mozilla
/
MozDef
зеркало из https://github.com/mozilla/MozDef.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
2 502 коммитов 4 Ветки 53 Теги 68 MiB
Граф коммитов

316 Коммитов

Автор SHA1 Сообщение Дата
Brandon Myers fa4d4427ea
Add tests for unicode attributes in geomodel plugin 2018-05-21 15:26:54 -05:00
Brandon Myers cc32daa837
Merge pull request #681 from mozilla/strace_audit_custom 
Consolidated ptrace/strace events into custom alert
 2018-05-16 10:36:57 -05:00
Brandon Myers 2d61a2cc35
Add previous locality details to geomodel alert 2018-05-11 12:31:12 -05:00
Brandon Myers 60497257a5
Merge pull request #687 from mozilla/write_audit_custom 
Updating search window time to be 15 mins
 2018-05-09 18:12:52 -05:00
Phrozyn b332a74c51
Updating search window time to be 15 mins 2018-05-09 18:00:10 -05:00
Brandon Myers 249d4e0337
Merge pull request #678 from mozilla/write_audit_custom 
Write audit custom
 2018-05-09 17:47:49 -05:00
Brandon Myers 0cb3847703
Merge pull request #666 from mozilla/ssh_bruteforce_improvement 
Add publickey to TermsMatch
 2018-05-09 17:40:26 -05:00
Phrozyn efaf54940d
Consolidated ptrace/strace events into custom alert aggregated by executing user. 2018-05-07 14:18:06 -05:00
Brandon Myers a9a05051ae
Merge pull request #669 from mozilla/old_events_typo_correction 
Correcting category typo
 2018-05-02 13:03:23 -07:00
Phrozyn 0e7053e86b
Overriding expected classname 2018-05-02 14:54:18 -05:00
Phrozyn 94275cb20b
Adjusting notify_mozdefbot to true, and alert Classname. 2018-05-02 14:24:44 -05:00
Phrozyn 36597b7715
placeholder vars 2018-05-01 18:05:23 -05:00
Phrozyn e09974b6fc
Adding hostnames var 2018-05-01 17:14:10 -05:00
Phrozyn f7fe1b28df
converting generic audit_write to custom alert 2018-05-01 17:08:49 -05:00
Brandon Myers 26701ffa15
Fixup alert and worker for SSO feedback events 2018-04-30 12:43:59 -05:00
Phrozyn 3d9553d981
Correcting category typo 2018-04-17 18:12:14 -05:00
Phrozyn 3cf4b242fb
Add publickey to TermsMatch as we are missing all publickey failed logins. 2018-04-16 14:06:34 -05:00
Brandon Myers baa69f68aa
Dynamically register alert tasks in new celery 2018-03-26 14:39:30 -05:00
Phrozyn f2ae166d6b
removing trailing comma 2018-03-02 15:32:35 -06:00
Phrozyn 75788b9c86
removing trailing comma 2018-03-02 15:30:42 -06:00
Phrozyn ba9e00ce94
Removing _type from alerts and testing. Phase I. Can't fully remove _type until we move to new mapping. 2018-03-02 15:29:30 -06:00
Brandon Myers f465ccf120
Merge remote-tracking branch 'origin/master' into add_feedback_event 2018-02-14 13:34:14 -06:00
Brandon Myers 167a3d6374
Remove type check in feedback alert 2018-02-13 13:45:41 -06:00
Brandon Myers c60c7b8c36
Remove extra line after copywrite date 2018-01-04 17:15:35 -06:00
Brandon Myers 64d91637ff
Merge pull request #578 from yashmehrotra/fix-407 
Remove free-form 'Contributor:' text from code. Fixes #407
 2018-01-04 15:25:18 -06:00
A Smith d53702ddf2
Merge pull request #580 from mozilla/fix_unicode_error_log 
Convert debug message into unicode string
 2018-01-04 14:18:32 -06:00
Brandon Myers f4d0e6370c
Automatically add aggregation key to search query exists match 2018-01-04 14:00:00 -06:00
Brandon Myers c5d4c0cbfc
Convert debug message into unicode string 2018-01-03 15:34:45 -06:00
Yash Mehrotra 2a0aa258a8
Undo accidental changes 2017-12-23 02:31:51 +05:30
Yash Mehrotra 90d7e3b6d3
Remove free-form 'Contributor:' text from code. Fixes #407 2017-12-23 02:14:53 +05:30
Brandon Myers 59d95ff178
Revert "Merge pull request #554 from mozilla/improve_cloudtrail_worker" 
This reverts commit 501819cfb5, reversing
changes made to b09c700cb9.
 2017-12-08 16:09:57 -06:00
Brandon Myers 20813b7835
Revert "Merge pull request #566 from mozilla/fix_camelcase_alert" 
This reverts commit 78fcd5b632, reversing
changes made to 761f16423d.
 2017-12-08 16:09:13 -06:00
Brandon Myers ec86891750
Add feedback alert to handle feedback events 2017-12-08 15:10:19 -06:00
Brandon Myers fd29a05009
Fix cloudtrail alerts with camelcase keys 2017-12-06 14:28:38 -06:00
Brandon Myers 45444f3899
Add url to geomodel alert 2017-12-05 15:41:43 -06:00
Brandon Myers 5322ec055c
Add whitelisting support to geomodel alert 2017-12-05 11:27:24 -06:00
Brandon Myers 169b9c2c62
Update geomodel alert to exclude additional attributes logic 2017-12-04 13:36:41 -06:00
Brandon Myers 02c3fa175f
Fix alerts and tests for new cloudtrail event format 2017-11-15 17:22:01 -06:00
Brandon Myers 1e9daaed29
Modify geomodel plugin to save to dynamo as json string 2017-11-14 14:25:33 -06:00
Brandon Myers 547379982b
Merge pull request #541 from mozilla/improve_geomodel_dashboard 
Improve geomodel dashboard
 2017-11-14 13:55:30 -06:00
Brandon Myers e8a4ecb415
Modify generic dashboard plugin to specific geomodel plugin 2017-11-09 13:15:53 -06:00
Brandon Myers 2a1d6f03a2
Rename sso dashboard plugin to geomodel dashboard 2017-11-09 13:13:30 -06:00
Brandon Myers 73b4b7ca2d
Fix example json of generic alert 2017-11-08 13:48:56 -06:00
Brandon Myers f4b00d5eab
Add sourceip field to geomodel alert 2017-11-07 11:55:19 -06:00
Michal Purzynski e8a55aa48c Change the window alert is looking for events in 2017-10-26 15:50:25 -07:00
Michal Purzynski 7568e535a4 Sort hostnames before crafting an alert message 2017-10-26 15:11:59 -07:00
Michal Purzynski 9eb54fe5ba Add an example configuration file 2017-10-24 10:58:54 -07:00
Michal Purzynski 404e8526a0 English is fun 2017-10-24 10:24:09 -07:00
Michal Purzynski 47f6d2e318 A new version of the sensitive_user alert 2017-10-23 17:10:25 -07:00
Michal Purzynski 96a457defd Update the ssh bruteforcing detection from bro alert 2017-10-20 15:31:18 -07:00