DEPRECATED - MozDef: Mozilla Enterprise Defense Platform

abandoned elasticsearch elk elk-stack python security siem unmaintained

Перейти к файлу

Phrozyn f9af2dc8f0 Updated code that works on subkeys.		2018-11-14 09:57:47 -06:00
.github	Update ISSUE_TEMPLATE.md	2017-06-15 15:05:44 -05:00
alerts	Merge pull request #778 from mozilla/proxy_drop_ip	2018-11-06 10:16:25 -06:00
benchmarking	Resolve E127 continuation line over indented	2018-10-31 17:30:18 -05:00
bot	Resolve E128 continuation line under indented	2018-10-31 18:11:08 -05:00
cloudy_mozdef	Change user-data kibana port and path	2018-11-10 08:42:12 -08:00
config	Merge remote-tracking branch 'origin/infosec_workweek' into virtualenv_path_change	2018-10-24 13:05:30 -05:00
cron	Merge pull request #944 from mozilla/fix_cloudtrail_mapping	2018-11-06 15:19:56 -06:00
docker	add a sample data override for one off runs	2018-11-11 16:57:35 -08:00
docs	rm mailing list	2018-11-13 09:30:14 -08:00
examples	add more login sample data	2018-11-11 16:57:53 -08:00
loginput	Resolve E302 expected 2 blank lines found 1	2018-10-30 18:08:59 -05:00
meteor	reset the cursor on error	2018-11-11 16:58:06 -08:00
mozdef_util	Remove ability for geoip class to guess db location	2018-10-30 18:35:28 -05:00
mq	Updated code that works on subkeys.	2018-11-14 09:57:47 -06:00
rest	properly init the config	2018-11-13 09:43:49 -08:00
static	Remove heatmap html page	2017-06-15 15:07:42 -05:00
systemdfiles	Update python virtualenv path for service files	2018-04-20 12:55:26 -05:00
tests	insert old events, count only recent	2018-11-12 11:20:17 -08:00
.flake8	Resolve E122 continuation line missing indentation or outdented	2018-10-31 18:19:07 -05:00
.gitignore	add feature removal docs, update gitignore	2018-11-06 12:34:20 -08:00
.travis.yml	upgrade travis docker-compose as per https://docs.travis-ci.com/user/docker/	2018-10-30 13:53:07 -07:00
CONTRIBUTING.md	Modifying urls to point to mozilla from jeffbryner, slight readability changes.	2017-06-15 15:07:30 -05:00
LICENSE	Updated license file to conform with MPL	2014-02-25 09:55:02 -08:00
Makefile	Remove leftover comment in makefile	2018-10-31 14:29:34 -05:00
README.md	Update documentation header in readme	2018-10-25 17:23:58 -05:00
requirements.txt	Increase configlib version requirement	2018-11-01 11:50:18 -05:00

README.md

MozDef: The Mozilla Defense Platform

Why?

The inspiration for MozDef comes from the large arsenal of tools available to attackers. Suites like metasploit, armitage, lair, dradis and others are readily available to help attackers coordinate, share intelligence and finely tune their attacks in real time. Defenders are usually limited to wikis, ticketing systems and manual tracking databases attached to the end of a Security Information Event Management (SIEM) system.

The Mozilla Defense Platform (MozDef) seeks to automate the security incident handling process and facilitate the real-time activities of incident handlers.

Goals:

Provide a platform for use by defenders to rapidly discover and respond to security incidents.
Automate interfaces to other systems like bunker, cymon, mig
Provide metrics for security events and incidents
Facilitate real-time collaboration amongst incident handlers
Facilitate repeatable, predictable processes for incident handling
Go beyond traditional SIEM systems in automating incident handling, information sharing, workflow, metrics and response automation

Status:

MozDef is in production at Mozilla where we are using it to process over 300 million events per day.

Documentation:

http://mozdef.readthedocs.org/en/latest/