This repository has been archived by the owner on Nov 3, 2021. It is now read-only.
Releases: mozilla/MozDef
Releases · mozilla/MozDef
v3.1.2 MozDef: Mozilla Enterprise Defense Platform
Added
- Alerts can be turned on/off via web ui
- GeoModel alert to compare locations and determine if travel is possible
- New Query model (SubnetMatch) to match documents on ip and subnets
- LDAP Bruteforce Alert
- Make target (lint) for running pep8 checks against codebase
- Uptycs alert event cron script
Fixed
- Modified regex statements to be proper python3 statements
- Auth0 script to consume new depnote events
Changed
- Moved benchmark and examples directory into scripts directory with sample ingest scripts
v3.1.1 MozDef: Mozilla Enterprise Defense Platform
Added
- Ability to get open indices in ElasticsearchClient
- Documentation on installing dependencies on Mac OS X
Changed
- AWS Managed Elasticsearch/Kibana version to 6.7
Fixed
- Disk free/total in /about page shows at most 2 decimal places
- Connections to SQS and S3 without access key and secret
- Ability to block IPs and add to Watchlist
v3.1.0 MozDef: Mozilla Enterprise Defense Platform
Added
- Captured the AWS CodeBuild CI/CD configuration in code with documentation
- Support for HTTP Basic Auth in AWS deployment
- Docker healthchecks to docker containers
- Descriptions to all AWS Lambda functions
- Support for alerts-* index in docker environment
- Alert that detects excessive numbers of AWS API describe calls
- Additional AWS infrastructure to support AWS re:Inforce 2019 workshop
- Documentation specific to MozDef installation now that MozDef uses Python 3
- Config setting for CloudTrail notification SQS queue polling time
- Config setting for Slack bot welcome message
Changed
- Kibana port from 9443 to 9090
- AWS CloudFormation default values from "unset" to empty string
- Simplify mozdef-mq logic determining AMQP endpoint URI
- SQS to always use secure transport
- CloudTrail alert unit tests
- Incident summary placeholder text for greater clarity
- Display of Veris data for easier viewing
- All Dockerfiles to reduce image size, pin package signing keys and improve
clarity
Fixed
- Workers starting before GeoIP data is available
- Mismatched MozDefACMCertArn parameter name in CloudFormation template
- Duplicate mozdefvpcflowlogs object
- Hard coded AWS Availability Zone
- httplib2 by updating to version to 0.13.0 for python3
- mozdef_util by modifying bulk queue to acquire lock before saving events
- Dashboard Kibana URL
- Unnecessary and conflicting package dependencies from MozDef and mozdef_util
- get_indices to include closed indices
v3.0.0 MozDef: The Mozilla Defense Platform
Added
- Support for Python3
Removed
- Support for Python2
- Usage of boto (boto3 now preferred)
v2.0.1 MozDef: The Mozilla Defense Platform
Fixed
- Ensure all print statements use parenthesis
- Improved broFixup plugin to handle new zeek format
v2.0.0 MozDef: The Mozilla Defense Platform
Added
- Source IP and Destination IP GeoPoints
- Elasticsearch 6.8 Support
- Kibana 6.8 Support
- All doc_types have been set to _doc to support Elasticsearch >= 6
Removed
- Elasticsearch <= 5 Support
- Kibana <= 5 Support
- Specifying AWS keys in S3 backup script, moved to Elasticsearch Secrets
v1.40.0 MozDef: The Mozilla Defense Platform
Added
- Alertplugin for ip source enrichment
- Alertplugin for port scan enrichment
Fixed
- Bulk message support in loginput
Removed
- Vidyo2Mozdef cron script to https://github.com/mozilla/mozdef-deprecated/blob/master/cron/vidyo2MozDef.py
v1.39.0 MozDef: The Mozilla Defense Platform
Added
- Pagination of Web UI tables
- Added support for SQS in replacement of Rabbitmq for alerts
- Support for no_auth for watchlist
- Cron script for closing indexes
- Documentation on AlertActions
- Additional side nav theme
Changed
- Removed dependency on '_type' field in Elasticsearch
Fixed
- Slackbot reconnects successfully during network errors
- Relative Kibana URLs now work correctly with protocol
v1.38.5 MozDef: The Mozilla Defense Platform
Added
- Support for CSS themes
Changed
- The CI/CD order to now build docker images in CodeBuild, upload them
to DockerHub and then pull them down in the packer instance. Updated docs. - Assert TravisCI Python version in advance of change of Travis default to 3.6
Fixed
- Dashboard error on docker spinup
v1.38.4 MozDef: The Mozilla Defense Platform
Fixed
- Docker image tagging for git version tag builds
- Correctly propagate the source ip address to the details.sourceipaddress in Duo logpull
- Invalid literal in squidFixup.py destionationport field
- Lowercase TAGS in squidFixup.py
- Adding check for None type object in date fields to address GuardDuty null date
Added
- Documentation on the CI/CD process
- A summary to squidFixup.py
- Tags assertions to tests