mozilla
/
MozDef
зеркало из https://github.com/mozilla/MozDef.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
5 612 коммитов 4 Ветки 53 Теги 68 MiB
Граф коммитов

5612 Коммитов

Автор SHA1 Сообщение Дата
Brandon Myers 1832078c76
Merge pull request #1483 from mozilla/geomodel_test_cleanup 
Geomodel test cleanup
 2019-10-08 14:26:27 -05:00
Emma Rose 98df786ec8
remove commented lines 2019-10-08 14:58:32 -04:00
Emma Rose c13f611f47
Add configured InfosecAdmin user to fix tests 2019-10-08 14:55:54 -04:00
Emma Rose 3a47e19c99
Merge branch 'master' into alert-aws-privshare 2019-10-08 14:55:09 -04:00
Phrozyn 8fce7b0183
removing auditd comment and dev artifact 2019-10-08 13:42:45 -05:00
Brandon Myers 4f0bafed14
Merge pull request #1468 from mpurzynski/esworker_exceptions_fixups 
Esworker exceptions fixups
 2019-10-08 12:33:03 -05:00
Brandon Myers 906a9cc5fc
Merge pull request #1465 from mozilla/fixup_flake8_cloudymozdef 
Fixup flake8 errors in cloudymozdef
 2019-10-08 12:29:41 -05:00
Phrozyn 7ae8de8a67
adding missing comma 2019-10-08 09:36:21 -05:00
Phrozyn ae68146394
removing erroneous comma 2019-10-08 09:21:33 -05:00
Emma Rose 65fc6f18d3
Appease linter gods 2019-10-07 18:17:26 -04:00
Emma Rose 48850f91c9
Removed unused import 2019-10-07 18:16:15 -04:00
Emma Rose 155d668fd6
Refactored remaining alerts 2019-10-07 18:14:42 -04:00
Emma Rose 362d839d38
Abstract locality test state initialization into base class and get first test passing after refactoring 2019-10-07 17:41:18 -04:00
Phrozyn f6cb9fab7a
adding test and fixing flake8 errro 2019-10-04 15:51:25 -05:00
Brandon Myers a7c2b90e0d
Merge pull request #1482 from mozilla/v3.1.2 
Create v3.1.2 release and update changelog
 2019-10-04 11:39:17 -05:00
Brandon Myers 99cf2b7273
Create v3.1.2 release and update changelog 2019-10-04 11:27:55 -05:00
Brandon Myers c8a9d9472d
Merge pull request #1473 from mozilla/ldap_bruteforce_alert 
Add LDAP bruteforce alert
 2019-10-04 11:16:27 -05:00
Michal Purzynski bc64101e00 remove automated black formating 2019-10-03 13:55:42 -07:00
Brandon Myers 1e7d2fada6
Merge pull request #1462 from mozilla/fixup_duplicates_geomodel 
Add test examples for geomodel alerts
 2019-10-03 15:47:43 -05:00
Jonathan Claudius e994dc8c84
Add whitelist to proxy drop ip alert 2019-10-03 14:30:21 -04:00
Jonathan Claudius ac625820a9
Fix typo 2019-10-03 14:14:55 -04:00
Jonathan Claudius d82500c71f
Fix typo in alert definition 2019-10-03 14:11:19 -04:00
Emma Rose 7e9e6de542
Fixing linting errors 2019-10-03 12:57:30 -04:00
Emma Rose a356a0db09
Add type_ field back 2019-10-02 21:38:48 -04:00
Emma Rose 6778a28e15
Minor tweak to function call order 2019-10-02 21:38:18 -04:00
Emma Rose 0c9c145a85
Cleaning up to get tests to run 2019-10-02 20:14:42 -04:00
Emma Rose 8260353bbb
Use execution module to set up alert 2019-10-02 19:57:28 -04:00
Emma Rose e05330a6bc
Refactor test to use execution module 2019-10-02 19:29:22 -04:00
Emma Rose c640ffc192
Add missing imports. Format long line 2019-10-02 18:25:53 -04:00
Emma Rose c6cd73382a
Merge branch 'fixup_duplicates_geomodel' of github.com:mozilla/MozDef into fixup_duplicates_geomodel 2019-10-02 18:05:45 -04:00
Emma Rose 07bc4d9639
Creating an abstraction for alert execution time states 2019-10-02 18:05:40 -04:00
Brandon Myers 77a75fbb0c
Add test case for dynamic search window 2019-10-02 16:05:52 -05:00
Phrozyn c89604e616
adding zoom_fixup.py to remove uneccessary fields 2019-10-02 15:10:41 -05:00
Brandon Myers d94dc4915e
Modify search window to be dynamic based on last alert execution 2019-10-02 14:33:14 -05:00
Brandon Myers a9dbb4594c
Reassign lastaction to utctimestamp for locality geomodel 2019-10-02 14:32:35 -05:00
Jonathan Claudius dff7305167
switch to details.server for exclusions 2019-10-02 13:28:19 -04:00
Jonathan Claudius 970ced1bda
change to server attribute 2019-10-02 13:27:09 -04:00
Jonathan Claudius 4c692f32ee
Add host exclusions to LDAP bruteforce alert 2019-10-02 13:23:51 -04:00
Jonathan Claudius 79aa92b25b
Add host exclusions to ldap password spray alert 2019-10-02 13:19:41 -04:00
Jonathan Claudius 3a653822ae
Add proper config for testing 2019-10-02 09:55:06 -04:00
Brandon Myers 5e4b3988e7
Collapse geomodel alert code and remove unused _process function 2019-10-01 18:03:11 -05:00
Emma Rose 07cfd7f750
Parse lastaction from receivedtimestamp in from_events because we expect it to be more accurate 2019-10-01 17:48:52 -04:00
Emma Rose 8655accc62
Only allow one query to be configured. 
When there are multiple queries, GeoModel will try to avoid processing
events that it may have already processed in previous iterations.
Rather than building a tagging system to track this internally, we will
restrict the number of queries that can be run so that this condition is
impossible.  Queries against multiple sources can be written using OR,
such as in "tags:auth0 OR tags:duo"
 2019-10-01 17:29:32 -04:00
Emma Rose 071b417c44
Only consider events that haven't already been processed 2019-10-01 16:03:04 -04:00
Brandon Myers 740b8ee571
Merge pull request #1466 from mozilla/update_cloudtrail_plugin 
Add describehostrequest to cloudtrail mq plugin
 2019-10-01 13:24:05 -05:00
Brandon Myers 7218624125
Merge pull request #1461 from mozilla/remove_alertplugins_text 
Remove logger entry for alert plugins receiving alerts
 2019-10-01 13:23:51 -05:00
Brandon Myers ad19e588d6
Merge pull request #1477 from darakian/add-rsyslog-content 
Add reference to rsyslog and omhttp module
 2019-10-01 12:27:46 -05:00
Brandon Myers 4feed9eab7
Merge pull request #1476 from darakian/remove-branch-text-at-head-of-alert-guide 
Remove wording around creating a branch for a feature
 2019-10-01 12:27:34 -05:00
Jon Moroney 89192be84c Add reference to rsyslog and omhttp module 2019-10-01 10:04:12 -07:00
Jon Moroney 5988faf4c1 Remove wording around creating a branch for a feature 
I think it makes sense to remove this text given that
a) Most alerts will probably be based on specific business logic
and
b) There is a note about including alerts in the mozdef master branch further down
 2019-10-01 09:58:26 -07:00