DEPRECATED - MozDef: Mozilla Enterprise Defense Platform

abandoned elasticsearch elk elk-stack python security siem unmaintained

Перейти к файлу

Brandon Myers a9e5958248 Merge branch 'master' into move_tests_dependencies		2017-07-12 19:36:15 -05:00
.github	Update ISSUE_TEMPLATE.md	2017-06-15 15:05:44 -05:00
alerts	Add travisci to project and stabalize tests	2017-07-05 16:37:41 -05:00
benchmarking	Remove US/Pacific timezone references	2017-06-15 15:04:51 -05:00
bot	Fix notifymozdefbot logic	2017-06-27 13:18:12 -07:00
config	Add parsys mq worker	2017-06-15 15:07:30 -05:00
cron	Rename conf files	2017-07-07 14:39:28 -04:00
docker	Fixup github references in dockerfile	2017-07-03 12:57:07 -05:00
docs	improvements to dockerfile	2017-07-03 10:19:01 -07:00
examples	Remove unnecessary pyes import	2017-06-21 11:30:51 -05:00
lib	Update files that were diff between two repos	2017-06-15 15:14:57 -05:00
loginput	Replace mq cred defaults for loginput config	2017-07-05 16:38:04 -05:00
meteor	Update files that were diff between two repos	2017-06-15 15:14:57 -05:00
mq	Add travisci to project and stabalize tests	2017-07-05 16:37:41 -05:00
rest	Remove trailing slash in kibana url	2017-07-05 17:10:18 -05:00
static	Remove heatmap html page	2017-06-15 15:07:42 -05:00
systemdfiles	Remove mozilla specific mq worker service files	2017-06-15 15:07:45 -05:00
tests	Move test requirements to tests directory	2017-07-12 19:35:56 -05:00
.gitignore	Adding new mqworkers for fluentd2mozdef from aws infosec services.	2017-06-15 15:06:21 -05:00
.travis.yml	Merge branch 'master' into move_tests_dependencies	2017-07-12 19:36:15 -05:00
CONTRIBUTING.md	Modifying urls to point to mozilla from jeffbryner, slight readability changes.	2017-06-15 15:07:30 -05:00
LICENSE	Updated license file to conform with MPL	2014-02-25 09:55:02 -08:00
README.md	Fix travisci badge references	2017-07-05 16:37:54 -05:00
analyze_code.sh	averez-22-license: Fix license stuff (Closes #22 )	2014-04-16 11:40:15 -07:00
requirements.txt	Bump pytx version and update compromisedCreds cron	2017-06-15 15:06:32 -05:00

README.md

MozDef: The Mozilla Defense Platform

Why?

The inspiration for MozDef comes from the large arsenal of tools available to attackers. Suites like metasploit, armitage, lair, dradis and others are readily available to help attackers coordinate, share intelligence and finely tune their attacks in real time. Defenders are usually limited to wikis, ticketing systems and manual tracking databases attached to the end of a Security Information Event Management (SIEM) system.

The Mozilla Defense Platform (MozDef) seeks to automate the security incident handling process and facilitate the real-time activities of incident handlers.

Goals:

Provide a platform for use by defenders to rapidly discover and respond to security incidents.
Automate interfaces to other systems like bunker, banhammer, mig
Provide metrics for security events and incidents
Facilitate real-time collaboration amongst incident handlers
Facilitate repeatable, predictable processes for incident handling
Go beyond traditional SIEM systems in automating incident handling, information sharing, workflow, metrics and response automation

Status:

MozDef is in production at Mozilla where we are using it to process over 300 million events per day.

DOCS:

http://mozdef.readthedocs.org/en/latest/