Jonathan Claudius 727345f176 Remove LDAP global, LDAP user provides more specific coverage		2019-11-07 10:51:19 -05:00
..
actions	Update MPL license to https	2019-08-02 01:41:37 +02:00
geomodel	Fix distance function doc string	2019-10-15 15:15:15 -04:00
lib	Merge pull request #1462 from mozilla/fixup_duplicates_geomodel	2019-10-03 15:47:43 -05:00
plugins	Remove ipaddr config	2019-09-18 11:33:12 -05:00
__init__.py	averez-147-celery-alerts: more comments in the code	2014-07-15 16:31:21 -07:00
alert_actions.ini	Update missing references to alertactions in syslog configs	2019-03-21 17:36:47 -05:00
alert_actions_worker.conf	Rename alert plugins to actions in docker env	2019-03-20 15:25:22 -05:00
alert_actions_worker.py	Update MPL license to https	2019-08-02 01:41:37 +02:00
alert_template.template	Update MPL license to https	2019-08-02 01:41:37 +02:00
auditd_commands.conf	Add alert for generic auditd command	2018-05-24 15:52:11 -05:00
auditd_commands.py	Update MPL license to https	2019-08-02 01:41:37 +02:00
auditd_sftp.py	Update MPL license to https	2019-08-02 01:41:37 +02:00
aws_privilege_share.json	Add configured InfosecAdmin user to fix tests	2019-10-08 14:55:54 -04:00
aws_privilege_share.py	Sacrifices to the lint gods	2019-09-09 22:37:20 -04:00
bruteforce_ssh.conf	Add alerts to use config files	2017-06-15 15:07:42 -05:00
bruteforce_ssh.py	Update MPL license to https	2019-08-02 01:41:37 +02:00
bugzilla_auth_bruteforce.conf	Naming Convention and Logging Changes.	2017-10-04 15:59:49 -05:00
bugzilla_auth_bruteforce.py	Update MPL license to https	2019-08-02 01:41:37 +02:00
cloudtrail_deadman.py	Update MPL license to https	2019-08-02 01:41:37 +02:00
cloudtrail_excessive_describe.py	Update MPL license to https	2019-08-02 01:41:37 +02:00
cloudtrail_logging_disabled.py	Update MPL license to https	2019-08-02 01:41:37 +02:00
cloudtrail_public_bucket.py	Update MPL license to https	2019-08-02 01:41:37 +02:00
confluence_shell.py	Update MPL license to https	2019-08-02 01:41:37 +02:00
critical_users.json	Add an example configuration file	2017-10-24 10:58:54 -07:00
deadman.conf	Fixup deadman alert to use hostname field	2018-08-20 16:20:02 -05:00
deadman.py	Update MPL license to https	2019-08-02 01:41:37 +02:00
deadman_generic.json	Allow search window type to be specified in generic deadman config	2019-02-04 13:20:54 -06:00
deadman_generic.py	Update MPL license to https	2019-08-02 01:41:37 +02:00
duo_authfail.conf	Add alerts to use config files	2017-06-15 15:07:42 -05:00
duo_authfail.py	Update MPL license to https	2019-08-02 01:41:37 +02:00
duo_fail_open.py	Update MPL license to https	2019-08-02 01:41:37 +02:00
feedback_events.json	Fixup alert and worker for SSO feedback events	2018-04-30 12:43:59 -05:00
feedback_events.py	Update MPL license to https	2019-08-02 01:41:37 +02:00
fxa_alerts.py	Update MPL license to https	2019-08-02 01:41:37 +02:00
generic_alert_loader.conf	Modify generic alerts path	2017-06-15 15:06:02 -05:00
generic_alert_loader.py	Add logic for checking if exceptions need to get exposed in alert tests	2019-09-24 13:47:32 -05:00
geomodel_location.json	Only allow one query to be configured.	2019-10-01 17:29:32 -04:00
geomodel_location.py	Merge conflict resolution	2019-10-29 13:56:18 -04:00
get_watchlist.conf	Add watchlist alert to default docker environment	2019-05-13 10:55:24 -05:00
get_watchlist.py	Update MPL license to https	2019-08-02 01:41:37 +02:00
guard_duty_probe.py	Update MPL license to https	2019-08-02 01:41:37 +02:00
honeycomb.py	Update MPL license to https	2019-08-02 01:41:37 +02:00
http_auth_bruteforce.conf	Naming Convention and Logging Changes.	2017-10-04 15:59:49 -05:00
http_auth_bruteforce.py	Update MPL license to https	2019-08-02 01:41:37 +02:00
http_errors.conf	Naming Convention and Logging Changes.	2017-10-04 15:59:49 -05:00
http_errors.py	Update MPL license to https	2019-08-02 01:41:37 +02:00
ldap_add.py	Update MPL license to https	2019-08-02 01:41:37 +02:00
ldap_bruteforce_user.conf	Rename ldap_bruteforce to ldap_bruteforce_user	2019-10-17 14:36:15 -04:00
ldap_bruteforce_user.py	Configure ldap alerts to set category as bruteforce	2019-10-17 17:00:28 -05:00
ldap_delete.py	Update MPL license to https	2019-08-02 01:41:37 +02:00
ldap_group.py	Update MPL license to https	2019-08-02 01:41:37 +02:00
ldap_lockout.py	Update MPL license to https	2019-08-02 01:41:37 +02:00
multiple_intel_hits.py	Update MPL license to https	2019-08-02 01:41:37 +02:00
nsm_scan_address.json	The standard alert version of the Address_Scan	2018-11-07 17:33:11 -08:00
nsm_scan_address.py	Update MPL license to https	2019-08-02 01:41:37 +02:00
nsm_scan_port.json	More cleanups	2019-01-16 16:14:27 -08:00
nsm_scan_port.py	Update MPL license to https	2019-08-02 01:41:37 +02:00
nsm_scan_random.json	Add an example configuration file	2018-11-20 13:24:46 -08:00
nsm_scan_random.py	Update MPL license to https	2019-08-02 01:41:37 +02:00
old_events.py	Update MPL license to https	2019-08-02 01:41:37 +02:00
open_port_violation.py	Update MPL license to https	2019-08-02 01:41:37 +02:00
promisc_audit.py	Update MPL license to https	2019-08-02 01:41:37 +02:00
promisc_kernel.py	Update MPL license to https	2019-08-02 01:41:37 +02:00
proxy_drop_executable.conf	Add more tests and exception cases for proxy executable drop alert	2018-10-03 10:33:19 -04:00
proxy_drop_executable.py	Update MPL license to https	2019-08-02 01:41:37 +02:00
proxy_drop_ip.conf	Add whitelist to proxy drop ip alert	2019-10-03 14:30:21 -04:00
proxy_drop_ip.py	Add whitelist to proxy drop ip alert	2019-10-03 14:30:21 -04:00
proxy_drop_non_standard_port.conf	Add example config	2018-10-11 13:50:15 -04:00
proxy_drop_non_standard_port.py	Update MPL license to https	2019-08-02 01:41:37 +02:00
proxy_exfil_domains.conf	Renaming the config file to reflect the change in alert name	2018-12-05 18:14:53 -05:00
proxy_exfil_domains.py	Update MPL license to https	2019-08-02 01:41:37 +02:00
sensitiveuser_uid0.json	Implemented new alert	2019-09-05 17:37:40 -04:00
sensitiveuser_uid0.py	Satisfy linter gods	2019-09-09 21:26:35 -04:00
session_opened_sensitive_user.py	Update MPL license to https	2019-08-02 01:41:37 +02:00
sqs_queues_deadman.conf	Add deadman alert for sqs queues from tag	2017-06-15 15:07:29 -05:00
sqs_queues_deadman.py	Update MPL license to https	2019-08-02 01:41:37 +02:00
ssh_access.json	Remove the extra colon	2019-01-04 11:32:25 -08:00
ssh_access.py	Update MPL license to https	2019-08-02 01:41:37 +02:00
ssh_access_signreleng.json	Convert ssh access config to json	2018-10-22 19:31:50 -05:00
ssh_access_signreleng.py	Update MPL license to https	2019-08-02 01:41:37 +02:00
ssh_bruteforce_bro.conf	Naming Convention and Logging Changes.	2017-10-04 15:59:49 -05:00
ssh_bruteforce_bro.py	Update MPL license to https	2019-08-02 01:41:37 +02:00
ssh_ioc.py	Update MPL license to https	2019-08-02 01:41:37 +02:00
ssh_key.conf	Naming Convention and Logging Changes.	2017-10-04 15:59:49 -05:00
ssh_key.py	Modify full path config file imports for alerts	2019-08-07 19:53:08 -05:00
ssh_lateral.json	ssh_lateral: add sample config file	2017-06-15 15:07:42 -05:00
ssh_lateral.py	Update MPL license to https	2019-08-02 01:41:37 +02:00
ssh_password_auth_violation.py	Update MPL license to https	2019-08-02 01:41:37 +02:00
ssl_blacklist_hit.py	Update MPL license to https	2019-08-02 01:41:37 +02:00
supervisord_alerts.ini	Readd "Merge pull request #1436 from mozilla/revert-1420-alerts_mongodb_scheduler"	2019-09-04 13:53:41 -05:00
trace_audit.conf	Consolidated ptrace/strace events into custom alert aggregated by executing user.	2018-05-07 14:18:06 -05:00
trace_audit.py	Update MPL license to https	2019-08-02 01:41:37 +02:00
unauth_ssh.conf	Unencrypt config files	2017-06-15 15:05:55 -05:00
unauth_ssh.py	Update MPL license to https	2019-08-02 01:41:37 +02:00
vpn_duo_auth_failures.py	Update MPL license to https	2019-08-02 01:41:37 +02:00
write_audit.conf	Add user, path and downgrade severity for audit write alert	2018-12-17 15:14:32 -06:00
write_audit.py	Update MPL license to https	2019-08-02 01:41:37 +02:00