.. |
actions
|
removes sso-dashboard-feedback (#1615)
|
2020-05-06 14:00:34 -05:00 |
geomodel
|
Set geomodel alert severity to be configurable (#1675)
|
2020-09-09 11:34:21 -05:00 |
lib
|
Add notify mozdefbot for generic_alerts (#1654)
|
2020-07-06 16:57:00 -05:00 |
plugins
|
Add username via auth0 plugin (#1708)
|
2021-03-16 10:35:26 -05:00 |
__init__.py
|
…
|
|
alert_actions.ini
|
…
|
|
alert_actions_worker.conf
|
…
|
|
alert_actions_worker.py
|
…
|
|
alert_template.template
|
…
|
|
auditd_sftp.py
|
…
|
|
auth0_bruteforce_user.conf
|
Add v0.1 of Auth0 username/password bruteforce alert (#1681)
|
2020-09-11 14:24:06 -05:00 |
auth0_bruteforce_user.py
|
Add v0.1 of Auth0 username/password bruteforce alert (#1681)
|
2020-09-11 14:24:06 -05:00 |
auth0_vertical_password_guessing.conf
|
Add Auth- vertical password guessing alert (#1683)
|
2020-09-11 14:26:07 -05:00 |
auth0_vertical_password_guessing.py
|
Add more specific context to vertical auth0 alert (#1685)
|
2020-09-16 12:06:54 -05:00 |
bruteforce_ssh.conf
|
…
|
|
bruteforce_ssh.py
|
…
|
|
bugzilla_auth_bruteforce.conf
|
…
|
|
bugzilla_auth_bruteforce.py
|
…
|
|
cloudtrail_logging_disabled.py
|
Remove specific pagerduty tags from alerts
|
2020-03-19 14:05:14 -05:00 |
critical_users.json
|
…
|
|
deadman.conf
|
Move severity for some alerts into config
|
2020-03-25 13:07:36 -05:00 |
deadman.py
|
Move severity for some alerts into config
|
2020-03-25 13:07:36 -05:00 |
deadman_generic.json
|
Add custom tags to deadman generic alert
|
2020-04-01 13:01:44 -05:00 |
deadman_generic.py
|
Add custom tags to deadman generic alert
|
2020-04-01 13:01:44 -05:00 |
duo_authfail.conf
|
…
|
|
duo_authfail.py
|
Remove specific pagerduty tags from alerts
|
2020-03-19 14:05:14 -05:00 |
duo_fail_open.py
|
…
|
|
generic_alert_loader.conf
|
…
|
|
generic_alert_loader.py
|
Add notify mozdefbot for generic_alerts (#1654)
|
2020-07-06 16:57:00 -05:00 |
geomodel_location.json
|
Set geomodel alert severity to be configurable (#1675)
|
2020-09-09 11:34:21 -05:00 |
geomodel_location.py
|
Set geomodel alert severity to be configurable (#1675)
|
2020-09-09 11:34:21 -05:00 |
get_watchlist.conf
|
…
|
|
get_watchlist.py
|
…
|
|
guard_duty_probe.py
|
…
|
|
http_auth_bruteforce.conf
|
…
|
|
http_auth_bruteforce.py
|
…
|
|
http_errors.conf
|
Move severity for some alerts into config
|
2020-03-25 13:07:36 -05:00 |
http_errors.py
|
Move severity for some alerts into config
|
2020-03-25 13:07:36 -05:00 |
ldap_add.py
|
adding negative match for informational events, and adding unit tests (#1611)
|
2020-04-23 15:07:36 -05:00 |
ldap_bruteforce_user.conf
|
Rename ldap_bruteforce to ldap_bruteforce_user
|
2019-10-17 14:36:15 -04:00 |
ldap_bruteforce_user.py
|
Configure ldap alerts to set category as bruteforce
|
2019-10-17 17:00:28 -05:00 |
ldap_delete.py
|
adding negative match for informational events, and adding unit tests (#1611)
|
2020-04-23 15:07:36 -05:00 |
ldap_group.py
|
Have the ldap_group alert aggregate on details.email (#1642)
|
2020-06-24 10:41:08 -05:00 |
ldap_lockout.py
|
…
|
|
multiple_intel_hits.py
|
…
|
|
nsm_scan_address.json
|
…
|
|
nsm_scan_address.py
|
…
|
|
nsm_scan_port.json
|
…
|
|
nsm_scan_port.py
|
…
|
|
nsm_scan_random.json
|
Add an example configuration file
|
2018-11-20 13:24:46 -08:00 |
nsm_scan_random.py
|
…
|
|
old_events.py
|
…
|
|
promisc_audit.py
|
…
|
|
promisc_kernel.py
|
…
|
|
proxy_drop_executable.conf
|
…
|
|
proxy_drop_executable.py
|
Remove Boilerplate comments (#1693)
|
2020-12-03 14:27:46 -06:00 |
proxy_drop_ip.conf
|
Add whitelist to proxy drop ip alert
|
2019-10-03 14:30:21 -04:00 |
proxy_drop_ip.py
|
Add whitelist to proxy drop ip alert
|
2019-10-03 14:30:21 -04:00 |
proxy_drop_non_standard_port.conf
|
…
|
|
proxy_drop_non_standard_port.py
|
…
|
|
proxy_exfil_domains.conf
|
…
|
|
proxy_exfil_domains.py
|
Update summary of proxy exfil domain alert
|
2020-04-08 13:32:07 -05:00 |
session_opened_sensitive_user.py
|
…
|
|
ssh_access.json
|
…
|
|
ssh_access.py
|
…
|
|
ssh_access_signreleng.json
|
Rename ircchannel to channel (#1652)
|
2020-07-06 12:57:02 -05:00 |
ssh_access_signreleng.py
|
Update ssh releng alert to take new event format into consideration (#1719)
|
2021-06-10 12:08:27 -05:00 |
ssh_bruteforce_bro.conf
|
…
|
|
ssh_bruteforce_bro.py
|
…
|
|
ssh_lateral.json
|
…
|
|
ssh_lateral.py
|
…
|
|
ssl_blacklist_hit.py
|
…
|
|
supervisord_alerts.ini
|
Readd "Merge pull request #1436 from mozilla/revert-1420-alerts_mongodb_scheduler"
|
2019-09-04 13:53:41 -05:00 |
trace_audit.conf
|
…
|
|
trace_audit.py
|
…
|
|
triagebot_escalation.conf
|
adding new triagebot escalation alert (#1666)
|
2020-07-29 14:39:06 -05:00 |
triagebot_escalation.py
|
changing specific tag to encompass all triagebot escalations (#1668)
|
2020-07-30 12:24:54 -07:00 |
vpn_duo_auth_failures.py
|
…
|
|
write_audit.conf
|
…
|
|
write_audit.py
|
…
|
|