osquery-defense-kit/process
Thomas Stromberg 481581c616
Launch day final cleanup
2022-09-22 19:35:24 -04:00
..
empty_environ.sql
exotic-cmdline.sql Every day I'm tuning it 2022-09-20 21:56:01 -04:00
hidden-cwd.sql More Linux/macOS splits to get signature support 2022-09-20 17:46:47 -04:00
hidden-parent-pid.sql
high-disk-bytes-written.sql Launch day final cleanup 2022-09-22 19:35:24 -04:00
high_disk_bytes_read.sql Launch day final cleanup 2022-09-22 19:35:24 -04:00
low_start_time_ctime_delta.sql Launch day fixes 2022-09-22 13:18:16 -04:00
missing-from-disk-linux.sql More tuning, quiet deaths 2022-09-21 13:34:10 -04:00
missing-from-disk-macos.sql More whitelisting 2022-09-22 05:18:03 -04:00
name_path_mismatch.sql Launch day final cleanup 2022-09-22 19:35:24 -04:00
old-binaries-running.sql
parent-missing-from-disk.sql More tuning, more queries 2022-09-21 07:42:51 -04:00
reverse-shell-socket.sql
sketchy-fetcher.sql Rewrite sketchy events, remove some false positives 2022-09-20 08:16:06 -04:00
unexpected-env-values.sql More whitelisting 2022-09-22 05:18:03 -04:00
unexpected-executable-directory.sql
unexpected-executable-permissions.sql Fix many broken queries 2022-09-21 10:30:17 -04:00
unexpected-privilege-escalation.sql Add more data to privesc, rewrite systemd units 2022-09-20 09:47:52 -04:00
unexpected-privileged-executable.sql
unexpected-shell-parents.sql Launch day final cleanup 2022-09-22 19:35:24 -04:00