valitydev/osquery-1
14
0
Fork 0
mirror of https://github.com/valitydev/osquery-1.git synced 2024-11-06 17:45:22 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
5,762 Commits 2 Branches 109 Tags 25 MiB
858915e195
Commit Graph

89 Commits

Author SHA1 Message Date
Stefano Bonicatti
da621067f8
Make the usb_devices pack query available only on posix (#6739) 
The usb_devices table and respective query in the packs/it-compliance.conf pack is posix only.
 2020-10-31 23:33:40 -04:00
Ben Montour
7627af388d
Updated unwanted-chrome-extensions pack (#6720) 
Updating the unwanted-chrome-extensions query pack with three new extensions that were recently compromised and made tech news sites. Extensions have been removed by Google from Chrome Web Store. Since removal from the Chrome Web Store does not remove already installed extensions, this query will allow users of osquery to monitor their endpoints for these malicious extensions.
 2020-10-27 20:09:10 -04:00
ec4n6
523c59b4ed
Add Reptile rootkit to ossec-rootkit pack (#6703) 2020-10-12 21:58:53 -04:00
Teddy Reed
08bcf66ef2
Update documentation to use 'allow list' and 'deny list' diction (#6489) 
Update documentation to use 'allow list' and 'deny list' diction
 2020-06-06 14:32:29 -04:00
Zachary Wasserman
4e1d31c72a
Use 'denylist' instead of 'blacklist' in query scheduling (#6487) 2020-06-05 21:05:59 -04:00
Ivan Tse
5d830021ea
Update unwanted-chrome-extensions.conf queries to include all users (#6265) 2020-02-28 10:18:36 -05:00
Samuel Keeley
3afdb9d553
Add blacklisted column to osquery_schedule query (#6196) 
As added in #4004, this column is very valuable and should be surfaced here.
 2020-01-30 09:20:43 -08:00
Javier Marcos
b126ed21d3 Adding OSX Malware SearchAwesome to osx-attacks (#5713) 2019-08-22 08:55:14 -04:00
divious1
f5645b95b5 detects when a proc is tapping keyboard event (#5345) 
Summary:
added osx-attack query that detects when a proc is tapping keyboard event, see details at:
https://twitter.com/d1vious/status/1083447632188579841
 inspiration:
https://t.co/8SEd2dgP5Y

not sure if a test is needed
Pull Request resolved: https://github.com/facebook/osquery/pull/5345

Differential Revision: D13669678

Pulled By: fmanco

fbshipit-source-id: 57fae7389a4579a817b827e58de94e0aacb581a5
 2019-01-15 06:43:32 -08:00
Javier Marcos
53dc36d735 Adding OSX Dummy malware to osx-attacks query pack (#4668) 2018-07-06 11:06:29 -04:00
Chris Long
8c815f27b5 packs: Adding MacSeach adware to osx-attacks (#4394) 2018-05-16 20:59:17 -07:00
Howard Griffith
78e039fbf0 packs: Adding ColdRoot RAT to osx-attacks detection list (#4377) 2018-05-10 15:14:47 -07:00
Erick Cheng
5e1a92375f packs: Update unwanted-chrome-extensions.conf (#4332) 2018-05-01 16:47:05 -07:00
Chris Long
fa487de584 packs: Updating reverse shell query in osx-attacks (#4255) 2018-05-01 10:37:25 -07:00
Chris Hills
67dd49a680 Fix typos in packs/windows-hardening.conf (#4282) 2018-04-13 11:36:49 -07:00
Erick Cheng
e0d4ab1742 Update osx-attacks.conf (#4218) 2018-04-08 22:05:15 -07:00
Chris Long
e70c043d48 packs: Adding behavioral reverse shell detection to osx-attacks (#4249) 2018-04-02 10:06:38 -07:00
Julien
3c54bf8a11 packs: windows compliance pack based on IAD SAMI (#4156) 2018-03-21 11:45:21 -07:00
Julien
98b7564d91 packs: remove escape - Error parsing the "windows-attacks" pack JSON (#4154) 2018-03-09 08:48:36 -08:00
Julien
1d96ac1f2c packs: adding platform tag incident-response pack (#4155) 2018-02-26 21:06:44 -08:00
Seshu Pasam
0dc59b8d2d Remove duplicate mode column in device_nodes query (#4107) 2018-02-07 10:40:17 -08:00
Doug Wilson
bf0eb6f36f added IOCs to query for OSX_MaMi malware (#4055) 2018-01-12 20:34:31 -05:00
Teddy Reed
e71390ca82
config: Allow scheduled queries to set blacklist=false (#4005) 2017-12-18 08:42:00 -08:00
Chris Long
0bfba4ff74 Adding OSX detection for HiddenLotus (#3982) 2017-12-03 18:45:50 -08:00
Chris Long
93850b69f9 Adding detection for new "Symantec" Proton variant (#3952) 2017-11-21 23:27:04 -08:00
Chris Long
8e10156a1f Creating a windows-hardening pack and moving queries there (#3935) 2017-11-18 09:20:53 -08:00
Nick Anderson
e43cb5f6fb
packs: fixing malformed win attack pack (#3928) 2017-11-15 21:46:48 -08:00
Nick Anderson
da5106f78c
packs: updating query versions in windows attack packs (#3926) 2017-11-14 20:48:21 -08:00
isairamm
4d4a84e370 packs: Query to identify ccleaner malware (#3790) 2017-11-14 20:44:39 -08:00
Chris Long
6fc5916a73 Adding queries to windows-attacks, fix version, nits (#3922) 2017-11-14 16:29:47 -08:00
Chris Long
5c25184c15 packs: Adding a pack for unwanted chrome extensions (#3889) 2017-10-26 08:34:16 -07:00
Tom de Vries
fe98652348 documentation: Fix typos (#3886) 2017-10-26 08:25:44 -07:00
Chris Long
4375495cb4 Detect Proton.C variant detection from Elmedia Player (#3858) 2017-10-20 19:44:15 -07:00
Babatunde Micheal Okutubo
f2cc194f6f Windows attacks query pack (#3754) 2017-10-02 20:11:24 -07:00
maus-
96d9f2693d Updated to scope all users by default (#3736) 2017-09-27 20:00:44 -07:00
Nick Anderson
3d27bfa6c2 packs: fixing backdoored python pack (#3707) 2017-09-16 11:29:26 -07:00
Nick Anderson
777f6e09e7 packs: adding checks for known bad python packages (#3700) 2017-09-15 10:54:21 -07:00
Chris Long
293331e244 Adding detection for osx-mughthesec (#3550) 2017-08-09 16:42:57 -07:00
Chris Long
1c9d6e4394 Updating shell_history in IR pack (#3549) 2017-08-09 15:57:23 -07:00
Chris Long
be1a943616 (#3500) Add Check for Additional Leverage Variant 2017-07-31 10:42:33 -07:00
Chris Long
b913029ee0 Adding osx_fruitfly to osx-attacks (#3493) 2017-07-24 22:00:43 -07:00
Teddy Reed
c26d045a08 packs: Update darwin's preferences table to plist (#3471) 2017-07-17 14:13:34 -07:00
Lambda Conjecture
ebae5785a7 Querypack equivalent of ossec rootkit db (#3377) 2017-06-05 12:28:32 -07:00
Chris Long
54e016c68a Adding EmPyre agent to osx-attacks (#3365) 2017-05-30 16:08:55 -07:00
Teddy Reed
31eb83a1f4 packs: Allow posix in pack platform selection (#3364) 2017-05-29 23:13:59 -07:00
Mitchell Grenier
9d2e5069ef Fix profile.py: Invalid control character at: line 114 (#3335) 2017-05-29 01:49:46 -07:00
Seshu Pasam
0cb7c3cc3e Fix spec file names and added missing version in packs (#3289) 2017-05-20 00:42:17 -07:00
Seshu Pasam
920a4b5194 [Fix 2956] augeas table returns no data. (#3260) 2017-05-11 00:00:34 -07:00
Chris Long
8fa436136d Adding OSX/Proton to osx-attacks.conf (#3261) 2017-05-09 11:45:31 -07:00
Doug Wilson
0feedaf827 Adding Fox-IT IOCs for OSX port of Snake malware (#3243) 2017-05-03 16:00:24 -07:00