.. |
actions
|
Remove unicode-u keyword
|
2019-06-29 15:11:00 -05:00 |
lib
|
Use logger instead of writing to sys.stdout and sys.stderr
|
2019-07-25 12:29:37 -05:00 |
plugins
|
Update map to list for ipv6
|
2019-06-28 17:45:21 -05:00 |
__init__.py
|
averez-147-celery-alerts: more comments in the code
|
2014-07-15 16:31:21 -07:00 |
alert_actions.ini
|
Update missing references to alertactions in syslog configs
|
2019-03-21 17:36:47 -05:00 |
alert_actions_worker.conf
|
Rename alert plugins to actions in docker env
|
2019-03-20 15:25:22 -05:00 |
alert_actions_worker.py
|
Rename unicode type to str
|
2019-06-28 18:21:48 -05:00 |
alert_template.template
|
Update alert and test template
|
2018-10-31 14:11:31 -05:00 |
auditd_commands.conf
|
Add alert for generic auditd command
|
2018-05-24 15:52:11 -05:00 |
auditd_commands.py
|
Update auditd commands alert with proper category
|
2018-12-26 14:23:15 -05:00 |
auditd_sftp.py
|
Caught a couple more broken imports
|
2018-10-16 15:43:03 -07:00 |
bruteforce_ssh.conf
|
Add alerts to use config files
|
2017-06-15 15:07:42 -05:00 |
bruteforce_ssh.py
|
Catch keyboard-interactive
|
2018-12-29 09:32:09 -08:00 |
bugzilla_auth_bruteforce.conf
|
Naming Convention and Logging Changes.
|
2017-10-04 15:59:49 -05:00 |
bugzilla_auth_bruteforce.py
|
Remove unused import statements
|
2018-12-14 11:34:42 -06:00 |
celeryconfig.py
|
Merge branch 'master' into reinforce2019
|
2019-07-10 10:38:04 -07:00 |
cloudtrail_deadman.py
|
Modify deadman alerts to use new DeadmanAlertTask class
|
2019-02-04 15:04:04 -06:00 |
cloudtrail_excessive_describe.py
|
less fancy summary
|
2019-06-23 14:14:00 -07:00 |
cloudtrail_logging_disabled.py
|
Further tweaks so that this passes unit testing
|
2019-05-06 14:42:11 -05:00 |
cloudtrail_public_bucket.py
|
Remove unused import from cloudtrail public bucket alert
|
2019-07-10 12:43:23 -05:00 |
confluence_shell.py
|
Fixed the rest of the imports
|
2018-10-16 15:33:58 -07:00 |
critical_users.json
|
Add an example configuration file
|
2017-10-24 10:58:54 -07:00 |
deadman.conf
|
Fixup deadman alert to use hostname field
|
2018-08-20 16:20:02 -05:00 |
deadman.py
|
Modify deadman alerts to use new DeadmanAlertTask class
|
2019-02-04 15:04:04 -06:00 |
deadman_generic.json
|
Allow search window type to be specified in generic deadman config
|
2019-02-04 13:20:54 -06:00 |
deadman_generic.py
|
Update deadman generic alert to use events-weekly as index
|
2019-05-30 10:07:56 -05:00 |
duo_authfail.conf
|
Add alerts to use config files
|
2017-06-15 15:07:42 -05:00 |
duo_authfail.py
|
Update the alert and the unit test as well
|
2019-02-19 14:50:20 -08:00 |
duo_fail_open.py
|
Fixed the rest of the imports
|
2018-10-16 15:33:58 -07:00 |
feedback_events.json
|
Fixup alert and worker for SSO feedback events
|
2018-04-30 12:43:59 -05:00 |
feedback_events.py
|
Remove unicode-u keyword
|
2019-06-29 15:11:00 -05:00 |
fxa_alerts.py
|
Fixup block comments not having a space after hash
|
2018-12-14 13:40:07 -06:00 |
generic_alert_loader.conf
|
Modify generic alerts path
|
2017-06-15 15:06:02 -05:00 |
generic_alert_loader.py
|
Update generic alert loader to use mozdef_util library
|
2019-02-14 13:58:01 -06:00 |
geomodel.conf
|
Add url to geomodel alert
|
2017-12-05 15:41:43 -06:00 |
geomodel.py
|
Fixed the rest of the imports
|
2018-10-16 15:33:58 -07:00 |
get_watchlist.conf
|
Add watchlist alert to default docker environment
|
2019-05-13 10:55:24 -05:00 |
get_watchlist.py
|
Fix watchlist process_alert function
|
2019-05-24 19:58:03 -05:00 |
guard_duty_probe.py
|
Remove unused import statements
|
2018-12-14 11:34:42 -06:00 |
honeycomb.py
|
Resolve E126 continuation of over-indented lines
|
2018-10-31 17:17:49 -05:00 |
http_auth_bruteforce.conf
|
Naming Convention and Logging Changes.
|
2017-10-04 15:59:49 -05:00 |
http_auth_bruteforce.py
|
Remove unused import statements
|
2018-12-14 11:34:42 -06:00 |
http_errors.conf
|
Naming Convention and Logging Changes.
|
2017-10-04 15:59:49 -05:00 |
http_errors.py
|
Remove unused import statements
|
2018-12-14 11:34:42 -06:00 |
ldap_add.py
|
Fixed the rest of the imports
|
2018-10-16 15:33:58 -07:00 |
ldap_delete.py
|
Fixed the rest of the imports
|
2018-10-16 15:33:58 -07:00 |
ldap_group.py
|
Fixed the rest of the imports
|
2018-10-16 15:33:58 -07:00 |
ldap_lockout.py
|
Fixed the rest of the imports
|
2018-10-16 15:33:58 -07:00 |
multiple_intel_hits.py
|
Remove .keys() call during key exists comparison
|
2019-02-15 12:11:15 -06:00 |
nsm_scan_address.json
|
The standard alert version of the Address_Scan
|
2018-11-07 17:33:11 -08:00 |
nsm_scan_address.py
|
Use the correct source field
|
2019-01-16 15:32:51 -08:00 |
nsm_scan_port.json
|
More cleanups
|
2019-01-16 16:14:27 -08:00 |
nsm_scan_port.py
|
Remove trailing whitespace
|
2019-01-28 13:40:37 -08:00 |
nsm_scan_random.json
|
Add an example configuration file
|
2018-11-20 13:24:46 -08:00 |
nsm_scan_random.py
|
Use the correct source field
|
2019-01-16 15:32:51 -08:00 |
old_events.py
|
Fixed the rest of the imports
|
2018-10-16 15:33:58 -07:00 |
open_port_violation.py
|
Fixed the rest of the imports
|
2018-10-16 15:33:58 -07:00 |
promisc_audit.py
|
Fixed the rest of the imports
|
2018-10-16 15:33:58 -07:00 |
promisc_kernel.py
|
Fixed the rest of the imports
|
2018-10-16 15:33:58 -07:00 |
proxy_drop_executable.conf
|
Add more tests and exception cases for proxy executable drop alert
|
2018-10-03 10:33:19 -04:00 |
proxy_drop_executable.py
|
Move the alert about proxy drop for an executable to the new proxy format
|
2019-02-21 12:58:11 -08:00 |
proxy_drop_ip.py
|
Cleanups
|
2019-02-25 18:49:32 -08:00 |
proxy_drop_non_standard_port.conf
|
Add example config
|
2018-10-11 13:50:15 -04:00 |
proxy_drop_non_standard_port.py
|
More of pepism
|
2019-02-25 17:29:00 -08:00 |
proxy_exfil_domains.conf
|
Renaming the config file to reflect the change in alert name
|
2018-12-05 18:14:53 -05:00 |
proxy_exfil_domains.py
|
More updates to alerts on anomalies from proxy logs
|
2019-02-21 18:03:10 -08:00 |
session_opened_sensitive_user.py
|
Fixed the rest of the imports
|
2018-10-16 15:33:58 -07:00 |
sqs_queues_deadman.conf
|
Add deadman alert for sqs queues from tag
|
2017-06-15 15:07:29 -05:00 |
sqs_queues_deadman.py
|
Modify deadman alerts to use new DeadmanAlertTask class
|
2019-02-04 15:04:04 -06:00 |
ssh_access.json
|
Remove the extra colon
|
2019-01-04 11:32:25 -08:00 |
ssh_access.py
|
Make the Nagios alert more generic
|
2018-11-20 14:03:02 -08:00 |
ssh_access_signreleng.json
|
Convert ssh access config to json
|
2018-10-22 19:31:50 -05:00 |
ssh_access_signreleng.py
|
Rename iteritems to items for dictionaries
|
2019-06-28 16:49:30 -05:00 |
ssh_bruteforce_bro.conf
|
Naming Convention and Logging Changes.
|
2017-10-04 15:59:49 -05:00 |
ssh_bruteforce_bro.py
|
Remove unused import statements
|
2018-12-14 11:34:42 -06:00 |
ssh_ioc.py
|
Fixed the rest of the imports
|
2018-10-16 15:33:58 -07:00 |
ssh_key.conf
|
Naming Convention and Logging Changes.
|
2017-10-04 15:59:49 -05:00 |
ssh_key.py
|
Fixup closing bracket indentation not matching original
|
2018-12-14 12:39:23 -06:00 |
ssh_lateral.json
|
ssh_lateral: add sample config file
|
2017-06-15 15:07:42 -05:00 |
ssh_lateral.py
|
Add function to append hostname to ip for ssh lateral alert
|
2018-11-05 13:04:01 -06:00 |
ssh_password_auth_violation.py
|
Fixed the rest of the imports
|
2018-10-16 15:33:58 -07:00 |
ssl_blacklist_hit.py
|
Fixed the rest of the imports
|
2018-10-16 15:33:58 -07:00 |
supervisord_alerts.ini
|
Naming Convention and Logging Changes.
|
2017-10-04 15:59:49 -05:00 |
trace_audit.conf
|
Consolidated ptrace/strace events into custom alert aggregated by executing user.
|
2018-05-07 14:18:06 -05:00 |
trace_audit.py
|
Add hostname to trace audit alert summary
|
2018-12-18 15:27:30 -06:00 |
unauth_ssh.conf
|
Unencrypt config files
|
2017-06-15 15:05:55 -05:00 |
unauth_ssh.py
|
Fixed the rest of the imports
|
2018-10-16 15:33:58 -07:00 |
vpn_duo_auth_failures.py
|
Fixed the rest of the imports
|
2018-10-16 15:33:58 -07:00 |
write_audit.conf
|
Add user, path and downgrade severity for audit write alert
|
2018-12-17 15:14:32 -06:00 |
write_audit.py
|
Add user, path and downgrade severity for audit write alert
|
2018-12-17 15:14:32 -06:00 |