mozilla
/
MozDef
зеркало из https://github.com/mozilla/MozDef.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
1 136 коммитов 4 Ветки 53 Теги 68 MiB
Граф коммитов

1136 Коммитов

Автор SHA1 Сообщение Дата
Sanchit Kapoor d2d8ac1b0f Expanded landmass 2016-01-18 19:05:16 +05:30
Sanchit Kapoor 5d99d05f27 Added attack animations 2016-01-18 19:05:16 +05:30
Sanchit Kapoor 24198c9a8a Updated Landmass 
Landmass changes

VR update
 2016-01-18 19:05:12 +05:30
Yash Mehrotra d0ad6b6bfe Added basic simulation 2016-01-18 19:04:14 +05:30
Sanchit Kapoor 59fa7b4981 Added temporary animations to the VR scene 2016-01-18 19:04:13 +05:30
Sanchit Kapoor c17c1e889b Added the VR Scene to MozDef 
Removed some console.log statements

Comments
 2016-01-18 19:03:42 +05:30
Jeff Bryner 3519a84873 update ldap search criteria to match case 2015-12-30 09:37:57 -08:00
Jeff Bryner af4499faa4 Merge branch 'master' of github.com:jeffbryner/MozDef 
pull master
 2015-12-29 11:53:20 -08:00
Jeff Bryner d302e9ac7a update cymon.io plugin, closes #322 2015-12-29 11:53:04 -08:00
Jeff Bryner ad7047b213 Merge pull request #321 from mpurzynski/master 
Update new heka parsers for Bro to 2.5 and add some new ones.
 2015-12-29 08:59:48 -08:00
Michal Purzynski 26c71a5cfa Add a missing license headers. 
Add Suricata event logs parsing.
 2015-12-29 17:53:15 +01:00
Michal Purzynski 31ecc42aae New MozDef plugin - VPC blackholing, using route tables and the ENI that's not attached anywhere. 2015-12-29 17:25:45 +01:00
Michal Purzynski d0103ae89f Update new heka parsers for Bro to 2.5 and add some new ones. 2015-12-29 17:23:15 +01:00
Jeff Bryner d276290380 add ldap lockout alert, closes #320 2015-12-22 14:05:50 -08:00
Jeff Bryner ea9b0654dc sanity check the date, closes #317 2015-12-15 16:42:31 -08:00
Jeff Bryner d5cbea7c56 Merge pull request #316 from ameihm0912/master 
Add a new alert plugin for events from geomodel
 2015-11-24 12:40:47 -08:00
Aaron Meihm b823fb99d6 fix issue in geomodel plugin, event type should be event 2015-11-24 12:02:08 -06:00
Aaron Meihm eb46f80462 Add a new alert plugin for events from geomodel 2015-11-24 09:43:33 -06:00
Jeff Bryner 0021e7828a Merge pull request #314 from gdestuynder/doc 
Updated mandatory fields
 2015-11-18 13:44:16 -08:00
Jeff Bryner 57a87866f2 Merge pull request #315 from gdestuynder/master 
Fixup and normalize input of Okta logs
 2015-11-18 13:43:52 -08:00
Jeff Bryner b2e29997de add index templates 2015-11-16 14:59:13 -08:00
Jeff Bryner 903f910e42 add default template 2015-11-16 14:37:41 -08:00
Guillaume Destuynder ea1cac493d Normalize details.sourceipaddress, details.username, details.sourceuri from Okta logs 
See also https://github.com/jeffbryner/MozDef/issues/312
 2015-11-06 16:27:03 -08:00
Guillaume Destuynder 2fc08e881d Fix github issue #312: 
- removed non-generic fields that cannot be normalized
- added normalized fields for username, uri's, useragent
- removed erroneous example (did not follow the mandatory fields rules...)

This is an effort to normalize fields so that alerting and correlation results are more consitent.
Please open github issues for discussion when adding new fields! These should generally be generic, often-used-by-all
fields
 2015-11-06 16:22:39 -08:00
Guillaume Destuynder e7ac3581b5 Report errors when failing to communicate with Okta 2015-11-06 14:29:45 -08:00
Guillaume Destuynder 9d170e3bef Use state class for saving the lastrun state (imported from cloudtrail2mozdef.py) 2015-11-06 14:04:36 -08:00
Guillaume Destuynder 8d5d3cd12a Fix trailing whitespaces 2015-11-05 14:58:51 -08:00
Jeff Bryner cd4c503621 Merge pull request #309 from yashmehrotra/rest-api-incident 
Added REST API endpoint to create an Incident. Fix for #268.
 2015-11-03 15:06:04 -08:00
Jeff Bryner 82ccac6537 Merge pull request #310 from gene1wood/cloudtrail-exception-handling 
Wrapped additional AWS calls with exception handling
 2015-10-24 00:11:51 -07:00
Jeff Bryner 2045776670 Merge pull request #313 from gdestuynder/master 
Initial support for squid alerts coming from EC2
 2015-10-22 17:55:11 -07:00
Guillaume Destuynder 816d7ffeb7 Initial support for squid alerts coming from EC2 
Matches on DENIED string from squid ("1091084609.110 351 10.49.4.0 TCP_DENIED/407 2112 GET http://www.mozilla.org/ -
NONE/- text/html ") for ex.
 2015-10-22 17:25:52 -07:00
Jeff Bryner 4e4f7fec82 Merge pull request #311 from gdestuynder/master 
Normalizer for fluentd-sqs events
 2015-10-22 12:14:16 -07:00
Guillaume Destuynder 09f7a038b3 Use details.program as standard field for processname instead of fluentd 2015-10-22 10:54:42 -07:00
Guillaume Destuynder 231c3415b3 Add mq plugin: normalizer for fluentd-SQS messages (AWS). Ensure registration matches your SQS queue tag. 2015-10-22 10:54:15 -07:00
Yash Mehrotra 655e81d7f7 Handling mongodb errors 2015-10-22 14:34:30 +05:30
Yash Mehrotra 6e6a03bd83 Added name to contributors 2015-10-22 05:36:55 +05:30
Gene Wood 312fcad8a4 Wrapped additional AWS calls with exception handling 2015-10-21 15:33:58 -07:00
Yash Mehrotra 700660b7fe Cleanup code and added help for incident creation 2015-10-22 03:18:06 +05:30
Yash Mehrotra 6467658710 Integrated incident creation with mongo. Fixes #268 2015-10-22 02:47:23 +05:30
Yash Mehrotra 657296c4b9 Added Email validation for incident creation 2015-10-22 02:37:29 +05:30
Yash Mehrotra 01e30a1a9d Added datefields and their validations 2015-10-22 02:34:31 +05:30
Yash Mehrotra 74b74b37db Added basic interface to read JSON data 2015-10-22 02:31:38 +05:30
Jeff Bryner 91f0998316 Merge pull request #308 from gene1wood/cloudtrail-improvements 
Added the ability to iterate over multiple AWS accounts, multiple regions
 2015-10-21 13:46:48 -07:00
Gene Wood f84e9726a7 Added the ability to iterate over multiple AWS accounts, multiple regions, and the s3 buckets associated with the CloudTrail in each account/region combination 
* Added RoleManager to cache and manage assumed IAM roles and their credentials
* Added HACK to workaround missing permissions requested in https://bugzilla.mozilla.org/show_bug.cgi?id=1216784
* Added State class to manage and store state instead of writing state to the config file
* Constrained s3 bucket key searches to the specific paths that we're interested in, instead of all keys in all paths of the bucket
* Constrained searches for account/region combinations which have no lastrun value to the previous hour instead of the previous 2 days
* Added new options
  * aws_accounts : comma delimited list of AWS account IDs to gather CloudTrail data from
  * assumed_role_arns : comma delimited list of ARNs of AWS IAM Roles in various AWS accounts that we can assume in order to query for CloudTrail configuration or fetch s3 data
  * bucket_account_map : json encoded dictionary of the mapping of s3 bucket names to their associated AWS account numbers
  * state_file_name : filename of the new state storage json file
  * regions : list of AWS regions to iterate over for each account looking for CloudTrail configurations
* Removed options
  * lastrun : this information is now stored in the state file instead of the config
 2015-10-21 13:40:29 -07:00
Jeff Bryner 22381b93bf Merge pull request #307 from gdestuynder/master 
Fix submodule reference
 2015-10-21 13:22:38 -07:00
Guillaume Destuynder 593ad77ee7 Fix submodule reference 2015-10-21 13:05:00 -07:00
Jeff Bryner f5734b0c7e Merge pull request #305 from gdestuynder/master 
Fix reading of SQS JSON msgs - this works regardless of messages bein…
 2015-10-20 12:56:11 -07:00
Guillaume Destuynder 334f5466a4 Fix reading of SQS JSON msgs - this works regardless of messages being raw JSON or base64-encoded JSON. 
Since Boto does base64 encode messages while writing to the queue this can happen (also since we use Boto, we were
previously expecting all messages to be base64 encoded, which wouldn't work if your writer wasn't Boto)
 2015-10-20 12:44:03 -07:00
Jeff Bryner 146af04f9f Merge pull request #293 from yashmehrotra/installation-doc-update 
New documentation for installation
 2015-10-19 16:54:20 -07:00
Yash Mehrotra 3942f2278e Installation documentation for apt-based systems 2015-10-20 02:59:13 +05:30