| .. |
|
empty_environ.sql
|
Reorganize paths, tune queries a bit
|
2022-09-09 12:51:52 -04:00 |
|
hidden-cwd.sql
|
More filtering
|
2022-09-16 11:22:50 -04:00 |
|
hidden-parent-pid.sql
|
More tuning, more scripts
|
2022-09-11 15:07:54 -04:00 |
|
high-disk-bytes-written.sql
|
More tuning
|
2022-09-15 09:34:45 -04:00 |
|
high_disk_bytes_read.sql
|
Detect unexpected modules and try our hand at exotic command access
|
2022-09-12 19:22:41 -04:00 |
|
low_start_time_ctime_delta.sql
|
Reorganize paths, tune queries a bit
|
2022-09-09 12:51:52 -04:00 |
|
missing-from-disk-linux.sql
|
Rewrite sketchy events, remove some false positives
|
2022-09-20 08:16:06 -04:00 |
|
missing-from-disk-macos.sql
|
More filtering
|
2022-09-16 11:22:50 -04:00 |
|
name_path_mismatch.sql
|
More tuning
|
2022-09-15 09:34:45 -04:00 |
|
old-binaries-running.sql
|
More false-positive removal
|
2022-09-14 07:54:39 -04:00 |
|
parent-missing-from-disk.sql
|
Rewrite sketchy events, remove some false positives
|
2022-09-20 08:16:06 -04:00 |
|
reverse-shell-socket.sql
|
More tuning
|
2022-09-14 10:51:56 -04:00 |
|
sketchy-cmdline.sql
|
More monday tuning
|
2022-09-12 18:25:18 -04:00 |
|
sketchy-fetcher.sql
|
Rewrite sketchy events, remove some false positives
|
2022-09-20 08:16:06 -04:00 |
|
unexpected-env-values.sql
|
More tuning
|
2022-09-14 10:51:56 -04:00 |
|
unexpected-executable-directory.sql
|
More filtering
|
2022-09-16 11:22:50 -04:00 |
|
unexpected-executable-permissions.sql
|
More filtering
|
2022-09-16 11:22:50 -04:00 |
|
unexpected-privilege-escalation.sql
|
Add more data to privesc, rewrite systemd units
|
2022-09-20 09:47:52 -04:00 |
|
unexpected-privileged-executable.sql
|
Lots of treats for the boys and girls
|
2022-09-13 20:46:04 -04:00 |
|
unexpected-shell-parents.sql
|
Rewrite sketchy events, remove some false positives
|
2022-09-20 08:16:06 -04:00 |
87f5608824