MozDef

Граф коммитов

Автор	SHA1	Сообщение	Дата
Brandon Myers	333234ae9a	Remove example alert plugin Signed-off-by: Brandon Myers <bmyers@mozilla.com>	2017-06-15 15:06:31 -05:00
Brandon Myers	805b382bfd	Fix broken alert unit tests	2017-06-15 15:06:31 -05:00
Michal Purzynski	45ed3b080f	More cleanups for the critical opened sessions alerting	2017-06-15 15:06:29 -05:00
Michal Purzynski	2511d3844e	Make the ssh_fail_critical an aggregated alert	2017-06-15 15:06:28 -05:00
Michal Purzynski	b4ff8b47ad	A rewrite of an alert to make it generic while fetching the correct hostname from details dict	2017-06-15 15:06:28 -05:00
Michal Purzynski	7019a4eafd	A rewrite of an alert to an aggregation one	2017-06-15 15:06:28 -05:00
Michal Purzynski	1063bc35d4	Make the ssh fail critical alert more generic - catch more cases.	2017-06-15 15:06:24 -05:00
Brandon Myers	7df71f7400	Improve alert unit tests Signed-off-by: Brandon Myers <bmyers@mozilla.com>	2017-06-15 15:06:24 -05:00
Brandon Myers	b44365871a	Add logger statement in alert plugins Signed-off-by: Brandon Myers <bmyers@mozilla.com>	2017-06-15 15:06:22 -05:00
Michal Purzynski	98acbee884	Make the time window in which the duo_authfail alert looks for events several times longer than the duo cron job period	2017-06-15 15:06:21 -05:00
Brandon Myers	14491ad7d0	Add pentest server to ssh whitelist Signed-off-by: Brandon Myers <bmyers@mozilla.com>	2017-06-15 15:06:21 -05:00
Brandon Myers	b8399efbc2	Change config name in generic alerts Signed-off-by: Brandon Myers <bmyers@mozilla.com>	2017-06-15 15:06:21 -05:00
Brandon Myers	fb0ae880a1	Improve generic alert keynames Signed-off-by: Brandon Myers <bmyers@mozilla.com>	2017-06-15 15:06:20 -05:00
Brandon Myers	9a919cb114	Add additional logic in summary alert field Signed-off-by: Brandon Myers <bmyers@mozilla.com>	2017-06-15 15:06:20 -05:00
Michal Purzynski	b153a49111	Default to dict even if not dict is present in a config file	2017-06-15 15:06:20 -05:00
Michal Purzynski	d9412421c4	Add more tags to match on to the duo fraud alert	2017-06-15 15:06:20 -05:00
Michal Purzynski	89e43ca1e9	Prevent the pagerduty plugin from failing with incorrect configuration file	2017-06-15 15:06:20 -05:00
Michal Purzynski	cc9dd681c4	Bruteforce ssh fixes	2017-06-15 15:06:19 -05:00
Michal Purzynski	f542334505	Bring the duo_authfail to the newest message format, several fixups.	2017-06-15 15:06:19 -05:00
Michal Purzynski	62d72c74c9	Whitelist changes	2017-06-15 15:06:19 -05:00
Brandon Myers	87ddd04a78	Add cloudtrail new alerts Signed-off-by: Brandon Myers <bmyers@mozilla.com>	2017-06-15 15:06:17 -05:00
Brandon Myers	a5fc302094	Remove fake event generation in deadman alert Signed-off-by: Brandon Myers <bmyers@mozilla.com>	2017-06-15 15:06:15 -05:00
Brandon Myers	a0bb668465	Fixup deadman alert Signed-off-by: Brandon Myers <bmyers@mozilla.com>	2017-06-15 15:06:15 -05:00
Michal Purzynski	c7cd94ce88	Change the level of all alerts to WARNING	2017-06-15 15:06:14 -05:00
Brandon Myers	42d1178a8f	Modify generic alert loader with validation Signed-off-by: Brandon Myers <bmyers@mozilla.com>	2017-06-15 15:06:07 -05:00
Guillaume Destuynder (kang)	c314c16fcb	Add support for loading alert defaults and fail when required alert fields are missing	2017-06-15 15:06:07 -05:00
Guillaume Destuynder (kang)	32db0d63a1	Add url to the alert so that it shows up in the alert dashboard as per `a09e83c5cc/meteor/app/client/alertdetails.html (L36)`	2017-06-15 15:06:07 -05:00
Michal Purzynski	a18f2d6b2e	More cosmetics for the pagerduty alert plugin	2017-06-15 15:06:06 -05:00
Brandon Myers	e2aa079c66	Allow aggregation key to be specified generic loader Signed-off-by: Brandon Myers <bmyers@mozilla.com>	2017-06-15 15:06:06 -05:00
Brandon Myers	01c8d0edb5	Modify generic alert loader to use hjson Signed-off-by: Brandon Myers <bmyers@mozilla.com>	2017-06-15 15:06:06 -05:00
Michal Purzynski	718d1f2749	Create an example configuration file for the pagerduty plugin	2017-06-15 15:06:06 -05:00
Michal Purzynski	c166472751	Change the duo_auth_fail category to a meaningful one	2017-06-15 15:06:05 -05:00
Michal Purzynski	3ea54c9f5f	Cleanups.	2017-06-15 15:06:05 -05:00
Michal Purzynski	0cd6b57449	Make the plugin more configurable and parametrized	2017-06-15 15:06:04 -05:00
Michal Purzynski	8258c5c59d	Bring the pagerduty alert back to what it used to be, once.	2017-06-15 15:06:04 -05:00
Michal Purzynski	2976b9c160	Do not import modules that we do not need	2017-06-15 15:06:04 -05:00
Michal Purzynski	b7e42340ec	Alert when a promiscuous mode is enabled. Kernel logs detection.	2017-06-15 15:06:04 -05:00
Michal Purzynski	0fb8261f94	Alert when any interface (if not whitelisted) has a promisc mode enabled. Powered by Auditd.	2017-06-15 15:06:03 -05:00
Michal Purzynski	a0c57ec27d	C&P does bad things to people	2017-06-15 15:06:03 -05:00
Michal Purzynski	42f226890f	New alert - failed SSH to critical host	2017-06-15 15:06:03 -05:00
Michal Purzynski	21b1defad9	Use example hostnames, provide a configuration file	2017-06-15 15:06:03 -05:00
Michal Purzynski	e945e7d05b	New alert - session opened on one of the critical hosts	2017-06-15 15:06:03 -05:00
Brandon Myers	26231a14fa	Modify generic alerts path Signed-off-by: Brandon Myers <bmyers@mozilla.com>	2017-06-15 15:06:02 -05:00
Brandon Myers	80b27c7bf4	Modify generic alert to use new config location Signed-off-by: Brandon Myers <bmyers@mozilla.com>	2017-06-15 15:06:02 -05:00
Guillaume Destuynder (kang)	c94d7ff846	Move try catch to allow processing other alerts when processing for one fails	2017-06-15 15:06:01 -05:00
Guillaume Destuynder (kang)	0cf75e3a0c	Fix stray tabs	2017-06-15 15:06:01 -05:00
Guillaume Destuynder (kang)	b0e10616fc	Generic alert loader	2017-06-15 15:06:01 -05:00
Brandon Myers	f87c94a088	Unencrypt config files Signed-off-by: Brandon Myers <bmyers@mozilla.com>	2017-06-15 15:05:55 -05:00
Brandon Myers	4e75aee0a3	Update email in ssh releng alert notification Signed-off-by: Brandon Myers <bmyers@mozilla.com>	2017-06-15 15:05:44 -05:00
Phrozyn	d845997abb	Updated PhraseMatch in unauth_ssh.py so that this alert would correctly trigger. Tested. Works.	2017-06-15 15:05:43 -05:00

1 2 3 4

196 Коммитов