mozilla
/
MozDef
зеркало из https://github.com/mozilla/MozDef.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
5 424 коммитов 4 Ветки 53 Теги 68 MiB
Граф коммитов

509 Коммитов

Автор SHA1 Сообщение Дата
Gene Wood 6cd241a329 Extract action verb and add it along with readonly to the event 2017-09-01 13:11:28 -07:00
Michal Purzynski fa67e3d5d7 Even more cleanups 2017-08-31 16:40:28 -07:00
Michal Purzynski ccc7aae3c8 Initial commit for the data normalization initiative 2017-08-30 15:55:33 -07:00
Michal Purzynski 74dd2c2374 A first take on the new brofixup plugin. 2017-08-29 15:58:09 -07:00
Phrozyn 6199701f61
updated papertrail with changes from repo. 2017-08-25 13:34:45 -05:00
Phrozyn 4f1007a134
Updated code to reflect naming convention changes. 2017-08-25 12:17:53 -05:00
Phrozyn 2c415b673b
updated dots to underscores 2017-08-25 11:58:31 -05:00
Brandon Myers e396e5f230
Remove unused functions from esworker 2017-08-23 15:33:49 -04:00
Brandon Myers a7934e6f9b
Remove unused functions from mq 2017-08-23 15:22:48 -04:00
Brandon Myers 40fb30172f
Change default mq creds in conf 2017-08-17 18:21:07 -05:00
Brandon Myers 81fa3819cc
Update bot and mq plugin to use GeoIP class 2017-08-08 12:46:54 -05:00
Brandon Myers 4b665d8771
Convert registration term to lowercase fxa plugin 2017-07-17 13:18:48 -05:00
Brandon Myers caaf662ab7
Update fxa mq plugin to use new category 2017-07-17 13:01:44 -05:00
Brandon Myers ad64804e32
Add travisci to project and stabalize tests 2017-07-05 16:37:41 -05:00
Brandon Myers 63b3cf2194
Remove old leftover files 2017-06-15 15:13:03 -05:00
Brandon Myers fe96636655
Improve cloudtrail mq worker 2017-06-15 15:07:46 -05:00
Brandon Myers c632ed8250
Fix mozillaLocation mq plugin 2017-06-15 15:07:46 -05:00
Brandon Myers c6aaa8add8
Remove mozilla mq worker sample conf files 2017-06-15 15:07:45 -05:00
Brandon Myers cd25328625
Remove mozilla specific workers 2017-06-15 15:07:45 -05:00
Brandon Myers e59d2097ed
Remove default rabbitmq config 2017-06-15 15:07:44 -05:00
Brandon Myers b52c506810
Add defaults for sns sqs worker 2017-06-15 15:07:44 -05:00
Brandon Myers 29e3dec9ed
Add alerts to use config files 2017-06-15 15:07:42 -05:00
Brandon Myers bac6c7450a
Remove unncessary parsys file 2017-06-15 15:07:40 -05:00
Brandon Myers 43a722c65d
Fix typo in parsys ini file 2017-06-15 15:07:40 -05:00
Brandon Myers 1c4fc1071c
Remove unused mq workers 2017-06-15 15:07:38 -05:00
Brandon Myers 496311a364
Add parsys mq worker 2017-06-15 15:07:30 -05:00
Brandon Myers 9e734175e7
Add SNS SQS mq worker 2017-06-15 15:07:30 -05:00
Phrozyn ab3714d22a
Adding log drain back into uwsgi ini files. 2017-06-15 15:07:28 -05:00
Phrozyn 06899804fb
Adding contegix-auditd service and dummy conf and ini. 2017-06-15 15:07:25 -05:00
Phrozyn 1b4716ad2c
Moving uwsgi logging to syslog. 2017-06-15 15:07:22 -05:00
Phrozyn 24c2df918f
New contegix worker 2017-06-15 15:07:21 -05:00
Brandon Myers 5180f496e9
Add files for SSO sqs worker 2017-06-15 15:07:19 -05:00
Brandon Myers 7873cc38ea
Add thread to reauth every 30 minutes cloudtrail 2017-06-15 15:07:18 -05:00
Brandon Myers dbb78759ed
Add prefetch option to get_messages 2017-06-15 15:07:18 -05:00
Brandon Myers 1e300f7915
Add exception handling to cloudtrail worker 2017-06-15 15:07:18 -05:00
Brandon Myers 48e008346e
Add bulk to cloudtrail worker 2017-06-15 15:07:18 -05:00
Brandon Myers aa497395a7
Switch cloudtrail from cron to mq worker 2017-06-15 15:07:17 -05:00
Phrozyn 028505cd3b
Adding new mqworkers for fluentd2mozdef from aws infosec services. 2017-06-15 15:06:21 -05:00
Aaron Meihm 39ab8738ea
add configuration to drain mig sqs log queue 2017-06-15 15:06:02 -05:00
Brandon Myers f87c94a088
Unencrypt config files 
Signed-off-by: Brandon Myers <bmyers@mozilla.com>
 2017-06-15 15:05:55 -05:00
Phrozyn 97b0d685c6
Fixing mule issue in fxa with moar mules. 2017-06-15 15:05:53 -05:00
Brandon Myers d7a38c83f5
Remove creds from mq directory 
Signed-off-by: Brandon Myers <bmyers@mozilla.com>
 2017-06-15 15:05:43 -05:00
Brandon Myers 5fb9fbea7d
Move papertrail disabled to ini script 
Signed-off-by: Brandon Myers <bmyers@mozilla.com>
 2017-06-15 15:05:42 -05:00
Brandon Myers fb8806814b
Remove prod versions of esworker conf 
Signed-off-by: Brandon Myers <bmyers@mozilla.com>
 2017-06-15 15:05:42 -05:00
Phrozyn 7b903a1b81
Changing filenames to reflect a better workflow from dev to stage to prod. 2017-06-15 15:05:42 -05:00
Phrozyn 8da9fb5c34
Correcting mqwFxa.ini to remove stage from pid path 2017-06-15 15:05:41 -05:00
Brandon Myers c7b1e934b4
Update location of geolitecity data file 
Signed-off-by: Brandon Myers <bmyers@mozilla.com>
 2017-06-15 15:05:40 -05:00
Brandon Myers 5d03bc03d7
Remove mules from papertrail 
Signed-off-by: Brandon Myers <bmyers@mozilla.com>
 2017-06-15 15:05:33 -05:00
Brandon Myers 577c5cecfa
Fix missing import in fluentdSqsFixup 
Signed-off-by: Brandon Myers <bmyers@mozilla.com>
 2017-06-15 15:05:32 -05:00
Brandon Myers 13aa806b1b
Move unittest from mq plugin to own file 
Signed-off-by: Brandon Myers <bmyers@mozilla.com>
 2017-06-15 15:05:32 -05:00
Brandon Myers 1fb67e49fb
Remove unittest from fluentdSqsFixup 
Signed-off-by: Brandon Myers <bmyers@mozilla.com>
 2017-06-15 15:05:31 -05:00
Phrozyn cf55546506
Omitting the FxaOauthWebserver eventsource. 2017-06-15 15:05:19 -05:00
Brandon Myers d2ea5c3334
Add missing esworker releng conf 
Signed-off-by: Brandon Myers <bmyers@mozilla.com>
 2017-06-15 15:05:07 -05:00
Brandon Myers 79b2ee84ca
Add more workers to mqwSyslog 
Signed-off-by: Brandon Myers <bmyers@mozilla.com>
 2017-06-15 15:05:07 -05:00
Brandon Myers c37c2fb7d1
Update mq creds in mq alertWorker 
Signed-off-by: Brandon Myers <bmyers@mozilla.com>
 2017-06-15 15:05:05 -05:00
Phrozyn 66e963fc51
Updating mq/esworker.conf mq creds for mozdef user (was using qa2) 2017-06-15 15:05:01 -05:00
Phrozyn b4ff2e575d
Updating packaged config to include mozdef4. 2017-06-15 15:05:00 -05:00
Brandon Myers ec5d1ad5b7
Keep in sync with qa1 #70 
Signed-off-by: Brandon Myers <bmyers@mozilla.com>
 2017-06-15 15:04:54 -05:00
Phrozyn dbfc18190f
Fixed mozdefmqwFxaStage to reflect correct pid path. 2017-06-15 15:04:54 -05:00
Phrozyn 9c6d9364de
Fixed mozdefmqwAutoland to reflect correct pid path. 2017-06-15 15:04:53 -05:00
Phrozyn 2089dc225f
Added all prod service files and mq workers. 2017-06-15 15:04:53 -05:00
Phrozyn b86413db27
Updated pid path for all uwsgi instances to run from /var/run/ 2017-06-15 15:04:53 -05:00
Brandon Myers 16abe5adcc
Remove cloudtrail fixup mapping 
Signed-off-by: Brandon Myers <bmyers@mozilla.com>
 2017-06-15 15:04:52 -05:00
Phrozyn 3e02f27d14
modified esservers to new cluster. 2017-06-15 15:04:45 -05:00
Brandon Myers ee07fe18a3
Modify esservers from localhost to cluster 
Signed-off-by: Brandon Myers <bmyers@mozilla.com>
 2017-06-15 15:03:45 -05:00
Brandon Myers 28080dd980
Fix remaining qa references in prod 
Signed-off-by: Brandon Myers <bmyers@mozilla.com>
 2017-06-15 15:03:45 -05:00
Brandon Myers 75bb6542ee
Merge prod mq ini files with qa 
Signed-off-by: Brandon Myers <bmyers@mozilla.com>
 2017-06-15 15:03:44 -05:00
Brandon Myers ef6e483c7e
First import of existing files from prod 
Signed-off-by: Brandon Myers <bmyers@mozilla.com>
 2017-06-15 15:03:44 -05:00
Brandon Myers e9a4a67e5a
Modify .py scripts to use /opt dir 
Signed-off-by: Brandon Myers <bmyers@mozilla.com>
 2017-06-15 15:03:41 -05:00
Brandon Myers 007cf86c35
Modify .ini.disabled scripts to use /opt dir 
Signed-off-by: Brandon Myers <bmyers@mozilla.com>
 2017-06-15 15:03:41 -05:00
Brandon Myers 50a7cb772a
Modify .ini scripts to use /opt dir 
Signed-off-by: Brandon Myers <bmyers@mozilla.com>
 2017-06-15 15:03:40 -05:00
Brandon Myers 81a07bc2d5
Rename mozdefqa1 to localhost in configs 
Signed-off-by: Brandon Myers <bmyers@mozilla.com>
 2017-06-15 15:03:40 -05:00
Aaron Meihm a6f7c78597
update vulnerability plugin to handle version 2 messages 2017-06-15 15:03:39 -05:00
Brandon Myers 71692067cc
Add error support plus tests to bulk import 
Signed-off-by: Brandon Myers <bmyers@mozilla.com>
 2017-06-15 15:03:38 -05:00
Brandon Myers ea17b5883c
Fix toUTC isoformat problem 
Signed-off-by: Brandon Myers <bmyers@mozilla.com>
 2017-06-15 15:03:33 -05:00
Brandon Myers bfba1d3c4c
Add apiVersion mapping fix for cloudtrail 
Signed-off-by: Brandon Myers <bmyers@mozilla.com>
 2017-06-15 15:03:23 -05:00
Brandon Myers 6774599a37
Add exception in fxaFixup for fxa-auth-server 
Signed-off-by: Brandon Myers <bmyers@mozilla.com>
 2017-06-15 15:03:23 -05:00
Brandon Myers 6caaad320d
Remove duplicate definitions of toUTC 
Signed-off-by: Brandon Myers <bmyers@mozilla.com>
 2017-06-15 15:02:46 -05:00
Brandon Myers e832b313ee
Fix flush_bulk for pyes only 
Signed-off-by: Brandon Myers <bmyers@mozilla.com>
 2017-06-15 15:02:01 -05:00
Brandon Myers 76174add7d
Update mq directory with search class 
Signed-off-by: Brandon Myers <bmyers@mozilla.com>
 2017-06-15 15:02:01 -05:00
Brandon Myers 5082d87f68
Update alertWorker config 
Signed-off-by: Brandon Myers <bmyers@mozilla.com>
 2017-06-15 15:02:00 -05:00
Brandon Myers 49a042107e
Remove mq/safe directory and files 
Signed-off-by: Brandon Myers <bmyers@mozilla.com>
 2017-06-15 15:01:58 -05:00
Brandon Myers 67b38ae579
Remove mq/mq files and directory 
Signed-off-by: Brandon Myers <bmyers@mozilla.com>
 2017-06-15 15:01:42 -05:00
Phrozyn e7cef0564f
Adding additional mq ini changes. 2017-06-15 15:00:49 -05:00
Phrozyn edcc26f84e
Modifying thread/Process values to be in alignment with mozdefqa1's resources. Disabled unused workers. 2017-06-15 15:00:49 -05:00
Brandon Myers 375b0290de
Update conf files to use US/Pacific 
Signed-off-by: Brandon Myers <bmyers@mozilla.com>
 2017-06-15 15:00:48 -05:00
Brandon Myers e5e98c1304
Switch mq directory to US/Pacific 
Signed-off-by: Brandon Myers <bmyers@mozilla.com>
 2017-06-15 15:00:46 -05:00
Phrozyn dbc7e43e41
unencrypting ini files 2017-06-15 15:00:46 -05:00
Phrozyn ac9925be6d
adding unencrypted mqESmules.ini 
adding unencrypted mqESmulesAWS.ini
 2017-06-15 15:00:45 -05:00
Phrozyn 5c990d90ef
Unencrypting ini files. 2017-06-15 15:00:45 -05:00
Phrozyn 700f0abf5f
Releng Papertrail ini for esworker. 2017-06-15 15:00:44 -05:00
Brandon Myers 99fa7ca655
Remove rra files 
Signed-off-by: Brandon Myers <bmyers@mozilla.com>
 2017-06-15 15:00:42 -05:00
Gene Wood d9911b4a77
adding mozdefmq support for infosec sqs non prod queue 2017-06-15 15:00:42 -05:00
Brandon Myers 1d8c59b93f
Setup codebase for merge of two repos 2017-06-15 14:56:47 -05:00
Brandon Myers 9a2388c398 Update GeoLiteCity.dat location in mq plugin 
Signed-off-by: Brandon Myers <bmyers@mozilla.com>
 2016-10-19 16:35:46 -05:00
Jeff Bryner d9afcb288b Merge pull request #350 from Phrozyn/master 
corrected typo in mq/plugins/fluentdSqsFixup.py
 2016-06-28 20:51:09 -07:00
Phrozyn 58a31fdc3c corrected typo in mq/plugins/fluentdSqsFixup.py 2016-06-28 19:17:37 -05:00
Jeff Bryner a0580d1848 Merge pull request #345 from pwnbus/remove_time_fluentdSqsFixup 
Remove details.time from fluentdSqsFixup
 2016-06-08 17:07:01 -07:00
Brandon Myers f84c3ca4e1 Remove details.time from fluentdSqsFixup 
Signed-off-by: Brandon Myers <bmyers@mozilla.com>
 2016-06-08 18:01:04 -05:00
kang 950b0868eb Sync with rra2json message format 
Add support for RRA versionning
 2016-06-03 11:35:22 -07:00
Jeff Bryner 7fd56b8d93 update geoip cache file location 2016-03-23 14:13:59 -07:00
Jeff Bryner d87569d486 add common/handy options 2016-03-23 12:57:46 -07:00
Aaron Meihm a3d9668888 adds an esworker for processing data from papertrail 2016-03-01 14:57:33 -06:00
Guillaume Destuynder 09f7a038b3 Use details.program as standard field for processname instead of fluentd 2015-10-22 10:54:42 -07:00
Guillaume Destuynder 231c3415b3 Add mq plugin: normalizer for fluentd-SQS messages (AWS). Ensure registration matches your SQS queue tag. 2015-10-22 10:54:15 -07:00
Guillaume Destuynder 334f5466a4 Fix reading of SQS JSON msgs - this works regardless of messages being raw JSON or base64-encoded JSON. 
Since Boto does base64 encode messages while writing to the queue this can happen (also since we use Boto, we were
previously expecting all messages to be base64 encoded, which wouldn't work if your writer wasn't Boto)
 2015-10-20 12:44:03 -07:00
Jeff Bryner f2524fb132 Merge pull request #302 from gdestuynder/master 
Support more validation filters to accomodate different RRA fields.
 2015-10-18 12:29:34 -07:00
Guillaume Destuynder 996a566813 Support more validation filters to accomodate different RRA fields. 
This enhance the validation accuracy ;-)
 2015-10-14 17:21:49 -07:00
Jeff Bryner f259564a78 add sqs-specific worker, closes #294 2015-10-12 14:00:05 -07:00
Jeff Bryner af526d6e4e revert sqs changes due to kombu issues 2015-10-12 13:59:32 -07:00
Guillaume Destuynder ec334de898 Merge branch 'master' of https://github.com/jeffbryner/MozDef 2015-10-09 18:45:30 -07:00
Guillaume Destuynder 80df3b0e44 Update to support new data classification 2015-10-09 18:44:39 -07:00
Jeff Bryner e0ff817332 fix dict2list to support embedded list of dicts, closes #297 2015-10-08 13:21:59 -07:00
Jeff Bryner f43d574b94 initial support for SQS in esworker, #294 2015-10-08 13:14:05 -07:00
Jeff Bryner eae8bdf1f4 add hostname to the message metadata, closes #289 2015-09-27 18:57:25 -07:00
Guillaume Destuynder f87c675d9c Also warn on missing service names for debugging 2015-06-17 14:21:35 -07:00
Guillaume Destuynder 1ad2d8c37d Fix validation check (entered CIA but not RPF) 
Added more verbose warning on validation check
 2015-06-16 17:05:30 -07:00
Guillaume Destuynder f4aafb5945 Plugin support for RRA index/events 2015-06-15 16:28:52 -07:00
Jeff Bryner 63bcbf4373 rm old ini file for old alertWorker 2015-03-22 20:16:28 -07:00
Jeff Bryner ad69a216f8 add alert plug in system, closes #162 2015-03-22 20:15:17 -07:00
Julien Vehent 8929794486 Remove doctype requirement on complianceitems plugin 2015-03-13 17:17:47 -04:00
Julien Vehent e7cb5760f7 Make complianceitem plugin extract item data from event message 2015-03-13 16:28:17 -04:00
Jeff Bryner fb1cbe0458 smarter IP finding 2015-02-13 09:31:13 -08:00
Aaron Meihm 6fb0ea4c13 also copy tags during compliance item event cleanup 2015-02-10 11:40:15 -06:00
Aaron Meihm 67d7d84bcf sourcename in vuln event docid to add isolation between different writers 2015-02-02 14:19:08 -06:00
Jeff Bryner c0218c08e2 vulnerability->vulnerabilities for consistent index naming 2015-01-30 12:24:35 -08:00
Aaron Meihm 9a4efd1e12 add MozDef vulnerability processing plugin 2015-01-30 11:36:49 -06:00
Jeff Bryner c104efd126 Merge pull request #216 from jvehent/master 
complianceitems plugin, take 2
 2014-12-16 17:02:00 -08:00
Julien Vehent 25f5ec69d6 complianceitems plugin, take 2 2014-12-16 19:03:59 -05:00
Jeff Bryner 1777c70781 Merge pull request #215 from jvehent/master 
complianceitems mozdef plugin, take 1
 2014-12-16 13:18:17 -08:00
Julien Vehent 2d57f88380 complianceitems mozdef plugin, take 1 2014-12-16 16:13:49 -05:00
Michal Purzynski bf0c21eb36 Add X-Cluster-Client-IP generated from NSM as yet another possible source of the real client IP 2014-12-16 21:25:28 +01:00
Jeff Bryner f35743b2c3 update esworker to accept utctimestamp as a field, closes #208 2014-12-01 10:21:42 -08:00
Jeff Bryner 981678eaa9 observium parsing plugin 2014-10-08 10:38:53 -07:00
Jeff Bryner ff4544de2f sourcehostname==hostname for consistency 2014-09-26 11:17:09 -07:00
Jeff Bryner 9c919996ca rework netflow plugin to match netflow to rabbit MQ input source 2014-09-15 13:07:34 -07:00
jeffbryner eeb62ea246 Merge pull request #185 from netantho/averez-netflow 
netflow v5
 2014-07-31 11:21:31 -07:00
Anthony Verez 13ac6341da averez-netflow: add netflow esworker plugin 2014-07-31 11:20:03 -07:00
Anthony Verez c3899f7ad1 averez-observium: Observium plugin by @XioNoX 2014-07-31 10:54:25 -07:00
Jeff Bryner c7975a3fbd improve logic and ipv4 finding 2014-07-03 08:47:51 -07:00
Jeff Bryner bee13b0066 bugfix: use sane version of found IP 2014-07-02 18:53:11 -07:00
Jeff Bryner 5128e29ac8 works for fail2ban also 2014-07-02 16:47:11 -07:00
Jeff Bryner a76fc32f55 fixup IP finding for edge cases with quoted strings 2014-07-02 15:03:57 -07:00
Jeff Bryner a8609e6348 account for netaddr seeing 1,0,etc as valid ipv4 addresses 2014-06-30 12:35:46 -07:00
Jeff Bryner 7cb8dc105b add support for nxlog windows event log parsing 2014-06-27 11:31:54 -07:00
Jeff Bryner 8d8c82a7f2 sshd event plugin to find ips in the message string 2014-06-25 12:57:54 -07:00
Jeff Bryner 8bbbf387c5 standardize the field names 2014-06-24 09:13:18 -07:00
Jeff Bryner 23ddf455fb internz mixing tabs and spaces 2014-06-24 08:59:13 -07:00
jeffbryner 506b035b46 Merge pull request #118 from netantho/averez-snmptt-plugin 
snmptt plugin
 2014-06-24 08:54:51 -07:00
jeffbryner 6f5e8ca23b Merge pull request #117 from netantho/averez-rtflow-plugin 
RT_FLOW plugin
 2014-06-24 08:54:16 -07:00
Anthony Verez 7341ecfce4 averez-rtflow-plugin: add action field 2014-06-20 18:01:13 -07:00
Jeff Bryner c38b022081 add option to run mq in no_ack, transient delivery mode 2014-06-18 14:32:33 -07:00
Anthony Verez f83fde1562 averez-snmptt-plugin: snmptt parsing 2014-06-13 11:42:39 -07:00
Anthony Verez 860e29f15c averez-rtflow-plugin: also parse RT_FLOW_SESSION_CREATE messages 2014-06-13 11:01:09 -07:00
Anthony Verez 3bf40d8fe8 averez-rtflow-plugin: int all the int 2014-06-12 18:06:12 -07:00
Anthony Verez 3a31847236 averez-rtflow-plugin: consider \n for rtflow plugin 2014-06-12 17:38:39 -07:00
Anthony Verez f5014ae9f1 averez-rtflow-plugin: initial rtflow plugin with RT_FLOW_SESSION_DENY parsing 2014-06-12 17:15:24 -07:00
Jeff Bryner 250920215d fixups to remove old registration and fixups for minor metadata bug 2014-06-03 09:30:26 -07:00
Anthony Verez 6d42844f31 averez-id-plugins: fix bug 2014-06-02 18:36:21 -07:00
Anthony Verez ef2f586c69 averez-id-plugins: try to debug a bug 2014-06-02 18:05:43 -07:00
Anthony Verez ed9d9512c1 averez-id-plugins: oops, forgot to pass metadata in a few functions 2014-06-02 16:02:58 -07:00
Anthony Verez 4ae1f5bd46 averez-id-plugins: pass a metadata variable to plugins 2014-06-02 15:31:41 -07:00
Anthony Verez cca5e1e777 averez-id-plugins: oops, fixed bug in arguments passed 2014-06-02 11:37:28 -07:00
Anthony Verez 58f7efc703 averez-id-plugins: plugins should be able to specific a ES doc ID 2014-06-02 09:57:30 -07:00
Jeff Bryner 33d3d25eae allow custom application event posting via http and allow plugins to specify index and doctype 2014-06-02 09:06:25 -07:00
Jeff Bryner 09dd0e6215 alter plugin registration system to use pure lists and sets for efficiency 2014-06-02 08:33:10 -07:00
jeffbryner 996f9abcd6 Merge pull request #107 from netantho/netantho-105-ttl 
enable TTL and refactor ES index template injection Closes #105
 2014-05-22 13:33:45 -07:00
Anthony Verez 43c552e0d2 netantho-105-ttl: delete the initial ttl plugin 2014-05-21 17:11:56 -07:00
Anthony Verez 8cf8de3808 netantho-105-ttl: try ttl field -> _ttl field to fix expiration 2014-05-19 14:54:46 -07:00
Anthony Verez fe5cb60c6c netantho-105-ttl: fix network example 2014-05-16 17:02:09 -07:00
Anthony Verez 26d605ce3a netantho-105-ttl: test on network logs 2014-05-16 16:43:21 -07:00
Anthony Verez 2cedb4fde0 netantho-105-ttl: optimize by flattening config file only once and not on every message 2014-05-16 16:08:50 -07:00
Anthony Verez e78413dbb5 netantho-105-ttl: fix ttl esworker plugin json config path 2014-05-16 15:50:52 -07:00
Anthony Verez 173977695b netantho-105-ttl: try to fail hard on absent ttl config 2014-05-16 15:35:52 -07:00
Anthony Verez 20da7fc970 netantho-105-ttl: try fixing config file path for esworker ttl plugin 2014-05-16 14:52:09 -07:00
Jeff Bryner d37402862b comments for the field_datatype convention 2014-05-15 17:59:17 -07:00
Anthony Verez dfa10dd420 averez-esworker-fix: cast to int/float values for fields ending with _int/_float 2014-05-06 16:25:41 -07:00
Jeff Bryner edf48a547e sample dropMessage.py plugin 2014-05-02 16:07:39 -07:00
Jeff Bryner 6b8ab7ab50 allow plugins to signal esworker to drop a message 2014-05-02 16:07:13 -07:00
Jeff Bryner 35692c1a76 classier geoip with perf improvement for .dat file loading 2014-04-30 22:04:41 -07:00
Jeff Bryner 21812711ed allow decimal and string ipv4 representations for easier facets 2014-04-30 21:40:32 -07:00
Jeff Bryner 4fea9a8da2 esworker performance improvements 2014-04-30 21:39:52 -07:00
Jeff Bryner ee276b4d71 adding the great ip fixup plugin to correct all the things 2014-04-25 13:53:40 -07:00
Jeff Bryner be0c5e5200 geoip now sent as a sub dictionairy for access to all fields 2014-04-25 13:53:04 -07:00
Jeff Bryner 0f692c0606 fix plugin registration logic, misc whitespace cleanings 2014-04-24 14:10:18 -07:00
Jeff Bryner 283576f935 moar better spelling 2014-04-23 19:05:25 -07:00
Jeff Bryner d4dae314ca priority change to allow other plugins to find/set ips 2014-04-23 18:03:09 -07:00
Jeff Bryner 587020aec9 unicode fixes, plugin logic fixes, nanosecond epoch allowances 2014-04-23 18:00:14 -07:00
Jeff Bryner 9cacd4308c add esworker options to support SSL amqp connections 2014-04-20 16:37:56 -07:00
Anthony Verez dcde5cdfda averez-22-license: Fix license stuff (Closes #22) 2014-04-16 11:40:15 -07:00
Jeff Bryner c6a2deabea geoip plugin 2014-04-13 21:35:09 -07:00
Jeff Bryner 4b8df4dac0 moar pep8 2014-04-13 20:33:25 -07:00
Jeff Bryner 26c34c356f moar pep8, plugin framework tweaks 2014-04-13 20:27:16 -07:00
Jeff Bryner 57aa8ab6e0 allow alertworker to monitor MQ on one server and send alerts to another MQ server 2014-04-08 12:30:55 -07:00
Jeff Bryner 0d72eafa6a update to allow cef details or fields sub dictionary 2014-04-03 21:10:33 -07:00
Jeff Bryner c613ad062f add bulk processing timeout for posting to ES when workers local pyes queue not full 2014-04-01 11:41:35 -07:00
Jeff Bryner 74665d454d fix bug where no tag in event still inspects event for alert with tag criteria 2014-03-31 11:39:44 -07:00
Jeff Bryner 1da954d2fb add options for bulk posting to elastic search 2014-03-29 18:41:57 -07:00
Jeff Bryner 52f2f12166 unicode y'all 2014-03-27 12:01:34 -07:00
Jeff Bryner ffb819a1e3 update exception handling for elastic search queue overflows 2014-03-26 09:03:26 -07:00
Jeff Bryner eb9fd08c20 disable periodic plugin reloading due to possible memory leak 2014-03-24 15:06:01 -07:00
Jeff Bryner 8eb42a7c5f changes to support bro intelligence alerting 2014-03-21 14:24:12 -07:00
Jeff Bryner 8f45d576b6 add plugin support, rework message queue 2014-03-20 12:36:17 -07:00
Jeff Bryner 9d7acb2b62 add utility to copy events to another ES server 2014-03-20 12:35:42 -07:00
Jeff Bryner 13537fbb54 new heka fields 2014-03-07 15:20:43 -08:00
Jeff Bryner 0f2acb5697 replace pika with kombu 2014-03-05 12:17:57 -08:00
Anthony Verez ccdf557c0d clean up python code 2014-03-05 11:04:41 -08:00
Guillaume Destuynder d2be992a76 Updated license file to conform with MPL 2014-02-25 09:55:02 -08:00
Jeff Bryner 2c3e026181 message queue code to normalize and route log messages 2014-02-17 23:53:41 -08:00