Граф коммитов

389 Коммитов

Автор SHA1 Сообщение Дата
Brandon Myers 6ff09b9de6
Provide temporary patch for cloudtrail worker 2017-12-19 14:14:08 -06:00
Brandon Myers 59d95ff178
Revert "Merge pull request #554 from mozilla/improve_cloudtrail_worker"
This reverts commit 501819cfb5, reversing
changes made to b09c700cb9.
2017-12-08 16:09:57 -06:00
Brandon Myers f73cc3364d
Revert "Merge pull request #560 from mozilla/fix_cloudtrail_mapping"
This reverts commit 804757f242, reversing
changes made to 501819cfb5.
2017-12-08 16:09:43 -06:00
Brandon Myers ed49aee5ab
Fix missing import statements 2017-11-28 12:54:57 -06:00
Brandon Myers b006036528
Uppercase cloudtrail verb by default 2017-11-28 12:53:31 -06:00
Brandon Myers 4190ef43d6
Remove debugger line in mq worker 2017-11-15 17:25:14 -06:00
Brandon Myers 7c474d72ce
Update cloudtrail esworker fields 2017-11-15 17:16:49 -06:00
Brandon Myers 4278ffa39f
Update description of mq plugin 2017-11-13 22:25:30 -06:00
Brandon Myers f97b0f0c70
Add filterlog firewall mq plugin 2017-11-13 22:21:40 -06:00
Brandon Myers 58fa07d7cf
Add support to eventtask worker for syslog messages 2017-10-30 13:14:45 -05:00
Michal Purzynski d9ff430b21 Use the Bro's src field as sourceipaddress if present 2017-10-26 15:14:14 -07:00
Michal Purzynski aa7097156d Change the type field name to source - ES has problems if there is _type and type 2017-10-14 16:53:42 -07:00
A Smith f7834f79d2 Merge pull request #490 from mpurzynski/normalization_auth
Normalization auth
2017-10-12 11:00:17 -05:00
Brandon Myers 8ef7c4fd71
Merge remote-tracking branch 'origin' into add_events_class 2017-10-10 13:15:51 -05:00
Phrozyn 0f6cbd5fde
Merge branch 'naming_convention_changes' of https://github.com/Phrozyn/MozDef into naming_convention_changes 2017-10-10 10:59:42 -05:00
Phrozyn 7cf87ac628
Merge branch 'master' of https://github.com/mozilla/MozDef into naming_convention_changes 2017-10-10 10:59:27 -05:00
Phrozyn b6d5d1b57c
Fixing merge conflict 2017-10-10 10:55:13 -05:00
Phrozyn 1fd7335355
Naming Convention and Logging Changes. 2017-10-04 15:59:49 -05:00
Brandon Myers c4134f1764
Modify mq workers to use save_event method from es client 2017-09-28 14:57:18 -05:00
Brandon Myers badd86a44f Merge pull request #456 from mpurzynski/brofixup
A first take on the new brofixup plugin.
2017-09-28 12:02:20 -05:00
Michal Purzynski 435a267922 Last minute changes 2017-09-27 15:48:14 -07:00
Michal Purzynski 8a465bf29a More small fixes, correct unicode handling in SMTP summary 2017-09-27 13:33:08 -07:00
Michal Purzynski a8016907eb Even more refactoring and small changes 2017-09-26 10:25:34 -07:00
Michal Purzynski 991d94308a More unit tests 2017-09-25 17:42:58 -07:00
Michal Purzynski 2e18a286dd Testing never ends 2017-09-22 17:14:29 -04:00
Michal Purzynski c234e19b3f Small fixups 2017-09-21 16:46:25 -04:00
Brandon Myers 6db687cfb5
Modify esworker sns sqs to cast processid to str 2017-09-21 14:57:15 -05:00
Michal Purzynski ede31aad62 Small fixups here and there 2017-09-20 18:02:11 -04:00
Phrozyn bc3b56d151
Corrected some typos and added syslog change to syslog filter 2017-09-05 11:58:05 -05:00
Phrozyn 1a1a892dac
Merge branch 'master' of https://github.com/Phrozyn/MozDef into replace_dots_with_underscores_in_filenames 2017-09-05 10:18:09 -05:00
Gene Wood 6cd241a329 Extract action verb and add it along with readonly to the event 2017-09-01 13:11:28 -07:00
Michal Purzynski fa67e3d5d7 Even more cleanups 2017-08-31 16:40:28 -07:00
Michal Purzynski ccc7aae3c8 Initial commit for the data normalization initiative 2017-08-30 15:55:33 -07:00
Michal Purzynski 74dd2c2374 A first take on the new brofixup plugin. 2017-08-29 15:58:09 -07:00
Phrozyn 6199701f61
updated papertrail with changes from repo. 2017-08-25 13:34:45 -05:00
Phrozyn 4f1007a134
Updated code to reflect naming convention changes. 2017-08-25 12:17:53 -05:00
Phrozyn 2c415b673b
updated dots to underscores 2017-08-25 11:58:31 -05:00
Brandon Myers e396e5f230
Remove unused functions from esworker 2017-08-23 15:33:49 -04:00
Brandon Myers a7934e6f9b
Remove unused functions from mq 2017-08-23 15:22:48 -04:00
Brandon Myers 40fb30172f
Change default mq creds in conf 2017-08-17 18:21:07 -05:00
Brandon Myers 81fa3819cc
Update bot and mq plugin to use GeoIP class 2017-08-08 12:46:54 -05:00
Brandon Myers 4b665d8771
Convert registration term to lowercase fxa plugin 2017-07-17 13:18:48 -05:00
Brandon Myers caaf662ab7
Update fxa mq plugin to use new category 2017-07-17 13:01:44 -05:00
Brandon Myers ad64804e32
Add travisci to project and stabalize tests 2017-07-05 16:37:41 -05:00
Brandon Myers 63b3cf2194
Remove old leftover files 2017-06-15 15:13:03 -05:00
Brandon Myers fe96636655
Improve cloudtrail mq worker 2017-06-15 15:07:46 -05:00
Brandon Myers c632ed8250
Fix mozillaLocation mq plugin 2017-06-15 15:07:46 -05:00
Brandon Myers c6aaa8add8
Remove mozilla mq worker sample conf files 2017-06-15 15:07:45 -05:00
Brandon Myers cd25328625
Remove mozilla specific workers 2017-06-15 15:07:45 -05:00
Brandon Myers e59d2097ed
Remove default rabbitmq config 2017-06-15 15:07:44 -05:00
Brandon Myers b52c506810
Add defaults for sns sqs worker 2017-06-15 15:07:44 -05:00
Brandon Myers 29e3dec9ed
Add alerts to use config files 2017-06-15 15:07:42 -05:00
Brandon Myers bac6c7450a
Remove unncessary parsys file 2017-06-15 15:07:40 -05:00
Brandon Myers 43a722c65d
Fix typo in parsys ini file 2017-06-15 15:07:40 -05:00
Brandon Myers 1c4fc1071c
Remove unused mq workers 2017-06-15 15:07:38 -05:00
Brandon Myers 496311a364
Add parsys mq worker 2017-06-15 15:07:30 -05:00
Brandon Myers 9e734175e7
Add SNS SQS mq worker 2017-06-15 15:07:30 -05:00
Phrozyn ab3714d22a
Adding log drain back into uwsgi ini files. 2017-06-15 15:07:28 -05:00
Phrozyn 06899804fb
Adding contegix-auditd service and dummy conf and ini. 2017-06-15 15:07:25 -05:00
Phrozyn 1b4716ad2c
Moving uwsgi logging to syslog. 2017-06-15 15:07:22 -05:00
Phrozyn 24c2df918f
New contegix worker 2017-06-15 15:07:21 -05:00
Brandon Myers 5180f496e9
Add files for SSO sqs worker 2017-06-15 15:07:19 -05:00
Brandon Myers 7873cc38ea
Add thread to reauth every 30 minutes cloudtrail 2017-06-15 15:07:18 -05:00
Brandon Myers dbb78759ed
Add prefetch option to get_messages 2017-06-15 15:07:18 -05:00
Brandon Myers 1e300f7915
Add exception handling to cloudtrail worker 2017-06-15 15:07:18 -05:00
Brandon Myers 48e008346e
Add bulk to cloudtrail worker 2017-06-15 15:07:18 -05:00
Brandon Myers aa497395a7
Switch cloudtrail from cron to mq worker 2017-06-15 15:07:17 -05:00
Phrozyn 028505cd3b
Adding new mqworkers for fluentd2mozdef from aws infosec services. 2017-06-15 15:06:21 -05:00
Aaron Meihm 39ab8738ea
add configuration to drain mig sqs log queue 2017-06-15 15:06:02 -05:00
Brandon Myers f87c94a088
Unencrypt config files
Signed-off-by: Brandon Myers <bmyers@mozilla.com>
2017-06-15 15:05:55 -05:00
Phrozyn 97b0d685c6
Fixing mule issue in fxa with moar mules. 2017-06-15 15:05:53 -05:00
Brandon Myers d7a38c83f5
Remove creds from mq directory
Signed-off-by: Brandon Myers <bmyers@mozilla.com>
2017-06-15 15:05:43 -05:00
Brandon Myers 5fb9fbea7d
Move papertrail disabled to ini script
Signed-off-by: Brandon Myers <bmyers@mozilla.com>
2017-06-15 15:05:42 -05:00
Brandon Myers fb8806814b
Remove prod versions of esworker conf
Signed-off-by: Brandon Myers <bmyers@mozilla.com>
2017-06-15 15:05:42 -05:00
Phrozyn 7b903a1b81
Changing filenames to reflect a better workflow from dev to stage to prod. 2017-06-15 15:05:42 -05:00
Phrozyn 8da9fb5c34
Correcting mqwFxa.ini to remove stage from pid path 2017-06-15 15:05:41 -05:00
Brandon Myers c7b1e934b4
Update location of geolitecity data file
Signed-off-by: Brandon Myers <bmyers@mozilla.com>
2017-06-15 15:05:40 -05:00
Brandon Myers 5d03bc03d7
Remove mules from papertrail
Signed-off-by: Brandon Myers <bmyers@mozilla.com>
2017-06-15 15:05:33 -05:00
Brandon Myers 577c5cecfa
Fix missing import in fluentdSqsFixup
Signed-off-by: Brandon Myers <bmyers@mozilla.com>
2017-06-15 15:05:32 -05:00
Brandon Myers 13aa806b1b
Move unittest from mq plugin to own file
Signed-off-by: Brandon Myers <bmyers@mozilla.com>
2017-06-15 15:05:32 -05:00
Brandon Myers 1fb67e49fb
Remove unittest from fluentdSqsFixup
Signed-off-by: Brandon Myers <bmyers@mozilla.com>
2017-06-15 15:05:31 -05:00
Phrozyn cf55546506
Omitting the FxaOauthWebserver eventsource. 2017-06-15 15:05:19 -05:00
Brandon Myers d2ea5c3334
Add missing esworker releng conf
Signed-off-by: Brandon Myers <bmyers@mozilla.com>
2017-06-15 15:05:07 -05:00
Brandon Myers 79b2ee84ca
Add more workers to mqwSyslog
Signed-off-by: Brandon Myers <bmyers@mozilla.com>
2017-06-15 15:05:07 -05:00
Brandon Myers c37c2fb7d1
Update mq creds in mq alertWorker
Signed-off-by: Brandon Myers <bmyers@mozilla.com>
2017-06-15 15:05:05 -05:00
Phrozyn 66e963fc51
Updating mq/esworker.conf mq creds for mozdef user (was using qa2) 2017-06-15 15:05:01 -05:00
Phrozyn b4ff2e575d
Updating packaged config to include mozdef4. 2017-06-15 15:05:00 -05:00
Brandon Myers ec5d1ad5b7
Keep in sync with qa1 #70
Signed-off-by: Brandon Myers <bmyers@mozilla.com>
2017-06-15 15:04:54 -05:00
Phrozyn dbfc18190f
Fixed mozdefmqwFxaStage to reflect correct pid path. 2017-06-15 15:04:54 -05:00
Phrozyn 9c6d9364de
Fixed mozdefmqwAutoland to reflect correct pid path. 2017-06-15 15:04:53 -05:00
Phrozyn 2089dc225f
Added all prod service files and mq workers. 2017-06-15 15:04:53 -05:00
Phrozyn b86413db27
Updated pid path for all uwsgi instances to run from /var/run/ 2017-06-15 15:04:53 -05:00
Brandon Myers 16abe5adcc
Remove cloudtrail fixup mapping
Signed-off-by: Brandon Myers <bmyers@mozilla.com>
2017-06-15 15:04:52 -05:00
Phrozyn 3e02f27d14
modified esservers to new cluster. 2017-06-15 15:04:45 -05:00
Brandon Myers ee07fe18a3
Modify esservers from localhost to cluster
Signed-off-by: Brandon Myers <bmyers@mozilla.com>
2017-06-15 15:03:45 -05:00
Brandon Myers 28080dd980
Fix remaining qa references in prod
Signed-off-by: Brandon Myers <bmyers@mozilla.com>
2017-06-15 15:03:45 -05:00
Brandon Myers 75bb6542ee
Merge prod mq ini files with qa
Signed-off-by: Brandon Myers <bmyers@mozilla.com>
2017-06-15 15:03:44 -05:00
Brandon Myers ef6e483c7e
First import of existing files from prod
Signed-off-by: Brandon Myers <bmyers@mozilla.com>
2017-06-15 15:03:44 -05:00
Brandon Myers e9a4a67e5a
Modify .py scripts to use /opt dir
Signed-off-by: Brandon Myers <bmyers@mozilla.com>
2017-06-15 15:03:41 -05:00
Brandon Myers 007cf86c35
Modify .ini.disabled scripts to use /opt dir
Signed-off-by: Brandon Myers <bmyers@mozilla.com>
2017-06-15 15:03:41 -05:00
Brandon Myers 50a7cb772a
Modify .ini scripts to use /opt dir
Signed-off-by: Brandon Myers <bmyers@mozilla.com>
2017-06-15 15:03:40 -05:00
Brandon Myers 81a07bc2d5
Rename mozdefqa1 to localhost in configs
Signed-off-by: Brandon Myers <bmyers@mozilla.com>
2017-06-15 15:03:40 -05:00
Aaron Meihm a6f7c78597
update vulnerability plugin to handle version 2 messages 2017-06-15 15:03:39 -05:00
Brandon Myers 71692067cc
Add error support plus tests to bulk import
Signed-off-by: Brandon Myers <bmyers@mozilla.com>
2017-06-15 15:03:38 -05:00
Brandon Myers ea17b5883c
Fix toUTC isoformat problem
Signed-off-by: Brandon Myers <bmyers@mozilla.com>
2017-06-15 15:03:33 -05:00
Brandon Myers bfba1d3c4c
Add apiVersion mapping fix for cloudtrail
Signed-off-by: Brandon Myers <bmyers@mozilla.com>
2017-06-15 15:03:23 -05:00
Brandon Myers 6774599a37
Add exception in fxaFixup for fxa-auth-server
Signed-off-by: Brandon Myers <bmyers@mozilla.com>
2017-06-15 15:03:23 -05:00
Brandon Myers 6caaad320d
Remove duplicate definitions of toUTC
Signed-off-by: Brandon Myers <bmyers@mozilla.com>
2017-06-15 15:02:46 -05:00
Brandon Myers e832b313ee
Fix flush_bulk for pyes only
Signed-off-by: Brandon Myers <bmyers@mozilla.com>
2017-06-15 15:02:01 -05:00
Brandon Myers 76174add7d
Update mq directory with search class
Signed-off-by: Brandon Myers <bmyers@mozilla.com>
2017-06-15 15:02:01 -05:00
Brandon Myers 5082d87f68
Update alertWorker config
Signed-off-by: Brandon Myers <bmyers@mozilla.com>
2017-06-15 15:02:00 -05:00
Brandon Myers 49a042107e
Remove mq/safe directory and files
Signed-off-by: Brandon Myers <bmyers@mozilla.com>
2017-06-15 15:01:58 -05:00
Brandon Myers 67b38ae579
Remove mq/mq files and directory
Signed-off-by: Brandon Myers <bmyers@mozilla.com>
2017-06-15 15:01:42 -05:00
Phrozyn e7cef0564f
Adding additional mq ini changes. 2017-06-15 15:00:49 -05:00
Phrozyn edcc26f84e
Modifying thread/Process values to be in alignment with mozdefqa1's resources. Disabled unused workers. 2017-06-15 15:00:49 -05:00
Brandon Myers 375b0290de
Update conf files to use US/Pacific
Signed-off-by: Brandon Myers <bmyers@mozilla.com>
2017-06-15 15:00:48 -05:00
Brandon Myers e5e98c1304
Switch mq directory to US/Pacific
Signed-off-by: Brandon Myers <bmyers@mozilla.com>
2017-06-15 15:00:46 -05:00
Phrozyn dbc7e43e41
unencrypting ini files 2017-06-15 15:00:46 -05:00
Phrozyn ac9925be6d
adding unencrypted mqESmules.ini
adding unencrypted mqESmulesAWS.ini
2017-06-15 15:00:45 -05:00
Phrozyn 5c990d90ef
Unencrypting ini files. 2017-06-15 15:00:45 -05:00
Phrozyn 700f0abf5f
Releng Papertrail ini for esworker. 2017-06-15 15:00:44 -05:00
Brandon Myers 99fa7ca655
Remove rra files
Signed-off-by: Brandon Myers <bmyers@mozilla.com>
2017-06-15 15:00:42 -05:00
Gene Wood d9911b4a77
adding mozdefmq support for infosec sqs non prod queue 2017-06-15 15:00:42 -05:00
Brandon Myers 1d8c59b93f
Setup codebase for merge of two repos 2017-06-15 14:56:47 -05:00
Brandon Myers 9a2388c398 Update GeoLiteCity.dat location in mq plugin
Signed-off-by: Brandon Myers <bmyers@mozilla.com>
2016-10-19 16:35:46 -05:00
Jeff Bryner d9afcb288b Merge pull request #350 from Phrozyn/master
corrected typo in mq/plugins/fluentdSqsFixup.py
2016-06-28 20:51:09 -07:00
Phrozyn 58a31fdc3c corrected typo in mq/plugins/fluentdSqsFixup.py 2016-06-28 19:17:37 -05:00
Jeff Bryner a0580d1848 Merge pull request #345 from pwnbus/remove_time_fluentdSqsFixup
Remove details.time from fluentdSqsFixup
2016-06-08 17:07:01 -07:00
Brandon Myers f84c3ca4e1 Remove details.time from fluentdSqsFixup
Signed-off-by: Brandon Myers <bmyers@mozilla.com>
2016-06-08 18:01:04 -05:00
kang 950b0868eb Sync with rra2json message format
Add support for RRA versionning
2016-06-03 11:35:22 -07:00
Jeff Bryner 7fd56b8d93 update geoip cache file location 2016-03-23 14:13:59 -07:00
Jeff Bryner d87569d486 add common/handy options 2016-03-23 12:57:46 -07:00
Aaron Meihm a3d9668888 adds an esworker for processing data from papertrail 2016-03-01 14:57:33 -06:00
Guillaume Destuynder 09f7a038b3 Use details.program as standard field for processname instead of fluentd 2015-10-22 10:54:42 -07:00
Guillaume Destuynder 231c3415b3 Add mq plugin: normalizer for fluentd-SQS messages (AWS). Ensure registration matches your SQS queue tag. 2015-10-22 10:54:15 -07:00
Guillaume Destuynder 334f5466a4 Fix reading of SQS JSON msgs - this works regardless of messages being raw JSON or base64-encoded JSON.
Since Boto does base64 encode messages while writing to the queue this can happen (also since we use Boto, we were
previously expecting all messages to be base64 encoded, which wouldn't work if your writer wasn't Boto)
2015-10-20 12:44:03 -07:00
Jeff Bryner f2524fb132 Merge pull request #302 from gdestuynder/master
Support more validation filters to accomodate different RRA fields.
2015-10-18 12:29:34 -07:00
Guillaume Destuynder 996a566813 Support more validation filters to accomodate different RRA fields.
This enhance the validation accuracy ;-)
2015-10-14 17:21:49 -07:00
Jeff Bryner f259564a78 add sqs-specific worker, closes #294 2015-10-12 14:00:05 -07:00
Jeff Bryner af526d6e4e revert sqs changes due to kombu issues 2015-10-12 13:59:32 -07:00
Guillaume Destuynder ec334de898 Merge branch 'master' of https://github.com/jeffbryner/MozDef 2015-10-09 18:45:30 -07:00
Guillaume Destuynder 80df3b0e44 Update to support new data classification 2015-10-09 18:44:39 -07:00
Jeff Bryner e0ff817332 fix dict2list to support embedded list of dicts, closes #297 2015-10-08 13:21:59 -07:00
Jeff Bryner f43d574b94 initial support for SQS in esworker, #294 2015-10-08 13:14:05 -07:00
Jeff Bryner eae8bdf1f4 add hostname to the message metadata, closes #289 2015-09-27 18:57:25 -07:00
Guillaume Destuynder f87c675d9c Also warn on missing service names for debugging 2015-06-17 14:21:35 -07:00
Guillaume Destuynder 1ad2d8c37d Fix validation check (entered CIA but not RPF)
Added more verbose warning on validation check
2015-06-16 17:05:30 -07:00
Guillaume Destuynder f4aafb5945 Plugin support for RRA index/events 2015-06-15 16:28:52 -07:00
Jeff Bryner 63bcbf4373 rm old ini file for old alertWorker 2015-03-22 20:16:28 -07:00
Jeff Bryner ad69a216f8 add alert plug in system, closes #162 2015-03-22 20:15:17 -07:00
Julien Vehent 8929794486 Remove doctype requirement on complianceitems plugin 2015-03-13 17:17:47 -04:00
Julien Vehent e7cb5760f7 Make complianceitem plugin extract item data from event message 2015-03-13 16:28:17 -04:00
Jeff Bryner fb1cbe0458 smarter IP finding 2015-02-13 09:31:13 -08:00
Aaron Meihm 6fb0ea4c13 also copy tags during compliance item event cleanup 2015-02-10 11:40:15 -06:00
Aaron Meihm 67d7d84bcf sourcename in vuln event docid to add isolation between different writers 2015-02-02 14:19:08 -06:00
Jeff Bryner c0218c08e2 vulnerability->vulnerabilities for consistent index naming 2015-01-30 12:24:35 -08:00
Aaron Meihm 9a4efd1e12 add MozDef vulnerability processing plugin 2015-01-30 11:36:49 -06:00
Jeff Bryner c104efd126 Merge pull request #216 from jvehent/master
complianceitems plugin, take 2
2014-12-16 17:02:00 -08:00
Julien Vehent 25f5ec69d6 complianceitems plugin, take 2 2014-12-16 19:03:59 -05:00
Jeff Bryner 1777c70781 Merge pull request #215 from jvehent/master
complianceitems mozdef plugin, take 1
2014-12-16 13:18:17 -08:00
Julien Vehent 2d57f88380 complianceitems mozdef plugin, take 1 2014-12-16 16:13:49 -05:00
Michal Purzynski bf0c21eb36 Add X-Cluster-Client-IP generated from NSM as yet another possible source of the real client IP 2014-12-16 21:25:28 +01:00
Jeff Bryner f35743b2c3 update esworker to accept utctimestamp as a field, closes #208 2014-12-01 10:21:42 -08:00
Jeff Bryner 981678eaa9 observium parsing plugin 2014-10-08 10:38:53 -07:00
Jeff Bryner ff4544de2f sourcehostname==hostname for consistency 2014-09-26 11:17:09 -07:00
Jeff Bryner 9c919996ca rework netflow plugin to match netflow to rabbit MQ input source 2014-09-15 13:07:34 -07:00
jeffbryner eeb62ea246 Merge pull request #185 from netantho/averez-netflow
netflow v5
2014-07-31 11:21:31 -07:00
Anthony Verez 13ac6341da averez-netflow: add netflow esworker plugin 2014-07-31 11:20:03 -07:00
Anthony Verez c3899f7ad1 averez-observium: Observium plugin by @XioNoX 2014-07-31 10:54:25 -07:00
Jeff Bryner c7975a3fbd improve logic and ipv4 finding 2014-07-03 08:47:51 -07:00
Jeff Bryner bee13b0066 bugfix: use sane version of found IP 2014-07-02 18:53:11 -07:00
Jeff Bryner 5128e29ac8 works for fail2ban also 2014-07-02 16:47:11 -07:00
Jeff Bryner a76fc32f55 fixup IP finding for edge cases with quoted strings 2014-07-02 15:03:57 -07:00
Jeff Bryner a8609e6348 account for netaddr seeing 1,0,etc as valid ipv4 addresses 2014-06-30 12:35:46 -07:00
Jeff Bryner 7cb8dc105b add support for nxlog windows event log parsing 2014-06-27 11:31:54 -07:00
Jeff Bryner 8d8c82a7f2 sshd event plugin to find ips in the message string 2014-06-25 12:57:54 -07:00
Jeff Bryner 8bbbf387c5 standardize the field names 2014-06-24 09:13:18 -07:00
Jeff Bryner 23ddf455fb internz mixing tabs and spaces 2014-06-24 08:59:13 -07:00
jeffbryner 506b035b46 Merge pull request #118 from netantho/averez-snmptt-plugin
snmptt plugin
2014-06-24 08:54:51 -07:00
jeffbryner 6f5e8ca23b Merge pull request #117 from netantho/averez-rtflow-plugin
RT_FLOW plugin
2014-06-24 08:54:16 -07:00
Anthony Verez 7341ecfce4 averez-rtflow-plugin: add action field 2014-06-20 18:01:13 -07:00
Jeff Bryner c38b022081 add option to run mq in no_ack, transient delivery mode 2014-06-18 14:32:33 -07:00
Anthony Verez f83fde1562 averez-snmptt-plugin: snmptt parsing 2014-06-13 11:42:39 -07:00
Anthony Verez 860e29f15c averez-rtflow-plugin: also parse RT_FLOW_SESSION_CREATE messages 2014-06-13 11:01:09 -07:00
Anthony Verez 3bf40d8fe8 averez-rtflow-plugin: int all the int 2014-06-12 18:06:12 -07:00
Anthony Verez 3a31847236 averez-rtflow-plugin: consider \n for rtflow plugin 2014-06-12 17:38:39 -07:00
Anthony Verez f5014ae9f1 averez-rtflow-plugin: initial rtflow plugin with RT_FLOW_SESSION_DENY parsing 2014-06-12 17:15:24 -07:00
Jeff Bryner 250920215d fixups to remove old registration and fixups for minor metadata bug 2014-06-03 09:30:26 -07:00
Anthony Verez 6d42844f31 averez-id-plugins: fix bug 2014-06-02 18:36:21 -07:00
Anthony Verez ef2f586c69 averez-id-plugins: try to debug a bug 2014-06-02 18:05:43 -07:00
Anthony Verez ed9d9512c1 averez-id-plugins: oops, forgot to pass metadata in a few functions 2014-06-02 16:02:58 -07:00
Anthony Verez 4ae1f5bd46 averez-id-plugins: pass a metadata variable to plugins 2014-06-02 15:31:41 -07:00
Anthony Verez cca5e1e777 averez-id-plugins: oops, fixed bug in arguments passed 2014-06-02 11:37:28 -07:00
Anthony Verez 58f7efc703 averez-id-plugins: plugins should be able to specific a ES doc ID 2014-06-02 09:57:30 -07:00
Jeff Bryner 33d3d25eae allow custom application event posting via http and allow plugins to specify index and doctype 2014-06-02 09:06:25 -07:00
Jeff Bryner 09dd0e6215 alter plugin registration system to use pure lists and sets for efficiency 2014-06-02 08:33:10 -07:00
jeffbryner 996f9abcd6 Merge pull request #107 from netantho/netantho-105-ttl
enable TTL and refactor ES index template injection Closes #105
2014-05-22 13:33:45 -07:00
Anthony Verez 43c552e0d2 netantho-105-ttl: delete the initial ttl plugin 2014-05-21 17:11:56 -07:00
Anthony Verez 8cf8de3808 netantho-105-ttl: try ttl field -> _ttl field to fix expiration 2014-05-19 14:54:46 -07:00
Anthony Verez fe5cb60c6c netantho-105-ttl: fix network example 2014-05-16 17:02:09 -07:00