| .. |
|
empty_environ.sql
|
Reorganize paths, tune queries a bit
|
2022-09-09 12:51:52 -04:00 |
|
exotic-cmdline.sql
|
Every day I'm tuning it
|
2022-09-20 21:56:01 -04:00 |
|
hidden-cwd.sql
|
More Linux/macOS splits to get signature support
|
2022-09-20 17:46:47 -04:00 |
|
hidden-parent-pid.sql
|
More tuning, more scripts
|
2022-09-11 15:07:54 -04:00 |
|
high-disk-bytes-written.sql
|
More Linux/macOS splits to get signature support
|
2022-09-20 17:46:47 -04:00 |
|
high_disk_bytes_read.sql
|
More Linux/macOS splits to get signature support
|
2022-09-20 17:46:47 -04:00 |
|
low_start_time_ctime_delta.sql
|
More tuning, quiet deaths
|
2022-09-21 13:34:10 -04:00 |
|
missing-from-disk-linux.sql
|
More tuning, quiet deaths
|
2022-09-21 13:34:10 -04:00 |
|
missing-from-disk-macos.sql
|
More tuning, more queries
|
2022-09-21 07:42:51 -04:00 |
|
name_path_mismatch.sql
|
More tuning, quiet deaths
|
2022-09-21 13:34:10 -04:00 |
|
old-binaries-running.sql
|
More false-positive removal
|
2022-09-14 07:54:39 -04:00 |
|
parent-missing-from-disk.sql
|
More tuning, more queries
|
2022-09-21 07:42:51 -04:00 |
|
reverse-shell-socket.sql
|
More tuning
|
2022-09-14 10:51:56 -04:00 |
|
sketchy-fetcher.sql
|
Rewrite sketchy events, remove some false positives
|
2022-09-20 08:16:06 -04:00 |
|
unexpected-env-values.sql
|
More tuning, more queries
|
2022-09-21 07:42:51 -04:00 |
|
unexpected-executable-directory.sql
|
More filtering
|
2022-09-16 11:22:50 -04:00 |
|
unexpected-executable-permissions.sql
|
Fix many broken queries
|
2022-09-21 10:30:17 -04:00 |
|
unexpected-privilege-escalation.sql
|
Add more data to privesc, rewrite systemd units
|
2022-09-20 09:47:52 -04:00 |
|
unexpected-privileged-executable.sql
|
Lots of treats for the boys and girls
|
2022-09-13 20:46:04 -04:00 |
|
unexpected-shell-parents.sql
|
More tuning, more queries
|
2022-09-21 07:42:51 -04:00 |
3dfda437ab