mozilla
/
MozDef
зеркало из https://github.com/mozilla/MozDef.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
1 842 коммитов 4 Ветки 53 Теги 68 MiB
Граф коммитов

328 Коммитов

Автор SHA1 Сообщение Дата
Brandon Myers e83ae23316
Use https as protocol for geolite db 2017-08-16 18:53:25 -05:00
Brandon Myers f32a2ab885
Add verification to geolite db update script 2017-08-16 17:23:12 -05:00
Michal Purzynski e9da8913bf Merge pull request #433 from mozilla/update_geolite_db 
Update geolite db
 2017-08-16 10:02:03 -07:00
Brandon Myers 53828fafd8
Save geolite db to temp location then move into place 2017-08-16 11:47:06 -05:00
Brandon Myers 7139c0c56b
Add receivedtimestamp file to okta events 2017-08-15 19:51:27 -05:00
Brandon Myers ab1e067e94
Add ipv4 check on field 2017-08-15 19:35:23 -05:00
Brandon Myers ed82c77566
Add support for updated geolite db 2017-08-15 18:47:55 -05:00
Brandon Myers b6db285e93
Make update geolite db sh script executable 2017-08-15 14:53:47 -05:00
Brandon Myers 98b41b4a44
Add cron script to download new geolite db 2017-08-15 13:27:26 -05:00
A Smith 6335fa7bc8 Merge branch 'master' into add_docker_compose 2017-08-07 10:18:39 -05:00
Brandon Myers 6856c9b613
Move default ES mapping to config directory 2017-08-04 16:54:01 -05:00
Brandon Myers 2721bdc2cb
Add ability for docker-compose to start containers 2017-08-04 14:30:11 -05:00
Brandon Myers 016087d863
Remove unused compromisedCreds cron 2017-08-01 10:56:12 -05:00
Jonathan Claudius f324f7d7cb
Rename conf files 2017-07-07 14:39:28 -04:00
Jonathan Claudius 0f3dc9967c
Revert back to pre-existing conf ref 2017-07-07 14:32:57 -04:00
Jonathan Claudius d9b760d205
Remove unused healthAndStatus-fxa.py and fix healthAndStatus-fxa.sh 2017-07-07 14:29:41 -04:00
Brandon Myers 11ac4dd835
Update files that were diff between two repos 2017-06-15 15:14:57 -05:00
Brandon Myers 63b3cf2194
Remove old leftover files 2017-06-15 15:13:03 -05:00
Brandon Myers 9b29222b95
Fix mistake in threat exchange file 2017-06-15 15:07:22 -05:00
Brandon Myers 8adbb63f75
Fixup name for malware type in tx 2017-06-15 15:07:21 -05:00
Brandon Myers 95ee578824
Improve threat exchange pull cron script 2017-06-15 15:07:21 -05:00
Brandon Myers e73b47c9c8
Fixup state file location tx 2017-06-15 15:07:20 -05:00
Brandon Myers bd7434e161
Consolidate threat exchange into one cron 2017-06-15 15:07:20 -05:00
Brandon Myers e6d8cb1130
Add ip addresses from threat exchange cron 2017-06-15 15:07:20 -05:00
Brandon Myers c4412d811b
Add import ip addresses conf and shell script 2017-06-15 15:07:20 -05:00
Brandon Myers 46991a3202
Add logger statement to malware hashes cron 2017-06-15 15:07:20 -05:00
Brandon Myers 1ae811c79b
Improve import malware hashes cron 2017-06-15 15:07:19 -05:00
Brandon Myers dcd219c55a
Add esserver option to config 2017-06-15 15:07:19 -05:00
Brandon Myers 42e34c65fc
Add state file with tests 2017-06-15 15:07:19 -05:00
Brandon Myers aa497395a7
Switch cloudtrail from cron to mq worker 2017-06-15 15:07:17 -05:00
Brandon Myers c0065d2040
Revert logger level in collectAttackers 2017-06-15 15:06:35 -05:00
Brandon Myers b8cf92db3e
Fixup collect attackers cron script 2017-06-15 15:06:35 -05:00
Brandon Myers f74c5d9cc1
Remove events from within attacker 2017-06-15 15:06:35 -05:00
Brandon Myers af076542e2
Fixup collectAttackers script to remove events as attacker key 2017-06-15 15:06:34 -05:00
Brandon Myers d5f3966da8
Loop through dates better in rotateIndexes 2017-06-15 15:06:33 -05:00
Brandon Myers 5d197bfe91
Create events weekly alias 2017-06-15 15:06:33 -05:00
Brandon Myers 604dd0c898
Remove print statement in compromisedCreds cron 2017-06-15 15:06:32 -05:00
Brandon Myers cdb49ba648
Bump pytx version and update compromisedCreds cron 2017-06-15 15:06:32 -05:00
Brandon Myers 50961a4fc8
Update compromisedCreds with new threat exchange api 2017-06-15 15:06:32 -05:00
Brandon Myers 7c76c86efd
Revert "Revert "Auth0 fixes"" 
This reverts commit e90c1f4a0a06d66578ac0276d8b442273274ab6e.
 2017-06-15 15:06:28 -05:00
A Smith f4e442b679
Revert "Auth0 fixes" 2017-06-15 15:06:24 -05:00
Guillaume Destuynder (kang) c2a4ac5aa9
Fixups: enclose some field operations in try..except 
use a non-reserved keyword for summary formatting
 2017-06-15 15:06:23 -05:00
Guillaume Destuynder (kang) 54b3946988
Show the auth0 connection in the mozdef event 2017-06-15 15:06:23 -05:00
Guillaume Destuynder (kang) bfccf2b33d
Store auth0 source (auth0 prod or dev for ex) in event.hostname instead 
of event.source, since the later gets dropped anyway, and hostname seems
like the right place regardless
 2017-06-15 15:06:23 -05:00
Guillaume Destuynder (kang) 834247038e
Fix comment to point to new auth0 API url 2017-06-15 15:06:23 -05:00
Guillaume Destuynder (kang) f7dd17f90b
Use user's name as.. username, instead of a username object to fix https://bugzilla.mozilla.org/show_bug.cgi?id=1352562 2017-06-15 15:06:23 -05:00
Guillaume Destuynder (kang) 122c7bd1f8
Drop "msg.details.details" as this structure of log does not seem to 
exist in auth0 any longer
Use "details.auth0_raw" to store the raw auth0 msg as it no longer
includes huge json docs, so this is actually useful
Replace ad-hoc unicode conversion by a generic conversion function
(byteify), this also should fixes python3 compat
 2017-06-15 15:06:22 -05:00
Guillaume Destuynder (kang) 03d41929de
Emit debug msg and fallback to the msg code when there is no mapping to 
a known msg string
 2017-06-15 15:06:22 -05:00
Guillaume Destuynder (kang) 95d1389525
Add support for new fields: 
seacft: Success Exchange (Authorization Code for Access Token)
feacft: Failed Exchange (Authorization Code for Access Token)

Add traceback support for debugging missing fields
 2017-06-15 15:06:22 -05:00
Phrozyn 9e243733a6
Adding details.hostname to defaulttemplate so that the hostname is always mapped as a string. 2017-06-15 15:06:06 -05:00