| .. |
|
lib
|
Swapping search for details.hostname to just hostname in alerts.
|
2018-09-18 16:52:27 -05:00 |
|
plugins
|
Modify unknown isp in geomodel plugin
|
2018-08-17 15:12:21 -05:00 |
|
__init__.py
|
averez-147-celery-alerts: more comments in the code
|
2014-07-15 16:31:21 -07:00 |
|
alert_plugins.ini
|
Naming Convention and Logging Changes.
|
2017-10-04 15:59:49 -05:00 |
|
alert_worker.conf
|
Naming Convention and Logging Changes.
|
2017-10-04 15:59:49 -05:00 |
|
alert_worker.py
|
Undo accidental changes
|
2017-12-23 02:31:51 +05:30 |
|
auditd_commands.conf
|
Add alert for generic auditd command
|
2018-05-24 15:52:11 -05:00 |
|
auditd_commands.py
|
Add alert for generic auditd command
|
2018-05-24 15:52:11 -05:00 |
|
auditd_sftp.py
|
Swapping search for details.hostname to just hostname in alerts.
|
2018-09-18 16:52:27 -05:00 |
|
bruteforce_ssh.conf
|
Add alerts to use config files
|
2017-06-15 15:07:42 -05:00 |
|
bruteforce_ssh.py
|
Swapping search for details.hostname to just hostname in alerts.
|
2018-09-18 16:52:27 -05:00 |
|
bugzilla_auth_bruteforce.conf
|
Naming Convention and Logging Changes.
|
2017-10-04 15:59:49 -05:00 |
|
bugzilla_auth_bruteforce.py
|
Removing _type from alerts and testing. Phase I. Can't fully remove _type until we move to new mapping.
|
2018-03-02 15:29:30 -06:00 |
|
celeryconfig.py
|
Dynamically register alert tasks in new celery
|
2018-03-26 14:39:30 -05:00 |
|
cloudtrail_deadman.py
|
Removing _type from alerts and testing. Phase I. Can't fully remove _type until we move to new mapping.
|
2018-03-02 15:29:30 -06:00 |
|
cloudtrail_logging_disabled.py
|
removing trailing comma
|
2018-03-02 15:30:42 -06:00 |
|
confluence_shell.py
|
Removing _type from alerts and testing. Phase I. Can't fully remove _type until we move to new mapping.
|
2018-03-02 15:29:30 -06:00 |
|
critical_users.json
|
Add an example configuration file
|
2017-10-24 10:58:54 -07:00 |
|
deadman.conf
|
Fixup deadman alert to use hostname field
|
2018-08-20 16:20:02 -05:00 |
|
deadman.py
|
Fixup deadman alert to use hostname field
|
2018-08-20 16:20:02 -05:00 |
|
duo_authfail.conf
|
Add alerts to use config files
|
2017-06-15 15:07:42 -05:00 |
|
duo_authfail.py
|
Removing _type from alerts and testing. Phase I. Can't fully remove _type until we move to new mapping.
|
2018-03-02 15:29:30 -06:00 |
|
duo_fail_open.py
|
Swapping search for details.hostname to just hostname in alerts.
|
2018-09-18 16:52:27 -05:00 |
|
feedback_events.json
|
Fixup alert and worker for SSO feedback events
|
2018-04-30 12:43:59 -05:00 |
|
feedback_events.py
|
Add unicode support to feedback alert
|
2018-05-21 20:06:31 -05:00 |
|
fxa_alerts.py
|
Removing _type from alerts and testing. Phase I. Can't fully remove _type until we move to new mapping.
|
2018-03-02 15:29:30 -06:00 |
|
generic_alert_loader.conf
|
Modify generic alerts path
|
2017-06-15 15:06:02 -05:00 |
|
generic_alert_loader.py
|
Swapping search for details.hostname to just hostname in alerts.
|
2018-09-18 16:52:27 -05:00 |
|
geomodel.conf
|
Add url to geomodel alert
|
2017-12-05 15:41:43 -06:00 |
|
geomodel.py
|
Add previous locality details to geomodel alert
|
2018-05-11 12:31:12 -05:00 |
|
http_auth_bruteforce.conf
|
Naming Convention and Logging Changes.
|
2017-10-04 15:59:49 -05:00 |
|
http_auth_bruteforce.py
|
Removing _type from alerts and testing. Phase I. Can't fully remove _type until we move to new mapping.
|
2018-03-02 15:29:30 -06:00 |
|
http_errors.conf
|
Naming Convention and Logging Changes.
|
2017-10-04 15:59:49 -05:00 |
|
http_errors.py
|
Removing _type from alerts and testing. Phase I. Can't fully remove _type until we move to new mapping.
|
2018-03-02 15:29:30 -06:00 |
|
ldap_add.py
|
Remove extra line after copywrite date
|
2018-01-04 17:15:35 -06:00 |
|
ldap_delete.py
|
Remove extra line after copywrite date
|
2018-01-04 17:15:35 -06:00 |
|
ldap_group.py
|
Remove extra line after copywrite date
|
2018-01-04 17:15:35 -06:00 |
|
ldap_lockout.py
|
Remove extra line after copywrite date
|
2018-01-04 17:15:35 -06:00 |
|
multiple_intel_hits.py
|
Removing _type from alerts and testing. Phase I. Can't fully remove _type until we move to new mapping.
|
2018-03-02 15:29:30 -06:00 |
|
old_events.py
|
Correcting category typo
|
2018-04-17 18:12:14 -05:00 |
|
open_port_violation.py
|
Removing _type from alerts and testing. Phase I. Can't fully remove _type until we move to new mapping.
|
2018-03-02 15:29:30 -06:00 |
|
promisc_audit.py
|
Removing _type from alerts and testing. Phase I. Can't fully remove _type until we move to new mapping.
|
2018-03-02 15:29:30 -06:00 |
|
promisc_kernel.py
|
Swapping search for details.hostname to just hostname in alerts.
|
2018-09-18 16:52:27 -05:00 |
|
proxy_drop.py
|
Remove extra line after copywrite date
|
2018-01-04 17:15:35 -06:00 |
|
session_opened_sensitive_user.py
|
Swapping search for details.hostname to just hostname in alerts.
|
2018-09-18 16:52:27 -05:00 |
|
sqs_queues_deadman.conf
|
Add deadman alert for sqs queues from tag
|
2017-06-15 15:07:29 -05:00 |
|
sqs_queues_deadman.py
|
Remove extra line after copywrite date
|
2018-01-04 17:15:35 -06:00 |
|
ssh_access_signreleng.conf
|
Add complex filter in ssh alert config file
|
2017-07-12 15:44:26 -05:00 |
|
ssh_access_signreleng.py
|
Swapping search for details.hostname to just hostname in alerts.
|
2018-09-18 16:52:27 -05:00 |
|
ssh_bruteforce_bro.conf
|
Naming Convention and Logging Changes.
|
2017-10-04 15:59:49 -05:00 |
|
ssh_bruteforce_bro.py
|
Removing _type from alerts and testing. Phase I. Can't fully remove _type until we move to new mapping.
|
2018-03-02 15:29:30 -06:00 |
|
ssh_ioc.py
|
Removing _type from alerts and testing. Phase I. Can't fully remove _type until we move to new mapping.
|
2018-03-02 15:29:30 -06:00 |
|
ssh_key.conf
|
Naming Convention and Logging Changes.
|
2017-10-04 15:59:49 -05:00 |
|
ssh_key.py
|
Removing _type from alerts and testing. Phase I. Can't fully remove _type until we move to new mapping.
|
2018-03-02 15:29:30 -06:00 |
|
ssh_lateral.json
|
ssh_lateral: add sample config file
|
2017-06-15 15:07:42 -05:00 |
|
ssh_lateral.py
|
Swapping search for details.hostname to just hostname in alerts.
|
2018-09-18 16:52:27 -05:00 |
|
ssh_password_auth_violation.py
|
removing trailing comma
|
2018-03-02 15:32:35 -06:00 |
|
ssl_blacklist_hit.py
|
Removing _type from alerts and testing. Phase I. Can't fully remove _type until we move to new mapping.
|
2018-03-02 15:29:30 -06:00 |
|
supervisord_alerts.ini
|
Naming Convention and Logging Changes.
|
2017-10-04 15:59:49 -05:00 |
|
trace_audit.conf
|
Consolidated ptrace/strace events into custom alert aggregated by executing user.
|
2018-05-07 14:18:06 -05:00 |
|
trace_audit.py
|
Fix spelling error in trace alert
|
2018-05-22 11:27:11 -05:00 |
|
unauth_ssh.conf
|
Unencrypt config files
|
2017-06-15 15:05:55 -05:00 |
|
unauth_ssh.py
|
Swapping search for details.hostname to just hostname in alerts.
|
2018-09-18 16:52:27 -05:00 |
|
vpn_duo_auth_failures.py
|
Removing _type from alerts and testing. Phase I. Can't fully remove _type until we move to new mapping.
|
2018-03-02 15:29:30 -06:00 |
|
write_audit.conf
|
placeholder vars
|
2018-05-01 18:05:23 -05:00 |
|
write_audit.py
|
Updating search window time to be 15 mins
|
2018-05-09 18:00:10 -05:00 |
623a6565b6