mozilla
/
MozDef
зеркало из https://github.com/mozilla/MozDef.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
2 759 коммитов 4 Ветки 53 Теги 68 MiB
Граф коммитов

2759 Коммитов

Автор SHA1 Сообщение Дата
Brandon Myers 1fd1f982f1
Remove banhammer rest plugin 2018-10-04 12:19:58 -04:00
Brandon Myers 879f6f6e6e
Remove unrelated comments to rest plugins 2018-10-04 12:18:15 -04:00
A Smith 589cf2c0d0
Merge pull request #756 from mozilla/modify_sqs_drop_nondict 
Modify sqs worker to drop non dict messages
 2018-10-03 17:13:55 -04:00
A Smith e29ce9307e
Merge pull request #754 from mozilla/auditdFixup_fix_dhost 
Fixing details.dhost to be hostname
 2018-10-03 17:13:13 -04:00
Brandon Myers 69a4e4da81
Merge pull request #747 from mozilla/add_honeycomb_alert 
Add alert for honeycomb
 2018-10-02 14:10:44 -05:00
Brandon Myers fed01844d9
Modify sqs worker to drop non dict messages 2018-10-02 14:53:33 -04:00
Phrozyn 62ac957471
Correcting typo 2018-10-01 13:50:40 -05:00
Phrozyn 29ce658a2e
Fixing details.dhost to be hostname 2018-10-01 11:32:38 -05:00
A Smith fa6e9978fb
Merge pull request #751 from mozilla/remove_ssh_fingerprints_cron 
Remove unused ssh fingerprints cron script
 2018-09-26 14:00:00 -04:00
A Smith 8962bcaf1d
Merge pull request #752 from mozilla/fixup_sqs_worker 
Fixup sqs workers to handle network errors
 2018-09-26 13:58:56 -04:00
A Smith 012bd89906
Merge pull request #746 from mozilla/hostname_field_normalization_phaseI 
hostname field normalization phase I
 2018-09-26 13:14:00 -04:00
Brandon Myers ceebae3c6c
Modify mq workers to stop when ctrl-c 2018-09-25 19:59:07 -05:00
Brandon Myers 43d499efb7
Modify sqs workers to handle network connection error 2018-09-25 19:57:39 -05:00
Brandon Myers 1065a06c29
Remove unused ssh fingerprints cron script 2018-09-25 13:41:52 -05:00
Brandon Myers 6c68388a23
Remove check for _type in alert 2018-09-20 16:53:58 -05:00
Brandon Myers fbb653e5dd
Update honeycomb alert with tests to get working 2018-09-20 15:26:57 -05:00
Jonathan Claudius 6c7d468ef4
Fix multi-alert summary to include spaces to reflect alert logic 2018-09-20 10:32:39 -04:00
Jonathan Claudius 62fc88f4a0
Address flow control in alert 2018-09-20 10:13:36 -04:00
Jonathan Claudius c2a8300a3f
More fixed to honeycomb unit-tests 2018-09-20 10:08:45 -04:00
Jonathan Claudius 426554bf18
Add unit-test examples for honeycomb alert 2018-09-20 09:40:08 -04:00
Cag aff07d46fc
Filter on critical events only 2018-09-20 17:56:53 +10:00
Cag 81738efeff
Update honeycomb.py with better validation 2018-09-20 17:42:09 +10:00
Brandon Myers 144f5b4fe1
Merge pull request #749 from mpurzynski/suricatafixup 
Rename details.alert to details.suricata_alert to avoid conflicts
 2018-09-19 14:28:58 -05:00
Michal Purzynski b04469d0c1 Rename details.alert to details.suricata_alert to avoid conflicts 2018-09-19 12:14:34 -07:00
Brandon Myers 44a1840a2e
Merge pull request #745 from mpurzynski/suricatafixup 
Initial version of the plugin that parses Suricata eve-log alerts and…
 2018-09-19 13:23:37 -05:00
Cag a78c31755a
Update honeycomb alert 
Returning different alert summary based on event summary data
 2018-09-19 16:29:58 +10:00
Phrozyn 6add309216
Removing test case I added, seems the alert doesn't trigger on program. 2018-09-18 17:49:45 -05:00
Phrozyn d92ff0a950
Adjusting unit test for hostname change. 2018-09-18 17:36:06 -05:00
Phrozyn f9c9a6d3eb
Adjusting hostname position in alert. 2018-09-18 17:23:34 -05:00
Phrozyn 3e8dc88048
Adjusting unit test to account for actual event structure 2018-09-18 17:21:10 -05:00
Phrozyn 46a7902088
Adding modified unit test 2018-09-18 17:16:26 -05:00
Phrozyn 623a6565b6
Swapping search for details.hostname to just hostname in alerts. 2018-09-18 16:52:27 -05:00
Cag 0ffd6125e1
Honeycomb alert test case 2018-09-18 19:02:26 +10:00
Cag 8c188b3fcd
Add alert for honeycomb 2018-09-18 18:11:44 +10:00
Michal Purzynski 16a5146ae9 Remove unsed code. 2018-09-17 11:43:59 -07:00
A Smith 578e575184
Merge pull request #741 from mozilla/unexpose_restapi 
Unexpose rest api in docker containers
 2018-09-13 17:10:58 -04:00
A Smith 83b8b60e9a
Merge pull request #743 from mozilla/add_callerreference_cloudtrail 
Add callerReference to cloudtrail plugin handler
 2018-09-13 17:10:32 -04:00
A Smith cab6029a4c
Merge pull request #744 from mozilla/travis_tests_docker 
Modify travis job to run tests in docker container
 2018-09-13 17:10:02 -04:00
Phrozyn fe7e6cb988
moved hostname out of details. 2018-09-13 15:53:38 -05:00
Phrozyn 44a81da8d6
hostname field normalization phase I 2018-09-13 14:04:22 -05:00
Michal Purzynski ba05341f19 Initial version of the plugin that parses Suricata eve-log alerts and matches field names to Bro 2018-09-12 19:25:05 -07:00
Brandon Myers 106101a5d0
Update alert test suite to use tests config file 2018-09-07 14:42:52 -05:00
Brandon Myers 7d2affb28f
Fix rest and loginput test config locations 2018-09-07 14:42:35 -05:00
Brandon Myers b450ec0fdb
Fix options for elasticsearch client tests 2018-09-07 14:42:12 -05:00
Brandon Myers d4277a620c
Convert travis tests to use docker container 2018-09-07 14:41:58 -05:00
Brandon Myers 1594d8f66c
Add tester docker container to run unit tests 2018-09-07 14:41:43 -05:00
Brandon Myers 1150857fd9
Add callerReference to cloudtrail plugin handler 2018-09-06 13:59:27 -05:00
Brandon Myers b94ca03242
Unexpose rest api in docker containers 2018-08-30 15:33:13 -05:00
Brandon Myers bb8070fee7
Merge pull request #740 from mozilla/logrotate_update 
Adding updated logrotate scripts for mozdef archival of old logs.
 2018-08-29 11:51:53 -05:00
A Smith 44c38e2324
Merge pull request #731 from Phrozyn/sqs_queue_status 
Adding sqs_queue_status script to cron
 2018-08-28 17:02:24 -04:00