RepoMirrors/osquery-defense-kit
1
0
Fork 0
mirror of https://github.com/chainguard-dev/osquery-defense-kit synced 2025-02-20 12:06:48 +00:00
Code Issues Packages Projects Releases Wiki Activity
695b403b4b
osquery-defense-kit/detection/initial_access
History
Thomas Stromberg 695b403b4b
Detect recently downloaded files which have been packed
2024-08-26 15:03:25 -04:00
..
sketchy-download-name.sql fpr: RSA keys, tcpdump, login, crane, souregraph, etc 2023-09-20 09:30:46 -04:00
sketchy-mounted-diskimage.sql fpr: lima, rpm-ostree, gitsign, kde, python, etc 2024-07-01 21:56:28 -04:00
unexpected-diskimage-name-macos.sql fpr: Github Absolute Date, Snagit, Figma, Seagate, aws, etc 2023-01-26 16:30:14 -05:00
unexpected-diskimage-source-macos.sql More SilverBlue/Elastic allows 2024-05-23 21:22:59 -04:00
unexpected-shell-parent-events.sql fpr: kas, bitnami, redis, bincapz, kolide, docker, whatsapp 2024-07-12 16:55:49 -04:00
unexpected-shell-parents.sql fpr: kas, bitnami, redis, bincapz, kolide, docker, whatsapp 2024-07-12 16:55:49 -04:00
unexpected-volume-contents.sql fpr: Monday, Splunk, Gnome, Git, Grammarly, etc 2023-10-02 11:35:11 -04:00
unexpected-webmail-downloads.sql massive fpr: Rapid7, Elastic, everything 2024-01-26 14:07:37 -05:00
yara-recently-downloaded-miner.sql fpr: MHLink, k3d, BlueFin, query tuning 2024-04-26 16:14:02 -04:00
yara-recently-downloaded-packed.sql Detect recently downloaded files which have been packed 2024-08-26 15:03:25 -04:00
yara-recently-downloaded-ransom.sql fpr: MHLink, k3d, BlueFin, query tuning 2024-04-26 16:14:02 -04:00
yara-recently-downloaded-stealer.sql fpr: MHLink, k3d, BlueFin, query tuning 2024-04-26 16:14:02 -04:00