mozilla
/
MozDef
зеркало из https://github.com/mozilla/MozDef.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
MozDef/alerts
История
Brandon Myers b8399efbc2
Change config name in generic alerts 
Signed-off-by: Brandon Myers <bmyers@mozilla.com>
 		2017-06-15 15:06:21 -05:00
..
lib Generic alert loader 2017-06-15 15:06:01 -05:00
plugins Default to dict even if not dict is present in a config file 2017-06-15 15:06:20 -05:00
__init__.py averez-147-celery-alerts: more comments in the code 2014-07-15 16:31:21 -07:00
alertPlugins.ini adding alertPlugins restructured ini and mozdefalerts systemd.service. 2017-06-15 15:04:54 -05:00
alertWorker.conf Unencrypt config files 2017-06-15 15:05:55 -05:00
alertWorker.py add alert plug in system, closes #162 2015-03-22 20:15:17 -07:00
amoFailedLogins.py Fix incorrect ES field names 2017-06-15 15:05:06 -05:00
auditd_sftp.py Remove pyes from alert filenames 2017-06-15 15:03:34 -05:00
bruteforce_ssh.py Bruteforce ssh fixes 2017-06-15 15:06:19 -05:00
bugzillaauthbruteforce.py Remove pyes from alert filenames 2017-06-15 15:03:34 -05:00
celeryconfig.py add deadman alerts, refactor celeryconfig to allow args/kwargs, closes #257 2015-03-20 12:51:31 -07:00
cloudtrail_deadman.py Add cloudtrail new alerts 2017-06-15 15:06:17 -05:00
cloudtrail_delete_bucket.py Fix timestamp related issues in tests 2017-06-15 15:03:22 -05:00
cloudtrail_logging_disabled.py Add cloudtrail new alerts 2017-06-15 15:06:17 -05:00
cloudtrail_new_vpn.py Add cloudtrail couple alerts 2017-06-15 15:02:12 -05:00
confluence_shell.py Revert confluence shell fieldname 2017-06-15 15:05:07 -05:00
correlated_alerts.py Add missing files from prod 2017-06-15 15:03:43 -05:00
critical_hosts.json Use example hostnames, provide a configuration file 2017-06-15 15:06:03 -05:00
deadman.py Remove fake event generation in deadman alert 2017-06-15 15:06:15 -05:00
duo_authfail.py Add more tags to match on to the duo fraud alert 2017-06-15 15:06:20 -05:00
duo_fail_open.py Update formatting weirdness in alerts 2017-06-15 15:02:48 -05:00
fxaAlerts.py Fix fxaAlert function call 2017-06-15 15:05:35 -05:00
generic_alert_loader.conf Modify generic alerts path 2017-06-15 15:06:02 -05:00
generic_alert_loader.py Change config name in generic alerts 2017-06-15 15:06:21 -05:00
geomodel.py Update TermFilter to TermMatch 2017-06-15 15:01:21 -05:00
hostScannerAlerts.py Fix incorrect ES field names 2017-06-15 15:05:06 -05:00
httpauthbruteforce.py Remove pyes from alert filenames 2017-06-15 15:03:34 -05:00
httperrors.py Remove pyes from alert filenames 2017-06-15 15:03:34 -05:00
ldapAdd.py Fix incorrect ES field names 2017-06-15 15:05:06 -05:00
ldapDelete.py Fix incorrect ES field names 2017-06-15 15:05:06 -05:00
ldapGroup.py Fix incorrect ES field names 2017-06-15 15:05:06 -05:00
ldapLockout.py Fixup ldaplockout changepairs fieldname 2017-06-15 15:05:07 -05:00
multiple_intel_hits.py Fix incorrect ES field names 2017-06-15 15:05:06 -05:00
open_port_violation.py Add open port alert to config 2017-06-15 15:05:35 -05:00
promisc_audit.py Change the level of all alerts to WARNING 2017-06-15 15:06:14 -05:00
promisc_kernel.py Change the level of all alerts to WARNING 2017-06-15 15:06:14 -05:00
proxy_drop.py Remove pyes from alert filenames 2017-06-15 15:03:34 -05:00
session_opened_critical.py Change the level of all alerts to WARNING 2017-06-15 15:06:14 -05:00
ssh_access_signreleng.conf Update ssh_releng config hostfilter 2017-06-15 15:03:43 -05:00
ssh_access_signreleng.py Fix up remaining pyes comments 2017-06-15 15:03:34 -05:00
ssh_fail_critical.py Change the level of all alerts to WARNING 2017-06-15 15:06:14 -05:00
sshbruteforce_bro.py Remove pyes from alert filenames 2017-06-15 15:03:34 -05:00
sshioc.py Update TermFilter to TermMatch 2017-06-15 15:01:21 -05:00
ssl_blacklist_hit.py Remove pyes from alert filenames 2017-06-15 15:03:34 -05:00
supervisord.alerts.ini Changing naming convention of supervisord.alerts.conf to an ini. This file contains no secrets and an ini is more inline with how this file operates. 2017-06-15 15:05:35 -05:00
unauth_portscan.py Use the details.indicators field to look for the scan source. 2017-06-15 15:05:33 -05:00
unauth_scan.py Match only records where details.indicators exists 2017-06-15 15:05:34 -05:00
unauth_ssh.conf Unencrypt config files 2017-06-15 15:05:55 -05:00
unauth_ssh.py Updated PhraseMatch in unauth_ssh.py so that this alert would correctly trigger. Tested. Works. 2017-06-15 15:05:43 -05:00
vpn_duo_auth_failures.py Remove pyes from alert filenames 2017-06-15 15:03:34 -05:00