mozilla
/
MozDef
зеркало из https://github.com/mozilla/MozDef.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
754 коммитов 4 Ветки 53 Теги 68 MiB
Граф коммитов

61 Коммитов

Автор SHA1 Сообщение Дата
Michal Purzynski de31324dfa Add the licensing header. 2015-02-04 18:40:06 +01:00
Michal Purzynski ae594aa9ac Shift two fields that were in the wrong order. 2015-02-04 18:35:29 +01:00
Michal Purzynski 8236da6cb0 Add the licensing header. 2015-02-02 18:11:03 +01:00
Michal Purzynski 44d741a542 Introducing a set of Lua code for parsing, transforming and JSON generating from various Bro logs. Plug and play into Heka. Tested in production. 2015-02-02 18:08:42 +01:00
Jeff Bryner e72f359545 sample ipython notebook with a simple ES query 2015-01-28 11:07:50 -08:00
Jeff Bryner 5c6bbac084 Alert Development ipython notebook, closes #213 2014-12-16 11:14:03 -08:00
Jeff Bryner 43d22324a8 simple sample script for generating and posing an event directly to rabbit..plus severity 2014-11-24 10:02:20 -08:00
Jeff Bryner 779205e322 simple sample script for generating and posing an event directly to rabbit 2014-11-24 09:59:35 -08:00
Jeff Bryner f1b72a4162 update bro heka lua examples to ignore #comment lines 2014-11-12 15:25:19 -08:00
Jeff Bryner 519ebb3972 update bronotice lua with supporting functions to deal with occasional - fields 2014-11-12 14:55:23 -08:00
Jeff Bryner 4558be2bf6 update bro intel example lua script 2014-11-12 14:18:58 -08:00
Jeff Bryner b710215405 update example heka toml and lua, closes #199 2014-11-10 16:43:15 -08:00
Jeff Bryner 5e478a6c9f update toml to include esjsonencoder 2014-11-10 16:42:10 -08:00
Jeff Bryner 8c678b2431 remove regex examples since heka deprecated regex 2014-11-10 16:40:40 -08:00
Jeff Bryner 080596bd47 add defaults for demo alert/attacker creation 2014-10-03 16:18:13 -07:00
Jeff Bryner 8227a7a7a0 correct the nxlog windows sample config for json output 2014-09-26 11:17:38 -07:00
mseguin ff5ea1ee51 Missing a ">" at the end of the nxlog.conf file 2014-08-10 02:31:42 -04:00
Jeff Bryner d8ab423c19 update kibana alert/event endpoints to failover to alerts/events because demo gods 2014-08-06 21:31:29 -07:00
Jeff Bryner 119703f226 logging to INFO, create alerts/attackers less frequently by default 2014-08-06 08:45:51 -07:00
Jeff Bryner 46ecc6f020 reorg demo data into events/alerts/attackers to allow for constant stream of all 2014-08-05 21:42:21 -07:00
Jeff Bryner 5f1fa17d50 update demo event pool 2014-08-04 13:44:34 -07:00
Jeff Bryner 053b2bca53 refactor demo events to include <randomipaddress> tag to trigger a generated IP 2014-08-04 11:12:21 -07:00
Jeff Bryner 2e7b7e6207 use the same random IP, gen moar data 2014-08-03 08:49:48 -07:00
Jeff Bryner 673ebbb21f add syncalerts.sh script..doh 2014-08-02 16:55:03 -07:00
Jeff Bryner 5012ac9081 tighter sample IPs to hopefully create some demo attackers 2014-08-02 07:49:56 -07:00
Jeff Bryner 413c5008c6 create purposely specific IPs sometimes so alerts get created, and create more events each time 2014-08-01 17:12:12 -07:00
Jeff Bryner d4e834b3b9 demo helpers for docker 2014-08-01 15:19:18 -07:00
Jeff Bryner 334761777b add supervisord and supporting files for constant stream of demo/health events 2014-08-01 10:53:15 -07:00
Jeff Bryner dacf341094 add example plugin to set a static ID for an event 2014-07-29 13:42:54 -07:00
Jeff Bryner 38997b290c add download link for nxlog 2014-07-22 12:00:55 -07:00
Jeff Bryner 8ca2132a27 windows setup examples for nxlog 2014-07-22 11:52:55 -07:00
Anthony Verez 8b54783f3d averez-147-celery-alerts: inject sample events that trigger alerts 2014-07-17 22:00:42 -07:00
Anthony Verez 8cadd47af1 averez-147-celery-alerts: really create events-previous index 2014-07-17 21:19:37 -07:00
Anthony Verez 4253fc6a85 averez-147-celery-alerts: create events-previous index 2014-07-17 20:28:20 -07:00
Anthony Verez 8a3c72d385 averez-xionox-fixes: don't analyze details.program 2014-06-27 19:30:18 -07:00
Anthony Verez 24646fae5d averez-xionox-fixes: don't analyze details.sourceipgeolocation.country_name 2014-06-27 12:26:06 -07:00
jeffbryner 81f3b450b3 Merge pull request #122 from netantho/averez-scripted-dashboards 
event and alert scripted kibana dashboards
 2014-06-25 20:30:54 -07:00
Anthony Verez d719ede4de averez-auditd-long: use long instead of integers 2014-06-23 17:19:02 -07:00
Anthony Verez fabc2f2fb8 averez-scripted-dashboards: event and alert sciripted kibana dashboards 2014-06-19 17:20:24 -07:00
Anthony Verez 64ef5a7a13 averez-mapping-raw-host: .raw for details.hostname and auditd mapping 2014-06-10 15:55:58 -07:00
jeffbryner b47ecfab40 Merge pull request #112 from netantho/averez-vulnsnitch 
averez-vulnsnitch: mapping for vulnsnitch
 2014-06-04 08:42:22 -07:00
Anthony Verez a163836a72 averez-mig: add mappings for complianceitems index 2014-05-30 15:14:15 -07:00
Anthony Verez ba5dfda492 averez-vulnsnitch: mapping for vulnsnitch 2014-05-30 13:27:11 -07:00
Anthony Verez 1afb6f5b4b netantho-105-ttl: add details.email field in the mapping of the events index 2014-05-20 13:53:04 -07:00
Anthony Verez 1e2ec563ba netantho-105-ttl: refactor setupIndexTemplates.py and es-docs/inject.py to use a common module 2014-05-20 11:28:07 -07:00
Anthony Verez 2a9bf02f44 netantho-105-ttl: try to have a default mapping for the events index to enable ttl on all types 2014-05-19 15:35:05 -07:00
Anthony Verez 20da7fc970 netantho-105-ttl: try fixing config file path for esworker ttl plugin 2014-05-16 14:52:09 -07:00
Anthony Verez e6bd5c9b57 averez-19-samples: Add kibana dashboards and injection of them 2014-04-21 16:55:17 -07:00
Anthony Verez 377674f4da averez-19-samples: Add es-docs samples (events and alerts) 2014-04-21 09:58:13 -07:00
Anthony Verez ece90aa474 averez-27-dashboards-cleanup: clean up dashboards (Closes #27) 2014-04-17 14:04:21 -07:00