Browse files

MVP on doc changes to support reinvent

  • Loading branch information...
andrewkrug committed Nov 24, 2018
1 parent 5134aba commit 1780aef700f0a16b72546d9bdba0be2309dd7dec
@@ -22,6 +22,10 @@ The Mozilla Defense Platform (MozDef) seeks to automate the security incident ha

MozDef is in production at Mozilla where we are using it to process over 300 million events per day.

## Give MozDef a Try in AWS:

[![Launch MozDef](docs/source/images/cloudformation-launch-stack.png)](

## Documentation:
@@ -1,11 +1,82 @@
MozDef for AWS

**What is MozDef for AWS**

Cloud based MozDef is an opinionated deployment of the MozDef services created in 2018 to help AWS users
ingest cloudtrail, guardduty, and provide security services.

.. image:: images/cloudformation-launch-stack.png


MozDef for AWS is new an we'd love your feedback. Try filing github issues here in the repository or connect with us
in the Mozilla Discourse Security Category.

You can also take a short survey on MozDef for AWS after you have deployed it.


MozDef requires the following:

- A DNS name ( )
- An OIDC Provider with ClientID, ClientSecret, and Discovery URL
- Mozilla Uses Auth0 but you can use any OIDC provider you like: Shibboleth, KeyCloak, AWS Cognito, Okta, Ping (etc)
- An ACM Certificate in the deployment region for your DNS name
- A VPC with three public subnets available.
- It is advised that this VPC be dedicated to MozDef or used solely for security automation.
- An SQS queue recieving GuardDuty events. At the time of writing this is not required but may be required in future.

Supported Regions

MozDef for AWS is currently only supported in us-west-2 but will onboard additional regions over time.


.. image:: images/MozDefCloudArchitecture.png

Deployment Process

1. Launch the one click stack and provide the requisite values.
2. Wait for the stack to complete. You'll see several nested stacks in the Cloudformation console. *Note: This may take a while*
3. Navigate to the URL you set up for MozDef. It should redirect you to the single sign on provider. If successful you'll see the MozDef UI.
4. Try navigating to ElasticSearch https://your_base_url:9090
You should see the following:

"name" : "SMf4400",
"cluster_name" : "656532927350:mozdef-mozdef-yemjpbnpw8xb",
"cluster_uuid" : "_yBEIsFkQH-nEZfrFgj7mg",
"version" : {
"number" : "5.6.8",
"build_hash" : "688ecce",
"build_date" : "2018-09-11T14:44:40.463Z",
"build_snapshot" : false,
"lucene_version" : "6.6.1"
"tagline" : "You Know, for Search"

5. Test out Kibana at https://your_base_url:9090/_plugin/kibana/app/kibana#/discover?_g=()

Using MozDef

Refer back to our other docs on how to use MozDef for general guidance. Cloud specific instructions will evolve here.
If you saw something about MozDef for AWS at re: Invent 2018 and you want to contribute we'd love your PRs.
Binary file not shown.

0 comments on commit 1780aef

Please sign in to comment.