mozilla
/
MozDef
зеркало из https://github.com/mozilla/MozDef.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
MozDef/alerts
История
Brandon Myers 333234ae9a
Remove example alert plugin 
Signed-off-by: Brandon Myers <bmyers@mozilla.com>
 		2017-06-15 15:06:31 -05:00
..
lib Improve alert unit tests 2017-06-15 15:06:24 -05:00
plugins Remove example alert plugin 2017-06-15 15:06:31 -05:00
__init__.py averez-147-celery-alerts: more comments in the code 2014-07-15 16:31:21 -07:00
alertPlugins.ini adding alertPlugins restructured ini and mozdefalerts systemd.service. 2017-06-15 15:04:54 -05:00
alertWorker.conf Unencrypt config files 2017-06-15 15:05:55 -05:00
alertWorker.py Add logger statement in alert plugins 2017-06-15 15:06:22 -05:00
amoFailedLogins.py Fix incorrect ES field names 2017-06-15 15:05:06 -05:00
auditd_sftp.py Remove pyes from alert filenames 2017-06-15 15:03:34 -05:00
bruteforce_ssh.py Add pentest server to ssh whitelist 2017-06-15 15:06:21 -05:00
bugzillaauthbruteforce.py Remove pyes from alert filenames 2017-06-15 15:03:34 -05:00
celeryconfig.py Improve alert unit tests 2017-06-15 15:06:24 -05:00
cloudtrail_deadman.py Add cloudtrail new alerts 2017-06-15 15:06:17 -05:00
cloudtrail_delete_bucket.py Fix timestamp related issues in tests 2017-06-15 15:03:22 -05:00
cloudtrail_logging_disabled.py Add cloudtrail new alerts 2017-06-15 15:06:17 -05:00
cloudtrail_new_vpn.py Add cloudtrail couple alerts 2017-06-15 15:02:12 -05:00
confluence_shell.py Revert confluence shell fieldname 2017-06-15 15:05:07 -05:00
correlated_alerts.py Add missing files from prod 2017-06-15 15:03:43 -05:00
critical_hosts.json Use example hostnames, provide a configuration file 2017-06-15 15:06:03 -05:00
deadman.py Remove fake event generation in deadman alert 2017-06-15 15:06:15 -05:00
duo_authfail.py Make the time window in which the duo_authfail alert looks for events several times longer than the duo cron job period 2017-06-15 15:06:21 -05:00
duo_fail_open.py Update formatting weirdness in alerts 2017-06-15 15:02:48 -05:00
fxaAlerts.py Fix fxaAlert function call 2017-06-15 15:05:35 -05:00
generic_alert_loader.conf Modify generic alerts path 2017-06-15 15:06:02 -05:00
generic_alert_loader.py Change config name in generic alerts 2017-06-15 15:06:21 -05:00
geomodel.py Update TermFilter to TermMatch 2017-06-15 15:01:21 -05:00
hostScannerAlerts.py Fix incorrect ES field names 2017-06-15 15:05:06 -05:00
httpauthbruteforce.py Remove pyes from alert filenames 2017-06-15 15:03:34 -05:00
httperrors.py Remove pyes from alert filenames 2017-06-15 15:03:34 -05:00
ldapAdd.py Fix incorrect ES field names 2017-06-15 15:05:06 -05:00
ldapDelete.py Fix incorrect ES field names 2017-06-15 15:05:06 -05:00
ldapGroup.py Fix incorrect ES field names 2017-06-15 15:05:06 -05:00
ldapLockout.py Fixup ldaplockout changepairs fieldname 2017-06-15 15:05:07 -05:00
multiple_intel_hits.py Fix incorrect ES field names 2017-06-15 15:05:06 -05:00
open_port_violation.py Add open port alert to config 2017-06-15 15:05:35 -05:00
promisc_audit.py Fix broken alert unit tests 2017-06-15 15:06:31 -05:00
promisc_kernel.py A rewrite of an alert to make it generic while fetching the correct hostname from details dict 2017-06-15 15:06:28 -05:00
proxy_drop.py Remove pyes from alert filenames 2017-06-15 15:03:34 -05:00
session_opened_critical.py A rewrite of an alert to an aggregation one 2017-06-15 15:06:28 -05:00
ssh_access_signreleng.conf Update ssh_releng config hostfilter 2017-06-15 15:03:43 -05:00
ssh_access_signreleng.py Fix up remaining pyes comments 2017-06-15 15:03:34 -05:00
ssh_fail_critical.py More cleanups for the critical opened sessions alerting 2017-06-15 15:06:29 -05:00
sshbruteforce_bro.py Remove pyes from alert filenames 2017-06-15 15:03:34 -05:00
sshioc.py Update TermFilter to TermMatch 2017-06-15 15:01:21 -05:00
ssl_blacklist_hit.py Remove pyes from alert filenames 2017-06-15 15:03:34 -05:00
supervisord.alerts.ini Changing naming convention of supervisord.alerts.conf to an ini. This file contains no secrets and an ini is more inline with how this file operates. 2017-06-15 15:05:35 -05:00
unauth_portscan.py Use the details.indicators field to look for the scan source. 2017-06-15 15:05:33 -05:00
unauth_scan.py Match only records where details.indicators exists 2017-06-15 15:05:34 -05:00
unauth_ssh.conf Unencrypt config files 2017-06-15 15:05:55 -05:00
unauth_ssh.py Updated PhraseMatch in unauth_ssh.py so that this alert would correctly trigger. Tested. Works. 2017-06-15 15:05:43 -05:00
vpn_duo_auth_failures.py Remove pyes from alert filenames 2017-06-15 15:03:34 -05:00