mozilla
/
MozDef
зеркало из https://github.com/mozilla/MozDef.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
3 260 коммитов 4 Ветки 53 Теги 68 MiB
Граф коммитов

372 Коммитов

Автор SHA1 Сообщение Дата
Brandon Myers 663fd76ab2
Merge remote-tracking branch 'origin/infosec_workweek' into virtualenv_path_change 2018-10-24 13:05:30 -05:00
Brandon Myers c479d33c47
Convert ssh access config to json 2018-10-22 19:31:50 -05:00
Zack Mullaly 39a7a416ef Fixed import from mozdef_util 2018-10-17 16:24:12 -07:00
Zack Mullaly c0e77e4de5 Fixed another import 2018-10-17 16:11:40 -07:00
Zack Mullaly 71f397fd5a Fixed some broken imports 2018-10-17 16:03:00 -07:00
Zack Mullaly 1e3fd1b7f8 Caught a couple more broken imports 2018-10-16 15:43:03 -07:00
Zack Mullaly 312b8a2ebc Fixed the rest of the imports 2018-10-16 15:33:58 -07:00
Zack Mullaly 13a6c7401b Replace all the imports to use mozdef_util 2018-10-16 12:45:04 -07:00
Jonathan Claudius 5c3fd45680
Make events work for single or multiple events, this alert will work for both 2018-10-11 15:40:56 -04:00
Jonathan Claudius ade1c5bc1e
Fix misspelling 2018-10-11 15:38:28 -04:00
Jonathan Claudius 0d9e63895d
Standardize some proxy drop summary verbiage 2018-10-11 15:32:22 -04:00
Jonathan Claudius 341a6f7a9c
Change name from multiple to sucpicious 2018-10-11 14:21:35 -04:00
Brandon Myers 12b184c8f1
Merge pull request #750 from mozilla/add_proxy_connect_non_std 
Add connect proxy drops to non-std ports alert
 2018-10-11 14:08:18 -04:00
Jonathan Claudius 4421818a02
Fix variable names 2018-10-11 13:56:44 -04:00
Jonathan Claudius 3269c7f5c7
Clean up comment copy pasta 2018-10-11 13:54:41 -04:00
Jonathan Claudius 4317b34508
Add example config 2018-10-11 13:50:15 -04:00
Jonathan Claudius 347693e18d
Make excluded ports configurable 2018-10-11 13:49:00 -04:00
Brandon Myers df6e78b0fe
Merge pull request #748 from mozilla/make_proxy_drop_useful 
Add proxy drop on executable
 2018-10-11 13:44:06 -04:00
Brandon Myers ef4930603f
Fixup blank line at end of file 2018-10-05 17:52:13 -04:00
Brandon Myers 7689ea0d20
Remove too many blank lines 2018-10-05 17:46:00 -04:00
Brandon Myers 7f149fad15
Remove whitespace before single quote 2018-10-05 17:39:44 -04:00
Brandon Myers c255c94c67
Remove whitespace before parenthesis 2018-10-05 17:37:47 -04:00
Brandon Myers 06f0e78c5a
Remove whitespace after parenthesis 2018-10-05 17:34:36 -04:00
Jonathan Claudius 7be0689333
Fix up proxy drop non std port alert 2018-10-03 12:40:25 -04:00
Jonathan Claudius 95079b4b07
Add more tests and exception cases for proxy executable drop alert 2018-10-03 10:33:19 -04:00
Jonathan Claudius 24fd6d0789
Add more test cases to ensure proper alert behavior 2018-10-03 10:21:06 -04:00
Jonathan Claudius 5eeca3734a
Merge branch 'master' of github.com:mozilla/MozDef into make_proxy_drop_useful 2018-10-03 09:47:36 -04:00
Brandon Myers e9624cb562
Update proxy drop alert to use query string match for extensions 2018-10-02 21:48:15 -04:00
Jonathan Claudius 086a05934b
Make unit-tests path with temporary hack 2018-10-02 16:52:45 -04:00
Jonathan Claudius f1acd74aba
latest for proxy exec drop 2018-10-02 15:42:44 -04:00
Brandon Myers 69a4e4da81
Merge pull request #747 from mozilla/add_honeycomb_alert 
Add alert for honeycomb
 2018-10-02 14:10:44 -05:00
Jonathan Claudius 083c9072e3
Minor tweaks for debugging purposes 2018-09-25 18:19:47 -04:00
Jonathan Claudius f95520c1d2
Upload latest status 2018-09-25 17:55:44 -04:00
Jonathan Claudius e64654b19a
Fix copy party from prior alert 2018-09-24 16:17:33 -04:00
Jonathan Claudius f0fa45b822
Add connect proxy drops to non-std ports alert 2018-09-24 16:05:18 -04:00
Brandon Myers 6c68388a23
Remove check for _type in alert 2018-09-20 16:53:58 -05:00
Brandon Myers fbb653e5dd
Update honeycomb alert with tests to get working 2018-09-20 15:26:57 -05:00
Jonathan Claudius 62fc88f4a0
Address flow control in alert 2018-09-20 10:13:36 -04:00
Cag aff07d46fc
Filter on critical events only 2018-09-20 17:56:53 +10:00
Cag 81738efeff
Update honeycomb.py with better validation 2018-09-20 17:42:09 +10:00
Cag a78c31755a
Update honeycomb alert 
Returning different alert summary based on event summary data
 2018-09-19 16:29:58 +10:00
Phrozyn 623a6565b6
Swapping search for details.hostname to just hostname in alerts. 2018-09-18 16:52:27 -05:00
Jonathan Claudius 0179a173ee
Remove slashes, which are redundant 2018-09-18 16:12:28 -04:00
Jonathan Claudius 30a1dd9256
Add destination filter to handle exception cases 2018-09-18 16:04:33 -04:00
Jonathan Claudius bcfdcdd4e0
Remove exists match, it's redudant now 2018-09-18 15:36:36 -04:00
Jonathan Claudius 69d77afaf8
Add TCP_DENIED as a requirement to prevent triggering on other actions 2018-09-18 15:31:36 -04:00
Jonathan Claudius 4ade1d29fe
Add extension triggers and rename proxy_drop alert 2018-09-18 15:19:01 -04:00
Cag 8c188b3fcd
Add alert for honeycomb 2018-09-18 18:11:44 +10:00
Brandon Myers 7f593ebeb0
Fixup deadman alert to use hostname field 2018-08-20 16:20:02 -05:00
Brandon Myers 905ce5f148
Modify unknown isp in geomodel plugin 2018-08-17 15:12:21 -05:00