Commit Graph

2554 Commits

Author SHA1 Message Date
Teddy Reed
3004df5a50 Use custom logger for RocksDB 2015-12-15 20:49:33 -08:00
Teddy Reed
2ec5d34291 Bump non-OS X TSK builds to 4.2.0 2015-12-14 23:43:08 -08:00
Teddy Reed
51fd73c449 Assure dropTo can be used safely consecutively 2015-12-14 21:27:00 -08:00
Teddy Reed
fbc8fb92dc Allow --config_dump with watcher 2015-12-14 16:19:37 -08:00
Teddy Reed
48ec36d4dd Merge pull request #1730 from theopolis/fixes
Fixes for various build/sanitize/deps nice-to-haves
2015-12-14 15:38:23 -08:00
Teddy Reed
63d12789b4 Fix regression in file content predicate refactor 2015-12-14 15:24:55 -08:00
Teddy Reed
1636abeed6 Update Fedora to use dnf, RocksDB to 4.1 2015-12-14 15:24:11 -08:00
Teddy Reed
31dfad2515 Fix unhelpful subscriber verbose error for process_file_events 2015-12-14 15:09:52 -08:00
Teddy Reed
2fe800d9b8 Add ASAN blacklists for GFlags and RocksDB 2015-12-14 15:09:46 -08:00
Teddy Reed
e6a474a6f1 Fix Debian os_version detection 2015-12-14 15:09:40 -08:00
Teddy Reed
cfb44fdf09 Fix incorrect size of pointer in device_ tables
Limit max number of device_files to 10k
2015-12-14 15:09:34 -08:00
Teddy Reed
769a723b5c Merge pull request #1728 from theopolis/platform_info
Add platform_info table for UEFI/ROM details
2015-12-12 13:59:55 -08:00
Teddy Reed
92719e7b48 Add OSX platform_info 2015-12-12 03:29:17 -08:00
Teddy Reed
70face8ac2 Add platform_info table for UEFI/ROM details 2015-12-12 01:55:14 -08:00
Teddy Reed
80df157a07 Merge pull request #1727 from theopolis/linux_efi_smbios
Add support for Linux SMBIOS/DMI EFI structure parsing
2015-12-12 00:02:36 -08:00
Teddy Reed
fdfe5f4d3f Add support for Linux SMBIOS/DMI EFI structure parsing 2015-12-11 23:18:04 -08:00
Teddy Reed
62c0d49ccd Merge pull request #1726 from theopolis/forensic_reads
Preserve atime and mtime by default for readFile
2015-12-11 23:09:13 -08:00
Teddy Reed
a99b62a31d Preserve atime and mtime by default for readFile 2015-12-11 22:18:45 -08:00
Teddy Reed
0a7dcbb967 Merge pull request #1719 from jacknagz/osx-config-docs
Resolves #1718: Updated LaunchDaemon and Chef Template
2015-12-11 14:01:58 -08:00
Teddy Reed
166eec8821 Merge pull request #1725 from theopolis/extend_file_events
Extend fields of file_events
2015-12-11 13:35:47 -08:00
Teddy Reed
718ff77864 Extend fields of file_events 2015-12-11 10:26:36 -08:00
Teddy Reed
c6e9f0e321 Merge pull request #1724 from theopolis/faster_hashing
Speed up file hashing
2015-12-11 08:59:06 -08:00
Teddy Reed
4fdc7eb1f1 Merge pull request #1723 from theopolis/file_table_mods
Reorganize file_events into process_file_events
2015-12-11 08:39:42 -08:00
Teddy Reed
98eb6a5055 Reorganize file_events into process_file_events 2015-12-11 00:58:22 -08:00
Teddy Reed
59750ec87d Speed up file hashing 2015-12-11 00:36:16 -08:00
Jack Naglieri
b396972ef7 Resolves #1718: Updated LaunchDaemon and Chef Template 2015-12-10 19:16:29 -08:00
Teddy Reed
1a1b07b5c6 Merge pull request #1716 from theopolis/pack_shards
[#1636] Add simple sharding to packs and pack queries
2015-12-10 17:37:57 -08:00
Teddy Reed
18418f12a6 Merge pull request #1722 from PickmanSec/patch-1
Update osx-attacks.conf
2015-12-10 16:16:47 -08:00
Richard Pickman
2fbe6a48b0 Update osx-attacks.conf
Make Genieo query use 'like' instead of '='
2015-12-10 16:01:31 -08:00
Teddy Reed
a3a7af9ac0 Merge pull request #1721 from lexelby/fix_fim_moves
DRY for inotify event mask (we missed IN_MOVE)
2015-12-10 13:53:48 -08:00
Lex Neva
e9c183d962 DRY for inotify event mask (we missed IN_MOVE) 2015-12-10 16:00:02 -05:00
Teddy Reed
9d394065e3 [#1636] Add simple sharding to packs and pack queries 2015-12-10 10:01:53 -08:00
Teddy Reed
67989b8765 Merge pull request #1717 from theopolis/fix_1714
[Fix #1714] Restore balance to the DOUBLE force
2015-12-09 17:58:07 -08:00
Teddy Reed
675d1d2267 [Fix #1714] Restore balance to the DOUBLE force 2015-12-09 17:28:30 -08:00
Teddy Reed
96f52015e1 Merge pull request #1713 from theopolis/sqlite_3.10
Bump SQLite to the 3.10 draft and enable JSON extensions
2015-12-09 02:07:42 -08:00
Teddy Reed
4129c6b191 Add 'AggStep0' to OpCode type discovery
Closes: #1699
2015-12-09 01:53:40 -08:00
Andrew Dunham
c922b784be Enable "json1" extension
Also bump the version of third-party/ to use latest SQLite
2015-12-09 01:25:25 -08:00
Teddy Reed
7174e98379 Merge pull request #1712 from theopolis/fsevents_canary_path
Add canary path on empty FSEvents subscription set
2015-12-09 01:24:42 -08:00
Teddy Reed
9f79d74c60 Add canary path on empty FSEvents subscription set 2015-12-09 00:14:08 -08:00
Teddy Reed
fe234f8f96 Merge pull request #1711 from theopolis/fix_refresh_config
Fix quick regression with config refresh runner
2015-12-08 16:11:37 -08:00
Teddy Reed
1436d9d73a Fix quick regression with config refresh runner 2015-12-08 15:53:19 -08:00
Teddy Reed
113bcaf4f3 Merge pull request #1710 from theopolis/sentient_config
Remove passwd_changes and user_data from event callbacks
2015-12-08 14:31:32 -08:00
Teddy Reed
309944c586 Configuration triggered publisher reconfiguration 2015-12-08 14:03:35 -08:00
Teddy Reed
6602a59b7d Change EventSubscriber API to include subscription references 2015-12-07 22:22:04 -08:00
Teddy Reed
b7650e5291 Remove passwd_changes and user_data from event callbacks 2015-12-07 17:47:38 -08:00
Teddy Reed
02c2b37a5d Merge pull request #1709 from theopolis/expire_results
[Fix #1694] Expire results for 'old' scheduled queries
2015-12-07 14:01:44 -08:00
Teddy Reed
877c050466 Merge pull request #1708 from theopolis/tsk_more
Additional TSK table: device_hash
2015-12-07 12:23:58 -08:00
Teddy Reed
12716496aa [Fix #1694] Expire results for 'old' scheduled queries 2015-12-07 12:23:43 -08:00
Teddy Reed
b88d6816f3 Additional TSK tables 2015-12-07 08:36:22 -08:00
Teddy Reed
c020bb87b4 Merge pull request #1705 from theopolis/dump
[#1702] Add config and database dumping to stdout
2015-12-06 21:41:31 -08:00