| .. |
|
lib
|
Merge pull request #931 from mozilla/add_hostname_ssh_lateral
|
2018-11-19 15:39:23 -08:00 |
|
plugins
|
Resolve E126 continuation of over-indented lines
|
2018-10-31 17:17:49 -05:00 |
|
__init__.py
|
averez-147-celery-alerts: more comments in the code
|
2014-07-15 16:31:21 -07:00 |
|
alert_plugins.ini
|
Update ini files to use new virtualenv path
|
2018-04-20 13:23:36 -05:00 |
|
alert_template.template
|
Update alert and test template
|
2018-10-31 14:11:31 -05:00 |
|
alert_worker.conf
|
Naming Convention and Logging Changes.
|
2017-10-04 15:59:49 -05:00 |
|
alert_worker.py
|
Resolve E127 continuation line over indented
|
2018-10-31 17:30:18 -05:00 |
|
auditd_commands.conf
|
Add alert for generic auditd command
|
2018-05-24 15:52:11 -05:00 |
|
auditd_commands.py
|
Fixed the rest of the imports
|
2018-10-16 15:33:58 -07:00 |
|
auditd_sftp.py
|
Caught a couple more broken imports
|
2018-10-16 15:43:03 -07:00 |
|
bruteforce_ssh.conf
|
Add alerts to use config files
|
2017-06-15 15:07:42 -05:00 |
|
bruteforce_ssh.py
|
Fixed the rest of the imports
|
2018-10-16 15:33:58 -07:00 |
|
bugzilla_auth_bruteforce.conf
|
Naming Convention and Logging Changes.
|
2017-10-04 15:59:49 -05:00 |
|
bugzilla_auth_bruteforce.py
|
Fixed the rest of the imports
|
2018-10-16 15:33:58 -07:00 |
|
celeryconfig.py
|
Resolve E126 continuation of over-indented lines
|
2018-10-31 17:17:49 -05:00 |
|
cloudtrail_deadman.py
|
Fixed the rest of the imports
|
2018-10-16 15:33:58 -07:00 |
|
cloudtrail_logging_disabled.py
|
Fixed the rest of the imports
|
2018-10-16 15:33:58 -07:00 |
|
confluence_shell.py
|
Fixed the rest of the imports
|
2018-10-16 15:33:58 -07:00 |
|
critical_users.json
|
Add an example configuration file
|
2017-10-24 10:58:54 -07:00 |
|
deadman.conf
|
Fixup deadman alert to use hostname field
|
2018-08-20 16:20:02 -05:00 |
|
deadman.py
|
Fixed the rest of the imports
|
2018-10-16 15:33:58 -07:00 |
|
duo_authfail.conf
|
Add alerts to use config files
|
2017-06-15 15:07:42 -05:00 |
|
duo_authfail.py
|
Fixed the rest of the imports
|
2018-10-16 15:33:58 -07:00 |
|
duo_fail_open.py
|
Fixed the rest of the imports
|
2018-10-16 15:33:58 -07:00 |
|
feedback_events.json
|
Fixup alert and worker for SSO feedback events
|
2018-04-30 12:43:59 -05:00 |
|
feedback_events.py
|
Fixed the rest of the imports
|
2018-10-16 15:33:58 -07:00 |
|
fxa_alerts.py
|
Fixed the rest of the imports
|
2018-10-16 15:33:58 -07:00 |
|
generic_alert_loader.conf
|
Modify generic alerts path
|
2017-06-15 15:06:02 -05:00 |
|
generic_alert_loader.py
|
Unique hostnames for generic alert summary
|
2018-11-07 23:53:12 -06:00 |
|
geomodel.conf
|
Add url to geomodel alert
|
2017-12-05 15:41:43 -06:00 |
|
geomodel.py
|
Fixed the rest of the imports
|
2018-10-16 15:33:58 -07:00 |
|
guard_duty_probe.py
|
add guardduty probe alert
|
2018-11-23 11:52:07 -08:00 |
|
honeycomb.py
|
Resolve E126 continuation of over-indented lines
|
2018-10-31 17:17:49 -05:00 |
|
http_auth_bruteforce.conf
|
Naming Convention and Logging Changes.
|
2017-10-04 15:59:49 -05:00 |
|
http_auth_bruteforce.py
|
Fixed the rest of the imports
|
2018-10-16 15:33:58 -07:00 |
|
http_errors.conf
|
Naming Convention and Logging Changes.
|
2017-10-04 15:59:49 -05:00 |
|
http_errors.py
|
Fixed the rest of the imports
|
2018-10-16 15:33:58 -07:00 |
|
ldap_add.py
|
Fixed the rest of the imports
|
2018-10-16 15:33:58 -07:00 |
|
ldap_delete.py
|
Fixed the rest of the imports
|
2018-10-16 15:33:58 -07:00 |
|
ldap_group.py
|
Fixed the rest of the imports
|
2018-10-16 15:33:58 -07:00 |
|
ldap_lockout.py
|
Fixed the rest of the imports
|
2018-10-16 15:33:58 -07:00 |
|
multiple_intel_hits.py
|
Resolve E125 continuation line with same indent
|
2018-10-31 18:13:34 -05:00 |
|
old_events.py
|
Fixed the rest of the imports
|
2018-10-16 15:33:58 -07:00 |
|
open_port_violation.py
|
Fixed the rest of the imports
|
2018-10-16 15:33:58 -07:00 |
|
promisc_audit.py
|
Fixed the rest of the imports
|
2018-10-16 15:33:58 -07:00 |
|
promisc_kernel.py
|
Fixed the rest of the imports
|
2018-10-16 15:33:58 -07:00 |
|
proxy_drop_executable.conf
|
Add more tests and exception cases for proxy executable drop alert
|
2018-10-03 10:33:19 -04:00 |
|
proxy_drop_executable.py
|
Fixed the rest of the imports
|
2018-10-16 15:33:58 -07:00 |
|
proxy_drop_exfil_domains.conf
|
Updating the config file
|
2018-11-06 12:29:12 +11:00 |
|
proxy_drop_exfil_domains.py
|
Update to improve and fix a typo
|
2018-11-01 20:02:14 +11:00 |
|
proxy_drop_ip.py
|
Remove boilerplate comments
|
2018-10-30 10:03:37 -04:00 |
|
proxy_drop_non_standard_port.conf
|
Add example config
|
2018-10-11 13:50:15 -04:00 |
|
proxy_drop_non_standard_port.py
|
Resolve E114 indentation not a multiple of four
|
2018-10-30 17:51:54 -05:00 |
|
session_opened_sensitive_user.py
|
Fixed the rest of the imports
|
2018-10-16 15:33:58 -07:00 |
|
sqs_queues_deadman.conf
|
Add deadman alert for sqs queues from tag
|
2017-06-15 15:07:29 -05:00 |
|
sqs_queues_deadman.py
|
Fixed the rest of the imports
|
2018-10-16 15:33:58 -07:00 |
|
ssh_access_signreleng.json
|
Convert ssh access config to json
|
2018-10-22 19:31:50 -05:00 |
|
ssh_access_signreleng.py
|
Convert ssh access config to json
|
2018-10-22 19:31:50 -05:00 |
|
ssh_bruteforce_bro.conf
|
Naming Convention and Logging Changes.
|
2017-10-04 15:59:49 -05:00 |
|
ssh_bruteforce_bro.py
|
Fixed the rest of the imports
|
2018-10-16 15:33:58 -07:00 |
|
ssh_ioc.py
|
Fixed the rest of the imports
|
2018-10-16 15:33:58 -07:00 |
|
ssh_key.conf
|
Naming Convention and Logging Changes.
|
2017-10-04 15:59:49 -05:00 |
|
ssh_key.py
|
Resolve E126 continuation of over-indented lines
|
2018-10-31 17:17:49 -05:00 |
|
ssh_lateral.json
|
ssh_lateral: add sample config file
|
2017-06-15 15:07:42 -05:00 |
|
ssh_lateral.py
|
Add function to append hostname to ip for ssh lateral alert
|
2018-11-05 13:04:01 -06:00 |
|
ssh_password_auth_violation.py
|
Fixed the rest of the imports
|
2018-10-16 15:33:58 -07:00 |
|
ssl_blacklist_hit.py
|
Fixed the rest of the imports
|
2018-10-16 15:33:58 -07:00 |
|
supervisord_alerts.ini
|
Naming Convention and Logging Changes.
|
2017-10-04 15:59:49 -05:00 |
|
trace_audit.conf
|
Consolidated ptrace/strace events into custom alert aggregated by executing user.
|
2018-05-07 14:18:06 -05:00 |
|
trace_audit.py
|
Fixed the rest of the imports
|
2018-10-16 15:33:58 -07:00 |
|
unauth_ssh.conf
|
Unencrypt config files
|
2017-06-15 15:05:55 -05:00 |
|
unauth_ssh.py
|
Fixed the rest of the imports
|
2018-10-16 15:33:58 -07:00 |
|
vpn_duo_auth_failures.py
|
Fixed the rest of the imports
|
2018-10-16 15:33:58 -07:00 |
|
write_audit.conf
|
placeholder vars
|
2018-05-01 18:05:23 -05:00 |
|
write_audit.py
|
Fixed the rest of the imports
|
2018-10-16 15:33:58 -07:00 |
a27d38b17e