Merge remote-tracking branch 'origin/master' into add_feedback_event

2018-02-14 13:34:14 -06:00 · 2018-02-14 13:34:14 -06:00 · f465ccf120
--- a/27
+++ b/27
@ -3,11 +3,6 @@
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 # Copyright (c) 2014 Mozilla Corporation
 #
-# Contributors:
-# 2xyo <yohann@lepage.info>
-# Yohann Lepage yohann@lepage.info
-# Anthony Verez averez@mozilla.com
-# Brandon Myers bmyers@mozilla.com

 # usage:
 # make single-build - build new single image from Dockerfile
@ -17,12 +12,18 @@
 # make single-stop - stop a single instance of MozDef
 # make single-rebuild - build, stop and run a new single instance of MozDef
 # make multiple-build - build new mozdef environment in multiple containers
+# make multiple-build-tests - build new mozdef environment for tests in multiple containers
 # make multiple-build-no-cache - build new mozdef environment in multiple containers from scratch
 # make multiple-run - run new mozdef environment in multiple containers
+# make multiple-run-tests - run new mozdef environment for tests in multiple containers
 # make multiple-stop - stop new mozdef environment in multiple containers
+# make multiple-stop-tests - stop new mozdef environment for tests in multiple containers
 # make multiple-rm - stop new mozdef environment in multiple containers and deattach volumes
+# make multiple-rm-tests - stop new mozdef tests environment in multiple containers and deattach volumes
 # make multiple-rebuild - build, stop and run new mozdef environment in multiple containers
 # make multiple-rebuild-new - build, stop/rm and run new mozdef environment in multiple containers
+# make multiple-rebuild-tests - build, stop/rm and run new mozdef environment for tests in multiple containers
+# make multiple-rebuild-tests-new - build, stop/rm and run new mozdef environment for tests in multiple containers

 NAME=mozdef
 VERSION=0.1
@ -76,20 +77,36 @@ single-rebuild: single-build single-stop single-run
 multiple-run:
 	docker-compose -f docker/compose/docker-compose.yml -p $(NAME) up -d

+multiple-run-tests:
+	docker-compose -f docker/compose/docker-compose-tests.yml -p $(NAME) up -d --remove-orphans
+
 multiple-build:
 	docker-compose -f docker/compose/docker-compose.yml -p $(NAME) build

+multiple-build-tests:
+	docker-compose -f docker/compose/docker-compose-tests.yml -p $(NAME) build
+
 multiple-build-no-cache:
 	docker-compose -f docker/compose/docker-compose.yml -p $(NAME) build --no-cache

 multiple-stop:
 	-docker-compose -f docker/compose/docker-compose.yml -p $(NAME) stop

+multiple-stop-tests:
+	-docker-compose -f docker/compose/docker-compose-tests.yml -p $(NAME) stop
+
 multiple-rm:
 	-docker-compose -f docker/compose/docker-compose.yml -p $(NAME) down -v --remove-orphans

+multiple-rm-tests:
+	-docker-compose -f docker/compose/docker-compose-tests.yml -p $(NAME) down -v --remove-orphans
+
 multiple-rebuild: multiple-build multiple-stop multiple-run

 multiple-rebuild-new: multiple-build multiple-rm multiple-run

+multiple-rebuild-tests: multiple-build-tests multiple-stop-tests multiple-run-tests
+
+multiple-rebuild-tests-new: multiple-build-tests multiple-rm-tests multiple-run-tests
+
 .PHONY: multiple-build multiple-run multiple-stop multiple-rebuild
--- a/README.md
+++ b/README.md
@ -1,18 +1,15 @@
 [![Build Status](https://travis-ci.org/mozilla/MozDef.svg?branch=master)](https://travis-ci.org/mozilla/MozDef)
 [![Documentation Status](https://readthedocs.org/projects/mozdef/badge/?version=latest)](http://mozdef.readthedocs.io/en/latest/?badge=latest)

-MozDef: The Mozilla Defense Platform
-=====================================
+# MozDef: The Mozilla Defense Platform

-Why?
----
+## Why?

 The inspiration for MozDef comes from the large arsenal of tools available to attackers. Suites like metasploit, armitage, lair, dradis and others are readily available to help attackers coordinate, share intelligence and finely tune their attacks in real time. Defenders are usually limited to wikis, ticketing systems and manual tracking databases attached to the end of a Security Information Event Management (SIEM) system.

 The Mozilla Defense Platform (MozDef) seeks to automate the security incident handling process and facilitate the real-time activities of incident handlers.

-Goals:
------
+## Goals:

 * Provide a platform for use by defenders to rapidly discover and respond to security incidents.
 * Automate interfaces to other systems like bunker, banhammer, mig
@ -21,10 +18,10 @@ Goals:
 * Facilitate repeatable, predictable processes for incident handling
 * Go beyond traditional SIEM systems in automating incident handling, information sharing, workflow, metrics and response automation

-Status:
--------
+## Status:
+
 MozDef is in production at Mozilla where we are using it to process over 300 million events per day.

-DOCS:
-----
+## DOCS:
+
 http://mozdef.readthedocs.org/en/latest/
--- a/alerts/alert_worker.py
+++ b/alerts/alert_worker.py
@ -5,10 +5,6 @@
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 # Copyright (c) 2014 Mozilla Corporation
 #
-# Contributors:
-# Jeff Bryner jbryner@mozilla.com
-# Brandon Myers bmyers@mozilla.com
-#
 # Alert Worker to listen for alerts and call python plugins
 # for user-controlled reaction to alerts.

--- a/alerts/amo_failed_logins.py
+++ b/alerts/amo_failed_logins.py
@ -4,9 +4,6 @@
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 # Copyright (c) 2014 Mozilla Corporation
-#
-# Contributors:
-# Anthony Verez averez@mozilla.com

 from lib.alerttask import AlertTask
 from query_models import SearchQuery, TermMatch, ExistsMatch, PhraseMatch
--- a/alerts/auditd_sftp.py
+++ b/alerts/auditd_sftp.py
@ -4,13 +4,6 @@
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 # Copyright (c) 2014 Mozilla Corporation
-#
-# Contributors:
-# Anthony Verez averez@mozilla.com
-# Jeff Bryner jbryner@mozilla.com
-# Aaron Meihm ameihm@mozilla.com
-# Michal Purzynski <mpurzynski@mozilla.com>
-# Alicia Smith <asmith@mozilla.com>

 from lib.alerttask import AlertTask
 from query_models import SearchQuery, TermMatch, PhraseMatch
--- a/alerts/bruteforce_ssh.py
+++ b/alerts/bruteforce_ssh.py
@ -4,11 +4,6 @@
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 # Copyright (c) 2017 Mozilla Corporation
-#
-# Contributors:
-# Anthony Verez averez@mozilla.com
-# Jeff Bryner jbryner@mozilla.com
-# Brandon Myers bmyers@mozilla.com

 from lib.alerttask import AlertTask
 from query_models import SearchQuery, TermMatch, PhraseMatch, TermsMatch
--- a/alerts/bugzilla_auth_bruteforce.py
+++ b/alerts/bugzilla_auth_bruteforce.py
@ -4,10 +4,6 @@
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 # Copyright (c) 2017 Mozilla Corporation
-#
-# Contributors:
-# Michal Purzynski michal@mozilla.com
-# Brandon Myers bmyers@mozilla.com

 from lib.alerttask import AlertTask
 from query_models import SearchQuery, TermMatch, ExistsMatch, PhraseMatch
--- a/alerts/cloudtrail_deadman.py
+++ b/alerts/cloudtrail_deadman.py
@ -4,9 +4,6 @@
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 # Copyright (c) 2017 Mozilla Corporation
-#
-# Contributors:
-# Brandon Myers bmyers@mozilla.com


 from lib.alerttask import AlertTask
--- a/alerts/cloudtrail_logging_disabled.py
+++ b/alerts/cloudtrail_logging_disabled.py
@ -4,9 +4,6 @@
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 # Copyright (c) 2017 Mozilla Corporation
-#
-# Contributors:
-# Brandon Myers bmyers@mozilla.com

 from lib.alerttask import AlertTask
 from query_models import SearchQuery, TermMatch
@ -18,10 +15,10 @@ class AlertCloudtrailLoggingDisabled(AlertTask):

        search_query.add_must([
            TermMatch('_type', 'cloudtrail'),
-            TermMatch('details.eventname', 'StopLogging'),
+            TermMatch('eventName', 'StopLogging'),
        ])

-        search_query.add_must_not(TermMatch('details.errorcode', 'AccessDenied'))
+        search_query.add_must_not(TermMatch('errorCode', 'AccessDenied'))

        self.filtersManual(search_query)
        self.searchEventsSimple()
@ -32,6 +29,6 @@ class AlertCloudtrailLoggingDisabled(AlertTask):
        tags = ['cloudtrail', 'aws', 'cloudtrailpagerduty']
        severity = 'CRITICAL'

-        summary = 'Cloudtrail Logging Disabled: ' + event['_source']['details']['requestparameters']['name']
+        summary = 'Cloudtrail Logging Disabled: ' + event['_source']['requestParameters']['name']

        return self.createAlertDict(summary, category, tags, [event], severity)
--- a/alerts/confluence_shell.py
+++ b/alerts/confluence_shell.py
@ -4,9 +4,6 @@
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 # Copyright (c) 2014 Mozilla Corporation
-#
-# Contributors:
-# Jonathan Claudius jclaudius@mozilla.com

 from lib.alerttask import AlertTask
 from query_models import SearchQuery, TermMatch, QueryStringMatch
--- a/alerts/correlated_alerts.py
+++ b/alerts/correlated_alerts.py
@ -4,10 +4,6 @@
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 # Copyright (c) 2017 Mozilla Corporation
-#
-# Contributors:
-# Michal Purzynski michal@mozilla.com
-# Brandon Myers bmyers@mozilla.com

 from lib.alerttask import AlertTask
 from query_models import SearchQuery, TermMatch, ExistsMatch, PhraseMatch
--- a/alerts/deadman.py
+++ b/alerts/deadman.py
@ -5,10 +5,6 @@
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 # Copyright (c) 2017 Mozilla Corporation
 #
-# Contributors:
-# Jeff Bryner jbryner@mozilla.com
-# Brandon Myers bmyers@mozilla.com
-#
 # a collection of alerts looking for the lack of events
 # to alert on a dead input source.

--- a/alerts/duo_authfail.py
+++ b/alerts/duo_authfail.py
@ -2,14 +2,6 @@
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 # Copyright (c) 2017 Mozilla Corporation
-#
-# Contributors:
-# Anthony Verez averez@mozilla.com
-# Jeff Bryner jbryner@mozilla.com
-# Aaron Meihm ameihm@mozilla.com
-# Michal Purzynski <mpurzynski@mozilla.com>
-# Alicia Smith <asmith@mozilla.com>
-# Brandon Myers bmyers@mozilla.com

 from lib.alerttask import AlertTask
 from query_models import SearchQuery, TermMatch, ExistsMatch, PhraseMatch
--- a/alerts/duo_fail_open.py
+++ b/alerts/duo_fail_open.py
@ -5,9 +5,6 @@
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 # Copyright (c) 2014 Mozilla Corporation
 #
-# Contributors:
-# kang@mozilla.com
-#
 # This script alerts when openvpn's duo security failed to contact the duo server and let the user in.
 # This is a very serious warning that must be acted upon as it means MFA failed and only one factor was validated (in
 # this case a VPN certificate)
--- a/alerts/fxa_alerts.py
+++ b/alerts/fxa_alerts.py
@ -4,10 +4,6 @@
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 # Copyright (c) 2017 Mozilla Corporation
-#
-# Contributors:
-# Jeff Bryner jbryner@mozilla.com
-# Brandon Myers bmyers@mozilla.com

 from lib.alerttask import AlertTask
 from query_models import SearchQuery, TermMatch, PhraseMatch, WildcardMatch
--- a/alerts/generic_alert_loader.py
+++ b/alerts/generic_alert_loader.py
@ -4,10 +4,6 @@
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 # Copyright (c) 2017 Mozilla Corporation
-#
-# Contributors:
-# kang@mozilla.com
-# bmyers@mozilla.com

 # TODO: Dont use query_models, nicer fixes for AlertTask

--- a/alerts/geomodel.py
+++ b/alerts/geomodel.py
@ -4,10 +4,6 @@
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 # Copyright (c) 2015 Mozilla Corporation
-#
-# Contributors:
-# Aaron Meihm <ameihm@mozilla.com>
-# Brandon Myers <bmyers@mozilla.com>

 from lib.alerttask import AlertTask
 from query_models import SearchQuery, TermMatch
--- a/alerts/host_scanner_alerts.py
+++ b/alerts/host_scanner_alerts.py
@ -4,10 +4,6 @@
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 # Copyright (c) 2014 Mozilla Corporation
-#
-# Contributors:
-# Anthony Verez averez@mozilla.com
-# Jeff Bryner jbryner@mozilla.com

 from lib.alerttask import AlertTask
 from query_models import SearchQuery, TermMatch, ExistsMatch, PhraseMatch
--- a/alerts/http_auth_bruteforce.py
+++ b/alerts/http_auth_bruteforce.py
@ -4,10 +4,6 @@
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 # Copyright (c) 2017 Mozilla Corporation
-#
-# Contributors:
-# Michal Purzynski michal@mozilla.com
-# Brandon Myers bmyers@mozilla.com

 from lib.alerttask import AlertTask
 from query_models import SearchQuery, TermMatch, ExistsMatch, PhraseMatch
--- a/alerts/http_errors.py
+++ b/alerts/http_errors.py
@ -4,10 +4,6 @@
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 # Copyright (c) 2017 Mozilla Corporation
-#
-# Contributors:
-# Michal Purzynski michal@mozilla.com
-# Brandon Myers bmyers@mozilla.com

 from lib.alerttask import AlertTask
 from query_models import SearchQuery, TermMatch, ExistsMatch, PhraseMatch
--- a/alerts/ldap_add.py
+++ b/alerts/ldap_add.py
@ -4,9 +4,6 @@
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 # Copyright (c) 2014 Mozilla Corporation
-#
-# Contributors:
-# Jeff Bryner jbryner@mozilla.com

 from lib.alerttask import AlertTask
 from query_models import SearchQuery, TermMatch
--- a/alerts/ldap_delete.py
+++ b/alerts/ldap_delete.py
@ -4,9 +4,6 @@
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 # Copyright (c) 2014 Mozilla Corporation
-#
-# Contributors:
-# Jeff Bryner jbryner@mozilla.com

 from lib.alerttask import AlertTask
 from query_models import SearchQuery, TermMatch
--- a/alerts/ldap_group.py
+++ b/alerts/ldap_group.py
@ -4,9 +4,6 @@
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 # Copyright (c) 2014 Mozilla Corporation
-#
-# Contributors:
-# Jeff Bryner jbryner@mozilla.com

 from lib.alerttask import AlertTask
 from query_models import SearchQuery, TermMatch, PhraseMatch
--- a/alerts/ldap_lockout.py
+++ b/alerts/ldap_lockout.py
@ -4,9 +4,6 @@
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 # Copyright (c) 2014 Mozilla Corporation
-#
-# Contributors:
-# Jeff Bryner jbryner@mozilla.com

 from lib.alerttask import AlertTask
 from query_models import SearchQuery, TermMatch, PhraseMatch
--- a/alerts/lib/alert_plugin_set.py
+++ b/alerts/lib/alert_plugin_set.py
@ -10,7 +10,7 @@ class AlertPluginSet(PluginSet):

    def send_message_to_plugin(self, plugin_class, message, metadata=None):
        if 'utctimestamp' in message and 'summary' in message:
-            message_log_str = '{0} received message: ({1}) {2}'.format(plugin_class.__module__, message['utctimestamp'], message['summary'])
+            message_log_str = u'{0} received message: ({1}) {2}'.format(plugin_class.__module__, message['utctimestamp'], message['summary'])
            logger.info(message_log_str)

        return plugin_class.onMessage(message), metadata
--- a/alerts/lib/alerttask.py
+++ b/alerts/lib/alerttask.py
@ -4,11 +4,6 @@
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 # Copyright (c) 2017 Mozilla Corporation
-#
-# Contributors:
-# Anthony Verez averez@mozilla.com
-# Jeff Bryner jbryner@mozilla.com
-# Brandon Myers bmyers@mozilla.com

 import collections
 import json
@ -26,7 +21,7 @@ from config import RABBITMQ, ES
 sys.path.append(os.path.join(os.path.dirname(__file__), "../../lib"))
 from utilities.toUTC import toUTC
 from elasticsearch_client import ElasticsearchClient
-from query_models import TermMatch
+from query_models import TermMatch, ExistsMatch


 # utility functions used by AlertTask.mostCommon
@ -258,6 +253,13 @@ class AlertTask(Task):
        relative to the _source that's returned from elastic search.
        ex: details.sourceipaddress
        """
+
+        # We automatically add the key that we're matching on
+        # for aggregation, as a query requirement
+        aggreg_key_exists = ExistsMatch(aggregationPath)
+        if aggreg_key_exists not in self.main_query.must:
+            self.main_query.add_must(aggreg_key_exists)
+
        try:
            esresults = self.main_query.execute(self.es, indices=self.event_indices)
            results = esresults['hits']
--- a/alerts/lib/config.py
+++ b/alerts/lib/config.py
@ -4,10 +4,6 @@
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 # Copyright (c) 2014 Mozilla Corporation
-#
-# Contributors:
-# Anthony Verez averez@mozilla.com
-# Jeff Bryner jbryner@mozilla.com

 from celery.schedules import crontab, timedelta
 import time
--- a/alerts/multiple_intel_hits.py
+++ b/alerts/multiple_intel_hits.py
@ -4,11 +4,6 @@
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 # Copyright (c) 2014 Mozilla Corporation
-#
-# Contributors:
-# Anthony Verez averez@mozilla.com
-# Jeff Bryner jbryner@mozilla.com
-# Michal Purzynski <mpurzynski@mozilla.com>

 from lib.alerttask import AlertTask
 from query_models import SearchQuery, TermMatch, ExistsMatch, TermsMatch
--- a/alerts/old_events.py
+++ b/alerts/old_events.py
@ -5,9 +5,6 @@
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 # Copyright (c) 2017 Mozilla Corporation
 #
-# Contributors:
-# Brandon Myers bmyers@mozilla.com
-#
 # Looks for events that have an old timestamp
 # which could mean theres something wrong in the event pipeline

--- a/alerts/open_port_violation.py
+++ b/alerts/open_port_violation.py
@ -4,10 +4,6 @@
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 # Copyright (c) 2017 Mozilla Corporation
-#
-# Contributors:
-# Jonathan Claudius jclaudius@mozilla.com
-# Brandon Myers bmyers@mozilla.com

 from lib.alerttask import AlertTask
 from query_models import SearchQuery, TermMatch, PhraseMatch
--- a/alerts/plugins/dashboard_geomodel.py
+++ b/alerts/plugins/dashboard_geomodel.py
@ -2,9 +2,6 @@
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 # Copyright (c) 2014 Mozilla Corporation
-#
-# Contributors:
-# Brandon Myers bmyers@mozilla.com

 import hjson
 import os
--- a/alerts/plugins/pagerDutyTriggerEvent.py
+++ b/alerts/plugins/pagerDutyTriggerEvent.py
@ -2,9 +2,6 @@
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 # Copyright (c) 2014 Mozilla Corporation
-#
-# Contributors:
-# Jeff Bryner jbryner@mozilla.com

 import requests
 import json
--- a/alerts/promisc_audit.py
+++ b/alerts/promisc_audit.py
@ -5,9 +5,6 @@
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 # Copyright (c) 2014 Mozilla Corporation
 #
-# Contributors:
-# Michal Purzynski mpurzynski@mozilla.com
-#
 # This code alerts on every successfully opened session on any of the host from a given list

 from lib.alerttask import AlertTask
--- a/alerts/promisc_kernel.py
+++ b/alerts/promisc_kernel.py
@ -5,9 +5,6 @@
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 # Copyright (c) 2014 Mozilla Corporation
 #
-# Contributors:
-# Michal Purzynski mpurzynski@mozilla.com
-#
 # This code alerts on every successfully opened session on any of the host from a given list

 from lib.alerttask import AlertTask
--- a/alerts/proxy_drop.py
+++ b/alerts/proxy_drop.py
@ -4,11 +4,6 @@
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 # Copyright (c) 2014 Mozilla Corporation
-#
-# Contributors:
-# Jonathan Claudius jclaudius@mozilla.com
-# Brandon Myers bmyers@mozilla.com
-# Alicia Smith asmith@mozilla.com


 from lib.alerttask import AlertTask
--- a/alerts/session_opened_sensitive_user.py
+++ b/alerts/session_opened_sensitive_user.py
@ -5,9 +5,6 @@
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 # Copyright (c) 2014 Mozilla Corporation
 #
-# Contributors:
-# Michal Purzynski mpurzynski@mozilla.com
-#
 # This code alerts on every successfully opened session for any user in the list

 import datetime
--- a/alerts/sqs_queues_deadman.py
+++ b/alerts/sqs_queues_deadman.py
@ -4,9 +4,6 @@
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 # Copyright (c) 2017 Mozilla Corporation
-#
-# Contributors:
-# bmyers@mozilla.com

 from lib.alerttask import AlertTask
 from query_models import SearchQuery, TermMatch
--- a/alerts/ssh_access_signreleng.py
+++ b/alerts/ssh_access_signreleng.py
@ -4,10 +4,6 @@
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 # Copyright (c) 2017 Mozilla Corporation
-#
-# Contributors:
-# Aaron Meihm <ameihm@mozilla.com>
-# Brandon Myers bmyers@mozilla.com

 from lib.alerttask import AlertTask
 from query_models import SearchQuery, TermMatch, PhraseMatch, QueryStringMatch
--- a/alerts/ssh_bruteforce_bro.py
+++ b/alerts/ssh_bruteforce_bro.py
@ -4,10 +4,6 @@
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 # Copyright (c) 2017 Mozilla Corporation
-#
-# Contributors:
-# Michal Purzynski michal@mozilla.com
-# Brandon Myers bmyers@mozilla.com

 from lib.alerttask import AlertTask
 from query_models import SearchQuery, TermMatch, ExistsMatch, PhraseMatch
--- a/alerts/ssh_ioc.py
+++ b/alerts/ssh_ioc.py
@ -4,9 +4,6 @@
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 # Copyright (c) 2015 Mozilla Corporation
-#
-# Contributors:
-# Aaron Meihm <ameihm@mozilla.com>

 from lib.alerttask import AlertTask
 from query_models import SearchQuery, TermMatch
--- a/alerts/ssh_key.py
+++ b/alerts/ssh_key.py
@ -4,9 +4,6 @@
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 # Copyright (c) 2017 Mozilla Corporation
-#
-# Contributors:
-# Aaron Meihm <ameihm@mozilla.com>

 from lib.alerttask import AlertTask
 from query_models import SearchQuery, TermMatch
--- a/alerts/ssh_lateral.py
+++ b/alerts/ssh_lateral.py
@ -4,9 +4,6 @@
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 # Copyright (c) 2017 Mozilla Corporation
-#
-# Contributors:
-# Aaron Meihm <ameihm@mozilla.com>

 from lib.alerttask import AlertTask
 from query_models import SearchQuery, TermMatch, QueryStringMatch, PhraseMatch
--- a/alerts/ssl_blacklist_hit.py
+++ b/alerts/ssl_blacklist_hit.py
@ -4,9 +4,6 @@
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 # Copyright (c) 2014 Mozilla Corporation
-#
-# Contributors:
-# Michal Purzynski michal@mozilla.com

 from lib.alerttask import AlertTask
 from query_models import SearchQuery, TermMatch, ExistsMatch
--- a/alerts/unauth_ssh.py
+++ b/alerts/unauth_ssh.py
@ -4,9 +4,6 @@
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 # Copyright (c) 2015 Mozilla Corporation
-#
-# Contributors:
-# Aaron Meihm <ameihm@mozilla.com>

 from lib.alerttask import AlertTask
 from query_models import SearchQuery, TermMatch, QueryStringMatch, PhraseMatch
--- a/alerts/vpn_duo_auth_failures.py
+++ b/alerts/vpn_duo_auth_failures.py
@ -4,10 +4,6 @@
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 # Copyright (c) 2014 Mozilla Corporation
-#
-# Contributors:
-# Anthony Verez averez@mozilla.com
-# Jeff Bryner jbryner@mozilla.com

 from lib.alerttask import AlertTask
 from query_models import SearchQuery, TermMatch, PhraseMatch
--- a/benchmarking/es/insert_bulk.js
+++ b/benchmarking/es/insert_bulk.js
@ -2,9 +2,6 @@
 // License, v. 2.0. If a copy of the MPL was not distributed with this
 // file, You can obtain one at http://mozilla.org/MPL/2.0/.
 // Copyright (c) 2014 Mozilla Corporation
-//
-// Contributors:
-// Anthony Verez averez@mozilla.com

 // Usage: node ./insert_bulk.js <processes> <insertsPerQuery> <totalInserts> <host1> [host2] [host3] [...]

--- a/benchmarking/es/insert_simple.js
+++ b/benchmarking/es/insert_simple.js
@ -2,9 +2,6 @@
 // License, v. 2.0. If a copy of the MPL was not distributed with this
 // file, You can obtain one at http://mozilla.org/MPL/2.0/.
 // Copyright (c) 2014 Mozilla Corporation
-//
-// Contributors:
-// Anthony Verez averez@mozilla.com

 // Usage: node ./insert_simple.js <processes> <totalInserts> <host1> [host2] [host3] [...]

--- a/benchmarking/es/search_all_fulltext.js
+++ b/benchmarking/es/search_all_fulltext.js
@ -2,9 +2,6 @@
 // License, v. 2.0. If a copy of the MPL was not distributed with this
 // file, You can obtain one at http://mozilla.org/MPL/2.0/.
 // Copyright (c) 2014 Mozilla Corporation
-//
-// Contributors:
-// Anthony Verez averez@mozilla.com

 // Usage: node ./search_all_fulltext.js <processes> <totalSearches> <host1> [host2] [host3] [...]

--- a/benchmarking/workers/json2Mozdef.py
+++ b/benchmarking/workers/json2Mozdef.py
@ -4,9 +4,6 @@
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 # Copyright (c) 2014 Mozilla Corporation
-#
-# Contributors:
-# Jeff Bryner jbryner@mozilla.com

 import os
 import sys
--- a/bot/modules/roulette.py
+++ b/bot/modules/roulette.py
@ -4,9 +4,6 @@
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 # Copyright (c) 2014 Mozilla Corporation
 #
-# Contributors:
-# Jeff Bryner jbryner@mozilla.com
-#
 # Copy of https://github.com/gdestuynder/Stupid-python-bot/blob/master/modules/roulette.py
 # ported to kitnirc

@ -56,4 +53,4 @@ class Roulette(Module):
            return True

 # Let KitnIRC know what module class it should be loading.
-module = Roulette
+module = Roulette
--- a/bot/modules/zilla.py
+++ b/bot/modules/zilla.py
@ -5,10 +5,6 @@
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 # Copyright (c) 2014 Mozilla Corporation
-#
-# Contributors:
-# kang@mozilla.com
-#

 import logging
 from kitnirc.client import Channel
@ -66,15 +62,17 @@ class Zilla(Module):
            except AttributeError:
                _log.warning("zilla could not load search terms")
                return
-            try:
-                res = self._bugzilla.search_bugs(terms)
-            except Exception as e:
-                _log.error('Error querying bugzilla' + str(e))
-                return
-            for bug in res['bugs']:
-                bugsummary = bug['summary'].encode('utf-8', 'replace')
-                self.controller.client.msg(self.channel, "\x037\x02WARNING\x03\x02 \x032\x02NEW\x03\x02 bug: {url}{bugid} {summary}".format(summary=bugsummary,
-                    url=self.url, bugid=bug['id']))
+
+            for search_group in terms:
+                try:
+                    res = self._bugzilla.search_bugs(search_group)
+                except Exception as e:
+                    _log.error('Error querying bugzilla' + str(e))
+                    return
+                for bug in res['bugs']:
+                    bugsummary = bug['summary'].encode('utf-8', 'replace')
+                    self.controller.client.msg(self.channel, "\x037\x02WARNING\x03\x02 \x032\x02NEW\x03\x02 bug: {url}{bugid} {summary}".format(summary=bugsummary,
+                        url=self.url, bugid=bug['id']))

    def start(self, *args, **kwargs):
        super(Zilla, self).start(*args, **kwargs)
--- a/bot/mozdefbot.conf
+++ b/bot/mozdefbot.conf
@ -19,5 +19,4 @@ url = https://bugzilla.mozilla.org/
 api_key = <add_api_key>
 interval= 300
 channel = #somechannel
-search_terms = [{"product": "<add_product_name>"}, {"status": "NEW"}, {"status": "UNCONFIRMED"}]
-
+search_terms = [[{"product": "<add_product_name>"}, {"status": "NEW"}, {"status": "UNCONFIRMED"}]]
--- a/bot/mozdefbot.py
+++ b/bot/mozdefbot.py
@ -3,9 +3,6 @@
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 # Copyright (c) 2014 Mozilla Corporation
-#
-# Contributors:
-# Jeff Bryner jbryner@mozilla.com

 """mozdef bot using KitnIRC."""
 import json
--- a/bot/mozdefbot_slack.py
+++ b/bot/mozdefbot_slack.py
@ -3,9 +3,6 @@
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 # Copyright (c) 2014 Mozilla Corporation
-#
-# Contributors:
-# Brandon Myers bmyers@mozilla.com

 """ mozdef bot using slack
    to install - 'pip install slackclient'
--- a/config/defaultMappingTemplate.json
+++ b/config/defaultMappingTemplate.json
@ -141,7 +141,7 @@
                "index" : "not_analyzed",
                "type" : "long"
              },
-              "apiVersion" : {
+              "apiversion" : {
                "type" : "string",
                "index" : "not_analyzed",
                "doc_values" : true
--- a/cron/backupSnapshot.py
+++ b/cron/backupSnapshot.py
@ -4,10 +4,6 @@
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 # Copyright (c) 2014 Mozilla Corporation
-#
-# Contributors:
-# Anthony Verez averez@mozilla.com
-# Jeff Bryner jbryner@mozilla.com

 # Snapshot configured backups
 # Meant to be run once/day
--- a/cron/backupSnapshot.sh
+++ b/cron/backupSnapshot.sh
@ -4,9 +4,6 @@
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 # Copyright (c) 2014 Mozilla Corporation
-#
-# Contributors:
-# Anthony Verez averez@mozilla.com

 source  /opt/mozdef/envs/mozdef/bin/activate
 /opt/mozdef/envs/mozdef/cron/backupSnapshot.py -c /opt/mozdef/envs/mozdef/cron/backup.conf
--- a/cron/collectAttackers.py
+++ b/cron/collectAttackers.py
@ -4,10 +4,6 @@
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 # Copyright (c) 2014 Mozilla Corporation
-#
-# Contributors:
-# Jeff Bryner jbryner@mozilla.com
-# Brandon Myers bmyers@mozilla.com

 import collections
 import json
--- a/cron/collectAttackers.sh
+++ b/cron/collectAttackers.sh
@ -4,9 +4,6 @@
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 # Copyright (c) 2014 Mozilla Corporation
-#
-# Contributors:
-# Jeff Bryner jbryner@mozilla.com

 source  /opt/mozdef/envs/mozdef/bin/activate
 /opt/mozdef/envs/mozdef/cron/collectAttackers.py -c /opt/mozdef/envs/mozdef/cron/collectAttackers.conf
--- a/cron/collectSSHFingerprints.py
+++ b/cron/collectSSHFingerprints.py
@ -4,9 +4,6 @@
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 # Copyright (c) 2014 Mozilla Corporation
-#
-# Contributors:
-# Jeff Bryner jbryner@mozilla.com

 import logging
 import random
--- a/cron/collectSSHFingerprints.sh
+++ b/cron/collectSSHFingerprints.sh
@ -4,9 +4,6 @@
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 # Copyright (c) 2014 Mozilla Corporation
-#
-# Contributors:
-# Jeff Bryner jbryner@mozilla.com

 source  /opt/mozdef/envs/mozdef/bin/activate
 /opt/mozdef/envs/mozdef/cron/collectSSHFingerprints.py -c /opt/mozdef/envs/mozdef/cron/collectSSHFingerprints.conf
--- a/cron/correlateUserMacAddress.py
+++ b/cron/correlateUserMacAddress.py
@ -4,9 +4,6 @@
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 # Copyright (c) 2014 Mozilla Corporation
-#
-# Contributors:
-# Jeff Bryner jbryner@mozilla.com

 import json
 import logging
--- a/cron/correlateUserMacAddress.sh
+++ b/cron/correlateUserMacAddress.sh
@ -4,9 +4,6 @@
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 # Copyright (c) 2014 Mozilla Corporation
-#
-# Contributors:
-# Jeff Bryner jbryner@mozilla.com

 source  /opt/mozdef/envs/mozdef/bin/activate
 /opt/mozdef/envs/mozdef/cron/correlateUserMacAddress.py -c /opt/mozdef/envs/mozdef/cron/correlateUserMacAddress.conf
--- a/cron/createIPBlockList.py
+++ b/cron/createIPBlockList.py
@ -4,9 +4,6 @@
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 # Copyright (c) 2014 Mozilla Corporation
-#
-# Contributors:
-# Jeff Bryner jbryner@mozilla.com

 import boto
 import boto.s3
--- a/cron/createIPBlockList.sh
+++ b/cron/createIPBlockList.sh
@ -4,9 +4,6 @@
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 # Copyright (c) 2014 Mozilla Corporation
-#
-# Contributors:
-# Jeff Bryner jbryner@mozilla.com

 source  /opt/mozdef/envs/mozdef/bin/activate
 /opt/mozdef/envs/mozdef/cron/createIPBlockList.py -c /opt/mozdef/envs/mozdef/cron/createIPBlockList.conf
--- a/cron/duo_logpull.py
+++ b/cron/duo_logpull.py
@ -3,9 +3,6 @@
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 #
-# Contributors:
-# Guillaume Destuynder kang@mozilla.com
-# Brandon Myers bmyers@mozilla.com

 import sys
 import os
--- a/cron/esMaint.sh
+++ b/cron/esMaint.sh
@ -4,9 +4,6 @@
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 # Copyright (c) 2014 Mozilla Corporation
-#
-# Contributors:
-# Jeff Bryner jbryner@mozilla.com

 source  /opt/mozdef/envs/mozdef/bin/activate
 /opt/mozdef/envs/mozdef/cron/rotateIndexes.py -c /opt/mozdef/envs/mozdef/cron/backup.conf
--- a/cron/eventStats.py
+++ b/cron/eventStats.py
@ -4,9 +4,6 @@
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 # Copyright (c) 2014 Mozilla Corporation
-#
-# Contributors:
-# Jeff Bryner jbryner@mozilla.com

 import json
 import logging
--- a/cron/eventStats.sh
+++ b/cron/eventStats.sh
@ -4,9 +4,6 @@
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 # Copyright (c) 2014 Mozilla Corporation
-#
-# Contributors:
-# Brandon Myers bmyers@mozilla.com

 source  /opt/mozdef/envs/mozdef/bin/activate
 /opt/mozdef/envs/mozdef/cron/eventStats.py -c /opt/mozdef/envs/mozdef/cron/eventStats.conf
--- a/cron/google2mozdef.py
+++ b/cron/google2mozdef.py
@ -4,9 +4,6 @@
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 # Copyright (c) 2014 Mozilla Corporation
-#
-# Contributors:
-# Jeff Bryner jbryner@mozilla.com

 import os
 import sys
--- a/cron/google2mozdef.sh
+++ b/cron/google2mozdef.sh
@ -4,9 +4,6 @@
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 # Copyright (c) 2014 Mozilla Corporation
-#
-# Contributors:
-# Jeff Bryner jbryner@mozilla.com

 source  /opt/mozdef/envs/mozdef/bin/activate
 /opt/mozdef/envs/mozdef/cron/google2mozdef.py -c /opt/mozdef/envs/mozdef/cron/google2mozdef.conf
--- a/cron/healthAndStatus-fxa.sh
+++ b/cron/healthAndStatus-fxa.sh
@ -4,9 +4,6 @@
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 # Copyright (c) 2014 Mozilla Corporation
-#
-# Contributors:
-# Brandon Myers bmyers@mozilla.com

 source  /opt/mozdef/envs/mozdef/bin/activate
 /opt/mozdef/envs/mozdef/cron/healthAndStatus.py -c /opt/mozdef/envs/mozdef/cron/healthAndStatus.fxa.conf
--- a/cron/healthAndStatus.py
+++ b/cron/healthAndStatus.py
@ -4,10 +4,6 @@
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 # Copyright (c) 2014 Mozilla Corporation
-#
-# Contributors:
-# Jeff Bryner jbryner@mozilla.com
-# Anthony Verez averez@mozilla.com

 import json
 import logging
--- a/cron/healthAndStatus.sh
+++ b/cron/healthAndStatus.sh
@ -4,9 +4,6 @@
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 # Copyright (c) 2014 Mozilla Corporation
-#
-# Contributors:
-# Jeff Bryner jbryner@mozilla.com

 source  /opt/mozdef/envs/mozdef/bin/activate
 /opt/mozdef/envs/mozdef/cron/healthAndStatus.py -c /opt/mozdef/envs/mozdef/cron/healthAndStatus.conf
--- a/cron/healthToMongo.py
+++ b/cron/healthToMongo.py
@ -4,9 +4,7 @@
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 # Copyright (c) 2014 Mozilla Corporation
-#
-# Contributors:
-# Anthony Verez averez@mozilla.com
+

 import logging
 import requests
@ -79,7 +77,7 @@ def getEsNodesStats():
    jsonobj = r.json()
    results = []
    for nodeid in jsonobj['nodes']:
-        # Skip non masters and data nodes since it won't have full stats
+        # Skip non masters and non data nodes since it won't have full stats
        if ('attributes' in jsonobj['nodes'][nodeid] and
                jsonobj['nodes'][nodeid]['attributes']['master'] == 'false' and
                jsonobj['nodes'][nodeid]['attributes']['data'] == 'false'):
@ -90,6 +88,7 @@ def getEsNodesStats():
            'disk_free': jsonobj['nodes'][nodeid]['fs']['total']['free_in_bytes'] / (1024 * 1024 * 1024),
            'disk_total': jsonobj['nodes'][nodeid]['fs']['total']['total_in_bytes'] / (1024 * 1024 * 1024),
            'mem_heap_per': jsonobj['nodes'][nodeid]['jvm']['mem']['heap_used_percent'],
+            'gc_old': jsonobj['nodes'][nodeid]['jvm']['gc']['collectors']['old']['collection_time_in_millis'] / 1000,
            'cpu_usage': jsonobj['nodes'][nodeid]['os']['cpu_percent'],
            'load': jsonobj['nodes'][nodeid]['os']['load_average']
        })
@ -162,4 +161,3 @@ if __name__ == '__main__':
    initConfig()
    initLogger()
    main()
-
--- a/cron/healthToMongo.sh
+++ b/cron/healthToMongo.sh
@ -4,9 +4,6 @@
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 # Copyright (c) 2014 Mozilla Corporation
-#
-# Contributors:
-# Brandon Myers bmyers@mozilla.com

 source  /opt/mozdef/envs/mozdef/bin/activate
-/opt/mozdef/envs/mozdef/cron/healthToMongo.py -c /opt/mozdef/envs/mozdef/cron/healthToMongo.conf
+/opt/mozdef/envs/mozdef/cron/healthToMongo.py -c /opt/mozdef/envs/mozdef/cron/healthToMongo.conf
--- a/cron/import_threat_exchange.py
+++ b/cron/import_threat_exchange.py
@ -4,9 +4,6 @@
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 # Copyright (c) 2017 Mozilla Corporation
-#
-# Contributors:
-# Brandon Myers bmyers@mozilla.com

 import os
 import sys
--- a/cron/import_threat_exchange.sh
+++ b/cron/import_threat_exchange.sh
@ -4,9 +4,6 @@
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 # Copyright (c) 2017 Mozilla Corporation
-#
-# Contributors:
-# Brandon Myers bmyers@mozilla.com

 source  /opt/mozdef/envs/mozdef/bin/activate
-/opt/mozdef/envs/mozdef/cron/import_threat_exchange.py -c /opt/mozdef/envs/mozdef/cron/import_threat_exchange.conf
+/opt/mozdef/envs/mozdef/cron/import_threat_exchange.py -c /opt/mozdef/envs/mozdef/cron/import_threat_exchange.conf
--- a/cron/okta2mozdef.py
+++ b/cron/okta2mozdef.py
@ -4,9 +4,6 @@
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 # Copyright (c) 2014 Mozilla Corporation
-#
-# Contributors:
-# Jeff Bryner jbryner@mozilla.com

 import os
 import sys
--- a/cron/okta2mozdef.sh
+++ b/cron/okta2mozdef.sh
@ -4,9 +4,6 @@
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 # Copyright (c) 2014 Mozilla Corporation
-#
-# Contributors:
-# Jeff Bryner jbryner@mozilla.com

 source  /opt/mozdef/envs/mozdef/bin/activate
 /opt/mozdef/envs/mozdef/cron/okta2mozdef.py -c /opt/mozdef/envs/mozdef/cron/okta2mozdef.conf
--- a/cron/pruneES.sh
+++ b/cron/pruneES.sh
@ -4,9 +4,6 @@
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 # Copyright (c) 2014 Mozilla Corporation
-#
-# Contributors:
-# Jeff Bryner jbryner@mozilla.com

 source  /opt/mozdef/envs/mozdef/bin/activate
 /opt/mozdef/envs/mozdef/cron/pruneIndexes.py -c /opt/mozdef/envs/mozdef/cron/backup.conf
--- a/cron/pruneIndexes.py
+++ b/cron/pruneIndexes.py
@ -4,10 +4,6 @@
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 # Copyright (c) 2014 Mozilla Corporation
-#
-# Contributors:
-# Jeff Bryner jbryner@mozilla.com
-# Anthony Verez averez@mozilla.com

 # set this to run as a cronjob (after backup has completed)
 # to regularly remove indexes
@ -60,7 +56,7 @@ def esPruneIndexes():
                        index_to_prune += '-%s' % idate

                    if index_to_prune in indices:
-                        logger.info('Deleting index: %s' % index_to_prune)
+                        logger.debug('Deleting index: %s' % index_to_prune)
                        es.delete_index(index_to_prune, True)
                    else:
                        logger.error('Error deleting index %s, index missing' % index_to_prune)
--- a/cron/rotateIndexes.py
+++ b/cron/rotateIndexes.py
@ -4,10 +4,6 @@
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 # Copyright (c) 2014 Mozilla Corporation
-#
-# Contributors:
-# Jeff Bryner jbryner@mozilla.com
-# Anthony Verez averez@mozilla.com

 # set this to run as a cronjob at 00:00 UTC to create the indexes
 # necessary for mozdef
@ -76,8 +72,18 @@ def esRotateIndexes():
                            logger.debug('do not rotate %s index, month has not changed yet' % index)
                            continue
                    if newindex not in indices:
-                        logger.debug('Creating %s index' % newindex)
-                        es.create_index(newindex)
+                        if 'alerts' in newindex:
+                            logger.debug('Creating %s index with single shard' % newindex)
+                            index_config = {
+                              "settings": {
+                                  "number_of_shards": 1
+                              }
+                            }
+                            logger.debug('Creating %s index' % newindex)
+                            es.create_index(newindex, index_config)
+                        else:
+                            logger.debug('Creating %s index' % newindex)
+                            es.create_index(newindex)
                    # set aliases: events to events-YYYYMMDD
                    # and events-previous to events-YYYYMMDD-1
                    logger.debug('Setting {0} alias to index: {1}'.format(index, newindex))
--- a/cron/setupIndexTemplates.py
+++ b/cron/setupIndexTemplates.py
@ -4,10 +4,6 @@
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 # Copyright (c) 2014 Mozilla Corporation
-#
-# Contributors:
-# Jeff Bryner jbryner@mozilla.com
-# Anthony Verez averez@mozilla.com

 # Use this to setup the index templates for mozdef
 # You only need to run it once, it will setup the templates
@ -48,4 +44,4 @@ if __name__ == '__main__':
    initConfig()
    es = es_module.Elasticsearch(options.esservers[0])
    for templatename, templatefile in zip(options.templatenames, options.templatefiles):
-        es.setupIndexTemplate(templatename, templatefile)
+        es.setupIndexTemplate(templatename, templatefile)
--- a/cron/syncAlertsToMongo.py
+++ b/cron/syncAlertsToMongo.py
@ -4,9 +4,6 @@
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 # Copyright (c) 2014 Mozilla Corporation
-#
-# Contributors:
-# Jeff Bryner jbryner@mozilla.com

 import calendar
 import logging
--- a/cron/syncAlertsToMongo.sh
+++ b/cron/syncAlertsToMongo.sh
@ -4,9 +4,6 @@
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 # Copyright (c) 2014 Mozilla Corporation
-#
-# Contributors:
-# Jeff Bryner jbryner@mozilla.com

 source  /opt/mozdef/envs/mozdef/bin/activate
 /opt/mozdef/envs/mozdef/cron/syncAlertsToMongo.py -c /opt/mozdef/envs/mozdef/cron/syncAlertsToMongo.conf
--- a/cron/update_generic_alerts.py
+++ b/cron/update_generic_alerts.py
@ -4,9 +4,6 @@
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 # Copyright (c) 2017 Mozilla Corporation
-#
-# Contributors:
-# Brandon Myers bmyers@mozilla.com

 from git import Repo, cmd

--- a/cron/update_generic_alerts.sh
+++ b/cron/update_generic_alerts.sh
@ -4,9 +4,6 @@
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 # Copyright (c) 2017 Mozilla Corporation
-#
-# Contributors:
-# Brandon Myers bmyers@mozilla.com

 source  /opt/mozdef/envs/mozdef/bin/activate
 /opt/mozdef/envs/mozdef/cron/update_generic_alerts.py -c /opt/mozdef/envs/mozdef/cron/update_generic_alerts.conf
--- a/cron/update_geolite_db.py
+++ b/cron/update_geolite_db.py
@ -4,9 +4,6 @@
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 # Copyright (c) 2017 Mozilla Corporation
-#
-# Contributors:
-# Brandon Myers bmyers@mozilla.com

 import sys
 import os
--- a/cron/update_geolite_db.sh
+++ b/cron/update_geolite_db.sh
@ -4,9 +4,6 @@
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 # Copyright (c) 2017 Mozilla Corporation
-#
-# Contributors:
-# Brandon Myers bmyers@mozilla.com

 source  /opt/mozdef/envs/mozdef/bin/activate
 /opt/mozdef/envs/mozdef/cron/update_geolite_db.py -c /opt/mozdef/envs/mozdef/cron/update_geolite_db.conf
--- a/cron/update_ip_list.conf
+++ b/cron/update_ip_list.conf
@ -5,3 +5,4 @@ aws_bucket_name = <add_aws_bucket_name>
 aws_document_key_name = allv4networks.txt
 local_ip_list_path=/opt/mozdef/envs/mozdef/static/iplist.txt
 ips_list_threshold = 20
+manual_additions = 1.2.3.0/24,4.5.6.7/32
--- a/cron/update_ip_list.py
+++ b/cron/update_ip_list.py
@ -4,9 +4,6 @@
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 # Copyright (c) 2017 Mozilla Corporation
-#
-# Contributors:
-# Brandon Myers bmyers@mozilla.com

 import sys
 import os
@ -42,6 +39,13 @@ def main():
    logger.debug('Starting')
    logger.debug(options)
    ips = fetch_ip_list(options.aws_access_key_id, options.aws_secret_access_key, options.aws_bucket_name, options.aws_document_key_name)
+
+    for manual_addition in options.manual_additions:
+        if manual_addition == '':
+            continue
+        logger.debug("Adding manual addition: " + manual_addition)
+        ips.append(manual_addition)
+
    if len(ips) < options.ips_list_threshold:
        raise LookupError('IP List contains less than ' + str(options.ips_list_threshold) + ' entries...something is probably up here.')
    save_ip_list(options.local_ip_list_path, ips)
@ -59,7 +63,7 @@ def initConfig():

    options.local_ip_list_path = getConfig('local_ip_list_path', '', options.configfile)
    options.ips_list_threshold = getConfig('ips_list_threshold', 20, options.configfile)
-
+    options.manual_additions = getConfig('manual_additions', '', options.configfile).split(',')

 if __name__ == '__main__':
    parser = OptionParser()
--- a/cron/update_ip_list.sh
+++ b/cron/update_ip_list.sh
@ -4,9 +4,6 @@
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 # Copyright (c) 2017 Mozilla Corporation
-#
-# Contributors:
-# Brandon Myers bmyers@mozilla.com

 source  /opt/mozdef/envs/mozdef/bin/activate
 /opt/mozdef/envs/mozdef/cron/update_ip_list.py -c /opt/mozdef/envs/mozdef/cron/update_ip_list.conf
--- a/cron/verify_event_fields.py
+++ b/cron/verify_event_fields.py
@ -4,9 +4,6 @@
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 # Copyright (c) 2017 Mozilla Corporation
-#
-# Contributors:
-# Brandon Myers bmyers@mozilla.com

 import sys
 import os
--- a/cron/verify_event_fields.sh
+++ b/cron/verify_event_fields.sh
@ -4,9 +4,6 @@
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 # Copyright (c) 2017 Mozilla Corporation
-#
-# Contributors:
-# Brandon Myers bmyers@mozilla.com

 source  /opt/mozdef/envs/mozdef/bin/activate
 /opt/mozdef/envs/mozdef/cron/verify_event_fields.py -c /opt/mozdef/envs/mozdef/cron/verify_event_fields.conf
--- a/cron/vidyo2MozDef.py
+++ b/cron/vidyo2MozDef.py
@ -5,9 +5,6 @@
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 # Copyright (c) 2014 Mozilla Corporation

-# Contributor: gdestuynder@mozilla.com
-# Contributor: jbryner@mozilla.com
-
 import copy
 import os
 import sys
--- a/cron/vidyo2MozDef.sh
+++ b/cron/vidyo2MozDef.sh
@ -4,9 +4,6 @@
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 # Copyright (c) 2014 Mozilla Corporation
-#
-# Contributors:
-# Jeff Bryner jbryner@mozilla.com

 source  /opt/mozdef/envs/mozdef/bin/activate
 /opt/mozdef/envs/mozdef/cron/vidyo2MozDef.py -c /opt/mozdef/envs/mozdef/cron/vidyo2MozDef.conf
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@ -3,12 +3,6 @@
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 # Copyright (c) 2014 Mozilla Corporation
 #
-# Contributors:
-# Jeff Bryner jbryner@mozilla.com
-# Yohann Lepage yohann@lepage.info
-# Anthony Verez averez@mozilla.com
-# Charlie Lewis clewis@iqt.org
-# Brandon Myers bmyers@mozilla.com

 FROM centos:7

--- a/docker/compose/docker-compose-tests.yml
+++ b/docker/compose/docker-compose-tests.yml
@ -0,0 +1,26 @@
+---
+version: '2.2'
+services:
+  elasticsearch:
+    build:
+      context: ../../
+      dockerfile: docker/compose/elasticsearch/Dockerfile
+    restart: always
+    command: bin/elasticsearch -Des.insecure.allow.root=true -Dnetwork.host=0.0.0.0
+    ports:
+      - 9200:9200
+    networks:
+      - default
+  rabbitmq:
+    build:
+      context: ../../
+      dockerfile: docker/compose/rabbitmq/Dockerfile
+    restart: always
+    command: rabbitmq-server
+    ports:
+      - 5672:5672
+    networks:
+      - default
+
+networks:
+  default:
--- a/docker/compose/mozdef_alerts/files/config.py
+++ b/docker/compose/mozdef_alerts/files/config.py
@ -4,10 +4,6 @@
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 # Copyright (c) 2014 Mozilla Corporation
-#
-# Contributors:
-# Anthony Verez averez@mozilla.com
-# Brandon Myers bmyers@mozilla.com

 from celery.schedules import crontab, timedelta
 import time
--- a/Показать больше
+++ b/Показать больше