MozDef/alerts
Brandon Myers 9a9054f401
Fixup geomodel location alert
2019-09-06 15:59:25 -05:00
..
actions Update MPL license to https 2019-08-02 01:41:37 +02:00
geomodel Fixup geomodel location alert 2019-09-06 15:59:25 -05:00
lib Fixup last_run_at field for alert schedule 2019-09-04 17:46:03 -05:00
plugins Merge pull request #1410 from mozilla/fix-port-scan-enrich 2019-08-20 14:20:44 -05:00
__init__.py
alert_actions.ini Update missing references to alertactions in syslog configs 2019-03-21 17:36:47 -05:00
alert_actions_worker.conf Rename alert plugins to actions in docker env 2019-03-20 15:25:22 -05:00
alert_actions_worker.py Update MPL license to https 2019-08-02 01:41:37 +02:00
alert_template.template Update MPL license to https 2019-08-02 01:41:37 +02:00
auditd_commands.conf Add alert for generic auditd command 2018-05-24 15:52:11 -05:00
auditd_commands.py Update MPL license to https 2019-08-02 01:41:37 +02:00
auditd_sftp.py Update MPL license to https 2019-08-02 01:41:37 +02:00
bruteforce_ssh.conf
bruteforce_ssh.py Update MPL license to https 2019-08-02 01:41:37 +02:00
bugzilla_auth_bruteforce.conf Naming Convention and Logging Changes. 2017-10-04 15:59:49 -05:00
bugzilla_auth_bruteforce.py Update MPL license to https 2019-08-02 01:41:37 +02:00
cloudtrail_deadman.py Update MPL license to https 2019-08-02 01:41:37 +02:00
cloudtrail_excessive_describe.py Update MPL license to https 2019-08-02 01:41:37 +02:00
cloudtrail_logging_disabled.py Update MPL license to https 2019-08-02 01:41:37 +02:00
cloudtrail_public_bucket.py Update MPL license to https 2019-08-02 01:41:37 +02:00
confluence_shell.py Update MPL license to https 2019-08-02 01:41:37 +02:00
critical_users.json Add an example configuration file 2017-10-24 10:58:54 -07:00
deadman.conf Fixup deadman alert to use hostname field 2018-08-20 16:20:02 -05:00
deadman.py Update MPL license to https 2019-08-02 01:41:37 +02:00
deadman_generic.json Allow search window type to be specified in generic deadman config 2019-02-04 13:20:54 -06:00
deadman_generic.py Update MPL license to https 2019-08-02 01:41:37 +02:00
duo_authfail.conf
duo_authfail.py Update MPL license to https 2019-08-02 01:41:37 +02:00
duo_fail_open.py Update MPL license to https 2019-08-02 01:41:37 +02:00
feedback_events.json Fixup alert and worker for SSO feedback events 2018-04-30 12:43:59 -05:00
feedback_events.py Update MPL license to https 2019-08-02 01:41:37 +02:00
fxa_alerts.py Update MPL license to https 2019-08-02 01:41:37 +02:00
generic_alert_loader.conf
generic_alert_loader.py Update MPL license to https 2019-08-02 01:41:37 +02:00
geomodel_location.json Clean up for the linter etc 2019-08-27 16:17:07 -04:00
geomodel_location.py Fixup geomodel location alert 2019-09-06 15:59:25 -05:00
get_watchlist.conf Add watchlist alert to default docker environment 2019-05-13 10:55:24 -05:00
get_watchlist.py Update MPL license to https 2019-08-02 01:41:37 +02:00
guard_duty_probe.py Update MPL license to https 2019-08-02 01:41:37 +02:00
honeycomb.py Update MPL license to https 2019-08-02 01:41:37 +02:00
http_auth_bruteforce.conf Naming Convention and Logging Changes. 2017-10-04 15:59:49 -05:00
http_auth_bruteforce.py Update MPL license to https 2019-08-02 01:41:37 +02:00
http_errors.conf Naming Convention and Logging Changes. 2017-10-04 15:59:49 -05:00
http_errors.py Update MPL license to https 2019-08-02 01:41:37 +02:00
ldap_add.py Update MPL license to https 2019-08-02 01:41:37 +02:00
ldap_delete.py Update MPL license to https 2019-08-02 01:41:37 +02:00
ldap_group.py Update MPL license to https 2019-08-02 01:41:37 +02:00
ldap_lockout.py Update MPL license to https 2019-08-02 01:41:37 +02:00
ldap_password_spray.conf Move config items to config file 2019-06-06 08:08:54 -04:00
ldap_password_spray.py Add indicator to summary about chomping usernames 2019-08-23 11:40:57 -05:00
multiple_intel_hits.py Update MPL license to https 2019-08-02 01:41:37 +02:00
nsm_scan_address.json The standard alert version of the Address_Scan 2018-11-07 17:33:11 -08:00
nsm_scan_address.py Update MPL license to https 2019-08-02 01:41:37 +02:00
nsm_scan_port.json More cleanups 2019-01-16 16:14:27 -08:00
nsm_scan_port.py Update MPL license to https 2019-08-02 01:41:37 +02:00
nsm_scan_random.json Add an example configuration file 2018-11-20 13:24:46 -08:00
nsm_scan_random.py Update MPL license to https 2019-08-02 01:41:37 +02:00
old_events.py Update MPL license to https 2019-08-02 01:41:37 +02:00
open_port_violation.py Update MPL license to https 2019-08-02 01:41:37 +02:00
promisc_audit.py Update MPL license to https 2019-08-02 01:41:37 +02:00
promisc_kernel.py Update MPL license to https 2019-08-02 01:41:37 +02:00
proxy_drop_executable.conf Add more tests and exception cases for proxy executable drop alert 2018-10-03 10:33:19 -04:00
proxy_drop_executable.py Update MPL license to https 2019-08-02 01:41:37 +02:00
proxy_drop_ip.py Update MPL license to https 2019-08-02 01:41:37 +02:00
proxy_drop_non_standard_port.conf Add example config 2018-10-11 13:50:15 -04:00
proxy_drop_non_standard_port.py Update MPL license to https 2019-08-02 01:41:37 +02:00
proxy_exfil_domains.conf Renaming the config file to reflect the change in alert name 2018-12-05 18:14:53 -05:00
proxy_exfil_domains.py Update MPL license to https 2019-08-02 01:41:37 +02:00
session_opened_sensitive_user.py Update MPL license to https 2019-08-02 01:41:37 +02:00
sqs_queues_deadman.conf
sqs_queues_deadman.py Update MPL license to https 2019-08-02 01:41:37 +02:00
ssh_access.json Remove the extra colon 2019-01-04 11:32:25 -08:00
ssh_access.py Update MPL license to https 2019-08-02 01:41:37 +02:00
ssh_access_signreleng.json Convert ssh access config to json 2018-10-22 19:31:50 -05:00
ssh_access_signreleng.py Update MPL license to https 2019-08-02 01:41:37 +02:00
ssh_bruteforce_bro.conf Naming Convention and Logging Changes. 2017-10-04 15:59:49 -05:00
ssh_bruteforce_bro.py Update MPL license to https 2019-08-02 01:41:37 +02:00
ssh_ioc.py Update MPL license to https 2019-08-02 01:41:37 +02:00
ssh_key.conf Naming Convention and Logging Changes. 2017-10-04 15:59:49 -05:00
ssh_key.py Modify full path config file imports for alerts 2019-08-07 19:53:08 -05:00
ssh_lateral.json
ssh_lateral.py Update MPL license to https 2019-08-02 01:41:37 +02:00
ssh_password_auth_violation.py Update MPL license to https 2019-08-02 01:41:37 +02:00
ssl_blacklist_hit.py Update MPL license to https 2019-08-02 01:41:37 +02:00
supervisord_alerts.ini Readd "Merge pull request #1436 from mozilla/revert-1420-alerts_mongodb_scheduler" 2019-09-04 13:53:41 -05:00
trace_audit.conf Consolidated ptrace/strace events into custom alert aggregated by executing user. 2018-05-07 14:18:06 -05:00
trace_audit.py Update MPL license to https 2019-08-02 01:41:37 +02:00
unauth_ssh.conf
unauth_ssh.py Update MPL license to https 2019-08-02 01:41:37 +02:00
vpn_duo_auth_failures.py Update MPL license to https 2019-08-02 01:41:37 +02:00
write_audit.conf Add user, path and downgrade severity for audit write alert 2018-12-17 15:14:32 -06:00
write_audit.py Update MPL license to https 2019-08-02 01:41:37 +02:00