MozDef

Граф коммитов

Автор	SHA1	Сообщение	Дата
Brandon Myers	50a7cb772a	Modify .ini scripts to use /opt dir Signed-off-by: Brandon Myers <bmyers@mozilla.com>	2017-06-15 15:03:40 -05:00
Brandon Myers	81a07bc2d5	Rename mozdefqa1 to localhost in configs Signed-off-by: Brandon Myers <bmyers@mozilla.com>	2017-06-15 15:03:40 -05:00
Brandon Myers	16db61383a	Fixup email message for ssh_access_signreleng Signed-off-by: Brandon Myers <bmyers@mozilla.com>	2017-06-15 15:03:39 -05:00
Phrozyn	ec2396a27c	pushing un-encrypted alertPluginsmules.ini	2017-06-15 15:03:35 -05:00
Brandon Myers	fdf38bf2b3	Fix up remaining pyes comments Signed-off-by: Brandon Myers <bmyers@mozilla.com>	2017-06-15 15:03:34 -05:00
Brandon Myers	d804fe5f1f	Remove leftover pyes Signed-off-by: Brandon Myers <bmyers@mozilla.com>	2017-06-15 15:03:34 -05:00
Brandon Myers	1e5d6f18fd	Fix alerts config ssh bruteforce Signed-off-by: Brandon Myers <bmyers@mozilla.com>	2017-06-15 15:03:34 -05:00
Brandon Myers	3ee067d29e	Change alerts config without pyes Signed-off-by: Brandon Myers <bmyers@mozilla.com>	2017-06-15 15:03:34 -05:00
Brandon Myers	26326f243d	Remove pyes from alert filenames Signed-off-by: Brandon Myers <bmyers@mozilla.com>	2017-06-15 15:03:34 -05:00
Brandon Myers	ea17b5883c	Fix toUTC isoformat problem Signed-off-by: Brandon Myers <bmyers@mozilla.com>	2017-06-15 15:03:33 -05:00
Brandon Myers	731da67eba	Fix timestamp related issues in tests Signed-off-by: Brandon Myers <bmyers@mozilla.com>	2017-06-15 15:03:22 -05:00
Brandon Myers	113b4c8125	Remove filtersFromKibana feature Signed-off-by: Brandon Myers <bmyers@mozilla.com>	2017-06-15 15:03:06 -05:00
Brandon Myers	176886e1a2	Remove unused alerts Signed-off-by: Brandon Myers <bmyers@mozilla.com>	2017-06-15 15:03:06 -05:00
Brandon Myers	d1265dd651	Add two cloudtrail alerts to run Signed-off-by: Brandon Myers <bmyers@mozilla.com>	2017-06-15 15:02:48 -05:00
Brandon Myers	e4f1046961	Fix cloudtrail_pyes Signed-off-by: Brandon Myers <bmyers@mozilla.com>	2017-06-15 15:02:48 -05:00
Brandon Myers	18091b58af	Update formatting weirdness in alerts Signed-off-by: Brandon Myers <bmyers@mozilla.com>	2017-06-15 15:02:48 -05:00
Brandon Myers	63ddffc11e	Fix alerttask import Signed-off-by: Brandon Myers <bmyers@mozilla.com>	2017-06-15 15:02:47 -05:00
Brandon Myers	6caaad320d	Remove duplicate definitions of toUTC Signed-off-by: Brandon Myers <bmyers@mozilla.com>	2017-06-15 15:02:46 -05:00
Brandon Myers	3a3221987f	Add cloudtrail couple alerts Signed-off-by: Brandon Myers <bmyers@mozilla.com>	2017-06-15 15:02:12 -05:00
Brandon Myers	2d55f2f1f5	Convert releng alert to non pyes Signed-off-by: Brandon Myers <bmyers@mozilla.com>	2017-06-15 15:02:12 -05:00
Brandon Myers	02ad68ed25	Fix bruteforce_ssh_pyes alert Signed-off-by: Brandon Myers <bmyers@mozilla.com>	2017-06-15 15:02:11 -05:00
Brandon Myers	8e52a89c4c	Finish updating alert unit tests to new format Signed-off-by: Brandon Myers <bmyers@mozilla.com>	2017-06-15 15:02:11 -05:00
Brandon Myers	76174add7d	Update mq directory with search class Signed-off-by: Brandon Myers <bmyers@mozilla.com>	2017-06-15 15:02:01 -05:00
Brandon Myers	4590d88efa	Update alert task with search query execute Signed-off-by: Brandon Myers <bmyers@mozilla.com>	2017-06-15 15:01:24 -05:00
Brandon Myers	7ccf36f75c	Update alert specs for new event format Signed-off-by: Brandon Myers <bmyers@mozilla.com>	2017-06-15 15:01:24 -05:00
Brandon Myers	5631e494de	Add unit tests for some rest routes Signed-off-by: Brandon Myers <bmyers@mozilla.com>	2017-06-15 15:01:23 -05:00
Brandon Myers	db711fe24f	Add space at top of class bruteforce_ssh_pyes Signed-off-by: Brandon Myers <bmyers@mozilla.com>	2017-06-15 15:01:23 -05:00
Brandon Myers	a1f67935ec	Update alerts for new model names Signed-off-by: Brandon Myers <bmyers@mozilla.com>	2017-06-15 15:01:23 -05:00
Brandon Myers	edba77e664	Remove pyes from vpn_duo_auth alert Signed-off-by: Brandon Myers <bmyers@mozilla.com>	2017-06-15 15:01:22 -05:00
Brandon Myers	73882f9606	Rename alerttask filter name Signed-off-by: Brandon Myers <bmyers@mozilla.com>	2017-06-15 15:01:22 -05:00
Brandon Myers	861340c311	Update kibana dashboard alert task Signed-off-by: Brandon Myers <bmyers@mozilla.com>	2017-06-15 15:01:22 -05:00
Brandon Myers	94ff87d681	Update WildcardQuery to WildcardMatch Signed-off-by: Brandon Myers <bmyers@mozilla.com>	2017-06-15 15:01:22 -05:00
Brandon Myers	a5c92149bf	Update ExistsFilter to ExistsMatch Signed-off-by: Brandon Myers <bmyers@mozilla.com>	2017-06-15 15:01:21 -05:00
Brandon Myers	6917f0b244	Update TermsFilter to TermsMatch Signed-off-by: Brandon Myers <bmyers@mozilla.com>	2017-06-15 15:01:21 -05:00
Brandon Myers	b05a6b03e9	Update TermFilter to TermMatch Signed-off-by: Brandon Myers <bmyers@mozilla.com>	2017-06-15 15:01:21 -05:00
Brandon Myers	5dd094f0f3	Fix correlated_alerts_pyes Signed-off-by: Brandon Myers <bmyers@mozilla.com>	2017-06-15 15:01:21 -05:00
Brandon Myers	0c17e0428b	Update correlated_alerts Signed-off-by: Brandon Myers <bmyers@mozilla.com>	2017-06-15 15:01:20 -05:00
Brandon Myers	a4e08fe60c	Update lib.query_classes to query_models Signed-off-by: Brandon Myers <bmyers@mozilla.com>	2017-06-15 15:01:20 -05:00
Brandon Myers	93d717dd95	Improve elasticsearch client and query models Signed-off-by: Brandon Myers <bmyers@mozilla.com>	2017-06-15 15:01:17 -05:00
Brandon Myers	8adba67da9	Update alerts to use search query class Signed-off-by: Brandon Myers <bmyers@mozilla.com>	2017-06-15 15:01:07 -05:00
Brandon Myers	2aad6424e4	Change initial group of alerts to search class Signed-off-by: Brandon Myers <bmyers@mozilla.com>	2017-06-15 15:01:06 -05:00
Phrozyn	d455a816fd	Removed unused libs from script.	2017-06-15 15:01:06 -05:00
Phrozyn	c395f67045	Moved time of login to beginning of email rather than end on ssh_access_releng.py	2017-06-15 15:01:06 -05:00
Phrozyn	0dc53c68fe	Adding new ssh_access_signreleng plugin	2017-06-15 15:01:05 -05:00
A Smith	a8d9c19f17	changed timeframe of ssh_access_signreleng_pyes alert from 20 to 10	2017-06-15 15:00:49 -05:00
Brandon Myers	1804008cc0	Update alerts to use US/Pacific Signed-off-by: Brandon Myers <bmyers@mozilla.com>	2017-06-15 15:00:48 -05:00
A Smith	1c50ef1e3b	Reverting to original alerttask.py Reverting to original until Michal's changes are solid.	2017-06-15 15:00:46 -05:00
Phrozyn	e88bf198b3	Adjusted timing of notifyRelengSSHAccesstimedelta and ssh_access_signreleng_pyes timedelta.	2017-06-15 15:00:44 -05:00
Phrozyn	fd7b8ef864	modified timedelta for celery for signing releng infra logins.	2017-06-15 15:00:43 -05:00
Phrozyn	c9c2dfaa08	Corrected ssh_access_signreleng_pyes.py	2017-06-15 15:00:43 -05:00

1 2 3

118 Коммитов