RepoMirrors
/
osquery-defense-kit
mirror of https://github.com/chainguard-dev/osquery-defense-kit
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
osquery-defense-kit/detection
History
Thomas Stromberg e13773d9b7
Add fish & bash to parent missing disk exclusions 		2023-01-20 09:08:45 -05:00
..
c2 Add missing comma 2023-01-20 09:06:21 -05:00
collection False positives: apt-daily, github runner, Slack helper, Foxit, syncthing 2023-01-19 11:52:31 -05:00
credentials FPR: Meta Pixel Helper, systemctl, pia-daemon, 1Passwd, iTerm, Brave 2023-01-20 09:04:00 -05:00
discovery Less false positives: particularly among systemctl calls 2023-01-20 08:40:08 -05:00
evasion Add fish & bash to parent missing disk exclusions 2023-01-20 09:08:45 -05:00
execution FPR: Meta Pixel Helper, systemctl, pia-daemon, 1Passwd, iTerm, Brave 2023-01-20 09:04:00 -05:00
exfil FP removal: Selenium, PolKit helper, gephi, docker-credential-gcloud, firejail, etc 2023-01-16 12:56:39 -05:00
impact Filter out new false positives 2023-01-13 15:24:18 -05:00
initial_access FPR: Meta Pixel Helper, systemctl, pia-daemon, 1Passwd, iTerm, Brave 2023-01-20 09:04:00 -05:00
persistence FPR: Meta Pixel Helper, systemctl, pia-daemon, 1Passwd, iTerm, Brave 2023-01-20 09:04:00 -05:00
privesc False positives: homekit, setxid overflows, buildx, tmp files 2023-01-18 10:57:43 -05:00