| Package | Description |
|---|---|
| com.mozilla.secops |
General utility classes and transforms for secops-beam
|
| com.mozilla.secops.alert |
Alert generation and output
|
| com.mozilla.secops.amo |
AMO analysis pipeline
|
| com.mozilla.secops.authprofile |
Pipeline for authentication source profiling and alerting
|
| com.mozilla.secops.authstate |
Authentication state storage and utility classes
|
| com.mozilla.secops.awsbehavior |
Pipeline for monitoring AWS Cloudtrail events
|
| com.mozilla.secops.crypto |
Utilities for dealing with runtime secrets in Beam pipelines
|
| com.mozilla.secops.customs |
Customs FxA analysis pipeline
|
| com.mozilla.secops.customs.CustomsAtRiskAccountState | |
| com.mozilla.secops.gatekeeper |
Pipeline for AWS Guardduty and GCP ETD analysis
|
| com.mozilla.secops.httprequest |
HTTP request threshold and error rate monitoring
|
| com.mozilla.secops.httprequest.heuristics | |
| com.mozilla.secops.identity |
Centralized identity mapping and translation for user identities
|
| com.mozilla.secops.input |
Pipeline input
|
| com.mozilla.secops.metrics |
Metrics support classes
|
| com.mozilla.secops.parser |
Log parsing, processing, and enrichment
|
| com.mozilla.secops.parser.models.amo |
JSON model for AMO events
|
| com.mozilla.secops.parser.models.auth0 |
JSON model for Auth0 events
|
| com.mozilla.secops.parser.models.cloudtrail |
JSON model for Cloudtrail events
|
| com.mozilla.secops.parser.models.cloudwatch |
generic JSON model for AWS CloudWatch events
|
| com.mozilla.secops.parser.models.duopull |
JSON model for Duopull events
|
| com.mozilla.secops.parser.models.etd |
JSON model for GCP ETDBeta Findings
|
| com.mozilla.secops.parser.models.fxaauth |
JSON model for FxA auth server events
|
| com.mozilla.secops.parser.models.fxacontent | |
| com.mozilla.secops.parser.models.gcpvpcflow |
JSON model for GCP VPC flow events
|
| com.mozilla.secops.parser.models.nginxstackdriver |
JSON model for nginx log messages in Stackdriver jsonPayload
|
| com.mozilla.secops.parser.models.taskcluster |
JSON model for Taskcluster events
|
| com.mozilla.secops.pioneer |
Pioneer analysis pipeline
|
| com.mozilla.secops.postprocessing |
Pipeline for further processing of and correlation between alerts
|
| com.mozilla.secops.slack |
Classes for handling publication of messages to Slack
|
| com.mozilla.secops.state |
Classes for handling persistent state for Beam pipelines
|
| com.mozilla.secops.streamwriter |
Simple stream writer
|
| com.mozilla.secops.window |
Utility window transforms
|
| com.mozilla.secops.workshop |
Getting started with Beam introduction pipeline
|
Copyright © 2022. All rights reserved.