| .. |
|
lib
|
Add travisci to project and stabalize tests
|
2017-07-05 16:37:41 -05:00 |
|
plugins
|
Remove unused email alert plugin
|
2017-07-14 14:00:33 -05:00 |
|
__init__.py
|
averez-147-celery-alerts: more comments in the code
|
2014-07-15 16:31:21 -07:00 |
|
alertPlugins.ini
|
Adding log drain back to uwsgi ini files.
|
2017-06-15 15:07:29 -05:00 |
|
alertWorker.conf
|
Change default mq creds
|
2017-08-17 15:41:35 -05:00 |
|
alertWorker.py
|
Add logger statement in alert plugins
|
2017-06-15 15:06:22 -05:00 |
|
amoFailedLogins.py
|
Fix incorrect ES field names
|
2017-06-15 15:05:06 -05:00 |
|
auditd_sftp.py
|
Remove pyes from alert filenames
|
2017-06-15 15:03:34 -05:00 |
|
bruteforce_ssh.conf
|
Add alerts to use config files
|
2017-06-15 15:07:42 -05:00 |
|
bruteforce_ssh.py
|
Add alerts to use config files
|
2017-06-15 15:07:42 -05:00 |
|
bugzillaauthbruteforce.conf
|
Add alerts to use config files
|
2017-06-15 15:07:42 -05:00 |
|
bugzillaauthbruteforce.py
|
Add alerts to use config files
|
2017-06-15 15:07:42 -05:00 |
|
celeryconfig.py
|
Improve alert unit tests
|
2017-06-15 15:06:24 -05:00 |
|
cloudtrail_deadman.py
|
Add cloudtrail new alerts
|
2017-06-15 15:06:17 -05:00 |
|
cloudtrail_logging_disabled.py
|
Send Cloudtrail logging disabled alert to MOC
|
2017-06-15 15:07:45 -05:00 |
|
confluence_shell.py
|
Revert confluence shell fieldname
|
2017-06-15 15:05:07 -05:00 |
|
correlated_alerts.conf
|
Add alerts to use config files
|
2017-06-15 15:07:42 -05:00 |
|
correlated_alerts.py
|
Add alerts to use config files
|
2017-06-15 15:07:42 -05:00 |
|
critical_users.json
|
Add example configuration fie
|
2017-08-21 16:22:10 -07:00 |
|
deadman.conf
|
Add alerts to use config files
|
2017-06-15 15:07:42 -05:00 |
|
deadman.py
|
Add alerts to use config files
|
2017-06-15 15:07:42 -05:00 |
|
duo_authfail.conf
|
Add alerts to use config files
|
2017-06-15 15:07:42 -05:00 |
|
duo_authfail.py
|
Add alerts to use config files
|
2017-06-15 15:07:42 -05:00 |
|
duo_fail_open.py
|
Update formatting weirdness in alerts
|
2017-06-15 15:02:48 -05:00 |
|
fxaAlerts.py
|
Fix term for fxa alerts
|
2017-07-17 13:13:26 -05:00 |
|
generic_alert_loader.conf
|
Modify generic alerts path
|
2017-06-15 15:06:02 -05:00 |
|
generic_alert_loader.py
|
Add alerts to use config files
|
2017-06-15 15:07:42 -05:00 |
|
geomodel.py
|
derive geomodel MozDef alert severity from geomodel severity value
|
2017-06-15 15:06:34 -05:00 |
|
hostScannerAlerts.py
|
Fix incorrect ES field names
|
2017-06-15 15:05:06 -05:00 |
|
httpauthbruteforce.conf
|
Add alerts to use config files
|
2017-06-15 15:07:42 -05:00 |
|
httpauthbruteforce.py
|
Bump severity level in http alerts to warning
|
2017-06-15 15:07:46 -05:00 |
|
httperrors.conf
|
Add alerts to use config files
|
2017-06-15 15:07:42 -05:00 |
|
httperrors.py
|
Bump severity level in http alerts to warning
|
2017-06-15 15:07:46 -05:00 |
|
ldapAdd.py
|
Fix incorrect ES field names
|
2017-06-15 15:05:06 -05:00 |
|
ldapDelete.py
|
Fix incorrect ES field names
|
2017-06-15 15:05:06 -05:00 |
|
ldapGroup.py
|
Fix incorrect ES field names
|
2017-06-15 15:05:06 -05:00 |
|
ldapLockout.py
|
Fixup ldaplockout changepairs fieldname
|
2017-06-15 15:05:07 -05:00 |
|
multiple_intel_hits.py
|
Fix incorrect ES field names
|
2017-06-15 15:05:06 -05:00 |
|
open_port_violation.py
|
Add a pagerduty notification to the open port policy violation alert
|
2017-06-15 15:07:45 -05:00 |
|
promisc_audit.py
|
Fix broken alert unit tests
|
2017-06-15 15:06:31 -05:00 |
|
promisc_kernel.py
|
A rewrite of an alert to make it generic while fetching the correct hostname from details dict
|
2017-06-15 15:06:28 -05:00 |
|
proxy_drop.py
|
Remove pyes from alert filenames
|
2017-06-15 15:03:34 -05:00 |
|
session_opened_sensitive_user.py
|
Small fixups
|
2017-08-22 12:50:38 -07:00 |
|
sqs_queues_deadman.conf
|
Add deadman alert for sqs queues from tag
|
2017-06-15 15:07:29 -05:00 |
|
sqs_queues_deadman.py
|
Add alerts to use config files
|
2017-06-15 15:07:42 -05:00 |
|
ssh_access_signreleng.conf
|
Add complex filter in ssh alert config file
|
2017-07-12 15:44:26 -05:00 |
|
ssh_access_signreleng.py
|
Add complex filter in ssh alert config file
|
2017-07-12 15:44:26 -05:00 |
|
ssh_lateral.json
|
ssh_lateral: add sample config file
|
2017-06-15 15:07:42 -05:00 |
|
ssh_lateral.py
|
ssh_lateral: set level to WARNING
|
2017-06-15 15:17:38 -05:00 |
|
sshbruteforce_bro.conf
|
Add alerts to use config files
|
2017-06-15 15:07:42 -05:00 |
|
sshbruteforce_bro.py
|
Add alerts to use config files
|
2017-06-15 15:07:42 -05:00 |
|
sshioc.py
|
Update TermFilter to TermMatch
|
2017-06-15 15:01:21 -05:00 |
|
ssl_blacklist_hit.py
|
Remove pyes from alert filenames
|
2017-06-15 15:03:34 -05:00 |
|
supervisord.alerts.ini
|
moving supervisord logs to a subdir of /var/log/mozdef/supervisord/
|
2017-06-15 15:07:23 -05:00 |
|
unauth_portscan.conf
|
Add alerts to use config files
|
2017-06-15 15:07:42 -05:00 |
|
unauth_portscan.py
|
Add alerts to use config files
|
2017-06-15 15:07:42 -05:00 |
|
unauth_scan.conf
|
Add alerts to use config files
|
2017-06-15 15:07:42 -05:00 |
|
unauth_scan.py
|
Add alerts to use config files
|
2017-06-15 15:07:42 -05:00 |
|
unauth_ssh.conf
|
Unencrypt config files
|
2017-06-15 15:05:55 -05:00 |
|
unauth_ssh.py
|
Updated PhraseMatch in unauth_ssh.py so that this alert would correctly trigger. Tested. Works.
|
2017-06-15 15:05:43 -05:00 |
|
vpn_duo_auth_failures.py
|
Remove pyes from alert filenames
|
2017-06-15 15:03:34 -05:00 |
6c10f22190