d7d4dd1cd8
Add decom notice to readme ( #1727 )
2021-11-02 11:41:59 -05:00
847d3ef4b5
Remove survey links ( #1726 )
...
Survey is completed, removing links to them.
2021-10-28 18:47:46 -04:00
80713ecd34
Remove uptycs data source ( #1721 )
2021-06-16 13:49:44 -05:00
8eaffd99bb
Bump bottle from 0.12.4 to 0.12.19 ( #1711 )
...
Bumps [bottle](https://github.com/bottlepy/bottle ) from 0.12.4 to 0.12.19.
- [Release notes](https://github.com/bottlepy/bottle/releases )
- [Changelog](https://github.com/bottlepy/bottle/blob/master/docs/changelog.rst )
- [Commits](https://github.com/bottlepy/bottle/compare/0.12.4...0.12.19 )
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-06-16 13:48:21 -05:00
9bed86e504
Bump cryptography from 3.2 to 3.3.2 ( #1722 )
...
Bumps [cryptography](https://github.com/pyca/cryptography ) from 3.2 to 3.3.2.
- [Release notes](https://github.com/pyca/cryptography/releases )
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst )
- [Commits](https://github.com/pyca/cryptography/compare/3.2...3.3.2 )
---
updated-dependencies:
- dependency-name: cryptography
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-06-16 13:48:11 -05:00
8a4188752b
Bump pyyaml from 5.1.1 to 5.4 ( #1710 )
...
Bumps [pyyaml](https://github.com/yaml/pyyaml ) from 5.1.1 to 5.4.
- [Release notes](https://github.com/yaml/pyyaml/releases )
- [Changelog](https://github.com/yaml/pyyaml/blob/master/CHANGES )
- [Commits](https://github.com/yaml/pyyaml/compare/5.1.1...5.4 )
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-06-16 13:40:47 -05:00
ec2bed33ab
Bump httplib2 from 0.18.0 to 0.19.0 ( #1705 )
...
Bumps [httplib2](https://github.com/httplib2/httplib2 ) from 0.18.0 to 0.19.0.
- [Release notes](https://github.com/httplib2/httplib2/releases )
- [Changelog](https://github.com/httplib2/httplib2/blob/master/CHANGELOG )
- [Commits](https://github.com/httplib2/httplib2/compare/v0.18.0...v0.19.0 )
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-06-16 13:40:39 -05:00
3f5aa841bc
Bump rsa from 3.1.4 to 4.7 ( #1715 )
...
Bumps [rsa](https://github.com/sybrenstuvel/python-rsa ) from 3.1.4 to 4.7.
- [Release notes](https://github.com/sybrenstuvel/python-rsa/releases )
- [Changelog](https://github.com/sybrenstuvel/python-rsa/blob/main/CHANGELOG.md )
- [Commits](https://github.com/sybrenstuvel/python-rsa/compare/version-3.1.4...version-4.7 )
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-06-16 13:40:21 -05:00
bd2cae4d73
Bump cryptography from 2.3.1 to 3.2 ( #1690 )
...
Bumps [cryptography](https://github.com/pyca/cryptography ) from 2.3.1 to 3.2.
- [Release notes](https://github.com/pyca/cryptography/releases )
- [Changelog](https://github.com/pyca/cryptography/blob/master/CHANGELOG.rst )
- [Commits](https://github.com/pyca/cryptography/compare/2.3.1...3.2 )
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-06-16 13:40:08 -05:00
5c62c753e6
Bump pip from 18.1 to 19.2 in /mozdef_util ( #1718 )
...
Bumps [pip](https://github.com/pypa/pip ) from 18.1 to 19.2.
- [Release notes](https://github.com/pypa/pip/releases )
- [Changelog](https://github.com/pypa/pip/blob/main/NEWS.rst )
- [Commits](https://github.com/pypa/pip/compare/18.1...19.2 )
---
updated-dependencies:
- dependency-name: pip
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-06-11 14:25:17 -05:00
2c4108fb24
Improve papertrail mq worker ( #1720 )
2021-06-11 10:53:36 -05:00
1a0b5afb25
Update ssh releng alert to take new event format into consideration ( #1719 )
2021-06-10 12:08:27 -05:00
32bcb2b9ea
Remove session invalidation alert ( #1714 )
2021-04-16 12:54:42 -05:00
0b33bad44d
Add more comments to ipblocklist message ( #1712 )
2021-04-12 12:18:42 -05:00
bca65c274d
Add username via auth0 plugin ( #1708 )
2021-03-16 10:35:26 -05:00
28052f3730
Fix tests in github actions ( #1707 )
...
* Fix tests in github actions
* Add pyjwt hardcoded version
2021-03-11 10:27:36 -06:00
fd2c2d1bec
Give endpoint methods unique names ( #1694 )
...
* Give endpoint methods unique names
* Remove specific flake8 rule which is not needed anymore
2021-03-10 17:33:26 -06:00
ff462a9d5f
Add the 'restart' recipe ( #1701 )
2021-03-10 17:19:06 -06:00
0efff88077
docs: fix simple typo, somehwere -> somewhere ( #1697 )
...
There is a small typo in docs/source/geomodel/specifications/v0_1.rst.
Should read `somewhere` rather than `somehwere`.
2021-03-10 17:18:30 -06:00
353549797b
Freeze PyJWT ( #1699 )
2021-03-10 17:16:23 -06:00
a5a159da69
Switch to github actions to run tests ( #1703 )
2021-01-26 13:26:38 -06:00
41e38deacd
Remove Boilerplate comments ( #1693 )
2020-12-03 14:27:46 -06:00
c68faa7a02
Fix google cron log auth script ( #1691 )
2020-11-16 11:15:24 -06:00
cb6c8f40e7
Add healthchecks ( #1689 )
2020-10-22 20:57:34 -05:00
45666bccfc
Add alerts healthcheck ( #1688 )
2020-10-22 20:57:06 -05:00
a6d1601f0e
Fix broken Discover module in Kibana with alerts index patterns ( #1687 )
...
* Remove duplicated non-json 'classname' entry
* Use plain json for index mapping files.
Move the escaping and formatting to the setup script.
2020-10-22 20:56:47 -05:00
a5ed47efbe
Add more specific context to vertical auth0 alert ( #1685 )
2020-09-16 12:06:54 -05:00
1a7d87d007
Remove bcrypt from meteor package ( #1684 )
2020-09-14 13:56:30 -05:00
9fbfa77411
Fix #1676 ( #1677 )
2020-09-11 15:17:41 -05:00
fb71be20ea
Add Auth- vertical password guessing alert ( #1683 )
2020-09-11 14:26:07 -05:00
140ff2b4d3
Add v0.1 of Auth0 username/password bruteforce alert ( #1681 )
2020-09-11 14:24:06 -05:00
ddd211415f
Set geomodel alert severity to be configurable ( #1675 )
2020-09-09 11:34:21 -05:00
3291e8d8c3
Fix #1678 ( #1680 )
2020-09-09 10:42:57 -05:00
33f138d266
Modify auth0 cron script to obtain bearer token ( #1674 )
2020-08-25 15:33:19 -05:00
d5c54b3e4c
Deprecate old plugins field ( #1670 )
...
* modifying old plugins structure to match new
* updating mozdef_util to include the new plugin structure and updating wheel
* updating mozdef_util README, HISTORY, version, and requirements
* adding setup.py version increment
2020-08-05 12:10:38 -07:00
ce13d3c32a
deprecating fxa logic ( #1669 )
2020-08-03 10:57:32 -05:00
bd6e2b3a6b
changing specific tag to encompass all triagebot escalations ( #1668 )
...
* changing specific tag to encompass all triagebot escalations
* updating test to reflect changes
2020-07-30 12:24:54 -07:00
dbe90e355d
adding new triagebot escalation alert ( #1666 )
...
* adding new triagebot escalation alert
* changing critical to info for pre-release
2020-07-29 14:39:06 -05:00
6e499044cb
reverts change to raw_value from object to string and renames field to raw_event ( #1667 )
...
* reverts change to raw_value from object to string
* changes raw_value to raw_event
2020-07-29 13:54:19 -05:00
a6c4b1e466
EIS-2365 ( #1665 )
...
* adds some additional parsing for email, user metadata, and adds to summary
* parses further information into objects so that they are searchable
* adds the raw msg as an object
* makes raw_value an object that is searchable, and pulls out some user metadata
* Defines successful api operation, modifies summaries to be more informative
* removes json import
* adding summary changes
* tidying up comments, removing references to UNKNOWN.
* adding additional wording to summary
* adding comments around the source field
* adding RP to summaries
* Refactoring the summary to be dynamic based on values present and not None
* updates the summary in the test
* correcting the test summary
2020-07-27 11:08:48 -05:00
df9b02050f
Auth0 categories ( #1664 )
...
* adds administration category, and adds terms to define the category for every potential event
* removes duplicated CORS from authentication category
* removes duplicate log event types from the dict
* moves Success Signup into Authentication category
* reduces redundancy of push notification event and adds it to authentication category
* reduces redundancy of other event names to correctly assign succes/failure and ensure categorization
2020-07-23 17:57:17 -05:00
6e2cb9b293
checking that keys exist and are not empty or None ( #1663 )
2020-07-21 09:41:08 -05:00
8350ebcf98
Reverts edit made to the check for the details.requestparameters.htmlpart ( #1662 )
...
* truncates htmlpart to something ES can handle
* adding comments to code and checking if values exist per @arcrose's suggestion
* removing whitespace
* adds a constnat and adds description for the ES_FIELD_LIMIT_VALUE constant.
* reverting check for details.requestparameters.htmlpart edit
* fixing whitespace
* fixing whitespace
2020-07-20 16:10:46 -05:00
d1b66ec378
moving plugins into mozdef data class ( #1659 )
2020-07-16 18:21:15 -05:00
08b0ae2526
truncates htmlpart to something ES can handle and adds authparameters to modify_keys ( #1661 )
...
* truncates htmlpart to something ES can handle
* adding comments to code and checking if values exist per @arcrose's suggestion
* removing whitespace
* adds a constnat and adds description for the ES_FIELD_LIMIT_VALUE constant.
2020-07-16 18:20:46 -05:00
e2194350cf
remove dots from the start or end of a key ( #1650 )
...
* remove dots from the start or end of a key
* updating the comment text
* re-envisioned code per @pwnbus' suggestion
* addressing review comments
* adds logic to check for null keys
2020-07-16 16:38:24 -05:00
a8a1663452
Eis 2329 ( #1660 )
...
* Write some new test cases that break the current implementation of the ldap_fixup email parser
* Tweak tests to break as expected
* Fix breaking test cases
* Add example from input that caused failure
* Split actor strings on spaces and on commas
2020-07-15 14:58:12 -05:00
aa602f4763
Update an alert to acknowledged in mongodb when the triagebot updates its status ( #1656 )
2020-07-13 16:38:12 -05:00
ffa92efcb0
Change Auth0 raw field from str repr to json ( #1653 )
...
This will both change the Auth0 raw field to be called raw_value
and will change the representation from a Python repr to a JSON
encoded string. This will allow ElasticSearch to index this value
and make it searchable.
This is similar to what was done in #1586 and support #1607
2020-07-13 16:37:48 -05:00
88525f3dd7
Revert "backporting package-lock from production ( #1651 )" ( #1657 )
...
This reverts commit 3e5909ab52
2020-07-08 15:50:56 -05:00
Brandon Myers
Gene Wood
dependabot[bot]
Jonathan Claudius
densfox
Mathieu Rollet
Tim Gates
Mathieu Rollet
A Smith
Arcadia Rose