DEPRECATED - MozDef: Mozilla Enterprise Defense Platform

abandoned elasticsearch elk elk-stack python security siem unmaintained

Перейти к файлу

A Smith a596162905 Merge pull request #694 from mozilla/remove_cif Remove cif from web interface		2018-05-22 11:40:07 -05:00
.github	Update ISSUE_TEMPLATE.md	2017-06-15 15:05:44 -05:00
alerts	Fix spelling error in trace alert	2018-05-22 11:27:11 -05:00
benchmarking	Remove leftover javascript comment line	2018-01-05 12:31:54 -06:00
bot	Update slack bot message text	2018-04-13 00:52:32 -05:00
config	Update nginx config to use off for access log	2018-04-04 10:10:14 -05:00
cron	Add shell script for esCacheMaint cron	2018-05-17 12:30:26 -05:00
docker	Add disable create index and delete index in docker conf	2018-05-02 14:41:11 -05:00
docs	Remove myo integration	2018-04-10 17:29:16 -05:00
examples	Remove extra line after copywrite date	2018-01-04 17:15:35 -06:00
lib	Add logic to handle 0 as float in toUTC	2018-05-17 13:07:28 -05:00
loginput	Remove extra line after copywrite date	2018-01-04 17:15:35 -06:00
meteor	Remove cif from web interface	2018-05-17 13:34:36 -05:00
mq	Convert value to string for cloudtrail plugin	2018-05-08 18:12:34 -05:00
rest	Remove extra line after copywrite date	2018-01-04 17:15:35 -06:00
static	Remove heatmap html page	2017-06-15 15:07:42 -05:00
systemdfiles	Naming Convention and Logging Changes.	2017-10-04 15:59:49 -05:00
tests	Fix spelling error in trace alert	2018-05-22 11:27:11 -05:00
.gitignore	updated dots to underscores	2017-08-25 11:58:31 -05:00
.travis.yml	Increase travis ES version to 5.6.7	2018-03-06 13:19:03 -06:00
CONTRIBUTING.md	Modifying urls to point to mozilla from jeffbryner, slight readability changes.	2017-06-15 15:07:30 -05:00
LICENSE	Updated license file to conform with MPL	2014-02-25 09:55:02 -08:00
Makefile	Add new command for removing tests containers	2018-02-09 13:58:29 -06:00
README.md	[Docs] - Mozilla/MozDef - README.md - changing markdown layout	2018-01-04 11:51:56 -05:00
requirements.txt	Merge pull request #632 from mozilla/elasticsearch_5	2018-04-05 11:31:13 -05:00

README.md

MozDef: The Mozilla Defense Platform

Why?

The inspiration for MozDef comes from the large arsenal of tools available to attackers. Suites like metasploit, armitage, lair, dradis and others are readily available to help attackers coordinate, share intelligence and finely tune their attacks in real time. Defenders are usually limited to wikis, ticketing systems and manual tracking databases attached to the end of a Security Information Event Management (SIEM) system.

The Mozilla Defense Platform (MozDef) seeks to automate the security incident handling process and facilitate the real-time activities of incident handlers.

Goals:

Provide a platform for use by defenders to rapidly discover and respond to security incidents.
Automate interfaces to other systems like bunker, banhammer, mig
Provide metrics for security events and incidents
Facilitate real-time collaboration amongst incident handlers
Facilitate repeatable, predictable processes for incident handling
Go beyond traditional SIEM systems in automating incident handling, information sharing, workflow, metrics and response automation

Status:

MozDef is in production at Mozilla where we are using it to process over 300 million events per day.

DOCS:

http://mozdef.readthedocs.org/en/latest/