mozilla
/
MozDef
зеркало из https://github.com/mozilla/MozDef.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
4 971 коммит 4 Ветки 53 Теги 68 MiB
Граф коммитов

611 Коммитов

Автор SHA1 Сообщение Дата
Brandon Myers 9d7ea147a9
Add check for details on alert in plugin 2019-07-16 15:19:02 -04:00
Brandon Myers fc3bd5e770
Add registration to alert plugins 2019-07-16 12:23:50 -05:00
Brandon Myers 99470c7874
Remove unused import from cloudtrail public bucket alert 2019-07-10 12:43:23 -05:00
Gene Wood b540e28aef
Merge branch 'master' into reinforce2019 
# Conflicts:
#	README.md
#	cloudy_mozdef/cloudformation/mozdef-alert-developer.yml
#	docker/compose/mozdef_bootstrap/files/index_mappings/alerts-star.json
 2019-07-10 10:38:04 -07:00
Brandon Myers 1cb8709681
Fix local includes for mq and alerts 2019-06-30 16:52:32 -05:00
Brandon Myers 417ecf40b6
Fix local import for alerttask 2019-06-30 16:03:36 -05:00
Brandon Myers ed1d4aa8cf
Fixup remaining python3 leftovers 2019-06-29 15:51:00 -05:00
Brandon Myers 9a075dcbe0
Remove unicode-u keyword 2019-06-29 15:11:00 -05:00
Brandon Myers c7954eebba
Fixup alerttask and deadman test case 2019-06-29 13:51:40 -05:00
Brandon Myers 390a3feef2
Rename unicode type to str 2019-06-28 18:21:48 -05:00
Brandon Myers 3c394a1365
Update map to list for ipv6 2019-06-28 17:45:21 -05:00
Brandon Myers 3345587f32
Fixup dashboard geomodel alert action 2019-06-28 17:35:41 -05:00
Brandon Myers e30f3f1d69
Remove call to encode ascii on strings 2019-06-28 17:26:58 -05:00
Brandon Myers bd4c48db9a
Rename iteritems to items for dictionaries 2019-06-28 16:49:30 -05:00
Brandon Myers f1c4287fa5
Ensure parenthesis for print statements 2019-06-28 16:28:14 -05:00
Andrew Krug e48a1ff1eb
less fancy summary 2019-06-23 14:14:00 -07:00
Andrew Krug 0feb1b82a9
fix comment to align to code 2019-06-23 14:07:59 -07:00
Andrew Krug 000782f062
fix string formatting 2019-06-23 13:20:35 -07:00
Andrew Krug e4708d6898
sqs is always secure 2019-06-23 10:49:01 -07:00
Andrew Krug 378255f75e
fix excessive describe to treat threat actors as unique 2019-06-21 17:45:13 -07:00
Andrew Krug 16566be29d
fix up alerts to align with attack bot behavior 2019-06-21 17:40:30 -07:00
Brandon Myers f64a512c3b
Merge pull request #1294 from mozilla/port-scan-enrichment 
Port scan enrichment
 2019-06-05 19:09:24 -05:00
Emma Rose d9a0c44c53
Use a TermMatch instead of a PhraseMatch 2019-05-31 17:12:21 -04:00
Emma Rose 0a1783e8fc
Don't need to copy the alert before modifying; mutation is part of the interface expectations 2019-05-31 17:03:18 -04:00
Emma Rose 7904b32b44
Use a timestamp example consistent with the format we actually use 2019-05-31 17:02:59 -04:00
Emma Rose c373aa8efc
Merge branch 'master' into port-scan-enrichment 2019-05-31 16:36:29 -04:00
Emma Rose 5646fd6005
Merge branch 'master' into ip-alert-enrichment 2019-05-31 16:36:17 -04:00
Brandon Myers d46c6d01c9
Update deadman generic alert to use events-weekly as index 2019-05-30 10:07:56 -05:00
Emma Rose bd3d2ba510
Default to searching the events-weekly index since this is more appropriate in most cases 2019-05-29 18:31:48 -04:00
Emma Rose 749979280b
Add missing json import... again? 2019-05-29 16:29:03 -04:00
Brandon Myers e04e7a7fbd
Override event indices in generic deadman alert 2019-05-29 15:10:23 -05:00
Brandon Myers d4e7a94688
Revert "Use wildcard in indices for searching" 
This reverts commit 3e93e5ea51.
 2019-05-29 15:09:44 -05:00
Emma Rose 2a12ec505a
Merge branch 'master' into ip-alert-enrichment 2019-05-28 18:10:32 -04:00
Emma Rose d085d076fa
Merge branch 'master' into port-scan-enrichment 2019-05-28 15:24:06 -04:00
Brandon Myers f65d4416fc
Merge pull request #1270 from mozilla/reinforce2019 
Reinforce2019
 2019-05-28 12:48:20 -05:00
Andrew Krug 6d39acbfba
address PR nits 2019-05-28 10:31:33 -07:00
Emma Rose cc9d76e576
Handle the default values for the matchTags configuration option 2019-05-27 19:11:32 -04:00
Emma Rose bd80492c4d
Syntax and formatting fixups 2019-05-27 19:05:10 -04:00
Emma Rose 01de6d0911
Abstract the ElasticSearchClient interface away to facilitate dependency injection in the enrich function 2019-05-27 18:37:33 -04:00
Emma Rose 4277079868
Implement the _load_config function 2019-05-27 18:36:52 -04:00
Emma Rose 0ce491f474
First take at implementing an alert plugin to enrich port scan alerts with info about recent connections 2019-05-27 17:27:00 -04:00
Brandon Myers 11122142e0
Fix watchlist process_alert function 2019-05-24 19:58:03 -05:00
Emma Rose e191cb2e4a
Resolving PEP 8 errors 2019-05-21 20:43:41 -04:00
Emma Rose 88a43b942a
Implement _load_config to just naively try to open and parse the config file specified; not going to supply a default because we probably want to know if the file doenst exist 2019-05-21 20:42:40 -04:00
Andrew Krug d822a3cce0
update gitignore 2019-05-19 11:02:58 -07:00
Emma Rose 384e9519ed
Merge branch 'master' into ip-alert-enrichment 2019-05-16 13:54:34 -04:00
Emma Rose c4ac61f24d
Satisfy tests 2019-05-16 13:54:18 -04:00
Emma Rose 91d7fe21e3
Document and test for a more detailed format for listing sites 2019-05-16 13:45:18 -04:00
Emma Rose 3fb2c046ee
Make 'site' a parameter to format 2019-05-14 19:25:28 -04:00
Brandon Myers 9d33494a13
Merge pull request #1264 from mozilla/create_excessive_describe_calls_cloudtrail 
Create simple cloudtrail excessive describe calls alert
 2019-05-14 14:42:23 -05:00