MozDef/alerts
Brandon Myers 581c597c11
Use logger instead of writing to sys.stdout and sys.stderr
2019-07-25 12:29:37 -05:00
..
actions Remove unicode-u keyword 2019-06-29 15:11:00 -05:00
lib Use logger instead of writing to sys.stdout and sys.stderr 2019-07-25 12:29:37 -05:00
plugins Update map to list for ipv6 2019-06-28 17:45:21 -05:00
__init__.py averez-147-celery-alerts: more comments in the code 2014-07-15 16:31:21 -07:00
alert_actions.ini Update missing references to alertactions in syslog configs 2019-03-21 17:36:47 -05:00
alert_actions_worker.conf Rename alert plugins to actions in docker env 2019-03-20 15:25:22 -05:00
alert_actions_worker.py Rename unicode type to str 2019-06-28 18:21:48 -05:00
alert_template.template Update alert and test template 2018-10-31 14:11:31 -05:00
auditd_commands.conf Add alert for generic auditd command 2018-05-24 15:52:11 -05:00
auditd_commands.py Update auditd commands alert with proper category 2018-12-26 14:23:15 -05:00
auditd_sftp.py Caught a couple more broken imports 2018-10-16 15:43:03 -07:00
bruteforce_ssh.conf Add alerts to use config files 2017-06-15 15:07:42 -05:00
bruteforce_ssh.py Catch keyboard-interactive 2018-12-29 09:32:09 -08:00
bugzilla_auth_bruteforce.conf Naming Convention and Logging Changes. 2017-10-04 15:59:49 -05:00
bugzilla_auth_bruteforce.py Remove unused import statements 2018-12-14 11:34:42 -06:00
celeryconfig.py Merge branch 'master' into reinforce2019 2019-07-10 10:38:04 -07:00
cloudtrail_deadman.py Modify deadman alerts to use new DeadmanAlertTask class 2019-02-04 15:04:04 -06:00
cloudtrail_excessive_describe.py less fancy summary 2019-06-23 14:14:00 -07:00
cloudtrail_logging_disabled.py Further tweaks so that this passes unit testing 2019-05-06 14:42:11 -05:00
cloudtrail_public_bucket.py Remove unused import from cloudtrail public bucket alert 2019-07-10 12:43:23 -05:00
confluence_shell.py Fixed the rest of the imports 2018-10-16 15:33:58 -07:00
critical_users.json Add an example configuration file 2017-10-24 10:58:54 -07:00
deadman.conf Fixup deadman alert to use hostname field 2018-08-20 16:20:02 -05:00
deadman.py Modify deadman alerts to use new DeadmanAlertTask class 2019-02-04 15:04:04 -06:00
deadman_generic.json Allow search window type to be specified in generic deadman config 2019-02-04 13:20:54 -06:00
deadman_generic.py Update deadman generic alert to use events-weekly as index 2019-05-30 10:07:56 -05:00
duo_authfail.conf Add alerts to use config files 2017-06-15 15:07:42 -05:00
duo_authfail.py Update the alert and the unit test as well 2019-02-19 14:50:20 -08:00
duo_fail_open.py Fixed the rest of the imports 2018-10-16 15:33:58 -07:00
feedback_events.json Fixup alert and worker for SSO feedback events 2018-04-30 12:43:59 -05:00
feedback_events.py Remove unicode-u keyword 2019-06-29 15:11:00 -05:00
fxa_alerts.py Fixup block comments not having a space after hash 2018-12-14 13:40:07 -06:00
generic_alert_loader.conf Modify generic alerts path 2017-06-15 15:06:02 -05:00
generic_alert_loader.py Update generic alert loader to use mozdef_util library 2019-02-14 13:58:01 -06:00
geomodel.conf Add url to geomodel alert 2017-12-05 15:41:43 -06:00
geomodel.py Fixed the rest of the imports 2018-10-16 15:33:58 -07:00
get_watchlist.conf Add watchlist alert to default docker environment 2019-05-13 10:55:24 -05:00
get_watchlist.py Fix watchlist process_alert function 2019-05-24 19:58:03 -05:00
guard_duty_probe.py Remove unused import statements 2018-12-14 11:34:42 -06:00
honeycomb.py Resolve E126 continuation of over-indented lines 2018-10-31 17:17:49 -05:00
http_auth_bruteforce.conf Naming Convention and Logging Changes. 2017-10-04 15:59:49 -05:00
http_auth_bruteforce.py Remove unused import statements 2018-12-14 11:34:42 -06:00
http_errors.conf Naming Convention and Logging Changes. 2017-10-04 15:59:49 -05:00
http_errors.py Remove unused import statements 2018-12-14 11:34:42 -06:00
ldap_add.py Fixed the rest of the imports 2018-10-16 15:33:58 -07:00
ldap_delete.py Fixed the rest of the imports 2018-10-16 15:33:58 -07:00
ldap_group.py Fixed the rest of the imports 2018-10-16 15:33:58 -07:00
ldap_lockout.py Fixed the rest of the imports 2018-10-16 15:33:58 -07:00
multiple_intel_hits.py Remove .keys() call during key exists comparison 2019-02-15 12:11:15 -06:00
nsm_scan_address.json The standard alert version of the Address_Scan 2018-11-07 17:33:11 -08:00
nsm_scan_address.py Use the correct source field 2019-01-16 15:32:51 -08:00
nsm_scan_port.json More cleanups 2019-01-16 16:14:27 -08:00
nsm_scan_port.py Remove trailing whitespace 2019-01-28 13:40:37 -08:00
nsm_scan_random.json Add an example configuration file 2018-11-20 13:24:46 -08:00
nsm_scan_random.py Use the correct source field 2019-01-16 15:32:51 -08:00
old_events.py Fixed the rest of the imports 2018-10-16 15:33:58 -07:00
open_port_violation.py Fixed the rest of the imports 2018-10-16 15:33:58 -07:00
promisc_audit.py Fixed the rest of the imports 2018-10-16 15:33:58 -07:00
promisc_kernel.py Fixed the rest of the imports 2018-10-16 15:33:58 -07:00
proxy_drop_executable.conf Add more tests and exception cases for proxy executable drop alert 2018-10-03 10:33:19 -04:00
proxy_drop_executable.py Move the alert about proxy drop for an executable to the new proxy format 2019-02-21 12:58:11 -08:00
proxy_drop_ip.py Cleanups 2019-02-25 18:49:32 -08:00
proxy_drop_non_standard_port.conf Add example config 2018-10-11 13:50:15 -04:00
proxy_drop_non_standard_port.py More of pepism 2019-02-25 17:29:00 -08:00
proxy_exfil_domains.conf Renaming the config file to reflect the change in alert name 2018-12-05 18:14:53 -05:00
proxy_exfil_domains.py More updates to alerts on anomalies from proxy logs 2019-02-21 18:03:10 -08:00
session_opened_sensitive_user.py Fixed the rest of the imports 2018-10-16 15:33:58 -07:00
sqs_queues_deadman.conf Add deadman alert for sqs queues from tag 2017-06-15 15:07:29 -05:00
sqs_queues_deadman.py Modify deadman alerts to use new DeadmanAlertTask class 2019-02-04 15:04:04 -06:00
ssh_access.json Remove the extra colon 2019-01-04 11:32:25 -08:00
ssh_access.py Make the Nagios alert more generic 2018-11-20 14:03:02 -08:00
ssh_access_signreleng.json Convert ssh access config to json 2018-10-22 19:31:50 -05:00
ssh_access_signreleng.py Rename iteritems to items for dictionaries 2019-06-28 16:49:30 -05:00
ssh_bruteforce_bro.conf Naming Convention and Logging Changes. 2017-10-04 15:59:49 -05:00
ssh_bruteforce_bro.py Remove unused import statements 2018-12-14 11:34:42 -06:00
ssh_ioc.py Fixed the rest of the imports 2018-10-16 15:33:58 -07:00
ssh_key.conf Naming Convention and Logging Changes. 2017-10-04 15:59:49 -05:00
ssh_key.py Fixup closing bracket indentation not matching original 2018-12-14 12:39:23 -06:00
ssh_lateral.json ssh_lateral: add sample config file 2017-06-15 15:07:42 -05:00
ssh_lateral.py Add function to append hostname to ip for ssh lateral alert 2018-11-05 13:04:01 -06:00
ssh_password_auth_violation.py Fixed the rest of the imports 2018-10-16 15:33:58 -07:00
ssl_blacklist_hit.py Fixed the rest of the imports 2018-10-16 15:33:58 -07:00
supervisord_alerts.ini Naming Convention and Logging Changes. 2017-10-04 15:59:49 -05:00
trace_audit.conf Consolidated ptrace/strace events into custom alert aggregated by executing user. 2018-05-07 14:18:06 -05:00
trace_audit.py Add hostname to trace audit alert summary 2018-12-18 15:27:30 -06:00
unauth_ssh.conf Unencrypt config files 2017-06-15 15:05:55 -05:00
unauth_ssh.py Fixed the rest of the imports 2018-10-16 15:33:58 -07:00
vpn_duo_auth_failures.py Fixed the rest of the imports 2018-10-16 15:33:58 -07:00
write_audit.conf Add user, path and downgrade severity for audit write alert 2018-12-17 15:14:32 -06:00
write_audit.py Add user, path and downgrade severity for audit write alert 2018-12-17 15:14:32 -06:00