зеркало из https://github.com/mozilla/MozDef.git
Fixed the rest of the imports
This commit is contained in:
Zack Mullaly
Родитель
a9ad0cba12
Коммит
312b8a2ebc
|
|
@ -6,7 +6,7 @@
|
|||
# Copyright (c) 2017 Mozilla Corporation
|
||||
|
||||
from lib.alerttask import AlertTask
|
||||
from query_models import SearchQuery, TermMatch
|
||||
from mozdef_util.query_models import SearchQuery, TermMatch
|
||||
|
||||
|
||||
class AlertAuditdCommands(AlertTask):
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@
|
|||
# Copyright (c) 2017 Mozilla Corporation
|
||||
|
||||
from lib.alerttask import AlertTask
|
||||
from query_models import SearchQuery, TermMatch, PhraseMatch, TermsMatch
|
||||
from mozdef_util.query_models import SearchQuery, TermMatch, PhraseMatch, TermsMatch
|
||||
|
||||
|
||||
class AlertBruteforceSsh(AlertTask):
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@
|
|||
# Copyright (c) 2017 Mozilla Corporation
|
||||
|
||||
from lib.alerttask import AlertTask
|
||||
from query_models import SearchQuery, TermMatch, ExistsMatch, PhraseMatch
|
||||
from mozdef_util.query_models import SearchQuery, TermMatch, ExistsMatch, PhraseMatch
|
||||
|
||||
|
||||
class AlertBugzillaPBruteforce(AlertTask):
|
||||
|
|
|
|||
|
|
@ -7,7 +7,7 @@
|
|||
|
||||
|
||||
from lib.alerttask import AlertTask
|
||||
from query_models import SearchQuery, TermMatch
|
||||
from mozdef_util.query_models import SearchQuery, TermMatch
|
||||
|
||||
|
||||
class AlertCloudtrailDeadman(AlertTask):
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@
|
|||
# Copyright (c) 2017 Mozilla Corporation
|
||||
|
||||
from lib.alerttask import AlertTask
|
||||
from query_models import SearchQuery, TermMatch
|
||||
from mozdef_util.query_models import SearchQuery, TermMatch
|
||||
|
||||
|
||||
class AlertCloudtrailLoggingDisabled(AlertTask):
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@
|
|||
# Copyright (c) 2014 Mozilla Corporation
|
||||
|
||||
from lib.alerttask import AlertTask
|
||||
from query_models import SearchQuery, TermMatch, QueryStringMatch
|
||||
from mozdef_util.query_models import SearchQuery, TermMatch, QueryStringMatch
|
||||
|
||||
|
||||
class AlertConfluenceShellUsage(AlertTask):
|
||||
|
|
|
|||
|
|
@ -9,7 +9,7 @@
|
|||
# to alert on a dead input source.
|
||||
|
||||
from lib.alerttask import AlertTask
|
||||
from query_models import SearchQuery, TermMatch, PhraseMatch
|
||||
from mozdef_util.query_models import SearchQuery, TermMatch, PhraseMatch
|
||||
|
||||
|
||||
class broNSM(AlertTask):
|
||||
|
|
|
|||
|
|
@ -4,7 +4,7 @@
|
|||
# Copyright (c) 2017 Mozilla Corporation
|
||||
|
||||
from lib.alerttask import AlertTask
|
||||
from query_models import SearchQuery, TermMatch, ExistsMatch, PhraseMatch
|
||||
from mozdef_util.query_models import SearchQuery, TermMatch, ExistsMatch, PhraseMatch
|
||||
|
||||
|
||||
class AlertDuoAuthFail(AlertTask):
|
||||
|
|
|
|||
|
|
@ -10,7 +10,7 @@
|
|||
# this case a VPN certificate)
|
||||
|
||||
from lib.alerttask import AlertTask
|
||||
from query_models import SearchQuery, PhraseMatch
|
||||
from mozdef_util.query_models import SearchQuery, PhraseMatch
|
||||
|
||||
|
||||
class AlertDuoFailOpen(AlertTask):
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@
|
|||
# Copyright (c) 2015 Mozilla Corporation
|
||||
|
||||
from lib.alerttask import AlertTask
|
||||
from query_models import SearchQuery, TermMatch
|
||||
from mozdef_util.query_models import SearchQuery, TermMatch
|
||||
|
||||
|
||||
class AlertFeedbackEvents(AlertTask):
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@
|
|||
# Copyright (c) 2017 Mozilla Corporation
|
||||
|
||||
from lib.alerttask import AlertTask
|
||||
from query_models import SearchQuery, TermMatch, PhraseMatch, WildcardMatch
|
||||
from mozdef_util.query_models import SearchQuery, TermMatch, PhraseMatch, WildcardMatch
|
||||
|
||||
|
||||
class AlertAccountCreations(AlertTask):
|
||||
|
|
|
|||
|
|
@ -8,7 +8,7 @@
|
|||
# TODO: Dont use query_models, nicer fixes for AlertTask
|
||||
|
||||
from lib.alerttask import AlertTask
|
||||
from query_models import SearchQuery, TermMatch, QueryStringMatch
|
||||
from mozdef_util.query_models import SearchQuery, TermMatch, QueryStringMatch
|
||||
import hjson
|
||||
import logging
|
||||
import sys
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@
|
|||
# Copyright (c) 2015 Mozilla Corporation
|
||||
|
||||
from lib.alerttask import AlertTask
|
||||
from query_models import SearchQuery, TermMatch
|
||||
from mozdef_util.query_models import SearchQuery, TermMatch
|
||||
|
||||
|
||||
class AlertGeomodel(AlertTask):
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@
|
|||
# Copyright (c) 2017 Mozilla Corporation
|
||||
|
||||
from lib.alerttask import AlertTask
|
||||
from query_models import SearchQuery, TermMatch, ExistsMatch, PhraseMatch
|
||||
from mozdef_util.query_models import SearchQuery, TermMatch, ExistsMatch, PhraseMatch
|
||||
|
||||
|
||||
class AlertHTTPBruteforce(AlertTask):
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@
|
|||
# Copyright (c) 2017 Mozilla Corporation
|
||||
|
||||
from lib.alerttask import AlertTask
|
||||
from query_models import SearchQuery, TermMatch, ExistsMatch, PhraseMatch
|
||||
from mozdef_util.query_models import SearchQuery, TermMatch, ExistsMatch, PhraseMatch
|
||||
|
||||
|
||||
class AlertHTTPErrors(AlertTask):
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@
|
|||
# Copyright (c) 2014 Mozilla Corporation
|
||||
|
||||
from lib.alerttask import AlertTask
|
||||
from query_models import SearchQuery, TermMatch
|
||||
from mozdef_util.query_models import SearchQuery, TermMatch
|
||||
|
||||
|
||||
class ldapAdd(AlertTask):
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@
|
|||
# Copyright (c) 2014 Mozilla Corporation
|
||||
|
||||
from lib.alerttask import AlertTask
|
||||
from query_models import SearchQuery, TermMatch
|
||||
from mozdef_util.query_models import SearchQuery, TermMatch
|
||||
|
||||
|
||||
class ldapDelete(AlertTask):
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@
|
|||
# Copyright (c) 2014 Mozilla Corporation
|
||||
|
||||
from lib.alerttask import AlertTask
|
||||
from query_models import SearchQuery, TermMatch, PhraseMatch
|
||||
from mozdef_util.query_models import SearchQuery, TermMatch, PhraseMatch
|
||||
|
||||
|
||||
class ldapGroupModify(AlertTask):
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@
|
|||
# Copyright (c) 2014 Mozilla Corporation
|
||||
|
||||
from lib.alerttask import AlertTask
|
||||
from query_models import SearchQuery, TermMatch, PhraseMatch
|
||||
from mozdef_util.query_models import SearchQuery, TermMatch, PhraseMatch
|
||||
|
||||
|
||||
class ldapLockout(AlertTask):
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@
|
|||
# Copyright (c) 2014 Mozilla Corporation
|
||||
|
||||
from lib.alerttask import AlertTask
|
||||
from query_models import SearchQuery, TermMatch, ExistsMatch, TermsMatch
|
||||
from mozdef_util.query_models import SearchQuery, TermMatch, ExistsMatch, TermsMatch
|
||||
|
||||
|
||||
class AlertMultipleIntelHits(AlertTask):
|
||||
|
|
|
|||
|
|
@ -9,7 +9,7 @@
|
|||
# which could mean theres something wrong in the event pipeline
|
||||
|
||||
from lib.alerttask import AlertTask
|
||||
from query_models import SearchQuery, LessThanMatch
|
||||
from mozdef_util.query_models import SearchQuery, LessThanMatch
|
||||
|
||||
from datetime import datetime, timedelta
|
||||
from mozdef_util.utilities.toUTC import toUTC
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@
|
|||
# Copyright (c) 2017 Mozilla Corporation
|
||||
|
||||
from lib.alerttask import AlertTask
|
||||
from query_models import SearchQuery, TermMatch, PhraseMatch
|
||||
from mozdef_util.query_models import SearchQuery, TermMatch, PhraseMatch
|
||||
|
||||
|
||||
class AlertOpenPortViolation(AlertTask):
|
||||
|
|
|
|||
|
|
@ -8,7 +8,7 @@
|
|||
# This code alerts on every successfully opened session on any of the host from a given list
|
||||
|
||||
from lib.alerttask import AlertTask
|
||||
from query_models import SearchQuery, TermMatch, QueryStringMatch, PhraseMatch
|
||||
from mozdef_util.query_models import SearchQuery, TermMatch, QueryStringMatch, PhraseMatch
|
||||
|
||||
|
||||
class PromiscAudit(AlertTask):
|
||||
|
|
|
|||
|
|
@ -8,7 +8,7 @@
|
|||
# This code alerts on every successfully opened session on any of the host from a given list
|
||||
|
||||
from lib.alerttask import AlertTask
|
||||
from query_models import SearchQuery, TermMatch, QueryStringMatch, PhraseMatch
|
||||
from mozdef_util.query_models import SearchQuery, TermMatch, QueryStringMatch, PhraseMatch
|
||||
|
||||
|
||||
class PromiscKernel(AlertTask):
|
||||
|
|
|
|||
|
|
@ -7,7 +7,7 @@
|
|||
|
||||
|
||||
from lib.alerttask import AlertTask
|
||||
from query_models import QueryStringMatch, SearchQuery, TermMatch
|
||||
from mozdef_util.query_models import QueryStringMatch, SearchQuery, TermMatch
|
||||
|
||||
|
||||
class AlertProxyDropExecutable(AlertTask):
|
||||
|
|
|
|||
|
|
@ -7,7 +7,7 @@
|
|||
|
||||
|
||||
from lib.alerttask import AlertTask
|
||||
from query_models import QueryStringMatch, SearchQuery, TermMatch
|
||||
from mozdef_util.query_models import QueryStringMatch, SearchQuery, TermMatch
|
||||
|
||||
|
||||
class AlertProxyDropNonStandardPort(AlertTask):
|
||||
|
|
|
|||
|
|
@ -9,7 +9,7 @@
|
|||
|
||||
import datetime
|
||||
from lib.alerttask import AlertTask
|
||||
from query_models import SearchQuery, TermMatch, PhraseMatch, QueryStringMatch, RangeMatch
|
||||
from mozdef_util.query_models import SearchQuery, TermMatch, PhraseMatch, QueryStringMatch, RangeMatch
|
||||
|
||||
|
||||
class SessionOpenedUser(AlertTask):
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@
|
|||
# Copyright (c) 2017 Mozilla Corporation
|
||||
|
||||
from lib.alerttask import AlertTask
|
||||
from query_models import SearchQuery, TermMatch
|
||||
from mozdef_util.query_models import SearchQuery, TermMatch
|
||||
|
||||
|
||||
class AlertSQSQueuesDeadman(AlertTask):
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@
|
|||
# Copyright (c) 2017 Mozilla Corporation
|
||||
|
||||
from lib.alerttask import AlertTask
|
||||
from query_models import SearchQuery, TermMatch, PhraseMatch, QueryStringMatch
|
||||
from mozdef_util.query_models import SearchQuery, TermMatch, PhraseMatch, QueryStringMatch
|
||||
import re
|
||||
import json
|
||||
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@
|
|||
# Copyright (c) 2017 Mozilla Corporation
|
||||
|
||||
from lib.alerttask import AlertTask
|
||||
from query_models import SearchQuery, TermMatch, ExistsMatch, PhraseMatch
|
||||
from mozdef_util.query_models import SearchQuery, TermMatch, ExistsMatch, PhraseMatch
|
||||
|
||||
|
||||
class AlertSSHManyConns(AlertTask):
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@
|
|||
# Copyright (c) 2015 Mozilla Corporation
|
||||
|
||||
from lib.alerttask import AlertTask
|
||||
from query_models import SearchQuery, TermMatch
|
||||
from mozdef_util.query_models import SearchQuery, TermMatch
|
||||
|
||||
|
||||
class AlertSSHIOC(AlertTask):
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@
|
|||
# Copyright (c) 2017 Mozilla Corporation
|
||||
|
||||
from lib.alerttask import AlertTask
|
||||
from query_models import SearchQuery, TermMatch
|
||||
from mozdef_util.query_models import SearchQuery, TermMatch
|
||||
import re
|
||||
|
||||
# This alert consumes data produced by the MIG sshkey module and mig-runner.
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@
|
|||
# Copyright (c) 2017 Mozilla Corporation
|
||||
|
||||
from lib.alerttask import AlertTask
|
||||
from query_models import SearchQuery, TermMatch, QueryStringMatch, PhraseMatch
|
||||
from mozdef_util.query_models import SearchQuery, TermMatch, QueryStringMatch, PhraseMatch
|
||||
import json
|
||||
import sys
|
||||
import re
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@
|
|||
# Copyright (c) 2017 Mozilla Corporation
|
||||
|
||||
from lib.alerttask import AlertTask
|
||||
from query_models import SearchQuery, TermMatch, PhraseMatch
|
||||
from mozdef_util.query_models import SearchQuery, TermMatch, PhraseMatch
|
||||
|
||||
|
||||
class AlertSSHPasswordAuthViolation(AlertTask):
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@
|
|||
# Copyright (c) 2014 Mozilla Corporation
|
||||
|
||||
from lib.alerttask import AlertTask
|
||||
from query_models import SearchQuery, TermMatch, ExistsMatch
|
||||
from mozdef_util.query_models import SearchQuery, TermMatch, ExistsMatch
|
||||
|
||||
|
||||
class AlertSSLBlacklistHit(AlertTask):
|
||||
|
|
|
|||
|
|
@ -8,7 +8,7 @@
|
|||
# This code alerts on every successfully opened session on any of the host from a given list
|
||||
|
||||
from lib.alerttask import AlertTask
|
||||
from query_models import SearchQuery, TermMatch, QueryStringMatch, PhraseMatch
|
||||
from mozdef_util.query_models import SearchQuery, TermMatch, QueryStringMatch, PhraseMatch
|
||||
|
||||
|
||||
class TraceAudit(AlertTask):
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@
|
|||
# Copyright (c) 2015 Mozilla Corporation
|
||||
|
||||
from lib.alerttask import AlertTask
|
||||
from query_models import SearchQuery, TermMatch, QueryStringMatch, PhraseMatch
|
||||
from mozdef_util.query_models import SearchQuery, TermMatch, QueryStringMatch, PhraseMatch
|
||||
import re
|
||||
from configlib import getConfig, OptionParser
|
||||
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@
|
|||
# Copyright (c) 2014 Mozilla Corporation
|
||||
|
||||
from lib.alerttask import AlertTask
|
||||
from query_models import SearchQuery, TermMatch, PhraseMatch
|
||||
from mozdef_util.query_models import SearchQuery, TermMatch, PhraseMatch
|
||||
|
||||
|
||||
class AlertManyVPNDuoAuthFailures(AlertTask):
|
||||
|
|
|
|||
|
|
@ -8,7 +8,7 @@
|
|||
# This code alerts on every successfully opened session on any of the host from a given list
|
||||
|
||||
from lib.alerttask import AlertTask
|
||||
from query_models import SearchQuery, TermMatch, QueryStringMatch, PhraseMatch
|
||||
from mozdef_util.query_models import SearchQuery, TermMatch, QueryStringMatch, PhraseMatch
|
||||
|
||||
|
||||
class WriteAudit(AlertTask):
|
||||
|
|
|
|||
|
|
@ -0,0 +1,43 @@
|
|||
alerts/auditd_commands.py:from query_models import SearchQuery, TermMatch
|
||||
alerts/auditd_sftp.py:from query_models import SearchQuery, TermMatch, PhraseMatch
|
||||
alerts/bruteforce_ssh.py:from query_models import SearchQuery, TermMatch, PhraseMatch, TermsMatch
|
||||
alerts/bugzilla_auth_bruteforce.py:from query_models import SearchQuery, TermMatch, ExistsMatch, PhraseMatch
|
||||
alerts/cloudtrail_deadman.py:from query_models import SearchQuery, TermMatch
|
||||
alerts/cloudtrail_logging_disabled.py:from query_models import SearchQuery, TermMatch
|
||||
alerts/confluence_shell.py:from query_models import SearchQuery, TermMatch, QueryStringMatch
|
||||
alerts/deadman.py:from query_models import SearchQuery, TermMatch, PhraseMatch
|
||||
alerts/duo_authfail.py:from query_models import SearchQuery, TermMatch, ExistsMatch, PhraseMatch
|
||||
alerts/duo_fail_open.py:from query_models import SearchQuery, PhraseMatch
|
||||
alerts/feedback_events.py:from query_models import SearchQuery, TermMatch
|
||||
alerts/fxa_alerts.py:from query_models import SearchQuery, TermMatch, PhraseMatch, WildcardMatch
|
||||
alerts/generic_alert_loader.py:from query_models import SearchQuery, TermMatch, QueryStringMatch
|
||||
alerts/geomodel.py:from query_models import SearchQuery, TermMatch
|
||||
alerts/honeycomb.py:from query_models import SearchQuery, TermMatch
|
||||
alerts/http_auth_bruteforce.py:from query_models import SearchQuery, TermMatch, ExistsMatch, PhraseMatch
|
||||
alerts/http_errors.py:from query_models import SearchQuery, TermMatch, ExistsMatch, PhraseMatch
|
||||
alerts/ldap_add.py:from query_models import SearchQuery, TermMatch
|
||||
alerts/ldap_delete.py:from query_models import SearchQuery, TermMatch
|
||||
alerts/ldap_group.py:from query_models import SearchQuery, TermMatch, PhraseMatch
|
||||
alerts/ldap_lockout.py:from query_models import SearchQuery, TermMatch, PhraseMatch
|
||||
alerts/multiple_intel_hits.py:from query_models import SearchQuery, TermMatch, ExistsMatch, TermsMatch
|
||||
alerts/old_events.py:from query_models import SearchQuery, LessThanMatch
|
||||
alerts/open_port_violation.py:from query_models import SearchQuery, TermMatch, PhraseMatch
|
||||
alerts/promisc_audit.py:from query_models import SearchQuery, TermMatch, QueryStringMatch, PhraseMatch
|
||||
alerts/promisc_kernel.py:from query_models import SearchQuery, TermMatch, QueryStringMatch, PhraseMatch
|
||||
alerts/proxy_drop_executable.py:from query_models import QueryStringMatch, SearchQuery, TermMatch
|
||||
alerts/proxy_drop_non_standard_port.py:from query_models import QueryStringMatch, SearchQuery, TermMatch
|
||||
alerts/session_opened_sensitive_user.py:from query_models import SearchQuery, TermMatch, PhraseMatch, QueryStringMatch, RangeMatch
|
||||
alerts/sqs_queues_deadman.py:from query_models import SearchQuery, TermMatch
|
||||
alerts/ssh_access_signreleng.py:from query_models import SearchQuery, TermMatch, PhraseMatch, QueryStringMatch
|
||||
alerts/ssh_bruteforce_bro.py:from query_models import SearchQuery, TermMatch, ExistsMatch, PhraseMatch
|
||||
alerts/ssh_ioc.py:from query_models import SearchQuery, TermMatch
|
||||
alerts/ssh_key.py:from query_models import SearchQuery, TermMatch
|
||||
alerts/ssh_lateral.py:from query_models import SearchQuery, TermMatch, QueryStringMatch, PhraseMatch
|
||||
alerts/ssh_password_auth_violation.py:from query_models import SearchQuery, TermMatch, PhraseMatch
|
||||
alerts/ssl_blacklist_hit.py:from query_models import SearchQuery, TermMatch, ExistsMatch
|
||||
alerts/trace_audit.py:from query_models import SearchQuery, TermMatch, QueryStringMatch, PhraseMatch
|
||||
alerts/unauth_ssh.py:from query_models import SearchQuery, TermMatch, QueryStringMatch, PhraseMatch
|
||||
alerts/vpn_duo_auth_failures.py:from query_models import SearchQuery, TermMatch, PhraseMatch
|
||||
alerts/write_audit.py:from query_models import SearchQuery, TermMatch, QueryStringMatch, PhraseMatch
|
||||
mozdef_util/build/lib/mozdef_util/elasticsearch_client.py:from query_models import SearchQuery, TermMatch, AggregatedResults, SimpleResults
|
||||
mozdef_util/mozdef_util/elasticsearch_client.py:from query_models import SearchQuery, TermMatch, AggregatedResults, SimpleResults
|
||||
|
|
@ -23,8 +23,6 @@ def utc_timezone():
|
|||
|
||||
tzlocal.get_localzone = utc_timezone
|
||||
|
||||
|
||||
|
||||
class TestToUTC():
|
||||
|
||||
def result_is_datetime(self, result):
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче