mozilla
/
MozDef
зеркало из https://github.com/mozilla/MozDef.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
1 016 коммитов 4 Ветки 53 Теги 68 MiB
Граф коммитов

112 Коммитов

Автор SHA1 Сообщение Дата
Jeff Bryner 23ddf455fb internz mixing tabs and spaces 2014-06-24 08:59:13 -07:00
jeffbryner 506b035b46 Merge pull request #118 from netantho/averez-snmptt-plugin 
snmptt plugin
 2014-06-24 08:54:51 -07:00
jeffbryner 6f5e8ca23b Merge pull request #117 from netantho/averez-rtflow-plugin 
RT_FLOW plugin
 2014-06-24 08:54:16 -07:00
Anthony Verez 7341ecfce4 averez-rtflow-plugin: add action field 2014-06-20 18:01:13 -07:00
Jeff Bryner c38b022081 add option to run mq in no_ack, transient delivery mode 2014-06-18 14:32:33 -07:00
Anthony Verez f83fde1562 averez-snmptt-plugin: snmptt parsing 2014-06-13 11:42:39 -07:00
Anthony Verez 860e29f15c averez-rtflow-plugin: also parse RT_FLOW_SESSION_CREATE messages 2014-06-13 11:01:09 -07:00
Anthony Verez 3bf40d8fe8 averez-rtflow-plugin: int all the int 2014-06-12 18:06:12 -07:00
Anthony Verez 3a31847236 averez-rtflow-plugin: consider \n for rtflow plugin 2014-06-12 17:38:39 -07:00
Anthony Verez f5014ae9f1 averez-rtflow-plugin: initial rtflow plugin with RT_FLOW_SESSION_DENY parsing 2014-06-12 17:15:24 -07:00
Jeff Bryner 250920215d fixups to remove old registration and fixups for minor metadata bug 2014-06-03 09:30:26 -07:00
Anthony Verez 6d42844f31 averez-id-plugins: fix bug 2014-06-02 18:36:21 -07:00
Anthony Verez ef2f586c69 averez-id-plugins: try to debug a bug 2014-06-02 18:05:43 -07:00
Anthony Verez ed9d9512c1 averez-id-plugins: oops, forgot to pass metadata in a few functions 2014-06-02 16:02:58 -07:00
Anthony Verez 4ae1f5bd46 averez-id-plugins: pass a metadata variable to plugins 2014-06-02 15:31:41 -07:00
Anthony Verez cca5e1e777 averez-id-plugins: oops, fixed bug in arguments passed 2014-06-02 11:37:28 -07:00
Anthony Verez 58f7efc703 averez-id-plugins: plugins should be able to specific a ES doc ID 2014-06-02 09:57:30 -07:00
Jeff Bryner 33d3d25eae allow custom application event posting via http and allow plugins to specify index and doctype 2014-06-02 09:06:25 -07:00
Jeff Bryner 09dd0e6215 alter plugin registration system to use pure lists and sets for efficiency 2014-06-02 08:33:10 -07:00
jeffbryner 996f9abcd6 Merge pull request #107 from netantho/netantho-105-ttl 
enable TTL and refactor ES index template injection Closes #105
 2014-05-22 13:33:45 -07:00
Anthony Verez 43c552e0d2 netantho-105-ttl: delete the initial ttl plugin 2014-05-21 17:11:56 -07:00
Anthony Verez 8cf8de3808 netantho-105-ttl: try ttl field -> _ttl field to fix expiration 2014-05-19 14:54:46 -07:00
Anthony Verez fe5cb60c6c netantho-105-ttl: fix network example 2014-05-16 17:02:09 -07:00
Anthony Verez 26d605ce3a netantho-105-ttl: test on network logs 2014-05-16 16:43:21 -07:00
Anthony Verez 2cedb4fde0 netantho-105-ttl: optimize by flattening config file only once and not on every message 2014-05-16 16:08:50 -07:00
Anthony Verez e78413dbb5 netantho-105-ttl: fix ttl esworker plugin json config path 2014-05-16 15:50:52 -07:00
Anthony Verez 173977695b netantho-105-ttl: try to fail hard on absent ttl config 2014-05-16 15:35:52 -07:00
Anthony Verez 20da7fc970 netantho-105-ttl: try fixing config file path for esworker ttl plugin 2014-05-16 14:52:09 -07:00
Jeff Bryner d37402862b comments for the field_datatype convention 2014-05-15 17:59:17 -07:00
Anthony Verez dfa10dd420 averez-esworker-fix: cast to int/float values for fields ending with _int/_float 2014-05-06 16:25:41 -07:00
Jeff Bryner edf48a547e sample dropMessage.py plugin 2014-05-02 16:07:39 -07:00
Jeff Bryner 6b8ab7ab50 allow plugins to signal esworker to drop a message 2014-05-02 16:07:13 -07:00
Jeff Bryner 35692c1a76 classier geoip with perf improvement for .dat file loading 2014-04-30 22:04:41 -07:00
Jeff Bryner 21812711ed allow decimal and string ipv4 representations for easier facets 2014-04-30 21:40:32 -07:00
Jeff Bryner 4fea9a8da2 esworker performance improvements 2014-04-30 21:39:52 -07:00
Jeff Bryner ee276b4d71 adding the great ip fixup plugin to correct all the things 2014-04-25 13:53:40 -07:00
Jeff Bryner be0c5e5200 geoip now sent as a sub dictionairy for access to all fields 2014-04-25 13:53:04 -07:00
Jeff Bryner 0f692c0606 fix plugin registration logic, misc whitespace cleanings 2014-04-24 14:10:18 -07:00
Jeff Bryner 283576f935 moar better spelling 2014-04-23 19:05:25 -07:00
Jeff Bryner d4dae314ca priority change to allow other plugins to find/set ips 2014-04-23 18:03:09 -07:00
Jeff Bryner 587020aec9 unicode fixes, plugin logic fixes, nanosecond epoch allowances 2014-04-23 18:00:14 -07:00
Jeff Bryner 9cacd4308c add esworker options to support SSL amqp connections 2014-04-20 16:37:56 -07:00
Anthony Verez dcde5cdfda averez-22-license: Fix license stuff (Closes #22) 2014-04-16 11:40:15 -07:00
Jeff Bryner c6a2deabea geoip plugin 2014-04-13 21:35:09 -07:00
Jeff Bryner 4b8df4dac0 moar pep8 2014-04-13 20:33:25 -07:00
Jeff Bryner 26c34c356f moar pep8, plugin framework tweaks 2014-04-13 20:27:16 -07:00
Jeff Bryner 57aa8ab6e0 allow alertworker to monitor MQ on one server and send alerts to another MQ server 2014-04-08 12:30:55 -07:00
Jeff Bryner 0d72eafa6a update to allow cef details or fields sub dictionary 2014-04-03 21:10:33 -07:00
Jeff Bryner c613ad062f add bulk processing timeout for posting to ES when workers local pyes queue not full 2014-04-01 11:41:35 -07:00
Jeff Bryner 74665d454d fix bug where no tag in event still inspects event for alert with tag criteria 2014-03-31 11:39:44 -07:00
Jeff Bryner 1da954d2fb add options for bulk posting to elastic search 2014-03-29 18:41:57 -07:00
Jeff Bryner 52f2f12166 unicode y'all 2014-03-27 12:01:34 -07:00
Jeff Bryner ffb819a1e3 update exception handling for elastic search queue overflows 2014-03-26 09:03:26 -07:00
Jeff Bryner eb9fd08c20 disable periodic plugin reloading due to possible memory leak 2014-03-24 15:06:01 -07:00
Jeff Bryner 8eb42a7c5f changes to support bro intelligence alerting 2014-03-21 14:24:12 -07:00
Jeff Bryner 8f45d576b6 add plugin support, rework message queue 2014-03-20 12:36:17 -07:00
Jeff Bryner 9d7acb2b62 add utility to copy events to another ES server 2014-03-20 12:35:42 -07:00
Jeff Bryner 13537fbb54 new heka fields 2014-03-07 15:20:43 -08:00
Jeff Bryner 0f2acb5697 replace pika with kombu 2014-03-05 12:17:57 -08:00
Anthony Verez ccdf557c0d clean up python code 2014-03-05 11:04:41 -08:00
Guillaume Destuynder d2be992a76 Updated license file to conform with MPL 2014-02-25 09:55:02 -08:00
Jeff Bryner 2c3e026181 message queue code to normalize and route log messages 2014-02-17 23:53:41 -08:00