Skip to content
  • v3.1.2
  • a7c2b90
  • Compare
    Choose a tag to compare
    Search for a tag
  • v3.1.2
  • a7c2b90
  • Compare
    Choose a tag to compare
    Search for a tag

@pwnbus pwnbus released this Oct 4, 2019 · 498 commits to master since this release

Added

  • Alerts can be turned on/off via web ui
  • GeoModel alert to compare locations and determine if travel is possible
  • New Query model (SubnetMatch) to match documents on ip and subnets
  • LDAP Bruteforce Alert
  • Make target (lint) for running pep8 checks against codebase
  • Uptycs alert event cron script

Fixed

  • Modified regex statements to be proper python3 statements
  • Auth0 script to consume new depnote events

Changed

  • Moved benchmark and examples directory into scripts directory with sample ingest scripts
Assets 2
  • v3.1.1
  • fe936db
  • Compare
    Choose a tag to compare
    Search for a tag
  • v3.1.1
  • fe936db
  • Compare
    Choose a tag to compare
    Search for a tag

@pwnbus pwnbus released this Jul 25, 2019 · 956 commits to master since this release

Added

  • Ability to get open indices in ElasticsearchClient
  • Documentation on installing dependencies on Mac OS X

Changed

  • AWS Managed Elasticsearch/Kibana version to 6.7

Fixed

  • Disk free/total in /about page shows at most 2 decimal places
  • Connections to SQS and S3 without access key and secret
  • Ability to block IPs and add to Watchlist
Assets 2
Jul 25, 2019
Modify ES version in aws to 6.7

@pwnbus pwnbus released this Jul 25, 2019 · 988 commits to master since this release

Added

  • Captured the AWS CodeBuild CI/CD configuration in code with documentation
  • Support for HTTP Basic Auth in AWS deployment
  • Docker healthchecks to docker containers
  • Descriptions to all AWS Lambda functions
  • Support for alerts-* index in docker environment
  • Alert that detects excessive numbers of AWS API describe calls
  • Additional AWS infrastructure to support AWS re:Inforce 2019 workshop
  • Documentation specific to MozDef installation now that MozDef uses Python 3
  • Config setting for CloudTrail notification SQS queue polling time
  • Config setting for Slack bot welcome message

Changed

  • Kibana port from 9443 to 9090
  • AWS CloudFormation default values from "unset" to empty string
  • Simplify mozdef-mq logic determining AMQP endpoint URI
  • SQS to always use secure transport
  • CloudTrail alert unit tests
  • Incident summary placeholder text for greater clarity
  • Display of Veris data for easier viewing
  • All Dockerfiles to reduce image size, pin package signing keys and improve
    clarity

Fixed

  • Workers starting before GeoIP data is available
  • Mismatched MozDefACMCertArn parameter name in CloudFormation template
  • Duplicate mozdefvpcflowlogs object
  • Hard coded AWS Availability Zone
  • httplib2 by updating to version to 0.13.0 for python3
  • mozdef_util by modifying bulk queue to acquire lock before saving events
  • Dashboard Kibana URL
  • Unnecessary and conflicting package dependencies from MozDef and mozdef_util
  • get_indices to include closed indices
Assets 2
  • v3.0.0
  • 7e3d139
  • Compare
    Choose a tag to compare
    Search for a tag
  • v3.0.0
  • 7e3d139
  • Compare
    Choose a tag to compare
    Search for a tag

@pwnbus pwnbus released this Jul 8, 2019 · 1089 commits to master since this release

Added

  • Support for Python3

Removed

  • Support for Python2
  • Usage of boto (boto3 now preferred)
Assets 2
  • v2.0.1
  • 5bb7f4b
  • Compare
    Choose a tag to compare
    Search for a tag
  • v2.0.1
  • 5bb7f4b
  • Compare
    Choose a tag to compare
    Search for a tag

@pwnbus pwnbus released this Jul 8, 2019 · 1158 commits to master since this release

Fixed

  • Ensure all print statements use parenthesis
  • Improved broFixup plugin to handle new zeek format
Assets 2
  • v2.0.0
  • a575caf
  • Compare
    Choose a tag to compare
    Search for a tag
  • v2.0.0
  • a575caf
  • Compare
    Choose a tag to compare
    Search for a tag

@pwnbus pwnbus released this Jun 28, 2019 · 1178 commits to master since this release

Added

  • Source IP and Destination IP GeoPoints
  • Elasticsearch 6.8 Support
  • Kibana 6.8 Support
  • All doc_types have been set to _doc to support Elasticsearch >= 6

Removed

  • Elasticsearch <= 5 Support
  • Kibana <= 5 Support
  • Specifying AWS keys in S3 backup script, moved to Elasticsearch Secrets
Assets 2
  • v1.40.0
  • cb2bd8c
  • Compare
    Choose a tag to compare
    Search for a tag
  • v1.40.0
  • cb2bd8c
  • Compare
    Choose a tag to compare
    Search for a tag

@pwnbus pwnbus released this Jun 27, 2019 · 1259 commits to master since this release

Added

  • Alertplugin for ip source enrichment
  • Alertplugin for port scan enrichment

Fixed

  • Bulk message support in loginput

Removed

Assets 2
  • v1.39.0
  • 5907acc
  • Compare
    Choose a tag to compare
    Search for a tag
  • v1.39.0
  • 5907acc
  • Compare
    Choose a tag to compare
    Search for a tag

@pwnbus pwnbus released this May 29, 2019 · 1336 commits to master since this release

Added

  • Pagination of Web UI tables
  • Added support for SQS in replacement of Rabbitmq for alerts
  • Support for no_auth for watchlist
  • Cron script for closing indexes
  • Documentation on AlertActions
  • Additional side nav theme

Changed

  • Removed dependency on '_type' field in Elasticsearch

Fixed

  • Slackbot reconnects successfully during network errors
  • Relative Kibana URLs now work correctly with protocol
Assets 2
  • v1.38.5
  • 33a770b
  • Compare
    Choose a tag to compare
    Search for a tag
  • v1.38.5
  • 33a770b
  • Compare
    Choose a tag to compare
    Search for a tag

@pwnbus pwnbus released this Apr 10, 2019 · 1699 commits to master since this release

Added

  • Support for CSS themes

Changed

  • The CI/CD order to now build docker images in CodeBuild, upload them
    to DockerHub and then pull them down in the packer instance. Updated docs.
  • Assert TravisCI Python version in advance of change of Travis default to 3.6

Fixed

  • Dashboard error on docker spinup
Assets 2
You can’t perform that action at this time.