas Stromberg	fbc2b207b4	fpr: Signal, apko, aws, melange, dash, stern	2023-03-16 17:29:11 -04:00
Thomas Strömberg	b9f6692413	Merge pull request #221 from tstromberg/fpr-mar14 New detector: unexpected chmod exec event	2023-03-16 17:24:02 -04:00
Thomas Stromberg	af9a78236e	New detector: unexpected chmod exec event	2023-03-16 16:53:32 -04:00
Thomas Strömberg	df05d8b92a	Merge pull request #220 from tstromberg/fpr-mar14 Add unexpected libcurl detector	2023-03-16 16:14:56 -04:00
Thomas Stromberg	2e10bdf52b	Add unexpected libcurl detector	2023-03-16 16:10:25 -04:00
Thomas Strömberg	0db565a079	Merge pull request #219 from tstromberg/fpr-mar14 fpr: yum, systemd, cloud-sql-proxy, image-automation-controller, helm…	2023-03-14 19:02:37 -04:00
Thomas Stromberg	824efa9705	fpr: yum, systemd, cloud-sql-proxy, image-automation-controller, helm, bom, aws	2023-03-14 19:00:44 -04:00
Thomas Strömberg	f2f8db1d15	Merge pull request #218 from tstromberg/fpr-mar14 fpr: SA keys, libgtop, haproxy, gvproxy, slirp	2023-03-14 16:06:28 -04:00
Thomas Stromberg	09652bd91f	fpr: SA keys, libgtop, haproxy, gvproxy, slirp	2023-03-14 16:05:16 -04:00
Thomas Strömberg	2f16dda2a7	Merge pull request #217 from tstromberg/mismatch Rewrite name/path mismatch for lower maintenance	2023-03-14 15:25:24 -04:00
Thomas Stromberg	0c03324296	Reduce fuziness of matching	2023-03-14 15:11:33 -04:00
Thomas Stromberg	e23b34dc7b	Rewrite name/path mismatch for lower maintenance	2023-03-09 21:11:24 -05:00
Thomas Strömberg	57700fd007	Merge pull request #216 from tstromberg/fpr-mar6 fpr: Canon Universal Installer, melange, GPG, key names	2023-03-06 21:14:10 -05:00
Thomas Stromberg	b3825ba2b9	fpr: Canon Universal Installer, melange, GPG, key names	2023-03-06 15:11:11 -05:00
Thomas Strömberg	cb8162d3c6	Merge pull request #215 from tstromberg/fpr-mar4 Add dhclient uid0 exception, as appears in Debian	2023-03-04 13:22:06 -05:00
Thomas Stromberg	89439e7959	Merge to head	2023-03-04 13:21:42 -05:00
Thomas Stromberg	83de333882	Add dhclient uid0 exception, as appears in Debian	2023-03-04 13:20:26 -05:00
Thomas Strömberg	5e9503490a	Merge pull request #214 from tstromberg/main Add a runnable osquery.conf example	2023-03-04 13:04:44 -05:00
Thomas Stromberg	2700c780b7	Add a runnable osquery.conf example	2023-03-04 13:03:30 -05:00
Thomas Strömberg	fb583d964b	Merge pull request #213 from tstromberg/fpr-mar3 fpr: aws certs, AdobePIM, slack	2023-03-04 12:21:14 -05:00
Thomas Stromberg	81b09ae711	fpr: aws certs, AdobePIM, slack	2023-03-04 12:20:53 -05:00
Thomas Strömberg	158e5fa696	Merge pull request #212 from tstromberg/fpr-mar3 fpr: aws-sdk, melange, Tailscale, Xprotect, etc	2023-03-03 07:26:32 -05:00
Thomas Stromberg	f25cfe1399	fpr: aws-sdk, melange, Tailscale, Xprotect, etc	2023-03-03 07:24:42 -05:00
Thomas Strömberg	6d05dbc2da	Merge pull request #211 from tstromberg/keyfinder Add RSA key finders, and mdfind-based GCP key finder	2023-03-01 11:08:09 -05:00
Thomas Stromberg	fa7a0971d4	Add RSA key finders, and mdfind-based GCP key finder	2023-03-01 11:05:35 -05:00
Thomas Strömberg	b7d7ad1a1b	Update README.md	2023-02-24 18:30:31 -05:00
Thomas Strömberg	3f3033ad5c	Merge pull request #210 from tstromberg/make Makefile: Add 'detect' rule, fix collection/IR rules	2023-02-24 18:29:32 -05:00

1 2 3 4 5 ...

815 Commits