Thomas Stromberg dfb1121261 fpr: lima, git, firefox, vmware		2025-05-06 08:09:52 -04:00
..
1-exotic-command-events-linux.sql	run "make reformat"	2025-02-26 12:14:46 -05:00
1-exotic-command-events-macos.sql	run "make reformat"	2025-02-26 12:14:46 -05:00
1-exotic-commands-linux.sql	more alert tuning	2025-02-21 11:01:02 -05:00
1-exotic-commands-macos.sql	fpr: iris, go, solaar, surfshark, ubuntu, geocomply, etc	2025-04-21 21:40:24 -04:00
1-recently-created-executables-long-lived-linux.sql	fpr: iris, go, solaar, surfshark, ubuntu, geocomply, etc	2025-04-21 21:40:24 -04:00
1-recently-created-executables-long-lived-macos.sql	fpr: iris, go, solaar, surfshark, ubuntu, geocomply, etc	2025-04-21 21:40:24 -04:00
1-sketchy-fetcher-events.sql	add 1-3 (low,medium,high) prefix to alert names	2025-02-19 10:47:16 -05:00
1-sketchy-fetcher.sql	add 1-3 (low,medium,high) prefix to alert names	2025-02-19 10:47:16 -05:00
1-tiny-executable-events.sql	fpr: Chainguard OS, Finch, xcover, Dropbox	2025-04-29 17:07:18 -04:00
1-unexpected-env-values-linux.sql	fpr	2025-05-01 18:14:13 -04:00
1-unexpected-execdir-linux.sql	fpr: DDPM, nwg-bar, diskimage domains, touched exec	2025-02-24 13:54:45 -05:00
1-unexpected-execdir-macos.sql	fpr: Debian Linux, Nix, and Chromium snaps	2025-02-21 10:31:08 -05:00
1-unexpected-executable-permissions.sql	fpr	2025-05-01 18:14:13 -04:00
1-unexpected-fetcher-parent-events.sql	run "make reformat"	2025-02-26 12:14:46 -05:00
1-unexpected-fetcher-parents.sql	fpr: iris, go, solaar, surfshark, ubuntu, geocomply, etc	2025-04-21 21:40:24 -04:00
1-unexpected-gatekeeper-approvals-macos.sql	add 1-3 (low,medium,high) prefix to alert names	2025-02-19 10:47:16 -05:00
1-unexpected-osascript-calls.sql	add 1-3 (low,medium,high) prefix to alert names	2025-02-19 10:47:16 -05:00
1-unexpected-setuid-binaries.sql	fpr: lima, git, firefox, vmware	2025-05-06 08:09:52 -04:00
1-unexpected-sysutils-linux.sql	add 1-3 (low,medium,high) prefix to alert names	2025-02-19 10:47:16 -05:00
1-unexpected-sysutils-macos.sql	add 1-3 (low,medium,high) prefix to alert names	2025-02-19 10:47:16 -05:00
1-unexpected-xattr-calls-macos.sql	add 1-3 (low,medium,high) prefix to alert names	2025-02-19 10:47:16 -05:00
2-exec-failed-launch-constraint-violation.sql	fpr: Focusrite, Dovecot, ModemManager, Kolide launcher, etc	2025-03-18 18:14:42 -04:00
2-tiny-executable.sql	fpr: Chainguard OS, Finch, xcover, Dropbox	2025-04-29 17:07:18 -04:00
2-unexpected-chmod-exec-event-linux.sql	fpr: iris, go, solaar, surfshark, ubuntu, geocomply, etc	2025-04-21 21:40:24 -04:00
2-unexpected-chmod-exec-event-macos.sql	add 1-3 (low,medium,high) prefix to alert names	2025-02-19 10:47:16 -05:00
2-unexpected-env-values-macos.sql	fpr: Focusrite, Dovecot, ModemManager, Kolide launcher, etc	2025-03-18 18:14:42 -04:00
2-unexpected-execdir-events-linux.sql	add 1-3 (low,medium,high) prefix to alert names	2025-02-19 10:47:16 -05:00
2-unexpected-execdir-events-macos.sql	add 1-3 (low,medium,high) prefix to alert names	2025-02-19 10:47:16 -05:00
2-unexpected-long-running-security-framework-macos.sql	fpr	2025-05-01 18:14:13 -04:00
2-unexpected-packet-sniffer.sql	fpr: datadog, nordvpn, claude, minecraftlauncher, eksctl	2025-02-25 16:53:31 -05:00
2-unexpected-root-signer-events-macos.sql	add 1-3 (low,medium,high) prefix to alert names	2025-02-19 10:47:16 -05:00
3-relative-exec-low-uid-events.sql	add 1-3 (low,medium,high) prefix to alert names	2025-02-19 10:47:16 -05:00
3-relative-exec-low-uid.sql	fpr	2025-05-01 17:46:07 -04:00
3-reverse-shell-socket.sql	add 1-3 (low,medium,high) prefix to alert names	2025-02-19 10:47:16 -05:00
3-unexpected-mounts.sql	add 1-3 (low,medium,high) prefix to alert names	2025-02-19 10:47:16 -05:00
3-xprotect-reports.sql	add 1-3 (low,medium,high) prefix to alert names	2025-02-19 10:47:16 -05:00
3-yara-unexpected-miner-process.sql	add 1-3 (low,medium,high) prefix to alert names	2025-02-19 10:47:16 -05:00
3-yara-unexpected-upx-process.sql	fix reformatted upx script	2025-02-19 10:49:34 -05:00