DEPRECATED - MozDef: Mozilla Enterprise Defense Platform
Перейти к файлу
A Smith ed2f6e02c2 Merge pull request #399 from pwnbus/master
Update MozDef to use ES v2
2017-06-27 15:30:21 -05:00
.github Update ISSUE_TEMPLATE.md 2017-06-15 15:05:44 -05:00
alerts Revert "Remove unnecessary alert plugin" 2017-06-27 13:17:56 -07:00
benchmarking Remove US/Pacific timezone references 2017-06-15 15:04:51 -05:00
bot Fix notifymozdefbot logic 2017-06-27 13:18:12 -07:00
config Add parsys mq worker 2017-06-15 15:07:30 -05:00
cron Update files that were diff between two repos 2017-06-15 15:14:57 -05:00
docker Change git repo location in docs to mozilla namespace 2017-06-19 15:19:00 -05:00
docs Remove pyes from usage documentation 2017-06-19 15:49:08 -05:00
examples Remove unnecessary pyes import 2017-06-21 11:30:51 -05:00
lib Update files that were diff between two repos 2017-06-15 15:14:57 -05:00
loginput Remove old leftover files 2017-06-15 15:13:03 -05:00
meteor Update files that were diff between two repos 2017-06-15 15:14:57 -05:00
mq Remove old leftover files 2017-06-15 15:13:03 -05:00
rest Update files that were diff between two repos 2017-06-15 15:14:57 -05:00
static Remove heatmap html page 2017-06-15 15:07:42 -05:00
systemdfiles Remove mozilla specific mq worker service files 2017-06-15 15:07:45 -05:00
tests Update files that were diff between two repos 2017-06-15 15:14:57 -05:00
.gitignore Adding new mqworkers for fluentd2mozdef from aws infosec services. 2017-06-15 15:06:21 -05:00
CONTRIBUTING.md Modifying urls to point to mozilla from jeffbryner, slight readability changes. 2017-06-15 15:07:30 -05:00
LICENSE Updated license file to conform with MPL 2014-02-25 09:55:02 -08:00
README.md Sync readme with readme from public repo 2017-06-15 15:07:47 -05:00
analyze_code.sh averez-22-license: Fix license stuff (Closes #22) 2014-04-16 11:40:15 -07:00
requirements.txt Bump pytx version and update compromisedCreds cron 2017-06-15 15:06:32 -05:00

README.md

MozDef: The Mozilla Defense Platform

Why?

The inspiration for MozDef comes from the large arsenal of tools available to attackers. Suites like metasploit, armitage, lair, dradis and others are readily available to help attackers coordinate, share intelligence and finely tune their attacks in real time. Defenders are usually limited to wikis, ticketing systems and manual tracking databases attached to the end of a Security Information Event Management (SIEM) system.

The Mozilla Defense Platform (MozDef) seeks to automate the security incident handling process and facilitate the real-time activities of incident handlers.

Goals:

  • Provide a platform for use by defenders to rapidly discover and respond to security incidents.
  • Automate interfaces to other systems like bunker, banhammer, mig
  • Provide metrics for security events and incidents
  • Facilitate real-time collaboration amongst incident handlers
  • Facilitate repeatable, predictable processes for incident handling
  • Go beyond traditional SIEM systems in automating incident handling, information sharing, workflow, metrics and response automation

Status:

MozDef is in production at Mozilla where we are using it to process over 300 million events per day.

DOCS:

http://mozdef.readthedocs.org/en/latest/