RepoMirrors/osquery-defense-kit
1
0
Fork 0
mirror of https://github.com/chainguard-dev/osquery-defense-kit synced 2025-03-06 18:57:35 +00:00
Code Issues Packages Projects Releases Wiki Activity
925 Commits 1 Branch 31 Tags 7.4 MiB
ff2ab95431
Commit Graph

925 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Thomas Stromberg
ff2ab95431 Remove file sizes from systemd exception key 2023-06-08 18:26:57 -04:00
Thomas Strömberg
06b95a57b3
Merge pull request #272 from tstromberg/unattended 
Add unattended-upgrades.pid (Ubuntu)
 2023-06-07 15:19:58 -04:00
Thomas Strömberg
d6db5838d5
Merge pull request #273 from tstromberg/more-hidden 
hidden home config: Add ~/.config/.* to search criteria
 2023-06-07 15:19:51 -04:00
Thomas Stromberg
7a61b5eced Add ~/.config/.* to search criteria 2023-06-07 15:15:02 -04:00
Thomas Stromberg
404b7125f7 Add unattended-upgrades.pid (Ubuntu 2023-06-07 15:14:09 -04:00
Thomas Strömberg
cd8ec86341
Merge pull request #271 from tstromberg/fpr-jun2 
fpr: macOS, Signal, Creative Labs, node, Ubuntu, Google Earth, xfce4
 2023-06-07 09:58:46 -04:00
Thomas Stromberg
c8760e0ae1 fpr: macOS, Signal, Creative Labs, node, etc 2023-06-07 09:55:17 -04:00
Thomas Stromberg
91983a000a Merge branch 'main' into fpr-jun2 2023-06-07 08:58:08 -04:00
Thomas Stromberg
349ff58fb2 fpr: xfce4, Google Earth, Ubuntu 2023-06-07 08:58:02 -04:00
Thomas Strömberg
b6443b06c1
Merge pull request #270 from tstromberg/fpr-jun2 
fpr: multipass, go, macOS, Ubuntu, Opera, git, ko
 2023-06-02 19:24:51 -04:00
Thomas Stromberg
1c3d461392 Add lock exception for pipewire 2023-06-02 19:22:26 -04:00
Thomas Stromberg
066c88dc18 fpr: multipass, go, macOS, Ubuntu, Opera, git, ko 2023-06-02 19:08:08 -04:00
Thomas Strömberg
bda533eb9f
Merge pull request #269 from tstromberg/gdrive 
New queries: excessive Google Drive exports
 2023-06-02 18:09:50 -04:00
Thomas Stromberg
37ce71b94f Decrease download limits to begin with 2023-06-02 18:03:44 -04:00
Thomas Stromberg
c2ce0ce7d7 New queries: excessive Google Drive exports 2023-06-02 18:01:10 -04:00
Thomas Strömberg
eba289f996
Merge pull request #268 from tstromberg/fpr-jun1 
fpr: FleetDM, Edge, VSCode, dnf, Steam, etc
 2023-06-01 11:54:12 -04:00
Thomas Stromberg
9575d18bc2 fpr: FleetDM, Edge, VSCode, dnf, Steam, etc 2023-06-01 11:52:20 -04:00
Thomas Strömberg
13c498aedc
Merge pull request #267 from tstromberg/fpr-may23 
Fix missing apostrophe
 2023-05-23 11:56:42 -04:00
Thomas Stromberg
7446b55120 Fix missing apostrophe 2023-05-23 11:55:11 -04:00
Thomas Strömberg
3ed6d6271f
Merge pull request #266 from tstromberg/fpr-may23 
fpr: macOS, yubikey, Premiere, dnf, vagrant, etc
 2023-05-23 11:35:38 -04:00
Thomas Stromberg
4831794034 Rename from missing-parent 2023-05-23 11:31:58 -04:00
Thomas Stromberg
111c15e20b fpr: macOS, yubikey, Premiere, dnf, vagrant, etc 2023-05-23 11:31:37 -04:00
Thomas Strömberg
82134447fa
Merge pull request #265 from tstromberg/fpr-may17 
fpr: Parallels, Stream Deck, tflint, gitstatus, snyk
 2023-05-17 17:58:27 -04:00
Thomas Stromberg
56ede74c54 fpr: Parallels, Stream Deck, tflint, gitstatus, snyk 2023-05-17 17:52:55 -04:00
Thomas Strömberg
0f94e56abc
Merge pull request #264 from tstromberg/geacon1p 
Query tuning for Geacon detection and reduced CPU usage
 2023-05-17 13:26:46 -04:00
Thomas Stromberg
d9d6a836a7 Update minimal socket exceptions to not rely signatures 2023-05-17 13:21:29 -04:00
Thomas Stromberg
c6eec0ee17 Query tuning after Geacon testing 2023-05-17 10:54:16 -04:00
Thomas Strömberg
96fd9e7729
Merge pull request #263 from tstromberg/times3 
Make process times broadly available, minor opts
 2023-05-16 20:11:16 -04:00
Thomas Stromberg
24c2baef28 Make process times broadly available, minor opts 2023-05-16 17:18:39 -04:00
Thomas Strömberg
fb77f0a811
Merge pull request #262 from tstromberg/bpfdoor-2023 
Improve detection for bpfdoor and similar backdoors.
 2023-05-16 16:32:35 -04:00
Thomas Stromberg
7f86db5521 Improve detection for bpfdoor and similar backdoors. 2023-05-16 16:31:31 -04:00
Thomas Strömberg
5ca54e89b7
Merge pull request #261 from tstromberg/fpr-may15 
fpr: Kolide, macOS, nvidia, neko
 2023-05-16 10:31:59 -04:00
Thomas Stromberg
93f2f2baf4 Fix comma placement 2023-05-16 10:31:46 -04:00
Thomas Stromberg
d5a94b21d1 fpr: Kolide, macOS, nvidia, neko 2023-05-16 10:28:19 -04:00
Thomas Strömberg
94947a252f
Merge pull request #260 from tstromberg/fpr-may11 
fpr: Chrome, Kolide
 2023-05-12 16:43:23 -04:00
Thomas Stromberg
9c87838b9f
fpr: Chrome, Kolide 2023-05-12 16:41:17 -04:00
Thomas Strömberg
a05089b897
Merge pull request #259 from tstromberg/fpr-may11 
Collect recent file events
 2023-05-12 16:37:29 -04:00
Thomas Stromberg
64d482abcd
Collect recent file events 2023-05-12 16:35:00 -04:00
Thomas Strömberg
abba247124
Merge pull request #258 from tstromberg/fpr-may11 
incident_response: Improve macOS coverage
 2023-05-12 16:28:45 -04:00
Thomas Stromberg
08d0235608
Fix bug 2023-05-12 16:26:44 -04:00
Thomas Stromberg
6303ee76b6
Collect more file data 2023-05-12 16:17:10 -04:00
Thomas Stromberg
2645fa41f7
pop is a Linux only table 2023-05-12 11:10:50 -04:00
Thomas Stromberg
99af29e2df
clarify macOS coverage 2023-05-12 11:08:59 -04:00
Thomas Stromberg
0c9e3bbf72
incident_response: Improve macOS coverage 2023-05-12 10:49:50 -04:00
Thomas Strömberg
ff9c6459a9
Merge pull request #257 from tstromberg/fpr-may11 
fpr: LGHUB, aomshm, Wisdolia, uubyte, eclipse, etc
 2023-05-11 11:30:46 -04:00
Thomas Stromberg
26b2b9a4c7
fpr: LGHUB, aomshm, Wisdolia, uubyte, eclipse, etc 2023-05-11 11:29:55 -04:00
Thomas Strömberg
53a6d583c3
Merge pull request #256 from tstromberg/var-run 
New detector: unexpected /var/run files
 2023-05-11 10:35:25 -04:00
Thomas Stromberg
099d6664fe
Remove seldom modifier, reformat 2023-05-11 10:33:51 -04:00
Thomas Stromberg
c58cac1a1f
New detector: unexpected /var/run files 2023-05-11 10:32:17 -04:00
Thomas Strömberg
240d03463e
Merge pull request #255 from tstromberg/main 
fpr: LogiTune, EndeavourOS, less, LogiTune, sharingd, gnome, plex
 2023-05-08 13:26:28 -04:00