Index (secops-beam 0.19.2 API)

A B C D E F G H I J K L M N O P R S T U V W

A

add(String) - Method in class com.mozilla.secops.CidrUtil: Add subnet to subnet list
add(String) - Method in class com.mozilla.secops.InetRadix: Add IPv4 CIDR subnet to tree
addCustomMetadata(String, String) - Method in class com.mozilla.secops.alert.Alert: Set a custom metadata value
addEvent(Event) - Method in class com.mozilla.secops.customs.CustomsFeatures: Add a single event to the event list
addFileInput(String) - Method in class com.mozilla.secops.input.InputElement: Add a new file input
addGeoIPData(Alert, GeoIP) - Static method in class com.mozilla.secops.alert.AlertFormatter: Process metadata fields and add GeoIP information
addInput(CustomsFeatures, Event) - Method in class com.mozilla.secops.customs.CustomsFeaturesCombiner.CustomsFeaturesCombineFn
addInput(Stats.StatsCombiner.State, Long) - Method in class com.mozilla.secops.Stats.StatsCombiner
addKinesisInput(String) - Method in class com.mozilla.secops.input.InputElement: Add new Kinesis input
addMetadata(AlertMeta.Key, String) - Method in class com.mozilla.secops.alert.Alert: Add metadata
addMetadata(AlertMeta.Key, List<String>) - Method in class com.mozilla.secops.alert.Alert: Add metadata as a list of values
addMetadataIfIpIsExempt(String, Alert) - Static method in class com.mozilla.secops.IprepdIO: Add IP metadata if the IP address is exempt from reporting to iprepd.
addMetadataIfIpIsExempt(String, Alert, String) - Static method in class com.mozilla.secops.IprepdIO: Add IP metadata if the IP address is exempt from reporting to iprepd.
addMetadataIfObjectIsExempt(String, String, Alert) - Static method in class com.mozilla.secops.IprepdIO: Add metadata if the object is exempt from reporting to iprepd.
addMetadataIfObjectIsExempt(String, String, Alert, String) - Static method in class com.mozilla.secops.IprepdIO: Add metadata if the object is exempt from reporting to iprepd.
addMetadataSuppressRecovery(Integer, Alert) - Static method in class com.mozilla.secops.IprepdIO: Add iprepd recovery suppression metadata to an alert
AddonCloudSubmission - Class in com.mozilla.secops.amo: Alert on add-on submissions from cloud providers
AddonCloudSubmission(String) - Constructor for class com.mozilla.secops.amo.AddonCloudSubmission: Construct new AddonCloudSubmission
AddonMatcher - Class in com.mozilla.secops.amo: Match abusive addon uploads and generate alerts
AddonMatcher(String, Integer, String[]) - Constructor for class com.mozilla.secops.amo.AddonMatcher: Construct new AddonMatcher
AddonMultiIpLogin - Class in com.mozilla.secops.amo: Multiple account logins for the same account from different source addresses associated with different country codes
AddonMultiIpLogin(String, Integer, Integer, Integer, String[], String[]) - Constructor for class com.mozilla.secops.amo.AddonMultiIpLogin: Construct new AddonMultiIpLogin
AddonMultiMatch - Class in com.mozilla.secops.amo: Detect distributed AMO submissions with the same file hash
AddonMultiMatch(String, Integer, Integer) - Constructor for class com.mozilla.secops.amo.AddonMultiMatch: Construct new AddonMultiMatch
AddonMultiSubmit - Class in com.mozilla.secops.amo: Detect distributed submissions based on file size intervals
AddonMultiSubmit(String, Integer, Integer) - Constructor for class com.mozilla.secops.amo.AddonMultiSubmit: Construct new AddonMultiSubmit
addParser(String, ParserCfg, EventFilter) - Method in class com.mozilla.secops.parser.ParserMultiDoFn: Add a new parser configuration and filter for the specified key name
addPayloadFilter(EventFilterPayloadInterface) - Method in class com.mozilla.secops.parser.EventFilterPayloadOr: Add payload filter
addPayloadFilter(EventFilterPayloadInterface) - Method in class com.mozilla.secops.parser.EventFilterRule: Add payload filter
addPubsubInput(String) - Method in class com.mozilla.secops.input.InputElement: Add new Pubsub input
addressInCidr(String, String) - Static method in class com.mozilla.secops.CidrUtil: Return true if address is within the cidr
addRule(EventFilterRule) - Method in class com.mozilla.secops.parser.EventFilter: Add new rule to filter
addStatusTag(Normalized.StatusTag) - Method in class com.mozilla.secops.parser.Normalized: Add a StatusTag to a normalized event
addToggleCacheEntry(String, HTTPRequestToggles) - Static method in class com.mozilla.secops.httprequest.HTTPRequest: Add an entry to the HTTPRequest toggle cache
addToPayload(String) - Method in class com.mozilla.secops.alert.Alert: Add new line to payload buffer
addType(Normalized.Type) - Method in class com.mozilla.secops.parser.Normalized: Add a type flag to normalized type
addWiredStream(PTransform<PBegin, PCollection<String>>) - Method in class com.mozilla.secops.input.InputElement: Add wired stream
Alert - Class in com.mozilla.secops.alert: Global standardized class representing alerting output from pipelines
Alert() - Constructor for class com.mozilla.secops.alert.Alert: Construct new alert object
Alert - Class in com.mozilla.secops.parser: Payload parser for incoming alert events
Alert() - Constructor for class com.mozilla.secops.parser.Alert: Construct matcher object.
Alert(String, Event, ParserState) - Constructor for class com.mozilla.secops.parser.Alert: Construct parser object.
Alert.AlertSeverity - Enum in com.mozilla.secops.alert
AlertConfiguration - Class in com.mozilla.secops.alert: Configuration for AlertIO
AlertConfiguration() - Constructor for class com.mozilla.secops.alert.AlertConfiguration: Create new empty AlertConfiguration
AlertFormatter - Class in com.mozilla.secops.alert: DoFn for normalization and supplemental enrichment of Alert objects
AlertFormatter(IOOptions) - Constructor for class com.mozilla.secops.alert.AlertFormatter: Initialize new AlertFormatter
AlertFormatter(String, String, String) - Constructor for class com.mozilla.secops.alert.AlertFormatter: Initialize new AlertFormatter
AlertFormatter.AlertToString - Class in com.mozilla.secops.alert: SimpleFunction for conversion of Alert objects to JSON string
AlertIO - Class in com.mozilla.secops.alert: AlertIO provides an IO transform handling Alert output
AlertIO() - Constructor for class com.mozilla.secops.alert.AlertIO
AlertIO.AlertNotifyMerge - Class in com.mozilla.secops.alert: Merge related alerts together using any set alert notify merge metadata prior to emitting notifications.
AlertIO.Write - Class in com.mozilla.secops.alert: Handle alerting output based on the contents of the alerting messages such as included metadata and severity.
AlertMailer - Class in com.mozilla.secops.alert: AlertMailer handles email based alerting output
AlertMailer(AlertConfiguration) - Constructor for class com.mozilla.secops.alert.AlertMailer: Create new AlertMailer with specified AlertConfiguration
AlertMeta - Class in com.mozilla.secops.alert: AlertMeta is metadata associated with an Alert
AlertMeta(String, String) - Constructor for class com.mozilla.secops.alert.AlertMeta: Create new AlertMeta
AlertMeta.Key - Enum in com.mozilla.secops.alert: Keys that may be used for alert metadata
AlertMeta.Key.AssociatedKey - Enum in com.mozilla.secops.alert: Associated key identifiers
AlertMeta.Key.ValueType - Enum in com.mozilla.secops.alert: Storage formats for value fields
AlertNotifyMerge() - Constructor for class com.mozilla.secops.alert.AlertIO.AlertNotifyMerge: Static initializer for AlertIO.AlertNotifyMerge
AlertSlack - Class in com.mozilla.secops.alert: AlertSlack handles slack based alerting output
AlertSlack(AlertConfiguration) - Constructor for class com.mozilla.secops.alert.AlertSlack: Construct new alert slack object
AlertSlack(AlertConfiguration, SlackManager) - Constructor for class com.mozilla.secops.alert.AlertSlack: Construct new alert slack object, providing an already instantiated SlackManager
AlertSourceExtractor() - Constructor for class com.mozilla.secops.SourceCorrelation.AlertSourceExtractor
AlertSummary - Class in com.mozilla.secops.postprocessing: Summarize alerts and various attributes of alerts over time and generate subsequent alerts if certain thresholds or anomolies are detected.
AlertSummary(PostProcessing.PostProcessingOptions) - Constructor for class com.mozilla.secops.postprocessing.AlertSummary: Initialize new AlertSummary
AlertSuppressionState() - Constructor for class com.mozilla.secops.alert.AlertSuppressor.AlertSuppressionState
AlertSuppressionState() - Constructor for class com.mozilla.secops.alert.AlertSuppressorSession.AlertSuppressionState
AlertSuppressor - Class in com.mozilla.secops.alert: Implements generic alert suppression
AlertSuppressor(Long) - Constructor for class com.mozilla.secops.alert.AlertSuppressor: Initialize new AlertSuppressor
AlertSuppressor.AlertSuppressionState - Class in com.mozilla.secops.alert: Internal class for alert suppression state
AlertSuppressorCount - Class in com.mozilla.secops.alert: Extended alert suppression using count metadata
AlertSuppressorCount(Long) - Constructor for class com.mozilla.secops.alert.AlertSuppressorCount: Initialize new AlertSuppressorCount
AlertSuppressorSession - Class in com.mozilla.secops.alert: Alert suppression using session gap based expiry
AlertSuppressorSession(Long) - Constructor for class com.mozilla.secops.alert.AlertSuppressorSession
AlertSuppressorSession.AlertSuppressionState - Class in com.mozilla.secops.alert: Internal class for alert suppression state
AlertToString() - Constructor for class com.mozilla.secops.alert.AlertFormatter.AlertToString
Amo - Class in com.mozilla.secops.amo: Various heuristics for AMO analysis
Amo() - Constructor for class com.mozilla.secops.amo.Amo
Amo - Class in com.mozilla.secops.parser.models.amo: Describes the format of an AMO event
Amo() - Constructor for class com.mozilla.secops.parser.models.amo.Amo
Amo.AmoOptions - Interface in com.mozilla.secops.amo: Runtime options for Amo pipeline.
AmoDocker - Class in com.mozilla.secops.parser: Payload parser for AMO docker logs
AmoDocker() - Constructor for class com.mozilla.secops.parser.AmoDocker: Construct matcher object.
AmoDocker(String, Event, ParserState) - Constructor for class com.mozilla.secops.parser.AmoDocker: Construct parser object.
AmoDocker.EventType - Enum in com.mozilla.secops.parser
AmoMetrics - Class in com.mozilla.secops.amo: AmoMetrics contains metrics for the Amo pipeline
AmoMetrics() - Constructor for class com.mozilla.secops.amo.AmoMetrics
AmoMetrics.HeuristicMetrics - Class in com.mozilla.secops.amo: Metrics for the various analysis transforms in the Amo pipeline
ApacheCombined - Class in com.mozilla.secops.parser: Payload parser for Apache combined log format
ApacheCombined() - Constructor for class com.mozilla.secops.parser.ApacheCombined: Construct matcher object.
ApacheCombined(String, Event, ParserState) - Constructor for class com.mozilla.secops.parser.ApacheCombined: Construct parser object.
apply(Alert) - Method in class com.mozilla.secops.alert.AlertFormatter.AlertToString
apply(Event) - Method in class com.mozilla.secops.httprequest.HTTPRequest.Has4xxRequestStatus
applyProxyXFFAddressSelector(String, Boolean) - Method in class com.mozilla.secops.parser.Parser: Applies proxy xff selector
applyXffAddressSelector(String) - Method in class com.mozilla.secops.parser.Parser: Apply any configured XFF address selector to the specified input string
assemblePayload() - Method in class com.mozilla.secops.alert.Alert: Assemble a complete payload buffer that contains alert metadata information in addition to the alert payload.
Auth0 - Class in com.mozilla.secops.parser: Payload parser for Auth0 logs
Auth0() - Constructor for class com.mozilla.secops.parser.Auth0: Construct matcher object.
Auth0(String, Event, ParserState) - Constructor for class com.mozilla.secops.parser.Auth0: Construct parser object.
authGetData(Event) - Static method in class com.mozilla.secops.customs.CustomsUtil: Extract FxA event internal data
authGetEmail(Event) - Static method in class com.mozilla.secops.customs.CustomsUtil: Extract FxA event email address
authGetEventSummary(Event) - Static method in class com.mozilla.secops.customs.CustomsUtil: Extract FxA event summary
authGetPath(Event) - Static method in class com.mozilla.secops.customs.CustomsUtil: Extract FxA event path
authGetPayload(Event) - Static method in class com.mozilla.secops.customs.CustomsUtil: Extract FxA event payload
authGetService(Event) - Static method in class com.mozilla.secops.customs.CustomsUtil: Extract FxA event service value
authGetSourceAddress(Event) - Static method in class com.mozilla.secops.customs.CustomsUtil: Extract FxA event source address
authGetSourceAddressLatitude(Event) - Static method in class com.mozilla.secops.customs.CustomsUtil: Extract FxA event source address latitude
authGetSourceAddressLongitude(Event) - Static method in class com.mozilla.secops.customs.CustomsUtil: Extract FxA event source address longitude
authGetStatus(Event) - Static method in class com.mozilla.secops.customs.CustomsUtil: Extract FxA event status code
authGetUid(Event) - Static method in class com.mozilla.secops.customs.CustomsUtil: Extract FxA event UID
authGetUserAgent(Event) - Static method in class com.mozilla.secops.customs.CustomsUtil: Extract FxA agent
AuthProfile - Class in com.mozilla.secops.authprofile: AuthProfile implements analysis of normalized authentication events
AuthProfile() - Constructor for class com.mozilla.secops.authprofile.AuthProfile
AuthProfile.AuthProfileOptions - Interface in com.mozilla.secops.authprofile: Runtime options for AuthProfile pipeline.
AuthProfile.ExtractIdentity - Class in com.mozilla.secops.authprofile: Extract subject user for each event in input PCollection
AuthProfile.Parse - Class in com.mozilla.secops.authprofile: Parse input strings returning applicable authentication events.
AuthProfile.StateAnalyze - Class in com.mozilla.secops.authprofile: Analyze grouped events associated with a particular user or identity against persistent user state
AuthProfile.StateAnalyze.ActionType - Enum in com.mozilla.secops.authprofile: The outcome of state analysis can result in various actions being taken.
AuthStateModel - Class in com.mozilla.secops.authstate: Manages and stores authentication state information for a given user identity.
AuthStateModel(String) - Constructor for class com.mozilla.secops.authstate.AuthStateModel: Create new state model for user
AuthStateModel.GeoVelocityResponse - Class in com.mozilla.secops.authstate: Response to AuthStateModel GeoVelocity analysis request
AuthStateModel.ModelEntry - Class in com.mozilla.secops.authstate: Represents a single known source for authentication for a given user
AuthStateModel.ModelEntryUpdate - Class in com.mozilla.secops.authstate: Information used in a model update request
AwsAssumeRoleCorrelator - Class in com.mozilla.secops.authprofile: Analyze cross account assumeRole events and correlates between the trusting account (the account a role is being assumed in) and the trusted account (the account with the iam user assuming a role).
AwsAssumeRoleCorrelator(AuthProfile.AuthProfileOptions) - Constructor for class com.mozilla.secops.authprofile.AwsAssumeRoleCorrelator
AwsAssumeRoleCorrelator.CrossAccountAssumeRoleFilter - Class in com.mozilla.secops.authprofile: Returns only AssumeRole events with a sharedEventID indicating there's events across two accounts that need to be correlated
AwsBehavior - Class in com.mozilla.secops.awsbehavior
AwsBehavior() - Constructor for class com.mozilla.secops.awsbehavior.AwsBehavior
AwsBehavior.AwsBehaviorOptions - Interface in com.mozilla.secops.awsbehavior: Runtime options for AwsBehavior pipeline.
AwsBehavior.Matcher - Class in com.mozilla.secops.awsbehavior: Tranform to take a specific CloudtrailMatcher and a PCollection of cloudtrail events and emit a PCollection of Alert objects constructed for each event that matches the CloudtrailMatcher
AwsBehavior.Matchers - Class in com.mozilla.secops.awsbehavior: High level transform for invoking each of the matcher transforms after reading in the config with CloudtrailMatcherManager
AwsBehavior.ParseAndWindow - Class in com.mozilla.secops.awsbehavior: Transform to parse a PCollection containing events as strings and emit a PCollection of Event objects after filtering out events that are not Cloudtrail events

B

blobIdFromUrl(String) - Static method in class com.mozilla.secops.GcsUtil: Return a storage BlobId given a storage input URL
BmoAudit - Class in com.mozilla.secops.parser: Payload parser for BMO Mozlog audit data
BmoAudit() - Constructor for class com.mozilla.secops.parser.BmoAudit: Construct matcher object.
BmoAudit(String, Event, ParserState) - Constructor for class com.mozilla.secops.parser.BmoAudit: Construct parser object.
BmoAudit.AuditType - Enum in com.mozilla.secops.parser
build() - Method in class com.mozilla.secops.metrics.CfgTickBuilder: Generate configuration tick message from builder contents
buildConfigurationTick(Amo.AmoOptions) - Static method in class com.mozilla.secops.amo.Amo: Build a configuration tick for Amo given pipeline options
buildConfigurationTick(AuthProfile.AuthProfileOptions) - Static method in class com.mozilla.secops.authprofile.AuthProfile: Build a configuration tick for Authprofile given pipeline options
buildConfigurationTick(Customs.CustomsOptions) - Static method in class com.mozilla.secops.customs.Customs: Build a configuration tick for Customs given pipeline options
buildConfigurationTick(GatekeeperPipeline.GatekeeperOptions) - Static method in class com.mozilla.secops.gatekeeper.GatekeeperPipeline: Build a configuration tick for Gatekeeper given pipeline options
buildConfigurationTick(HTTPRequest.HTTPRequestOptions, HTTPRequestToggles) - Static method in class com.mozilla.secops.httprequest.HTTPRequest: Build a configuration tick for HTTPRequest given pipeline options and configuration toggles
buildConfigurationTick(Pioneer.PioneerOptions) - Static method in class com.mozilla.secops.pioneer.Pioneer: Build a configuration tick for Pioneer given pipeline options
buildConfigurationTick(PostProcessing.PostProcessingOptions) - Static method in class com.mozilla.secops.postprocessing.PostProcessing: Build a configuration tick for PostProcessing given pipeline options
byUserAgent() - Static method in class com.mozilla.secops.DetectNat: Creates a User Agent Based Nat Detection transform

C

cacheClear() - Static method in class com.mozilla.secops.Minfraud: Clear insights cache
cacheInsightsResource(String, String) - Static method in class com.mozilla.secops.Minfraud: Cache and force a particular response for an IP address
calculate(String, String) - Static method in class com.mozilla.secops.StringDistance: Return string distance value between two strings
CATEGORY_ACCOUNT_CREATION_ABUSE - Static variable in class com.mozilla.secops.customs.Customs
CATEGORY_ACCOUNT_CREATION_ABUSE_DIST - Static variable in class com.mozilla.secops.customs.Customs
CATEGORY_ACCOUNT_ENUMERATION - Static variable in class com.mozilla.secops.customs.Customs
CATEGORY_ACTIVITY_MONITOR - Static variable in class com.mozilla.secops.customs.Customs
CATEGORY_LOGIN_FAILURE_AT_RISK_ACCOUNT - Static variable in class com.mozilla.secops.customs.Customs
CATEGORY_PASSWORD_RESET_ABUSE - Static variable in class com.mozilla.secops.customs.Customs
CATEGORY_PRIVATE_RELAY_FORWARD - Static variable in class com.mozilla.secops.customs.Customs
CATEGORY_SOURCE_LOGIN_FAILURE - Static variable in class com.mozilla.secops.customs.Customs
CATEGORY_SOURCE_LOGIN_FAILURE_DIST - Static variable in class com.mozilla.secops.customs.Customs
CATEGORY_STATUS_COMPARATOR - Static variable in class com.mozilla.secops.customs.Customs
CATEGORY_VELOCITY - Static variable in class com.mozilla.secops.customs.Customs
CATEGORY_VELOCITY_MONITOR_ONLY - Static variable in class com.mozilla.secops.customs.Customs
CfgTick - Class in com.mozilla.secops.parser: Payload parser for configuration ticks
CfgTick() - Constructor for class com.mozilla.secops.parser.CfgTick: Construct matcher object.
CfgTick(String, Event, ParserState) - Constructor for class com.mozilla.secops.parser.CfgTick: Construct parser object.
CfgTickBuilder - Class in com.mozilla.secops.metrics: Builder class for initializating configuration tick messages
CfgTickBuilder() - Constructor for class com.mozilla.secops.metrics.CfgTickBuilder: Initialize new CfgTickBuilder
CfgTickGenerator - Class in com.mozilla.secops.metrics: Generate periodic configuration ticks
CfgTickGenerator(String, Integer, long) - Constructor for class com.mozilla.secops.metrics.CfgTickGenerator: Initialize new CfgTickGenerator
CfgTickProcessor - Class in com.mozilla.secops.metrics: Convert configuration ticks into alerts
CfgTickProcessor(String) - Constructor for class com.mozilla.secops.metrics.CfgTickProcessor: Initialize new CfgTickProcessor
CidrUtil - Class in com.mozilla.secops: CIDR matching utilities
CidrUtil() - Constructor for class com.mozilla.secops.CidrUtil: Constructor for CidrUtil, initialize empty
CidrUtil(String) - Constructor for class com.mozilla.secops.CidrUtil: Constructor for CidrUtil to load subnet list from resource
CIDRUTIL_CLOUDPROVIDERS - Static variable in class com.mozilla.secops.CidrUtil: Load exclusion list with allowed cloud providers
CIDRUTIL_FILE - Static variable in class com.mozilla.secops.CidrUtil: Load exclusion list from path resource
CIDRUTIL_INTERNAL - Static variable in class com.mozilla.secops.CidrUtil: Load exclusion list for internal/RFC1918 subnets
Cloudtrail - Class in com.mozilla.secops.parser: Payload parser for Cloudtrail events
Cloudtrail() - Constructor for class com.mozilla.secops.parser.Cloudtrail: Construct matcher object.
Cloudtrail(String, Event, ParserState) - Constructor for class com.mozilla.secops.parser.Cloudtrail: Construct parser object.
CloudtrailEvent - Class in com.mozilla.secops.parser.models.cloudtrail: Model for Cloudtrail Events JSON parsing
CloudtrailEvent() - Constructor for class com.mozilla.secops.parser.models.cloudtrail.CloudtrailEvent
CloudtrailMatcher - Class in com.mozilla.secops.awsbehavior: Translates a JSON object into an EventFilter and context for any resulting matches.
CloudtrailMatcher() - Constructor for class com.mozilla.secops.awsbehavior.CloudtrailMatcher
CloudtrailMatcherManager - Class in com.mozilla.secops.awsbehavior: Loads a JSON document and converts it into a list of CloudtrailMatchers
CloudtrailMatcherManager() - Constructor for class com.mozilla.secops.awsbehavior.CloudtrailMatcherManager: Create new empty CloudtrailMatcherManager
CloudWatchEvent - Class in com.mozilla.secops.parser.models.cloudwatch: Describes the format of an AWS CloudWatch Event
CloudWatchEvent() - Constructor for class com.mozilla.secops.parser.models.cloudwatch.CloudWatchEvent
com.mozilla.secops - package com.mozilla.secops: General utility classes and transforms for secops-beam
com.mozilla.secops.alert - package com.mozilla.secops.alert: Alert generation and output
com.mozilla.secops.amo - package com.mozilla.secops.amo: AMO analysis pipeline
com.mozilla.secops.authprofile - package com.mozilla.secops.authprofile: Pipeline for authentication source profiling and alerting
com.mozilla.secops.authstate - package com.mozilla.secops.authstate: Authentication state storage and utility classes
com.mozilla.secops.awsbehavior - package com.mozilla.secops.awsbehavior: Pipeline for monitoring AWS Cloudtrail events
com.mozilla.secops.crypto - package com.mozilla.secops.crypto: Utilities for dealing with runtime secrets in Beam pipelines
com.mozilla.secops.customs - package com.mozilla.secops.customs: Customs FxA analysis pipeline
com.mozilla.secops.customs.CustomsAtRiskAccountState - package com.mozilla.secops.customs.CustomsAtRiskAccountState
com.mozilla.secops.gatekeeper - package com.mozilla.secops.gatekeeper: Pipeline for AWS Guardduty and GCP ETD analysis
com.mozilla.secops.httprequest - package com.mozilla.secops.httprequest: HTTP request threshold and error rate monitoring
com.mozilla.secops.httprequest.heuristics - package com.mozilla.secops.httprequest.heuristics
com.mozilla.secops.identity - package com.mozilla.secops.identity: Centralized identity mapping and translation for user identities
com.mozilla.secops.input - package com.mozilla.secops.input: Pipeline input
com.mozilla.secops.metrics - package com.mozilla.secops.metrics: Metrics support classes
com.mozilla.secops.parser - package com.mozilla.secops.parser: Log parsing, processing, and enrichment
com.mozilla.secops.parser.models.amo - package com.mozilla.secops.parser.models.amo: JSON model for AMO events
com.mozilla.secops.parser.models.auth0 - package com.mozilla.secops.parser.models.auth0: JSON model for Auth0 events
com.mozilla.secops.parser.models.cloudtrail - package com.mozilla.secops.parser.models.cloudtrail: JSON model for Cloudtrail events
com.mozilla.secops.parser.models.cloudwatch - package com.mozilla.secops.parser.models.cloudwatch: generic JSON model for AWS CloudWatch events
com.mozilla.secops.parser.models.duopull - package com.mozilla.secops.parser.models.duopull: JSON model for Duopull events
com.mozilla.secops.parser.models.etd - package com.mozilla.secops.parser.models.etd: JSON model for GCP ETDBeta Findings
com.mozilla.secops.parser.models.fxaauth - package com.mozilla.secops.parser.models.fxaauth: JSON model for FxA auth server events
com.mozilla.secops.parser.models.fxacontent - package com.mozilla.secops.parser.models.fxacontent
com.mozilla.secops.parser.models.gcpvpcflow - package com.mozilla.secops.parser.models.gcpvpcflow: JSON model for GCP VPC flow events
com.mozilla.secops.parser.models.nginxstackdriver - package com.mozilla.secops.parser.models.nginxstackdriver: JSON model for nginx log messages in Stackdriver jsonPayload
com.mozilla.secops.parser.models.taskcluster - package com.mozilla.secops.parser.models.taskcluster: JSON model for Taskcluster events
com.mozilla.secops.pioneer - package com.mozilla.secops.pioneer: Pioneer analysis pipeline
com.mozilla.secops.postprocessing - package com.mozilla.secops.postprocessing: Pipeline for further processing of and correlation between alerts
com.mozilla.secops.slack - package com.mozilla.secops.slack: Classes for handling publication of messages to Slack
com.mozilla.secops.state - package com.mozilla.secops.state: Classes for handling persistent state for Beam pipelines
com.mozilla.secops.streamwriter - package com.mozilla.secops.streamwriter: Simple stream writer
com.mozilla.secops.window - package com.mozilla.secops.window: Utility window transforms
com.mozilla.secops.workshop - package com.mozilla.secops.workshop: Getting started with Beam introduction pipeline
commit() - Method in class com.mozilla.secops.state.DatastoreStateCursor: Commit datastore transaction
commit() - Method in class com.mozilla.secops.state.MemcachedStateCursor
commit() - Method in class com.mozilla.secops.state.StateCursor: Commit transaction
compositeInputAdapter(InputOptions, String) - Static method in class com.mozilla.secops.input.Input: Adapter to simplify Input usage for pipelines that used previous composite input tranform
CompositeOutput - Class in com.mozilla.secops: CompositeOutput provides a standardized composite output transform for use in pipelines.
compositeOutput(OutputOptions) - Static method in interface com.mozilla.secops.OutputOptions
Connection() - Constructor for class com.mozilla.secops.parser.models.gcpvpcflow.GcpVpcFlow.Connection
contains(String) - Method in class com.mozilla.secops.CidrUtil: Return true if any loaded subnet contains the specified address
contains(String) - Method in class com.mozilla.secops.InetRadix: Determine if tree contains a subnet that would contain IP
ContentServerVarianceDetector - Class in com.mozilla.secops.customs: Provides transforms to detect if an ip is making a variety of requests to the content server or is just abusing auth server APIs.
ContentServerVarianceDetector() - Constructor for class com.mozilla.secops.customs.ContentServerVarianceDetector
ContentServerVarianceDetector.PresenceBased - Class in com.mozilla.secops.customs: Provides a basic transform for detecting variance based on whether an ip exists
convertAccountCreationAbuse(Alert) - Static method in class com.mozilla.secops.customs.CustomsAlert: Convert an account creation abuse alert
convertAccountCreationAbuseDistributed(Alert) - Static method in class com.mozilla.secops.customs.CustomsAlert: Convert an account creation abuse distributed alert
convertJsonToMap(String) - Static method in class com.mozilla.secops.parser.Parser: Utility function to convert a JSON string into the desired map type
convertJsonToMap(String, ObjectMapper) - Static method in class com.mozilla.secops.parser.Parser: Utility function to convert a JSON string into the desired map type
convertLoginFailureAtRiskAccount(Alert) - Static method in class com.mozilla.secops.customs.CustomsAlert: Convert an at risk account alert
convertPasswordResetAbuse(Alert) - Static method in class com.mozilla.secops.customs.CustomsAlert: Convert a password reset abuse alert
convertSourceLoginFailure(Alert) - Static method in class com.mozilla.secops.customs.CustomsAlert: Convert source login failure alert into a list of customs alerts.
convertSourceLoginFailureDist(Alert) - Static method in class com.mozilla.secops.customs.CustomsAlert: Convert a distributed source login failure alert into a list of customs alerts.
convertStatusComparator(Alert) - Static method in class com.mozilla.secops.customs.CustomsAlert: Convert a status comparator alert
convertVelocity(Alert) - Static method in class com.mozilla.secops.customs.CustomsAlert: Convert a velocity alert
count - Variable in class com.mozilla.secops.alert.AlertSuppressor.AlertSuppressionState: Counter value for extended suppression
count - Variable in class com.mozilla.secops.httprequest.heuristics.EndpointAbuseAnalysis.EndpointAbuseState: Request count
createAccumulator() - Method in class com.mozilla.secops.customs.CustomsFeaturesCombiner.CustomsFeaturesCombineFn
createAccumulator() - Method in class com.mozilla.secops.Stats.StatsCombiner
createBaseAlert(Event, String, String) - Static method in class com.mozilla.secops.authprofile.AuthProfile: Create a base authprofile Alert using information from the event
CritObjectAnalyze - Class in com.mozilla.secops.authprofile: Analysis for authentication involving critical objects
CritObjectAnalyze(AuthProfile.AuthProfileOptions) - Constructor for class com.mozilla.secops.authprofile.CritObjectAnalyze: Initialize new critical object analysis
CrossAccountAssumeRoleFilter() - Constructor for class com.mozilla.secops.authprofile.AwsAssumeRoleCorrelator.CrossAccountAssumeRoleFilter
Customs - Class in com.mozilla.secops.customs: Implements various analysis heuristics on FxaAuth streams
Customs() - Constructor for class com.mozilla.secops.customs.Customs
Customs.CustomsOptions - Interface in com.mozilla.secops.customs: Runtime options for Customs pipeline.
Customs.CustomsSummary - Class in com.mozilla.secops.customs: Summarizes various events processed by Customs pipeline
CustomsAccountCreation - Class in com.mozilla.secops.customs: Abusive account creation from a single source address
CustomsAccountCreation(Customs.CustomsOptions) - Constructor for class com.mozilla.secops.customs.CustomsAccountCreation: Create new CustomsAccountCreation
CustomsAccountCreationDist - Class in com.mozilla.secops.customs: Abusive distributed account creation
CustomsAccountCreationDist(Customs.CustomsOptions) - Constructor for class com.mozilla.secops.customs.CustomsAccountCreationDist: Create new CustomsAccountCreationDist
CustomsAccountEnumeration - Class in com.mozilla.secops.customs: Detection of an ip attempting to enumerate FxA users through the account status endpoint.
CustomsAccountEnumeration(Customs.CustomsOptions, PCollectionView<Map<String, Boolean>>) - Constructor for class com.mozilla.secops.customs.CustomsAccountEnumeration: Create new CustomsAccountEnumeration
CustomsActivityForMonitoredAccounts - Class in com.mozilla.secops.customs: Customs activity monitor for specified accounts
CustomsActivityForMonitoredAccounts(Customs.CustomsOptions) - Constructor for class com.mozilla.secops.customs.CustomsActivityForMonitoredAccounts: Initialize new CustomsActivityForMonitoredAccounts
CustomsAlert - Class in com.mozilla.secops.customs: Alert format used for notifications to FxA
CustomsAlert() - Constructor for class com.mozilla.secops.customs.CustomsAlert: Construct new CustomsAlert
CustomsAlert.AlertAction - Enum in com.mozilla.secops.customs: Alert actions
CustomsAlert.AlertSeverity - Enum in com.mozilla.secops.customs: Severity of a given alert
CustomsAlert.IndicatorType - Enum in com.mozilla.secops.customs: Indicator types
CustomsAtRiskAccountStateModel - Class in com.mozilla.secops.customs.CustomsAtRiskAccountState: Describes state used by CustomsLoginFailureForAtRiskAccount
CustomsAtRiskAccountStateModel() - Constructor for class com.mozilla.secops.customs.CustomsAtRiskAccountState.CustomsAtRiskAccountStateModel
CustomsAtRiskAccountStateModel.ScannedByEntry - Class in com.mozilla.secops.customs.CustomsAtRiskAccountState: State model entry for at risk account
CustomsFeatures - Class in com.mozilla.secops.customs: CustomsFeatures describes the output of windowed feature extraction
CustomsFeaturesCombineFn() - Constructor for class com.mozilla.secops.customs.CustomsFeaturesCombiner.CustomsFeaturesCombineFn
CustomsFeaturesCombiner - Class in com.mozilla.secops.customs: Combines windowed key/value collections into a collection of CustomsFeatures
CustomsFeaturesCombiner() - Constructor for class com.mozilla.secops.customs.CustomsFeaturesCombiner
CustomsFeaturesCombiner.CustomsFeaturesCombineFn - Class in com.mozilla.secops.customs: Combine.CombineFn for creating collections of CustomsFeatures
CustomsLoginFailureForAtRiskAccount - Class in com.mozilla.secops.customs: Flag failed logins to potentially at risk accounts.
CustomsLoginFailureForAtRiskAccount(Customs.CustomsOptions) - Constructor for class com.mozilla.secops.customs.CustomsLoginFailureForAtRiskAccount: Create new CustomsLoginFailureForAtRiskAccount
CustomsNotification - Class in com.mozilla.secops.customs: Convert Alert objects generated by pipeline to CustomsAlert and submit them over Pubsub.
CustomsNotification(Customs.CustomsOptions) - Constructor for class com.mozilla.secops.customs.CustomsNotification: Initialize new CustomsNotification
CustomsPasswordResetAbuse - Class in com.mozilla.secops.customs: Abuse of FxA password reset endpoints from a single source address
CustomsPasswordResetAbuse(Customs.CustomsOptions) - Constructor for class com.mozilla.secops.customs.CustomsPasswordResetAbuse: Initialize new CustomsPasswordResetAbuse
CustomsPreFilter - Class in com.mozilla.secops.customs: Basic filtering of ingested events prior to analysis application
CustomsPreFilter() - Constructor for class com.mozilla.secops.customs.CustomsPreFilter
CustomsStatusComparator - Class in com.mozilla.secops.customs: Customs status check comparator
CustomsStatusComparator(Customs.CustomsOptions) - Constructor for class com.mozilla.secops.customs.CustomsStatusComparator: Initialize new CustomsStatusComparator
CustomsSummary(Customs.CustomsOptions) - Constructor for class com.mozilla.secops.customs.Customs.CustomsSummary: Initialize new CustomsSummary
CustomsUtil - Class in com.mozilla.secops.customs: Utility functions for working with FxaAuth events in customs
CustomsUtil() - Constructor for class com.mozilla.secops.customs.CustomsUtil
CustomsVelocity - Class in com.mozilla.secops.customs: Customs location velocity analysis
CustomsVelocity(Customs.CustomsOptions) - Constructor for class com.mozilla.secops.customs.CustomsVelocity: Initialize new CustomsVelocity
CustomsWindow - Class in com.mozilla.secops.customs: Helper class for windowing functions in the Customs pipeline.
CustomsWindow() - Constructor for class com.mozilla.secops.customs.CustomsWindow
CustomsWindow.FixedTenMinutes - Class in com.mozilla.secops.customs: Transform to create a fixed ten minute window with early firings.

D

DATASTORE_KIND - Static variable in class com.mozilla.secops.customs.CustomsLoginFailureForAtRiskAccount: Datastore kind used for state
DATASTORE_KIND - Static variable in class com.mozilla.secops.customs.PrivateRelayForward: Datastore kind for state
DATASTORE_NAMESPACE - Static variable in class com.mozilla.secops.customs.CustomsLoginFailureForAtRiskAccount: Datastore namespace used for state
DATASTORE_NAMESPACE - Static variable in class com.mozilla.secops.customs.PrivateRelayForward: Datastore namespace for state
DatastoreStateCursor<T> - Class in com.mozilla.secops.state: Datastore state cursor implementation
DatastoreStateCursor(Datastore, String, String, Class<T>, boolean) - Constructor for class com.mozilla.secops.state.DatastoreStateCursor: Initialize a new Datastore cursor
DatastoreStateInterface - Class in com.mozilla.secops.state: Utilize GCP Datastore for centralized state storage
DatastoreStateInterface(String, String) - Constructor for class com.mozilla.secops.state.DatastoreStateInterface: Initialize a Datastore state interface
DatastoreStateInterface(String, String, HttpTransportOptions) - Constructor for class com.mozilla.secops.state.DatastoreStateInterface: Initialize a Datastore state interface with transport options
DatastoreStateInterface(String, String, String) - Constructor for class com.mozilla.secops.state.DatastoreStateInterface: Initialize a Datastore state interface using datastore in another project
DatastoreStateInterface(String, String, String, HttpTransportOptions) - Constructor for class com.mozilla.secops.state.DatastoreStateInterface: Initialize a Datastore state interface using datastore in another project with transport options
decrypt(String) - Method in class com.mozilla.secops.crypto.RuntimeSecrets: Decrypt the supplied input
DEFAULTPRUNEAGE - Static variable in class com.mozilla.secops.authstate.PruningStrategyEntryAge
defaultValue() - Method in class com.mozilla.secops.customs.CustomsFeaturesCombiner.CustomsFeaturesCombineFn
defaultValue() - Method in class com.mozilla.secops.Stats.StatsCombiner
deleteAll() - Method in class com.mozilla.secops.state.DatastoreStateInterface: Flush all keys in the state implementation
deleteAll() - Method in class com.mozilla.secops.state.MemcachedStateInterface: Flush all keys in the state implementation
deleteAll() - Method in class com.mozilla.secops.state.State: Flush all keys in the underlying state storage
deleteAll() - Method in interface com.mozilla.secops.state.StateInterface: Flush all keys in the state implementation
deltaMs - Variable in class com.mozilla.secops.httprequest.heuristics.EndpointSequenceAbuse.EndpointSequenceAbuseTimingInfo
deserialize(JsonParser, DeserializationContext) - Method in class com.mozilla.secops.parser.EventFilterPayloadDeserializer
DetectionCategory - Class in com.mozilla.secops.parser.models.etd
DetectionCategory() - Constructor for class com.mozilla.secops.parser.models.etd.DetectionCategory
DetectNat - Class in com.mozilla.secops: Provides NAT detection transforms
DetectNat() - Constructor for class com.mozilla.secops.DetectNat
DetectNat.UserAgentBased - Class in com.mozilla.secops: Provides a basic NAT detection transform
discernCertificateSignSuccess() - Method in class com.mozilla.secops.parser.FxaAuth: Check if the auth event contained a successful certificate signing
DocumentingTransform - Interface in com.mozilla.secops: A transform that will return a documentation string
done() - Method in class com.mozilla.secops.alert.AlertSlack: Mark AlertSlack instance as done
done() - Method in class com.mozilla.secops.crypto.RuntimeSecrets: Indicate RuntimeSecrets object will no longer be used, must be called to shutdown background threads
done() - Method in class com.mozilla.secops.state.DatastoreStateInterface: Notify state implementation no further processing will occur
done() - Method in class com.mozilla.secops.state.MemcachedStateInterface: Notify state implementation no further processing will occur
done() - Method in class com.mozilla.secops.state.State: Inidicate state object will no longer be used
done() - Method in interface com.mozilla.secops.state.StateInterface: Notify state implementation no further processing will occur
done() - Method in class com.mozilla.secops.Watchlist: Closes state interfaces to datastore.
Duopull - Class in com.mozilla.secops.parser: Payload parser for Duopull audit trail log data
Duopull() - Constructor for class com.mozilla.secops.parser.Duopull: Construct matcher object.
Duopull(String, Event, ParserState) - Constructor for class com.mozilla.secops.parser.Duopull: Construct parser object.
Duopull - Class in com.mozilla.secops.parser.models.duopull: Describes the format of a duopull event
Duopull() - Constructor for class com.mozilla.secops.parser.models.duopull.Duopull

E

encrypt(String) - Method in class com.mozilla.secops.crypto.RuntimeSecrets: Encrypt the supplied input
EndpointAbuseAnalysis - Class in com.mozilla.secops.httprequest.heuristics: Transform for detection of a single source making excessive requests of a specific endpoint path solely.
EndpointAbuseAnalysis(HTTPRequestToggles, Boolean, String) - Constructor for class com.mozilla.secops.httprequest.heuristics.EndpointAbuseAnalysis: Static initializer for EndpointAbuseAnalysis
EndpointAbuseAnalysis.EndpointAbuseEndpointInfo - Class in com.mozilla.secops.httprequest.heuristics: Internal class for configured endpoints in EPA
EndpointAbuseAnalysis.EndpointAbuseState - Class in com.mozilla.secops.httprequest.heuristics: Internal class for endpoint abuse state
EndpointAbuseEndpointInfo() - Constructor for class com.mozilla.secops.httprequest.heuristics.EndpointAbuseAnalysis.EndpointAbuseEndpointInfo
EndpointAbuseState() - Constructor for class com.mozilla.secops.httprequest.heuristics.EndpointAbuseAnalysis.EndpointAbuseState
EndpointErrorInfo() - Constructor for class com.mozilla.secops.httprequest.heuristics.PerEndpointErrorRateAnalysis.EndpointErrorInfo
EndpointErrorState() - Constructor for class com.mozilla.secops.httprequest.heuristics.PerEndpointErrorRateAnalysis.EndpointErrorState
EndpointSequenceAbuse - Class in com.mozilla.secops.httprequest.heuristics: Transform for detection of a single source making a sequence of requests at a speed faster than what we expect from a normal user.
EndpointSequenceAbuse(HTTPRequestToggles, Boolean, String, PCollectionView<Map<String, Boolean>>) - Constructor for class com.mozilla.secops.httprequest.heuristics.EndpointSequenceAbuse: Static initializer for EndpointAbuseAnalysis
EndpointSequenceAbuse.EndpointSequenceAbuseTimingInfo - Class in com.mozilla.secops.httprequest.heuristics: Internal class for configured endpoints in EPA
EndpointSequenceAbuseTimingInfo() - Constructor for class com.mozilla.secops.httprequest.heuristics.EndpointSequenceAbuse.EndpointSequenceAbuseTimingInfo
equals(Object) - Method in class com.mozilla.secops.alert.Alert
equals(Object) - Method in class com.mozilla.secops.customs.CustomsFeatures
equals(Object) - Method in class com.mozilla.secops.parser.Event
equals(Object) - Method in class com.mozilla.secops.SourceCorrelation.SourceData
equals(Object) - Method in class com.mozilla.secops.Stats.StatsOutput
equals(Object) - Method in class com.mozilla.secops.Watchlist.WatchlistEntry
ErrorRateAnalysis - Class in com.mozilla.secops.httprequest.heuristics: Transform for analysis of error rates per client within a given window.
ErrorRateAnalysis(HTTPRequestToggles, Boolean, String) - Constructor for class com.mozilla.secops.httprequest.heuristics.ErrorRateAnalysis: Static initializer for ErrorRateAnalysis
ETDBeta - Class in com.mozilla.secops.parser: Payload parser for GCP ETD Finding data
ETDBeta() - Constructor for class com.mozilla.secops.parser.ETDBeta: Construct matcher object.
ETDBeta(String, Event, ParserState) - Constructor for class com.mozilla.secops.parser.ETDBeta: Construct parser object.
ETDTransforms - Class in com.mozilla.secops.gatekeeper: Implements various transforms on GCP's EventThreatDetectionFinding Events
ETDTransforms() - Constructor for class com.mozilla.secops.gatekeeper.ETDTransforms
ETDTransforms.ExtractFindings - Class in com.mozilla.secops.gatekeeper: Extract ETD Findings
ETDTransforms.GenerateETDAlerts - Class in com.mozilla.secops.gatekeeper: Generate Alerts for relevant ETD Finding Events
ETDTransforms.Options - Interface in com.mozilla.secops.gatekeeper: Runtime options for ETD Transforms
ETDTransforms.SuppressAlerts - Class in com.mozilla.secops.gatekeeper: Suppress Alerts for repeated Event Threat Detection Findings.
Event - Class in com.mozilla.secops.parser: Represents a high level event after being processed by a Parser.
EventFilter - Class in com.mozilla.secops.parser: Event filtering and matching
EventFilter() - Constructor for class com.mozilla.secops.parser.EventFilter: Create new EventFilter
EventFilterPayload - Class in com.mozilla.secops.parser: Can be associated with EventFilterRule for payload matching
EventFilterPayload(Class<? extends PayloadBase>) - Constructor for class com.mozilla.secops.parser.EventFilterPayload: Create new payload filter that additionally verifies against the supplied payload class
EventFilterPayload() - Constructor for class com.mozilla.secops.parser.EventFilterPayload: Create new empty payload filter
EventFilterPayload.IntegerProperty - Enum in com.mozilla.secops.parser: Properties match integers from various payload event types
EventFilterPayload.StringProperty - Enum in com.mozilla.secops.parser: Properties match strings from various payload event types
EventFilterPayloadDeserializer - Class in com.mozilla.secops.parser: Custom deserialization for payload filter implementations
EventFilterPayloadDeserializer() - Constructor for class com.mozilla.secops.parser.EventFilterPayloadDeserializer
EventFilterPayloadInterface - Interface in com.mozilla.secops.parser: Interface representing a payload filter
EventFilterPayloadOr - Class in com.mozilla.secops.parser: A special class of payload filter that supports applying OR logic to matching.
EventFilterPayloadOr() - Constructor for class com.mozilla.secops.parser.EventFilterPayloadOr: Create new empty payload OR filter
EventFilterPayloadRange<T extends Comparable<T>> - Class in com.mozilla.secops.parser: Numeric range comparison for use in EventFilter
EventFilterPayloadRange(T, T) - Constructor for class com.mozilla.secops.parser.EventFilterPayloadRange: Initialize new EventFilterPayloadRange
EventFilterRule - Class in com.mozilla.secops.parser: Rule within an event filter
EventFilterRule() - Constructor for class com.mozilla.secops.parser.EventFilterRule: Create new empty EventFilterRule
eventIntegerValue(EventFilterPayload.IntegerProperty) - Method in class com.mozilla.secops.parser.GLB
eventIntegerValue(EventFilterPayload.IntegerProperty) - Method in class com.mozilla.secops.parser.Nginx
eventIntegerValue(EventFilterPayload.IntegerProperty) - Method in class com.mozilla.secops.parser.Normalized: Return a given normalized payload field based on the supplied field identifier
eventIntegerValue(EventFilterPayload.IntegerProperty) - Method in class com.mozilla.secops.parser.PayloadBase: Return a given Integer payload field value based on the supplied field identifier
eventOfPayload(Payload.PayloadType) - Method in class com.mozilla.secops.parser.ParserMetrics: Event of a PayloadType was parsed
EventSourceExtractor() - Constructor for class com.mozilla.secops.SourceCorrelation.EventSourceExtractor
eventStringValue(EventFilterPayload.StringProperty) - Method in class com.mozilla.secops.parser.Cloudtrail
eventStringValue(EventFilterPayload.StringProperty) - Method in class com.mozilla.secops.parser.FxaAuth
eventStringValue(EventFilterPayload.StringProperty) - Method in class com.mozilla.secops.parser.GLB
eventStringValue(EventFilterPayload.StringProperty) - Method in class com.mozilla.secops.parser.Nginx
eventStringValue(EventFilterPayload.StringProperty) - Method in class com.mozilla.secops.parser.Normalized: Return a given normalized payload field based on the supplied field identifier
eventStringValue(EventFilterPayload.StringProperty) - Method in class com.mozilla.secops.parser.OpenSSH
eventStringValue(EventFilterPayload.StringProperty) - Method in class com.mozilla.secops.parser.PayloadBase: Return a given String payload field value based on the supplied field identifier
eventStringValue(EventFilterPayload.StringProperty) - Method in class com.mozilla.secops.parser.Raw
EventThreatDetectionFinding - Class in com.mozilla.secops.parser.models.etd: Describes the format of a GCP Event Threat Detection Finding
EventThreatDetectionFinding() - Constructor for class com.mozilla.secops.parser.models.etd.EventThreatDetectionFinding
eventTooOld() - Method in class com.mozilla.secops.parser.ParserMetrics: Event was too old
EventTooOldException(String) - Constructor for exception com.mozilla.secops.parser.Parser.EventTooOldException
eventTypeMatched() - Method in class com.mozilla.secops.amo.AmoMetrics.HeuristicMetrics: A transform received the correct event type to proceed with analysis
eventUnhandledException() - Method in class com.mozilla.secops.parser.ParserMetrics: Event was caused an unhandled exception in parser
Evidence - Class in com.mozilla.secops.parser.models.etd
Evidence() - Constructor for class com.mozilla.secops.parser.models.etd.Evidence
except(EventFilterRule) - Method in class com.mozilla.secops.parser.EventFilterRule: Install negation rules for this filter rule
excludeNormalizedSourceAddresses(int, String) - Static method in class com.mozilla.secops.CidrUtil: Returns a DoFn that filters any events that have a normalized source address field that matches the specified criteria.
execute() - Method in class com.mozilla.secops.state.StateCursor: Execute all operations in cursor
executeInner() - Method in class com.mozilla.secops.state.DatastoreStateCursor
executeInner() - Method in class com.mozilla.secops.state.MemcachedStateCursor
executePipeline(Pipeline, PCollection<String>, Amo.AmoOptions) - Static method in class com.mozilla.secops.amo.Amo: Execute AMO pipeline
executePipeline(Pipeline, PCollection<String>, Customs.CustomsOptions) - Static method in class com.mozilla.secops.customs.Customs: Analysis entry point for Customs pipeline
executePipeline(Pipeline, PCollection<String>, GatekeeperPipeline.GatekeeperOptions) - Static method in class com.mozilla.secops.gatekeeper.GatekeeperPipeline: Execute Gatekeeper pipeline
executePipeline(Pipeline, PCollection<String>, Pioneer.PioneerOptions) - Static method in class com.mozilla.secops.pioneer.Pioneer: Execute Pioneer pipeline
exemptedEmailKind - Static variable in class com.mozilla.secops.IprepdIO: Kind for exempted email entry in Datastore
exemptedIpKind - Static variable in class com.mozilla.secops.IprepdIO: Kind for exempted IP entry in Datastore
ExemptedObject() - Constructor for class com.mozilla.secops.IprepdIO.ExemptedObject
exemptedObjectNamespace - Static variable in class com.mozilla.secops.IprepdIO: Namespace for exempted objects in Datastore
expand(PCollection<String>) - Method in class com.mozilla.secops.alert.AlertIO.AlertNotifyMerge
expand(PCollection<String>) - Method in class com.mozilla.secops.alert.AlertIO.Write
expand(PCollection<Event>) - Method in class com.mozilla.secops.amo.AddonCloudSubmission
expand(PCollection<Event>) - Method in class com.mozilla.secops.amo.AddonMatcher
expand(PCollection<Event>) - Method in class com.mozilla.secops.amo.AddonMultiIpLogin
expand(PCollection<Event>) - Method in class com.mozilla.secops.amo.AddonMultiMatch
expand(PCollection<Event>) - Method in class com.mozilla.secops.amo.AddonMultiSubmit
expand(PCollection<Event>) - Method in class com.mozilla.secops.amo.FxaAccountAbuseAlias
expand(PCollection<Event>) - Method in class com.mozilla.secops.amo.FxaAccountAbuseNewVersion
expand(PCollection<Event>) - Method in class com.mozilla.secops.amo.ReportRestriction
expand(PCollection<String>) - Method in class com.mozilla.secops.authprofile.AuthProfile.Parse
expand(PCollection<Event>) - Method in class com.mozilla.secops.authprofile.AwsAssumeRoleCorrelator
expand(PCollection<Event>) - Method in class com.mozilla.secops.authprofile.CritObjectAnalyze
expand(PCollection<Event>) - Method in class com.mozilla.secops.awsbehavior.AwsBehavior.Matcher
expand(PCollection<Event>) - Method in class com.mozilla.secops.awsbehavior.AwsBehavior.Matchers
expand(PCollection<String>) - Method in class com.mozilla.secops.awsbehavior.AwsBehavior.ParseAndWindow
expand(PCollection<Event>) - Method in class com.mozilla.secops.customs.ContentServerVarianceDetector.PresenceBased
expand(PCollection<Event>) - Method in class com.mozilla.secops.customs.Customs.CustomsSummary
expand(PCollection<KV<String, CustomsFeatures>>) - Method in class com.mozilla.secops.customs.CustomsAccountCreation
expand(PCollection<KV<String, CustomsFeatures>>) - Method in class com.mozilla.secops.customs.CustomsAccountCreationDist
expand(PCollection<KV<String, CustomsFeatures>>) - Method in class com.mozilla.secops.customs.CustomsAccountEnumeration
expand(PCollection<Event>) - Method in class com.mozilla.secops.customs.CustomsActivityForMonitoredAccounts
expand(PCollection<KV<String, Event>>) - Method in class com.mozilla.secops.customs.CustomsFeaturesCombiner
expand(PCollection<Event>) - Method in class com.mozilla.secops.customs.CustomsLoginFailureForAtRiskAccount
expand(PCollection<String>) - Method in class com.mozilla.secops.customs.CustomsNotification
expand(PCollection<KV<String, CustomsFeatures>>) - Method in class com.mozilla.secops.customs.CustomsPasswordResetAbuse
expand(PCollection<Event>) - Method in class com.mozilla.secops.customs.CustomsStatusComparator
expand(PCollection<Event>) - Method in class com.mozilla.secops.customs.CustomsVelocity
expand(PCollection<KV<String, Event>>) - Method in class com.mozilla.secops.customs.CustomsWindow.FixedTenMinutes
expand(PCollection<Event>) - Method in class com.mozilla.secops.customs.PrivateRelayForward
expand(PCollection<KV<String, CustomsFeatures>>) - Method in class com.mozilla.secops.customs.SourceLoginFailure
expand(PCollection<KV<String, CustomsFeatures>>) - Method in class com.mozilla.secops.customs.SourceLoginFailureDist
expand(PCollection<Event>) - Method in class com.mozilla.secops.DetectNat.UserAgentBased
expand(PCollection<Event>) - Method in class com.mozilla.secops.gatekeeper.ETDTransforms.ExtractFindings
expand(PCollection<Event>) - Method in class com.mozilla.secops.gatekeeper.ETDTransforms.GenerateETDAlerts
expand(PCollection<Alert>) - Method in class com.mozilla.secops.gatekeeper.ETDTransforms.SuppressAlerts
expand(PCollection<String>) - Method in class com.mozilla.secops.gatekeeper.GatekeeperParser.Parse
expand(PCollection<Event>) - Method in class com.mozilla.secops.gatekeeper.GuardDutyTransforms.ExtractFindings
expand(PCollection<Event>) - Method in class com.mozilla.secops.gatekeeper.GuardDutyTransforms.GenerateGDAlerts
expand(PCollection<Alert>) - Method in class com.mozilla.secops.gatekeeper.GuardDutyTransforms.SuppressAlerts
expand(PCollection<KV<String, ArrayList<String>>>) - Method in class com.mozilla.secops.httprequest.heuristics.EndpointAbuseAnalysis
expand(PCollection<Event>) - Method in class com.mozilla.secops.httprequest.heuristics.EndpointSequenceAbuse
expand(PCollection<Event>) - Method in class com.mozilla.secops.httprequest.heuristics.ErrorRateAnalysis
expand(PCollection<Event>) - Method in class com.mozilla.secops.httprequest.heuristics.HardLimitAnalysis
expand(PCollection<KV<String, ArrayList<String>>>) - Method in class com.mozilla.secops.httprequest.heuristics.PerEndpointErrorRateAnalysis
expand(PCollection<KV<String, ArrayList<String>>>) - Method in class com.mozilla.secops.httprequest.heuristics.SessionLimitAnalysis
expand(PCollection<Event>) - Method in class com.mozilla.secops.httprequest.heuristics.StatusCodeRateAnalysis
expand(PCollection<Event>) - Method in class com.mozilla.secops.httprequest.heuristics.ThresholdAnalysis
expand(PCollection<Event>) - Method in class com.mozilla.secops.httprequest.heuristics.UserAgentBlocklistAnalysis
expand(PCollection<Event>) - Method in class com.mozilla.secops.httprequest.HTTPRequest.KeyAndWindowForSessionsFireEarly
expand(PCollection<Event>) - Method in class com.mozilla.secops.httprequest.HTTPRequest.WindowForFixed
expand(PCollection<Event>) - Method in class com.mozilla.secops.httprequest.HTTPRequestElementFilter
expand(PBegin) - Method in class com.mozilla.secops.input.Input.MultiplexReader
expand(PBegin) - Method in class com.mozilla.secops.input.Input.MultiplexReaderRaw
expand(PBegin) - Method in class com.mozilla.secops.input.Input.SimplexReader
expand(PBegin) - Method in class com.mozilla.secops.input.Input.SimplexReaderRaw
expand(PCollection<String>) - Method in class com.mozilla.secops.IprepdIO.Write
expand(PBegin) - Method in class com.mozilla.secops.metrics.CfgTickGenerator
expand(PCollection<Event>) - Method in class com.mozilla.secops.pioneer.Pioneer.PioneerExfiltration
expand(PCollection<Alert>) - Method in class com.mozilla.secops.postprocessing.AlertSummary
expand(PCollection<String>) - Method in class com.mozilla.secops.postprocessing.PostProcessing.Parse
expand(PCollection<SourceCorrelation.SourceData>) - Method in class com.mozilla.secops.SourceCorrelation.SourceCorrelator
expand(PCollection<String>) - Method in class com.mozilla.secops.SqsIO.Write
expand(PCollection<Long>) - Method in class com.mozilla.secops.Stats
expand(PCollection<T>) - Method in class com.mozilla.secops.window.GlobalTriggers
expand(PCollection<String>) - Method in class com.mozilla.secops.workshop.Workshop.PrintOutput
expandElement(PBegin, String) - Method in class com.mozilla.secops.input.InputElement: Expand configured input types into a resulting collection of parsed events
expandElementRaw(PBegin, String) - Method in class com.mozilla.secops.input.InputElement: Expand configured input types into a resulting collection of strings
expandInputMap(Pipeline, PCollectionTuple, HTTPRequest.HTTPRequestOptions) - Static method in class com.mozilla.secops.httprequest.HTTPRequest: Expand the input collection tuple, executing analysis transforms for each element
ExtractFindings(ETDTransforms.Options) - Constructor for class com.mozilla.secops.gatekeeper.ETDTransforms.ExtractFindings: static initializer for filter
ExtractFindings(GuardDutyTransforms.Options) - Constructor for class com.mozilla.secops.gatekeeper.GuardDutyTransforms.ExtractFindings: static initializer for filter
ExtractIdentity(AuthProfile.AuthProfileOptions) - Constructor for class com.mozilla.secops.authprofile.AuthProfile.ExtractIdentity: Static initializer for AuthProfile.ExtractIdentity
extractOutput(CustomsFeatures) - Method in class com.mozilla.secops.customs.CustomsFeaturesCombiner.CustomsFeaturesCombineFn
extractOutput(Stats.StatsCombiner.State) - Method in class com.mozilla.secops.Stats.StatsCombiner
ExtractWords() - Constructor for class com.mozilla.secops.workshop.Workshop.ExtractWords

F

featureSummaryRegistration() - Static method in class com.mozilla.secops.customs.Customs: Return an array of EventSummary values that indicate which events should be stored during feature extraction and passed through the prefilter.
fetchContent(String) - Static method in class com.mozilla.secops.GcsUtil: Fetch byte array from specified storage URL
fetchInputStreamContent(String) - Static method in class com.mozilla.secops.GcsUtil: Fetch InputStream from specified storage URL
fetchStringContent(String) - Static method in class com.mozilla.secops.GcsUtil: Fetch string content from specified storage URL
fileInput(PBegin, String) - Method in class com.mozilla.secops.input.InputCollectionCache: Request file input
fileReadLines(String) - Static method in class com.mozilla.secops.FileUtil: Read file from specified path, returning an ArrayList containing an item for each line
FileUtil - Class in com.mozilla.secops: Various utilities for file IO
FileUtil() - Constructor for class com.mozilla.secops.FileUtil
firstMethod - Variable in class com.mozilla.secops.httprequest.heuristics.EndpointSequenceAbuse.EndpointSequenceAbuseTimingInfo
firstPath - Variable in class com.mozilla.secops.httprequest.heuristics.EndpointSequenceAbuse.EndpointSequenceAbuseTimingInfo
FixedTenMinutes() - Constructor for class com.mozilla.secops.customs.CustomsWindow.FixedTenMinutes
flattenObjectMapToStringMap(Map<String, Object>) - Static method in class com.mozilla.secops.parser.CfgTick: Convert a map of type String, Object into a map of type String, String
forValue(int) - Static method in enum com.mozilla.secops.parser.models.fxaauth.FxaAuth.Errno: Get Errno from int value
fromAlert(Alert) - Static method in class com.mozilla.secops.customs.CustomsAlert: Convert an Alert into one or more instances of CustomsAlert
fromAlert(Alert) - Static method in class com.mozilla.secops.Violation: Convert an Alert into violations
fromInputOptions(InputOptions) - Static method in class com.mozilla.secops.parser.ParserCfg: Create a parser configuration from pipeline InputOptions
fromInputSpecifier(String, String) - Static method in class com.mozilla.secops.input.KinesisInput: Parse Kinesis input specification into configuration
fromJSON(String) - Static method in class com.mozilla.secops.alert.Alert: Return Alert from JSON string
fromJSON(String, ObjectMapper) - Static method in class com.mozilla.secops.alert.Alert: Return Alert from JSON string
fromJSON(String) - Static method in class com.mozilla.secops.parser.Event: Convert a JSON string into an Event
fromJSON(String, ObjectMapper) - Static method in class com.mozilla.secops.parser.Mozlog: Create a new Mozlog object using a JSON string as input
fromPipelineOptions(HTTPRequest.HTTPRequestOptions) - Static method in class com.mozilla.secops.httprequest.HTTPRequestToggles: Initialize HTTPRequestToggles using HTTPRequest pipeline options
fromPipelineOptions(InputOptions, String) - Method in class com.mozilla.secops.input.Input: Configure input using specified InputOptions
fromPipelineOptions(String, InputOptions, String) - Static method in class com.mozilla.secops.input.InputElement: Return an InputElement given pipeline options
fromString(String) - Static method in enum com.mozilla.secops.authprofile.AuthProfile.StateAnalyze.ActionType: Return ActionType using string format
FxaAccountAbuseAlias - Class in com.mozilla.secops.amo: Analysis for aliased account usage
FxaAccountAbuseAlias(String, Integer, Integer) - Constructor for class com.mozilla.secops.amo.FxaAccountAbuseAlias: Create new FxaAccountAbuseAlias
FxaAccountAbuseNewVersion - Class in com.mozilla.secops.amo: Correlation of AMO addon submission with abusive FxA account creation alerts
FxaAccountAbuseNewVersion(String, String[], Integer, String, String) - Constructor for class com.mozilla.secops.amo.FxaAccountAbuseNewVersion: Create new FxaAccountAbuseNewVersion
FxaAuth - Class in com.mozilla.secops.parser: Payload parser for FxA authentication server log data
FxaAuth() - Constructor for class com.mozilla.secops.parser.FxaAuth: Construct matcher object.
FxaAuth(String, Event, ParserState) - Constructor for class com.mozilla.secops.parser.FxaAuth: Construct parser object.
FxaAuth - Class in com.mozilla.secops.parser.models.fxaauth: FxA authentication server event
FxaAuth() - Constructor for class com.mozilla.secops.parser.models.fxaauth.FxaAuth
FxaAuth.Errno - Enum in com.mozilla.secops.parser.models.fxaauth: FxA error values
FxaAuth.EventSummary - Enum in com.mozilla.secops.parser: Event summary is determined based on source event fields
FxaContent - Class in com.mozilla.secops.parser: Payload parser for FxA content server log data
FxaContent() - Constructor for class com.mozilla.secops.parser.FxaContent: Construct matcher object.
FxaContent(String, Event, ParserState) - Constructor for class com.mozilla.secops.parser.FxaContent: Construct parser object.
FxaContent - Class in com.mozilla.secops.parser.models.fxacontent: FxA content server event
FxaContent() - Constructor for class com.mozilla.secops.parser.models.fxacontent.FxaContent
FxaContent.RequestType - Enum in com.mozilla.secops.parser: Type of server.request.route event based on path

G

GatekeeperParser - Class in com.mozilla.secops.gatekeeper: Implements a parser which handles both AWS GuardDuty Finding and GCP ETD Findings EventThreatDetectionFinding
GatekeeperParser() - Constructor for class com.mozilla.secops.gatekeeper.GatekeeperParser
GatekeeperParser.Parse - Class in com.mozilla.secops.gatekeeper: Composite transform to parse a PCollection containing events as strings and emit a PCollection of Event objects.
GatekeeperPipeline - Class in com.mozilla.secops.gatekeeper: GatekeeperPipeline describes and implements a Beam pipeline for analysis of AWS GuardDuty and GCP Event Threat Detection Findings
GatekeeperPipeline() - Constructor for class com.mozilla.secops.gatekeeper.GatekeeperPipeline
GatekeeperPipeline.GatekeeperOptions - Interface in com.mozilla.secops.gatekeeper: Runtime options for GatekeeperPipeline .
GcpAudit - Class in com.mozilla.secops.parser: Payload parser for GCP audit log data.
GcpAudit() - Constructor for class com.mozilla.secops.parser.GcpAudit: Construct matcher object.
GcpAudit(String, Event, ParserState) - Constructor for class com.mozilla.secops.parser.GcpAudit: Construct parser object.
GcpVpcFlow - Class in com.mozilla.secops.parser: Payload parser for GCP VPC flow logs
GcpVpcFlow() - Constructor for class com.mozilla.secops.parser.GcpVpcFlow: Construct matcher object.
GcpVpcFlow(String, Event, ParserState) - Constructor for class com.mozilla.secops.parser.GcpVpcFlow: Construct parser object.
GcpVpcFlow - Class in com.mozilla.secops.parser.models.gcpvpcflow: JSON model for GCP VPC flow events
GcpVpcFlow() - Constructor for class com.mozilla.secops.parser.models.gcpvpcflow.GcpVpcFlow
GcpVpcFlow.Connection - Class in com.mozilla.secops.parser.models.gcpvpcflow: Connection details
GcpVpcFlow.Instance - Class in com.mozilla.secops.parser.models.gcpvpcflow: Instance details
GcsUtil - Class in com.mozilla.secops: Utilities for requesting content from Google Cloud Storage
GenerateETDAlerts(ETDTransforms.Options) - Constructor for class com.mozilla.secops.gatekeeper.ETDTransforms.GenerateETDAlerts: static initializer for alert generation / escalation
GenerateGDAlerts(GuardDutyTransforms.Options) - Constructor for class com.mozilla.secops.gatekeeper.GuardDutyTransforms.GenerateGDAlerts: static initializer for alert generation / escalation
generateTemplateVariables() - Method in class com.mozilla.secops.alert.Alert: Return HashMap used by Freemarker to generate an HTML alert email
GeoIP - Class in com.mozilla.secops.parser: GeoIP resolution
GeoIP(String, String) - Constructor for class com.mozilla.secops.parser.GeoIP: Initialize new GeoIP, load databases from specified paths
geoIp(String) - Method in class com.mozilla.secops.parser.Parser: Resolve GeoIP information from IP address string
GeoIP.GeoIPData - Class in com.mozilla.secops.parser: Helper class for storing GeoIP related attributes, and for resolving the attributes according to the resolution mode.
GeoIP.GeoIPData.GeoResolutionMode - Enum in com.mozilla.secops.parser: The resolution mode for GeoIP attributes.
GeoIPData() - Constructor for class com.mozilla.secops.parser.GeoIP.GeoIPData
geoIpIsp(String) - Method in class com.mozilla.secops.parser.Parser: Resolve GeoIP ISP information from IP address string
GeoUtil - Class in com.mozilla.secops: Geo math utilities
GeoUtil() - Constructor for class com.mozilla.secops.GeoUtil
geoVelocityAnalyzeLatest(Double) - Method in class com.mozilla.secops.authstate.AuthStateModel: Perform geo-velocity analysis using the latest entries in the model
GeoVelocityResponse(Long, Double, Boolean) - Constructor for class com.mozilla.secops.authstate.AuthStateModel.GeoVelocityResponse: Create new GeoVelocityResponse
get(String, StateCursor<AuthStateModel>, PruningStrategy) - Static method in class com.mozilla.secops.authstate.AuthStateModel: Retrieve state object for user
get(String) - Method in class com.mozilla.secops.state.StateCursor: Get a value from state
get(String) - Method in class com.mozilla.secops.state.StateOperation: Configure as a get operation
getAccessKeyID() - Method in class com.mozilla.secops.parser.models.cloudtrail.CloudtrailEvent
getAccessKeyId() - Method in class com.mozilla.secops.parser.models.cloudtrail.UserIdentity
getAccount() - Method in class com.mozilla.secops.parser.models.cloudwatch.CloudWatchEvent: Get event AWS account id
getAccountCreationDistributedDistanceRatio() - Method in interface com.mozilla.secops.customs.Customs.CustomsOptions
getAccountCreationDistributedThreshold() - Method in interface com.mozilla.secops.customs.Customs.CustomsOptions
getAccountCreationSuppressRecovery() - Method in interface com.mozilla.secops.customs.Customs.CustomsOptions
getAccountCreationThreshold() - Method in interface com.mozilla.secops.customs.Customs.CustomsOptions
getAccountEnumerationThreshold() - Method in interface com.mozilla.secops.customs.Customs.CustomsOptions
getAccountId() - Method in class com.mozilla.secops.parser.models.cloudtrail.UserIdentity
getAccountMatchBanOnLogin() - Method in interface com.mozilla.secops.amo.Amo.AmoOptions
getActivityMonitorAccountPath() - Method in interface com.mozilla.secops.customs.Customs.CustomsOptions
getAdditionalEventData() - Method in class com.mozilla.secops.parser.models.cloudtrail.CloudtrailEvent
getAdditionalEventDataValue(String) - Method in class com.mozilla.secops.parser.models.cloudtrail.CloudtrailEvent
getAddonGuid() - Method in class com.mozilla.secops.parser.AmoDocker: Get addon GUID
getAddonId() - Method in class com.mozilla.secops.parser.AmoDocker: Get addon ID
getAddonMatchCriteria() - Method in interface com.mozilla.secops.amo.Amo.AmoOptions
getAddonMatchSuppressRecovery() - Method in interface com.mozilla.secops.amo.Amo.AmoOptions
getAddonMultiIpLoginAggressiveMatcher() - Method in interface com.mozilla.secops.amo.Amo.AmoOptions
getAddonMultiIpLoginAlertExceptions() - Method in interface com.mozilla.secops.amo.Amo.AmoOptions
getAddonMultiIpLoginAlertOn() - Method in interface com.mozilla.secops.amo.Amo.AmoOptions
getAddonMultiIpLoginAlertOnIp() - Method in interface com.mozilla.secops.amo.Amo.AmoOptions
getAddonMultiIpLoginSuppressRecovery() - Method in interface com.mozilla.secops.amo.Amo.AmoOptions
getAddonMultiMatchAlertOn() - Method in interface com.mozilla.secops.amo.Amo.AmoOptions
getAddonMultiMatchSuppressRecovery() - Method in interface com.mozilla.secops.amo.Amo.AmoOptions
getAddonMultiSubmitAlertOn() - Method in interface com.mozilla.secops.amo.Amo.AmoOptions
getAddonMultiSubmitSuppressRecovery() - Method in interface com.mozilla.secops.amo.Amo.AmoOptions
getAddonVersion() - Method in class com.mozilla.secops.parser.AmoDocker: Get addon version
getAgent() - Method in class com.mozilla.secops.parser.models.fxaauth.FxaAuth: Get agent
getAlert() - Method in class com.mozilla.secops.identity.Identity: Get alerting preferences for identity
getAlert() - Method in class com.mozilla.secops.parser.Alert: Get alert object
getAlertConfiguration() - Method in class com.mozilla.secops.alert.AlertIO.Write: Get alert configuration in transform
getAlertId() - Method in class com.mozilla.secops.alert.Alert: Returns unique alert ID for this alert.
getAlertStateDatastoreKind() - Method in interface com.mozilla.secops.OutputOptions
getAlertStateDatastoreNamespace() - Method in interface com.mozilla.secops.OutputOptions
getAlertStateMemcachedHost() - Method in interface com.mozilla.secops.OutputOptions
getAlertStateMemcachedPort() - Method in interface com.mozilla.secops.OutputOptions
getAlertSummaryAnalysisThresholds() - Method in interface com.mozilla.secops.postprocessing.PostProcessing.PostProcessingOptions
getAlertSuppressionDurationSeconds() - Method in interface com.mozilla.secops.httprequest.HTTPRequest.HTTPRequestOptions
getAlertSuppressionDurationSeconds() - Method in class com.mozilla.secops.httprequest.HTTPRequestToggles: Get duration to suppress alerts (when using session windows)
getAlertSuppressionSeconds() - Method in interface com.mozilla.secops.gatekeeper.ETDTransforms.Options
getAlertSuppressionSeconds() - Method in interface com.mozilla.secops.gatekeeper.GuardDutyTransforms.Options
getAliasAbuseMaxAliases() - Method in interface com.mozilla.secops.amo.Amo.AmoOptions
getAliasAbuseSuppressRecovery() - Method in interface com.mozilla.secops.amo.Amo.AmoOptions
getAliases() - Method in class com.mozilla.secops.identity.Identity: Get username aliases for identity
getAll() - Method in class com.mozilla.secops.state.StateCursor: Get all values from state
getAll() - Method in class com.mozilla.secops.state.StateOperation: Configure as a get all operation
getAlternateCritSlackEscalation() - Method in interface com.mozilla.secops.authprofile.AuthProfile.AuthProfileOptions
getAnalysisThresholdModifier() - Method in interface com.mozilla.secops.httprequest.HTTPRequest.HTTPRequestOptions
getAnalysisThresholdModifier() - Method in class com.mozilla.secops.httprequest.HTTPRequestToggles: Get analysis threshold modifier
getApiVersion() - Method in class com.mozilla.secops.parser.models.taskcluster.Taskcluster: Get api version
getArn() - Method in class com.mozilla.secops.parser.models.cloudtrail.UserIdentity
getAsn() - Method in class com.mozilla.secops.SourceCorrelation.SourceData: Get ASN
getAssociatedKey(AlertMeta.Key.AssociatedKey) - Method in enum com.mozilla.secops.alert.AlertMeta.Key: Obtain given associated key type
getAttributes() - Method in class com.mozilla.secops.parser.models.cloudtrail.SessionContext
getAuditType() - Method in class com.mozilla.secops.parser.BmoAudit: Get audito event type
getAuth0ClientIds() - Method in interface com.mozilla.secops.authprofile.AuthProfile.AuthProfileOptions
getAuthenticated() - Method in class com.mozilla.secops.parser.models.taskcluster.Taskcluster: Get authenticated
getAuthMethod() - Method in class com.mozilla.secops.parser.OpenSSH: Get authentication method
getAwsAccountMap() - Method in class com.mozilla.secops.identity.IdentityManager: Get AWS account map
getAwsAssumeRoleCorrelatorSessionGapDurationSeconds() - Method in interface com.mozilla.secops.authprofile.AuthProfile.AuthProfileOptions
getAwsRegion() - Method in class com.mozilla.secops.parser.models.cloudtrail.CloudtrailEvent
getBanPatternSuppressRecovery() - Method in interface com.mozilla.secops.amo.Amo.AmoOptions
getBytes() - Method in class com.mozilla.secops.parser.AmoDocker: Get bytes
getBytesSent() - Method in class com.mozilla.secops.parser.GcpVpcFlow: Get bytes sent
getBytesSent() - Method in class com.mozilla.secops.parser.models.gcpvpcflow.GcpVpcFlow: Get bytes sent
getBytesSent() - Method in class com.mozilla.secops.parser.models.nginxstackdriver.NginxStackdriverVariant1: Get bytes_sent
getBytesSent() - Method in class com.mozilla.secops.parser.models.nginxstackdriver.NginxStackdriverVariant2: Get bytes_sent
getCache() - Method in class com.mozilla.secops.input.Input: Request input collection cache
getCallerIp() - Method in class com.mozilla.secops.parser.GcpAudit: Get caller IP address
getCallerIpCity() - Method in class com.mozilla.secops.parser.GcpAudit: Get caller IP city
getCallerIpCountry() - Method in class com.mozilla.secops.parser.GcpAudit: Get caller IP country
getCategory() - Method in class com.mozilla.secops.alert.Alert: Get alert category
getCidrExclusionList() - Method in interface com.mozilla.secops.httprequest.HTTPRequest.HTTPRequestOptions
getCidrExclusionList() - Method in class com.mozilla.secops.httprequest.HTTPRequestToggles: Get CIDR exclusion list path
getCity() - Method in class com.mozilla.secops.SourceCorrelation.SourceData: Get city
getClampThresholdMaximum() - Method in interface com.mozilla.secops.httprequest.HTTPRequest.HTTPRequestOptions
getClampThresholdMaximum() - Method in class com.mozilla.secops.httprequest.HTTPRequestToggles: Get clamp threshold maximum
getClientAddress() - Method in class com.mozilla.secops.parser.models.fxacontent.FxaContent: Get client address
getClientId() - Method in class com.mozilla.secops.parser.models.auth0.LogEvent: Getter for the application's client id related to this event.
getClientId() - Method in class com.mozilla.secops.parser.models.taskcluster.Taskcluster: Get client ID
getClientName() - Method in class com.mozilla.secops.parser.models.auth0.LogEvent: Getter for the application's client name related to this event.
getCloudtrailMatcherManagerPath() - Method in interface com.mozilla.secops.awsbehavior.AwsBehavior.AwsBehaviorOptions
getCode() - Method in class com.mozilla.secops.parser.models.nginxstackdriver.NginxStackdriverVariant2: Get code
getConfidence() - Method in class com.mozilla.secops.customs.CustomsAlert: Get confidence
getConfigurationMap() - Method in class com.mozilla.secops.parser.CfgTick: Get configuration map
getConnection() - Method in class com.mozilla.secops.parser.models.gcpvpcflow.GcpVpcFlow: Get connection data
getContactEmail() - Method in interface com.mozilla.secops.authprofile.AuthProfile.AuthProfileOptions
getContentLength() - Method in class com.mozilla.secops.parser.models.fxacontent.FxaContent: Get ContentLength
getContentServerVarianceMinClients() - Method in interface com.mozilla.secops.customs.Customs.CustomsOptions
getController() - Method in class com.mozilla.secops.parser.Phabricator: Get controller
getCountry() - Method in class com.mozilla.secops.SourceCorrelation.SourceData: Get country
getCreatedBy() - Method in class com.mozilla.secops.IprepdIO.ExemptedObject: Get created by value
getCreatedBy() - Method in class com.mozilla.secops.Watchlist.WatchlistEntry: Get created by value
getCriticalNotificationEmail() - Method in interface com.mozilla.secops.OutputOptions
getCriticalSeverityEmail() - Method in interface com.mozilla.secops.postprocessing.PostProcessing.PostProcessingOptions
getCritObjects() - Method in interface com.mozilla.secops.authprofile.AuthProfile.AuthProfileOptions
getCurrentSource() - Method in class com.mozilla.secops.authstate.AuthStateModel.GeoVelocityResponse: Get current source address
getCustomerOrganizationNumber() - Method in class com.mozilla.secops.parser.models.etd.SourceId: Get GCP org number
getCustomMetadataValue(String) - Method in class com.mozilla.secops.alert.Alert: Return a custom metadata value
getCustomsNotificationTopic() - Method in interface com.mozilla.secops.customs.Customs.CustomsOptions
getData() - Method in class com.mozilla.secops.parser.Payload: Get payload data
getDatastoreKind() - Method in class com.mozilla.secops.alert.AlertConfiguration: Get datastore kind
getDatastoreKind() - Method in interface com.mozilla.secops.authprofile.AuthProfile.AuthProfileOptions
getDatastoreNamespace() - Method in class com.mozilla.secops.alert.AlertConfiguration: Get datastore namespace
getDatastoreNamespace() - Method in interface com.mozilla.secops.authprofile.AuthProfile.AuthProfileOptions
getDatastoreNamespace() - Method in interface com.mozilla.secops.customs.Customs.CustomsOptions
getDate() - Method in class com.mozilla.secops.parser.models.auth0.LogEvent: Getter for the date of this event.
getDecayAfter() - Method in class com.mozilla.secops.parser.IPrepdLog: Get decay after - time when reputation begins to heal
getDeferGeoIpResolution() - Method in interface com.mozilla.secops.InputOptions
getDeferGeoIpResolution() - Method in class com.mozilla.secops.parser.ParserCfg: Get defer GeoIP resolution setting
getDescription() - Method in class com.mozilla.secops.awsbehavior.CloudtrailMatcher
getDestIp() - Method in class com.mozilla.secops.parser.GcpVpcFlow: Get destination IP
getDestIp() - Method in class com.mozilla.secops.parser.models.gcpvpcflow.GcpVpcFlow.Connection: Get destination IP
getDestPort() - Method in class com.mozilla.secops.parser.GcpVpcFlow: Get destination port
getDestPort() - Method in class com.mozilla.secops.parser.models.gcpvpcflow.GcpVpcFlow.Connection: Get destination port
getDetail() - Method in class com.mozilla.secops.parser.models.cloudwatch.CloudWatchEvent: Get event detail
getDetails() - Method in class com.mozilla.secops.customs.CustomsAlert: Get details map
getDetails() - Method in class com.mozilla.secops.parser.models.auth0.LogEvent: Getter for the details object.
getDetailType() - Method in class com.mozilla.secops.parser.models.cloudwatch.CloudWatchEvent: Get event detail type, e.g.
getDetectionCategory() - Method in class com.mozilla.secops.parser.models.etd.EventThreatDetectionFinding: Get event detection category object
getDetectionPriority() - Method in class com.mozilla.secops.parser.models.etd.EventThreatDetectionFinding: Get event detection priority / severity
getDisableCloudwatchStrip() - Method in interface com.mozilla.secops.InputOptions
getDisableCloudwatchStrip() - Method in class com.mozilla.secops.parser.ParserCfg: Get disable Cloudwatch strip flag
getDisableMozlogStrip() - Method in interface com.mozilla.secops.InputOptions
getDisableMozlogStrip() - Method in class com.mozilla.secops.parser.ParserCfg: Get disable Mozlog strip flag
getDocLink() - Method in interface com.mozilla.secops.authprofile.AuthProfile.AuthProfileOptions
getDomain() - Method in class com.mozilla.secops.parser.models.etd.Properties: Get domain list
getDuopullData() - Method in class com.mozilla.secops.parser.Duopull: Fetch parsed duopull data
getDuration() - Method in class com.mozilla.secops.parser.models.taskcluster.Taskcluster: Get duration
getEmail() - Method in class com.mozilla.secops.identity.NotificationPreferences: Return the email specified
getEmail() - Method in class com.mozilla.secops.parser.models.amo.Amo: Get email
getEmail() - Method in class com.mozilla.secops.parser.models.fxaauth.FxaAuth: Get email
getEmailCatchall() - Method in class com.mozilla.secops.alert.AlertConfiguration: Get email catchall address
getEmailFrom() - Method in class com.mozilla.secops.alert.AlertConfiguration: Get email from address
getEmailTemplate() - Method in class com.mozilla.secops.alert.Alert: Get email template name
getEmailToUserIdMapping() - Method in class com.mozilla.secops.slack.SlackManager: Get map where the key is user's emails and the corresponding value is their slack id.
getEmptyView(Pipeline) - Static method in class com.mozilla.secops.customs.ContentServerVarianceDetector: Return an empty variance view, suitable as a placeholder if variance detection is not desired
getEmptyView(Pipeline) - Static method in class com.mozilla.secops.DetectNat: Return an empty NAT view, suitable as a placeholder if NAT detection is not desired
getEnableAccountCreationAbuseDetector() - Method in interface com.mozilla.secops.customs.Customs.CustomsOptions
getEnableAccountEnumerationDetector() - Method in interface com.mozilla.secops.customs.Customs.CustomsOptions
getEnableActivityMonitor() - Method in interface com.mozilla.secops.customs.Customs.CustomsOptions
getEnableAlertSummaryAnalysis() - Method in interface com.mozilla.secops.postprocessing.PostProcessing.PostProcessingOptions
getEnableAwsAssumeRoleCorrelator() - Method in interface com.mozilla.secops.authprofile.AuthProfile.AuthProfileOptions
getEnableContentServerVarianceDetection() - Method in interface com.mozilla.secops.customs.Customs.CustomsOptions
getEnableCritObjectAnalysis() - Method in interface com.mozilla.secops.authprofile.AuthProfile.AuthProfileOptions
getEnableEndpointAbuseAnalysis() - Method in interface com.mozilla.secops.httprequest.HTTPRequest.HTTPRequestOptions
getEnableEndpointAbuseAnalysis() - Method in class com.mozilla.secops.httprequest.HTTPRequestToggles: Get endpoint abuse analysis setting
getEnableEndpointSequenceAbuseAnalysis() - Method in interface com.mozilla.secops.httprequest.HTTPRequest.HTTPRequestOptions
getEnableEndpointSequenceAbuseAnalysis() - Method in class com.mozilla.secops.httprequest.HTTPRequestToggles: Get endpoint abuse analysis setting
getEnableErrorRateAnalysis() - Method in interface com.mozilla.secops.httprequest.HTTPRequest.HTTPRequestOptions
getEnableErrorRateAnalysis() - Method in class com.mozilla.secops.httprequest.HTTPRequestToggles: Get error rate analysis setting
getEnableETD() - Method in interface com.mozilla.secops.gatekeeper.GatekeeperPipeline.GatekeeperOptions
getEnableGD() - Method in interface com.mozilla.secops.gatekeeper.GatekeeperPipeline.GatekeeperOptions
getEnableHardLimitAnalysis() - Method in interface com.mozilla.secops.httprequest.HTTPRequest.HTTPRequestOptions
getEnableHardLimitAnalysis() - Method in class com.mozilla.secops.httprequest.HTTPRequestToggles: Get hard limit analysis setting
getEnableLoginFailureAtRiskAccount() - Method in interface com.mozilla.secops.customs.Customs.CustomsOptions
getEnableNatDetection() - Method in class com.mozilla.secops.httprequest.HTTPRequestToggles: Get enable NAT detection setting
getEnablePasswordResetAbuseDetector() - Method in interface com.mozilla.secops.customs.Customs.CustomsOptions
getEnablePerEndpointErrorRateAnalysis() - Method in interface com.mozilla.secops.httprequest.HTTPRequest.HTTPRequestOptions
getEnablePerEndpointErrorRateAnalysis() - Method in class com.mozilla.secops.httprequest.HTTPRequestToggles: Get enable per endpoint error rate analysis setting
getEnablePrivateRelayForward() - Method in interface com.mozilla.secops.customs.Customs.CustomsOptions
getEnableSessionLimitAnalysis() - Method in interface com.mozilla.secops.httprequest.HTTPRequest.HTTPRequestOptions
getEnableSessionLimitAnalysis() - Method in class com.mozilla.secops.httprequest.HTTPRequestToggles: Get enable session limit analysis setting
getEnableSourceCorrelator() - Method in interface com.mozilla.secops.httprequest.HTTPRequest.HTTPRequestOptions
getEnableSourceCorrelator() - Method in class com.mozilla.secops.httprequest.HTTPRequestToggles: Get enable source correlator
getEnableSourceLoginFailureDetector() - Method in interface com.mozilla.secops.customs.Customs.CustomsOptions
getEnableStateAnalysis() - Method in interface com.mozilla.secops.authprofile.AuthProfile.AuthProfileOptions
getEnableStatusCodeRateAnalysis() - Method in interface com.mozilla.secops.httprequest.HTTPRequest.HTTPRequestOptions
getEnableStatusCodeRateAnalysis() - Method in class com.mozilla.secops.httprequest.HTTPRequestToggles: Get status code rate analysis setting
getEnableStatusComparator() - Method in interface com.mozilla.secops.customs.Customs.CustomsOptions
getEnableSummaryAnalysis() - Method in interface com.mozilla.secops.customs.Customs.CustomsOptions
getEnableThresholdAnalysis() - Method in interface com.mozilla.secops.httprequest.HTTPRequest.HTTPRequestOptions
getEnableThresholdAnalysis() - Method in class com.mozilla.secops.httprequest.HTTPRequestToggles: Get threshold analysis setting
getEnableUserAgentBlocklistAnalysis() - Method in interface com.mozilla.secops.httprequest.HTTPRequest.HTTPRequestOptions
getEnableUserAgentBlocklistAnalysis() - Method in class com.mozilla.secops.httprequest.HTTPRequestToggles: Get user agent blocklist analysis setting
getEnableVelocityDetector() - Method in interface com.mozilla.secops.customs.Customs.CustomsOptions
getEnableVelocityDetectorMonitorOnly() - Method in interface com.mozilla.secops.customs.Customs.CustomsOptions
getEnableWatchlistAnalysis() - Method in interface com.mozilla.secops.postprocessing.PostProcessing.PostProcessingOptions
getEndpointAbuseCustomVarianceSubstrings() - Method in interface com.mozilla.secops.httprequest.HTTPRequest.HTTPRequestOptions
getEndpointAbuseCustomVarianceSubstrings() - Method in class com.mozilla.secops.httprequest.HTTPRequestToggles: Get endpoint abuse custom variance substrings
getEndpointAbuseExtendedVariance() - Method in interface com.mozilla.secops.httprequest.HTTPRequest.HTTPRequestOptions
getEndpointAbuseExtendedVariance() - Method in class com.mozilla.secops.httprequest.HTTPRequestToggles: Get endpoint abuse extended variance
getEndpointAbusePath() - Method in interface com.mozilla.secops.httprequest.HTTPRequest.HTTPRequestOptions
getEndpointAbusePath() - Method in class com.mozilla.secops.httprequest.HTTPRequestToggles: Get endpoint abuse path
getEndpointAbuseSuppressRecovery() - Method in interface com.mozilla.secops.httprequest.HTTPRequest.HTTPRequestOptions
getEndpointAbuseSuppressRecovery() - Method in class com.mozilla.secops.httprequest.HTTPRequestToggles: Get endpoint abuse suppress recovery
getEndpointSequenceAbusePatterns() - Method in interface com.mozilla.secops.httprequest.HTTPRequest.HTTPRequestOptions
getEndpointSequenceAbusePatterns() - Method in class com.mozilla.secops.httprequest.HTTPRequestToggles: Get endpoint abuse path
getEndpointSequenceAbuseSuppressRecovery() - Method in interface com.mozilla.secops.httprequest.HTTPRequest.HTTPRequestOptions
getEndpointSequenceAbuseSuppressRecovery() - Method in class com.mozilla.secops.httprequest.HTTPRequestToggles: Get endpoint abuse timing suppress recovery
getEntries() - Method in class com.mozilla.secops.authstate.AuthStateModel: Get entries associated with model
getErrno() - Method in class com.mozilla.secops.parser.models.fxaauth.FxaAuth: Get errno
getErrorCode() - Method in class com.mozilla.secops.parser.models.cloudtrail.CloudtrailEvent
getErrorMessage() - Method in class com.mozilla.secops.parser.models.cloudtrail.CloudtrailEvent
getErrorSessionGapDurationMinutes() - Method in interface com.mozilla.secops.httprequest.HTTPRequest.HTTPRequestOptions
getErrorSessionGapDurationMinutes() - Method in class com.mozilla.secops.httprequest.HTTPRequestToggles: Get session gap duration for session windows of only error events
getEscalateAccountCreation() - Method in interface com.mozilla.secops.customs.Customs.CustomsOptions
getEscalateAccountCreationDistributed() - Method in interface com.mozilla.secops.customs.Customs.CustomsOptions
getEscalateAccountEnumerationDetector() - Method in interface com.mozilla.secops.customs.Customs.CustomsOptions
getEscalateLoginFailureAtRiskAccount() - Method in interface com.mozilla.secops.customs.Customs.CustomsOptions
getEscalatePasswordResetAbuse() - Method in interface com.mozilla.secops.customs.Customs.CustomsOptions
getEscalateSourceLoginFailure() - Method in interface com.mozilla.secops.customs.Customs.CustomsOptions
getEscalateSourceLoginFailureDistributed() - Method in interface com.mozilla.secops.customs.Customs.CustomsOptions
getEscalateStatusComparator() - Method in interface com.mozilla.secops.customs.Customs.CustomsOptions
getEscalateTo() - Method in class com.mozilla.secops.identity.Identity: Get escalate to email address
getEscalateVelocity() - Method in interface com.mozilla.secops.customs.Customs.CustomsOptions
getEventAction() - Method in class com.mozilla.secops.parser.models.duopull.Duopull: Get event action
getEventDescriptionIpAddress() - Method in class com.mozilla.secops.parser.models.duopull.Duopull: Get event description ip address
getEventDescriptionObject() - Method in class com.mozilla.secops.parser.models.duopull.Duopull: Get event object
getEventDescriptionUserId() - Method in class com.mozilla.secops.parser.models.duopull.Duopull: Get event description user ID
getEventFactor() - Method in class com.mozilla.secops.parser.models.duopull.Duopull: Get event factor
getEventFilter() - Method in class com.mozilla.secops.input.InputElement: Get event filter
getEventID() - Method in class com.mozilla.secops.parser.Cloudtrail: Returns the event id of the cloudtrail event
getEventId() - Method in class com.mozilla.secops.parser.Event: Get unique event ID.
getEventID() - Method in class com.mozilla.secops.parser.models.cloudtrail.CloudtrailEvent
getEventMatchers() - Method in class com.mozilla.secops.awsbehavior.CloudtrailMatcherManager: Returns parsed CloudtrailMatchers
getEventName() - Method in class com.mozilla.secops.parser.models.cloudtrail.CloudtrailEvent
getEventReason() - Method in class com.mozilla.secops.parser.models.duopull.Duopull: Get event reason
getEventResult() - Method in class com.mozilla.secops.parser.models.duopull.Duopull: Get event result
getEvents() - Method in class com.mozilla.secops.customs.CustomsFeatures: Get event list
getEventsOfType(FxaAuth.EventSummary) - Method in class com.mozilla.secops.customs.CustomsFeatures: Get all events from event list of a certain type
getEventSource() - Method in class com.mozilla.secops.parser.models.cloudtrail.CloudtrailEvent
getEventSummary() - Method in class com.mozilla.secops.parser.FxaAuth: Get event summary
getEventTime() - Method in class com.mozilla.secops.parser.models.cloudtrail.CloudtrailEvent
getEventTime() - Method in class com.mozilla.secops.parser.models.etd.EventThreatDetectionFinding: Get event time
getEventTimestamp() - Method in class com.mozilla.secops.parser.models.duopull.Duopull: Get event timestamp
getEventType() - Method in class com.mozilla.secops.parser.AmoDocker: Get event type
getEventType() - Method in class com.mozilla.secops.parser.models.cloudtrail.CloudtrailEvent
getEventType() - Method in class com.mozilla.secops.parser.PrivateRelay: Get event type
getEventUsername() - Method in class com.mozilla.secops.parser.models.duopull.Duopull: Get event username
getEventVersion() - Method in class com.mozilla.secops.parser.models.cloudtrail.CloudtrailEvent
getEvidence() - Method in class com.mozilla.secops.parser.models.etd.EventThreatDetectionFinding: Get evidence object
getException() - Method in class com.mozilla.secops.parser.IPrepdLog: Get whether an object is an exception or not
getExceptRules() - Method in class com.mozilla.secops.parser.EventFilterRule: Get except rules
getExfiltrationThresholdBytes() - Method in interface com.mozilla.secops.pioneer.Pioneer.PioneerOptions
getExfiltrationThresholdSeconds() - Method in interface com.mozilla.secops.pioneer.Pioneer.PioneerOptions
getExpires() - Method in class com.mozilla.secops.parser.models.taskcluster.Taskcluster: Get expires
getExpiresAt() - Method in class com.mozilla.secops.IprepdIO.ExemptedObject: Get expires at
getExpiresAt() - Method in class com.mozilla.secops.Watchlist.WatchlistEntry: Get expires at
getFields() - Method in class com.mozilla.secops.awsbehavior.CloudtrailMatcher
getFields() - Method in class com.mozilla.secops.parser.Mozlog: Get fields
getFieldsAsJson(ObjectMapper) - Method in class com.mozilla.secops.parser.Mozlog: Get fields as JSON string
getFileInputs() - Method in class com.mozilla.secops.input.InputElement: Get file inputs
getFileName() - Method in class com.mozilla.secops.parser.AmoDocker: Get file name
getFilterRequestPath() - Method in interface com.mozilla.secops.httprequest.HTTPRequest.HTTPRequestOptions
getFilterRequestPath() - Method in class com.mozilla.secops.httprequest.HTTPRequestToggles: Get filter request path
getFinding() - Method in class com.mozilla.secops.parser.ETDBeta: Get underlying EventThreatDetectionFinding model
getFinding() - Method in class com.mozilla.secops.parser.GuardDuty: Get underlying GuardDuty Finding
getFromApi() - Method in class com.mozilla.secops.parser.AmoDocker: Get API submission flag
getFromApi() - Method in class com.mozilla.secops.parser.models.amo.Amo: Get from API flag
getFunction() - Method in class com.mozilla.secops.parser.Phabricator: Get function
getFxaAuthData() - Method in class com.mozilla.secops.parser.FxaAuth: Fetch parsed FxA auth data
getFxaContentData() - Method in class com.mozilla.secops.parser.FxaContent: Fetch parsed FxA content data
getFxaEmail() - Method in class com.mozilla.secops.parser.AmoDocker: Get FxA profile email
getGcpProject() - Method in class com.mozilla.secops.alert.AlertConfiguration: Get GCP project name
getGcsTemplateBasePath() - Method in class com.mozilla.secops.alert.AlertConfiguration: Get gcs template base path
getGenerateConfigurationTicksInterval() - Method in interface com.mozilla.secops.InputOptions
getGenerateConfigurationTicksMaximum() - Method in interface com.mozilla.secops.InputOptions
getGuarddutyConfigPath() - Method in interface com.mozilla.secops.gatekeeper.GuardDutyTransforms.Options
getGuid() - Method in class com.mozilla.secops.parser.models.amo.Amo: Get GUID
getHardLimitRequestCount() - Method in interface com.mozilla.secops.httprequest.HTTPRequest.HTTPRequestOptions
getHardLimitRequestCount() - Method in class com.mozilla.secops.httprequest.HTTPRequestToggles: Get hard limit request count
getHeuristic() - Method in class com.mozilla.secops.customs.CustomsAlert: Get heuristic
getHeuristicDescription() - Method in class com.mozilla.secops.customs.CustomsAlert: Get heuristic description
getHigh() - Method in class com.mozilla.secops.parser.EventFilterPayloadRange: Get high value
getHighETDFindingRuleRegex() - Method in interface com.mozilla.secops.gatekeeper.ETDTransforms.Options
getHighSeverityMatchers() - Method in class com.mozilla.secops.gatekeeper.GuardDutyConfig: Get high severity finding matchers
getHostname() - Method in class com.mozilla.secops.parser.Mozlog: Get hostname
getId() - Method in class com.mozilla.secops.customs.CustomsAlert: Get UUID
getId() - Method in class com.mozilla.secops.parser.models.auth0.LogEvent: Getter for the id of this event.
getId() - Method in class com.mozilla.secops.parser.models.cloudwatch.CloudWatchEvent: Get event id
getId() - Method in class com.mozilla.secops.state.StateOperation: Get operation ID
getIdentities() - Method in class com.mozilla.secops.identity.IdentityManager: Get all known identities
getIdentity(String) - Method in class com.mozilla.secops.identity.IdentityManager: Get specific identity
getIdentityManager(String) - Static method in class com.mozilla.secops.authprofile.AuthProfile: Load a process shared version of the identity manager
getIdentityManager() - Method in class com.mozilla.secops.parser.Parser: Get any configured identity manager from the parser
getIdentityManagerPath() - Method in interface com.mozilla.secops.awsbehavior.AwsBehavior.AwsBehaviorOptions
getIdentityManagerPath() - Method in interface com.mozilla.secops.InputOptions
getIdentityManagerPath() - Method in class com.mozilla.secops.parser.ParserCfg: Get IdentityManager json file path
getIdentityName() - Method in class com.mozilla.secops.parser.models.cloudtrail.CloudtrailEvent: Get the identity name depending on the user type
getIgnoreCloudProviderRequests() - Method in interface com.mozilla.secops.httprequest.HTTPRequest.HTTPRequestOptions
getIgnoreCloudProviderRequests() - Method in class com.mozilla.secops.httprequest.HTTPRequestToggles: Get ignore cloud provider requests
getIgnoreETDFindingRuleRegex() - Method in interface com.mozilla.secops.gatekeeper.ETDTransforms.Options
getIgnoreInternalRequests() - Method in interface com.mozilla.secops.httprequest.HTTPRequest.HTTPRequestOptions
getIgnoreInternalRequests() - Method in class com.mozilla.secops.httprequest.HTTPRequestToggles: Get ignore internal requests
getIgnoreMatchers() - Method in class com.mozilla.secops.gatekeeper.GuardDutyConfig: Get ignore finding matchers
getIgnoreUnknownIdentities() - Method in interface com.mozilla.secops.authprofile.AuthProfile.AuthProfileOptions
getIgnoreUserRegex() - Method in interface com.mozilla.secops.authprofile.AuthProfile.AuthProfileOptions
getIncludeUrlHostRegex() - Method in interface com.mozilla.secops.httprequest.HTTPRequest.HTTPRequestOptions
getIncludeUrlHostRegex() - Method in class com.mozilla.secops.httprequest.HTTPRequestToggles: Get include URL host regex
getIndicator() - Method in class com.mozilla.secops.customs.CustomsAlert: Get indicator
getIndicator() - Method in class com.mozilla.secops.parser.models.etd.DetectionCategory: Get indicator
getIndicatorType() - Method in class com.mozilla.secops.customs.CustomsAlert: Get indicator type
getInput(Pipeline, HTTPRequest.HTTPRequestOptions) - Static method in class com.mozilla.secops.httprequest.HTTPRequest: Given HTTPRequest pipeline options, return a configured Input class
getInput() - Method in class com.mozilla.secops.httprequest.HTTPRequestMultiMode: Get input configuration
getInputElementByName(String) - Method in class com.mozilla.secops.input.Input: Get an input element by name
getInputElements() - Method in class com.mozilla.secops.input.Input: Get input elements
getInputFile() - Method in interface com.mozilla.secops.InputOptions
getInputIprepd() - Method in interface com.mozilla.secops.InputOptions
getInputKinesis() - Method in interface com.mozilla.secops.InputOptions
getInputPubsub() - Method in interface com.mozilla.secops.InputOptions
getInsertId() - Method in class com.mozilla.secops.parser.models.etd.SourceLogId: Get insert id
getInsights(String, String) - Method in class com.mozilla.secops.Minfraud: Get Insights response from Minfraud using an IP address and an optional email address
getIntegerMatchers() - Method in class com.mozilla.secops.parser.EventFilterPayload: Get configured integer matchers
getIntegerRangeMatchers() - Method in class com.mozilla.secops.parser.EventFilterPayload: Get configured integer range matchers
getInvokedBy() - Method in class com.mozilla.secops.parser.models.cloudtrail.UserIdentity
getIp() - Method in class com.mozilla.secops.IprepdIO.ExemptedObject: Get IP string
getIP() - Method in class com.mozilla.secops.parser.models.auth0.LogEvent: Getter for the IP address related to this event.
getIp() - Method in class com.mozilla.secops.parser.models.etd.Properties: Get IP
getIpAddress() - Method in class com.mozilla.secops.customs.CustomsAtRiskAccountState.CustomsAtRiskAccountStateModel.ScannedByEntry: Get IP address of entry
getIprepdSpecs() - Method in class com.mozilla.secops.IprepdIO.Write: Get iprepd specs
getIsp() - Method in class com.mozilla.secops.SourceCorrelation.SourceData: Get ISP
getIsPublic() - Method in class com.mozilla.secops.parser.models.taskcluster.Taskcluster: Get isPublic
getIsSensitive() - Method in enum com.mozilla.secops.alert.AlertMeta.Key: Return if key is considered sensitive
getKey() - Method in class com.mozilla.secops.alert.AlertMeta: Get metadata key
getKey() - Method in enum com.mozilla.secops.alert.AlertMeta.Key: Return the string that will be used as the metadata key
getKey() - Method in class com.mozilla.secops.state.StateOperation: Get key
getKeys() - Method in class com.mozilla.secops.parser.models.fxaauth.FxaAuth: Get keys
getKinesisInputs() - Method in class com.mozilla.secops.input.InputElement: Get Kinesis inputs
getKmDistance() - Method in class com.mozilla.secops.authstate.AuthStateModel.GeoVelocityResponse: Get distance between points in KM
getKnownGatewaysPath() - Method in interface com.mozilla.secops.httprequest.HTTPRequest.HTTPRequestOptions
getKnownGatewaysPath() - Method in class com.mozilla.secops.httprequest.HTTPRequestToggles: Get path to list of inital nat gateways
getLang() - Method in class com.mozilla.secops.parser.models.fxaauth.FxaAuth: Get lang
getLatestTimestamp(Iterable<Event>) - Static method in class com.mozilla.secops.parser.Parser: Given an interable of events, return the latest timestamp
getLatitude() - Method in class com.mozilla.secops.authstate.AuthStateModel.ModelEntry: Get model latitude field
getLocation() - Method in class com.mozilla.secops.parser.models.etd.Properties: Get GCP location (analogous to AWS region)
getLocationInfo() - Method in class com.mozilla.secops.parser.models.auth0.LogEvent: Getter for the location info object.
getLogger() - Method in class com.mozilla.secops.parser.Mozlog: Get logger value
getLongitude() - Method in class com.mozilla.secops.authstate.AuthStateModel.ModelEntry: Get model longitude field
getLow() - Method in class com.mozilla.secops.parser.EventFilterPayloadRange: Get low value
getMatchAny() - Method in class com.mozilla.secops.parser.EventFilter: Get match any setting
getMaxAllowableTimestampDifference() - Method in interface com.mozilla.secops.InputOptions
getMaxClientErrorRate() - Method in interface com.mozilla.secops.httprequest.HTTPRequest.HTTPRequestOptions
getMaxClientErrorRate() - Method in class com.mozilla.secops.httprequest.HTTPRequestToggles: Get max client error rate
getMaxClientStatusCodeRate() - Method in interface com.mozilla.secops.httprequest.HTTPRequest.HTTPRequestOptions
getMaxClientStatusCodeRate() - Method in class com.mozilla.secops.httprequest.HTTPRequestToggles: Get max client status code rate
getMaximumKilometersFromLastLogin() - Method in interface com.mozilla.secops.authprofile.AuthProfile.AuthProfileOptions
getMaximumKilometersPerHour() - Method in interface com.mozilla.secops.authprofile.AuthProfile.AuthProfileOptions
getMaximumKilometersPerHour() - Method in interface com.mozilla.secops.customs.Customs.CustomsOptions
getMaximumKilometersPerHourMonitorOnly() - Method in interface com.mozilla.secops.customs.Customs.CustomsOptions
getMaxKmPerSecondExceeded() - Method in class com.mozilla.secops.authstate.AuthStateModel.GeoVelocityResponse: Return true if max KM/s was exceeded
getMaxmindAccountId() - Method in interface com.mozilla.secops.InputOptions
getMaxmindCityDbPath() - Method in interface com.mozilla.secops.InputOptions
getMaxmindCityDbPath() - Method in class com.mozilla.secops.parser.ParserCfg: Get Maxmind City database path
getMaxmindIspDbPath() - Method in interface com.mozilla.secops.InputOptions
getMaxmindIspDbPath() - Method in class com.mozilla.secops.parser.ParserCfg: Get Maxmind ISP database path
getMaxmindLicenseKey() - Method in interface com.mozilla.secops.InputOptions
getMaxTimestampDifference() - Method in class com.mozilla.secops.parser.ParserCfg: Get maximum allowable timestamp difference
getMean() - Method in class com.mozilla.secops.Stats.StatsOutput: Get mean value of set
getMemcachedHost() - Method in class com.mozilla.secops.alert.AlertConfiguration: Get memcached host
getMemcachedHost() - Method in interface com.mozilla.secops.authprofile.AuthProfile.AuthProfileOptions
getMemcachedHost() - Method in interface com.mozilla.secops.customs.Customs.CustomsOptions
getMemcachedPort() - Method in class com.mozilla.secops.alert.AlertConfiguration: Get memcached port
getMemcachedPort() - Method in interface com.mozilla.secops.authprofile.AuthProfile.AuthProfileOptions
getMemcachedPort() - Method in interface com.mozilla.secops.customs.Customs.CustomsOptions
getMetadata() - Method in class com.mozilla.secops.alert.Alert: Get alert metadata
getMetadataValue(AlertMeta.Key) - Method in class com.mozilla.secops.alert.Alert: Return a specific metadata value
getMethod() - Method in class com.mozilla.secops.identity.NotificationPreferences: Return the notification method specified
getMethod() - Method in class com.mozilla.secops.parser.models.fxaauth.FxaAuth: Get method
getMethod() - Method in class com.mozilla.secops.parser.models.fxacontent.FxaContent: Get Method
getMethod() - Method in class com.mozilla.secops.parser.models.taskcluster.Taskcluster: Get method
getMFAAuthenticated() - Method in class com.mozilla.secops.parser.models.cloudtrail.UserIdentity
getMinimumDistanceForAlert() - Method in interface com.mozilla.secops.customs.Customs.CustomsOptions
getMinimumDistanceForAlertMonitorOnly() - Method in interface com.mozilla.secops.customs.Customs.CustomsOptions
getMonitoredResource() - Method in class com.mozilla.secops.httprequest.HTTPRequestToggles: Get monitored resource
getMonitoredResourceIndicator() - Method in interface com.mozilla.secops.OutputOptions
getMozlog() - Method in class com.mozilla.secops.parser.Event: Get mozlog value
getMsg() - Method in class com.mozilla.secops.parser.AmoDocker: Get msg
getMsg() - Method in class com.mozilla.secops.parser.BmoAudit: Get msg
getMsg() - Method in class com.mozilla.secops.parser.IPrepdLog: Get msg
getMsg() - Method in class com.mozilla.secops.parser.models.amo.Amo: Get msg
getMsg() - Method in class com.mozilla.secops.parser.models.duopull.Duopull: Get event msg
getMsg() - Method in class com.mozilla.secops.parser.PrivateRelay: Get msg
getName() - Method in class com.mozilla.secops.input.InputElement: Get element name
getName() - Method in class com.mozilla.secops.parser.models.taskcluster.Taskcluster: Get name
getNamedSubnets() - Method in class com.mozilla.secops.identity.IdentityManager: Get named subnets
getNatDetection() - Method in interface com.mozilla.secops.httprequest.HTTPRequest.HTTPRequestOptions
getNormalized() - Method in class com.mozilla.secops.parser.Event: Return normalized data set.
getNotify() - Method in class com.mozilla.secops.identity.Identity: Get notification preferences for identity
getNotifyMergeKey() - Method in class com.mozilla.secops.alert.Alert: Get alert merge key for notifications from metadata
getNumericUserId() - Method in class com.mozilla.secops.parser.models.amo.Amo: Get numeric user ID
getObject() - Method in class com.mozilla.secops.IprepdIO.ExemptedObject: Get object string
getObject() - Method in class com.mozilla.secops.IprepdIO.ReputationValue: Get object field
getObject() - Method in class com.mozilla.secops.parser.IPrepdLog: Get the object (i.e.
getObject() - Method in class com.mozilla.secops.parser.Normalized: Get object field
getObject() - Method in class com.mozilla.secops.Violation: Get object
getObject() - Method in class com.mozilla.secops.Watchlist.WatchlistEntry: Get object string
getObjectType() - Method in class com.mozilla.secops.parser.IPrepdLog: Get object type (i.e.
getOp() - Method in class com.mozilla.secops.parser.models.fxaauth.FxaAuth: Get op
getOperatingMode() - Method in class com.mozilla.secops.input.Input: Get operating mode
getOperationType() - Method in class com.mozilla.secops.state.StateOperation: Get operation type
getOriginalReputation() - Method in class com.mozilla.secops.parser.IPrepdLog: Get the original reputation of the object the violation was applied to
getOutputAlertEmailCatchall() - Method in interface com.mozilla.secops.OutputOptions
getOutputAlertEmailFrom() - Method in interface com.mozilla.secops.OutputOptions
getOutputAlertGcsTemplateBasePath() - Method in interface com.mozilla.secops.OutputOptions
getOutputAlertSlackCatchall() - Method in interface com.mozilla.secops.OutputOptions
getOutputAlertSlackToken() - Method in interface com.mozilla.secops.OutputOptions
getOutputAlertSmtpCredentials() - Method in interface com.mozilla.secops.OutputOptions
getOutputAlertSmtpRelay() - Method in interface com.mozilla.secops.OutputOptions
getOutputAlertTemplates() - Method in interface com.mozilla.secops.OutputOptions
getOutputBigQuery() - Method in interface com.mozilla.secops.OutputOptions
getOutputFile() - Method in interface com.mozilla.secops.OutputOptions
getOutputId() - Method in class com.mozilla.secops.Stats.StatsOutput: Return unique output ID
getOutputIprepd() - Method in interface com.mozilla.secops.OutputOptions
getOutputIprepdDatastoreExemptionsProject() - Method in interface com.mozilla.secops.OutputOptions
getOutputIprepdEnableDatastoreExemptions() - Method in interface com.mozilla.secops.OutputOptions
getOutputPubsub() - Method in interface com.mozilla.secops.OutputOptions
getOutputSqs() - Method in interface com.mozilla.secops.OutputOptions
getParsedUrl() - Method in class com.mozilla.secops.parser.GLB: Get parsed URL object
getParserConfiguration() - Method in class com.mozilla.secops.input.InputElement: Get parser configuration
getParserFastMatcher() - Method in interface com.mozilla.secops.InputOptions
getParserFastMatcher() - Method in class com.mozilla.secops.parser.ParserCfg
getPasswordResetAbuseThreshold() - Method in interface com.mozilla.secops.customs.Customs.CustomsOptions
getPath() - Method in class com.mozilla.secops.parser.models.duopull.Duopull: Get event path
getPath() - Method in class com.mozilla.secops.parser.models.fxaauth.FxaAuth: Get path
getPath() - Method in class com.mozilla.secops.parser.models.fxacontent.FxaContent: Get Path
getPath() - Method in class com.mozilla.secops.parser.Phabricator: Get path
getPayload() - Method in class com.mozilla.secops.alert.Alert: Get alert payload
getPayload() - Method in class com.mozilla.secops.parser.Event: Get event payload.
getPayloadFilters() - Method in class com.mozilla.secops.parser.EventFilterPayloadOr: Get configured payload filters
getPayloadFilters() - Method in class com.mozilla.secops.parser.EventFilterRule: Get payload filters
getPayloadType() - Method in class com.mozilla.secops.parser.Event: Return the type of payload data associated with this event.
getPayloadType() - Method in class com.mozilla.secops.parser.EventFilterPayload: Get payload filter
getPerEndpointErrorRateAlertSuppressionDurationSeconds() - Method in interface com.mozilla.secops.httprequest.HTTPRequest.HTTPRequestOptions
getPerEndpointErrorRateAlertSuppressionDurationSeconds() - Method in class com.mozilla.secops.httprequest.HTTPRequestToggles: Get alert suppression duration for per endpoint error rate
getPerEndpointErrorRateAnalysisSuppressRecovery() - Method in interface com.mozilla.secops.httprequest.HTTPRequest.HTTPRequestOptions
getPerEndpointErrorRatePaths() - Method in interface com.mozilla.secops.httprequest.HTTPRequest.HTTPRequestOptions
getPerEndpointErrorRatePaths() - Method in class com.mozilla.secops.httprequest.HTTPRequestToggles: Get paths for per endpoint error rate analysis
getPerEndpointErrorRateSuppressRecovery() - Method in class com.mozilla.secops.httprequest.HTTPRequestToggles: Get paths for per endpoint error rate analysis
getPid() - Method in class com.mozilla.secops.parser.Mozlog: Get pid
getPipelineMultimodeConfiguration() - Method in interface com.mozilla.secops.httprequest.HTTPRequest.HTTPRequestOptions
getPipelineVersion() - Method in interface com.mozilla.secops.InputOptions
getPreviousSource() - Method in class com.mozilla.secops.authstate.AuthStateModel.GeoVelocityResponse: Get previous source address
getPrincipalEmail() - Method in class com.mozilla.secops.parser.GcpAudit: Get principal email
getPrincipalId() - Method in class com.mozilla.secops.parser.models.cloudtrail.UserIdentity
getProject() - Method in class com.mozilla.secops.input.Input: Get project
getProject() - Method in class com.mozilla.secops.IprepdIO.Write: Get project
getProject_id() - Method in class com.mozilla.secops.parser.models.etd.Properties: Get GCP project id for ETD
getProjectNumber() - Method in class com.mozilla.secops.parser.models.etd.SourceId: Get GCP project number for source of Finding
getProperties() - Method in class com.mozilla.secops.parser.models.etd.EventThreatDetectionFinding: Get event detection properties object
getPubsubInputs() - Method in class com.mozilla.secops.input.InputElement: Get Pubsub inputs
getRaw() - Method in class com.mozilla.secops.parser.Raw: Get raw string
getReader(String, String) - Static method in class com.mozilla.secops.IprepdIO: Return a new reader for reading reputation from iprepd
getReadOnly() - Method in class com.mozilla.secops.parser.models.cloudtrail.CloudtrailEvent
getRealAddress() - Method in class com.mozilla.secops.customs.PrivateRelayForward.PrivateRelayForwardState: Get real address
getRealAddress() - Method in class com.mozilla.secops.parser.PrivateRelay: Get real address
getReason() - Method in class com.mozilla.secops.customs.CustomsAlert: Get reason
getRecipientAccountId() - Method in class com.mozilla.secops.parser.models.cloudtrail.CloudtrailEvent
getReferenceID() - Method in class com.mozilla.secops.parser.Normalized: Get the reference ID (identifier from the event source)
getReferer() - Method in class com.mozilla.secops.parser.models.fxacontent.FxaContent: Get referer
getReferer() - Method in class com.mozilla.secops.parser.Phabricator: Get referer
getReferrer() - Method in class com.mozilla.secops.parser.ApacheCombined: Get referrer
getReferrer() - Method in class com.mozilla.secops.parser.models.nginxstackdriver.NginxStackdriverVariant1: Get referrer
getReferrer() - Method in class com.mozilla.secops.parser.models.nginxstackdriver.NginxStackdriverVariant2: Get referrer
getReferrer() - Method in class com.mozilla.secops.parser.Nginx: Get referrer
getRegion() - Method in class com.mozilla.secops.parser.models.cloudwatch.CloudWatchEvent: Get event AWS region
getRegisteredTemplates() - Method in class com.mozilla.secops.alert.AlertConfiguration: Return a list of registered templates
getRelayAddress() - Method in class com.mozilla.secops.parser.PrivateRelay: Get relay address
getRelayAddressId() - Method in class com.mozilla.secops.parser.PrivateRelay: Get relay address ID
getRemoteAddr() - Method in class com.mozilla.secops.parser.models.nginxstackdriver.NginxStackdriverVariant1: Get remote_addr
getRemoteAddressChain() - Method in class com.mozilla.secops.parser.models.amo.Amo: Get remoteAddressChain
getRemoteAddressChain() - Method in class com.mozilla.secops.parser.models.fxaauth.FxaAuth: Get remote address chain
getRemoteAddressChain() - Method in class com.mozilla.secops.parser.models.fxacontent.FxaContent: Get remote address chain
getRemoteIp() - Method in class com.mozilla.secops.parser.AmoDocker: Get remote IP
getRemoteIp() - Method in class com.mozilla.secops.parser.BmoAudit: Get remote IP
getRemoteIp() - Method in class com.mozilla.secops.parser.models.nginxstackdriver.NginxStackdriverVariant2: Get remote_ip
getRemoteUser() - Method in class com.mozilla.secops.parser.ApacheCombined: Get remote user
getRemoteUser() - Method in class com.mozilla.secops.parser.models.nginxstackdriver.NginxStackdriverVariant1: Get remote_user
getReputation(String, String) - Method in class com.mozilla.secops.IprepdIO.Reader: Read a reputation
getReputation() - Method in class com.mozilla.secops.IprepdIO.ReputationValue: Get reputation value
getReputation() - Method in class com.mozilla.secops.parser.IPrepdLog: Get the current reputation of the object the violation was applied to
getRequest() - Method in class com.mozilla.secops.parser.ApacheCombined: Get request.
getRequest() - Method in class com.mozilla.secops.parser.models.nginxstackdriver.NginxStackdriverVariant1: Get request
getRequest() - Method in class com.mozilla.secops.parser.models.nginxstackdriver.NginxStackdriverVariant2: Get request
getRequest() - Method in class com.mozilla.secops.parser.Nginx: Get request.
getRequestId() - Method in class com.mozilla.secops.parser.BmoAudit: Get request ID
getRequestID() - Method in class com.mozilla.secops.parser.models.cloudtrail.CloudtrailEvent
getRequestMethod() - Method in class com.mozilla.secops.parser.ApacheCombined: Get request method.
getRequestMethod() - Method in class com.mozilla.secops.parser.GLB: Get request method.
getRequestMethod() - Method in class com.mozilla.secops.parser.Nginx: Get request method.
getRequestMethod() - Method in class com.mozilla.secops.parser.Normalized: Get request method field
getRequestParameters() - Method in class com.mozilla.secops.parser.models.cloudtrail.CloudtrailEvent
getRequestPath() - Method in class com.mozilla.secops.parser.Nginx: Get request path.
getRequestStatus() - Method in class com.mozilla.secops.parser.Normalized: Get request status
getRequestTime() - Method in class com.mozilla.secops.parser.models.nginxstackdriver.NginxStackdriverVariant1: Get request_time
getRequestTime() - Method in class com.mozilla.secops.parser.models.nginxstackdriver.NginxStackdriverVariant2: Get req_time
getRequestType() - Method in class com.mozilla.secops.parser.FxaContent: Get request type
getRequestUrl() - Method in class com.mozilla.secops.parser.ApacheCombined: Get request URL.
getRequestUrl() - Method in class com.mozilla.secops.parser.GLB: Get request URL.
getRequestUrl() - Method in class com.mozilla.secops.parser.Nginx: Get request URL.
getRequestUrl() - Method in class com.mozilla.secops.parser.Normalized: Get request URL field
getRequiredMinimumAverage() - Method in interface com.mozilla.secops.httprequest.HTTPRequest.HTTPRequestOptions
getRequiredMinimumAverage() - Method in class com.mozilla.secops.httprequest.HTTPRequestToggles: Get required minimum average
getRequiredMinimumClients() - Method in interface com.mozilla.secops.httprequest.HTTPRequest.HTTPRequestOptions
getRequiredMinimumClients() - Method in class com.mozilla.secops.httprequest.HTTPRequestToggles: Get required minimum clients
getRequiredMinimumRequestsPerClient() - Method in interface com.mozilla.secops.httprequest.HTTPRequest.HTTPRequestOptions
getRequiredMinimumRequestsPerClient() - Method in class com.mozilla.secops.httprequest.HTTPRequestToggles: Get required minimum number of requests per client
getResolvedSubject() - Method in class com.mozilla.secops.parser.Taskcluster: Get resolved subject ID
getResource() - Method in class com.mozilla.secops.awsbehavior.CloudtrailMatcher
getResource(String) - Method in class com.mozilla.secops.parser.Cloudtrail: Utility method for returning the resource the event was acting on, used for adding context to an Alert.
getResource() - Method in class com.mozilla.secops.parser.GcpAudit: Get resource
getResource() - Method in class com.mozilla.secops.parser.models.taskcluster.Taskcluster: Get resource
getResources() - Method in class com.mozilla.secops.parser.models.cloudwatch.CloudWatchEvent: Get event resources, typically in the form of ARNs
getResponseElements() - Method in class com.mozilla.secops.parser.models.cloudtrail.CloudtrailEvent
getResponseElementsValue(String) - Method in class com.mozilla.secops.parser.models.cloudtrail.CloudtrailEvent
getRestrictedValue() - Method in class com.mozilla.secops.parser.AmoDocker: Get restricted value
getResultValue() - Method in class com.mozilla.secops.state.StateOperation: Get result value
getResultValueForId(UUID) - Method in class com.mozilla.secops.state.StateCursor: Fetch a result value from a completed operation
getResultValues() - Method in class com.mozilla.secops.state.StateOperation: Get result values
getResultValuesForId(UUID) - Method in class com.mozilla.secops.state.StateCursor: Fetch a set of result values from a completed operation
getRuleName() - Method in class com.mozilla.secops.parser.models.etd.DetectionCategory: Get rule name which triggered finding
getRules() - Method in class com.mozilla.secops.parser.EventFilter: Get configured rules
getSatisfyingScopes() - Method in class com.mozilla.secops.parser.models.taskcluster.Taskcluster: Get satisfying scopes
getService() - Method in class com.mozilla.secops.parser.models.fxaauth.FxaAuth: Get service
getServiceToggles() - Method in class com.mozilla.secops.httprequest.HTTPRequestMultiMode: Get service toggles
getSessionAttributesValue(String) - Method in class com.mozilla.secops.parser.models.cloudtrail.UserIdentity
getSessionGapDurationMinutes() - Method in interface com.mozilla.secops.httprequest.HTTPRequest.HTTPRequestOptions
getSessionGapDurationMinutes() - Method in class com.mozilla.secops.httprequest.HTTPRequestToggles: Get session gap duration minutes
getSessionIssuer() - Method in class com.mozilla.secops.parser.models.cloudtrail.SessionContext
getSessionIssuerValue(String) - Method in class com.mozilla.secops.parser.models.cloudtrail.UserIdentity
getSessionLimitAnalysisPaths() - Method in interface com.mozilla.secops.httprequest.HTTPRequest.HTTPRequestOptions
getSessionLimitAnalysisPaths() - Method in class com.mozilla.secops.httprequest.HTTPRequestToggles: Get session analysis pathes
getSessionLimitAnalysisSuppressRecovery() - Method in interface com.mozilla.secops.httprequest.HTTPRequest.HTTPRequestOptions
getSessionLimitAnalysisSuppressRecovery() - Method in class com.mozilla.secops.httprequest.HTTPRequestToggles: Get session limit analysis suppress recovery
getSeverity() - Method in class com.mozilla.secops.alert.Alert: Get alert severity
getSeverity() - Method in class com.mozilla.secops.customs.CustomsAlert: Get severity
getSeverity() - Method in class com.mozilla.secops.parser.Mozlog: Get severity integer
getSeverity() - Method in class com.mozilla.secops.Watchlist.WatchlistEntry: Get severity
getSharedEventID() - Method in class com.mozilla.secops.parser.Cloudtrail: Returns the shared event id of the cloudtrail event
getSharedEventID() - Method in class com.mozilla.secops.parser.models.cloudtrail.CloudtrailEvent
getSlackCatchall() - Method in class com.mozilla.secops.alert.AlertConfiguration: Get slack catchall channel id
getSlackCatchallTemplate() - Method in class com.mozilla.secops.alert.Alert: Get slack catchall template name
getSlackChannelNotification() - Method in interface com.mozilla.secops.pioneer.Pioneer.PioneerOptions
getSlackTemplate() - Method in class com.mozilla.secops.alert.Alert: Get slack template name
getSlackToken() - Method in class com.mozilla.secops.alert.AlertConfiguration: Get slack bot token
getSmsRecipient() - Method in class com.mozilla.secops.parser.models.fxaauth.FxaAuth
getSmtpCredentials() - Method in class com.mozilla.secops.alert.AlertConfiguration: Get SMTP credentials
getSmtpRelay() - Method in class com.mozilla.secops.alert.AlertConfiguration: Get SMTP relay
getSource() - Method in class com.mozilla.secops.parser.models.cloudwatch.CloudWatchEvent: Get event source service, e.g.
getSourceAddress() - Method in class com.mozilla.secops.parser.GeoIP.GeoIPData: Get source address set in this GeoIPData object
getSourceAddress() - Method in class com.mozilla.secops.parser.Normalized: Get source address field
getSourceAddress() - Method in class com.mozilla.secops.parser.SourcePayloadBase: Get source address
getSourceAddress() - Method in class com.mozilla.secops.SourceCorrelation.SourceData: Get source address
getSourceAddress() - Method in class com.mozilla.secops.Violation: Get source address
getSourceAddressAsn() - Method in class com.mozilla.secops.parser.GeoIP.GeoIPData: Get source address ASN
getSourceAddressAsn() - Method in class com.mozilla.secops.parser.Normalized: Get source address ASN
getSourceAddressAsn() - Method in class com.mozilla.secops.parser.SourcePayloadBase: Get source address ASN
getSourceAddressAsOrg() - Method in class com.mozilla.secops.parser.GeoIP.GeoIPData: Get source address AS organization
getSourceAddressAsOrg() - Method in class com.mozilla.secops.parser.Normalized: Get source address AS organization
getSourceAddressAsOrg() - Method in class com.mozilla.secops.parser.SourcePayloadBase: Get source address AS organization
getSourceAddressCity() - Method in class com.mozilla.secops.parser.GeoIP.GeoIPData: Get source address city
getSourceAddressCity() - Method in class com.mozilla.secops.parser.Normalized: Get source address city field
getSourceAddressCity() - Method in class com.mozilla.secops.parser.SourcePayloadBase: Get source address city
getSourceAddressCountry() - Method in class com.mozilla.secops.parser.GeoIP.GeoIPData: Get source address country
getSourceAddressCountry() - Method in class com.mozilla.secops.parser.Normalized: Get source address country field
getSourceAddressCountry() - Method in class com.mozilla.secops.parser.SourcePayloadBase: Get source address country
getSourceAddressEventCount() - Method in class com.mozilla.secops.customs.CustomsFeatures: Get count of total events per source address
getSourceAddressIsAnonymous() - Method in class com.mozilla.secops.parser.Normalized: Get source address isanonymous
getSourceAddressIsAnonymousVpn() - Method in class com.mozilla.secops.parser.Normalized: Get source address isanonymousvpn
getSourceAddressIsHostingProvider() - Method in class com.mozilla.secops.parser.Normalized: Get source address ishostingprovider
getSourceAddressIsLegitimateProxy() - Method in class com.mozilla.secops.parser.Normalized: Get source address islegitimateproxy
getSourceAddressIsp() - Method in class com.mozilla.secops.parser.GeoIP.GeoIPData: Get source address ISP
getSourceAddressIsp() - Method in class com.mozilla.secops.parser.Normalized: Get source address ISP
getSourceAddressIsp() - Method in class com.mozilla.secops.parser.SourcePayloadBase: Get source address ISP
getSourceAddressIsPublicProxy() - Method in class com.mozilla.secops.parser.Normalized: Get source address ispublicproxy
getSourceAddressIsTorExitNode() - Method in class com.mozilla.secops.parser.Normalized: Get source address istorexitnode
getSourceAddressLatitude() - Method in class com.mozilla.secops.parser.GeoIP.GeoIPData: Get source address latitude
getSourceAddressLatitude() - Method in class com.mozilla.secops.parser.Normalized: Get source address latitude
getSourceAddressLatitude() - Method in class com.mozilla.secops.parser.SourcePayloadBase: Get source address latitude
getSourceAddressLongitude() - Method in class com.mozilla.secops.parser.GeoIP.GeoIPData: Get source address longitude
getSourceAddressLongitude() - Method in class com.mozilla.secops.parser.Normalized: Get source address longitude
getSourceAddressLongitude() - Method in class com.mozilla.secops.parser.SourcePayloadBase: Get source address longitude
getSourceAddressRiskScore() - Method in class com.mozilla.secops.parser.Normalized: Get source address risks core from minfraud
getSourceAddressTimeZone() - Method in class com.mozilla.secops.parser.GeoIP.GeoIPData: Get source address time zone
getSourceAddressTimeZone() - Method in class com.mozilla.secops.parser.Normalized: Get source address time zone field
getSourceAddressTimeZone() - Method in class com.mozilla.secops.parser.SourcePayloadBase: Get source address time zone
getSourceCorrelatorAlertPercentage() - Method in interface com.mozilla.secops.httprequest.HTTPRequest.HTTPRequestOptions
getSourceCorrelatorAlertPercentage() - Method in class com.mozilla.secops.httprequest.HTTPRequestToggles: Get source correlator alert percentage
getSourceCorrelatorMinimumAddresses() - Method in interface com.mozilla.secops.httprequest.HTTPRequest.HTTPRequestOptions
getSourceCorrelatorMinimumAddresses() - Method in class com.mozilla.secops.httprequest.HTTPRequestToggles: Get source correlator minimum addresses
getSourceDataType() - Method in class com.mozilla.secops.SourceCorrelation.SourceData: Get source data type
getSourceId() - Method in class com.mozilla.secops.parser.models.etd.EventThreatDetectionFinding: Get sourceId object
getSourceIp() - Method in class com.mozilla.secops.parser.models.taskcluster.Taskcluster: Get source IP
getSourceIPAddress() - Method in class com.mozilla.secops.parser.models.cloudtrail.CloudtrailEvent
getSourceLogId() - Method in class com.mozilla.secops.parser.models.etd.Evidence
getSourceLoginFailureDistributedThreshold() - Method in interface com.mozilla.secops.customs.Customs.CustomsOptions
getSourceLoginFailureThreshold() - Method in interface com.mozilla.secops.customs.Customs.CustomsOptions
getSrcInstance() - Method in class com.mozilla.secops.parser.models.gcpvpcflow.GcpVpcFlow: Get source instance data
getSrcInstanceName() - Method in class com.mozilla.secops.parser.GcpVpcFlow: Get source instance name
getSrcIp() - Method in class com.mozilla.secops.parser.GcpVpcFlow: Get source IP
getSrcIp() - Method in class com.mozilla.secops.parser.models.gcpvpcflow.GcpVpcFlow.Connection: Get source IP
getSrcPort() - Method in class com.mozilla.secops.parser.GcpVpcFlow: Get source port
getSrcPort() - Method in class com.mozilla.secops.parser.models.gcpvpcflow.GcpVpcFlow.Connection: Get source port
getStackdriverLabel(String) - Method in class com.mozilla.secops.parser.Event: Get specific Stackdriver label value
getStackdriverLabelFilters() - Method in interface com.mozilla.secops.InputOptions
getStackdriverLabelFilters() - Method in class com.mozilla.secops.parser.ParserCfg: Get Stackdriver label filters
getStackdriverLabels() - Method in class com.mozilla.secops.parser.Event: Get Stackdriver labels
getStackdriverProject() - Method in class com.mozilla.secops.parser.Event: Get Stackdriver project name
getStackdriverProjectFilter() - Method in interface com.mozilla.secops.InputOptions
getStackdriverProjectFilter() - Method in class com.mozilla.secops.parser.ParserCfg: Get Stackdriver project filter
getStatus() - Method in class com.mozilla.secops.parser.ApacheCombined: Get status.
getStatus() - Method in class com.mozilla.secops.parser.GLB: Get status.
getStatus() - Method in class com.mozilla.secops.parser.models.fxaauth.FxaAuth: Get status
getStatus() - Method in class com.mozilla.secops.parser.models.fxacontent.FxaContent: Get status
getStatus() - Method in class com.mozilla.secops.parser.models.nginxstackdriver.NginxStackdriverVariant1: Get status
getStatus() - Method in class com.mozilla.secops.parser.Nginx: Get status.
getStatus() - Method in class com.mozilla.secops.parser.Phabricator: Get status
getStatusCode() - Method in class com.mozilla.secops.parser.models.taskcluster.Taskcluster: Get status code
getStatusCodeRateAnalysisCode() - Method in interface com.mozilla.secops.httprequest.HTTPRequest.HTTPRequestOptions
getStatusCodeRateAnalysisCode() - Method in class com.mozilla.secops.httprequest.HTTPRequestToggles: Get code for client status code rate analysis
getStatusComparatorAddressPath() - Method in interface com.mozilla.secops.customs.Customs.CustomsOptions
getStreamFromPath(String) - Static method in class com.mozilla.secops.FileUtil: Read file from specified path, returning an InputStream for processing
getStringMatchers() - Method in class com.mozilla.secops.parser.EventFilterPayload: Get configured string matchers
getStringRegexMatchers() - Method in class com.mozilla.secops.parser.EventFilterPayload: Get configured string regex matchers
getSubcategory() - Method in class com.mozilla.secops.alert.Alert: Get alert subcategory
getSubject() - Method in class com.mozilla.secops.authstate.AuthStateModel: Get subject associated with model
getSubjectUser() - Method in class com.mozilla.secops.parser.Normalized: Get subject user field
getSubjectUserIdentity() - Method in class com.mozilla.secops.parser.Normalized: Get subject user identity field
getSubnetwork_id() - Method in class com.mozilla.secops.parser.models.etd.Properties: Get subnet id
getSubnetwork_name() - Method in class com.mozilla.secops.parser.models.etd.Properties: Get subnet name
getSuggestedAction() - Method in class com.mozilla.secops.customs.CustomsAlert: Get suggested action
getSummarizedEventCounters() - Method in class com.mozilla.secops.customs.CustomsFeatures: Get summarized event counters
getSummary() - Method in class com.mozilla.secops.alert.Alert: Get alert summary
getSuppressRecovery() - Method in class com.mozilla.secops.Violation
getT() - Method in class com.mozilla.secops.parser.models.fxaauth.FxaAuth: Get t
getT() - Method in class com.mozilla.secops.parser.models.fxacontent.FxaContent: Get t
getTaskclusterData() - Method in class com.mozilla.secops.parser.Taskcluster: Fetch parsed Taskcluster data
getTechnique() - Method in class com.mozilla.secops.parser.models.etd.DetectionCategory: Get bad-actor's suspected technique, i.e.
getTemplateManager() - Method in class com.mozilla.secops.alert.AlertConfiguration: Create a new template manager
getTime() - Method in class com.mozilla.secops.parser.models.cloudwatch.CloudWatchEvent: Get event timestamp
getTime() - Method in class com.mozilla.secops.parser.Mozlog: Get time value
getTimeDifference() - Method in class com.mozilla.secops.authstate.AuthStateModel.GeoVelocityResponse: Get difference in time in seconds
getTimestamp() - Method in class com.mozilla.secops.alert.Alert: Get alert timestamp
getTimestamp() - Method in class com.mozilla.secops.authstate.AuthStateModel.ModelEntry: Get timestamp of entry
getTimestamp() - Method in class com.mozilla.secops.customs.CustomsAlert: Get timestamp
getTimestamp() - Method in class com.mozilla.secops.customs.CustomsAtRiskAccountState.CustomsAtRiskAccountStateModel.ScannedByEntry: Get timestamp of entry
getTimestamp() - Method in class com.mozilla.secops.parser.Event: Get event timestamp.
getTimestamp() - Method in class com.mozilla.secops.parser.models.etd.SourceLogId: Get timestamp
getTimestamp() - Method in class com.mozilla.secops.parser.Mozlog: Get timestamp
getTotalAccountCreateSuccess() - Method in class com.mozilla.secops.customs.CustomsFeatures: Get total account create success count for event set
getTotalAccountStatusCheckCount() - Method in class com.mozilla.secops.customs.CustomsFeatures: Get total account status check for event set
getTotalElements() - Method in class com.mozilla.secops.Stats.StatsOutput: Get total elements
getTotalEvents() - Method in class com.mozilla.secops.customs.CustomsFeatures: Get total event count
getTotalLoginFailureCount() - Method in class com.mozilla.secops.customs.CustomsFeatures: Get total login failure count for event set
getTotalLoginSuccessCount() - Method in class com.mozilla.secops.customs.CustomsFeatures: Get total login success count for event set
getTotalPasswordForgotSendCodeFailure() - Method in class com.mozilla.secops.customs.CustomsFeatures: Get total password forgot send code failure count for event set
getTotalPasswordForgotSendCodeSuccess() - Method in class com.mozilla.secops.customs.CustomsFeatures: Get total password forgot send code success count for event set
getTotalSum() - Method in class com.mozilla.secops.Stats.StatsOutput: Get total sum
getTrace() - Method in class com.mozilla.secops.parser.models.nginxstackdriver.NginxStackdriverVariant1: Get trace
getTransform(EventFilter) - Static method in class com.mozilla.secops.parser.EventFilter: Get composite transform to apply filter to event stream
getTransformDoc() - Method in class com.mozilla.secops.amo.AddonCloudSubmission
getTransformDoc() - Method in class com.mozilla.secops.amo.AddonMatcher: Get documentation string from transform based on it's current configuration
getTransformDoc() - Method in class com.mozilla.secops.amo.AddonMultiIpLogin: Get documentation string from transform based on it's current configuration
getTransformDoc() - Method in class com.mozilla.secops.amo.AddonMultiMatch: Get documentation string from transform based on it's current configuration
getTransformDoc() - Method in class com.mozilla.secops.amo.AddonMultiSubmit: Get documentation string from transform based on it's current configuration
getTransformDoc() - Method in class com.mozilla.secops.amo.FxaAccountAbuseAlias: Get documentation string from transform based on it's current configuration
getTransformDoc() - Method in class com.mozilla.secops.amo.FxaAccountAbuseNewVersion: Get documentation string from transform based on it's current configuration
getTransformDoc() - Method in class com.mozilla.secops.amo.ReportRestriction: Get documentation string from transform based on it's current configuration
getTransformDoc() - Method in class com.mozilla.secops.authprofile.AuthProfile.StateAnalyze: Get documentation string from transform based on it's current configuration
getTransformDoc() - Method in class com.mozilla.secops.authprofile.CritObjectAnalyze: Get documentation string from transform based on it's current configuration
getTransformDoc() - Method in class com.mozilla.secops.customs.Customs.CustomsSummary: Get documentation string from transform based on it's current configuration
getTransformDoc() - Method in interface com.mozilla.secops.DocumentingTransform: Get documentation string from transform based on it's current configuration
getTransformDoc() - Method in class com.mozilla.secops.gatekeeper.ETDTransforms.GenerateETDAlerts: Get documentation string from transform based on it's current configuration
getTransformDoc() - Method in class com.mozilla.secops.gatekeeper.GuardDutyTransforms.GenerateGDAlerts: Get documentation string from transform based on it's current configuration
getTransformDoc() - Method in class com.mozilla.secops.httprequest.heuristics.EndpointAbuseAnalysis: Get documentation string from transform based on it's current configuration
getTransformDoc() - Method in class com.mozilla.secops.httprequest.heuristics.EndpointSequenceAbuse: Get documentation string from transform based on it's current configuration
getTransformDoc() - Method in class com.mozilla.secops.httprequest.heuristics.ErrorRateAnalysis: Get documentation string from transform based on it's current configuration
getTransformDoc() - Method in class com.mozilla.secops.httprequest.heuristics.HardLimitAnalysis: Get documentation string from transform based on it's current configuration
getTransformDoc() - Method in class com.mozilla.secops.httprequest.heuristics.PerEndpointErrorRateAnalysis: Get documentation string from transform based on it's current configuration
getTransformDoc() - Method in class com.mozilla.secops.httprequest.heuristics.SessionLimitAnalysis: Get documentation string from transform based on it's current configuration
getTransformDoc() - Method in class com.mozilla.secops.httprequest.heuristics.StatusCodeRateAnalysis: Get documentation string from transform based on it's current configuration
getTransformDoc() - Method in class com.mozilla.secops.httprequest.heuristics.ThresholdAnalysis: Get documentation string from transform based on it's current configuration
getTransformDoc() - Method in class com.mozilla.secops.httprequest.heuristics.UserAgentBlocklistAnalysis: Get documentation string from transform based on it's current configuration
getTransformDoc() - Method in class com.mozilla.secops.pioneer.Pioneer.PioneerExfiltration: Get documentation string from transform based on it's current configuration
getTransformDoc() - Method in class com.mozilla.secops.postprocessing.AlertSummary: Get documentation string from transform based on it's current configuration
getTransformDoc() - Method in class com.mozilla.secops.postprocessing.PostProcessing.WatchlistAnalyze: Get documentation string from transform based on it's current configuration
getTransformDoc() - Method in class com.mozilla.secops.SourceCorrelation.SourceCorrelator: Get documentation string from transform based on it's current configuration
getTransformDocDescription() - Method in class com.mozilla.secops.customs.CustomsAccountCreation: Get documentation description from transform based on it's current configuration
getTransformDocDescription() - Method in class com.mozilla.secops.customs.CustomsAccountCreationDist: Get documentation description from transform based on it's current configuration
getTransformDocDescription() - Method in class com.mozilla.secops.customs.CustomsAccountEnumeration: Get documentation description from transform based on it's current configuration
getTransformDocDescription() - Method in class com.mozilla.secops.customs.CustomsActivityForMonitoredAccounts: Get documentation description from transform based on it's current configuration
getTransformDocDescription() - Method in class com.mozilla.secops.customs.CustomsLoginFailureForAtRiskAccount: Get documentation description from transform based on it's current configuration
getTransformDocDescription() - Method in class com.mozilla.secops.customs.CustomsPasswordResetAbuse: Get documentation description from transform based on it's current configuration
getTransformDocDescription() - Method in class com.mozilla.secops.customs.CustomsStatusComparator: Get documentation description from transform based on it's current configuration
getTransformDocDescription() - Method in class com.mozilla.secops.customs.CustomsVelocity: Get documentation description from transform based on it's current configuration
getTransformDocDescription() - Method in class com.mozilla.secops.customs.PrivateRelayForward: Get documentation description from transform based on it's current configuration
getTransformDocDescription() - Method in class com.mozilla.secops.customs.SourceLoginFailure: Get documentation description from transform based on it's current configuration
getTransformDocDescription() - Method in class com.mozilla.secops.customs.SourceLoginFailureDist: Get documentation description from transform based on it's current configuration
getType() - Method in class com.mozilla.secops.IprepdIO.ExemptedObject: Get type string
getType() - Method in class com.mozilla.secops.IprepdIO.ReputationValue: Get type
getType() - Method in class com.mozilla.secops.parser.Alert
getType() - Method in class com.mozilla.secops.parser.AmoDocker
getType() - Method in class com.mozilla.secops.parser.ApacheCombined
getType() - Method in class com.mozilla.secops.parser.Auth0
getType() - Method in class com.mozilla.secops.parser.BmoAudit
getType() - Method in class com.mozilla.secops.parser.CfgTick
getType() - Method in class com.mozilla.secops.parser.Cloudtrail
getType() - Method in class com.mozilla.secops.parser.Duopull
getType() - Method in class com.mozilla.secops.parser.ETDBeta
getType() - Method in class com.mozilla.secops.parser.FxaAuth
getType() - Method in class com.mozilla.secops.parser.FxaContent
getType() - Method in class com.mozilla.secops.parser.GcpAudit
getType() - Method in class com.mozilla.secops.parser.GcpVpcFlow
getType() - Method in class com.mozilla.secops.parser.GLB
getType() - Method in class com.mozilla.secops.parser.GuardDuty
getType() - Method in class com.mozilla.secops.parser.IPrepdLog
getType() - Method in class com.mozilla.secops.parser.models.auth0.LogEvent: Getter for the type of this event.
getType() - Method in class com.mozilla.secops.parser.models.cloudtrail.UserIdentity
getType() - Method in class com.mozilla.secops.parser.Mozlog: Get type
getType() - Method in class com.mozilla.secops.parser.Nginx
getType() - Method in class com.mozilla.secops.parser.OpenSSH
getType() - Method in class com.mozilla.secops.parser.Payload: Get payload type
getType() - Method in class com.mozilla.secops.parser.PayloadBase: Get payload type.
getType() - Method in class com.mozilla.secops.parser.Phabricator
getType() - Method in class com.mozilla.secops.parser.PrivateRelay
getType() - Method in class com.mozilla.secops.parser.Raw
getType() - Method in class com.mozilla.secops.parser.Taskcluster
getType() - Method in class com.mozilla.secops.Violation: Get object type
getType() - Method in class com.mozilla.secops.Watchlist.WatchlistEntry: Get type string
getUid() - Method in class com.mozilla.secops.customs.PrivateRelayForward.PrivateRelayForwardState: Get UID
getUid() - Method in class com.mozilla.secops.parser.AmoDocker: Get UID
getUid() - Method in class com.mozilla.secops.parser.models.amo.Amo: Get uid
getUid() - Method in class com.mozilla.secops.parser.models.fxaauth.FxaAuth: Get uid
getUid() - Method in class com.mozilla.secops.parser.PrivateRelay: Get UID
getUniquePathRequestCount() - Method in class com.mozilla.secops.customs.CustomsFeatures: Get unique path request count
getUniquePathSuccessfulRequestCount() - Method in class com.mozilla.secops.customs.CustomsFeatures: Get unique path request count for successful requests
getUnknownEventCounter() - Method in class com.mozilla.secops.customs.CustomsFeatures: Get unknown event counter
getUpload() - Method in class com.mozilla.secops.parser.AmoDocker: Get upload
getUpload() - Method in class com.mozilla.secops.parser.models.amo.Amo: Get upload
getUploadHash() - Method in class com.mozilla.secops.parser.AmoDocker: Get upload hash
getUploadHash() - Method in class com.mozilla.secops.parser.models.amo.Amo: Get upload hash
getUrlRequestHost() - Method in class com.mozilla.secops.parser.Normalized: Get extracted URL request host component
getUrlRequestPath() - Method in class com.mozilla.secops.parser.Normalized: Get extracted URL request path field
getUseEventTimestamp() - Method in interface com.mozilla.secops.InputOptions
getUseEventTimestamp() - Method in class com.mozilla.secops.parser.ParserCfg: Get event timestamp emission setting
getUseEventTimestampForAlert() - Method in interface com.mozilla.secops.authprofile.AuthProfile.AuthProfileOptions
getUseProxyXff() - Method in interface com.mozilla.secops.InputOptions
getUseProxyXff() - Method in class com.mozilla.secops.parser.ParserCfg: Get whether to use the proxy header to select ip from XFF
getUser() - Method in class com.mozilla.secops.parser.BmoAudit: Get user
getUser() - Method in class com.mozilla.secops.parser.Cloudtrail: Get username
getUser() - Method in class com.mozilla.secops.parser.OpenSSH: Get username
getUser() - Method in class com.mozilla.secops.parser.Phabricator: Get user value
getUserAgent() - Method in class com.mozilla.secops.authstate.AuthStateModel.ModelEntry: Get user agent field
getUserAgent() - Method in class com.mozilla.secops.parser.ApacheCombined: Get user agent.
getUserAgent() - Method in class com.mozilla.secops.parser.BmoAudit: Get user agent
getUserAgent() - Method in class com.mozilla.secops.parser.GLB: Get user agent.
getUserAgent() - Method in class com.mozilla.secops.parser.models.cloudtrail.CloudtrailEvent
getUserAgent() - Method in class com.mozilla.secops.parser.models.fxacontent.FxaContent: Get userAgent
getUserAgent() - Method in class com.mozilla.secops.parser.models.nginxstackdriver.NginxStackdriverVariant1: Get user_agent
getUserAgent() - Method in class com.mozilla.secops.parser.models.nginxstackdriver.NginxStackdriverVariant2: Get agent
getUserAgent() - Method in class com.mozilla.secops.parser.Nginx: Get user agent.
getUserAgent() - Method in class com.mozilla.secops.parser.Normalized: Get user agent
getUserAgentBlocklistPath() - Method in interface com.mozilla.secops.httprequest.HTTPRequest.HTTPRequestOptions
getUserAgentBlocklistPath() - Method in class com.mozilla.secops.httprequest.HTTPRequestToggles: Get user agent blocklist path
getUserId(String) - Method in class com.mozilla.secops.alert.AlertSlack: Get slack user id from user's email
getUserId() - Method in class com.mozilla.secops.parser.models.auth0.LogEvent: Getter for the user id related to this event.
getUserIdentity() - Method in class com.mozilla.secops.parser.models.cloudtrail.CloudtrailEvent
getUserList() - Method in class com.mozilla.secops.slack.SlackManager: Get list of all Slack users
getUsername() - Method in class com.mozilla.secops.parser.Auth0: Return username within event
getUserName() - Method in class com.mozilla.secops.parser.models.cloudtrail.UserIdentity
getUserNumericId() - Method in class com.mozilla.secops.parser.AmoDocker: Get numeric user ID
getUserType() - Method in class com.mozilla.secops.parser.models.cloudtrail.CloudtrailEvent
getUseXffAsRemote() - Method in interface com.mozilla.secops.InputOptions
getUseXffAsRemote() - Method in class com.mozilla.secops.parser.ParserCfg: Get Use Xff Header as Remote
getValue() - Method in class com.mozilla.secops.alert.AlertMeta: Get metadata value
getValue() - Method in enum com.mozilla.secops.parser.models.fxaauth.FxaAuth.Errno: Return integer value of enum
getValue() - Method in class com.mozilla.secops.state.StateOperation: Get value
getValueType() - Method in enum com.mozilla.secops.alert.AlertMeta.Key: Get value field type
getVarianceIndex() - Method in class com.mozilla.secops.customs.CustomsFeatures: Get variance index
getVersion() - Method in class com.mozilla.secops.parser.models.cloudwatch.CloudWatchEvent: Get event message version
getView(PCollection<Event>) - Static method in class com.mozilla.secops.customs.ContentServerVarianceDetector: Execute transform returning a PCollectionView of ips accessing content server resources, that can be used as a side input.
getView(PCollection<Event>, String) - Static method in class com.mozilla.secops.DetectNat: Execute nat detection transforms returning a PCollectionView suitable for use as a side input, currently only User Agent Based
getView(PCollection<Long>) - Static method in class com.mozilla.secops.Stats: Execute the transform returning a PCollectionView suitable for use as a side input
getViolation() - Method in class com.mozilla.secops.parser.IPrepdLog: Get violation
getViolation() - Method in class com.mozilla.secops.Violation: Get violation type
getVmName() - Method in class com.mozilla.secops.parser.models.gcpvpcflow.GcpVpcFlow.Instance: Get VM name
getWantNormalizedType() - Method in class com.mozilla.secops.parser.EventFilterRule: Get want normalized type value
getWantStackdriverLabels() - Method in class com.mozilla.secops.parser.EventFilterRule: Get Stackdriver label filters
getWantStackdriverProject() - Method in class com.mozilla.secops.parser.EventFilterRule: Get want Stackdriver project value
getWantSubtype() - Method in class com.mozilla.secops.parser.EventFilterRule: Get want subtype value
getWantUTC() - Method in class com.mozilla.secops.parser.EventFilter: Get UTC handling parameter
getWarningSeverityEmail() - Method in interface com.mozilla.secops.postprocessing.PostProcessing.PostProcessingOptions
getWatchedEmails() - Method in class com.mozilla.secops.Watchlist: Returns watched email addresses
getWatchedIPs() - Method in class com.mozilla.secops.Watchlist: Returns watched ip addresses
getWatchlistEntries(String, ArrayList<String>) - Method in class com.mozilla.secops.Watchlist: Get all watchlist entries of the specific type that match a value in the provided value array.
getXffAddressSelector() - Method in interface com.mozilla.secops.InputOptions
getXffAddressSelector() - Method in class com.mozilla.secops.parser.ParserCfg: Get any configured XFF address selectors
getXffAddressSelectorAsCidrUtil() - Method in class com.mozilla.secops.parser.ParserCfg: Return any configured XFF address selectors as a CidrUtil object.
getXForwardedFor() - Method in class com.mozilla.secops.parser.models.nginxstackdriver.NginxStackdriverVariant1: Get x_forwarded_for
getXForwardedFor() - Method in class com.mozilla.secops.parser.Nginx: Get X forwarded for
getXForwardedProto() - Method in class com.mozilla.secops.parser.models.nginxstackdriver.NginxStackdriverVariant1: Get x_forwarded_proto
getXPipelineProxy() - Method in class com.mozilla.secops.parser.models.nginxstackdriver.NginxStackdriverVariant1: Get x_pipeline_proxy
GLB - Class in com.mozilla.secops.parser: Payload parser for Google Load Balancer log data.
GLB() - Constructor for class com.mozilla.secops.parser.GLB: Construct matcher object.
GLB(String, Event, ParserState) - Constructor for class com.mozilla.secops.parser.GLB: Construct parser object.
GlobalTriggers<T> - Class in com.mozilla.secops.window: Window input type into global windows, triggering at a specific interval and discarding fired panes.
GlobalTriggers(int) - Constructor for class com.mozilla.secops.window.GlobalTriggers: Initialize new GlobalTriggers
GuardDuty - Class in com.mozilla.secops.parser: Payload parser for AWS GuardDuty Finding data
GuardDuty() - Constructor for class com.mozilla.secops.parser.GuardDuty: Construct matcher object.
GuardDuty(String, Event, ParserState) - Constructor for class com.mozilla.secops.parser.GuardDuty: Construct parser object.
GuardDutyConfig - Class in com.mozilla.secops.gatekeeper: GuardDutyConfig is used for configuring our use of Guardduty, i.e.
GuardDutyConfig() - Constructor for class com.mozilla.secops.gatekeeper.GuardDutyConfig: Create a new empty GuardDutyConfig
GuardDutyFindingMatcher - Class in com.mozilla.secops.gatekeeper: GuardDutyFindingMatcher is used for matching against Guardduty findings, used by GatekeeperPipeline to bucket findings into different categories
GuardDutyFindingMatcher() - Constructor for class com.mozilla.secops.gatekeeper.GuardDutyFindingMatcher
GuardDutyTransforms - Class in com.mozilla.secops.gatekeeper: Implements various transforms on AWS GuardDuty Finding Events
GuardDutyTransforms() - Constructor for class com.mozilla.secops.gatekeeper.GuardDutyTransforms
GuardDutyTransforms.ExtractFindings - Class in com.mozilla.secops.gatekeeper: Extract GuardDuty Findings
GuardDutyTransforms.GenerateGDAlerts - Class in com.mozilla.secops.gatekeeper: Generate Alerts for relevant Findings
GuardDutyTransforms.Options - Interface in com.mozilla.secops.gatekeeper: Runtime options for GuardDuty Transforms
GuardDutyTransforms.SuppressAlerts - Class in com.mozilla.secops.gatekeeper: Suppress Alerts for repeated GuardDuty Findings.

H

handleSlackResponse(SlackApiResponse) - Method in class com.mozilla.secops.slack.SlackManager: Checks if the response contains an error or warning message, and returns true if the request was successful.
HardLimitAnalysis - Class in com.mozilla.secops.httprequest.heuristics: Transform for analysis of hard per-source request count limit within fixed window
HardLimitAnalysis(HTTPRequestToggles, Boolean, String, PCollectionView<Map<String, Boolean>>) - Constructor for class com.mozilla.secops.httprequest.heuristics.HardLimitAnalysis: Static initializer for HardLimitAnalysis
Has4xxRequestStatus() - Constructor for class com.mozilla.secops.httprequest.HTTPRequest.Has4xxRequestStatus
hasClientIdIn(String[]) - Method in class com.mozilla.secops.parser.Auth0: Return true if Auth0 event's client id is in the passed in list of client ids
hasCorrectFields() - Method in class com.mozilla.secops.alert.Alert: Determine if an alert has all mandatory fields set correctly
hashCode() - Method in class com.mozilla.secops.alert.Alert
hashCode() - Method in class com.mozilla.secops.customs.CustomsFeatures
hashCode() - Method in class com.mozilla.secops.parser.Event
hashCode() - Method in class com.mozilla.secops.SourceCorrelation.SourceData
hashCode() - Method in class com.mozilla.secops.Stats.StatsOutput
hashCode() - Method in class com.mozilla.secops.Watchlist.WatchlistEntry
hasStatusTag(Normalized.StatusTag) - Method in class com.mozilla.secops.parser.Normalized: Test if normalized event has a given StatusTag
haversin(Double) - Static method in class com.mozilla.secops.GeoUtil: haversin(0)
HeuristicMetrics(String) - Constructor for class com.mozilla.secops.amo.AmoMetrics.HeuristicMetrics: Initializer for AmoMetrics.HeuristicMetrics
HeuristicMetrics(String) - Constructor for class com.mozilla.secops.httprequest.HTTPRequestMetrics.HeuristicMetrics: Initializer for HTTPRequestMetrics.HeuristicMetrics
HTTPRequest - Class in com.mozilla.secops.httprequest: HTTPRequest describes and implements a Beam pipeline for analysis of HTTP requests using log data.
HTTPRequest() - Constructor for class com.mozilla.secops.httprequest.HTTPRequest
HTTPRequest.Has4xxRequestStatus - Class in com.mozilla.secops.httprequest: Function to be used with filter transform in order to include only client errors
HTTPRequest.HTTPRequestOptions - Interface in com.mozilla.secops.httprequest: Runtime options for HTTPRequest pipeline.
HTTPRequest.KeyAndWindowForSessionsFireEarly - Class in com.mozilla.secops.httprequest: Key requests for session analysis and window into sessions
HTTPRequest.WindowForFixed - Class in com.mozilla.secops.httprequest: Window events into fixed one minute windows
HTTPRequestElementFilter - Class in com.mozilla.secops.httprequest: Post-input filter for per-element analysis
HTTPRequestElementFilter(HTTPRequestToggles) - Constructor for class com.mozilla.secops.httprequest.HTTPRequestElementFilter: Initialize new element filter
HTTPRequestMetrics - Class in com.mozilla.secops.httprequest: HTTPRequestMetrics contains metrics for the HTTPRequest pipeline.
HTTPRequestMetrics() - Constructor for class com.mozilla.secops.httprequest.HTTPRequestMetrics
HTTPRequestMetrics.HeuristicMetrics - Class in com.mozilla.secops.httprequest: Metrics for the various analysis transforms in HTTPRequest pipeline
HTTPRequestMultiMode - Class in com.mozilla.secops.httprequest: HTTPRequest multimode configuration
HTTPRequestMultiMode() - Constructor for class com.mozilla.secops.httprequest.HTTPRequestMultiMode
HTTPRequestResourceTag - Class in com.mozilla.secops.httprequest: Add monitored resource indicator
HTTPRequestResourceTag(String) - Constructor for class com.mozilla.secops.httprequest.HTTPRequestResourceTag: Create new HTTPRequestResourceTag
HTTPRequestToggles - Class in com.mozilla.secops.httprequest: Configuration toggles for HTTPRequest pipeline analysis
HTTPRequestToggles() - Constructor for class com.mozilla.secops.httprequest.HTTPRequestToggles: Initialize new HTTPRequestToggles with defaults

I

Identity - Class in com.mozilla.secops.identity: Represents a single identity
Identity() - Constructor for class com.mozilla.secops.identity.Identity
IdentityManager - Class in com.mozilla.secops.identity: IdentityManager supports translations from values such as user names to a global identifier
IdentityManager() - Constructor for class com.mozilla.secops.identity.IdentityManager: Create new empty IdentityManager
includePipelineOptions(PipelineOptions) - Method in class com.mozilla.secops.metrics.CfgTickBuilder: Populate builder with pipeline options to include in messages
InetRadix - Class in com.mozilla.secops: CIDR lookup using radix tree search
initialize() - Method in class com.mozilla.secops.state.DatastoreStateInterface: Perform any setup required to read and write state
initialize() - Method in class com.mozilla.secops.state.MemcachedStateInterface: Perform any setup required to read and write state
initialize() - Method in class com.mozilla.secops.state.State: Initialize state instance
initialize() - Method in interface com.mozilla.secops.state.StateInterface: Perform any setup required to read and write state
Input - Class in com.mozilla.secops.input: Standard data ingestion
Input() - Constructor for class com.mozilla.secops.input.Input: Create new input object
Input(String) - Constructor for class com.mozilla.secops.input.Input: Create new input object
Input.MultiplexReader - Class in com.mozilla.secops.input: Read raw events from configured sources, returning a key value collection with the key being the element name and the value being a parsed event
Input.MultiplexReaderRaw - Class in com.mozilla.secops.input: Read raw events from configured sources, returning a key value collection with the key being the element name and the value being a raw string
Input.SimplexReader - Class in com.mozilla.secops.input: Read raw events from configured sources, combining all events into a single output collection as Event objects
Input.SimplexReaderRaw - Class in com.mozilla.secops.input: Read raw events from configured sources, combining all events into a single output collection as strings
InputCollectionCache - Class in com.mozilla.secops.input: The input collection cache is used to optimize the graph for duplicate stream reads within the Input class.
InputCollectionCache() - Constructor for class com.mozilla.secops.input.InputCollectionCache: Initialize collection cache
InputElement - Class in com.mozilla.secops.input: InputElement represents a set of input sources that will always result in a single output collection.
InputElement(String) - Constructor for class com.mozilla.secops.input.InputElement: Create new InputElement
InputOptions - Interface in com.mozilla.secops: Standard input options for pipelines.
inRange(T) - Method in class com.mozilla.secops.parser.EventFilterPayloadRange: Return true if value is in range
insightsEnrichAlert(Alert, Event) - Static method in class com.mozilla.secops.authprofile.AuthProfile: Add minfraud insights data into alert metadata
insightsEnrichment(Minfraud) - Method in class com.mozilla.secops.parser.Normalized: Include details from Minfraud Insights into Normalized
Instance() - Constructor for class com.mozilla.secops.parser.models.gcpvpcflow.GcpVpcFlow.Instance
interpretSecret(String, String) - Static method in class com.mozilla.secops.crypto.RuntimeSecrets: Interpret a runtime secret as specified in pipeline options.
interval - Variable in class com.mozilla.secops.httprequest.heuristics.PerEndpointErrorRateAnalysis.EndpointErrorInfo: Interval
invokeMethod(String, String, Class<T>, Object...) - Method in class com.mozilla.secops.ScriptRunner: Invoke method within loaded script
IOOptions - Interface in com.mozilla.secops: Interface to allow for passing both input and output options to a class or function.
ipAddress - Variable in class com.mozilla.secops.authstate.AuthStateModel.ModelEntryUpdate: IP address to update model with
IPADDRESS_KEYS - Static variable in class com.mozilla.secops.alert.AlertMeta: Keys that are known to contain IP address values
IprepdIO - Class in com.mozilla.secops: IprepdIO provides an IO transform for writing violation messages to iprepd
IprepdIO() - Constructor for class com.mozilla.secops.IprepdIO
IprepdIO.ExemptedObject - Class in com.mozilla.secops: ExemptedObject contains the metadata associated with a objects excluded from reporting to iprepd.
IprepdIO.Reader - Class in com.mozilla.secops
IprepdIO.ReputationValue - Class in com.mozilla.secops: A reputation response from iprepd
IprepdIO.Write - Class in com.mozilla.secops: Write violation messages to iprepd based on submitted Alert JSON strings
IPrepdLog - Class in com.mozilla.secops.parser: Payload parser for IPrepd logs
IPrepdLog() - Constructor for class com.mozilla.secops.parser.IPrepdLog: Construct matcher object.
IPrepdLog(String, Event, ParserState) - Constructor for class com.mozilla.secops.parser.IPrepdLog: Construct parser object.
isConfigured() - Method in class com.mozilla.secops.alert.AlertConfiguration: Determine if AlertIO should be established in composite transform
isExperimental() - Method in class com.mozilla.secops.customs.CustomsAccountCreation
isExperimental() - Method in class com.mozilla.secops.customs.CustomsAccountCreationDist
isExperimental() - Method in class com.mozilla.secops.customs.CustomsAccountEnumeration
isExperimental() - Method in class com.mozilla.secops.customs.CustomsActivityForMonitoredAccounts
isExperimental() - Method in class com.mozilla.secops.customs.CustomsLoginFailureForAtRiskAccount
isExperimental() - Method in class com.mozilla.secops.customs.CustomsPasswordResetAbuse
isExperimental() - Method in class com.mozilla.secops.customs.CustomsStatusComparator
isExperimental() - Method in class com.mozilla.secops.customs.CustomsVelocity
isExperimental() - Method in class com.mozilla.secops.customs.PrivateRelayForward: Get whether the transform is experimental and won't be escalated
isExperimental() - Method in class com.mozilla.secops.customs.SourceLoginFailure
isExperimental() - Method in class com.mozilla.secops.customs.SourceLoginFailureDist
isGcsUrl(String) - Static method in class com.mozilla.secops.GcsUtil: Return true if the input string looks like a Google Cloud Storage URL
isInet4(String) - Static method in class com.mozilla.secops.CidrUtil: Determine if an address is an IPv4 address
isOfType(Normalized.Type) - Method in class com.mozilla.secops.parser.Normalized: Test if normalized event is of a given type
iterableToJson(Iterable<Event>) - Static method in class com.mozilla.secops.parser.Event: Utility function to convert an iterable list of events into a JSON string

J

joinListValues(AlertMeta.Key, List<String>) - Static method in class com.mozilla.secops.alert.AlertMeta: Join a list of values for a specific metadata key
jsonToIterable(String) - Static method in class com.mozilla.secops.parser.Event: Utility function to convert a JSON string into an iterable list of events

K

key - Variable in class com.mozilla.secops.alert.AlertSuppressor.AlertSuppressionState: State key
KeyAndWindowForSessionsFireEarly(Long) - Constructor for class com.mozilla.secops.httprequest.HTTPRequest.KeyAndWindowForSessionsFireEarly
KeyedEvent - Class in com.mozilla.secops.parser: Represents an event keyed with a particular string
KeyedEvent(String, Event) - Constructor for class com.mozilla.secops.parser.KeyedEvent: Initialize new KeyedEvent
kinesisInput(PBegin, String, String) - Method in class com.mozilla.secops.input.InputCollectionCache: Request Kinesis input
KinesisInput - Class in com.mozilla.secops.input: Configuration for a single Kinesis input
KinesisInput() - Constructor for class com.mozilla.secops.input.KinesisInput
kmBetweenTwoPoints(Double, Double, Double, Double) - Static method in class com.mozilla.secops.GeoUtil: Returns the distance (in kilometers) between two points of a given longitude and latitude relatively accurately (using a spherical approximation of the Earth) through the Haversin Distance Formula for great arc distance on a sphere with accuracy for small distances

L

latitude - Variable in class com.mozilla.secops.authstate.AuthStateModel.ModelEntryUpdate: IP address GeoIP latitude
LimitInfo() - Constructor for class com.mozilla.secops.httprequest.heuristics.SessionLimitAnalysis.LimitInfo
load(String) - Static method in class com.mozilla.secops.gatekeeper.GuardDutyConfig: Load guardduty configuration from a resource file
load(String) - Static method in class com.mozilla.secops.httprequest.HTTPRequestMultiMode: Load multimode configuration from GCS or as a resource
load(String) - Static method in class com.mozilla.secops.identity.IdentityManager: Load identity manager configuration from a resource file
loadAwsSubnets() - Method in class com.mozilla.secops.CidrUtil: Load known AWS subnets into instance of CidrUtil
loadFromResource(String) - Static method in class com.mozilla.secops.awsbehavior.CloudtrailMatcherManager: Load cloudtrail matcher manager configuration from a resource file
loadGatewayList(String) - Static method in class com.mozilla.secops.DetectNat: Load detect nat manager configuration from a resource file
loadGcpSubnets() - Method in class com.mozilla.secops.CidrUtil: Load known GCP subnets into instance of CidrUtil
loadInternalSubnets() - Method in class com.mozilla.secops.CidrUtil: Populate CidrUtil instance with internal/RFC1918 subnets
loadScript(String, String) - Method in class com.mozilla.secops.ScriptRunner: Load a script into the script runner
LogEvent - Class in com.mozilla.secops.parser.models.auth0: Class that represents an Auth0 Events object.
LogEvent() - Constructor for class com.mozilla.secops.parser.models.auth0.LogEvent
logWarnings(String) - Method in class com.mozilla.secops.identity.Identity: Analyze identity, logging warnings if required
logWarnings() - Method in class com.mozilla.secops.identity.IdentityManager: Analyze the loaded identity manager configuration, logging warnings if required
longitude - Variable in class com.mozilla.secops.authstate.AuthStateModel.ModelEntryUpdate: IP address GeoIP longitude
lookupAlias(String) - Method in class com.mozilla.secops.identity.IdentityManager: Given supplied alias, return any matching global identity
lookupCity(String) - Method in class com.mozilla.secops.parser.GeoIP: Lookup city/country from IP address string
lookupIsp(String) - Method in class com.mozilla.secops.parser.GeoIP: Lookup ISP from IP address string
lookupNamedSubnet(String) - Method in class com.mozilla.secops.identity.IdentityManager: Given supplied IP address, return matching named subnet
lookupUserIdByEmail(String) - Method in class com.mozilla.secops.slack.SlackManager: Get slack user id from their email.

M

main(String[]) - Static method in class com.mozilla.secops.alert.AlertMeta: Convert metadata to various formats
main(String[]) - Static method in class com.mozilla.secops.amo.Amo: Entry point for Beam pipeline.
main(String[]) - Static method in class com.mozilla.secops.authprofile.AuthProfile: Entry point for Beam pipeline.
main(String[]) - Static method in class com.mozilla.secops.awsbehavior.AwsBehavior: Entry point for Beam pipeline.
main(String[]) - Static method in class com.mozilla.secops.crypto.RuntimeSecrets: main routine can be used to encrypt or decrypt data on the command line
main(String[]) - Static method in class com.mozilla.secops.customs.Customs: Entry point for Beam pipeline.
main(String[]) - Static method in class com.mozilla.secops.gatekeeper.GatekeeperPipeline: Entry point for Beam pipeline.
main(String[]) - Static method in class com.mozilla.secops.httprequest.HTTPRequest: Entry point for Beam pipeline.
main(String[]) - Static method in class com.mozilla.secops.Minfraud: main routine can be used to fetch minfraud insights for an ip or email (or both) from the command line
main(String[]) - Static method in class com.mozilla.secops.pioneer.Pioneer: Entry point for Beam pipeline.
main(String[]) - Static method in class com.mozilla.secops.postprocessing.PostProcessing: Entry point for Beam pipeline.
main(String[]) - Static method in class com.mozilla.secops.streamwriter.StreamWriter: Entry point for Beam pipeline.
main(String[]) - Static method in class com.mozilla.secops.Watchlist: main routine used to create watchlist entries.
main(String[]) - Static method in class com.mozilla.secops.workshop.Workshop: Entry point for Beam pipeline.
matchAny() - Method in class com.mozilla.secops.parser.EventFilter
Matcher(CloudtrailMatcher) - Constructor for class com.mozilla.secops.awsbehavior.AwsBehavior.Matcher: Initialize new Matcher with a CloudtrailMatcher
matcher(String, ParserState) - Method in class com.mozilla.secops.parser.Alert
matcher(String, ParserState) - Method in class com.mozilla.secops.parser.AmoDocker
matcher(String, ParserState) - Method in class com.mozilla.secops.parser.ApacheCombined
matcher(String, ParserState) - Method in class com.mozilla.secops.parser.Auth0
matcher(String, ParserState) - Method in class com.mozilla.secops.parser.BmoAudit
matcher(String, ParserState) - Method in class com.mozilla.secops.parser.CfgTick
matcher(String, ParserState) - Method in class com.mozilla.secops.parser.Cloudtrail
matcher(String, ParserState) - Method in class com.mozilla.secops.parser.Duopull
matcher(String, ParserState) - Method in class com.mozilla.secops.parser.ETDBeta
matcher(String, ParserState) - Method in class com.mozilla.secops.parser.FxaAuth
matcher(String, ParserState) - Method in class com.mozilla.secops.parser.FxaContent
matcher(String, ParserState) - Method in class com.mozilla.secops.parser.GcpAudit
matcher(String, ParserState) - Method in class com.mozilla.secops.parser.GcpVpcFlow
matcher(String, ParserState) - Method in class com.mozilla.secops.parser.GLB
matcher(String, ParserState) - Method in class com.mozilla.secops.parser.GuardDuty
matcher(String, ParserState) - Method in class com.mozilla.secops.parser.IPrepdLog
matcher(String, ParserState) - Method in class com.mozilla.secops.parser.Nginx
matcher(String, ParserState) - Method in class com.mozilla.secops.parser.OpenSSH
matcher(String, ParserState) - Method in class com.mozilla.secops.parser.PayloadBase: Apply matcher.
matcher(String, ParserState) - Method in class com.mozilla.secops.parser.Phabricator
matcher(String, ParserState) - Method in class com.mozilla.secops.parser.PrivateRelay
matcher(String, ParserState) - Method in class com.mozilla.secops.parser.Raw
matcher(String, ParserState) - Method in class com.mozilla.secops.parser.Taskcluster
Matchers(AwsBehavior.AwsBehaviorOptions) - Constructor for class com.mozilla.secops.awsbehavior.AwsBehavior.Matchers: Initialize new Matchers with AwsBehavior.AwsBehaviorOptions
matches(Finding) - Method in class com.mozilla.secops.gatekeeper.GuardDutyFindingMatcher: Checks if a Finding matches this matcher.
matches(Event) - Method in class com.mozilla.secops.parser.EventFilter: Test if event matches filter
matches(Event) - Method in class com.mozilla.secops.parser.EventFilterPayload: Return true if payload criteria matches
matches(Event) - Method in interface com.mozilla.secops.parser.EventFilterPayloadInterface: Should return true if the filter matches the supplied event
matches(Event) - Method in class com.mozilla.secops.parser.EventFilterPayloadOr: Return true if payload criteria matches
matches(Event) - Method in class com.mozilla.secops.parser.EventFilterRule: Test if event matches rule
MemcachedStateCursor<T> - Class in com.mozilla.secops.state: Memcached state cursor implementation
MemcachedStateCursor(MemcachedClient, Class<T>) - Constructor for class com.mozilla.secops.state.MemcachedStateCursor: Initialize a new Memcached state cursor
MemcachedStateInterface - Class in com.mozilla.secops.state: Utilize a memcached instance for centralized state storage
MemcachedStateInterface(String, int) - Constructor for class com.mozilla.secops.state.MemcachedStateInterface: Initialize a memcached state interface
merge(CustomsFeatures) - Method in class com.mozilla.secops.customs.CustomsFeatures: Merge this feature set with another one
mergeAccumulators(Iterable<CustomsFeatures>) - Method in class com.mozilla.secops.customs.CustomsFeaturesCombiner.CustomsFeaturesCombineFn
mergeAccumulators(Iterable<Stats.StatsCombiner.State>) - Method in class com.mozilla.secops.Stats.StatsCombiner
method - Variable in class com.mozilla.secops.httprequest.heuristics.EndpointAbuseAnalysis.EndpointAbuseEndpointInfo: Request method
method - Variable in class com.mozilla.secops.httprequest.heuristics.PerEndpointErrorRateAnalysis.EndpointErrorInfo: Request method
method - Variable in class com.mozilla.secops.httprequest.heuristics.SessionLimitAnalysis.LimitInfo: Request method
METRIC_EVENT_TOO_OLD - Static variable in class com.mozilla.secops.parser.ParserMetrics: Custom metric name for event too old errors
METRIC_PARSER_UNHANDLED_EXCEPTION - Static variable in class com.mozilla.secops.parser.ParserMetrics
METRIC_UNKNOWN_PAYLOAD_TYPE - Static variable in class com.mozilla.secops.parser.ParserMetrics
METRICS_NAMESPACE - Static variable in class com.mozilla.secops.IprepdIO: Namespace for custom metrics
METRICS_NAMESPACE - Static variable in class com.mozilla.secops.postprocessing.PostProcessing: Prefix for metrics namespace component
Minfraud - Class in com.mozilla.secops: Query Maxmind minFraud API
Minfraud(String, String, String) - Constructor for class com.mozilla.secops.Minfraud: Create Minfraud client by passing in accountId and licenseKey.
MiscUtil - Class in com.mozilla.secops: Various miscellaneous utility functions
MiscUtil() - Constructor for class com.mozilla.secops.MiscUtil
ModelEntry() - Constructor for class com.mozilla.secops.authstate.AuthStateModel.ModelEntry
ModelEntryUpdate() - Constructor for class com.mozilla.secops.authstate.AuthStateModel.ModelEntryUpdate
monitor - Variable in class com.mozilla.secops.httprequest.heuristics.SessionLimitAnalysis.LimitInfo: Monitor
Mozlog - Class in com.mozilla.secops.parser: Mozlog event encapsulation
Mozlog() - Constructor for class com.mozilla.secops.parser.Mozlog
multiplex() - Method in class com.mozilla.secops.input.Input: Enable multiplex mode
multiplexRead() - Method in class com.mozilla.secops.input.Input: Return a transform that will ingest data, and emit parsed events in multiplex mode
MultiplexReader(Input) - Constructor for class com.mozilla.secops.input.Input.MultiplexReader: Create new MultiplexReader
MultiplexReaderRaw(Input) - Constructor for class com.mozilla.secops.input.Input.MultiplexReaderRaw: Create new MultiplexReaderRaw
multiplexReadRaw() - Method in class com.mozilla.secops.input.Input: Return a transform that will ingest data, and emit raw events in multiplex mode

N

NAMESPACE_PREFIX - Static variable in class com.mozilla.secops.parser.ParserMetrics: Prefix for metrics namespace component
natDetected() - Method in class com.mozilla.secops.httprequest.HTTPRequestMetrics.HeuristicMetrics: A heuristic was triggered but it is from an ip believed to be a NAT
newCursor(Class<T>, boolean) - Method in class com.mozilla.secops.state.DatastoreStateInterface: Allocate new state cursor
newCursor(Class<T>, boolean) - Method in class com.mozilla.secops.state.MemcachedStateInterface: Allocate new state cursor
newCursor(Class<T>, boolean) - Method in class com.mozilla.secops.state.State: Allocate new state cursor for a set of operations
newCursor(Class<T>, boolean) - Method in interface com.mozilla.secops.state.StateInterface: Allocate new state cursor
Nginx - Class in com.mozilla.secops.parser: Payload parser for nginx log data
Nginx() - Constructor for class com.mozilla.secops.parser.Nginx: Construct matcher object.
Nginx(String, Event, ParserState) - Constructor for class com.mozilla.secops.parser.Nginx: Construct parser object.
NginxStackdriverVariant1 - Class in com.mozilla.secops.parser.models.nginxstackdriver: Describes format of nginx log encapsulated in Stackdriver jsonPayload, variant 1
NginxStackdriverVariant1() - Constructor for class com.mozilla.secops.parser.models.nginxstackdriver.NginxStackdriverVariant1
NginxStackdriverVariant2 - Class in com.mozilla.secops.parser.models.nginxstackdriver: Describes format of nginx log encapsulated in Stackdriver jsonPayload, variant 2
NginxStackdriverVariant2() - Constructor for class com.mozilla.secops.parser.models.nginxstackdriver.NginxStackdriverVariant2
NOMINAL_VARIANCE_INDEX - Static variable in class com.mozilla.secops.customs.CustomsFeatures: Considered norminal variance index on point-in-time feature calculation
nominalVariance() - Method in class com.mozilla.secops.customs.CustomsFeatures: Return true if calculated variance index meets or exceeds nominal index value
Normalized - Class in com.mozilla.secops.parser: Normalized event data
Normalized.StatusTag - Enum in com.mozilla.secops.parser: Status tags is used to track processing state, for example if an event needs additional analysis after the parsing step
Normalized.Type - Enum in com.mozilla.secops.parser: Normalized event types
normalizeEmailPlus(String) - Static method in class com.mozilla.secops.MiscUtil: Normalize an email address, stripping any + component
normalizeEmailPlusDotStrip(String) - Static method in class com.mozilla.secops.MiscUtil: Normalize an email address, stripping + component and any .
NotificationPreferences - Class in com.mozilla.secops.identity: Identity notification preferences
NotificationPreferences() - Constructor for class com.mozilla.secops.identity.NotificationPreferences
NotificationPreferences.Method - Enum in com.mozilla.secops.identity

O

onExpiry(DoFn<KV<String, Alert>, Alert>.OnTimerContext, ValueState<AlertSuppressor.AlertSuppressionState>) - Method in class com.mozilla.secops.alert.AlertSuppressor
onExpiry(DoFn<KV<String, Alert>, Alert>.OnTimerContext, ValueState<AlertSuppressorSession.AlertSuppressionState>) - Method in class com.mozilla.secops.alert.AlertSuppressorSession
onExpiry(DoFn<KV<Boolean, Alert>, Alert>.OnTimerContext, BagState<Alert>, ValueState<Integer>) - Method in class com.mozilla.secops.postprocessing.PostProcessing.WatchlistAnalyze
onlyStackdriverTypes - Static variable in class com.mozilla.secops.parser.Parser: If a Stackdriver log message contains any strings present in this array in the @type field, we assume no other encapsulation is present in the parser
onStale(DoFn<KV<Boolean, Alert>, Alert>.OnTimerContext, BagState<Alert>, ValueState<Integer>) - Method in class com.mozilla.secops.postprocessing.PostProcessing.WatchlistAnalyze
OpenSSH - Class in com.mozilla.secops.parser: Payload parser for OpenSSH log data
OpenSSH() - Constructor for class com.mozilla.secops.parser.OpenSSH: Construct matcher object.
OpenSSH(String, Event, ParserState) - Constructor for class com.mozilla.secops.parser.OpenSSH: Construct parser object.
OutputOptions - Interface in com.mozilla.secops: Standard output options for pipelines, intended for use with the CompositeOutput transform.

P

Parse(AuthProfile.AuthProfileOptions) - Constructor for class com.mozilla.secops.authprofile.AuthProfile.Parse: Static initializer for AuthProfile.Parse using specified pipeline options
Parse(GatekeeperPipeline.GatekeeperOptions) - Constructor for class com.mozilla.secops.gatekeeper.GatekeeperParser.Parse: Static initializer for GatekeeperParser.Parse transform
parse(String) - Method in class com.mozilla.secops.parser.Parser: Parse an event
Parse(PostProcessing.PostProcessingOptions) - Constructor for class com.mozilla.secops.postprocessing.PostProcessing.Parse: Static initializer for PostProcessing.Parse using specified pipeline options
parseAndCorrectSyslogTs(String, Event) - Static method in class com.mozilla.secops.parser.Parser: Parse syslog timestamp date time string and return a DateTime object using Parser.parseSyslogTs(String), and then correct the year if the parsed timestamp is further than three days from the event timestamp.
ParseAndWindow(AwsBehavior.AwsBehaviorOptions) - Constructor for class com.mozilla.secops.awsbehavior.AwsBehavior.ParseAndWindow: Static initializer for AwsBehavior.ParseAndWindow using specified pipeline options
parseISO8601(String) - Static method in class com.mozilla.secops.parser.Parser: Parse an ISO8601 date string and return a DateTime object.
parseQueueInfo(String) - Static method in class com.mozilla.secops.SqsIO: Parse an input queue specification, returning each element
Parser - Class in com.mozilla.secops.parser: Event parser
Parser(ParserCfg) - Constructor for class com.mozilla.secops.parser.Parser: Create new parser instance with specified configuration
Parser() - Constructor for class com.mozilla.secops.parser.Parser: Create new parser instance with default configuration
Parser.EventTooOldException - Exception in com.mozilla.secops.parser: Indicates the extracted event timestamp was too old
ParserCfg - Class in com.mozilla.secops.parser: Represents configuration data used to configure an instance of a Parser
ParserCfg() - Constructor for class com.mozilla.secops.parser.ParserCfg: Construct default parser configuration
ParserDoFn - Class in com.mozilla.secops.parser: DoFn applying simple event parsing operations
ParserDoFn() - Constructor for class com.mozilla.secops.parser.ParserDoFn
ParserMetrics - Class in com.mozilla.secops.parser: Beam metrics generated by various parser functions
ParserMetrics(String) - Constructor for class com.mozilla.secops.parser.ParserMetrics: Create new ParserMetrics
ParserMultiDoFn - Class in com.mozilla.secops.parser: Process an incoming raw event feed using multiple parser configurations
ParserMultiDoFn() - Constructor for class com.mozilla.secops.parser.ParserMultiDoFn: Create new ParserMultiDoFn
parseSyslogTs(String) - Static method in class com.mozilla.secops.parser.Parser: Parse syslog timestamp date time string and return a DateTime object.
parseXForwardedFor(String) - Static method in class com.mozilla.secops.parser.Parser: Process the value of an X-Forwarded-For header, returning an array of each address in the header or null if invalid
passConfigurationTicks() - Method in class com.mozilla.secops.parser.EventFilter: Configure filter to pass configuration ticks
path - Variable in class com.mozilla.secops.httprequest.heuristics.EndpointAbuseAnalysis.EndpointAbuseEndpointInfo: Request path
path - Variable in class com.mozilla.secops.httprequest.heuristics.PerEndpointErrorRateAnalysis.EndpointErrorInfo: Path (pattern)
path - Variable in class com.mozilla.secops.httprequest.heuristics.SessionLimitAnalysis.LimitInfo: Request path pattern
Payload<T extends PayloadBase> - Class in com.mozilla.secops.parser: Encapsulation for parsed payload data
Payload(T) - Constructor for class com.mozilla.secops.parser.Payload: Construct new payload object of specified type
Payload.PayloadType - Enum in com.mozilla.secops.parser: Type of payload data stored
PayloadBase - Class in com.mozilla.secops.parser: Base class for payloads
PayloadBase() - Constructor for class com.mozilla.secops.parser.PayloadBase: Construct matcher object.
PayloadBase(String, Event, ParserState) - Constructor for class com.mozilla.secops.parser.PayloadBase: Construct parser object.
PerEndpointErrorRateAnalysis - Class in com.mozilla.secops.httprequest.heuristics: Transform for detection of a single source generating errors at a given path pattern.
PerEndpointErrorRateAnalysis(HTTPRequestToggles, Boolean, String) - Constructor for class com.mozilla.secops.httprequest.heuristics.PerEndpointErrorRateAnalysis: Initializer for PerEndpointErrorRateAnalysis
PerEndpointErrorRateAnalysis.EndpointErrorInfo - Class in com.mozilla.secops.httprequest.heuristics: Internal class for configured endpoints in PEERA
PerEndpointErrorRateAnalysis.EndpointErrorState - Class in com.mozilla.secops.httprequest.heuristics: Internal class to keep track of current state for a given endpoint rule for this key
Phabricator - Class in com.mozilla.secops.parser: Payload parser for Phabricator audit logs
Phabricator() - Constructor for class com.mozilla.secops.parser.Phabricator: Construct matcher object.
Phabricator(String, Event, ParserState) - Constructor for class com.mozilla.secops.parser.Phabricator: Construct parser object.
PHABRICATOR_OBJECT_VALUE - Variable in class com.mozilla.secops.parser.Phabricator: Normalized object fields will always be set to this value for events parsed using this payload parser
Pioneer - Class in com.mozilla.secops.pioneer: Pioneer analysis pipeline
Pioneer() - Constructor for class com.mozilla.secops.pioneer.Pioneer
Pioneer.PioneerExfiltration - Class in com.mozilla.secops.pioneer: Generate alerts if flow logs indicate a certain volume of data has been transferred within a specified period of time.
Pioneer.PioneerOptions - Interface in com.mozilla.secops.pioneer: Runtime options for Pioneer pipeline.
PioneerExfiltration(Pioneer.PioneerOptions) - Constructor for class com.mozilla.secops.pioneer.Pioneer.PioneerExfiltration: Construct new PioneerExfiltration
PIPELINE - Static variable in class com.mozilla.secops.Version
PostProcessing - Class in com.mozilla.secops.postprocessing: PostProcessing implements analysis of alerts generated by other pipelines.
PostProcessing() - Constructor for class com.mozilla.secops.postprocessing.PostProcessing
PostProcessing.Parse - Class in com.mozilla.secops.postprocessing: Parse incoming events and filter to only include events of type Alert
PostProcessing.PostProcessingOptions - Interface in com.mozilla.secops.postprocessing: Runtime options for PostProcessing pipeline.
PostProcessing.WatchlistAnalyze - Class in com.mozilla.secops.postprocessing: Check incoming alert events against a watchlist of various identifiers.
PresenceBased() - Constructor for class com.mozilla.secops.customs.ContentServerVarianceDetector.PresenceBased
PrintOutput() - Constructor for class com.mozilla.secops.workshop.Workshop.PrintOutput
PrivateRelay - Class in com.mozilla.secops.parser: Payload parser for Private Relay logs
PrivateRelay() - Constructor for class com.mozilla.secops.parser.PrivateRelay: Construct matcher object.
PrivateRelay(String, Event, ParserState) - Constructor for class com.mozilla.secops.parser.PrivateRelay: Construct parser object.
PrivateRelay.EventType - Enum in com.mozilla.secops.parser: Log event type
PrivateRelayForward - Class in com.mozilla.secops.customs: Private relay forwarding analysis
PrivateRelayForward(Customs.CustomsOptions) - Constructor for class com.mozilla.secops.customs.PrivateRelayForward: Initialize new PrivateRelayForward
PrivateRelayForward.PrivateRelayForwardState - Class in com.mozilla.secops.customs: PrivateRelayForwardState describes the format of individual state entries
PrivateRelayForwardState() - Constructor for class com.mozilla.secops.customs.PrivateRelayForward.PrivateRelayForwardState
processElement(DoFn<Alert, Alert>.ProcessContext) - Method in class com.mozilla.secops.alert.AlertFormatter
processElement(DoFn<KV<String, Alert>, Alert>.ProcessContext, ValueState<AlertSuppressor.AlertSuppressionState>, Timer) - Method in class com.mozilla.secops.alert.AlertSuppressor
processElement(DoFn<KV<String, Alert>, Alert>.ProcessContext, ValueState<AlertSuppressorSession.AlertSuppressionState>, Timer) - Method in class com.mozilla.secops.alert.AlertSuppressorSession
processElement(DoFn<Event, KV<String, Event>>.ProcessContext) - Method in class com.mozilla.secops.authprofile.AuthProfile.ExtractIdentity
processElement(DoFn<KV<String, Iterable<Event>>, Alert>.ProcessContext) - Method in class com.mozilla.secops.authprofile.AuthProfile.StateAnalyze
processElement(DoFn<Event, KV<String, Event>>.ProcessContext) - Method in class com.mozilla.secops.authprofile.AwsAssumeRoleCorrelator.CrossAccountAssumeRoleFilter
processElement(DoFn<Event, Event>.ProcessContext) - Method in class com.mozilla.secops.customs.CustomsPreFilter
processElement(DoFn<Alert, Alert>.ProcessContext) - Method in class com.mozilla.secops.httprequest.HTTPRequestResourceTag
processElement(DoFn<Event, Alert>.ProcessContext) - Method in class com.mozilla.secops.metrics.CfgTickProcessor
processElement(DoFn<String, Event>.ProcessContext) - Method in class com.mozilla.secops.parser.ParserDoFn
processElement(DoFn<KV<String, String>, KV<String, Event>>.ProcessContext) - Method in class com.mozilla.secops.parser.ParserMultiDoFn
processElement(DoFn<KV<Boolean, Alert>, Alert>.ProcessContext, BoundedWindow, BagState<Alert>, ValueState<Integer>, Timer, Timer) - Method in class com.mozilla.secops.postprocessing.PostProcessing.WatchlistAnalyze
processElement(DoFn<Alert, SourceCorrelation.SourceData>.ProcessContext) - Method in class com.mozilla.secops.SourceCorrelation.AlertSourceExtractor
processElement(DoFn<Event, SourceCorrelation.SourceData>.ProcessContext) - Method in class com.mozilla.secops.SourceCorrelation.EventSourceExtractor
processElement(DoFn<String, String>.ProcessContext) - Method in class com.mozilla.secops.workshop.Workshop.ExtractWords
processInput(PCollection<String>, AuthProfile.AuthProfileOptions) - Static method in class com.mozilla.secops.authprofile.AuthProfile: Process input collection
processInput(PCollection<String>, PostProcessing.PostProcessingOptions) - Static method in class com.mozilla.secops.postprocessing.PostProcessing: Process input collection
processTemplate(String, HashMap<String, Object>) - Method in class com.mozilla.secops.alert.TemplateManager: Create processed template using supplied template name and template variables
Properties - Class in com.mozilla.secops.parser.models.etd
Properties() - Constructor for class com.mozilla.secops.parser.models.etd.Properties
pruneState(AuthStateModel) - Method in interface com.mozilla.secops.authstate.PruningStrategy: Prune model
pruneState(AuthStateModel) - Method in class com.mozilla.secops.authstate.PruningStrategyEntryAge: Prune model
pruneState(AuthStateModel) - Method in class com.mozilla.secops.authstate.PruningStrategyLatest: Prune model
PruningStrategy - Interface in com.mozilla.secops.authstate: A pruning strategy controls how and when entries in a state model are removed from the model.
PruningStrategyEntryAge - Class in com.mozilla.secops.authstate: Entry age based pruning
PruningStrategyEntryAge() - Constructor for class com.mozilla.secops.authstate.PruningStrategyEntryAge
PruningStrategyLatest - Class in com.mozilla.secops.authstate: All entries are removed from the model with the exception of the entry with the latest timestamp.
PruningStrategyLatest() - Constructor for class com.mozilla.secops.authstate.PruningStrategyLatest
pubsubInput(PBegin, String) - Method in class com.mozilla.secops.input.InputCollectionCache: Request Pubsub input

R

ratio(String, String) - Static method in class com.mozilla.secops.StringDistance: Calculate similarity ratio between two strings
Raw - Class in com.mozilla.secops.parser: Raw payload data
Raw() - Constructor for class com.mozilla.secops.parser.Raw: Construct matcher object.
Raw(String, Event, ParserState) - Constructor for class com.mozilla.secops.parser.Raw: Construct parser object.
Reader(String, String) - Constructor for class com.mozilla.secops.IprepdIO.Reader: Create new iprepd reader
READER_TIMEOUT_CONNECTION - Variable in class com.mozilla.secops.IprepdIO.Reader: Reader initial connection timeout
READER_TIMEOUT_CONNECTION_REQUEST - Variable in class com.mozilla.secops.IprepdIO.Reader: Reader connection manager connection request timeout
READER_TIMEOUT_SOCKET - Variable in class com.mozilla.secops.IprepdIO.Reader: Reader socket timeout
readInput(Pipeline, Input, HTTPRequest.HTTPRequestOptions) - Static method in class com.mozilla.secops.httprequest.HTTPRequest: Read from a configured Input object, returning a PCollectionTuple of events
recalculate() - Method in class com.mozilla.secops.customs.CustomsFeatures: Force recalculation of point-in-time statistics
registerTemplate(String) - Method in class com.mozilla.secops.alert.AlertConfiguration: Register a template
remoteAddress - Variable in class com.mozilla.secops.httprequest.heuristics.EndpointAbuseAnalysis.EndpointAbuseState: Remote address
ReportRestriction - Class in com.mozilla.secops.amo: Report on request restrictions in AMO
ReportRestriction(String) - Constructor for class com.mozilla.secops.amo.ReportRestriction: Create new ReportRestriction
ReputationValue() - Constructor for class com.mozilla.secops.IprepdIO.ReputationValue
resolvedCanonicalHostMatches(String, String) - Static method in class com.mozilla.secops.CidrUtil: Reverse DNS query of provided IP and comparison of result against pattern
RuntimeSecrets - Class in com.mozilla.secops.crypto: Class for decryption of secrets during pipeline runtime
RuntimeSecrets(String, String, String) - Constructor for class com.mozilla.secops.crypto.RuntimeSecrets: Create new RuntimeSecrets object referencing a KMS key based on the supplied parameters.

S

ScannedByEntry(String) - Constructor for class com.mozilla.secops.customs.CustomsAtRiskAccountState.CustomsAtRiskAccountStateModel.ScannedByEntry: Create new ScannedByEntry
ScriptRunner - Class in com.mozilla.secops: Execute Groovy scripts from within pipeline functions
ScriptRunner() - Constructor for class com.mozilla.secops.ScriptRunner: Initialize new ScriptRunner
secondMethod - Variable in class com.mozilla.secops.httprequest.heuristics.EndpointSequenceAbuse.EndpointSequenceAbuseTimingInfo
secondPath - Variable in class com.mozilla.secops.httprequest.heuristics.EndpointSequenceAbuse.EndpointSequenceAbuseTimingInfo
sendConfirmationAlertToUser(Alert, String) - Method in class com.mozilla.secops.alert.AlertSlack: Send an alert to a user asking them if it was caused by them.
sendConfirmationRequestToUser(String, String, String) - Method in class com.mozilla.secops.slack.SlackManager: Send message with confirmation request to slack user.
sendMessageToChannel(String, String) - Method in class com.mozilla.secops.slack.SlackManager: Send message to slack channel.
sendToAddress(Alert, String) - Method in class com.mozilla.secops.alert.AlertMailer: Send email alert to specified address
sendToCatchall(Alert) - Method in class com.mozilla.secops.alert.AlertMailer: Send email alert to configured catchall address
sendToCatchall(Alert) - Method in class com.mozilla.secops.alert.AlertSlack: Send alert to slack catchall channel
sendToSupplementary(Alert) - Method in class com.mozilla.secops.alert.AlertSlack: Send alert to supplementary slack channel
sendToUser(Alert, String) - Method in class com.mozilla.secops.alert.AlertSlack: Send alert to a user.
SessionContext - Class in com.mozilla.secops.parser.models.cloudtrail: Model for sessionContext element in Cloudtrail Events
SessionContext() - Constructor for class com.mozilla.secops.parser.models.cloudtrail.SessionContext
SessionLimitAnalysis - Class in com.mozilla.secops.httprequest.heuristics: Transform for detection of a single source making excessive requests of a specific endpoint pattern.
SessionLimitAnalysis(HTTPRequestToggles, Boolean, String) - Constructor for class com.mozilla.secops.httprequest.heuristics.SessionLimitAnalysis: Static initializer for SessionLimitAnalysis
SessionLimitAnalysis.LimitInfo - Class in com.mozilla.secops.httprequest.heuristics: Internal class for configured endpoints
set(StateCursor<AuthStateModel>, PruningStrategy) - Method in class com.mozilla.secops.authstate.AuthStateModel: Persist state using state interface
set(String, T) - Method in class com.mozilla.secops.state.StateCursor: Set a value in state
set(String, T) - Method in class com.mozilla.secops.state.StateOperation: Configure as a set operation
setAccountCreationDistributedDistanceRatio(Double) - Method in interface com.mozilla.secops.customs.Customs.CustomsOptions
setAccountCreationDistributedThreshold(Integer) - Method in interface com.mozilla.secops.customs.Customs.CustomsOptions
setAccountCreationSuppressRecovery(Integer) - Method in interface com.mozilla.secops.customs.Customs.CustomsOptions
setAccountCreationThreshold(Integer) - Method in interface com.mozilla.secops.customs.Customs.CustomsOptions
setAccountEnumerationThreshold(Integer) - Method in interface com.mozilla.secops.customs.Customs.CustomsOptions
setAccountId(String) - Method in class com.mozilla.secops.gatekeeper.GuardDutyFindingMatcher: Set the account id to match against
setAccountMatchBanOnLogin(String[]) - Method in interface com.mozilla.secops.amo.Amo.AmoOptions
setActivityMonitorAccountPath(String) - Method in interface com.mozilla.secops.customs.Customs.CustomsOptions
setAddonMatchCriteria(String[]) - Method in interface com.mozilla.secops.amo.Amo.AmoOptions
setAddonMatchSuppressRecovery(Integer) - Method in interface com.mozilla.secops.amo.Amo.AmoOptions
setAddonMultiIpLoginAggressiveMatcher(String[]) - Method in interface com.mozilla.secops.amo.Amo.AmoOptions
setAddonMultiIpLoginAlertExceptions(String[]) - Method in interface com.mozilla.secops.amo.Amo.AmoOptions
setAddonMultiIpLoginAlertOn(Integer) - Method in interface com.mozilla.secops.amo.Amo.AmoOptions
setAddonMultiIpLoginAlertOnIp(Integer) - Method in interface com.mozilla.secops.amo.Amo.AmoOptions
setAddonMultiIpLoginSuppressRecovery(Integer) - Method in interface com.mozilla.secops.amo.Amo.AmoOptions
setAddonMultiMatchAlertOn(Integer) - Method in interface com.mozilla.secops.amo.Amo.AmoOptions
setAddonMultiMatchSuppressRecovery(Integer) - Method in interface com.mozilla.secops.amo.Amo.AmoOptions
setAddonMultiSubmitAlertOn(Integer) - Method in interface com.mozilla.secops.amo.Amo.AmoOptions
setAddonMultiSubmitSuppressRecovery(Integer) - Method in interface com.mozilla.secops.amo.Amo.AmoOptions
setAlertId(UUID) - Method in class com.mozilla.secops.alert.Alert: Override generated unique ID for alert
setAlertStateDatastoreKind(String) - Method in interface com.mozilla.secops.OutputOptions
setAlertStateDatastoreNamespace(String) - Method in interface com.mozilla.secops.OutputOptions
setAlertStateMemcachedHost(String) - Method in interface com.mozilla.secops.OutputOptions
setAlertStateMemcachedPort(Integer) - Method in interface com.mozilla.secops.OutputOptions
setAlertSummaryAnalysisThresholds(String[]) - Method in interface com.mozilla.secops.postprocessing.PostProcessing.PostProcessingOptions
setAlertSuppressionDurationSeconds(Long) - Method in interface com.mozilla.secops.httprequest.HTTPRequest.HTTPRequestOptions
setAlertSuppressionDurationSeconds(Long) - Method in class com.mozilla.secops.httprequest.HTTPRequestToggles: Set duration to suppress alerts (when using session windows)
setAlertSuppressionSeconds(Long) - Method in interface com.mozilla.secops.gatekeeper.ETDTransforms.Options
setAlertSuppressionSeconds(Long) - Method in interface com.mozilla.secops.gatekeeper.GuardDutyTransforms.Options
setAliasAbuseMaxAliases(Integer) - Method in interface com.mozilla.secops.amo.Amo.AmoOptions
setAliasAbuseSuppressRecovery(Integer) - Method in interface com.mozilla.secops.amo.Amo.AmoOptions
setAlternateCritSlackEscalation(String) - Method in interface com.mozilla.secops.authprofile.AuthProfile.AuthProfileOptions
setAnalysisThresholdModifier(Double) - Method in interface com.mozilla.secops.httprequest.HTTPRequest.HTTPRequestOptions
setAnalysisThresholdModifier(Double) - Method in class com.mozilla.secops.httprequest.HTTPRequestToggles: Set analysis threshold modifier
setAsn(Integer) - Method in class com.mozilla.secops.SourceCorrelation.SourceData: Set ASN
setAttributes(HashMap<String, String>) - Method in class com.mozilla.secops.parser.models.cloudtrail.SessionContext
setAuth0ClientIds(String[]) - Method in interface com.mozilla.secops.authprofile.AuthProfile.AuthProfileOptions
setAwsAssumeRoleCorrelatorSessionGapDurationSeconds(Long) - Method in interface com.mozilla.secops.authprofile.AuthProfile.AuthProfileOptions
setAwsTags(Map<String, String>) - Method in class com.mozilla.secops.gatekeeper.GuardDutyFindingMatcher: Set the aws tags to match against
setBanPatternSuppressRecovery(Integer) - Method in interface com.mozilla.secops.amo.Amo.AmoOptions
setCacheOnly(Boolean) - Static method in class com.mozilla.secops.Minfraud: Enable cache only
setCategory(String) - Method in class com.mozilla.secops.alert.Alert: Set alert category
setCidrExclusionList(String) - Method in interface com.mozilla.secops.httprequest.HTTPRequest.HTTPRequestOptions
setCidrExclusionList(String) - Method in class com.mozilla.secops.httprequest.HTTPRequestToggles: Set CIDR exclusion list path
setCity(String) - Method in class com.mozilla.secops.SourceCorrelation.SourceData: Set city
setClampThresholdMaximum(Double) - Method in interface com.mozilla.secops.httprequest.HTTPRequest.HTTPRequestOptions
setClampThresholdMaximum(Double) - Method in class com.mozilla.secops.httprequest.HTTPRequestToggles: Set clamp threshold maximum
setCloudtrailMatcherManagerPath(String) - Method in interface com.mozilla.secops.awsbehavior.AwsBehavior.AwsBehaviorOptions
setConfidence(Integer) - Method in class com.mozilla.secops.customs.CustomsAlert: Set confidence
setConfigurationTicks(String, Integer, long) - Method in class com.mozilla.secops.input.InputElement: Set configuration ticks for input element
setContactEmail(String) - Method in interface com.mozilla.secops.authprofile.AuthProfile.AuthProfileOptions
setContentServerVarianceMinClients(Long) - Method in interface com.mozilla.secops.customs.Customs.CustomsOptions
setCountry(String) - Method in class com.mozilla.secops.SourceCorrelation.SourceData: Set country
setCreatedBy(String) - Method in class com.mozilla.secops.IprepdIO.ExemptedObject: Set created by value
setCreatedBy(String) - Method in class com.mozilla.secops.Watchlist.WatchlistEntry: Set created by value
setCriticalNotificationEmail(String) - Method in interface com.mozilla.secops.OutputOptions
setCriticalSeverityEmail(String) - Method in interface com.mozilla.secops.postprocessing.PostProcessing.PostProcessingOptions
setCritObjects(String[]) - Method in interface com.mozilla.secops.authprofile.AuthProfile.AuthProfileOptions
setCustomsNotificationTopic(String) - Method in interface com.mozilla.secops.customs.Customs.CustomsOptions
setDatastoreKind(String) - Method in class com.mozilla.secops.alert.AlertConfiguration: Set datastore kind
setDatastoreKind(String) - Method in interface com.mozilla.secops.authprofile.AuthProfile.AuthProfileOptions
setDatastoreNamespace(String) - Method in class com.mozilla.secops.alert.AlertConfiguration: Set datastore namespace
setDatastoreNamespace(String) - Method in interface com.mozilla.secops.authprofile.AuthProfile.AuthProfileOptions
setDatastoreNamespace(String) - Method in interface com.mozilla.secops.customs.Customs.CustomsOptions
setDeferGeoIpResolution(Boolean) - Method in interface com.mozilla.secops.InputOptions
setDeferGeoIpResolution(Boolean) - Method in class com.mozilla.secops.parser.ParserCfg: Set defer GeoIP resolution
setDetails(HashMap<String, Object>) - Method in class com.mozilla.secops.customs.CustomsAlert: Set details map
setDisableCloudwatchStrip(Boolean) - Method in interface com.mozilla.secops.InputOptions
setDisableCloudwatchStrip(boolean) - Method in class com.mozilla.secops.parser.ParserCfg: Set disable Cloudwatch strip
setDisableMozlogStrip(Boolean) - Method in interface com.mozilla.secops.InputOptions
setDisableMozlogStrip(boolean) - Method in class com.mozilla.secops.parser.ParserCfg: Set disable Mozlog strip
setDocLink(String) - Method in interface com.mozilla.secops.authprofile.AuthProfile.AuthProfileOptions
setDomainName(String) - Method in class com.mozilla.secops.gatekeeper.GuardDutyFindingMatcher: Set the domain name to match against within the finding
setDuopullData(Duopull) - Method in class com.mozilla.secops.parser.Duopull: Set duopull data element
setEmail(String) - Method in class com.mozilla.secops.parser.models.amo.Amo: Set email
setEmailCatchall(String) - Method in class com.mozilla.secops.alert.AlertConfiguration: Set email catchall address
setEmailFrom(String) - Method in class com.mozilla.secops.alert.AlertConfiguration: Set email from address
setEmailTemplate(String) - Method in class com.mozilla.secops.alert.Alert: Set email template name
setEnableAccountCreationAbuseDetector(Boolean) - Method in interface com.mozilla.secops.customs.Customs.CustomsOptions
setEnableAccountEnumerationDetector(Boolean) - Method in interface com.mozilla.secops.customs.Customs.CustomsOptions
setEnableActivityMonitor(Boolean) - Method in interface com.mozilla.secops.customs.Customs.CustomsOptions
setEnableAlertSummaryAnalysis(Boolean) - Method in interface com.mozilla.secops.postprocessing.PostProcessing.PostProcessingOptions
setEnableAwsAssumeRoleCorrelator(Boolean) - Method in interface com.mozilla.secops.authprofile.AuthProfile.AuthProfileOptions
setEnableContentServerVarianceDetection(Boolean) - Method in interface com.mozilla.secops.customs.Customs.CustomsOptions
setEnableCritObjectAnalysis(Boolean) - Method in interface com.mozilla.secops.authprofile.AuthProfile.AuthProfileOptions
setEnableEndpointAbuseAnalysis(Boolean) - Method in interface com.mozilla.secops.httprequest.HTTPRequest.HTTPRequestOptions
setEnableEndpointAbuseAnalysis(Boolean) - Method in class com.mozilla.secops.httprequest.HTTPRequestToggles: Set endpoint abuse analysis setting
setEnableEndpointSequenceAbuseAnalysis(Boolean) - Method in interface com.mozilla.secops.httprequest.HTTPRequest.HTTPRequestOptions
setEnableEndpointSequenceAbuseAnalysis(Boolean) - Method in class com.mozilla.secops.httprequest.HTTPRequestToggles: Set endpoint sequence abuse analysis
setEnableErrorRateAnalysis(Boolean) - Method in interface com.mozilla.secops.httprequest.HTTPRequest.HTTPRequestOptions
setEnableErrorRateAnalysis(Boolean) - Method in class com.mozilla.secops.httprequest.HTTPRequestToggles: Set error rate analysis setting
setEnableETD(Boolean) - Method in interface com.mozilla.secops.gatekeeper.GatekeeperPipeline.GatekeeperOptions
setEnableGD(Boolean) - Method in interface com.mozilla.secops.gatekeeper.GatekeeperPipeline.GatekeeperOptions
setEnableHardLimitAnalysis(Boolean) - Method in interface com.mozilla.secops.httprequest.HTTPRequest.HTTPRequestOptions
setEnableHardLimitAnalysis(Boolean) - Method in class com.mozilla.secops.httprequest.HTTPRequestToggles: Set hard limit analysis setting
setEnableLoginFailureAtRiskAccount(Boolean) - Method in interface com.mozilla.secops.customs.Customs.CustomsOptions
setEnableNatDetection(Boolean) - Method in class com.mozilla.secops.httprequest.HTTPRequestToggles: Set enable NAT detection setting
setEnablePasswordResetAbuseDetector(Boolean) - Method in interface com.mozilla.secops.customs.Customs.CustomsOptions
setEnablePerEndpointErrorRateAnalysis(Boolean) - Method in interface com.mozilla.secops.httprequest.HTTPRequest.HTTPRequestOptions
setEnablePerEndpointErrorRateAnaysis(Boolean) - Method in class com.mozilla.secops.httprequest.HTTPRequestToggles: Set enable per endpoint error rate analysis setting
setEnablePrivateRelayForward(Boolean) - Method in interface com.mozilla.secops.customs.Customs.CustomsOptions
setEnableSessionLimitAnalysis(Boolean) - Method in interface com.mozilla.secops.httprequest.HTTPRequest.HTTPRequestOptions
setEnableSessionLimitAnalysis(Boolean) - Method in class com.mozilla.secops.httprequest.HTTPRequestToggles: Set enable session limit analysis setting
setEnableSourceCorrelator(Boolean) - Method in interface com.mozilla.secops.httprequest.HTTPRequest.HTTPRequestOptions
setEnableSourceLoginFailureDetector(Boolean) - Method in interface com.mozilla.secops.customs.Customs.CustomsOptions
setEnableStateAnalysis(Boolean) - Method in interface com.mozilla.secops.authprofile.AuthProfile.AuthProfileOptions
setEnableStatusCodeRateAnalysis(Boolean) - Method in interface com.mozilla.secops.httprequest.HTTPRequest.HTTPRequestOptions
setEnableStatusCodeRateAnalysis(Boolean) - Method in class com.mozilla.secops.httprequest.HTTPRequestToggles: Set enable status code rate analysis setting
setEnableStatusComparator(Boolean) - Method in interface com.mozilla.secops.customs.Customs.CustomsOptions
setEnableSummaryAnalysis(Boolean) - Method in interface com.mozilla.secops.customs.Customs.CustomsOptions
setEnableThresholdAnalysis(Boolean) - Method in interface com.mozilla.secops.httprequest.HTTPRequest.HTTPRequestOptions
setEnableThresholdAnalysis(Boolean) - Method in class com.mozilla.secops.httprequest.HTTPRequestToggles: Set threshold analysis setting
setEnableUserAgentBlocklistAnalysis(Boolean) - Method in interface com.mozilla.secops.httprequest.HTTPRequest.HTTPRequestOptions
setEnableUserAgentBlocklistAnalysis(Boolean) - Method in class com.mozilla.secops.httprequest.HTTPRequestToggles: Set user agent blocklist analysis setting
setEnableVelocityDetector(Boolean) - Method in interface com.mozilla.secops.customs.Customs.CustomsOptions
setEnableVelocityDetectorMonitorOnly(Boolean) - Method in interface com.mozilla.secops.customs.Customs.CustomsOptions
setEnableWatchlistAnalysis(Boolean) - Method in interface com.mozilla.secops.postprocessing.PostProcessing.PostProcessingOptions
setEndpointAbuseCustomVarianceSubstrings(String[]) - Method in interface com.mozilla.secops.httprequest.HTTPRequest.HTTPRequestOptions
setEndpointAbuseCustomVarianceSubstrings(String[]) - Method in class com.mozilla.secops.httprequest.HTTPRequestToggles: Set endpoint abuse custom variance substrings
setEndpointAbuseExtendedVariance(Boolean) - Method in interface com.mozilla.secops.httprequest.HTTPRequest.HTTPRequestOptions
setEndpointAbuseExtendedVariance(Boolean) - Method in class com.mozilla.secops.httprequest.HTTPRequestToggles: Set endpoint abuse extended variance
setEndpointAbusePath(String[]) - Method in interface com.mozilla.secops.httprequest.HTTPRequest.HTTPRequestOptions
setEndpointAbusePath(String[]) - Method in class com.mozilla.secops.httprequest.HTTPRequestToggles: Set endpoint abuse path
setEndpointAbuseSuppressRecovery(Integer) - Method in interface com.mozilla.secops.httprequest.HTTPRequest.HTTPRequestOptions
setEndpointAbuseSuppressRecovery(Integer) - Method in class com.mozilla.secops.httprequest.HTTPRequestToggles: Set endpoint abuse suppress recovery
setEndpointSequenceAbusePattern(String[]) - Method in class com.mozilla.secops.httprequest.HTTPRequestToggles: Set endpoint abuse path
setEndpointSequenceAbusePatterns(String[]) - Method in interface com.mozilla.secops.httprequest.HTTPRequest.HTTPRequestOptions
setEndpointSequenceAbuseSuppressRecovery(Integer) - Method in interface com.mozilla.secops.httprequest.HTTPRequest.HTTPRequestOptions
setEndpointSequenceAbuseSuppressRecovery(Integer) - Method in class com.mozilla.secops.httprequest.HTTPRequestToggles: Set endpoint abuse timing suppress recovery
setEntries(Map<String, AuthStateModel.ModelEntry>) - Method in class com.mozilla.secops.authstate.AuthStateModel: Set entries associated with model
setEntryAgePruningSeconds(long) - Method in class com.mozilla.secops.authstate.PruningStrategyEntryAge: Set age after which entries will be pruned from the model
setErrorSessionGapDurationMinutes(Long) - Method in interface com.mozilla.secops.httprequest.HTTPRequest.HTTPRequestOptions
setErrorSessionGapDurationMinutes(Long) - Method in class com.mozilla.secops.httprequest.HTTPRequestToggles: Set session gap duration for session windows of only error events
setEscalateAccountCreation(Boolean) - Method in interface com.mozilla.secops.customs.Customs.CustomsOptions
setEscalateAccountCreationDistributed(Boolean) - Method in interface com.mozilla.secops.customs.Customs.CustomsOptions
setEscalateAccountEnumerationDetector(Boolean) - Method in interface com.mozilla.secops.customs.Customs.CustomsOptions
setEscalateLoginFailureAtRiskAccount(Boolean) - Method in interface com.mozilla.secops.customs.Customs.CustomsOptions
setEscalatePasswordResetAbuse(Boolean) - Method in interface com.mozilla.secops.customs.Customs.CustomsOptions
setEscalateSourceLoginFailure(Boolean) - Method in interface com.mozilla.secops.customs.Customs.CustomsOptions
setEscalateSourceLoginFailureDistributed(Boolean) - Method in interface com.mozilla.secops.customs.Customs.CustomsOptions
setEscalateStatusComparator(Boolean) - Method in interface com.mozilla.secops.customs.Customs.CustomsOptions
setEscalateVelocity(Boolean) - Method in interface com.mozilla.secops.customs.Customs.CustomsOptions
setEventFilter(EventFilter) - Method in class com.mozilla.secops.input.InputElement: Set event filter to use with parsed reads
setEvents(ArrayList<Event>) - Method in class com.mozilla.secops.customs.CustomsFeatures: Set event list
setExceptRules(ArrayList<EventFilterRule>) - Method in class com.mozilla.secops.parser.EventFilterRule: Set except rules
setExfiltrationThresholdBytes(Integer) - Method in interface com.mozilla.secops.pioneer.Pioneer.PioneerOptions
setExfiltrationThresholdSeconds(Integer) - Method in interface com.mozilla.secops.pioneer.Pioneer.PioneerOptions
setExpiresAt(DateTime) - Method in class com.mozilla.secops.IprepdIO.ExemptedObject: Set expires at
setExpiresAt(DateTime) - Method in class com.mozilla.secops.Watchlist.WatchlistEntry: Set expires at
setFileInputs(ArrayList<String>) - Method in class com.mozilla.secops.input.InputElement: Set file inputs
setFilterRequestPath(String[]) - Method in interface com.mozilla.secops.httprequest.HTTPRequest.HTTPRequestOptions
setFilterRequestPath(String[]) - Method in class com.mozilla.secops.httprequest.HTTPRequestToggles: Set filter request path
setFindingType(String) - Method in class com.mozilla.secops.gatekeeper.GuardDutyFindingMatcher: Set the finding type to match against
setGcpProject(String) - Method in class com.mozilla.secops.alert.AlertConfiguration: Set GCP project name
setGcsTemplateBasePath(String) - Method in class com.mozilla.secops.alert.AlertConfiguration: Set gcs template base path
setGenerateConfigurationTicksInterval(Integer) - Method in interface com.mozilla.secops.InputOptions
setGenerateConfigurationTicksMaximum(Long) - Method in interface com.mozilla.secops.InputOptions
setGuarddutyConfigPath(String) - Method in interface com.mozilla.secops.gatekeeper.GuardDutyTransforms.Options
setHardLimitRequestCount(Long) - Method in interface com.mozilla.secops.httprequest.HTTPRequest.HTTPRequestOptions
setHardLimitRequestCount(Long) - Method in class com.mozilla.secops.httprequest.HTTPRequestToggles: Set hard limit request count
setHeuristic(String) - Method in class com.mozilla.secops.customs.CustomsAlert: Set heuristic
setHeuristicDescription(String) - Method in class com.mozilla.secops.customs.CustomsAlert: Set heuristic description
setHighETDFindingRuleRegex(String[]) - Method in interface com.mozilla.secops.gatekeeper.ETDTransforms.Options
setId(UUID) - Method in class com.mozilla.secops.customs.CustomsAlert: Set UUID
setIdentityManager(IdentityManager) - Method in class com.mozilla.secops.parser.Parser: Set an identity manager in the parser that can be used for lookups
setIdentityManagerPath(String) - Method in interface com.mozilla.secops.awsbehavior.AwsBehavior.AwsBehaviorOptions
setIdentityManagerPath(String) - Method in interface com.mozilla.secops.InputOptions
setIdentityManagerPath(String) - Method in class com.mozilla.secops.parser.ParserCfg: Set IdentityManager json file path
setIgnoreCloudProviderRequests(Boolean) - Method in interface com.mozilla.secops.httprequest.HTTPRequest.HTTPRequestOptions
setIgnoreCloudProviderRequests(Boolean) - Method in class com.mozilla.secops.httprequest.HTTPRequestToggles: Set ignore cloud provider requests
setIgnoreETDFindingRuleRegex(String[]) - Method in interface com.mozilla.secops.gatekeeper.ETDTransforms.Options
setIgnoreInternalRequests(Boolean) - Method in interface com.mozilla.secops.httprequest.HTTPRequest.HTTPRequestOptions
setIgnoreInternalRequests(Boolean) - Method in class com.mozilla.secops.httprequest.HTTPRequestToggles: Set ignore internal requests
setIgnoreUnknownIdentities(Boolean) - Method in interface com.mozilla.secops.authprofile.AuthProfile.AuthProfileOptions
setIgnoreUserRegex(String[]) - Method in interface com.mozilla.secops.authprofile.AuthProfile.AuthProfileOptions
setIncludeUrlHostRegex(String[]) - Method in interface com.mozilla.secops.httprequest.HTTPRequest.HTTPRequestOptions
setIncludeUrlHostRegex(String[]) - Method in class com.mozilla.secops.httprequest.HTTPRequestToggles: Set include URL host regex
setIndicator(String) - Method in class com.mozilla.secops.customs.CustomsAlert: Set indicator
setIndicatorType(CustomsAlert.IndicatorType) - Method in class com.mozilla.secops.customs.CustomsAlert: Set indicator type
setInput(Input) - Method in class com.mozilla.secops.httprequest.HTTPRequestMultiMode: Set input configuration
setInputElements(ArrayList<InputElement>) - Method in class com.mozilla.secops.input.Input: Set input elements
setInputFile(String[]) - Method in interface com.mozilla.secops.InputOptions
setInputIprepd(String) - Method in interface com.mozilla.secops.InputOptions
setInputKinesis(String[]) - Method in interface com.mozilla.secops.InputOptions
setInputPubsub(String[]) - Method in interface com.mozilla.secops.InputOptions
setIntegerMatchers(Map<EventFilterPayload.IntegerProperty, Integer>) - Method in class com.mozilla.secops.parser.EventFilterPayload: Set configured integer matchers
setIntegerRangeMatchers(Map<EventFilterPayload.IntegerProperty, EventFilterPayloadRange<Integer>>) - Method in class com.mozilla.secops.parser.EventFilterPayload: Set configured integer range matchers
setIp(String) - Method in class com.mozilla.secops.IprepdIO.ExemptedObject: Set IP
setIpAddress(String) - Method in class com.mozilla.secops.customs.CustomsAtRiskAccountState.CustomsAtRiskAccountStateModel.ScannedByEntry: Set IP address of entry
setIsp(String) - Method in class com.mozilla.secops.SourceCorrelation.SourceData: Set ISP
setKinesisInputs(ArrayList<String>) - Method in class com.mozilla.secops.input.InputElement: Set Kinesis inputs
setKnownGatewaysPath(String) - Method in interface com.mozilla.secops.httprequest.HTTPRequest.HTTPRequestOptions
setKnownGatewaysPath(String) - Method in class com.mozilla.secops.httprequest.HTTPRequestToggles: Path to list of inital nat gateways
setLatitude(Double) - Method in class com.mozilla.secops.authstate.AuthStateModel.ModelEntry: Set model latitude field
setLongitude(Double) - Method in class com.mozilla.secops.authstate.AuthStateModel.ModelEntry: Set model longitude field
setMatchAny(Boolean) - Method in class com.mozilla.secops.parser.EventFilter: Set match any flag to specified value
setMaxAllowableTimestampDifference(Integer) - Method in interface com.mozilla.secops.InputOptions
setMaxClientErrorRate(Long) - Method in interface com.mozilla.secops.httprequest.HTTPRequest.HTTPRequestOptions
setMaxClientErrorRate(Long) - Method in class com.mozilla.secops.httprequest.HTTPRequestToggles: Set max client error rate
setMaxClientStatusCodeRate(Long) - Method in interface com.mozilla.secops.httprequest.HTTPRequest.HTTPRequestOptions
setMaxClientStatusCodeRate(Long) - Method in class com.mozilla.secops.httprequest.HTTPRequestToggles: Set max client status code rate
setMaximumKilometersFromLastLogin(Double) - Method in interface com.mozilla.secops.authprofile.AuthProfile.AuthProfileOptions
setMaximumKilometersPerHour(Integer) - Method in interface com.mozilla.secops.authprofile.AuthProfile.AuthProfileOptions
setMaximumKilometersPerHour(Integer) - Method in interface com.mozilla.secops.customs.Customs.CustomsOptions
setMaximumKilometersPerHourMonitorOnly(Integer) - Method in interface com.mozilla.secops.customs.Customs.CustomsOptions
setMaxmindAccountId(String) - Method in interface com.mozilla.secops.InputOptions
setMaxmindCityDbPath(String) - Method in interface com.mozilla.secops.InputOptions
setMaxmindCityDbPath(String) - Method in class com.mozilla.secops.parser.ParserCfg: Set Maxmind City database path
setMaxmindIspDbPath(String) - Method in interface com.mozilla.secops.InputOptions
setMaxmindIspDbPath(String) - Method in class com.mozilla.secops.parser.ParserCfg: Set Maxmind ISP database path
setMaxmindLicenseKey(String) - Method in interface com.mozilla.secops.InputOptions
setMaxTimestampDifference(Integer) - Method in class com.mozilla.secops.parser.ParserCfg: Set maximum allowable timestamp difference
setMean(Double) - Method in class com.mozilla.secops.Stats.StatsOutput: Set mean value in result
setMemcachedHost(String) - Method in class com.mozilla.secops.alert.AlertConfiguration: Set memcached host
setMemcachedHost(String) - Method in interface com.mozilla.secops.authprofile.AuthProfile.AuthProfileOptions
setMemcachedHost(String) - Method in interface com.mozilla.secops.customs.Customs.CustomsOptions
setMemcachedPort(Integer) - Method in class com.mozilla.secops.alert.AlertConfiguration: Set memcached port
setMemcachedPort(Integer) - Method in interface com.mozilla.secops.authprofile.AuthProfile.AuthProfileOptions
setMemcachedPort(Integer) - Method in interface com.mozilla.secops.customs.Customs.CustomsOptions
setMetadata(ArrayList<AlertMeta>) - Method in class com.mozilla.secops.alert.Alert: Set alert metadata
setMetadataValue(AlertMeta.Key, String) - Method in class com.mozilla.secops.alert.Alert: Change an existing metadata value
setMinimumDistanceForAlert(Double) - Method in interface com.mozilla.secops.customs.Customs.CustomsOptions
setMinimumDistanceForAlertMonitorOnly(Double) - Method in interface com.mozilla.secops.customs.Customs.CustomsOptions
setMonitoredResource(String) - Method in class com.mozilla.secops.httprequest.HTTPRequestToggles: Set monitored resource
setMonitoredResourceIndicator(String) - Method in interface com.mozilla.secops.OutputOptions
setMozlog(Mozlog) - Method in class com.mozilla.secops.parser.Event: Set mozlog value
setNatDetection(Boolean) - Method in interface com.mozilla.secops.httprequest.HTTPRequest.HTTPRequestOptions
setNotifyMergeKey(String) - Method in class com.mozilla.secops.alert.Alert: Set alert merge key for notifications in metadata
setObject(String) - Method in class com.mozilla.secops.IprepdIO.ExemptedObject: Set object string
setObject(String) - Method in class com.mozilla.secops.IprepdIO.ReputationValue: Set object field
setObject(String) - Method in class com.mozilla.secops.parser.Normalized: Set object field
setObject(String) - Method in class com.mozilla.secops.Watchlist.WatchlistEntry: Set object string
setOperatingMode(Input.OperatingMode) - Method in class com.mozilla.secops.input.Input: Set operating mode
setOutputAlertEmailCatchall(String) - Method in interface com.mozilla.secops.OutputOptions
setOutputAlertEmailFrom(String) - Method in interface com.mozilla.secops.OutputOptions
setOutputAlertGcsTemplateBasePath(String) - Method in interface com.mozilla.secops.OutputOptions
setOutputAlertSlackCatchall(String) - Method in interface com.mozilla.secops.OutputOptions
setOutputAlertSlackToken(String) - Method in interface com.mozilla.secops.OutputOptions
setOutputAlertSmtpCredentials(String) - Method in interface com.mozilla.secops.OutputOptions
setOutputAlertSmtpRelay(String) - Method in interface com.mozilla.secops.OutputOptions
setOutputAlertTemplates(String[]) - Method in interface com.mozilla.secops.OutputOptions
setOutputBigQuery(String) - Method in interface com.mozilla.secops.OutputOptions
setOutputFile(String) - Method in interface com.mozilla.secops.OutputOptions
setOutputIprepd(String[]) - Method in interface com.mozilla.secops.OutputOptions
setOutputIprepdDatastoreExemptionsProject(String) - Method in interface com.mozilla.secops.OutputOptions
setOutputIprepdEnableDatastoreExemptions(Boolean) - Method in interface com.mozilla.secops.OutputOptions
setOutputPubsub(String[]) - Method in interface com.mozilla.secops.OutputOptions
setOutputSqs(String) - Method in interface com.mozilla.secops.OutputOptions
setParentInput(Input) - Method in class com.mozilla.secops.input.InputElement: Set parent Input object
setParserConfiguration(ParserCfg) - Method in class com.mozilla.secops.input.InputElement: Set the parser configuration to use with parsed reads
setParserFastMatcher(String) - Method in interface com.mozilla.secops.InputOptions
setParserFastMatcher(String) - Method in class com.mozilla.secops.parser.ParserCfg: Set parser fast matcher
setPasswordResetAbuseThreshold(Integer) - Method in interface com.mozilla.secops.customs.Customs.CustomsOptions
setPayload(T) - Method in class com.mozilla.secops.parser.Event: Set event payload.
setPayloadFilters(ArrayList<EventFilterPayloadInterface>) - Method in class com.mozilla.secops.parser.EventFilterPayloadOr: Set configured payload filters
setPayloadFilters(ArrayList<EventFilterPayloadInterface>) - Method in class com.mozilla.secops.parser.EventFilterRule: Set payload filters
setPayloadType(String) - Method in class com.mozilla.secops.parser.EventFilterPayload: Set payload filter
setPerEndpointErrorRateAlertSuppressionDurationSeconds(Long) - Method in interface com.mozilla.secops.httprequest.HTTPRequest.HTTPRequestOptions
setPerEndpointErrorRateAlertSuppressionDurationSeconds(Long) - Method in class com.mozilla.secops.httprequest.HTTPRequestToggles: Set alert suppression duration for per endpoint error rate
setPerEndpointErrorRateAnalysisSuppressRecovery(Integer) - Method in interface com.mozilla.secops.httprequest.HTTPRequest.HTTPRequestOptions
setPerEndpointErrorRatePaths(String[]) - Method in interface com.mozilla.secops.httprequest.HTTPRequest.HTTPRequestOptions
setPerEndpointErrorRatePaths(String[]) - Method in class com.mozilla.secops.httprequest.HTTPRequestToggles: Set enable per endpoint error rate analysis setting
setPerEndpointErrorRateSuppressRecovery(Integer) - Method in class com.mozilla.secops.httprequest.HTTPRequestToggles: Set enable per endpoint error rate analysis setting
setPipelineMultimodeConfiguration(String) - Method in interface com.mozilla.secops.httprequest.HTTPRequest.HTTPRequestOptions
setPipelineVersion(String) - Method in interface com.mozilla.secops.InputOptions
setProject(String) - Method in class com.mozilla.secops.input.Input: Set project
setPubsubInputs(ArrayList<String>) - Method in class com.mozilla.secops.input.InputElement: Set Pubsub inputs
setRealAddress(String) - Method in class com.mozilla.secops.customs.PrivateRelayForward.PrivateRelayForwardState: Set real address
setReason(String) - Method in class com.mozilla.secops.customs.CustomsAlert: Set reason
setReferenceID(String) - Method in class com.mozilla.secops.parser.Normalized
setRemoteAddressChain(String) - Method in class com.mozilla.secops.parser.models.amo.Amo: Set remoteAddressChain
setReputation(Integer) - Method in class com.mozilla.secops.IprepdIO.ReputationValue: Set reputation value
setRequestMethod(String) - Method in class com.mozilla.secops.parser.Normalized: Set request method field
setRequestStatus(Integer) - Method in class com.mozilla.secops.parser.Normalized: Set request status
setRequestUrl(String) - Method in class com.mozilla.secops.parser.Normalized: Set request URL field
setRequiredMinimumAverage(Double) - Method in interface com.mozilla.secops.httprequest.HTTPRequest.HTTPRequestOptions
setRequiredMinimumAverage(Double) - Method in class com.mozilla.secops.httprequest.HTTPRequestToggles: Set required minimum average
setRequiredMinimumClients(Long) - Method in interface com.mozilla.secops.httprequest.HTTPRequest.HTTPRequestOptions
setRequiredMinimumClients(Long) - Method in class com.mozilla.secops.httprequest.HTTPRequestToggles: Set required minimum clients
setRequiredMinimumRequestsPerClient(Long) - Method in interface com.mozilla.secops.httprequest.HTTPRequest.HTTPRequestOptions
setRequiredMinimumRequestsPerClient(Long) - Method in class com.mozilla.secops.httprequest.HTTPRequestToggles: Set required minimum number of requests per client
setResultValue(T) - Method in class com.mozilla.secops.state.StateOperation: Set result value
setResultValues(ArrayList<T>) - Method in class com.mozilla.secops.state.StateOperation: Set result values
setRules(ArrayList<EventFilterRule>) - Method in class com.mozilla.secops.parser.EventFilter: Set filter rules
setServiceToggles(HashMap<String, HTTPRequestToggles>) - Method in class com.mozilla.secops.httprequest.HTTPRequestMultiMode: Set service toggles
setSessionContext(SessionContext) - Method in class com.mozilla.secops.parser.models.cloudtrail.UserIdentity
setSessionGapDurationMinutes(Long) - Method in interface com.mozilla.secops.httprequest.HTTPRequest.HTTPRequestOptions
setSessionGapDurationMinutes(Long) - Method in class com.mozilla.secops.httprequest.HTTPRequestToggles: Set session gap duration minutes
setSessionIssuer(HashMap<String, String>) - Method in class com.mozilla.secops.parser.models.cloudtrail.SessionContext
setSessionLimitAnalysisPaths(String[]) - Method in interface com.mozilla.secops.httprequest.HTTPRequest.HTTPRequestOptions
setSessionLimitAnalysisPaths(String[]) - Method in class com.mozilla.secops.httprequest.HTTPRequestToggles: Set session analysis pathes
setSessionLimitAnalysisSuppressRecovery(Integer) - Method in interface com.mozilla.secops.httprequest.HTTPRequest.HTTPRequestOptions
setSessionLimitAnalysisSuppressRecovery(Integer) - Method in class com.mozilla.secops.httprequest.HTTPRequestToggles: Set session limit analysis suppress recovery
setSeverity(Alert.AlertSeverity) - Method in class com.mozilla.secops.alert.Alert: Set alert severity
setSeverity(CustomsAlert.AlertSeverity) - Method in class com.mozilla.secops.customs.CustomsAlert: Set severity
setSeverity(Alert.AlertSeverity) - Method in class com.mozilla.secops.Watchlist.WatchlistEntry: Set severity
setSlackCatchall(String) - Method in class com.mozilla.secops.alert.AlertConfiguration: Set slack catchall channel id
setSlackCatchallTemplate(String) - Method in class com.mozilla.secops.alert.Alert: Set slack catchall template name
setSlackChannelNotification(Boolean) - Method in interface com.mozilla.secops.pioneer.Pioneer.PioneerOptions
setSlackTemplate(String) - Method in class com.mozilla.secops.alert.Alert: Set slack template name
setSlackToken(String) - Method in class com.mozilla.secops.alert.AlertConfiguration: Set slack bot token
setSmtpCredentials(String) - Method in class com.mozilla.secops.alert.AlertConfiguration: Set SMTP credentials
setSmtpRelay(String) - Method in class com.mozilla.secops.alert.AlertConfiguration: Set SMTP relay
setSourceAddress(String, GeoIP.GeoIPData.GeoResolutionMode, ParserState) - Method in class com.mozilla.secops.parser.GeoIP.GeoIPData: Set source address field
setSourceAddress(String, ParserState) - Method in class com.mozilla.secops.parser.Normalized: Set source address field
setSourceAddress(String) - Method in class com.mozilla.secops.parser.Normalized: Set source address field
setSourceAddress(String, ParserState, Normalized) - Method in class com.mozilla.secops.parser.SourcePayloadBase: Set source address field
setSourceAddress(String) - Method in class com.mozilla.secops.parser.SourcePayloadBase: Set source address field
setSourceAddress(String) - Method in class com.mozilla.secops.SourceCorrelation.SourceData: Set source address
setSourceCorrelatorAlertPercentage(Double) - Method in interface com.mozilla.secops.httprequest.HTTPRequest.HTTPRequestOptions
setSourceCorrelatorAlertPercentage(Double) - Method in class com.mozilla.secops.httprequest.HTTPRequestToggles: Set source correlator alert percentage
setSourceCorrelatorMinimumAddresses(Integer) - Method in interface com.mozilla.secops.httprequest.HTTPRequest.HTTPRequestOptions
setSourceCorrelatorMinimumAddresses(Integer) - Method in class com.mozilla.secops.httprequest.HTTPRequestToggles: Set source correlator minimum addresses
setSourceDataType(SourceCorrelation.SourceData.SourceDataType) - Method in class com.mozilla.secops.SourceCorrelation.SourceData: Set source data type
setSourceLoginFailureDistributedThreshold(Integer) - Method in interface com.mozilla.secops.customs.Customs.CustomsOptions
setSourceLoginFailureThreshold(Integer) - Method in interface com.mozilla.secops.customs.Customs.CustomsOptions
setStackdriverLabelFilters(String[]) - Method in interface com.mozilla.secops.InputOptions
setStackdriverLabelFilters(String[]) - Method in class com.mozilla.secops.parser.ParserCfg: Set Stackdriver label filters
setStackdriverLabels(Map<String, String>) - Method in class com.mozilla.secops.parser.Event: Set Stackdriver labels
setStackdriverProject(String) - Method in class com.mozilla.secops.parser.Event: Set Stackdriver project name
setStackdriverProjectFilter(String) - Method in interface com.mozilla.secops.InputOptions
setStackdriverProjectFilter(String) - Method in class com.mozilla.secops.parser.ParserCfg: Set Stackdriver project filter
setStatusCodeAnalysisCode(Integer) - Method in class com.mozilla.secops.httprequest.HTTPRequestToggles: Set code for client status code rate analysis
setStatusCodeRateAnalysisCode(Integer) - Method in interface com.mozilla.secops.httprequest.HTTPRequest.HTTPRequestOptions
setStatusComparatorAddressPath(String) - Method in interface com.mozilla.secops.customs.Customs.CustomsOptions
setStatusTag(Normalized.StatusTag) - Method in class com.mozilla.secops.parser.Normalized: Set normalized status tag
setStringMatchers(Map<EventFilterPayload.StringProperty, String>) - Method in class com.mozilla.secops.parser.EventFilterPayload: Set configured string matchers
setStringRegexMatchers(Map<EventFilterPayload.StringProperty, String>) - Method in class com.mozilla.secops.parser.EventFilterPayload: Set configured string regex matchers
setSubcategory(String) - Method in class com.mozilla.secops.alert.Alert: Set alert subcategory
setSubject(String) - Method in class com.mozilla.secops.authstate.AuthStateModel: Set subject associated with model
setSubjectUser(String) - Method in class com.mozilla.secops.parser.Normalized: Set subject user field
setSubjectUserIdentity(String) - Method in class com.mozilla.secops.parser.Normalized: Set subject user identity field
setSuggestedAction(CustomsAlert.AlertAction) - Method in class com.mozilla.secops.customs.CustomsAlert: Set suggested action
setSummary(String) - Method in class com.mozilla.secops.alert.Alert: Set alert summary
setTaskclusterData(Taskcluster) - Method in class com.mozilla.secops.parser.Taskcluster: Set Taskcluster data element
setTimestamp(DateTime) - Method in class com.mozilla.secops.alert.Alert: Override alert timestamp
setTimestamp(DateTime) - Method in class com.mozilla.secops.authstate.AuthStateModel.ModelEntry: Set timestamp of entry
setTimestamp(DateTime) - Method in class com.mozilla.secops.customs.CustomsAlert: Set timestamp
setTimestamp(DateTime) - Method in class com.mozilla.secops.customs.CustomsAtRiskAccountState.CustomsAtRiskAccountStateModel.ScannedByEntry: Set timestamp of entry
setTimestamp(DateTime) - Method in class com.mozilla.secops.parser.Event: Set event timestamp.
setTotalElements(Long) - Method in class com.mozilla.secops.Stats.StatsOutput: Set total elements that made up result
setTotalSum(Long) - Method in class com.mozilla.secops.Stats.StatsOutput: Set total sum in result
setType(String) - Method in class com.mozilla.secops.IprepdIO.ExemptedObject: Set type string
setType(String) - Method in class com.mozilla.secops.IprepdIO.ReputationValue: Set type value
setType(Normalized.Type) - Method in class com.mozilla.secops.parser.Normalized: Set normalized data type
setType(String) - Method in class com.mozilla.secops.Watchlist.WatchlistEntry: Set type string
setUid(String) - Method in class com.mozilla.secops.customs.PrivateRelayForward.PrivateRelayForwardState: Set UID
setUid(String) - Method in class com.mozilla.secops.parser.models.amo.Amo: Set uid
setup() - Method in class com.mozilla.secops.alert.AlertFormatter
setup() - Method in class com.mozilla.secops.authprofile.AuthProfile.ExtractIdentity
setup() - Method in class com.mozilla.secops.authprofile.AuthProfile.StateAnalyze
setup() - Method in class com.mozilla.secops.customs.CustomsPreFilter
setup() - Method in class com.mozilla.secops.parser.ParserDoFn
setup() - Method in class com.mozilla.secops.parser.ParserMultiDoFn
setup() - Method in class com.mozilla.secops.postprocessing.PostProcessing.WatchlistAnalyze
setUrlRequestHost(String) - Method in class com.mozilla.secops.parser.Normalized: Set extracted URL request host field
setUrlRequestPath(String) - Method in class com.mozilla.secops.parser.Normalized: Set extracted URL request path field
setUseEventTimestamp(Boolean) - Method in interface com.mozilla.secops.InputOptions
setUseEventTimestamp(Boolean) - Method in class com.mozilla.secops.parser.ParserCfg: Set event timestamp emission setting
setUseEventTimestampForAlert(Boolean) - Method in interface com.mozilla.secops.authprofile.AuthProfile.AuthProfileOptions
setUseProxyXff(Boolean) - Method in interface com.mozilla.secops.InputOptions
setUseProxyXff(Boolean) - Method in class com.mozilla.secops.parser.ParserCfg: Set enable proxy xff
setUserAgent(String) - Method in class com.mozilla.secops.authstate.AuthStateModel.ModelEntry: Set user agent field
setUserAgent(String) - Method in class com.mozilla.secops.parser.Normalized: Set user agent
setUserAgentBlocklistPath(String) - Method in interface com.mozilla.secops.httprequest.HTTPRequest.HTTPRequestOptions
setUserAgentBlocklistPath(String) - Method in class com.mozilla.secops.httprequest.HTTPRequestToggles: Set user agent blocklist path
setUseXffAsRemote(Boolean) - Method in interface com.mozilla.secops.InputOptions
setUseXffAsRemote(Boolean) - Method in class com.mozilla.secops.parser.ParserCfg: Parse the X-Forwarded-For header instead of the remote addr
setValue(String) - Method in class com.mozilla.secops.alert.AlertMeta: Set metadata value
setWantStackdriverLabels(Map<String, String>) - Method in class com.mozilla.secops.parser.EventFilterRule: Set Stackdriver label filters
setWantUTC(Boolean) - Method in class com.mozilla.secops.parser.EventFilter: Choose to ignore non-UTC timezone events
setWarningSeverityEmail(String) - Method in interface com.mozilla.secops.postprocessing.PostProcessing.PostProcessingOptions
setXffAddressSelector(String) - Method in interface com.mozilla.secops.InputOptions
setXffAddressSelector(ArrayList<String>) - Method in class com.mozilla.secops.parser.ParserCfg: Set XFF address selectors
shouldAlertViaEmail() - Method in class com.mozilla.secops.identity.Identity: Returns true if this identity should be alerted via email
shouldAlertViaSlack() - Method in class com.mozilla.secops.identity.Identity: Returns true if this identity should be alerted via slack
shouldNotifyViaEmail() - Method in class com.mozilla.secops.identity.Identity: Returns true if this identity should be notified via email
shouldNotifyViaSlack() - Method in class com.mozilla.secops.identity.Identity: Returns true if this identity should be notified via slack
shouldUseXff() - Method in class com.mozilla.secops.parser.Parser: Returns true if using an XFF header is enabled in the parser
simplex() - Method in class com.mozilla.secops.input.Input: Enable simplex input mode
SIMPLEX_DEFAULT_ELEMENT - Static variable in class com.mozilla.secops.input.Input: Default simplex element name
simplexRead() - Method in class com.mozilla.secops.input.Input: Return a transform that will ingest data, and emit parsed events in simplex mode
SimplexReader(Input) - Constructor for class com.mozilla.secops.input.Input.SimplexReader: Create new SimplexReader
SimplexReaderRaw(Input) - Constructor for class com.mozilla.secops.input.Input.SimplexReaderRaw: Create new SimplexReaderRaw
simplexReadRaw() - Method in class com.mozilla.secops.input.Input: Return a transform that will ingest data, and emit raw strings in simplex mode
SlackManager - Class in com.mozilla.secops.slack
SlackManager(String) - Constructor for class com.mozilla.secops.slack.SlackManager: Construct new slack manager object
SourceCorrelation - Class in com.mozilla.secops: Source address ingestion and alert correlation
SourceCorrelation() - Constructor for class com.mozilla.secops.SourceCorrelation
SourceCorrelation.AlertSourceExtractor - Class in com.mozilla.secops: Convert Alert to SourceCorrelation.SourceData
SourceCorrelation.EventSourceExtractor - Class in com.mozilla.secops: Convert Event to SourceCorrelation.SourceData
SourceCorrelation.SourceCorrelator - Class in com.mozilla.secops: Transform for source address alert and ingestion correlation
SourceCorrelation.SourceData - Class in com.mozilla.secops: SourceData is an intermediate format used to store information about a given source address observed in the ingestion or alert stream.
SourceCorrelation.SourceData.SourceDataType - Enum in com.mozilla.secops: Source data types
SourceCorrelator(HTTPRequestToggles) - Constructor for class com.mozilla.secops.SourceCorrelation.SourceCorrelator: Initialize new SourceCorrelator
SourceData() - Constructor for class com.mozilla.secops.SourceCorrelation.SourceData
SourceId - Class in com.mozilla.secops.parser.models.etd
SourceId() - Constructor for class com.mozilla.secops.parser.models.etd.SourceId
SourceLogId - Class in com.mozilla.secops.parser.models.etd
SourceLogId() - Constructor for class com.mozilla.secops.parser.models.etd.SourceLogId
SourceLoginFailure - Class in com.mozilla.secops.customs: Simple detection of excessive login failures per-source across fixed window
SourceLoginFailure(Customs.CustomsOptions) - Constructor for class com.mozilla.secops.customs.SourceLoginFailure: Initialize new SourceLoginFailure
SourceLoginFailureDist - Class in com.mozilla.secops.customs: Detect login failures for a single account occuring from multiple source addresses in a fixed window of time.
SourceLoginFailureDist(Customs.CustomsOptions) - Constructor for class com.mozilla.secops.customs.SourceLoginFailureDist: Initialize new SourceLoginFailureDist
SourcePayloadBase - Class in com.mozilla.secops.parser: Extension of PayloadBase that unifies source address field handling
SourcePayloadBase() - Constructor for class com.mozilla.secops.parser.SourcePayloadBase: Initialize SourcePayloadBase
splitListValues(AlertMeta.Key, String) - Static method in class com.mozilla.secops.alert.AlertMeta: Split a list of values for a specific metadata key
SqsIO - Class in com.mozilla.secops: SqsIO provides an IO transform for writing messages to SQS
SqsIO() - Constructor for class com.mozilla.secops.SqsIO
SqsIO.Write - Class in com.mozilla.secops
STACKDRIVER_LOG_RESOURCE_TYPE - Static variable in class com.mozilla.secops.parser.ETDBeta: StackDriver log resource type for an ETD Finding
State - Class in com.mozilla.secops.state: Represents a generic state interface that can be used to store and load state from or to a persistent storage source
State(StateInterface) - Constructor for class com.mozilla.secops.state.State: Construct a new state instance using the specified StateInterface
StateAnalyze(AuthProfile.AuthProfileOptions) - Constructor for class com.mozilla.secops.authprofile.AuthProfile.StateAnalyze: Static initializer for AuthProfile.StateAnalyze using specified pipeline options
StateCursor<T> - Class in com.mozilla.secops.state: Generic state cursor implementation
StateCursor(Class<T>) - Constructor for class com.mozilla.secops.state.StateCursor: Allocate new StateCursor
StateException - Exception in com.mozilla.secops.state: Exception indicating a general error in state processing
StateException(String) - Constructor for exception com.mozilla.secops.state.StateException: Construct new StateException
StateInterface - Interface in com.mozilla.secops.state: Interface for state implementations
StateOperation<T> - Class in com.mozilla.secops.state: Represents a single state operation
StateOperation() - Constructor for class com.mozilla.secops.state.StateOperation: Create new StateOperation
StateOperation.OperationType - Enum in com.mozilla.secops.state: Available state operation types
Stats - Class in com.mozilla.secops: Generic statistics class
Stats.StatsCombiner - Class in com.mozilla.secops: Combine.CombineFn for performing statistics operations on a collection of values
Stats.StatsOutput - Class in com.mozilla.secops: Output of statistics transform
StatusCodeRateAnalysis - Class in com.mozilla.secops.httprequest.heuristics: Transform for analysis of rates of specific response codes per client in a fixed window
StatusCodeRateAnalysis(HTTPRequestToggles, Boolean, String) - Constructor for class com.mozilla.secops.httprequest.heuristics.StatusCodeRateAnalysis: Initializer for StatusCodeRateAnalysis
StreamWriter - Class in com.mozilla.secops.streamwriter: Simple IO stream writer
StreamWriter() - Constructor for class com.mozilla.secops.streamwriter.StreamWriter
StreamWriter.StreamWriterOptions - Interface in com.mozilla.secops.streamwriter: Runtime options for StreamWriter pipeline.
StringDistance - Class in com.mozilla.secops: Levenshtein string distance calculation
StringDistance() - Constructor for class com.mozilla.secops.StringDistance
stripMaskFromCidr(String) - Static method in class com.mozilla.secops.CidrUtil: Strip the mask component from a CIDR subnet.
SuppressAlerts(ETDTransforms.Options) - Constructor for class com.mozilla.secops.gatekeeper.ETDTransforms.SuppressAlerts: static initializer for alert suppression
SuppressAlerts(GuardDutyTransforms.Options) - Constructor for class com.mozilla.secops.gatekeeper.GuardDutyTransforms.SuppressAlerts: static initializer for alert suppression
SYSLOG_TS_RE - Static variable in class com.mozilla.secops.parser.Parser

T

TAG_FXA_AUTH_EVENTS - Static variable in class com.mozilla.secops.customs.CustomsPreFilter: Tuple tag used for FxA auth events
TAG_FXA_CONTENT_EVENTS - Static variable in class com.mozilla.secops.customs.CustomsPreFilter
TAG_RELAY_EVENTS - Static variable in class com.mozilla.secops.customs.CustomsPreFilter: Tuple tag used for private relay events
Taskcluster - Class in com.mozilla.secops.parser.models.taskcluster: Describes the format of a Taskcluster event
Taskcluster() - Constructor for class com.mozilla.secops.parser.models.taskcluster.Taskcluster
Taskcluster - Class in com.mozilla.secops.parser: Payload parser for Taskcluster log data
Taskcluster() - Constructor for class com.mozilla.secops.parser.Taskcluster: Construct matcher object.
Taskcluster(String, Event, ParserState) - Constructor for class com.mozilla.secops.parser.Taskcluster: Construct parser object.
teardown() - Method in class com.mozilla.secops.authprofile.AuthProfile.StateAnalyze
teardown() - Method in class com.mozilla.secops.postprocessing.PostProcessing.WatchlistAnalyze
TemplateManager - Class in com.mozilla.secops.alert: Manager class for processing templates using Freemarker
TemplateManager(AlertConfiguration) - Constructor for class com.mozilla.secops.alert.TemplateManager: Construct new template manager object
threshold - Variable in class com.mozilla.secops.httprequest.heuristics.EndpointAbuseAnalysis.EndpointAbuseEndpointInfo: Threshold
threshold - Variable in class com.mozilla.secops.httprequest.heuristics.EndpointSequenceAbuse.EndpointSequenceAbuseTimingInfo
threshold - Variable in class com.mozilla.secops.httprequest.heuristics.PerEndpointErrorRateAnalysis.EndpointErrorInfo: Threshold
threshold - Variable in class com.mozilla.secops.httprequest.heuristics.SessionLimitAnalysis.LimitInfo: Threshold
ThresholdAnalysis - Class in com.mozilla.secops.httprequest.heuristics: Composite transform that conducts threshold analysis using the configured threshold modifier
ThresholdAnalysis(HTTPRequestToggles, Boolean, String, PCollectionView<Map<String, Boolean>>) - Constructor for class com.mozilla.secops.httprequest.heuristics.ThresholdAnalysis: Static initializer for ThresholdAnalysis.
timeSortedEntries() - Method in class com.mozilla.secops.authstate.AuthStateModel: Return all entries in AuthStateModel as an array list, sorted by timestamp
timestamp - Variable in class com.mozilla.secops.alert.AlertSuppressor.AlertSuppressionState: Timestamp
timestamp - Variable in class com.mozilla.secops.authstate.AuthStateModel.ModelEntryUpdate: Timestamp to associate with entry
timestamp - Variable in class com.mozilla.secops.httprequest.heuristics.EndpointAbuseAnalysis.EndpointAbuseState: Timestamp
toCollection(PBegin) - Method in class com.mozilla.secops.input.KinesisInput: Apply KinesisIO using configuration set in object
toEventFilterRule() - Method in class com.mozilla.secops.awsbehavior.CloudtrailMatcher: Converts CloudtrailMatcher into an EventFilterRule as regex matchers.
toJSON() - Method in class com.mozilla.secops.alert.Alert: Return JSON string representation.
toJSON() - Method in class com.mozilla.secops.customs.CustomsAlert: Return JSON string representation.
toJSON() - Method in class com.mozilla.secops.parser.Event: Convert event into JSON string representation
toJSON() - Method in class com.mozilla.secops.Violation: Convert Violation to JSON string
toJSON() - Method in class com.mozilla.secops.Watchlist.WatchlistEntry: Return JSON string representation.
toKV() - Method in class com.mozilla.secops.parser.KeyedEvent: Convert KeyedEvent to KV
toStandardFilter() - Method in class com.mozilla.secops.httprequest.HTTPRequestToggles: Convert the toggles to a standard EventFilter for use in HTTPRequest
toString() - Method in enum com.mozilla.secops.authprofile.AuthProfile.StateAnalyze.ActionType
toString() - Method in class com.mozilla.secops.httprequest.heuristics.EndpointSequenceAbuse.EndpointSequenceAbuseTimingInfo: Convert configuration to String

U

updateEntry(String, Double, Double) - Method in class com.mozilla.secops.authstate.AuthStateModel: Update state entry for user to indicate authentication from address
updateEntry(String, DateTime, Double, Double) - Method in class com.mozilla.secops.authstate.AuthStateModel: Update state entry for user to indicate authentication from address setting specified timestamp on the entry
updateEntry(AuthStateModel.ModelEntryUpdate) - Method in class com.mozilla.secops.authstate.AuthStateModel: Update state entry for user to indicate authentication from address setting specified timestamp on the entry
userAgent - Variable in class com.mozilla.secops.authstate.AuthStateModel.ModelEntryUpdate: An optional user agent to associate with the update
UserAgentBlocklistAnalysis - Class in com.mozilla.secops.httprequest.heuristics: Analysis to identify known bad user agents
UserAgentBlocklistAnalysis(HTTPRequestToggles, Boolean, String, PCollectionView<Map<String, Boolean>>) - Constructor for class com.mozilla.secops.httprequest.heuristics.UserAgentBlocklistAnalysis: Initialize new UserAgentBlocklistAnalysis
UserIdentity - Class in com.mozilla.secops.parser.models.cloudtrail: Model for userIdentity element in Cloudtrail Events
UserIdentity() - Constructor for class com.mozilla.secops.parser.models.cloudtrail.UserIdentity

V

validate(String) - Method in enum com.mozilla.secops.alert.AlertMeta.Key: Validate the format of a value to be used for this key
validate() - Method in class com.mozilla.secops.alert.TemplateManager: Validate TemplateManager by checking that all registered templates can be found.
validEmail(String) - Static method in class com.mozilla.secops.MiscUtil: Validate email address format
valueOf(String) - Static method in enum com.mozilla.secops.alert.Alert.AlertSeverity: Returns the enum constant of this type with the specified name.
valueOf(String) - Static method in enum com.mozilla.secops.alert.AlertMeta.Key.AssociatedKey: Returns the enum constant of this type with the specified name.
valueOf(String) - Static method in enum com.mozilla.secops.alert.AlertMeta.Key: Returns the enum constant of this type with the specified name.
valueOf(String) - Static method in enum com.mozilla.secops.alert.AlertMeta.Key.ValueType: Returns the enum constant of this type with the specified name.
valueOf(String) - Static method in enum com.mozilla.secops.authprofile.AuthProfile.StateAnalyze.ActionType: Returns the enum constant of this type with the specified name.
valueOf(String) - Static method in enum com.mozilla.secops.customs.CustomsAlert.AlertAction: Returns the enum constant of this type with the specified name.
valueOf(String) - Static method in enum com.mozilla.secops.customs.CustomsAlert.AlertSeverity: Returns the enum constant of this type with the specified name.
valueOf(String) - Static method in enum com.mozilla.secops.customs.CustomsAlert.IndicatorType: Returns the enum constant of this type with the specified name.
valueOf(String) - Static method in enum com.mozilla.secops.identity.NotificationPreferences.Method: Returns the enum constant of this type with the specified name.
valueOf(String) - Static method in enum com.mozilla.secops.parser.AmoDocker.EventType: Returns the enum constant of this type with the specified name.
valueOf(String) - Static method in enum com.mozilla.secops.parser.BmoAudit.AuditType: Returns the enum constant of this type with the specified name.
valueOf(String) - Static method in enum com.mozilla.secops.parser.EventFilterPayload.IntegerProperty: Returns the enum constant of this type with the specified name.
valueOf(String) - Static method in enum com.mozilla.secops.parser.EventFilterPayload.StringProperty: Returns the enum constant of this type with the specified name.
valueOf(String) - Static method in enum com.mozilla.secops.parser.FxaAuth.EventSummary: Returns the enum constant of this type with the specified name.
valueOf(String) - Static method in enum com.mozilla.secops.parser.FxaContent.RequestType: Returns the enum constant of this type with the specified name.
valueOf(String) - Static method in enum com.mozilla.secops.parser.GeoIP.GeoIPData.GeoResolutionMode: Returns the enum constant of this type with the specified name.
valueOf(String) - Static method in enum com.mozilla.secops.parser.models.fxaauth.FxaAuth.Errno: Returns the enum constant of this type with the specified name.
valueOf(String) - Static method in enum com.mozilla.secops.parser.Normalized.StatusTag: Returns the enum constant of this type with the specified name.
valueOf(String) - Static method in enum com.mozilla.secops.parser.Normalized.Type: Returns the enum constant of this type with the specified name.
valueOf(String) - Static method in enum com.mozilla.secops.parser.Payload.PayloadType: Returns the enum constant of this type with the specified name.
valueOf(String) - Static method in enum com.mozilla.secops.parser.PrivateRelay.EventType: Returns the enum constant of this type with the specified name.
valueOf(String) - Static method in enum com.mozilla.secops.SourceCorrelation.SourceData.SourceDataType: Returns the enum constant of this type with the specified name.
valueOf(String) - Static method in enum com.mozilla.secops.state.StateOperation.OperationType: Returns the enum constant of this type with the specified name.
valueOf(String) - Static method in enum com.mozilla.secops.Violation.ViolationType: Returns the enum constant of this type with the specified name.
values() - Static method in enum com.mozilla.secops.alert.Alert.AlertSeverity: Returns an array containing the constants of this enum type, in the order they are declared.
values() - Static method in enum com.mozilla.secops.alert.AlertMeta.Key.AssociatedKey: Returns an array containing the constants of this enum type, in the order they are declared.
values() - Static method in enum com.mozilla.secops.alert.AlertMeta.Key: Returns an array containing the constants of this enum type, in the order they are declared.
values() - Static method in enum com.mozilla.secops.alert.AlertMeta.Key.ValueType: Returns an array containing the constants of this enum type, in the order they are declared.
values() - Static method in enum com.mozilla.secops.authprofile.AuthProfile.StateAnalyze.ActionType: Returns an array containing the constants of this enum type, in the order they are declared.
values() - Static method in enum com.mozilla.secops.customs.CustomsAlert.AlertAction: Returns an array containing the constants of this enum type, in the order they are declared.
values() - Static method in enum com.mozilla.secops.customs.CustomsAlert.AlertSeverity: Returns an array containing the constants of this enum type, in the order they are declared.
values() - Static method in enum com.mozilla.secops.customs.CustomsAlert.IndicatorType: Returns an array containing the constants of this enum type, in the order they are declared.
values() - Static method in enum com.mozilla.secops.identity.NotificationPreferences.Method: Returns an array containing the constants of this enum type, in the order they are declared.
values() - Static method in enum com.mozilla.secops.parser.AmoDocker.EventType: Returns an array containing the constants of this enum type, in the order they are declared.
values() - Static method in enum com.mozilla.secops.parser.BmoAudit.AuditType: Returns an array containing the constants of this enum type, in the order they are declared.
values() - Static method in enum com.mozilla.secops.parser.EventFilterPayload.IntegerProperty: Returns an array containing the constants of this enum type, in the order they are declared.
values() - Static method in enum com.mozilla.secops.parser.EventFilterPayload.StringProperty: Returns an array containing the constants of this enum type, in the order they are declared.
values() - Static method in enum com.mozilla.secops.parser.FxaAuth.EventSummary: Returns an array containing the constants of this enum type, in the order they are declared.
values() - Static method in enum com.mozilla.secops.parser.FxaContent.RequestType: Returns an array containing the constants of this enum type, in the order they are declared.
values() - Static method in enum com.mozilla.secops.parser.GeoIP.GeoIPData.GeoResolutionMode: Returns an array containing the constants of this enum type, in the order they are declared.
values() - Static method in enum com.mozilla.secops.parser.models.fxaauth.FxaAuth.Errno: Returns an array containing the constants of this enum type, in the order they are declared.
values() - Static method in enum com.mozilla.secops.parser.Normalized.StatusTag: Returns an array containing the constants of this enum type, in the order they are declared.
values() - Static method in enum com.mozilla.secops.parser.Normalized.Type: Returns an array containing the constants of this enum type, in the order they are declared.
values() - Static method in enum com.mozilla.secops.parser.Payload.PayloadType: Returns an array containing the constants of this enum type, in the order they are declared.
values() - Static method in enum com.mozilla.secops.parser.PrivateRelay.EventType: Returns an array containing the constants of this enum type, in the order they are declared.
values() - Static method in enum com.mozilla.secops.SourceCorrelation.SourceData.SourceDataType: Returns an array containing the constants of this enum type, in the order they are declared.
values() - Static method in enum com.mozilla.secops.state.StateOperation.OperationType: Returns an array containing the constants of this enum type, in the order they are declared.
values() - Static method in enum com.mozilla.secops.Violation.ViolationType: Returns an array containing the constants of this enum type, in the order they are declared.
VELOCITY_KIND - Static variable in class com.mozilla.secops.customs.CustomsVelocity
Version - Class in com.mozilla.secops
Version() - Constructor for class com.mozilla.secops.Version
Violation - Class in com.mozilla.secops: Represents a violation as would be submitted to iprepd
Violation(String, String, String) - Constructor for class com.mozilla.secops.Violation: Create new Violation
Violation(String, String, String, Integer) - Constructor for class com.mozilla.secops.Violation: Create new Violation with recovery suppression value
Violation.ViolationType - Enum in com.mozilla.secops: Valid violation types
VIOLATION_WRITES_METRIC - Static variable in class com.mozilla.secops.IprepdIO: Custom metric name used to count iprepd violation submissions from write functions

W

wantNormalizedType(Normalized.Type) - Method in class com.mozilla.secops.parser.EventFilterRule: Add match criteria for a normalized event type
wantStackdriverLabel(String, String) - Method in class com.mozilla.secops.parser.EventFilterRule: Add match criteria for a Stackdriver label
wantStackdriverProject(String) - Method in class com.mozilla.secops.parser.EventFilterRule: Add match criteria for Stackdriver project
wantSubtype(Payload.PayloadType) - Method in class com.mozilla.secops.parser.EventFilterRule: Add match criteria for a payload subtype
Watchlist - Class in com.mozilla.secops: Watchlist is used by pipelines to query watchlist entries stored within Datastore.
Watchlist() - Constructor for class com.mozilla.secops.Watchlist: Return a new watchlist interface for fetching watchlist entries
Watchlist(String) - Constructor for class com.mozilla.secops.Watchlist: Return a new watchlist interface for fetching watchlist entries
Watchlist.WatchlistEntry - Class in com.mozilla.secops
WATCHLIST_ALERT_PROCESSING_TIME_METRIC - Static variable in class com.mozilla.secops.postprocessing.PostProcessing: Alert processing time for watchlist
WatchlistAnalyze(PostProcessing.PostProcessingOptions) - Constructor for class com.mozilla.secops.postprocessing.PostProcessing.WatchlistAnalyze: Initialize WatchlistAnalyze with PostProcessing.PostProcessingOptions
watchlistDatastoreNamespace - Static variable in class com.mozilla.secops.Watchlist: Namespace for watchlist entries in Datastore
watchlistEmailKind - Static variable in class com.mozilla.secops.Watchlist: Kind for watchlist email entry in Datastore
WatchlistEntry() - Constructor for class com.mozilla.secops.Watchlist.WatchlistEntry
watchlistIpKind - Static variable in class com.mozilla.secops.Watchlist: Kind for watchlist IP entry in Datastore
WindowForFixed() - Constructor for class com.mozilla.secops.httprequest.HTTPRequest.WindowForFixed
withConfiguration(ParserCfg) - Method in class com.mozilla.secops.parser.ParserDoFn: Configure this function to use the specified configuration in the parser
withCurrentSource(String) - Method in class com.mozilla.secops.authstate.AuthStateModel.GeoVelocityResponse: Set current source address
withInlineEventFilter(EventFilter) - Method in class com.mozilla.secops.parser.ParserDoFn: Install an inline EventFilter in this transform
withInputElement(InputElement) - Method in class com.mozilla.secops.input.Input: Add input element
withIntegerMatch(EventFilterPayload.IntegerProperty, Integer) - Method in class com.mozilla.secops.parser.EventFilterPayload: Add a new simple integer match to the payload filter
withIntegerRangeMatch(EventFilterPayload.IntegerProperty, int, int) - Method in class com.mozilla.secops.parser.EventFilterPayload: Add an integer range match to the payload filter
withKnownGateways(String) - Method in class com.mozilla.secops.DetectNat.UserAgentBased: Returns a UserAgentBased PTransform like this one but with a list of known gateways that are parsed from a file.
withKnownGateways(Map<String, Boolean>) - Method in class com.mozilla.secops.DetectNat.UserAgentBased: Returns a UserAgentBased PTransform like this one but with a map of ip addresses that are known already to be gateways.
withOperation(StateOperation<T>) - Method in class com.mozilla.secops.state.StateCursor: Add an operation for execution in the cursor
withOptions(OutputOptions) - Static method in class com.mozilla.secops.CompositeOutput: Return a new composite output transform that can be used as the final stage in a pipeline.
withPreviousSource(String) - Method in class com.mozilla.secops.authstate.AuthStateModel.GeoVelocityResponse: Set previous source address
withStringMatch(EventFilterPayload.StringProperty, String) - Method in class com.mozilla.secops.parser.EventFilterPayload: Add a new simple string match to the payload filter
withStringRegexMatch(EventFilterPayload.StringProperty, String) - Method in class com.mozilla.secops.parser.EventFilterPayload: Add a new string regex match to the payload filter
withTransformDoc(DocumentingTransform) - Method in class com.mozilla.secops.metrics.CfgTickBuilder: Add documentation about a transform to the configuration tick
Workshop - Class in com.mozilla.secops.workshop: Getting started with Beam workshop pipeline.
Workshop() - Constructor for class com.mozilla.secops.workshop.Workshop
Workshop.ExtractWords - Class in com.mozilla.secops.workshop: DoFn to perform extraction of words from each line of input.
Workshop.PrintOutput - Class in com.mozilla.secops.workshop: An output transform that simply prints a string
Workshop.WorkshopOptions - Interface in com.mozilla.secops.workshop: Runtime options for Workshop pipeline.
write(AlertConfiguration) - Static method in class com.mozilla.secops.alert.AlertIO: Return PTransform to handle alerting output
Write(AlertConfiguration) - Constructor for class com.mozilla.secops.alert.AlertIO.Write: Create new alert handler transform
Write(String[], String) - Constructor for class com.mozilla.secops.IprepdIO.Write: Create new iprepd write transform
write(String, String) - Static method in class com.mozilla.secops.SqsIO: Return PTransform to write messages to SQS
Write(String, String, String, String) - Constructor for class com.mozilla.secops.SqsIO.Write: Create new SqsIO write transfrom
writeSpecs(String[], String) - Static method in class com.mozilla.secops.IprepdIO: Return PTransform to emit violations to one or more instances of iprepd

A B C D E F G H I J K L M N O P R S T U V W