osquery-defense-kit/detection/initial_access
Thomas Stromberg 71096ba4c7
fpr: mc, colima, webfilterproxyd, headlamp, record it, etc
2024-11-13 16:34:12 -05:00
..
sketchy-download-name.sql False-positives be damned 2024-08-27 18:40:43 -04:00
sketchy-mounted-diskimage.sql fpr: lima, rpm-ostree, gitsign, kde, python, etc 2024-07-01 21:56:28 -04:00
unexpected-diskimage-name-macos.sql fpr: Github Absolute Date, Snagit, Figma, Seagate, aws, etc 2023-01-26 16:30:14 -05:00
unexpected-diskimage-source-macos.sql fpr: mc, colima, webfilterproxyd, headlamp, record it, etc 2024-11-13 16:34:12 -05:00
unexpected-shell-parent-events.sql Merge pull request #388 from tstromberg/net-events 2024-09-24 15:53:07 -04:00
unexpected-shell-parents.sql widen query scope 2024-10-16 09:32:00 -04:00
unexpected-volume-contents.sql fpr: Monday, Splunk, Gnome, Git, Grammarly, etc 2023-10-02 11:35:11 -04:00
unexpected-webmail-downloads.sql fpr: prosoft, ujust, kandji-library-manager, etc 2024-09-26 12:40:04 -04:00
yara-recently-downloaded-miner.sql run 'make reformat' 2024-08-27 18:45:06 -04:00
yara-recently-downloaded-packed.sql run 'make reformat' 2024-08-27 18:45:06 -04:00
yara-recently-downloaded-ransom.sql run 'make reformat' 2024-08-27 18:45:06 -04:00
yara-recently-downloaded-stealer.sql run 'make reformat' 2024-08-27 18:45:06 -04:00