osquery-defense-kit

mirror of https://github.com/chainguard-dev/osquery-defense-kit synced 2025-02-18 18:46:53 +00:00

Author	SHA1	Message	Date
Thomas Stromberg	824efa9705	fpr: yum, systemd, cloud-sql-proxy, image-automation-controller, helm, bom, aws	2023-03-14 19:00:44 -04:00
Thomas Stromberg	b3825ba2b9	fpr: Canon Universal Installer, melange, GPG, key names	2023-03-06 15:11:11 -05:00
Thomas Stromberg	fb7cd56249	fpr: abrt-dbus, gdm, chrome, ff, etc	2023-02-24 16:30:17 -05:00
Thomas Stromberg	f87541c945	False positive flush, particularly in talkers	2023-02-17 11:57:23 -05:00
Thomas Stromberg	d302a9ff55	Purge false positives, again and again	2023-02-02 21:46:53 -05:00
Thomas Stromberg	bb3e1f964e	Run make reformat, update max rows for incident response	2023-02-02 17:58:19 -05:00
Thomas Stromberg	f9dce0a72d	Include more process information across queries	2023-02-01 13:55:55 -05:00
Thomas Stromberg	66ee3484c0	Remove unused active fields, add WhatsApp ioreg exception	2023-01-27 08:46:48 -05:00
Thomas Stromberg	7d8fa35eb4	fpr: Github Absolute Date, Snagit, Figma, Seagate, aws, etc	2023-01-26 16:30:14 -05:00
Thomas Stromberg	f5fe9a4aac	Refactor process_events queries for more accurate parenting	2023-01-26 11:40:54 -05:00
Thomas Stromberg	e6824d87e9	Run 'make reformat'	2023-01-20 09:24:24 -05:00
Thomas Stromberg	7b79b19090	False positive reduction: Messenger, Chrome, Final Cut Pro, etc	2023-01-18 09:49:56 -05:00
Thomas Stromberg	d415b36b57	FP removal: Selenium, PolKit helper, gephi, docker-credential-gcloud, firejail, etc	2023-01-16 12:56:39 -05:00
Thomas Strömberg	cb0ed647d8	Merge branch 'main' into bugfixesJan13	2023-01-13 13:56:19 -05:00
Thomas Stromberg	9d7bd98875	Compare euid against process_events as processes may not join	2023-01-13 13:55:03 -05:00
Thomas Stromberg	420d269025	Reformat and reduce false positives	2023-01-09 15:10:48 -05:00
Thomas Stromberg	4eb6993272	Catch up to some older false positives we ran into	2023-01-06 17:11:24 -05:00
Thomas Stromberg	cd0b7872c1	Rewrite unexpected-osascript-calls for simplicity	2023-01-06 15:31:08 -05:00
Thomas Stromberg	05a39a78d3	Flush out more false positives across the stack	2023-01-06 10:36:48 -05:00
Thomas Stromberg	9843def319	Fix more false positives, particularly in shell/fetcher parents	2023-01-06 10:18:19 -05:00
Thomas Stromberg	a8b95a2c9e	New Years cleanup: monitorix, snap-confine, steam, spotify, etc	2023-01-03 08:50:19 -05:00
Thomas Stromberg	49a19a6fd5	Sort out more false positives	2022-12-16 17:37:32 -05:00
Thomas Stromberg	47b208eb71	Allow gcloud auth application-default login	2022-12-15 09:12:30 -05:00
Thomas Stromberg	8047c88374	Run 'make reformat'	2022-11-16 11:02:29 -05:00
Thomas Stromberg	0e4f49ce78	Allow more gcloud auth paths	2022-11-04 11:57:47 -04:00
Thomas Stromberg	e7e714c9db	Make another stab at reducing false positives across the map	2022-11-03 11:51:54 -04:00
Thomas Stromberg	4464254d62	False-positive updates: tailscale, snapd, WPILib, darkfiles	2022-11-01 07:15:10 -04:00
Thomas Stromberg	caab2a6c82	Loads of fresh new false-positives removal	2022-10-31 17:40:37 -04:00
Thomas Stromberg	1c2d605bb0	Include osacompile	2022-10-29 11:43:58 -04:00
Thomas Stromberg	897c96bd33	Remove more in-the-wild false positives	2022-10-27 16:55:00 -04:00
Thomas Stromberg	a00af6c1fa	Merge another day worth of false positives	2022-10-27 10:23:15 -04:00
Thomas Stromberg	ff7cb5f00f	Address merge conflict	2022-10-25 21:31:32 -04:00
Thomas Stromberg	239df4ea1f	Reduce more false positives found on macOS and Linux	2022-10-25 21:27:41 -04:00
Thomas Stromberg	23351973ea	detection: Reduce Linux desktop false positives	2022-10-25 11:39:51 -04:00
Thomas Stromberg	058e74bca9	Merge to head	2022-10-24 14:45:49 -04:00
Thomas Stromberg	7d5503373b	Add Alfred exclusion, fix Zoom exclusion	2022-10-24 14:40:51 -04:00
Thomas Stromberg	04409029cb	Add exception for Zoom controller	2022-10-24 11:28:26 -04:00
Thomas Stromberg	a7c26908db	osascript: Add parent signing information	2022-10-24 10:06:22 -04:00
Thomas Stromberg	8516aec8c3	Fix broken osascript script, move duplicate check out of exotic	2022-10-21 17:42:44 -04:00
Thomas Stromberg	d2bdffe89e	Add support for interval tags	2022-10-14 14:19:13 -04:00
Thomas Stromberg	20452b128b	Migrate query strings from double to single apostrophes	2022-10-13 14:59:32 -04:00
Thomas Stromberg	26ee658c4a	Initial re-organization around the MITRE ATT&CK framework	2022-10-11 21:53:36 -04:00

42 Commits