.. |
actions
|
Rename alert plugins to alert actions again
|
2019-03-12 15:53:17 -07:00 |
lib
|
Merge pull request #1124 from mpurzynski/alert_plugins
|
2019-03-20 13:41:16 -05:00 |
plugins
|
Create alert plugins directory
|
2019-03-22 17:13:20 -05:00 |
__init__.py
|
…
|
|
alert_actions.ini
|
Update missing references to alertactions in syslog configs
|
2019-03-21 17:36:47 -05:00 |
alert_actions_worker.conf
|
Rename alert plugins to actions in docker env
|
2019-03-20 15:25:22 -05:00 |
alert_actions_worker.py
|
Include changes in the alert_worker and rename it to alert_actions_worker
|
2019-03-14 13:56:27 -07:00 |
alert_template.template
|
Update alert and test template
|
2018-10-31 14:11:31 -05:00 |
auditd_commands.conf
|
Add alert for generic auditd command
|
2018-05-24 15:52:11 -05:00 |
auditd_commands.py
|
Update auditd commands alert with proper category
|
2018-12-26 14:23:15 -05:00 |
auditd_sftp.py
|
Caught a couple more broken imports
|
2018-10-16 15:43:03 -07:00 |
bruteforce_ssh.conf
|
Add alerts to use config files
|
2017-06-15 15:07:42 -05:00 |
bruteforce_ssh.py
|
Catch keyboard-interactive
|
2018-12-29 09:32:09 -08:00 |
bugzilla_auth_bruteforce.conf
|
Naming Convention and Logging Changes.
|
2017-10-04 15:59:49 -05:00 |
bugzilla_auth_bruteforce.py
|
Remove unused import statements
|
2018-12-14 11:34:42 -06:00 |
celeryconfig.py
|
Remove .keys() call during key exists comparison
|
2019-02-15 12:11:15 -06:00 |
cloudtrail_deadman.py
|
Modify deadman alerts to use new DeadmanAlertTask class
|
2019-02-04 15:04:04 -06:00 |
cloudtrail_logging_disabled.py
|
lowering keys that the lower_keys plugin will affect, and removing unused details.Random field.
|
2018-11-26 18:38:51 -06:00 |
confluence_shell.py
|
Fixed the rest of the imports
|
2018-10-16 15:33:58 -07:00 |
critical_users.json
|
Add an example configuration file
|
2017-10-24 10:58:54 -07:00 |
deadman.conf
|
Fixup deadman alert to use hostname field
|
2018-08-20 16:20:02 -05:00 |
deadman.py
|
Modify deadman alerts to use new DeadmanAlertTask class
|
2019-02-04 15:04:04 -06:00 |
deadman_generic.json
|
Allow search window type to be specified in generic deadman config
|
2019-02-04 13:20:54 -06:00 |
deadman_generic.py
|
Merge pull request #1090 from mozilla/update_summary_generic_deadman
|
2019-02-06 13:00:18 -06:00 |
duo_authfail.conf
|
Add alerts to use config files
|
2017-06-15 15:07:42 -05:00 |
duo_authfail.py
|
Update the alert and the unit test as well
|
2019-02-19 14:50:20 -08:00 |
duo_fail_open.py
|
Fixed the rest of the imports
|
2018-10-16 15:33:58 -07:00 |
feedback_events.json
|
Fixup alert and worker for SSO feedback events
|
2018-04-30 12:43:59 -05:00 |
feedback_events.py
|
Fixed the rest of the imports
|
2018-10-16 15:33:58 -07:00 |
fxa_alerts.py
|
Fixup block comments not having a space after hash
|
2018-12-14 13:40:07 -06:00 |
generic_alert_loader.conf
|
…
|
|
generic_alert_loader.py
|
Update generic alert loader to use mozdef_util library
|
2019-02-14 13:58:01 -06:00 |
geomodel.conf
|
Add url to geomodel alert
|
2017-12-05 15:41:43 -06:00 |
geomodel.py
|
Fixed the rest of the imports
|
2018-10-16 15:33:58 -07:00 |
get_watchlist.conf
|
Correct token and header setting
|
2018-12-16 12:11:08 -06:00 |
get_watchlist.py
|
A few tweaks in regards to previous suggestions and advice.
|
2019-01-07 19:34:37 -06:00 |
guard_duty_probe.py
|
Remove unused import statements
|
2018-12-14 11:34:42 -06:00 |
honeycomb.py
|
Resolve E126 continuation of over-indented lines
|
2018-10-31 17:17:49 -05:00 |
http_auth_bruteforce.conf
|
Naming Convention and Logging Changes.
|
2017-10-04 15:59:49 -05:00 |
http_auth_bruteforce.py
|
Remove unused import statements
|
2018-12-14 11:34:42 -06:00 |
http_errors.conf
|
Naming Convention and Logging Changes.
|
2017-10-04 15:59:49 -05:00 |
http_errors.py
|
Remove unused import statements
|
2018-12-14 11:34:42 -06:00 |
ldap_add.py
|
Fixed the rest of the imports
|
2018-10-16 15:33:58 -07:00 |
ldap_delete.py
|
Fixed the rest of the imports
|
2018-10-16 15:33:58 -07:00 |
ldap_group.py
|
Fixed the rest of the imports
|
2018-10-16 15:33:58 -07:00 |
ldap_lockout.py
|
Fixed the rest of the imports
|
2018-10-16 15:33:58 -07:00 |
multiple_intel_hits.py
|
Remove .keys() call during key exists comparison
|
2019-02-15 12:11:15 -06:00 |
nsm_scan_address.json
|
The standard alert version of the Address_Scan
|
2018-11-07 17:33:11 -08:00 |
nsm_scan_address.py
|
Use the correct source field
|
2019-01-16 15:32:51 -08:00 |
nsm_scan_port.json
|
More cleanups
|
2019-01-16 16:14:27 -08:00 |
nsm_scan_port.py
|
Remove trailing whitespace
|
2019-01-28 13:40:37 -08:00 |
nsm_scan_random.json
|
Add an example configuration file
|
2018-11-20 13:24:46 -08:00 |
nsm_scan_random.py
|
Use the correct source field
|
2019-01-16 15:32:51 -08:00 |
old_events.py
|
Fixed the rest of the imports
|
2018-10-16 15:33:58 -07:00 |
open_port_violation.py
|
Fixed the rest of the imports
|
2018-10-16 15:33:58 -07:00 |
promisc_audit.py
|
Fixed the rest of the imports
|
2018-10-16 15:33:58 -07:00 |
promisc_kernel.py
|
Fixed the rest of the imports
|
2018-10-16 15:33:58 -07:00 |
proxy_drop_executable.conf
|
Add more tests and exception cases for proxy executable drop alert
|
2018-10-03 10:33:19 -04:00 |
proxy_drop_executable.py
|
Move the alert about proxy drop for an executable to the new proxy format
|
2019-02-21 12:58:11 -08:00 |
proxy_drop_ip.py
|
Cleanups
|
2019-02-25 18:49:32 -08:00 |
proxy_drop_non_standard_port.conf
|
Add example config
|
2018-10-11 13:50:15 -04:00 |
proxy_drop_non_standard_port.py
|
More of pepism
|
2019-02-25 17:29:00 -08:00 |
proxy_exfil_domains.conf
|
Renaming the config file to reflect the change in alert name
|
2018-12-05 18:14:53 -05:00 |
proxy_exfil_domains.py
|
More updates to alerts on anomalies from proxy logs
|
2019-02-21 18:03:10 -08:00 |
session_opened_sensitive_user.py
|
Fixed the rest of the imports
|
2018-10-16 15:33:58 -07:00 |
sqs_queues_deadman.conf
|
Add deadman alert for sqs queues from tag
|
2017-06-15 15:07:29 -05:00 |
sqs_queues_deadman.py
|
Modify deadman alerts to use new DeadmanAlertTask class
|
2019-02-04 15:04:04 -06:00 |
ssh_access.json
|
Remove the extra colon
|
2019-01-04 11:32:25 -08:00 |
ssh_access.py
|
Make the Nagios alert more generic
|
2018-11-20 14:03:02 -08:00 |
ssh_access_signreleng.json
|
Convert ssh access config to json
|
2018-10-22 19:31:50 -05:00 |
ssh_access_signreleng.py
|
Convert ssh access config to json
|
2018-10-22 19:31:50 -05:00 |
ssh_bruteforce_bro.conf
|
Naming Convention and Logging Changes.
|
2017-10-04 15:59:49 -05:00 |
ssh_bruteforce_bro.py
|
Remove unused import statements
|
2018-12-14 11:34:42 -06:00 |
ssh_ioc.py
|
Fixed the rest of the imports
|
2018-10-16 15:33:58 -07:00 |
ssh_key.conf
|
Naming Convention and Logging Changes.
|
2017-10-04 15:59:49 -05:00 |
ssh_key.py
|
Fixup closing bracket indentation not matching original
|
2018-12-14 12:39:23 -06:00 |
ssh_lateral.json
|
ssh_lateral: add sample config file
|
2017-06-15 15:07:42 -05:00 |
ssh_lateral.py
|
Add function to append hostname to ip for ssh lateral alert
|
2018-11-05 13:04:01 -06:00 |
ssh_password_auth_violation.py
|
Fixed the rest of the imports
|
2018-10-16 15:33:58 -07:00 |
ssl_blacklist_hit.py
|
Fixed the rest of the imports
|
2018-10-16 15:33:58 -07:00 |
supervisord_alerts.ini
|
Naming Convention and Logging Changes.
|
2017-10-04 15:59:49 -05:00 |
trace_audit.conf
|
Consolidated ptrace/strace events into custom alert aggregated by executing user.
|
2018-05-07 14:18:06 -05:00 |
trace_audit.py
|
Add hostname to trace audit alert summary
|
2018-12-18 15:27:30 -06:00 |
unauth_ssh.conf
|
…
|
|
unauth_ssh.py
|
Fixed the rest of the imports
|
2018-10-16 15:33:58 -07:00 |
vpn_duo_auth_failures.py
|
Fixed the rest of the imports
|
2018-10-16 15:33:58 -07:00 |
write_audit.conf
|
Add user, path and downgrade severity for audit write alert
|
2018-12-17 15:14:32 -06:00 |
write_audit.py
|
Add user, path and downgrade severity for audit write alert
|
2018-12-17 15:14:32 -06:00 |