DEPRECATED - MozDef: Mozilla Enterprise Defense Platform

abandoned elasticsearch elk elk-stack python security siem unmaintained

Перейти к файлу

Brandon Myers e0122099cd Merge pull request #1109 from mozilla/remove_unused_depends Remove unnecessary depends in docker-compose		2019-02-27 17:58:58 -05:00
alerts	Merge pull request #906 from mozilla/watchlist_feature	2019-02-27 12:44:26 -06:00
benchmarking	Fixup block comments not having a space after hash	2018-12-14 13:40:07 -06:00
bot	Create .ini file for both slack and irc	2019-02-08 13:01:31 -06:00
cloudy_mozdef	fix SQS policy to only accept intra-account sendMessage	2019-01-31 10:29:28 -08:00
config	Final update for jwt code, removed jwt block from the nginx config to be configured externally via automation.	2018-12-13 16:30:37 -06:00
cron	Merge pull request #1107 from mpurzynski/duosecurity_eis536	2019-02-20 11:22:34 -08:00
docker	Merge pull request #1109 from mozilla/remove_unused_depends	2019-02-27 17:58:58 -05:00
docs	Fix inline code markup in docs	2019-01-24 12:09:15 -08:00
examples	Fixup unused variables check	2018-12-14 14:06:21 -06:00
loginput	Fixup unused variables check	2018-12-14 14:06:21 -06:00
meteor	Merge pull request #906 from mozilla/watchlist_feature	2019-02-27 12:44:26 -06:00
mozdef_util	Add improved error handling to initial parsing of plugin	2019-02-13 14:10:26 -06:00
mq	Exclude auth_success field if not present on message bro ssh logs	2019-02-13 12:11:08 -06:00
rest	removing erroneous WatchList list instantiation, changing db reference to watchentries.	2019-01-08 12:48:03 -06:00
static	removing path to watchlist, removing watchlist from static, adding private folder to gitignore.	2018-10-30 18:20:11 -05:00
systemdfiles	Update python virtualenv path for service files	2018-04-20 12:55:26 -05:00
tests	Merge pull request #1107 from mpurzynski/duosecurity_eis536	2019-02-20 11:22:34 -08:00
.flake8	Fixup unused variables check	2018-12-14 14:06:21 -06:00
.gitignore	resolving merge from master conflicts	2018-11-16 11:41:47 -06:00
.travis.yml	upgrade travis docker-compose as per https://docs.travis-ci.com/user/docker/	2018-10-30 13:53:07 -07:00
CONTRIBUTING.md	Modifying urls to point to mozilla from jeffbryner, slight readability changes.	2017-06-15 15:07:30 -05:00
LICENSE	Updated license file to conform with MPL	2014-02-25 09:55:02 -08:00
Makefile	Actually working with ENV file existence check and env variable setting for docker-compose command	2019-02-01 10:49:59 -08:00
README.md	Setup default hosted CloudFormation templates	2019-01-10 11:56:44 -08:00
requirements.txt	Merge pull request #906 from mozilla/watchlist_feature	2019-02-27 12:44:26 -06:00

README.md

MozDef: The Mozilla Defense Platform

Why?

The inspiration for MozDef comes from the large arsenal of tools available to attackers. Suites like metasploit, armitage, lair, dradis and others are readily available to help attackers coordinate, share intelligence and finely tune their attacks in real time. Defenders are usually limited to wikis, ticketing systems and manual tracking databases attached to the end of a Security Information Event Management (SIEM) system.

The Mozilla Defense Platform (MozDef) seeks to automate the security incident handling process and facilitate the real-time activities of incident handlers.

Goals:

Provide a platform for use by defenders to rapidly discover and respond to security incidents.
Automate interfaces to other systems like bunker, cymon, mig
Provide metrics for security events and incidents
Facilitate real-time collaboration amongst incident handlers
Facilitate repeatable, predictable processes for incident handling
Go beyond traditional SIEM systems in automating incident handling, information sharing, workflow, metrics and response automation

Status:

MozDef is in production at Mozilla where we are using it to process over 300 million events per day.

Give MozDef a Try in AWS:

Documentation:

http://mozdef.readthedocs.org/en/latest/