DEPRECATED - MozDef: Mozilla Enterprise Defense Platform
Перейти к файлу
Jeff Bryner 1246b7dcab Merge pull request #223 from gdestuynder/master
New alert for https://github.com/mozilla-it/duo_openvpn
2015-01-22 16:45:14 -08:00
alerts New alert for https://github.com/mozilla-it/duo_openvpn 2015-01-23 01:39:32 +01:00
benchmarking averez-19-samples: move json2Mozdef.py to /benchmarking/workers/ 2014-04-22 09:15:41 -07:00
bot explicitly set alert exchange to durable 2015-01-15 15:26:04 -08:00
cron explicitly set alert exchange to durable 2015-01-15 15:25:13 -08:00
docker remove mrt installs for stuff installed by meteor automagically 2015-01-15 15:23:57 -08:00
docs Add demo.mozdef.com details 2014-10-06 12:11:28 -07:00
examples Alert Development ipython notebook, closes #213 2014-12-16 11:14:03 -08:00
initscripts minor change to conf file location for supervisord/alerts 2015-01-15 15:31:00 -08:00
lib Replacing mozdef_lib by mozdef_client 2014-12-17 18:10:31 +01:00
loginput add application parameter 2014-06-03 09:29:49 -07:00
logs
meteor update VERIS tags, closes #222 2015-01-22 16:43:21 -08:00
mq Merge pull request #216 from jvehent/master 2014-12-16 17:02:00 -08:00
rest add veris visualization for incident stats, closes #64 2014-10-14 17:10:40 -07:00
utils source fqdn for netflow, add a whitelist of netflow senders to accept as an option 2014-09-26 11:15:47 -07:00
.gitignore Ignore the results/ directory in git 2014-08-11 21:21:11 +02:00
.gitmodules Replacing mozdef_lib by mozdef_client 2014-12-17 18:10:31 +01:00
CONTRIBUTING.md
LICENSE
README.md
analyze_code.sh averez-22-license: Fix license stuff (Closes #22) 2014-04-16 11:40:15 -07:00
requirements.txt averez-ipwhois-fix: upgrade to ipwhois 0.9.0 2014-07-28 14:42:00 -07:00

README.md

===================================== MozDef: The Mozilla Defense Platform

Why?

The inspiration for MozDef comes from the large arsenal of tools available to attackers. Suites like metasploit, armitage, lair, dradis and others are readily available to help attackers coordinate, share intelligence and finely tune their attacks in real time. Defenders are usually limited to wikis, ticketing systems and manual tracking databases attached to the end of a Security Information Event Management (SIEM) system.

The Mozilla Defense Platform (MozDef) seeks to automate the security incident handling process and facilitate the real-time activities of incident handlers.

Goals:

  • Provide a platform for use by defenders to rapidly discover and respond to security incidents.
  • Automate interfaces to other systems like bunker, banhammer, mig
  • Provide metrics for security events and incidents
  • Facilitate real-time collaboration amongst incident handlers
  • Facilitate repeatable, predictable processes for incident handling
  • Go beyond traditional SIEM systems in automating incident handling, information sharing, workflow, metrics and response automation

Status:

MozDef is in early proof of concept phases at Mozilla.

DOCS:

http://mozdef.readthedocs.org/en/latest/