osquery-defense-kit

Thomas Stromberg 0875483512 More false removal	2022-09-30 15:42:10 -04:00
..
empty_environ.sql	Format everything with 'npx sql-formatter -l sqlite'	2022-09-24 11:12:23 -04:00
exotic-cmdline.sql	Format everything with 'npx sql-formatter -l sqlite'	2022-09-24 11:12:23 -04:00
hidden-cwd.sql	Fix constraint failure	2022-09-30 14:12:24 -04:00
hidden-parent-pid.sql	Format everything with 'npx sql-formatter -l sqlite'	2022-09-24 11:12:23 -04:00
high-disk-bytes-written.sql	Overdue false positive removal	2022-09-29 15:42:27 -04:00
high_disk_bytes_read.sql	More false removal	2022-09-30 15:42:10 -04:00
low_start_time_ctime_delta.sql	New exfil detector, exception improvements	2022-09-30 12:10:18 -04:00
missing-from-disk-linux.sql	Overdue false positive removal	2022-09-29 15:42:27 -04:00
missing-from-disk-macos.sql	More false positive removal	2022-09-30 13:47:10 -04:00
name_path_mismatch.sql	More false-positive removal	2022-09-27 11:54:17 -04:00
old-binaries-running.sql	Overdue false positive removal	2022-09-29 15:42:27 -04:00
parent-missing-from-disk.sql	Add kworker->modprobe exception	2022-09-30 11:14:20 -04:00
reverse-shell-socket.sql	Format everything with 'npx sql-formatter -l sqlite'	2022-09-24 11:12:23 -04:00
sketchy-fetcher.sql	Format everything with 'npx sql-formatter -l sqlite'	2022-09-24 11:12:23 -04:00
unexpected-env-values.sql	Format everything with 'npx sql-formatter -l sqlite'	2022-09-24 11:12:23 -04:00
unexpected-executable-directory-linux.sql	New exfil detector, exception improvements	2022-09-30 12:10:18 -04:00
unexpected-executable-directory-macos.sql	More false positive removal	2022-09-30 13:47:10 -04:00
unexpected-executable-permissions.sql	New exfil detector, exception improvements	2022-09-30 12:10:18 -04:00
unexpected-privilege-escalation.sql	Format everything with 'npx sql-formatter -l sqlite'	2022-09-24 11:12:23 -04:00
unexpected-setxid-process.sql	New exfil detector, exception improvements	2022-09-30 12:10:18 -04:00
unexpected-shell-parents.sql	New exfil detector, exception improvements	2022-09-30 12:10:18 -04:00
unexpected-uid0-daemon-linux.sql	New exfil detector, exception improvements	2022-09-30 12:10:18 -04:00
unexpected-uid0-daemon-macos.sql	Add experimental queries for daemon detection	2022-09-29 16:04:07 -04:00

empty_environ.sql

Format everything with 'npx sql-formatter -l sqlite'

2022-09-24 11:12:23 -04:00

exotic-cmdline.sql

Format everything with 'npx sql-formatter -l sqlite'

2022-09-24 11:12:23 -04:00

hidden-cwd.sql

Fix constraint failure

2022-09-30 14:12:24 -04:00

hidden-parent-pid.sql

Format everything with 'npx sql-formatter -l sqlite'

2022-09-24 11:12:23 -04:00

high-disk-bytes-written.sql

Overdue false positive removal

2022-09-29 15:42:27 -04:00

high_disk_bytes_read.sql

More false removal

2022-09-30 15:42:10 -04:00

low_start_time_ctime_delta.sql

New exfil detector, exception improvements

2022-09-30 12:10:18 -04:00

missing-from-disk-linux.sql

Overdue false positive removal

2022-09-29 15:42:27 -04:00

missing-from-disk-macos.sql

More false positive removal

2022-09-30 13:47:10 -04:00

name_path_mismatch.sql

More false-positive removal

2022-09-27 11:54:17 -04:00

old-binaries-running.sql

Overdue false positive removal

2022-09-29 15:42:27 -04:00

parent-missing-from-disk.sql

Add kworker->modprobe exception

2022-09-30 11:14:20 -04:00

reverse-shell-socket.sql

Format everything with 'npx sql-formatter -l sqlite'

2022-09-24 11:12:23 -04:00

sketchy-fetcher.sql

Format everything with 'npx sql-formatter -l sqlite'

2022-09-24 11:12:23 -04:00

unexpected-env-values.sql

Format everything with 'npx sql-formatter -l sqlite'

2022-09-24 11:12:23 -04:00

unexpected-executable-directory-linux.sql

New exfil detector, exception improvements

2022-09-30 12:10:18 -04:00

unexpected-executable-directory-macos.sql

More false positive removal

2022-09-30 13:47:10 -04:00

unexpected-executable-permissions.sql

New exfil detector, exception improvements

2022-09-30 12:10:18 -04:00

unexpected-privilege-escalation.sql

Format everything with 'npx sql-formatter -l sqlite'

2022-09-24 11:12:23 -04:00

unexpected-setxid-process.sql

New exfil detector, exception improvements

2022-09-30 12:10:18 -04:00

unexpected-shell-parents.sql

New exfil detector, exception improvements

2022-09-30 12:10:18 -04:00

unexpected-uid0-daemon-linux.sql

New exfil detector, exception improvements

2022-09-30 12:10:18 -04:00

unexpected-uid0-daemon-macos.sql

Add experimental queries for daemon detection

2022-09-29 16:04:07 -04:00