DEPRECATED - MozDef: Mozilla Enterprise Defense Platform
Перейти к файлу
Jeff Bryner 18d8f6edb0 fix "too many items" problem in the tags pivot table 2017-08-25 15:41:17 -07:00
.github Update ISSUE_TEMPLATE.md 2017-06-15 15:05:44 -05:00
alerts Small fixups 2017-08-22 12:50:38 -07:00
benchmarking Remove US/Pacific timezone references 2017-06-15 15:04:51 -05:00
bot Update geolite class to use new geolite2 db 2017-08-15 12:10:35 -05:00
config Move default ES mapping to config directory 2017-08-04 16:54:01 -05:00
cron Change default mq creds in config 2017-08-17 16:05:14 -05:00
docker updated packages to allow bcrypt to build 2017-08-25 11:42:52 -07:00
docs Update copyright date 2017-08-08 11:29:15 -05:00
examples Add mqworker to docker container 2017-08-17 18:20:55 -05:00
lib Add try catch around ip lookup 2017-08-21 14:27:39 -05:00
loginput Add ability for docker-compose to start containers 2017-08-04 14:30:11 -05:00
meteor fix "too many items" problem in the tags pivot table 2017-08-25 15:41:17 -07:00
mq Change default mq creds in conf 2017-08-17 18:21:07 -05:00
rest Change default kibanaurl in rest conf 2017-08-17 16:08:35 -05:00
static Remove heatmap html page 2017-06-15 15:07:42 -05:00
systemdfiles Remove restapi from consumers and alerts 2017-07-31 12:23:55 -05:00
tests Add receivedtimestamp to search query test 2017-08-24 10:40:51 -04:00
.gitignore Add data directory to gitignore 2017-08-16 17:23:24 -05:00
.travis.yml Merge branch 'master' into move_tests_dependencies 2017-07-12 19:36:15 -05:00
CONTRIBUTING.md Modifying urls to point to mozilla from jeffbryner, slight readability changes. 2017-06-15 15:07:30 -05:00
LICENSE Updated license file to conform with MPL 2014-02-25 09:55:02 -08:00
Makefile Add correct volumes for docker single build 2017-08-17 18:48:04 -05:00
README.md Add docs status badge to readme 2017-08-07 19:18:17 -05:00
requirements.txt Update geolite class to use new geolite2 db 2017-08-15 12:10:35 -05:00

README.md

Build Status Documentation Status

MozDef: The Mozilla Defense Platform

Why?

The inspiration for MozDef comes from the large arsenal of tools available to attackers. Suites like metasploit, armitage, lair, dradis and others are readily available to help attackers coordinate, share intelligence and finely tune their attacks in real time. Defenders are usually limited to wikis, ticketing systems and manual tracking databases attached to the end of a Security Information Event Management (SIEM) system.

The Mozilla Defense Platform (MozDef) seeks to automate the security incident handling process and facilitate the real-time activities of incident handlers.

Goals:

  • Provide a platform for use by defenders to rapidly discover and respond to security incidents.
  • Automate interfaces to other systems like bunker, banhammer, mig
  • Provide metrics for security events and incidents
  • Facilitate real-time collaboration amongst incident handlers
  • Facilitate repeatable, predictable processes for incident handling
  • Go beyond traditional SIEM systems in automating incident handling, information sharing, workflow, metrics and response automation

Status:

MozDef is in production at Mozilla where we are using it to process over 300 million events per day.

DOCS:

http://mozdef.readthedocs.org/en/latest/