RepoMirrors/osquery-defense-kit
1
0
Fork 0
mirror of https://github.com/chainguard-dev/osquery-defense-kit synced 2025-01-26 07:13:05 +00:00
Code Issues Packages Projects Releases Wiki Activity
877b2c495b
osquery-defense-kit/detection/persistence
History
Thomas Stromberg 310e51d2a2
fpr: Capture One, Grammarly, Mullvad, etc
2023-12-08 17:12:27 -05:00
..
fake-apple-launchd.sql Run make reformat, update max rows for incident response 2023-02-02 17:58:19 -05:00
listening-from-unusual-location.sql Add detector for listening from an unusual location 2023-09-26 13:12:51 -04:00
low-fd-socket.sql fpr: Velociraptor, nessus, kandji, java, SteelSeries, etc 2023-07-12 17:38:26 -04:00
minimal-socket-client-linux.sql fpr: docker, fish, Stream Deck, rsync, lima, macOS 2023-09-26 15:14:38 -04:00
minimal-socket-client-macos.sql fpr: Capture One, Grammarly, Mullvad, etc 2023-12-08 17:12:27 -05:00
unexpected-active-systemd-units.sql fpr: Capture One, Grammarly, Mullvad, etc 2023-12-08 17:12:27 -05:00
unexpected-chrome-extensions.sql fpr: Capture One, Grammarly, Mullvad, etc 2023-12-08 17:12:27 -05:00
unexpected-cron-entries.sql fpr: mtr, vscode, cpptools, cron, firefox 2023-10-25 09:18:04 -04:00
unexpected-device.sql fpr: Capture One, Grammarly, Mullvad, etc 2023-12-08 17:12:27 -05:00
unexpected-global-lock.sql Fix errors 2023-08-15 18:29:27 -04:00
unexpected-launchd-program-arguments.sql fpr: Capture One, Grammarly, Mullvad, etc 2023-12-08 17:12:27 -05:00
unexpected-launchd-program-macos.sql fpr: aws, java, arch, cody, google, wireshark, etc 2023-10-31 11:40:10 -04:00
unexpected-listening-port-linux.sql Reduce false positives on Ubuntu + Lima 2023-09-26 13:09:22 -04:00
unexpected-listening-port-macos.sql fpr: Capture One, Grammarly, Mullvad, etc 2023-12-08 17:12:27 -05:00
unexpected-lock-opener.sql fpr: Velociraptor, Hyprland, iio 2023-07-12 15:00:36 -04:00
unexpected-small-udev-entry-linux.sql fpr: aws, java, arch, cody, google, wireshark, etc 2023-10-31 11:40:10 -04:00
unexpected-ssh-authorized-keys.sql make reformat 2023-05-08 13:20:47 -04:00
unexpected-systemctl-calls-linux.sql Add many exceptions 2023-08-15 18:13:06 -04:00
unexpected-uid0-daemon-linux.sql fpr: aws, java, arch, cody, google, wireshark, etc 2023-10-31 11:40:10 -04:00
unexpected-uid0-daemon-macos.sql fpr: Capture One, Grammarly, Mullvad, etc 2023-12-08 17:12:27 -05:00
yara-libtomcrypt-process.sql Optimize YARA process queries by deduping paths 2023-11-02 09:53:26 -04:00
yara-suspicious-strings-process-linux.sql Optimize YARA process queries by deduping paths 2023-11-02 09:53:26 -04:00