865 Коммитов

Все ветки

Поиск

Автор	SHA1	Сообщение	Дата
Jeff Bryner	2b53c6cd1f	logic updates, debug messages with moar info	2014-12-18 16:02:09 -08:00
Jeff Bryner	e86c71834a	update snapshot backup to allow multiple snapshots/day	2014-12-18 14:32:41 -08:00
Jeff Bryner	ad921e243d	Merge pull request #218 from gdestuynder/master ... Replacing mozdef_lib by mozdef_client	2014-12-17 10:35:34 -08:00
Guillaume Destuynder	fe7a6f95bb	Replacing mozdef_lib by mozdef_client ... Basically a: s/mozdef/mozdef_client For use with your client-side code, change: import mozdef to: import mozdef_client This change clarifies that this library is for client-side code such as sending MozDef events.	2014-12-17 18:10:31 +01:00
Jeff Bryner	c104efd126	Merge pull request #216 from jvehent/master ... complianceitems plugin, take 2	2014-12-16 17:02:00 -08:00
Julien Vehent	25f5ec69d6	complianceitems plugin, take 2	2014-12-16 19:03:59 -05:00
Jeff Bryner	1777c70781	Merge pull request #215 from jvehent/master ... complianceitems mozdef plugin, take 1	2014-12-16 13:18:17 -08:00
Jeff Bryner	67e71e2b82	Merge pull request #214 from mpurzynski/master ... Add X-Cluster-Client-IP generated from NSM as yet another possible sourc...	2014-12-16 13:17:54 -08:00
Julien Vehent	2d57f88380	complianceitems mozdef plugin, take 1	2014-12-16 16:13:49 -05:00
Michal Purzynski	bf0c21eb36	Add X-Cluster-Client-IP generated from NSM as yet another possible source of the real client IP	2014-12-16 21:25:28 +01:00
Jeff Bryner	5c6bbac084	Alert Development ipython notebook, closes #213	2014-12-16 11:14:03 -08:00
Jeff Bryner	2352b475e2	correct mixed tabs/spaces	2014-12-15 15:39:26 -08:00
Jeff Bryner	34b6fcb483	Merge pull request #120 from netantho/averez-114-snapshots ... better snapshots	2014-12-15 12:48:46 -08:00
Jeff Bryner	e957f38ef5	add init script for alerts, closes #212	2014-12-12 14:40:07 -08:00
Jeff Bryner	a43c0eaeb3	add correlation for user to mac address in new intel index closes #211	2014-12-09 15:19:26 -08:00
Jeff Bryner	844cc0e7df	add event stats to the health/status	2014-12-09 09:35:44 -08:00
Jeff Bryner	cc306e8a3f	minor query change	2014-12-09 09:35:17 -08:00
Jeff Bryner	03b2623b3b	sort by hostname, closes #206	2014-12-01 14:37:51 -08:00
Jeff Bryner	bcdb87e566	correct the label for closed incident, closes #209	2014-12-01 13:43:11 -08:00
Jeff Bryner	969ab7225a	add false positive category, closes #210	2014-12-01 13:42:43 -08:00
Jeff Bryner	3f902121ab	Add aggregation cron script to tally category counts for statistical analysis, closes #207	2014-12-01 10:24:14 -08:00
Jeff Bryner	f35743b2c3	update esworker to accept utctimestamp as a field, closes #208	2014-12-01 10:21:42 -08:00
Jeff Bryner	08805587a9	Merge pull request #204 from jvehent/master ... minor fixes to mig2mozdef	2014-11-26 11:05:23 -08:00
Julien Vehent	6cf16bdb35	minor fixes to mig2mozdef	2014-11-26 12:49:30 -05:00
Jeff Bryner	003a2f3bfc	Merge pull request #203 from jvehent/migpgpauth ... Replace client cert with PGP token in mig2mozdef.py	2014-11-26 08:14:25 -08:00
Jeff Bryner	43d22324a8	simple sample script for generating and posing an event directly to rabbit..plus severity	2014-11-24 10:02:20 -08:00
Jeff Bryner	779205e322	simple sample script for generating and posing an event directly to rabbit	2014-11-24 09:59:35 -08:00
Julien Vehent	67e5f9e963	Replace client cert with PGP token in mig2mozdef.py ... This will require provisioning changes to replace the existing client cert with a gnupg keyring in puppet.	2014-11-15 17:02:17 -05:00
Jeff Bryner	7aa3f1e0cb	round occasionally long, longs from rabbit queue api	2014-11-14 13:14:30 -08:00
Jeff Bryner	f1b72a4162	update bro heka lua examples to ignore #comment lines	2014-11-12 15:25:19 -08:00
Jeff Bryner	519ebb3972	update bronotice lua with supporting functions to deal with occasional - fields	2014-11-12 14:55:23 -08:00
Jeff Bryner	4558be2bf6	update bro intel example lua script	2014-11-12 14:18:58 -08:00
Jeff Bryner	b710215405	update example heka toml and lua, closes #199	2014-11-10 16:43:15 -08:00
Jeff Bryner	5e478a6c9f	update toml to include esjsonencoder	2014-11-10 16:42:10 -08:00
Jeff Bryner	8c678b2431	remove regex examples since heka deprecated regex	2014-11-10 16:40:40 -08:00
Jeff Bryner	c7c1d20d22	Add facility to create IP block list based on attackers. Closes #198	2014-11-04 15:13:52 -08:00
Jeff Bryner	059b297b8a	move okta default event structure to details for consistency with other event structures	2014-10-21 09:02:31 -07:00
Jeff Bryner	a71f0cea24	add import script for okta sso events	2014-10-20 16:55:27 -07:00
Jeff Bryner	628b3ff4aa	add index to the esmetadata.id field	2014-10-20 10:39:22 -07:00
Jeff Bryner	e2d7cb049d	add veris visualization for incident stats, closes #64	2014-10-14 17:10:40 -07:00
Jeff Bryner	b8975f28c0	Merge pull request #197 from jvehent/master ... fix status value in MIG api search for mig2mozdef	2014-10-12 09:12:41 -07:00
Julien Vehent	d0439082e9	fix status value in MIG api search for mig2mozdef	2014-10-11 22:45:59 -04:00
Jeff Bryner	1944f8fa16	fill in some rarely used toUTC gaps	2014-10-08 10:51:59 -07:00
Jeff Bryner	ab375094f5	watchdog script to monitor JVM memory usage and clear cache to lower memory usage if needed	2014-10-08 10:40:06 -07:00
Jeff Bryner	b95ce562fb	add health to mongo run to the status shell script	2014-10-08 10:39:25 -07:00
Jeff Bryner	981678eaa9	observium parsing plugin	2014-10-08 10:38:53 -07:00
Jeff Bryner	55f28c4ad3	add timestamp/timeline tab, closes #138	2014-10-07 14:55:32 -07:00
Jeff Bryner	e45e791122	add escalation from alert to incident, closes #145	2014-10-07 13:07:18 -07:00
Jeff Bryner	ae976af800	Add demo.mozdef.com details	2014-10-06 12:11:28 -07:00
Jeff Bryner	080596bd47	add defaults for demo alert/attacker creation	2014-10-03 16:18:13 -07:00