MozDef: The Mozilla Defense Platform
JavaScript Python HTML CSS Shell Nginx Makefile
Latest commit 344f993 Oct 19, 2016 @Phrozyn Phrozyn committed on GitHub Merge pull request #378 from mozilla/fix_mq_geoip_location
Update GeoLiteCity.dat location in mq plugin
Failed to load latest commit information.
alerts Adding updated uwsgi ini config file for mozdefalertplugins init script. Aug 10, 2016
benchmarking averez-19-samples: move to /benchmarking/workers/ Apr 22, 2014
bot fix issue where long alert summaries cause mozdefbot to exit Apr 11, 2016
cron Add support to import auth0 logs intomozdef Aug 4, 2016
docker revert to stable, closes #277 May 29, 2015
docs Merge branch 'master' of Aug 10, 2016
examples Merge pull request #348 from pwnbus/standardize_bro_intel Jun 28, 2016
initscripts modified home directory Jul 25, 2016
lib Update slapd importer with local timezone Jul 12, 2016
loginput update uwsgi config to not allocate threads, closes #273 May 14, 2015
logs [meteor] gitignore and bug fix when empty ES Mar 7, 2014
meteor Corrected Case in investigationAdd.html May 24, 2016
mq Update GeoLiteCity.dat location in mq plugin Oct 19, 2016
rest update ldap search criteria to match case Dec 30, 2015
tests initial tests for environment sanity and event processing, closes #338 Mar 28, 2016
utils source fqdn for netflow, add a whitelist of netflow senders to accept… Sep 26, 2014
.gitignore Ignore the results/ directory in git Aug 11, 2014
.gitmodules Support querying bugzilla for bugs (for example, incident/investigati… Mar 25, 2015 averez-issue-23-contributing: add Apr 14, 2014
LICENSE Updated license file to conform with MPL Feb 25, 2014 updating the README to reflect production status (since Summer 2014) Feb 15, 2015 averez-22-license: Fix license stuff (Closes #22) Apr 16, 2014
requirements.txt sync requirements with actual Feb 21, 2016

MozDef: The Mozilla Defense Platform


The inspiration for MozDef comes from the large arsenal of tools available to attackers. Suites like metasploit, armitage, lair, dradis and others are readily available to help attackers coordinate, share intelligence and finely tune their attacks in real time. Defenders are usually limited to wikis, ticketing systems and manual tracking databases attached to the end of a Security Information Event Management (SIEM) system.

The Mozilla Defense Platform (MozDef) seeks to automate the security incident handling process and facilitate the real-time activities of incident handlers.


  • Provide a platform for use by defenders to rapidly discover and respond to security incidents.
  • Automate interfaces to other systems like bunker, banhammer, mig
  • Provide metrics for security events and incidents
  • Facilitate real-time collaboration amongst incident handlers
  • Facilitate repeatable, predictable processes for incident handling
  • Go beyond traditional SIEM systems in automating incident handling, information sharing, workflow, metrics and response automation


MozDef is in production at Mozilla where we are using it to process over 300 million events per day.