DEPRECATED - MozDef: Mozilla Enterprise Defense Platform
Перейти к файлу
Yash Mehrotra 103df62cf3 Fix for showing correct attack details in sidenav
Change 'vr' to Landmass
2016-01-19 19:29:16 +05:30
alerts Initial support for squid alerts coming from EC2 2015-10-22 17:25:52 -07:00
benchmarking averez-19-samples: move json2Mozdef.py to /benchmarking/workers/ 2014-04-22 09:15:41 -07:00
bot Fix submodule reference 2015-10-21 13:05:00 -07:00
cron Added read field in collectAttackers 2016-01-18 19:13:07 +05:30
docker revert to stable, closes #277 2015-05-29 12:32:46 -07:00
docs Installation documentation for apt-based systems 2015-10-20 02:59:13 +05:30
examples add a python notebook for posting sample events 2015-05-29 11:39:11 -07:00
initscripts minor change to conf file location for supervisord/alerts 2015-01-15 15:31:00 -08:00
lib Update submodules 2015-06-16 17:12:54 -07:00
loginput update uwsgi config to not allocate threads, closes #273 2015-05-14 15:49:31 -07:00
logs [meteor] gitignore and bug fix when empty ES 2014-03-07 10:25:54 -08:00
meteor Fix for showing correct attack details in sidenav 2016-01-19 19:29:16 +05:30
mq Use details.program as standard field for processname instead of fluentd 2015-10-22 10:54:42 -07:00
rest update cymon api to new version, closes #284 2015-07-27 11:27:08 -07:00
utils source fqdn for netflow, add a whitelist of netflow senders to accept as an option 2014-09-26 11:15:47 -07:00
.gitignore Ignore the results/ directory in git 2014-08-11 21:21:11 +02:00
.gitmodules Support querying bugzilla for bugs (for example, incident/investigation bugs) 2015-03-25 16:45:52 -07:00
CONTRIBUTING.md averez-issue-23-contributing: add CONTRIBUTING.md 2014-04-14 08:53:42 -07:00
LICENSE Updated license file to conform with MPL 2014-02-25 09:55:02 -08:00
README.md updating the README to reflect production status (since Summer 2014) 2015-02-15 12:05:40 -08:00
analyze_code.sh averez-22-license: Fix license stuff (Closes #22) 2014-04-16 11:40:15 -07:00
requirements.txt add facebook threatexchange support, closes #260 2015-06-09 08:12:29 -07:00

README.md

===================================== MozDef: The Mozilla Defense Platform

Why?

The inspiration for MozDef comes from the large arsenal of tools available to attackers. Suites like metasploit, armitage, lair, dradis and others are readily available to help attackers coordinate, share intelligence and finely tune their attacks in real time. Defenders are usually limited to wikis, ticketing systems and manual tracking databases attached to the end of a Security Information Event Management (SIEM) system.

The Mozilla Defense Platform (MozDef) seeks to automate the security incident handling process and facilitate the real-time activities of incident handlers.

Goals:

  • Provide a platform for use by defenders to rapidly discover and respond to security incidents.
  • Automate interfaces to other systems like bunker, banhammer, mig
  • Provide metrics for security events and incidents
  • Facilitate real-time collaboration amongst incident handlers
  • Facilitate repeatable, predictable processes for incident handling
  • Go beyond traditional SIEM systems in automating incident handling, information sharing, workflow, metrics and response automation

Status:

MozDef is in production at Mozilla where we are using it to process over 300 million events per day.

DOCS:

http://mozdef.readthedocs.org/en/latest/