mozilla
/
MozDef
зеркало из https://github.com/mozilla/MozDef.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
4 093 коммитов 4 Ветки 53 Теги 68 MiB
Граф коммитов

430 Коммитов

Автор SHA1 Сообщение Дата
Brandon Myers e9566f614a
Merge pull request #1064 from mozilla/replace_timer_with_threads 
Replace timer with threads
 2019-02-28 12:31:49 -05:00
Brandon Myers 4190c8d5c5
Merge pull request #1105 from mozilla/fixup_keys_references 
Remove .keys() call during key exists comparison
 2019-02-27 18:03:44 -05:00
Brandon Myers e16ec577bf
Remove .keys() call during key exists comparison 2019-02-15 12:11:15 -06:00
Brandon Myers 1d38a41369
Exclude auth_success field if not present on message bro ssh logs 2019-02-13 12:11:08 -06:00
Brandon Myers b875dcd627
Project plugins key from mq plugins removing it 2019-02-08 11:29:15 -06:00
Brandon Myers 14652f6511
Update mq plugins to create key correctly 2019-01-31 19:15:43 -06:00
Brandon Myers b3be820e15
Merge pull request #1083 from mozilla/reorder_plugins_key 
Update plugins key on event ordering
 2019-01-31 18:36:15 -06:00
Brandon Myers 3a51bc6583
Update plugins key on event ordering 2019-01-31 18:26:20 -06:00
Michal Purzynski 01c1339d38
Merge branch 'master' into squid_parsing 2019-01-30 18:19:13 -08:00
Brandon Myers 1ca517b3f3
Merge remote-tracking branch 'origin/master' into replace_timer_with_threads 2019-01-30 13:24:03 -06:00
Brandon Myers ea53957621
Merge remote-tracking branch 'origin/master' into replace_timer_with_threads 2019-01-30 13:22:52 -06:00
Brandon Myers 3f87b3e14a
Merge pull request #1070 from mozilla/lowercase_matching_key_mq_plugins 
Lowercase potential matching keys in mq plugins
 2019-01-30 13:21:19 -06:00
Brandon Myers 25488a483b
Merge pull request #1071 from mozilla/add_plugins_field_events 
Add plugins field to events and populate with mq plugins ran
 2019-01-30 13:20:43 -06:00
Michal Purzynski fc422b4327 Remove debugging leftovers 2019-01-29 20:40:42 -08:00
Michal Purzynski 6f18480102 PEP8 changes 2019-01-24 15:52:25 -08:00
Brandon Myers 2db449ec5c
Add plugins field to events and populate with mq plugins ran 2019-01-24 15:36:06 -06:00
Brandon Myers 92edd1d0c1
Lowercase potential matching keys in mq plugins 2019-01-24 15:30:24 -06:00
Brandon Myers 57c5dad652
Replace timer with threads 2019-01-23 11:59:31 -06:00
Brandon Myers 6c5ea5083e
Replace timer with thread for reauth in cloudtrail 2019-01-23 11:05:37 -06:00
Brandon Myers 0522b3ce6c
Remove duplicate code from cloudtrail worker 2019-01-22 12:39:47 -06:00
Brandon Myers 08749db287
Modify import for get_aws_credentials 2019-01-22 12:39:35 -06:00
Brandon Myers 7e7c10fdbb
Rename common file to lib/aws 2019-01-22 12:37:46 -06:00
Brandon Myers 7576a55ed7
Merge pull request #990 from ryandeivert/ryandeivert-dry-get-creds 
deduplicating get_aws_credentials function
 2019-01-22 12:35:23 -06:00
Michal Purzynski 529dfa45e4 Changed the data model, added heuristics to figure the destination in case of denies 2019-01-22 10:21:46 -08:00
Michal Purzynski 40d6c12ca3 A new plugin - parse Squid access log messages, coming from syslog-ng via AMQP. Replaces the squid2mozdef script 2019-01-18 16:51:44 -08:00
Brandon Myers 0f014f152f
Fixup filterlog mq plugin 2019-01-14 12:12:43 -06:00
Brandon Myers d8d88a5d35
Merge pull request #1020 from mozilla/lower_keys_fixes 
lowercasing tags for fxa
 2018-12-27 13:22:26 -05:00
Michal Purzynski 319532aed7 Remove the netaddr import 2018-12-26 14:50:32 -08:00
Michal Purzynski d93b2cbb29 Work around the lower_case plugin changes 2018-12-26 14:43:29 -08:00
Phrozyn 15b174743c
lowercasing tags for fxa, this fixes nothing. 2018-12-26 16:03:55 -06:00
Phrozyn 2963b703c9
moving this to run after lower_keys.py 2018-12-19 14:52:15 -06:00
Phrozyn 5da575f246
Correcting registration for fxa events, and removing replacement code. 2018-12-19 14:49:42 -06:00
Phrozyn 6e4d12c717
Resolving areas where keys are manipulated after lower_keys is run. 2018-12-19 11:27:00 -06:00
A Smith 9abad28a43
Merge pull request #1004 from mozilla/key_update_for_pulseguardian 
updating key fields for pulseguardian events to move source_ip to sou…
 2018-12-18 17:41:47 -06:00
A Smith 7215580095
Merge pull request #964 from mozilla/lower_keys 
Lower keys
 2018-12-18 17:41:27 -06:00
Brandon Myers 97409a248c
Merge pull request #995 from mozilla/add_port_details_root 
Move source port and destination port to details root
 2018-12-18 12:48:56 -06:00
Phrozyn 365c565023
updating key fields for pulseguardian events to move source_ip to sourceipaddress. 2018-12-17 10:58:39 -06:00
Brandon Myers 46be867d2f
Fixup unused variables check 2018-12-14 14:06:21 -06:00
Brandon Myers df84a1942d
Fixup block comments not having a space after hash 2018-12-14 13:40:07 -06:00
Brandon Myers be7788089d
Fixup missing whitespace around arithmetic operator 2018-12-14 12:49:25 -06:00
Brandon Myers 09989706a0
Fixup closing bracket indentation not matching original 2018-12-14 12:39:23 -06:00
Brandon Myers d04485c850
Fixup pep8 undefined library 2018-12-14 12:27:57 -06:00
Brandon Myers fc771bd531
Remove unused import statements 2018-12-14 11:34:42 -06:00
Brandon Myers e77b791c8a
Merge pull request #934 from mpurzynski/githubevent_pr 
A MozDef plugin that parses GitHub's Webhook events to create meaning…
 2018-12-13 15:52:41 -05:00
Michal Purzynski 9693dfa58e Address nits from the review - use mozdef_util instead of changing the path, remove unnecessary config file 2018-12-12 12:47:12 -08:00
Brandon Myers 4e28602162
Move source port and destination port to details root 2018-12-10 01:55:54 -05:00
Jeff Bryner 410eb27e1b explicitly accept/map 'source' field 2018-12-03 15:38:24 -05:00
Michal Purzynski 43f1fa2f53 Dynamically resolve path to the config file 2018-11-29 18:06:36 -08:00
Ryan Deivert 42032a99a7 deduplicating get_aws_credentials function 2018-11-29 15:37:45 -08:00
Michal Purzynski ebfacbe147 Move the mapping configuration to a plugin directory 2018-11-29 13:53:43 -08:00