Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
MozDef: The Mozilla Defense Platform
JavaScript Python HTML CSS Shell Nginx Makefile
Branch: master

Merge pull request #286 from ameihm0912/master

add an alert plugin for unauthorized ssh account usage
latest commit 4575c0fb9c
@jeffbryner authored
Failed to load latest commit information.
alerts add an alert plugin for unauthorized ssh account usage
benchmarking averez-19-samples: move json2Mozdef.py to /benchmarking/workers/
bot Update submodules
cron add support for google api login/logout event import, closes #272
docker revert to stable, closes #277
docs add docs on using Myo over SSL
examples add a python notebook for posting sample events
initscripts minor change to conf file location for supervisord/alerts
lib Update submodules
loginput update uwsgi config to not allocate threads, closes #273
logs [meteor] gitignore and bug fix when empty ES
meteor no more blue on blue urls, closes #279
mq Also warn on missing service names for debugging
rest update cymon api to new version, closes #284
utils source fqdn for netflow, add a whitelist of netflow senders to accept…
.gitignore Ignore the results/ directory in git
.gitmodules Support querying bugzilla for bugs (for example, incident/investigati…
CONTRIBUTING.md averez-issue-23-contributing: add CONTRIBUTING.md
LICENSE Updated license file to conform with MPL
README.md updating the README to reflect production status (since Summer 2014)
analyze_code.sh averez-22-license: Fix license stuff (Closes #22)
requirements.txt add facebook threatexchange support, closes #260

README.md

MozDef: The Mozilla Defense Platform

Why?

The inspiration for MozDef comes from the large arsenal of tools available to attackers. Suites like metasploit, armitage, lair, dradis and others are readily available to help attackers coordinate, share intelligence and finely tune their attacks in real time. Defenders are usually limited to wikis, ticketing systems and manual tracking databases attached to the end of a Security Information Event Management (SIEM) system.

The Mozilla Defense Platform (MozDef) seeks to automate the security incident handling process and facilitate the real-time activities of incident handlers.

Goals:

  • Provide a platform for use by defenders to rapidly discover and respond to security incidents.
  • Automate interfaces to other systems like bunker, banhammer, mig
  • Provide metrics for security events and incidents
  • Facilitate real-time collaboration amongst incident handlers
  • Facilitate repeatable, predictable processes for incident handling
  • Go beyond traditional SIEM systems in automating incident handling, information sharing, workflow, metrics and response automation

Status:

MozDef is in production at Mozilla where we are using it to process over 300 million events per day.

DOCS:

http://mozdef.readthedocs.org/en/latest/

Something went wrong with that request. Please try again.