mozilla
/
MozDef
зеркало из https://github.com/mozilla/MozDef.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
1 842 коммитов 4 Ветки 53 Теги 68 MiB
Граф коммитов

328 Коммитов

Автор SHA1 Сообщение Дата
Brandon Myers 6bbc261e8b
Readd used crons 
Signed-off-by: Brandon Myers <bmyers@mozilla.com>
 2017-06-15 15:03:31 -05:00
Brandon Myers e1b8fd1f99
Modify eventStatsAlerts.py cron script with dependency 
Signed-off-by: Brandon Myers <bmyers@mozilla.com>
 2017-06-15 15:03:30 -05:00
Brandon Myers 27e101b241
Update collectSSHFingerprints.py cron script 
Signed-off-by: Brandon Myers <bmyers@mozilla.com>
 2017-06-15 15:03:30 -05:00
Brandon Myers 691e551ca3
Update correlateUserMacAddress.py cron script 
Signed-off-by: Brandon Myers <bmyers@mozilla.com>
 2017-06-15 15:03:30 -05:00
Brandon Myers 1ef8576ef5
Update cloudtrail2mozdef.py cron script 
Signed-off-by: Brandon Myers <bmyers@mozilla.com>
 2017-06-15 15:03:30 -05:00
Brandon Myers fd7b273fea
Update cloudTrailAlerts.py cron script 
Signed-off-by: Brandon Myers <bmyers@mozilla.com>
 2017-06-15 15:03:29 -05:00
Brandon Myers a202a88b62
Update collectAttackers.py cron script 
Signed-off-by: Brandon Myers <bmyers@mozilla.com>
 2017-06-15 15:03:29 -05:00
Brandon Myers ac23691809
Remove comments from syncAlertsToMongo 
Signed-off-by: Brandon Myers <bmyers@mozilla.com>
 2017-06-15 15:03:29 -05:00
Brandon Myers 944624fd04
Remove comment from healthToMongo cron 
Signed-off-by: Brandon Myers <bmyers@mozilla.com>
 2017-06-15 15:03:29 -05:00
Brandon Myers b60eca5c93
Update createIPBlockList.py cron script 
Signed-off-by: Brandon Myers <bmyers@mozilla.com>
 2017-06-15 15:03:29 -05:00
Brandon Myers d3425772b6
Update esCacheMaint.py cron script 
Signed-off-by: Brandon Myers <bmyers@mozilla.com>
 2017-06-15 15:03:28 -05:00
Brandon Myers 34ddc557a3
Update healthAndStatus.py cron script 
Signed-off-by: Brandon Myers <bmyers@mozilla.com>
 2017-06-15 15:03:28 -05:00
Brandon Myers 46fd487ee6
Fixup healthToMongo with health stats in ES 
Signed-off-by: Brandon Myers <bmyers@mozilla.com>
 2017-06-15 15:03:28 -05:00
Brandon Myers 7bc678b2d9
Update pruneIndexes.py cron script 
Signed-off-by: Brandon Myers <bmyers@mozilla.com>
 2017-06-15 15:03:25 -05:00
Brandon Myers ac52fc3f70
Update rotateIndexes.py cron script 
Signed-off-by: Brandon Myers <bmyers@mozilla.com>
 2017-06-15 15:03:25 -05:00
Brandon Myers 0a443b8668
Fix up syncAlertsToMongo cron 
Signed-off-by: Brandon Myers <bmyers@mozilla.com>
 2017-06-15 15:03:25 -05:00
Phrozyn 39a9d91017
adding cronic script to filter cron emails - avoiding email overload. 2017-06-15 15:03:25 -05:00
Phrozyn 80c3240002
Updating defaultTemplate.json to include apiVersion as a string. 2017-06-15 15:03:24 -05:00
Phrozyn 90e80a4c24
removed defaulttemplate object from json. 2017-06-15 15:03:24 -05:00
Phrozyn f035de521d
Addding sourceipv4address field to be a string. 2017-06-15 15:03:24 -05:00
Phrozyn bb4d4a3ce9
Addding sourceipv4address field to be a string. 2017-06-15 15:03:24 -05:00
Phrozyn 159612eaf1
Addding sourceipv4address field to be a string. 2017-06-15 15:03:24 -05:00
Brandon Myers a77d67d64d
Remove cloudtrail2mozdef hack 
Signed-off-by: Brandon Myers <bmyers@mozilla.com>
 2017-06-15 15:03:23 -05:00
Brandon Myers fccd23128e
Configure auth02mozdef.json 
Signed-off-by: Brandon Myers <bmyers@mozilla.com>
 2017-06-15 15:03:23 -05:00
Brandon Myers 38ee234650
Add auth02mozdef cron files 
Signed-off-by: Brandon Myers <bmyers@mozilla.com>
 2017-06-15 15:03:22 -05:00
Brandon Myers 3dc6f1d780
Be explicit about config file inclusions in cron 
Signed-off-by: Brandon Myers <bmyers@mozilla.com>
 2017-06-15 15:03:05 -05:00
Brandon Myers a7b7f36653
Remove unused cron scripts excluding setupIndexTemplates 
Signed-off-by: Brandon Myers <bmyers@mozilla.com>
 2017-06-15 15:03:02 -05:00
Phrozyn 9fdbdc0d1d
adding new default mapping template. 2017-06-15 15:02:48 -05:00
Brandon Myers 6caaad320d
Remove duplicate definitions of toUTC 
Signed-off-by: Brandon Myers <bmyers@mozilla.com>
 2017-06-15 15:02:46 -05:00
Phrozyn 8ceb41f033
Removing notifyRelengSSHAccess from cron 2017-06-15 15:01:05 -05:00
Phrozyn ca493ac4bf
mend 2017-06-15 15:00:49 -05:00
Phrozyn 4418ddcd3a
Corrected original config for QA1. 2017-06-15 15:00:48 -05:00
Brandon Myers 375b0290de
Update conf files to use US/Pacific 
Signed-off-by: Brandon Myers <bmyers@mozilla.com>
 2017-06-15 15:00:48 -05:00
Brandon Myers 79c5cf96ed
Update cron to use US/Pacific as timezone 
Signed-off-by: Brandon Myers <bmyers@mozilla.com>
 2017-06-15 15:00:47 -05:00
Phrozyn 402eb250a7
diff config for releng ssh access. 2017-06-15 15:00:46 -05:00
Phrozyn c2ee6e63c4
Changed RelengSSH.conf to UTC 2017-06-15 15:00:45 -05:00
Brandon Myers 0735c61f09
Update releng SSH script to use UTC 
Signed-off-by: Brandon Myers <bmyers@mozilla.com>
 2017-06-15 15:00:44 -05:00
Phrozyn 0d403940ca
Removed counter and Events, only sending timestamp and summary. 2017-06-15 15:00:44 -05:00
Phrozyn d6c1a88733
Updated notifyRelengSSHAccess.conf with address for cron email to releng team. 2017-06-15 15:00:44 -05:00
Phrozyn e88bf198b3
Adjusted timing of notifyRelengSSHAccesstimedelta and ssh_access_signreleng_pyes timedelta. 2017-06-15 15:00:44 -05:00
Phrozyn 84a03b09c7
modified notify for releng signing infra to 24 hours 2017-06-15 15:00:43 -05:00
Phrozyn 6430b8f2d0
Added logic to filter out infrasec logins. 2017-06-15 15:00:43 -05:00
Brandon Myers 99fa7ca655
Remove rra files 
Signed-off-by: Brandon Myers <bmyers@mozilla.com>
 2017-06-15 15:00:42 -05:00
A Smith 75d6bfda3b
Corrected path for qaipblocklist.txt 
Corrected path for qaipblocklist.txt
 2017-06-15 15:00:42 -05:00
Brandon Myers b3ef583338
Update leftover files from public repo 
Signed-off-by: Brandon Myers <bmyers@mozilla.com>
 2017-06-15 14:59:39 -05:00
Brandon Myers 1d8c59b93f
Setup codebase for merge of two repos 2017-06-15 14:56:47 -05:00
A Smith 261e360997 Adding defaultTemplate back in 2016-11-04 09:27:00 -05:00
A Smith 9fa80ec31e Removing this template to add a new one 2016-11-04 09:19:06 -05:00
Jeff Bryner ca3a441664 correction to default mapping to allow for sub objects while explicitly choosing which types to convert to string 2016-10-30 20:26:31 -07:00
Jeff Bryner 73a685e3d2 update default mapping to match all fields as string non analyzed by default, explicitly set exceptions 2016-10-30 11:13:35 -07:00
Gene Wood 0c7e411262 Remove cloudtrail logic which hard codes the S3 bucket name if the script can not authenticate to the target AWS account. 
https://bugzilla.mozilla.org/show_bug.cgi?id=1217976
 2016-10-27 12:20:01 -07:00
kang cb33e86b33 Add support to import auth0 logs intomozdef 2016-08-04 14:28:29 -07:00
Jeff Bryner 1ae54e25f6 Merge pull request #348 from pwnbus/standardize_bro_intel 
Standardize other bro_* categories
 2016-06-28 12:24:34 -07:00
Brandon Myers 5765bdf7b7 Update other bro_* categories 
Signed-off-by: Brandon Myers <bmyers@mozilla.com>
 2016-06-28 13:47:40 -05:00
Brandon Myers 0669b6594d Update bro_notice category to bronotice 
Signed-off-by: Brandon Myers <bmyers@mozilla.com>
 2016-06-28 13:26:33 -05:00
Jeff Bryner 48a650f379 Merge pull request #323 from yashmehrotra/master 
[Mozilla Winter of Security] 3D interactive Attack visualization via Landmass
 2016-01-24 11:51:49 -08:00
Yash Mehrotra 5c23ef38fe Added read field in collectAttackers 
Frontend working for Read

Batman is awesome

Empty Vessels make the most noise -> Yash Mehrotra
 2016-01-18 19:13:07 +05:30
Jeff Bryner 57a87866f2 Merge pull request #315 from gdestuynder/master 
Fixup and normalize input of Okta logs
 2015-11-18 13:43:52 -08:00
Jeff Bryner b2e29997de add index templates 2015-11-16 14:59:13 -08:00
Guillaume Destuynder ea1cac493d Normalize details.sourceipaddress, details.username, details.sourceuri from Okta logs 
See also https://github.com/jeffbryner/MozDef/issues/312
 2015-11-06 16:27:03 -08:00
Guillaume Destuynder e7ac3581b5 Report errors when failing to communicate with Okta 2015-11-06 14:29:45 -08:00
Guillaume Destuynder 9d170e3bef Use state class for saving the lastrun state (imported from cloudtrail2mozdef.py) 2015-11-06 14:04:36 -08:00
Guillaume Destuynder 8d5d3cd12a Fix trailing whitespaces 2015-11-05 14:58:51 -08:00
Gene Wood 312fcad8a4 Wrapped additional AWS calls with exception handling 2015-10-21 15:33:58 -07:00
Gene Wood f84e9726a7 Added the ability to iterate over multiple AWS accounts, multiple regions, and the s3 buckets associated with the CloudTrail in each account/region combination 
* Added RoleManager to cache and manage assumed IAM roles and their credentials
* Added HACK to workaround missing permissions requested in https://bugzilla.mozilla.org/show_bug.cgi?id=1216784
* Added State class to manage and store state instead of writing state to the config file
* Constrained s3 bucket key searches to the specific paths that we're interested in, instead of all keys in all paths of the bucket
* Constrained searches for account/region combinations which have no lastrun value to the previous hour instead of the previous 2 days
* Added new options
  * aws_accounts : comma delimited list of AWS account IDs to gather CloudTrail data from
  * assumed_role_arns : comma delimited list of ARNs of AWS IAM Roles in various AWS accounts that we can assume in order to query for CloudTrail configuration or fetch s3 data
  * bucket_account_map : json encoded dictionary of the mapping of s3 bucket names to their associated AWS account numbers
  * state_file_name : filename of the new state storage json file
  * regions : list of AWS regions to iterate over for each account looking for CloudTrail configurations
* Removed options
  * lastrun : this information is now stored in the state file instead of the config
 2015-10-21 13:40:29 -07:00
Jeff Bryner b9adf1d2bb add support for google api login/logout event import, closes #272 2015-05-14 16:00:00 -07:00
Jeff Bryner 9a5eae8454 minor: fix missing parens, closes #266 2015-04-01 10:16:18 -07:00
Jeff Bryner a0a993e432 ignore 0.0.0.0, closes #266 2015-04-01 09:53:14 -07:00
Jeff Bryner 97b9296b69 correct the aggregation, add broadcast attacker option, closes #263, closes #264 2015-03-28 07:40:20 -07:00
Jeff Bryner 08859d75b2 add auto categorization of attackers, closes #262 2015-03-27 08:39:55 -07:00
Jeff Bryner 648f484d71 minor bugfix in format string 2015-03-27 08:37:44 -07:00
Jeff Bryner f6484f5c92 add cronjob for alerting on event category statistical deviations over time 2015-02-26 17:04:04 -08:00
Jeff Bryner f9361c1151 lower the threshold for attacker creation 2015-01-30 09:20:31 -08:00
Julien Vehent 76727906c3 fix mig api error location in mig2mozdef.py 2015-01-26 09:19:52 -05:00
Jeff Bryner 9e5ecb4873 explicitly set alert exchange to durable 2015-01-15 15:25:13 -08:00
Jeff Bryner b8ffb3a21d minor chmod +x 2015-01-13 14:55:25 -08:00
Jeff Bryner 7c8fa9592e chmod +x and update target conf file 2014-12-19 12:32:11 -08:00
Jeff Bryner 6ef2631c40 fix old/new index mismatch between log message and action 2014-12-18 17:02:46 -08:00
Jeff Bryner 2b2c4fb3e3 minor cleanup to comments, logging 2014-12-18 16:54:25 -08:00
Jeff Bryner 2b53c6cd1f logic updates, debug messages with moar info 2014-12-18 16:02:09 -08:00
Jeff Bryner e86c71834a update snapshot backup to allow multiple snapshots/day 2014-12-18 14:32:41 -08:00
Jeff Bryner 2352b475e2 correct mixed tabs/spaces 2014-12-15 15:39:26 -08:00
Jeff Bryner 34b6fcb483 Merge pull request #120 from netantho/averez-114-snapshots 
better snapshots
 2014-12-15 12:48:46 -08:00
Jeff Bryner a43c0eaeb3 add correlation for user to mac address in new intel index closes #211 2014-12-09 15:19:26 -08:00
Jeff Bryner 844cc0e7df add event stats to the health/status 2014-12-09 09:35:44 -08:00
Jeff Bryner cc306e8a3f minor query change 2014-12-09 09:35:17 -08:00
Jeff Bryner 3f902121ab Add aggregation cron script to tally category counts for statistical analysis, closes #207 2014-12-01 10:24:14 -08:00
Julien Vehent 6cf16bdb35 minor fixes to mig2mozdef 2014-11-26 12:49:30 -05:00
Jeff Bryner 003a2f3bfc Merge pull request #203 from jvehent/migpgpauth 
Replace client cert with PGP token in mig2mozdef.py
 2014-11-26 08:14:25 -08:00
Julien Vehent 67e5f9e963 Replace client cert with PGP token in mig2mozdef.py 
This will require provisioning changes to replace the existing client cert with a
gnupg keyring in puppet.
 2014-11-15 17:02:17 -05:00
Jeff Bryner 7aa3f1e0cb round occasionally long, longs from rabbit queue api 2014-11-14 13:14:30 -08:00
Jeff Bryner c7c1d20d22 Add facility to create IP block list based on attackers. Closes #198 2014-11-04 15:13:52 -08:00
Jeff Bryner 059b297b8a move okta default event structure to details for consistency with other event structures 2014-10-21 09:02:31 -07:00
Jeff Bryner a71f0cea24 add import script for okta sso events 2014-10-20 16:55:27 -07:00
Jeff Bryner 628b3ff4aa add index to the esmetadata.id field 2014-10-20 10:39:22 -07:00
Julien Vehent d0439082e9 fix status value in MIG api search for mig2mozdef 2014-10-11 22:45:59 -04:00
Jeff Bryner 1944f8fa16 fill in some rarely used toUTC gaps 2014-10-08 10:51:59 -07:00
Jeff Bryner ab375094f5 watchdog script to monitor JVM memory usage and clear cache to lower memory usage if needed 2014-10-08 10:40:06 -07:00
Jeff Bryner b95ce562fb add health to mongo run to the status shell script 2014-10-08 10:39:25 -07:00
Jeff Bryner 618675b72b UTC date default for sync alert search, update dockerfile to all alerts.js, events.js 2014-08-05 23:46:18 -07:00
Jeff Bryner 457d1ccf4c don't assume default timezone 2014-08-05 13:37:43 -07:00
Jeff Bryner 2306bdc28c move health jobs to UTC by default 2014-08-02 07:53:24 -07:00
Jeff Bryner ddef220c08 fixup cloudtrail for occasionally missing elements 2014-08-02 07:52:02 -07:00
Jeff Bryner 145ffb3918 sometimes country is not found..allow for no coords as well if it happens 2014-07-31 16:18:33 -07:00
Jeff Bryner c5bbbc3eaf minor update to toutc to allow for unicode 2014-07-29 16:12:33 -07:00
Jeff Bryner 6c56c1a5c0 limit # attackers displayed, pull down to choose amount, moar sanity in deps checking for redraws 2014-07-29 09:12:39 -07:00
Jeff Bryner d380d822d9 update attackers data model, collection, aggregation and filtering. Add attacker globe visualization 2014-07-28 09:35:45 -07:00
Julien Vehent 0d19b2baf1 harder mig2mozdef: better timeout, faster requests, stronger errors 2014-07-25 12:15:44 -04:00
Julien Vehent 3d8ee8242c mig2mozdef: raise exception when api does not return a 200 2014-07-25 11:56:27 -04:00
Jeff Bryner 4b3ded64e6 first pass at attacker aggregation 2014-07-20 21:30:53 -07:00
Jeff Bryner a97d5502af ensure alerts has a utcepoch index for constant last event querying 2014-07-18 14:12:36 -07:00
Julien Vehent 9b59aed9f5 simplify nesting of compliance items in MIG API 2014-07-14 15:32:24 -04:00
Anthony Verez e6b4515b60 averez-mig-bugfix: add threatfamily=compliance in MIG url 2014-07-10 11:14:39 -07:00
Jeff Bryner fd0964ed00 sync script for alerts->mongo 2014-07-01 13:11:51 -07:00
Jeff Bryner da70b8206b updated bro alert searches 2014-06-28 06:32:38 -07:00
jeffbryner 6ca4a9644b Merge pull request #124 from netantho/averez-mig-bugfix 
averez-mig-bugfix: Reverse list to process old compliance checks first, ...
 2014-06-26 15:28:58 -07:00
Anthony Verez 94b9664125 averez-mig-bugfix: Reverse list to process old compliance checks first, older later 2014-06-26 12:14:08 -07:00
Jeff Bryner 650d600371 correlate and track ssh fingerprints 2014-06-24 16:58:21 -07:00
Anthony Verez 5b35fe399c averez-114-snapshots: fix indentation for indices rotation 2014-06-19 15:31:33 -07:00
Anthony Verez b1b5315599 averez-114-snapshots: changes with jeff's feedback 2014-06-19 12:14:22 -07:00
Anthony Verez 3d12f90ebb averez-114-snapshots: update rotate index script to use backup.conf 2014-06-19 11:17:27 -07:00
Anthony Verez bcaee95031 averez-114-snapshots: new pruning script using backup.conf 2014-06-19 09:49:50 -07:00
Anthony Verez 5214afe467 averez-114-snapshots: delete old backup script 2014-06-18 16:40:54 -07:00
Anthony Verez 0603868d12 averez-114-snapshots: add backuping script 2014-06-18 16:40:23 -07:00
Jeff Bryner ae11b8ba66 sync health stats with no ack option 2014-06-18 15:07:35 -07:00
Anthony Verez 4a21c4c280 averez-114-snapshots: add discovering script 2014-06-17 16:56:12 -07:00
Jeff Bryner 191fcdfd7b check requests status 2014-06-17 09:01:24 -07:00
Jeff Bryner 70e6514328 add options for ssl ca cert, quieter logging 2014-06-17 07:53:00 -07:00
jeffbryner 7cf0538e42 Merge pull request #119 from netantho/averez-mig 
Add mig2mozdef cron script
 2014-06-16 16:02:43 -07:00
Anthony Verez d62655861d averez-mig: fix mig script 2014-06-16 15:58:10 -07:00
Anthony Verez b169c66780 averez-114-snapshots: delete obsolete backup script 2014-06-16 11:26:09 -07:00
Anthony Verez fa5b5cff5f averez-mig: Add mig2mozdef cron script 2014-06-16 10:54:11 -07:00
Jeff Bryner 1c1d86fd31 moar reliable importing 2014-06-12 16:08:44 -07:00
Jeff Bryner 1db93bab5f health/status screen and schema updates to allow for vhosts, multiple queues, etc 2014-06-09 12:34:29 -07:00
Jeff Bryner e96181fe30 send a status ID health record to make it easier to retrieve current stats 2014-06-08 09:16:35 -07:00
Jeff Bryner 19180ab299 update child events representation 2014-06-02 08:34:43 -07:00
Jeff Bryner 2a6da59a38 update to better child document representation 2014-06-02 08:34:00 -07:00
Jeff Bryner 7729b98e39 set template name and file in the .conf file 2014-05-22 15:46:44 -07:00
Anthony Verez 1e2ec563ba netantho-105-ttl: refactor setupIndexTemplates.py and es-docs/inject.py to use a common module 2014-05-20 11:28:07 -07:00
Anthony Verez 370eb154ee netantho-105-ttl: fix json syntax in index template setup script 2014-05-16 16:45:51 -07:00
Anthony Verez 20da7fc970 netantho-105-ttl: try fixing config file path for esworker ttl plugin 2014-05-16 14:52:09 -07:00
Jeff Bryner 326d5f90ed chmod +x 2014-05-04 13:56:00 -07:00
Jeff Bryner 088b9e9ba1 fix for missing messages_ready stats in rabbitmq api 2014-05-04 13:55:31 -07:00
Anthony VEREZ d683b567ab Merge pull request #93 from netantho/averez-56-healthinfo 
health webpage
 2014-05-04 00:30:38 -07:00
Anthony Verez e4b46f1bdf averez-56-healthinfo: fix disk spaces units and various stuff 2014-05-02 18:18:47 -07:00
Anthony Verez ca17adfe25 averez-56-healthinfo: save es hot threads in mongo 2014-05-02 18:04:52 -07:00
Anthony Verez fb61ee8483 averez-56-healthinfo: save es nodes stats to mongo 2014-05-02 17:38:52 -07:00
Anthony Verez 3904760c9c averez-56-healthinfo: send escluster health info to mongo 2014-05-02 15:43:51 -07:00
Anthony Verez 864373019e averez-56-healthinfo: store frontend stats in mongo 2014-05-01 17:43:51 -07:00
Anthony Verez 58f48f6a6a averez-56-healthinfo: pep8 2014-05-01 17:22:23 -07:00
Jeff Bryner a9be3ab567 add email analyze prefs to index templates 2014-04-30 21:39:34 -07:00
Anthony Verez dcde5cdfda averez-22-license: Fix license stuff (Closes #22) 2014-04-16 11:40:15 -07:00
Jeff Bryner 16ef4e6411 add initial setup for index templates 2014-04-13 16:21:37 -07:00
Jeff Bryner 1610f310b4 limit to current events index 2014-04-13 16:20:01 -07:00
Jeff Bryner 53ba93d87a change alerts to monthly rotation, add alias for previous day events 2014-04-13 16:19:22 -07:00
Jeff Bryner 90561c7d6a rework index pruning 2014-04-13 16:18:06 -07:00
Jeff Bryner 2bfb1a2d9b explicitly define the config file 2014-04-03 21:11:11 -07:00
Jeff Bryner b4061b4ac9 add load average stats 2014-04-01 11:57:15 -07:00
Jeff Bryner 851415ce06 health and status cron to report EPS from the rabbit-mq server queues 2014-04-01 11:50:21 -07:00
Jeff Bryner d22d6d3f55 make it exec 2014-03-27 08:46:01 -07:00
Jeff Bryner 840efeb606 merge upstream doc changes 2014-03-25 17:13:24 -07:00
Jeff Bryner a40aa67d24 allow for alerting on non-dns AWS instances..pick the best alerting text 2014-03-25 17:12:40 -07:00
jeffbryner 1e217504f9 update comment with correct procedure 2014-03-24 17:05:37 -07:00
jeffbryner ee0832851a Merge pull request #15 from netantho/averez-backup10 
[averez-backup10] new snapshot/restore script for ES1.0 using AWS S3
 2014-03-24 17:03:35 -07:00
Anthony Verez c9a5b21cbf [averez-backup10] new snapshot/restore script for ES1.0 using AWS S3 2014-03-24 16:59:48 -07:00
Jeff Bryner 6c52dad429 flatten dict to comply with ES 1.0 update issues 2014-03-24 15:05:13 -07:00
Jeff Bryner ca75ef6845 update bro alerts to account for default ES search size 2014-03-24 15:03:26 -07:00
Jeff Bryner 978817ee75 fix occasional ES error when cross referencing events in raw ES format..send as text instead 2014-03-21 16:37:43 -07:00
Jeff Bryner 577d929a3d fixup errant category/type mismatch 2014-03-21 14:24:49 -07:00
Jeff Bryner 8eb42a7c5f changes to support bro intelligence alerting 2014-03-21 14:24:12 -07:00
Jeff Bryner 787e71e060 add options for multiple es servers 2014-03-20 12:32:08 -07:00
Jeff Bryner 3b5ed3336a utc date based rotation 2014-03-07 16:15:09 -08:00
Jeff Bryner a44e231af7 chmod +x 2014-03-07 15:19:41 -08:00
Jeff Bryner deeeb817a6 minor python version change 2014-03-07 11:01:19 -08:00
Jeff Bryner b5688992a0 initial pruning script, set to 10 days of history 2014-03-07 10:59:19 -08:00
Jeff Bryner 75311e94dc initial backup script for ES to S3 2014-03-07 10:57:18 -08:00
Guillaume Destuynder d2be992a76 Updated license file to conform with MPL 2014-02-25 09:55:02 -08:00
Jeff Bryner 3abf3b1d45 adding cronjob scripts 2014-02-17 23:51:35 -08:00