mozilla
/
MozDef
зеркало из https://github.com/mozilla/MozDef.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
1 016 коммитов 4 Ветки 53 Теги 68 MiB
Граф коммитов

112 Коммитов

Автор SHA1 Сообщение Дата
Jeff Bryner a0580d1848 Merge pull request #345 from pwnbus/remove_time_fluentdSqsFixup 
Remove details.time from fluentdSqsFixup
 2016-06-08 17:07:01 -07:00
Brandon Myers f84c3ca4e1 Remove details.time from fluentdSqsFixup 
Signed-off-by: Brandon Myers <bmyers@mozilla.com>
 2016-06-08 18:01:04 -05:00
kang 950b0868eb Sync with rra2json message format 
Add support for RRA versionning
 2016-06-03 11:35:22 -07:00
Jeff Bryner 7fd56b8d93 update geoip cache file location 2016-03-23 14:13:59 -07:00
Jeff Bryner d87569d486 add common/handy options 2016-03-23 12:57:46 -07:00
Aaron Meihm a3d9668888 adds an esworker for processing data from papertrail 2016-03-01 14:57:33 -06:00
Guillaume Destuynder 09f7a038b3 Use details.program as standard field for processname instead of fluentd 2015-10-22 10:54:42 -07:00
Guillaume Destuynder 231c3415b3 Add mq plugin: normalizer for fluentd-SQS messages (AWS). Ensure registration matches your SQS queue tag. 2015-10-22 10:54:15 -07:00
Guillaume Destuynder 334f5466a4 Fix reading of SQS JSON msgs - this works regardless of messages being raw JSON or base64-encoded JSON. 
Since Boto does base64 encode messages while writing to the queue this can happen (also since we use Boto, we were
previously expecting all messages to be base64 encoded, which wouldn't work if your writer wasn't Boto)
 2015-10-20 12:44:03 -07:00
Jeff Bryner f2524fb132 Merge pull request #302 from gdestuynder/master 
Support more validation filters to accomodate different RRA fields.
 2015-10-18 12:29:34 -07:00
Guillaume Destuynder 996a566813 Support more validation filters to accomodate different RRA fields. 
This enhance the validation accuracy ;-)
 2015-10-14 17:21:49 -07:00
Jeff Bryner f259564a78 add sqs-specific worker, closes #294 2015-10-12 14:00:05 -07:00
Jeff Bryner af526d6e4e revert sqs changes due to kombu issues 2015-10-12 13:59:32 -07:00
Guillaume Destuynder ec334de898 Merge branch 'master' of https://github.com/jeffbryner/MozDef 2015-10-09 18:45:30 -07:00
Guillaume Destuynder 80df3b0e44 Update to support new data classification 2015-10-09 18:44:39 -07:00
Jeff Bryner e0ff817332 fix dict2list to support embedded list of dicts, closes #297 2015-10-08 13:21:59 -07:00
Jeff Bryner f43d574b94 initial support for SQS in esworker, #294 2015-10-08 13:14:05 -07:00
Jeff Bryner eae8bdf1f4 add hostname to the message metadata, closes #289 2015-09-27 18:57:25 -07:00
Guillaume Destuynder f87c675d9c Also warn on missing service names for debugging 2015-06-17 14:21:35 -07:00
Guillaume Destuynder 1ad2d8c37d Fix validation check (entered CIA but not RPF) 
Added more verbose warning on validation check
 2015-06-16 17:05:30 -07:00
Guillaume Destuynder f4aafb5945 Plugin support for RRA index/events 2015-06-15 16:28:52 -07:00
Jeff Bryner 63bcbf4373 rm old ini file for old alertWorker 2015-03-22 20:16:28 -07:00
Jeff Bryner ad69a216f8 add alert plug in system, closes #162 2015-03-22 20:15:17 -07:00
Julien Vehent 8929794486 Remove doctype requirement on complianceitems plugin 2015-03-13 17:17:47 -04:00
Julien Vehent e7cb5760f7 Make complianceitem plugin extract item data from event message 2015-03-13 16:28:17 -04:00
Jeff Bryner fb1cbe0458 smarter IP finding 2015-02-13 09:31:13 -08:00
Aaron Meihm 6fb0ea4c13 also copy tags during compliance item event cleanup 2015-02-10 11:40:15 -06:00
Aaron Meihm 67d7d84bcf sourcename in vuln event docid to add isolation between different writers 2015-02-02 14:19:08 -06:00
Jeff Bryner c0218c08e2 vulnerability->vulnerabilities for consistent index naming 2015-01-30 12:24:35 -08:00
Aaron Meihm 9a4efd1e12 add MozDef vulnerability processing plugin 2015-01-30 11:36:49 -06:00
Jeff Bryner c104efd126 Merge pull request #216 from jvehent/master 
complianceitems plugin, take 2
 2014-12-16 17:02:00 -08:00
Julien Vehent 25f5ec69d6 complianceitems plugin, take 2 2014-12-16 19:03:59 -05:00
Jeff Bryner 1777c70781 Merge pull request #215 from jvehent/master 
complianceitems mozdef plugin, take 1
 2014-12-16 13:18:17 -08:00
Julien Vehent 2d57f88380 complianceitems mozdef plugin, take 1 2014-12-16 16:13:49 -05:00
Michal Purzynski bf0c21eb36 Add X-Cluster-Client-IP generated from NSM as yet another possible source of the real client IP 2014-12-16 21:25:28 +01:00
Jeff Bryner f35743b2c3 update esworker to accept utctimestamp as a field, closes #208 2014-12-01 10:21:42 -08:00
Jeff Bryner 981678eaa9 observium parsing plugin 2014-10-08 10:38:53 -07:00
Jeff Bryner ff4544de2f sourcehostname==hostname for consistency 2014-09-26 11:17:09 -07:00
Jeff Bryner 9c919996ca rework netflow plugin to match netflow to rabbit MQ input source 2014-09-15 13:07:34 -07:00
jeffbryner eeb62ea246 Merge pull request #185 from netantho/averez-netflow 
netflow v5
 2014-07-31 11:21:31 -07:00
Anthony Verez 13ac6341da averez-netflow: add netflow esworker plugin 2014-07-31 11:20:03 -07:00
Anthony Verez c3899f7ad1 averez-observium: Observium plugin by @XioNoX 2014-07-31 10:54:25 -07:00
Jeff Bryner c7975a3fbd improve logic and ipv4 finding 2014-07-03 08:47:51 -07:00
Jeff Bryner bee13b0066 bugfix: use sane version of found IP 2014-07-02 18:53:11 -07:00
Jeff Bryner 5128e29ac8 works for fail2ban also 2014-07-02 16:47:11 -07:00
Jeff Bryner a76fc32f55 fixup IP finding for edge cases with quoted strings 2014-07-02 15:03:57 -07:00
Jeff Bryner a8609e6348 account for netaddr seeing 1,0,etc as valid ipv4 addresses 2014-06-30 12:35:46 -07:00
Jeff Bryner 7cb8dc105b add support for nxlog windows event log parsing 2014-06-27 11:31:54 -07:00
Jeff Bryner 8d8c82a7f2 sshd event plugin to find ips in the message string 2014-06-25 12:57:54 -07:00
Jeff Bryner 8bbbf387c5 standardize the field names 2014-06-24 09:13:18 -07:00