DEPRECATED - MozDef: Mozilla Enterprise Defense Platform

abandoned elasticsearch elk elk-stack python security siem unmaintained

Перейти к файлу

Jeff Bryner f3f6edefa4 update alerts to match the new aggregation functions		2015-05-27 13:23:42 -07:00
alerts	update alerts to match the new aggregation functions	2015-05-27 13:23:42 -07:00
benchmarking	averez-19-samples: move json2Mozdef.py to /benchmarking/workers/	2014-04-22 09:15:41 -07:00
bot	Merge pull request #261 from gdestuynder/master	2015-05-15 11:47:13 -07:00
cron	add support for google api login/logout event import, closes #272	2015-05-14 16:00:00 -07:00
docker	do not install gevent..ssl issues and it is not used	2015-05-20 14:15:54 -07:00
docs	update docker install to note new supervisor start procedure	2015-05-20 15:40:36 -07:00
examples	Merge pull request #274 from rickcrankin/doc_demo_update	2015-05-19 11:52:45 -07:00
initscripts	minor change to conf file location for supervisord/alerts	2015-01-15 15:31:00 -08:00
lib	add category field to the message, closes #251	2015-03-12 12:51:58 -07:00
loginput	update uwsgi config to not allocate threads, closes #273	2015-05-14 15:49:31 -07:00
logs	[meteor] gitignore and bug fix when empty ES	2014-03-07 10:25:54 -08:00
meteor	oops..extra debug statement removed	2015-05-19 15:16:17 -07:00
mq	rm old ini file for old alertWorker	2015-03-22 20:16:28 -07:00
rest	update uwsgi config to not allocate threads, closes #273	2015-05-14 15:49:31 -07:00
utils	source fqdn for netflow, add a whitelist of netflow senders to accept as an option	2014-09-26 11:15:47 -07:00
.gitignore	Ignore the results/ directory in git	2014-08-11 21:21:11 +02:00
.gitmodules	Support querying bugzilla for bugs (for example, incident/investigation bugs)	2015-03-25 16:45:52 -07:00
CONTRIBUTING.md	averez-issue-23-contributing: add CONTRIBUTING.md	2014-04-14 08:53:42 -07:00
LICENSE	Updated license file to conform with MPL	2014-02-25 09:55:02 -08:00
README.md	updating the README to reflect production status (since Summer 2014)	2015-02-15 12:05:40 -08:00
analyze_code.sh	averez-22-license: Fix license stuff (Closes #22 )	2014-04-16 11:40:15 -07:00
requirements.txt	Update, correct installation instructions and fix errors in config files	2015-05-05 15:42:45 -07:00

README.md

===================================== MozDef: The Mozilla Defense Platform

Why?

The inspiration for MozDef comes from the large arsenal of tools available to attackers. Suites like metasploit, armitage, lair, dradis and others are readily available to help attackers coordinate, share intelligence and finely tune their attacks in real time. Defenders are usually limited to wikis, ticketing systems and manual tracking databases attached to the end of a Security Information Event Management (SIEM) system.

The Mozilla Defense Platform (MozDef) seeks to automate the security incident handling process and facilitate the real-time activities of incident handlers.

Goals:

Provide a platform for use by defenders to rapidly discover and respond to security incidents.
Automate interfaces to other systems like bunker, banhammer, mig
Provide metrics for security events and incidents
Facilitate real-time collaboration amongst incident handlers
Facilitate repeatable, predictable processes for incident handling
Go beyond traditional SIEM systems in automating incident handling, information sharing, workflow, metrics and response automation

Status:

MozDef is in production at Mozilla where we are using it to process over 300 million events per day.

DOCS:

http://mozdef.readthedocs.org/en/latest/