DEPRECATED - MozDef: Mozilla Enterprise Defense Platform

abandoned elasticsearch elk elk-stack python security siem unmaintained

Перейти к файлу

Michal Purzynski de31324dfa Add the licensing header.		2015-02-04 18:40:06 +01:00
alerts	lower the sample limit for noisy bruteforce alert	2015-01-30 09:25:58 -08:00
benchmarking	averez-19-samples: move json2Mozdef.py to /benchmarking/workers/	2014-04-22 09:15:41 -07:00
bot	explicitly set alert exchange to durable	2015-01-15 15:26:04 -08:00
cron	lower the threshold for attacker creation	2015-01-30 09:20:31 -08:00
docker	remove mrt installs for stuff installed by meteor automagically	2015-01-15 15:23:57 -08:00
docs	Add demo.mozdef.com details	2014-10-06 12:11:28 -07:00
examples	Add the licensing header.	2015-02-04 18:40:06 +01:00
initscripts	minor change to conf file location for supervisord/alerts	2015-01-15 15:31:00 -08:00
lib	Replacing mozdef_lib by mozdef_client	2014-12-17 18:10:31 +01:00
loginput	add application parameter	2014-06-03 09:29:49 -07:00
logs	[meteor] gitignore and bug fix when empty ES	2014-03-07 10:25:54 -08:00
meteor	add escalation to investigation button, closes #228	2015-01-30 09:22:34 -08:00
mq	vulnerability->vulnerabilities for consistent index naming	2015-01-30 12:24:35 -08:00
rest	add sample plugin and hooks for all endpoints	2015-01-28 14:57:17 -08:00
utils	source fqdn for netflow, add a whitelist of netflow senders to accept as an option	2014-09-26 11:15:47 -07:00
.gitignore	Ignore the results/ directory in git	2014-08-11 21:21:11 +02:00
.gitmodules	Replacing mozdef_lib by mozdef_client	2014-12-17 18:10:31 +01:00
CONTRIBUTING.md	averez-issue-23-contributing: add CONTRIBUTING.md	2014-04-14 08:53:42 -07:00
LICENSE	Updated license file to conform with MPL	2014-02-25 09:55:02 -08:00
README.md	add read the docs link	2014-03-23 13:06:38 -07:00
analyze_code.sh	averez-22-license: Fix license stuff (Closes #22 )	2014-04-16 11:40:15 -07:00
requirements.txt	averez-ipwhois-fix: upgrade to ipwhois 0.9.0	2014-07-28 14:42:00 -07:00

README.md

===================================== MozDef: The Mozilla Defense Platform

Why?

The inspiration for MozDef comes from the large arsenal of tools available to attackers. Suites like metasploit, armitage, lair, dradis and others are readily available to help attackers coordinate, share intelligence and finely tune their attacks in real time. Defenders are usually limited to wikis, ticketing systems and manual tracking databases attached to the end of a Security Information Event Management (SIEM) system.

The Mozilla Defense Platform (MozDef) seeks to automate the security incident handling process and facilitate the real-time activities of incident handlers.

Goals:

Provide a platform for use by defenders to rapidly discover and respond to security incidents.
Automate interfaces to other systems like bunker, banhammer, mig
Provide metrics for security events and incidents
Facilitate real-time collaboration amongst incident handlers
Facilitate repeatable, predictable processes for incident handling
Go beyond traditional SIEM systems in automating incident handling, information sharing, workflow, metrics and response automation

Status:

MozDef is in early proof of concept phases at Mozilla.

DOCS:

http://mozdef.readthedocs.org/en/latest/