MozDef/alerts
Brandon Myers 71dd920f45
Create alert plugins directory
2019-03-22 17:13:20 -05:00
..
actions Rename alert plugins to alert actions again 2019-03-12 15:53:17 -07:00
lib Merge pull request #1124 from mpurzynski/alert_plugins 2019-03-20 13:41:16 -05:00
plugins Create alert plugins directory 2019-03-22 17:13:20 -05:00
__init__.py
alert_actions.ini Update missing references to alertactions in syslog configs 2019-03-21 17:36:47 -05:00
alert_actions_worker.conf Rename alert plugins to actions in docker env 2019-03-20 15:25:22 -05:00
alert_actions_worker.py Include changes in the alert_worker and rename it to alert_actions_worker 2019-03-14 13:56:27 -07:00
alert_template.template Update alert and test template 2018-10-31 14:11:31 -05:00
auditd_commands.conf Add alert for generic auditd command 2018-05-24 15:52:11 -05:00
auditd_commands.py Update auditd commands alert with proper category 2018-12-26 14:23:15 -05:00
auditd_sftp.py Caught a couple more broken imports 2018-10-16 15:43:03 -07:00
bruteforce_ssh.conf Add alerts to use config files 2017-06-15 15:07:42 -05:00
bruteforce_ssh.py Catch keyboard-interactive 2018-12-29 09:32:09 -08:00
bugzilla_auth_bruteforce.conf Naming Convention and Logging Changes. 2017-10-04 15:59:49 -05:00
bugzilla_auth_bruteforce.py Remove unused import statements 2018-12-14 11:34:42 -06:00
celeryconfig.py Remove .keys() call during key exists comparison 2019-02-15 12:11:15 -06:00
cloudtrail_deadman.py Modify deadman alerts to use new DeadmanAlertTask class 2019-02-04 15:04:04 -06:00
cloudtrail_logging_disabled.py lowering keys that the lower_keys plugin will affect, and removing unused details.Random field. 2018-11-26 18:38:51 -06:00
confluence_shell.py Fixed the rest of the imports 2018-10-16 15:33:58 -07:00
critical_users.json Add an example configuration file 2017-10-24 10:58:54 -07:00
deadman.conf Fixup deadman alert to use hostname field 2018-08-20 16:20:02 -05:00
deadman.py Modify deadman alerts to use new DeadmanAlertTask class 2019-02-04 15:04:04 -06:00
deadman_generic.json Allow search window type to be specified in generic deadman config 2019-02-04 13:20:54 -06:00
deadman_generic.py Merge pull request #1090 from mozilla/update_summary_generic_deadman 2019-02-06 13:00:18 -06:00
duo_authfail.conf Add alerts to use config files 2017-06-15 15:07:42 -05:00
duo_authfail.py Update the alert and the unit test as well 2019-02-19 14:50:20 -08:00
duo_fail_open.py Fixed the rest of the imports 2018-10-16 15:33:58 -07:00
feedback_events.json Fixup alert and worker for SSO feedback events 2018-04-30 12:43:59 -05:00
feedback_events.py Fixed the rest of the imports 2018-10-16 15:33:58 -07:00
fxa_alerts.py Fixup block comments not having a space after hash 2018-12-14 13:40:07 -06:00
generic_alert_loader.conf
generic_alert_loader.py Update generic alert loader to use mozdef_util library 2019-02-14 13:58:01 -06:00
geomodel.conf Add url to geomodel alert 2017-12-05 15:41:43 -06:00
geomodel.py Fixed the rest of the imports 2018-10-16 15:33:58 -07:00
get_watchlist.conf Correct token and header setting 2018-12-16 12:11:08 -06:00
get_watchlist.py A few tweaks in regards to previous suggestions and advice. 2019-01-07 19:34:37 -06:00
guard_duty_probe.py Remove unused import statements 2018-12-14 11:34:42 -06:00
honeycomb.py Resolve E126 continuation of over-indented lines 2018-10-31 17:17:49 -05:00
http_auth_bruteforce.conf Naming Convention and Logging Changes. 2017-10-04 15:59:49 -05:00
http_auth_bruteforce.py Remove unused import statements 2018-12-14 11:34:42 -06:00
http_errors.conf Naming Convention and Logging Changes. 2017-10-04 15:59:49 -05:00
http_errors.py Remove unused import statements 2018-12-14 11:34:42 -06:00
ldap_add.py Fixed the rest of the imports 2018-10-16 15:33:58 -07:00
ldap_delete.py Fixed the rest of the imports 2018-10-16 15:33:58 -07:00
ldap_group.py Fixed the rest of the imports 2018-10-16 15:33:58 -07:00
ldap_lockout.py Fixed the rest of the imports 2018-10-16 15:33:58 -07:00
multiple_intel_hits.py Remove .keys() call during key exists comparison 2019-02-15 12:11:15 -06:00
nsm_scan_address.json The standard alert version of the Address_Scan 2018-11-07 17:33:11 -08:00
nsm_scan_address.py Use the correct source field 2019-01-16 15:32:51 -08:00
nsm_scan_port.json More cleanups 2019-01-16 16:14:27 -08:00
nsm_scan_port.py Remove trailing whitespace 2019-01-28 13:40:37 -08:00
nsm_scan_random.json Add an example configuration file 2018-11-20 13:24:46 -08:00
nsm_scan_random.py Use the correct source field 2019-01-16 15:32:51 -08:00
old_events.py Fixed the rest of the imports 2018-10-16 15:33:58 -07:00
open_port_violation.py Fixed the rest of the imports 2018-10-16 15:33:58 -07:00
promisc_audit.py Fixed the rest of the imports 2018-10-16 15:33:58 -07:00
promisc_kernel.py Fixed the rest of the imports 2018-10-16 15:33:58 -07:00
proxy_drop_executable.conf Add more tests and exception cases for proxy executable drop alert 2018-10-03 10:33:19 -04:00
proxy_drop_executable.py Move the alert about proxy drop for an executable to the new proxy format 2019-02-21 12:58:11 -08:00
proxy_drop_ip.py Cleanups 2019-02-25 18:49:32 -08:00
proxy_drop_non_standard_port.conf Add example config 2018-10-11 13:50:15 -04:00
proxy_drop_non_standard_port.py More of pepism 2019-02-25 17:29:00 -08:00
proxy_exfil_domains.conf Renaming the config file to reflect the change in alert name 2018-12-05 18:14:53 -05:00
proxy_exfil_domains.py More updates to alerts on anomalies from proxy logs 2019-02-21 18:03:10 -08:00
session_opened_sensitive_user.py Fixed the rest of the imports 2018-10-16 15:33:58 -07:00
sqs_queues_deadman.conf Add deadman alert for sqs queues from tag 2017-06-15 15:07:29 -05:00
sqs_queues_deadman.py Modify deadman alerts to use new DeadmanAlertTask class 2019-02-04 15:04:04 -06:00
ssh_access.json Remove the extra colon 2019-01-04 11:32:25 -08:00
ssh_access.py Make the Nagios alert more generic 2018-11-20 14:03:02 -08:00
ssh_access_signreleng.json Convert ssh access config to json 2018-10-22 19:31:50 -05:00
ssh_access_signreleng.py Convert ssh access config to json 2018-10-22 19:31:50 -05:00
ssh_bruteforce_bro.conf Naming Convention and Logging Changes. 2017-10-04 15:59:49 -05:00
ssh_bruteforce_bro.py Remove unused import statements 2018-12-14 11:34:42 -06:00
ssh_ioc.py Fixed the rest of the imports 2018-10-16 15:33:58 -07:00
ssh_key.conf Naming Convention and Logging Changes. 2017-10-04 15:59:49 -05:00
ssh_key.py Fixup closing bracket indentation not matching original 2018-12-14 12:39:23 -06:00
ssh_lateral.json ssh_lateral: add sample config file 2017-06-15 15:07:42 -05:00
ssh_lateral.py Add function to append hostname to ip for ssh lateral alert 2018-11-05 13:04:01 -06:00
ssh_password_auth_violation.py Fixed the rest of the imports 2018-10-16 15:33:58 -07:00
ssl_blacklist_hit.py Fixed the rest of the imports 2018-10-16 15:33:58 -07:00
supervisord_alerts.ini Naming Convention and Logging Changes. 2017-10-04 15:59:49 -05:00
trace_audit.conf Consolidated ptrace/strace events into custom alert aggregated by executing user. 2018-05-07 14:18:06 -05:00
trace_audit.py Add hostname to trace audit alert summary 2018-12-18 15:27:30 -06:00
unauth_ssh.conf
unauth_ssh.py Fixed the rest of the imports 2018-10-16 15:33:58 -07:00
vpn_duo_auth_failures.py Fixed the rest of the imports 2018-10-16 15:33:58 -07:00
write_audit.conf Add user, path and downgrade severity for audit write alert 2018-12-17 15:14:32 -06:00
write_audit.py Add user, path and downgrade severity for audit write alert 2018-12-17 15:14:32 -06:00