valitydev/osquery-1
14
0
Fork 0
mirror of https://github.com/valitydev/osquery-1.git synced 2024-11-08 18:33:54 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
3,776 Commits 2 Branches 109 Tags 25 MiB
57f04c4c49
Commit Graph

47 Commits

Author SHA1 Message Date
Lambda Conjecture
ebae5785a7 Querypack equivalent of ossec rootkit db (#3377) 2017-06-05 12:28:32 -07:00
Chris Long
54e016c68a Adding EmPyre agent to osx-attacks (#3365) 2017-05-30 16:08:55 -07:00
Teddy Reed
31eb83a1f4 packs: Allow posix in pack platform selection (#3364) 2017-05-29 23:13:59 -07:00
Mitchell Grenier
9d2e5069ef Fix profile.py: Invalid control character at: line 114 (#3335) 2017-05-29 01:49:46 -07:00
Seshu Pasam
0cb7c3cc3e Fix spec file names and added missing version in packs (#3289) 2017-05-20 00:42:17 -07:00
Seshu Pasam
920a4b5194 [Fix 2956] augeas table returns no data. (#3260) 2017-05-11 00:00:34 -07:00
Chris Long
8fa436136d Adding OSX/Proton to osx-attacks.conf (#3261) 2017-05-09 11:45:31 -07:00
Doug Wilson
0feedaf827 Adding Fox-IT IOCs for OSX port of Snake malware (#3243) 2017-05-03 16:00:24 -07:00
Javier Marcos
84b1e5c39d Adding signatures for new OS X malware DOK (#3240) 2017-04-30 15:08:07 -07:00
Javier Marcos
88aba5ed18 Updating it-compliance pack with windows queries (#3050) 2017-03-10 12:08:24 -08:00
Javier Marcos
db4d3ae736 Updating pack with new intervals and queries (#3033) 2017-03-03 18:30:59 -08:00
Javier Marcos
ab07bc21f7 Adding Pronto to detection in OSX (#2998) 2017-02-14 09:41:03 -08:00
Javier Marcos
6125d38fc8 Update vulnerability-management pack (#2997) 2017-02-14 09:35:12 -08:00
Chris Long
3b39ae23a6 Updating the interval on osx-attacks to check hourly instead of daily (#2941) 2017-01-26 19:06:37 -08:00
Matt Burdan
6937428a08 Add Quimitchin backdoor IOCs to osx-attacks pack (#2921) 2017-01-19 21:27:55 -08:00
Javier Marcos
6a5f722ab2 add launchd name for OSX_Keydnap (#2899) 2017-01-10 12:40:05 -08:00
Serey Ty
81ddd8a79b fix comma in osx attack pack (#2840) 2016-12-05 15:56:43 -08:00
Serey Ty
2bd9e93f65 Add Xcode ghost IOCs to OS X attacks pack (#2814) 2016-11-30 22:52:52 -08:00
trizt
1cf5ef5a8a Add Gentoo as a build environment and portage tables (#2638) 2016-11-22 14:55:30 -08:00
Teddy Reed
d402a6ad45 Allow configuration JSON to include escaped newlines (#2785) 2016-11-19 15:01:40 -08:00
Teddy Reed
169a73aa03 Remove pattern column from OceanLotus (#2780) 2016-11-18 17:38:17 -08:00
Serey Ty
dc9a445d8d Add ocean lotus (#2777) 2016-11-18 12:03:57 -08:00
Serey Ty
a42a57caea add osx komplex query (#2570) 
add query to detection osx komplex
 2016-09-29 07:25:26 -07:00
Serey Ty
d778ed357f add query to detect Backdoor.OSX.Mokes.a (#2448) 2016-09-07 21:03:01 -07:00
Chris Long
05bab35611 Adding detection query for Java_Adwind Trojan (#2284) 2016-08-03 10:46:14 -07:00
Michael George
f0108ac901 update osx_attacks with Backdoor.MAC.Eleanor with fixes (#2226) 2016-07-07 15:14:27 -07:00
Javier Marcos
43dd75eb59 Adding folder signature for iWorm OSX malware (#2231) 2016-07-07 15:14:01 -07:00
Chris Long
1e9aa1a49c Adding Aobo Keylogger and OSX_Keydnap to osx-attacks (#2230) 2016-07-07 14:04:05 -07:00
Javier Marcos
152602dfdd Adding sip_config table to it-compliance pack (#2131) 2016-06-02 12:22:59 -07:00
Chris Long
9ccbd08330 Adding Elite Keylogger Detection to osx-attacks (#2031) 2016-04-09 13:54:15 -07:00
Serey Ty
198c8ff978 Add detection for OSX Pirrit (#2029) 
See: https://threatpost.com/mac-adware-osx-pirrit-unleashes-ad-overload-for-now/117273/

Someone also wrote a removal for it:
https://github.com/aserper/osx.pirrit_removal/blob/master/remove_pirrit.sh
 2016-04-08 11:29:44 -07:00
Chris Long
de1c630850 Adding wildcards 2016-03-27 00:10:27 -05:00
Chris Long
c9e4f8038d Adding detection for new adware variants to osx-attacks 2016-03-26 10:47:44 -05:00
Javier Marcos
7c18ce9bb0 OSX Keranger detection fix 2016-03-07 09:25:32 -08:00
Javier Marcos
bdd783366d Adding detectiong for OSX Keranger 2016-03-06 16:40:03 -08:00
Sereyvathana Ty
7b772880b7 Added new detection for hacking team 
Detect persistency binary from hacking team (ref: https://reverse.put.as/2016/02/29/the-italian-morons-are-back-what-are-they-up-to-this-time/)
 2016-02-29 23:28:18 -08:00
Teddy Reed
9a54af29ce Bump sqlite to 3.11.0 2016-02-21 22:40:37 -08:00
Teddy Reed
581e2213de Add unauthenticated sparkle feeds query to vuln-mgmt pack 2016-02-01 12:51:36 -08:00
Richard Pickman
2fbe6a48b0 Update osx-attacks.conf 
Make Genieo query use 'like' instead of '='
 2015-12-10 16:01:31 -08:00
Teddy Reed
b7650e5291 Remove passwd_changes and user_data from event callbacks 2015-12-07 17:47:38 -08:00
Teddy Reed
44286eb611 Add hardware/internal (monitoring) packs and reduce FPs, duplicate queries 2015-11-26 16:00:53 -08:00
Sharvil Shah
0604a3dd08 Update wireless_networks in IR pack to use wifi_networks table 2015-11-22 00:44:06 -08:00
Michael George
bd31320cb5 adding genieo query 2015-11-21 14:32:07 -08:00
Mike Arpaia
bad6481375 Update an error in the incident response pack 
#1398
 2015-07-27 11:38:51 -07:00
Teddy Reed
5cd9adae15 [Fix ##1385] Remove com.yourcompany from packs due to high FPs 2015-07-24 01:48:47 -07:00
Teddy Reed
7c330f0bf8 [Fix #1369] Limit IOKit HID events 2015-07-23 11:52:23 -07:00
Javier Marcos
36e550db0b Query packs files 2015-07-17 14:42:05 -07:00