mozilla
/
MozDef
зеркало из https://github.com/mozilla/MozDef.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
4 828 коммитов 4 Ветки 53 Теги 68 MiB
Граф коммитов

599 Коммитов

Автор SHA1 Сообщение Дата
Brandon Myers ed1d4aa8cf
Fixup remaining python3 leftovers 2019-06-29 15:51:00 -05:00
Brandon Myers 9a075dcbe0
Remove unicode-u keyword 2019-06-29 15:11:00 -05:00
Brandon Myers c7954eebba
Fixup alerttask and deadman test case 2019-06-29 13:51:40 -05:00
Brandon Myers 390a3feef2
Rename unicode type to str 2019-06-28 18:21:48 -05:00
Brandon Myers 3c394a1365
Update map to list for ipv6 2019-06-28 17:45:21 -05:00
Brandon Myers 3345587f32
Fixup dashboard geomodel alert action 2019-06-28 17:35:41 -05:00
Brandon Myers e30f3f1d69
Remove call to encode ascii on strings 2019-06-28 17:26:58 -05:00
Brandon Myers bd4c48db9a
Rename iteritems to items for dictionaries 2019-06-28 16:49:30 -05:00
Brandon Myers f1c4287fa5
Ensure parenthesis for print statements 2019-06-28 16:28:14 -05:00
Brandon Myers f64a512c3b
Merge pull request #1294 from mozilla/port-scan-enrichment 
Port scan enrichment
 2019-06-05 19:09:24 -05:00
Emma Rose d9a0c44c53
Use a TermMatch instead of a PhraseMatch 2019-05-31 17:12:21 -04:00
Emma Rose 0a1783e8fc
Don't need to copy the alert before modifying; mutation is part of the interface expectations 2019-05-31 17:03:18 -04:00
Emma Rose 7904b32b44
Use a timestamp example consistent with the format we actually use 2019-05-31 17:02:59 -04:00
Emma Rose c373aa8efc
Merge branch 'master' into port-scan-enrichment 2019-05-31 16:36:29 -04:00
Emma Rose 5646fd6005
Merge branch 'master' into ip-alert-enrichment 2019-05-31 16:36:17 -04:00
Brandon Myers d46c6d01c9
Update deadman generic alert to use events-weekly as index 2019-05-30 10:07:56 -05:00
Emma Rose bd3d2ba510
Default to searching the events-weekly index since this is more appropriate in most cases 2019-05-29 18:31:48 -04:00
Emma Rose 749979280b
Add missing json import... again? 2019-05-29 16:29:03 -04:00
Brandon Myers e04e7a7fbd
Override event indices in generic deadman alert 2019-05-29 15:10:23 -05:00
Brandon Myers d4e7a94688
Revert "Use wildcard in indices for searching" 
This reverts commit 3e93e5ea51.
 2019-05-29 15:09:44 -05:00
Emma Rose 2a12ec505a
Merge branch 'master' into ip-alert-enrichment 2019-05-28 18:10:32 -04:00
Emma Rose d085d076fa
Merge branch 'master' into port-scan-enrichment 2019-05-28 15:24:06 -04:00
Brandon Myers f65d4416fc
Merge pull request #1270 from mozilla/reinforce2019 
Reinforce2019
 2019-05-28 12:48:20 -05:00
Andrew Krug 6d39acbfba
address PR nits 2019-05-28 10:31:33 -07:00
Emma Rose cc9d76e576
Handle the default values for the matchTags configuration option 2019-05-27 19:11:32 -04:00
Emma Rose bd80492c4d
Syntax and formatting fixups 2019-05-27 19:05:10 -04:00
Emma Rose 01de6d0911
Abstract the ElasticSearchClient interface away to facilitate dependency injection in the enrich function 2019-05-27 18:37:33 -04:00
Emma Rose 4277079868
Implement the _load_config function 2019-05-27 18:36:52 -04:00
Emma Rose 0ce491f474
First take at implementing an alert plugin to enrich port scan alerts with info about recent connections 2019-05-27 17:27:00 -04:00
Brandon Myers 11122142e0
Fix watchlist process_alert function 2019-05-24 19:58:03 -05:00
Emma Rose e191cb2e4a
Resolving PEP 8 errors 2019-05-21 20:43:41 -04:00
Emma Rose 88a43b942a
Implement _load_config to just naively try to open and parse the config file specified; not going to supply a default because we probably want to know if the file doenst exist 2019-05-21 20:42:40 -04:00
Andrew Krug d822a3cce0
update gitignore 2019-05-19 11:02:58 -07:00
Emma Rose 384e9519ed
Merge branch 'master' into ip-alert-enrichment 2019-05-16 13:54:34 -04:00
Emma Rose c4ac61f24d
Satisfy tests 2019-05-16 13:54:18 -04:00
Emma Rose 91d7fe21e3
Document and test for a more detailed format for listing sites 2019-05-16 13:45:18 -04:00
Emma Rose 3fb2c046ee
Make 'site' a parameter to format 2019-05-14 19:25:28 -04:00
Brandon Myers 9d33494a13
Merge pull request #1264 from mozilla/create_excessive_describe_calls_cloudtrail 
Create simple cloudtrail excessive describe calls alert
 2019-05-14 14:42:23 -05:00
Andrew J Krug 4d554b28ea
Merge branch 'master' into alert_sqs_support 2019-05-14 11:56:54 -07:00
Brandon Myers e141d3e5c8
Merge pull request #1256 from mozilla/fixup_watchlist_alert 
Fixup watchlist alert to have auth be configurable
 2019-05-14 13:38:26 -05:00
Brandon Myers d5a543038e
Create simple cloudtrail excessive describe calls alert 2019-05-14 12:34:57 -05:00
Emma Rose 8e32489da5
Merge branch 'master' into ip-alert-enrichment 2019-05-13 17:27:04 -04:00
Emma Rose b6f48f50a6
Add the name of the office/vpn/whatever to details.site 2019-05-13 17:26:50 -04:00
Emma Rose 27f80e4477
removed unused ipVersion from config; add 'site' field that will be made distinct entry in alert details 2019-05-13 17:19:57 -04:00
Emma Rose e2e5978ea8
Follow standard for json config file naming 2019-05-13 17:18:05 -04:00
Emma Rose 5a6cc454cb
Fixed syntax 2019-05-13 12:35:53 -04:00
Brandon Myers 573cf3e376
Add watchlist alert to default docker environment 2019-05-13 10:55:24 -05:00
Andrew Krug 187718e837
minor flake errors 2019-05-12 10:30:51 -07:00
Andrew Krug ca340dcb57
a few fixes for region transport options 2019-05-12 10:19:22 -07:00
Andrew Krug 6205ef0e14
queue name is not a dict 2019-05-12 08:13:58 -07:00