.. |
actions
|
Update MPL license to https
|
2019-08-02 01:41:37 +02:00 |
geomodel
|
Fixup geomodel location alert
|
2019-09-06 15:59:25 -05:00 |
lib
|
Fixup last_run_at field for alert schedule
|
2019-09-04 17:46:03 -05:00 |
plugins
|
Merge pull request #1410 from mozilla/fix-port-scan-enrich
|
2019-08-20 14:20:44 -05:00 |
__init__.py
|
…
|
|
alert_actions.ini
|
Update missing references to alertactions in syslog configs
|
2019-03-21 17:36:47 -05:00 |
alert_actions_worker.conf
|
Rename alert plugins to actions in docker env
|
2019-03-20 15:25:22 -05:00 |
alert_actions_worker.py
|
Update MPL license to https
|
2019-08-02 01:41:37 +02:00 |
alert_template.template
|
Update MPL license to https
|
2019-08-02 01:41:37 +02:00 |
auditd_commands.conf
|
Add alert for generic auditd command
|
2018-05-24 15:52:11 -05:00 |
auditd_commands.py
|
Update MPL license to https
|
2019-08-02 01:41:37 +02:00 |
auditd_sftp.py
|
Update MPL license to https
|
2019-08-02 01:41:37 +02:00 |
bruteforce_ssh.conf
|
…
|
|
bruteforce_ssh.py
|
Update MPL license to https
|
2019-08-02 01:41:37 +02:00 |
bugzilla_auth_bruteforce.conf
|
Naming Convention and Logging Changes.
|
2017-10-04 15:59:49 -05:00 |
bugzilla_auth_bruteforce.py
|
Update MPL license to https
|
2019-08-02 01:41:37 +02:00 |
cloudtrail_deadman.py
|
Update MPL license to https
|
2019-08-02 01:41:37 +02:00 |
cloudtrail_excessive_describe.py
|
Update MPL license to https
|
2019-08-02 01:41:37 +02:00 |
cloudtrail_logging_disabled.py
|
Update MPL license to https
|
2019-08-02 01:41:37 +02:00 |
cloudtrail_public_bucket.py
|
Update MPL license to https
|
2019-08-02 01:41:37 +02:00 |
confluence_shell.py
|
Update MPL license to https
|
2019-08-02 01:41:37 +02:00 |
critical_users.json
|
Add an example configuration file
|
2017-10-24 10:58:54 -07:00 |
deadman.conf
|
Fixup deadman alert to use hostname field
|
2018-08-20 16:20:02 -05:00 |
deadman.py
|
Update MPL license to https
|
2019-08-02 01:41:37 +02:00 |
deadman_generic.json
|
Allow search window type to be specified in generic deadman config
|
2019-02-04 13:20:54 -06:00 |
deadman_generic.py
|
Update MPL license to https
|
2019-08-02 01:41:37 +02:00 |
duo_authfail.conf
|
…
|
|
duo_authfail.py
|
Update MPL license to https
|
2019-08-02 01:41:37 +02:00 |
duo_fail_open.py
|
Update MPL license to https
|
2019-08-02 01:41:37 +02:00 |
feedback_events.json
|
Fixup alert and worker for SSO feedback events
|
2018-04-30 12:43:59 -05:00 |
feedback_events.py
|
Update MPL license to https
|
2019-08-02 01:41:37 +02:00 |
fxa_alerts.py
|
Update MPL license to https
|
2019-08-02 01:41:37 +02:00 |
generic_alert_loader.conf
|
…
|
|
generic_alert_loader.py
|
Update MPL license to https
|
2019-08-02 01:41:37 +02:00 |
geomodel_location.json
|
Clean up for the linter etc
|
2019-08-27 16:17:07 -04:00 |
geomodel_location.py
|
Fixup geomodel location alert
|
2019-09-06 15:59:25 -05:00 |
get_watchlist.conf
|
Add watchlist alert to default docker environment
|
2019-05-13 10:55:24 -05:00 |
get_watchlist.py
|
Update MPL license to https
|
2019-08-02 01:41:37 +02:00 |
guard_duty_probe.py
|
Update MPL license to https
|
2019-08-02 01:41:37 +02:00 |
honeycomb.py
|
Update MPL license to https
|
2019-08-02 01:41:37 +02:00 |
http_auth_bruteforce.conf
|
Naming Convention and Logging Changes.
|
2017-10-04 15:59:49 -05:00 |
http_auth_bruteforce.py
|
Update MPL license to https
|
2019-08-02 01:41:37 +02:00 |
http_errors.conf
|
Naming Convention and Logging Changes.
|
2017-10-04 15:59:49 -05:00 |
http_errors.py
|
Update MPL license to https
|
2019-08-02 01:41:37 +02:00 |
ldap_add.py
|
Update MPL license to https
|
2019-08-02 01:41:37 +02:00 |
ldap_delete.py
|
Update MPL license to https
|
2019-08-02 01:41:37 +02:00 |
ldap_group.py
|
Update MPL license to https
|
2019-08-02 01:41:37 +02:00 |
ldap_lockout.py
|
Update MPL license to https
|
2019-08-02 01:41:37 +02:00 |
ldap_password_spray.conf
|
Move config items to config file
|
2019-06-06 08:08:54 -04:00 |
ldap_password_spray.py
|
Add indicator to summary about chomping usernames
|
2019-08-23 11:40:57 -05:00 |
multiple_intel_hits.py
|
Update MPL license to https
|
2019-08-02 01:41:37 +02:00 |
nsm_scan_address.json
|
The standard alert version of the Address_Scan
|
2018-11-07 17:33:11 -08:00 |
nsm_scan_address.py
|
Update MPL license to https
|
2019-08-02 01:41:37 +02:00 |
nsm_scan_port.json
|
More cleanups
|
2019-01-16 16:14:27 -08:00 |
nsm_scan_port.py
|
Update MPL license to https
|
2019-08-02 01:41:37 +02:00 |
nsm_scan_random.json
|
Add an example configuration file
|
2018-11-20 13:24:46 -08:00 |
nsm_scan_random.py
|
Update MPL license to https
|
2019-08-02 01:41:37 +02:00 |
old_events.py
|
Update MPL license to https
|
2019-08-02 01:41:37 +02:00 |
open_port_violation.py
|
Update MPL license to https
|
2019-08-02 01:41:37 +02:00 |
promisc_audit.py
|
Update MPL license to https
|
2019-08-02 01:41:37 +02:00 |
promisc_kernel.py
|
Update MPL license to https
|
2019-08-02 01:41:37 +02:00 |
proxy_drop_executable.conf
|
Add more tests and exception cases for proxy executable drop alert
|
2018-10-03 10:33:19 -04:00 |
proxy_drop_executable.py
|
Update MPL license to https
|
2019-08-02 01:41:37 +02:00 |
proxy_drop_ip.py
|
Update MPL license to https
|
2019-08-02 01:41:37 +02:00 |
proxy_drop_non_standard_port.conf
|
Add example config
|
2018-10-11 13:50:15 -04:00 |
proxy_drop_non_standard_port.py
|
Update MPL license to https
|
2019-08-02 01:41:37 +02:00 |
proxy_exfil_domains.conf
|
Renaming the config file to reflect the change in alert name
|
2018-12-05 18:14:53 -05:00 |
proxy_exfil_domains.py
|
Update MPL license to https
|
2019-08-02 01:41:37 +02:00 |
session_opened_sensitive_user.py
|
Update MPL license to https
|
2019-08-02 01:41:37 +02:00 |
sqs_queues_deadman.conf
|
…
|
|
sqs_queues_deadman.py
|
Update MPL license to https
|
2019-08-02 01:41:37 +02:00 |
ssh_access.json
|
Remove the extra colon
|
2019-01-04 11:32:25 -08:00 |
ssh_access.py
|
Update MPL license to https
|
2019-08-02 01:41:37 +02:00 |
ssh_access_signreleng.json
|
Convert ssh access config to json
|
2018-10-22 19:31:50 -05:00 |
ssh_access_signreleng.py
|
Update MPL license to https
|
2019-08-02 01:41:37 +02:00 |
ssh_bruteforce_bro.conf
|
Naming Convention and Logging Changes.
|
2017-10-04 15:59:49 -05:00 |
ssh_bruteforce_bro.py
|
Update MPL license to https
|
2019-08-02 01:41:37 +02:00 |
ssh_ioc.py
|
Update MPL license to https
|
2019-08-02 01:41:37 +02:00 |
ssh_key.conf
|
Naming Convention and Logging Changes.
|
2017-10-04 15:59:49 -05:00 |
ssh_key.py
|
Modify full path config file imports for alerts
|
2019-08-07 19:53:08 -05:00 |
ssh_lateral.json
|
…
|
|
ssh_lateral.py
|
Update MPL license to https
|
2019-08-02 01:41:37 +02:00 |
ssh_password_auth_violation.py
|
Update MPL license to https
|
2019-08-02 01:41:37 +02:00 |
ssl_blacklist_hit.py
|
Update MPL license to https
|
2019-08-02 01:41:37 +02:00 |
supervisord_alerts.ini
|
Readd "Merge pull request #1436 from mozilla/revert-1420-alerts_mongodb_scheduler"
|
2019-09-04 13:53:41 -05:00 |
trace_audit.conf
|
Consolidated ptrace/strace events into custom alert aggregated by executing user.
|
2018-05-07 14:18:06 -05:00 |
trace_audit.py
|
Update MPL license to https
|
2019-08-02 01:41:37 +02:00 |
unauth_ssh.conf
|
…
|
|
unauth_ssh.py
|
Update MPL license to https
|
2019-08-02 01:41:37 +02:00 |
vpn_duo_auth_failures.py
|
Update MPL license to https
|
2019-08-02 01:41:37 +02:00 |
write_audit.conf
|
Add user, path and downgrade severity for audit write alert
|
2018-12-17 15:14:32 -06:00 |
write_audit.py
|
Update MPL license to https
|
2019-08-02 01:41:37 +02:00 |