| Package | Description |
|---|---|
| com.mozilla.secops |
General utility classes and transforms for secops-beam
|
| com.mozilla.secops.amo |
AMO analysis pipeline
|
| com.mozilla.secops.authprofile |
Pipeline for authentication source profiling and alerting
|
| com.mozilla.secops.customs |
Customs FxA analysis pipeline
|
| com.mozilla.secops.gatekeeper |
Pipeline for AWS Guardduty and GCP ETD analysis
|
| com.mozilla.secops.httprequest.heuristics | |
| com.mozilla.secops.metrics |
Metrics support classes
|
| com.mozilla.secops.pioneer |
Pioneer analysis pipeline
|
| com.mozilla.secops.postprocessing |
Pipeline for further processing of and correlation between alerts
|
| Modifier and Type | Class and Description |
|---|---|
static class |
SourceCorrelation.SourceCorrelator
Transform for source address alert and ingestion correlation
|
| Modifier and Type | Class and Description |
|---|---|
class |
AddonCloudSubmission
Alert on add-on submissions from cloud providers
|
class |
AddonMatcher
Match abusive addon uploads and generate alerts
|
class |
AddonMultiIpLogin
Multiple account logins for the same account from different source addresses associated with
different country codes
|
class |
AddonMultiMatch
Detect distributed AMO submissions with the same file hash
|
class |
AddonMultiSubmit
Detect distributed submissions based on file size intervals
|
class |
FxaAccountAbuseAlias
Analysis for aliased account usage
|
class |
FxaAccountAbuseNewVersion
Correlation of AMO addon submission with abusive FxA account creation alerts
|
class |
ReportRestriction
Report on request restrictions in AMO
|
| Modifier and Type | Class and Description |
|---|---|
static class |
AuthProfile.StateAnalyze
Analyze grouped events associated with a particular user or identity against persistent user
state
|
class |
CritObjectAnalyze
Analysis for authentication involving critical objects
|
| Modifier and Type | Class and Description |
|---|---|
static class |
Customs.CustomsSummary
Summarizes various events processed by Customs pipeline
|
| Modifier and Type | Class and Description |
|---|---|
static class |
ETDTransforms.GenerateETDAlerts
Generate Alerts for relevant ETD Finding Events
|
static class |
GuardDutyTransforms.GenerateGDAlerts
Generate Alerts for relevant Findings
|
| Modifier and Type | Class and Description |
|---|---|
class |
EndpointAbuseAnalysis
Transform for detection of a single source making excessive requests of a specific endpoint path
solely.
|
class |
EndpointSequenceAbuse
Transform for detection of a single source making a sequence of requests at a speed faster than
what we expect from a normal user.
|
class |
ErrorRateAnalysis
Transform for analysis of error rates per client within a given window.
|
class |
HardLimitAnalysis
Transform for analysis of hard per-source request count limit within fixed window
|
class |
PerEndpointErrorRateAnalysis
Transform for detection of a single source generating errors at a given path pattern.
|
class |
SessionLimitAnalysis
Transform for detection of a single source making excessive requests of a specific endpoint
pattern.
|
class |
StatusCodeRateAnalysis
Transform for analysis of rates of specific response codes per client in a fixed window
|
class |
ThresholdAnalysis
Composite transform that conducts threshold analysis using the configured threshold modifier
|
class |
UserAgentBlocklistAnalysis
Analysis to identify known bad user agents
|
| Modifier and Type | Method and Description |
|---|---|
void |
CfgTickBuilder.withTransformDoc(DocumentingTransform t)
Add documentation about a transform to the configuration tick
|
| Modifier and Type | Class and Description |
|---|---|
static class |
Pioneer.PioneerExfiltration
Generate alerts if flow logs indicate a certain volume of data has been transferred within a
specified period of time.
|
| Modifier and Type | Class and Description |
|---|---|
class |
AlertSummary
Summarize alerts and various attributes of alerts over time and generate subsequent alerts if
certain thresholds or anomolies are detected.
|
static class |
PostProcessing.WatchlistAnalyze
Check incoming alert events against a watchlist of various identifiers.
|
Copyright © 2022. All rights reserved.