MozDef/alerts
Brandon Myers 1a0b5afb25
Update ssh releng alert to take new event format into consideration (#1719)
2021-06-10 12:08:27 -05:00
..
actions removes sso-dashboard-feedback (#1615) 2020-05-06 14:00:34 -05:00
geomodel Set geomodel alert severity to be configurable (#1675) 2020-09-09 11:34:21 -05:00
lib Add notify mozdefbot for generic_alerts (#1654) 2020-07-06 16:57:00 -05:00
plugins Add username via auth0 plugin (#1708) 2021-03-16 10:35:26 -05:00
__init__.py
alert_actions.ini
alert_actions_worker.conf
alert_actions_worker.py Update MPL license to https 2019-08-02 01:41:37 +02:00
alert_template.template Update MPL license to https 2019-08-02 01:41:37 +02:00
auditd_sftp.py Update MPL license to https 2019-08-02 01:41:37 +02:00
auth0_bruteforce_user.conf Add v0.1 of Auth0 username/password bruteforce alert (#1681) 2020-09-11 14:24:06 -05:00
auth0_bruteforce_user.py Add v0.1 of Auth0 username/password bruteforce alert (#1681) 2020-09-11 14:24:06 -05:00
auth0_vertical_password_guessing.conf Add Auth- vertical password guessing alert (#1683) 2020-09-11 14:26:07 -05:00
auth0_vertical_password_guessing.py Add more specific context to vertical auth0 alert (#1685) 2020-09-16 12:06:54 -05:00
bruteforce_ssh.conf
bruteforce_ssh.py Update MPL license to https 2019-08-02 01:41:37 +02:00
bugzilla_auth_bruteforce.conf
bugzilla_auth_bruteforce.py Update MPL license to https 2019-08-02 01:41:37 +02:00
cloudtrail_logging_disabled.py Remove specific pagerduty tags from alerts 2020-03-19 14:05:14 -05:00
critical_users.json
deadman.conf Move severity for some alerts into config 2020-03-25 13:07:36 -05:00
deadman.py Move severity for some alerts into config 2020-03-25 13:07:36 -05:00
deadman_generic.json Add custom tags to deadman generic alert 2020-04-01 13:01:44 -05:00
deadman_generic.py Add custom tags to deadman generic alert 2020-04-01 13:01:44 -05:00
duo_authfail.conf
duo_authfail.py Remove specific pagerduty tags from alerts 2020-03-19 14:05:14 -05:00
duo_fail_open.py Update MPL license to https 2019-08-02 01:41:37 +02:00
generic_alert_loader.conf
generic_alert_loader.py Add notify mozdefbot for generic_alerts (#1654) 2020-07-06 16:57:00 -05:00
geomodel_location.json Set geomodel alert severity to be configurable (#1675) 2020-09-09 11:34:21 -05:00
geomodel_location.py Set geomodel alert severity to be configurable (#1675) 2020-09-09 11:34:21 -05:00
get_watchlist.conf Add watchlist alert to default docker environment 2019-05-13 10:55:24 -05:00
get_watchlist.py Update MPL license to https 2019-08-02 01:41:37 +02:00
guard_duty_probe.py Update MPL license to https 2019-08-02 01:41:37 +02:00
http_auth_bruteforce.conf
http_auth_bruteforce.py Update MPL license to https 2019-08-02 01:41:37 +02:00
http_errors.conf Move severity for some alerts into config 2020-03-25 13:07:36 -05:00
http_errors.py Move severity for some alerts into config 2020-03-25 13:07:36 -05:00
ldap_add.py adding negative match for informational events, and adding unit tests (#1611) 2020-04-23 15:07:36 -05:00
ldap_bruteforce_user.conf Rename ldap_bruteforce to ldap_bruteforce_user 2019-10-17 14:36:15 -04:00
ldap_bruteforce_user.py Configure ldap alerts to set category as bruteforce 2019-10-17 17:00:28 -05:00
ldap_delete.py adding negative match for informational events, and adding unit tests (#1611) 2020-04-23 15:07:36 -05:00
ldap_group.py Have the ldap_group alert aggregate on details.email (#1642) 2020-06-24 10:41:08 -05:00
ldap_lockout.py Update MPL license to https 2019-08-02 01:41:37 +02:00
multiple_intel_hits.py Update MPL license to https 2019-08-02 01:41:37 +02:00
nsm_scan_address.json
nsm_scan_address.py Update MPL license to https 2019-08-02 01:41:37 +02:00
nsm_scan_port.json
nsm_scan_port.py Update MPL license to https 2019-08-02 01:41:37 +02:00
nsm_scan_random.json
nsm_scan_random.py Update MPL license to https 2019-08-02 01:41:37 +02:00
old_events.py Update MPL license to https 2019-08-02 01:41:37 +02:00
promisc_audit.py Update MPL license to https 2019-08-02 01:41:37 +02:00
promisc_kernel.py Update MPL license to https 2019-08-02 01:41:37 +02:00
proxy_drop_executable.conf
proxy_drop_executable.py Remove Boilerplate comments (#1693) 2020-12-03 14:27:46 -06:00
proxy_drop_ip.conf Add whitelist to proxy drop ip alert 2019-10-03 14:30:21 -04:00
proxy_drop_ip.py Add whitelist to proxy drop ip alert 2019-10-03 14:30:21 -04:00
proxy_drop_non_standard_port.conf
proxy_drop_non_standard_port.py Update MPL license to https 2019-08-02 01:41:37 +02:00
proxy_exfil_domains.conf
proxy_exfil_domains.py Update summary of proxy exfil domain alert 2020-04-08 13:32:07 -05:00
session_opened_sensitive_user.py Update MPL license to https 2019-08-02 01:41:37 +02:00
ssh_access.json
ssh_access.py Update MPL license to https 2019-08-02 01:41:37 +02:00
ssh_access_signreleng.json Rename ircchannel to channel (#1652) 2020-07-06 12:57:02 -05:00
ssh_access_signreleng.py Update ssh releng alert to take new event format into consideration (#1719) 2021-06-10 12:08:27 -05:00
ssh_bruteforce_bro.conf
ssh_bruteforce_bro.py Update MPL license to https 2019-08-02 01:41:37 +02:00
ssh_lateral.json
ssh_lateral.py Update MPL license to https 2019-08-02 01:41:37 +02:00
ssl_blacklist_hit.py Update MPL license to https 2019-08-02 01:41:37 +02:00
supervisord_alerts.ini Readd "Merge pull request #1436 from mozilla/revert-1420-alerts_mongodb_scheduler" 2019-09-04 13:53:41 -05:00
trace_audit.conf
trace_audit.py Update MPL license to https 2019-08-02 01:41:37 +02:00
triagebot_escalation.conf adding new triagebot escalation alert (#1666) 2020-07-29 14:39:06 -05:00
triagebot_escalation.py changing specific tag to encompass all triagebot escalations (#1668) 2020-07-30 12:24:54 -07:00
vpn_duo_auth_failures.py Update MPL license to https 2019-08-02 01:41:37 +02:00
write_audit.conf
write_audit.py Update MPL license to https 2019-08-02 01:41:37 +02:00