Serialized Form

Package com.mozilla.secops

Class com.mozilla.secops.DetectNat.UserAgentBased extends org.apache.beam.sdk.transforms.PTransform<org.apache.beam.sdk.values.PCollection<Event>,org.apache.beam.sdk.values.PCollection<org.apache.beam.sdk.values.KV<String,Boolean>>> implements Serializable

serialVersionUID:

1L

Serialized Fields

knownGateways

Map<K,V> knownGateways

knownGatewaysPath

String knownGatewaysPath

Class com.mozilla.secops.IprepdIO.Write extends org.apache.beam.sdk.transforms.PTransform<org.apache.beam.sdk.values.PCollection<String>,org.apache.beam.sdk.values.PDone> implements Serializable

serialVersionUID:

1L

Serialized Fields

iprepdSpecs

String[] iprepdSpecs

project

String project

Class com.mozilla.secops.Minfraud extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

log

org.slf4j.Logger log

mfClient

com.maxmind.minfraud.WebServiceClient mfClient

Class com.mozilla.secops.SourceCorrelation.AlertSourceExtractor extends org.apache.beam.sdk.transforms.DoFn<Alert,SourceCorrelation.SourceData> implements Serializable

serialVersionUID:

1L

Class com.mozilla.secops.SourceCorrelation.EventSourceExtractor extends org.apache.beam.sdk.transforms.DoFn<Event,SourceCorrelation.SourceData> implements Serializable

serialVersionUID:

1L

Class com.mozilla.secops.SourceCorrelation.SourceCorrelator extends org.apache.beam.sdk.transforms.PTransform<org.apache.beam.sdk.values.PCollection<SourceCorrelation.SourceData>,org.apache.beam.sdk.values.PCollection<Alert>> implements Serializable

serialVersionUID:

1L

Serialized Fields

monitoredResource

String monitoredResource

sourceMinimum

int sourceMinimum

alertPercentage

double alertPercentage

Class com.mozilla.secops.SourceCorrelation.SourceData extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

sourceAddress

String sourceAddress

city

String city

country

String country

asn

Integer asn

isp

String isp

type

SourceCorrelation.SourceData.SourceDataType type

Class com.mozilla.secops.SqsIO.Write extends org.apache.beam.sdk.transforms.PTransform<org.apache.beam.sdk.values.PCollection<String>,org.apache.beam.sdk.values.PDone> implements Serializable

serialVersionUID:

1L

Serialized Fields

queueUrl

String queueUrl

key

String key

secret

String secret

region

String region

Class com.mozilla.secops.Stats extends org.apache.beam.sdk.transforms.PTransform<org.apache.beam.sdk.values.PCollection<Long>,org.apache.beam.sdk.values.PCollection<Stats.StatsOutput>> implements Serializable

serialVersionUID:

1L

Class com.mozilla.secops.Stats.StatsCombiner extends org.apache.beam.sdk.transforms.Combine.CombineFn<Long,com.mozilla.secops.Stats.StatsCombiner.State,Stats.StatsOutput> implements Serializable

serialVersionUID:

1L

Serialized Fields

log

org.slf4j.Logger log

Class com.mozilla.secops.Stats.StatsOutput extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

sid

UUID sid

totalElements

Long totalElements

totalSum

Long totalSum

mean

Double mean

Package com.mozilla.secops.alert

Class com.mozilla.secops.alert.Alert extends Object implements Serializable

serialVersionUID:

1L

Serialization Methods

writeObject

private void writeObject(ObjectOutputStream o)
                  throws IOException

Throws:

IOException

Serialized Fields

alertId

UUID alertId

summary

String summary

category

String category

payload

String payload

timestamp

org.joda.time.DateTime timestamp

metadata

ArrayList<E> metadata

metaLock

ReentrantLock metaLock

severity

Alert.AlertSeverity severity

Class com.mozilla.secops.alert.AlertConfiguration extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

smtpCredentials

String smtpCredentials

smtpRelay

String smtpRelay

emailCatchall

String emailCatchall

emailFrom

String emailFrom

gcpProject

String gcpProject

slackToken

String slackToken

slackCatchall

String slackCatchall

memcachedHost

String memcachedHost

memcachedPort

Integer memcachedPort

datastoreNamespace

String datastoreNamespace

datastoreKind

String datastoreKind

gcsTemplateBasePath

String gcsTemplateBasePath

registeredTemplates

ArrayList<E> registeredTemplates

Class com.mozilla.secops.alert.AlertFormatter extends org.apache.beam.sdk.transforms.DoFn<Alert,Alert> implements Serializable

serialVersionUID:

1L

Serialized Fields

monitoredResourceIndicator

String monitoredResourceIndicator

addressFields

String[] addressFields

maxmindCityDbPath

String maxmindCityDbPath

maxmindIspDbPath

String maxmindIspDbPath

geoip

GeoIP geoip

Class com.mozilla.secops.alert.AlertFormatter.AlertToString extends org.apache.beam.sdk.transforms.SimpleFunction<Alert,String> implements Serializable

serialVersionUID:

1L

Class com.mozilla.secops.alert.AlertIO.AlertNotifyMerge extends org.apache.beam.sdk.transforms.PTransform<org.apache.beam.sdk.values.PCollection<String>,org.apache.beam.sdk.values.PCollection<Alert>> implements Serializable

serialVersionUID:

1L

Serialized Fields

log

org.slf4j.Logger log

Class com.mozilla.secops.alert.AlertIO.Write extends org.apache.beam.sdk.transforms.PTransform<org.apache.beam.sdk.values.PCollection<String>,org.apache.beam.sdk.values.PDone> implements Serializable

serialVersionUID:

1L

Serialized Fields

cfg

AlertConfiguration cfg

Class com.mozilla.secops.alert.AlertMeta extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

key

String key

value

String value

Class com.mozilla.secops.alert.AlertSuppressor extends org.apache.beam.sdk.transforms.DoFn<org.apache.beam.sdk.values.KV<String,Alert>,Alert> implements Serializable

serialVersionUID:

1L

Serialized Fields

expiry

Long expiry

log

org.slf4j.Logger log

counterState

org.apache.beam.sdk.state.StateSpec<StateT extends org.apache.beam.sdk.state.State> counterState

counterExpiry

org.apache.beam.sdk.state.TimerSpec counterExpiry

Class com.mozilla.secops.alert.AlertSuppressor.AlertSuppressionState extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

key

String key

State key

count

Integer count

Counter value for extended suppression

Relies on the presence of a count metadata value.

timestamp

org.joda.time.Instant timestamp

Timestamp

Class com.mozilla.secops.alert.AlertSuppressorCount extends AlertSuppressor implements Serializable

serialVersionUID:

1L

Class com.mozilla.secops.alert.AlertSuppressorSession extends org.apache.beam.sdk.transforms.DoFn<org.apache.beam.sdk.values.KV<String,Alert>,Alert> implements Serializable

serialVersionUID:

1L

Serialized Fields

expiry

Long expiry

log

org.slf4j.Logger log

counterState

org.apache.beam.sdk.state.StateSpec<StateT extends org.apache.beam.sdk.state.State> counterState

counterExpiry

org.apache.beam.sdk.state.TimerSpec counterExpiry

Class com.mozilla.secops.alert.AlertSuppressorSession.AlertSuppressionState extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

key

String key

State key

timestamp

org.joda.time.Instant timestamp

Timestamp

Package com.mozilla.secops.amo

Class com.mozilla.secops.amo.AddonCloudSubmission extends org.apache.beam.sdk.transforms.PTransform<org.apache.beam.sdk.values.PCollection<Event>,org.apache.beam.sdk.values.PCollection<Alert>> implements Serializable

serialVersionUID:

1L

Serialized Fields

monitoredResource

String monitoredResource

metrics

AmoMetrics.HeuristicMetrics metrics

Class com.mozilla.secops.amo.AddonMatcher extends org.apache.beam.sdk.transforms.PTransform<org.apache.beam.sdk.values.PCollection<Event>,org.apache.beam.sdk.values.PCollection<Alert>> implements Serializable

serialVersionUID:

1L

Serialized Fields

monitoredResource

String monitoredResource

suppressRecovery

Integer suppressRecovery

matchCriteria

String[] matchCriteria

metrics

AmoMetrics.HeuristicMetrics metrics

Class com.mozilla.secops.amo.AddonMultiIpLogin extends org.apache.beam.sdk.transforms.PTransform<org.apache.beam.sdk.values.PCollection<Event>,org.apache.beam.sdk.values.PCollection<Alert>> implements Serializable

serialVersionUID:

1L

Serialized Fields

monitoredResource

String monitoredResource

suppressRecovery

Integer suppressRecovery

alertOn

Integer alertOn

alertOnIp

Integer alertOnIp

acctExceptions

String[] acctExceptions

aggMatchers

String[] aggMatchers

metrics

AmoMetrics.HeuristicMetrics metrics

Class com.mozilla.secops.amo.AddonMultiMatch extends org.apache.beam.sdk.transforms.PTransform<org.apache.beam.sdk.values.PCollection<Event>,org.apache.beam.sdk.values.PCollection<Alert>> implements Serializable

serialVersionUID:

1L

Serialized Fields

monitoredResource

String monitoredResource

suppressRecovery

Integer suppressRecovery

matchAlertOn

int matchAlertOn

metrics

AmoMetrics.HeuristicMetrics metrics

Class com.mozilla.secops.amo.AddonMultiSubmit extends org.apache.beam.sdk.transforms.PTransform<org.apache.beam.sdk.values.PCollection<Event>,org.apache.beam.sdk.values.PCollection<Alert>> implements Serializable

serialVersionUID:

1L

Serialized Fields

monitoredResource

String monitoredResource

suppressRecovery

Integer suppressRecovery

matchAlertOn

int matchAlertOn

metrics

AmoMetrics.HeuristicMetrics metrics

Class com.mozilla.secops.amo.Amo extends Object implements Serializable

serialVersionUID:

1L

Class com.mozilla.secops.amo.AmoMetrics.HeuristicMetrics extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

eventTypeMatched

org.apache.beam.sdk.metrics.Counter eventTypeMatched

Class com.mozilla.secops.amo.FxaAccountAbuseAlias extends org.apache.beam.sdk.transforms.PTransform<org.apache.beam.sdk.values.PCollection<Event>,org.apache.beam.sdk.values.PCollection<Alert>> implements Serializable

serialVersionUID:

1L

Serialized Fields

monitoredResource

String monitoredResource

suppressRecovery

Integer suppressRecovery

maxAliases

int maxAliases

metrics

AmoMetrics.HeuristicMetrics metrics

Class com.mozilla.secops.amo.FxaAccountAbuseNewVersion extends org.apache.beam.sdk.transforms.PTransform<org.apache.beam.sdk.values.PCollection<Event>,org.apache.beam.sdk.values.PCollection<Alert>> implements Serializable

serialVersionUID:

1L

Serialized Fields

monitoredResource

String monitoredResource

iprepdSpec

String iprepdSpec

project

String project

banAccounts

String[] banAccounts

banAccountsSuppress

Integer banAccountsSuppress

metrics

AmoMetrics.HeuristicMetrics metrics

Class com.mozilla.secops.amo.ReportRestriction extends org.apache.beam.sdk.transforms.PTransform<org.apache.beam.sdk.values.PCollection<Event>,org.apache.beam.sdk.values.PCollection<Alert>> implements Serializable

serialVersionUID:

1L

Serialized Fields

monitoredResource

String monitoredResource

metrics

AmoMetrics.HeuristicMetrics metrics

Package com.mozilla.secops.authprofile

Class com.mozilla.secops.authprofile.AuthProfile extends Object implements Serializable

serialVersionUID:

1L

Class com.mozilla.secops.authprofile.AuthProfile.ExtractIdentity extends org.apache.beam.sdk.transforms.DoFn<Event,org.apache.beam.sdk.values.KV<String,Event>> implements Serializable

serialVersionUID:

1L

Serialized Fields

idmanagerPath

String idmanagerPath

ignoreUnknownIdentities

Boolean ignoreUnknownIdentities

log

org.slf4j.Logger log

Class com.mozilla.secops.authprofile.AuthProfile.Parse extends org.apache.beam.sdk.transforms.PTransform<org.apache.beam.sdk.values.PCollection<String>,org.apache.beam.sdk.values.PCollection<Event>> implements Serializable

serialVersionUID:

1L

Serialized Fields

log

org.slf4j.Logger log

ignoreUserRegex

String[] ignoreUserRegex

autoignoreUsers

String[] autoignoreUsers

auth0ClientIds

String[] auth0ClientIds

cfg

ParserCfg cfg

Class com.mozilla.secops.authprofile.AuthProfile.StateAnalyze extends org.apache.beam.sdk.transforms.DoFn<org.apache.beam.sdk.values.KV<String,Iterable<Event>>,Alert> implements Serializable

serialVersionUID:

1L

Serialized Fields

memcachedHost

String memcachedHost

memcachedPort

Integer memcachedPort

datastoreNamespace

String datastoreNamespace

datastoreKind

String datastoreKind

idmanagerPath

String idmanagerPath

maxKilometersPerSecond

Double maxKilometersPerSecond

maxmindAccountId

String maxmindAccountId

maxmindLicenseKey

String maxmindLicenseKey

maxKilometersStatic

Double maxKilometersStatic

gcpProject

String gcpProject

contactEmail

String contactEmail

docLink

String docLink

useEventTimestampForAlert

Boolean useEventTimestampForAlert

cidrGcp

CidrUtil cidrGcp

log

org.slf4j.Logger log

state

State state

minfraud

Minfraud minfraud

Class com.mozilla.secops.authprofile.AwsAssumeRoleCorrelator extends org.apache.beam.sdk.transforms.PTransform<org.apache.beam.sdk.values.PCollection<Event>,org.apache.beam.sdk.values.PCollection<Event>> implements Serializable

serialVersionUID:

1L

Serialized Fields

log

org.slf4j.Logger log

sessionGapDuration

Long sessionGapDuration

Class com.mozilla.secops.authprofile.AwsAssumeRoleCorrelator.CrossAccountAssumeRoleFilter extends org.apache.beam.sdk.transforms.DoFn<Event,org.apache.beam.sdk.values.KV<String,Event>> implements Serializable

serialVersionUID:

1L

Class com.mozilla.secops.authprofile.CritObjectAnalyze extends org.apache.beam.sdk.transforms.PTransform<org.apache.beam.sdk.values.PCollection<Event>,org.apache.beam.sdk.values.PCollection<org.apache.beam.sdk.values.KV<String,Alert>>> implements Serializable

serialVersionUID:

1L

Serialized Fields

critObjects

String[] critObjects

critNotifyEmail

String critNotifyEmail

contactEmail

String contactEmail

docLink

String docLink

alternateCritSlackEscalation

String alternateCritSlackEscalation

useEventTimestampForAlert

boolean useEventTimestampForAlert

altEscalateTz

org.joda.time.DateTimeZone altEscalateTz

altEscalateHourStart

int altEscalateHourStart

altEscalateHourStop

int altEscalateHourStop

altEscalateChannel

String altEscalateChannel

log

org.slf4j.Logger log

critObjectPat

Pattern[] critObjectPat

Package com.mozilla.secops.awsbehavior

Class com.mozilla.secops.awsbehavior.AwsBehavior extends Object implements Serializable

serialVersionUID:

1L

Class com.mozilla.secops.awsbehavior.AwsBehavior.Matcher extends org.apache.beam.sdk.transforms.PTransform<org.apache.beam.sdk.values.PCollection<Event>,org.apache.beam.sdk.values.PCollection<Alert>> implements Serializable

serialVersionUID:

1L

Serialized Fields

cm

CloudtrailMatcher cm

filter

EventFilter filter

log

org.slf4j.Logger log

Class com.mozilla.secops.awsbehavior.AwsBehavior.Matchers extends org.apache.beam.sdk.transforms.PTransform<org.apache.beam.sdk.values.PCollection<Event>,org.apache.beam.sdk.values.PCollection<Alert>> implements Serializable

serialVersionUID:

1L

Serialized Fields

cmmanagerPath

String cmmanagerPath

cmmanager

CloudtrailMatcherManager cmmanager

log

org.slf4j.Logger log

Class com.mozilla.secops.awsbehavior.AwsBehavior.ParseAndWindow extends org.apache.beam.sdk.transforms.PTransform<org.apache.beam.sdk.values.PCollection<String>,org.apache.beam.sdk.values.PCollection<Event>> implements Serializable

serialVersionUID:

1L

Serialized Fields

cfg

ParserCfg cfg

Class com.mozilla.secops.awsbehavior.CloudtrailMatcher extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

fields

ArrayList<E> fields

description

String description

resource

String resource

Class com.mozilla.secops.awsbehavior.CloudtrailMatcherManager extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

eventMatchers

ArrayList<E> eventMatchers

Package com.mozilla.secops.customs

Class com.mozilla.secops.customs.ContentServerVarianceDetector.PresenceBased extends org.apache.beam.sdk.transforms.PTransform<org.apache.beam.sdk.values.PCollection<Event>,org.apache.beam.sdk.values.PCollection<org.apache.beam.sdk.values.KV<String,Boolean>>> implements Serializable

serialVersionUID:

1L

Class com.mozilla.secops.customs.Customs extends Object implements Serializable

serialVersionUID:

1L

Class com.mozilla.secops.customs.Customs.CustomsSummary extends org.apache.beam.sdk.transforms.PTransform<org.apache.beam.sdk.values.PCollection<Event>,org.apache.beam.sdk.values.PCollection<Alert>> implements Serializable

serialVersionUID:

1L

Serialized Fields

monitoredResource

String monitoredResource

Class com.mozilla.secops.customs.CustomsAccountCreation extends org.apache.beam.sdk.transforms.PTransform<org.apache.beam.sdk.values.PCollection<org.apache.beam.sdk.values.KV<String,CustomsFeatures>>,org.apache.beam.sdk.values.PCollection<Alert>> implements Serializable

serialVersionUID:

1L

Serialized Fields

threshold

int threshold

monitoredResource

String monitoredResource

accountAbuseSuppressRecovery

Integer accountAbuseSuppressRecovery

escalate

boolean escalate

log

org.slf4j.Logger log

Class com.mozilla.secops.customs.CustomsAccountCreationDist extends org.apache.beam.sdk.transforms.PTransform<org.apache.beam.sdk.values.PCollection<org.apache.beam.sdk.values.KV<String,CustomsFeatures>>,org.apache.beam.sdk.values.PCollection<Alert>> implements Serializable

serialVersionUID:

1L

Serialized Fields

threshold

int threshold

ratioConsiderationUpper

Double ratioConsiderationUpper

monitoredResource

String monitoredResource

escalate

boolean escalate

Class com.mozilla.secops.customs.CustomsAccountEnumeration extends org.apache.beam.sdk.transforms.PTransform<org.apache.beam.sdk.values.PCollection<org.apache.beam.sdk.values.KV<String,CustomsFeatures>>,org.apache.beam.sdk.values.PCollection<Alert>> implements Serializable

serialVersionUID:

1L

Serialized Fields

escalate

boolean escalate

threshold

int threshold

monitoredResource

String monitoredResource

useContentServerVariance

boolean useContentServerVariance

varianceView

org.apache.beam.sdk.values.PCollectionView<T> varianceView

minVarianceClients

long minVarianceClients

log

org.slf4j.Logger log

Class com.mozilla.secops.customs.CustomsActivityForMonitoredAccounts extends org.apache.beam.sdk.transforms.PTransform<org.apache.beam.sdk.values.PCollection<Event>,org.apache.beam.sdk.values.PCollection<Alert>> implements Serializable

serialVersionUID:

1L

Serialized Fields

monitoredResource

String monitoredResource

accountsPath

String accountsPath

log

org.slf4j.Logger log

Class com.mozilla.secops.customs.CustomsAlert extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

timestamp

org.joda.time.DateTime timestamp

alertId

UUID alertId

indicatorType

CustomsAlert.IndicatorType indicatorType

indicator

String indicator

severity

CustomsAlert.AlertSeverity severity

confidence

Integer confidence

heuristic

String heuristic

heuristicDescription

String heuristicDescription

reason

String reason

suggestedAction

CustomsAlert.AlertAction suggestedAction

details

HashMap<K,V> details

Class com.mozilla.secops.customs.CustomsFeatures extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

events

ArrayList<E> events

collectEvents

ArrayList<E> collectEvents

sourceAddressEventCount

HashMap<K,V> sourceAddressEventCount

uniquePathRequestCount

HashMap<K,V> uniquePathRequestCount

uniquePathSuccessfulRequestCount

HashMap<K,V> uniquePathSuccessfulRequestCount

totalEvents

int totalEvents

totalLoginFailureCount

int totalLoginFailureCount

totalLoginSuccessCount

int totalLoginSuccessCount

totalAccountCreateSuccess

int totalAccountCreateSuccess

totalPasswordForgotSendCodeSuccess

int totalPasswordForgotSendCodeSuccess

totalPasswordForgotSendCodeFailure

int totalPasswordForgotSendCodeFailure

totalAccountStatusCheckCount

int totalAccountStatusCheckCount

summarizedEventCounters

HashMap<K,V> summarizedEventCounters

unknownEventCounter

int unknownEventCounter

varianceIndex

int varianceIndex

Class com.mozilla.secops.customs.CustomsFeaturesCombiner extends org.apache.beam.sdk.transforms.PTransform<org.apache.beam.sdk.values.PCollection<org.apache.beam.sdk.values.KV<String,Event>>,org.apache.beam.sdk.values.PCollection<org.apache.beam.sdk.values.KV<String,CustomsFeatures>>> implements Serializable

serialVersionUID:

1L

Class com.mozilla.secops.customs.CustomsFeaturesCombiner.CustomsFeaturesCombineFn extends org.apache.beam.sdk.transforms.Combine.CombineFn<Event,CustomsFeatures,CustomsFeatures> implements Serializable

serialVersionUID:

1L

Class com.mozilla.secops.customs.CustomsLoginFailureForAtRiskAccount extends org.apache.beam.sdk.transforms.PTransform<org.apache.beam.sdk.values.PCollection<Event>,org.apache.beam.sdk.values.PCollection<Alert>> implements Serializable

serialVersionUID:

1L

Serialized Fields

monitoredResource

String monitoredResource

log

org.slf4j.Logger log

escalate

boolean escalate

Class com.mozilla.secops.customs.CustomsNotification extends org.apache.beam.sdk.transforms.PTransform<org.apache.beam.sdk.values.PCollection<String>,org.apache.beam.sdk.values.PDone> implements Serializable

serialVersionUID:

1L

Serialized Fields

topic

String topic

escalateAccountCreation

Boolean escalateAccountCreation

escalateAccountCreationDistributed

Boolean escalateAccountCreationDistributed

escalateSourceLoginFailure

Boolean escalateSourceLoginFailure

escalateSourceLoginFailureDistributed

Boolean escalateSourceLoginFailureDistributed

escalatePasswordResetAbuse

Boolean escalatePasswordResetAbuse

escalateVelocity

Boolean escalateVelocity

escalateStatusComparator

Boolean escalateStatusComparator

Class com.mozilla.secops.customs.CustomsPasswordResetAbuse extends org.apache.beam.sdk.transforms.PTransform<org.apache.beam.sdk.values.PCollection<org.apache.beam.sdk.values.KV<String,CustomsFeatures>>,org.apache.beam.sdk.values.PCollection<Alert>> implements Serializable

serialVersionUID:

1L

Serialized Fields

monitoredResource

String monitoredResource

threshold

Integer threshold

escalate

boolean escalate

log

org.slf4j.Logger log

Class com.mozilla.secops.customs.CustomsPreFilter extends org.apache.beam.sdk.transforms.DoFn<Event,Event> implements Serializable

serialVersionUID:

1L

Serialized Fields

types

ArrayList<E> types

Class com.mozilla.secops.customs.CustomsStatusComparator extends org.apache.beam.sdk.transforms.PTransform<org.apache.beam.sdk.values.PCollection<Event>,org.apache.beam.sdk.values.PCollection<Alert>> implements Serializable

serialVersionUID:

1L

Serialized Fields

monitoredResource

String monitoredResource

addressPath

String addressPath

log

org.slf4j.Logger log

escalate

boolean escalate

Class com.mozilla.secops.customs.CustomsVelocity extends org.apache.beam.sdk.transforms.PTransform<org.apache.beam.sdk.values.PCollection<Event>,org.apache.beam.sdk.values.PCollection<Alert>> implements Serializable

serialVersionUID:

1L

Serialized Fields

maxKilometersPerSecond

Double maxKilometersPerSecond

minimumDistanceForAlert

Double minimumDistanceForAlert

maxKilometersPerSecondMonitorOnly

Double maxKilometersPerSecondMonitorOnly

minimumDistanceForAlertMonitorOnly

Double minimumDistanceForAlertMonitorOnly

memcachedHost

String memcachedHost

memcachedPort

Integer memcachedPort

datastoreNamespace

String datastoreNamespace

monitoredResource

String monitoredResource

log

org.slf4j.Logger log

maxmindCityDbPath

String maxmindCityDbPath

maxmindIspDbPath

String maxmindIspDbPath

escalate

boolean escalate

checkExperimentalParam

boolean checkExperimentalParam

Class com.mozilla.secops.customs.CustomsWindow.FixedTenMinutes extends org.apache.beam.sdk.transforms.PTransform<org.apache.beam.sdk.values.PCollection<org.apache.beam.sdk.values.KV<String,Event>>,org.apache.beam.sdk.values.PCollection<org.apache.beam.sdk.values.KV<String,Event>>> implements Serializable

serialVersionUID:

1L

Class com.mozilla.secops.customs.PrivateRelayForward extends org.apache.beam.sdk.transforms.PTransform<org.apache.beam.sdk.values.PCollection<Event>,org.apache.beam.sdk.values.PCollection<Alert>> implements Serializable

serialVersionUID:

1L

Serialized Fields

monitoredResource

String monitoredResource

log

org.slf4j.Logger log

Class com.mozilla.secops.customs.SourceLoginFailure extends org.apache.beam.sdk.transforms.PTransform<org.apache.beam.sdk.values.PCollection<org.apache.beam.sdk.values.KV<String,CustomsFeatures>>,org.apache.beam.sdk.values.PCollection<Alert>> implements Serializable

serialVersionUID:

1L

Serialized Fields

monitoredResource

String monitoredResource

threshold

Integer threshold

escalate

boolean escalate

log

org.slf4j.Logger log

Class com.mozilla.secops.customs.SourceLoginFailureDist extends org.apache.beam.sdk.transforms.PTransform<org.apache.beam.sdk.values.PCollection<org.apache.beam.sdk.values.KV<String,CustomsFeatures>>,org.apache.beam.sdk.values.PCollection<Alert>> implements Serializable

serialVersionUID:

1L

Serialized Fields

monitoredResource

String monitoredResource

threshold

Integer threshold

escalate

boolean escalate

Package com.mozilla.secops.gatekeeper

Class com.mozilla.secops.gatekeeper.ETDTransforms extends Object implements Serializable

serialVersionUID:

1L

Class com.mozilla.secops.gatekeeper.ETDTransforms.ExtractFindings extends org.apache.beam.sdk.transforms.PTransform<org.apache.beam.sdk.values.PCollection<Event>,org.apache.beam.sdk.values.PCollection<Event>> implements Serializable

serialVersionUID:

1L

Serialized Fields

exclude

List<E> exclude

Class com.mozilla.secops.gatekeeper.ETDTransforms.GenerateETDAlerts extends org.apache.beam.sdk.transforms.PTransform<org.apache.beam.sdk.values.PCollection<Event>,org.apache.beam.sdk.values.PCollection<Alert>> implements Serializable

serialVersionUID:

1L

Serialized Fields

highPatterns

List<E> highPatterns

critNotifyEmail

String critNotifyEmail

log

org.slf4j.Logger log

Class com.mozilla.secops.gatekeeper.ETDTransforms.SuppressAlerts extends org.apache.beam.sdk.transforms.PTransform<org.apache.beam.sdk.values.PCollection<Alert>,org.apache.beam.sdk.values.PCollection<Alert>> implements Serializable

serialVersionUID:

1L

Class com.mozilla.secops.gatekeeper.GatekeeperParser extends Object implements Serializable

serialVersionUID:

1L

Class com.mozilla.secops.gatekeeper.GatekeeperParser.Parse extends org.apache.beam.sdk.transforms.PTransform<org.apache.beam.sdk.values.PCollection<String>,org.apache.beam.sdk.values.PCollection<Event>> implements Serializable

serialVersionUID:

1L

Serialized Fields

cfg

ParserCfg cfg

Class com.mozilla.secops.gatekeeper.GatekeeperPipeline extends Object implements Serializable

serialVersionUID:

1L

Class com.mozilla.secops.gatekeeper.GuardDutyConfig extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

ignoreMatchers

List<E> ignoreMatchers

highSeverityMatchers

List<E> highSeverityMatchers

Class com.mozilla.secops.gatekeeper.GuardDutyFindingMatcher extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

findingType

String findingType

findingTypeMatcher

Pattern findingTypeMatcher

awsTags

Map<K,V> awsTags

awsTagsPatterned

Map<K,V> awsTagsPatterned

accountId

String accountId

domainName

String domainName

Class com.mozilla.secops.gatekeeper.GuardDutyTransforms extends Object implements Serializable

serialVersionUID:

1L

Class com.mozilla.secops.gatekeeper.GuardDutyTransforms.ExtractFindings extends org.apache.beam.sdk.transforms.PTransform<org.apache.beam.sdk.values.PCollection<Event>,org.apache.beam.sdk.values.PCollection<Event>> implements Serializable

serialVersionUID:

1L

Serialized Fields

ignoreMatchers

List<E> ignoreMatchers

Class com.mozilla.secops.gatekeeper.GuardDutyTransforms.GenerateGDAlerts extends org.apache.beam.sdk.transforms.PTransform<org.apache.beam.sdk.values.PCollection<Event>,org.apache.beam.sdk.values.PCollection<Alert>> implements Serializable

serialVersionUID:

1L

Serialized Fields

highMatchers

List<E> highMatchers

critNotifyEmail

String critNotifyEmail

identityMgrPath

String identityMgrPath

log

org.slf4j.Logger log

Class com.mozilla.secops.gatekeeper.GuardDutyTransforms.SuppressAlerts extends org.apache.beam.sdk.transforms.PTransform<org.apache.beam.sdk.values.PCollection<Alert>,org.apache.beam.sdk.values.PCollection<Alert>> implements Serializable

serialVersionUID:

1L

Package com.mozilla.secops.httprequest

Class com.mozilla.secops.httprequest.HTTPRequest extends Object implements Serializable

serialVersionUID:

1L

Class com.mozilla.secops.httprequest.HTTPRequest.Has4xxRequestStatus extends Object implements Serializable

serialVersionUID:

1L

Class com.mozilla.secops.httprequest.HTTPRequest.KeyAndWindowForSessionsFireEarly extends org.apache.beam.sdk.transforms.PTransform<org.apache.beam.sdk.values.PCollection<Event>,org.apache.beam.sdk.values.PCollection<org.apache.beam.sdk.values.KV<String,ArrayList<String>>>> implements Serializable

serialVersionUID:

1L

Serialized Fields

gapDurationMinutes

Long gapDurationMinutes

paneFiringDelaySeconds

Long paneFiringDelaySeconds

Class com.mozilla.secops.httprequest.HTTPRequest.WindowForFixed extends org.apache.beam.sdk.transforms.PTransform<org.apache.beam.sdk.values.PCollection<Event>,org.apache.beam.sdk.values.PCollection<Event>> implements Serializable

serialVersionUID:

1L

Class com.mozilla.secops.httprequest.HTTPRequestElementFilter extends org.apache.beam.sdk.transforms.PTransform<org.apache.beam.sdk.values.PCollection<Event>,org.apache.beam.sdk.values.PCollection<Event>> implements Serializable

serialVersionUID:

1L

Serialized Fields

ignoreCp

Boolean ignoreCp

ignoreInternal

Boolean ignoreInternal

cidrExclusionList

String cidrExclusionList

Class com.mozilla.secops.httprequest.HTTPRequestMetrics.HeuristicMetrics extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

natDetected

org.apache.beam.sdk.metrics.Counter natDetected

Class com.mozilla.secops.httprequest.HTTPRequestResourceTag extends org.apache.beam.sdk.transforms.DoFn<Alert,Alert> implements Serializable

serialVersionUID:

1L

Serialized Fields

monitoredResourceIndicator

String monitoredResourceIndicator

Package com.mozilla.secops.httprequest.heuristics

Class com.mozilla.secops.httprequest.heuristics.EndpointAbuseAnalysis extends org.apache.beam.sdk.transforms.PTransform<org.apache.beam.sdk.values.PCollection<org.apache.beam.sdk.values.KV<String,ArrayList<String>>>,org.apache.beam.sdk.values.PCollection<Alert>> implements Serializable

serialVersionUID:

1L

Serialized Fields

log

org.slf4j.Logger log

endpoints

EndpointAbuseAnalysis.EndpointAbuseEndpointInfo[] endpoints

monitoredResource

String monitoredResource

enableIprepdDatastoreExemptions

Boolean enableIprepdDatastoreExemptions

varianceSupportingOnly

Boolean varianceSupportingOnly

customVarianceSubstrings

String[] customVarianceSubstrings

iprepdDatastoreExemptionsProject

String iprepdDatastoreExemptionsProject

suppressRecovery

Integer suppressRecovery

sessionGapDurationMinutes

Long sessionGapDurationMinutes

alertSuppressionDurationSeconds

Long alertSuppressionDurationSeconds

Class com.mozilla.secops.httprequest.heuristics.EndpointAbuseAnalysis.EndpointAbuseEndpointInfo extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

method

String method

Request method

path

String path

Request path

threshold

Integer threshold

Threshold

Class com.mozilla.secops.httprequest.heuristics.EndpointAbuseAnalysis.EndpointAbuseState extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

remoteAddress

String remoteAddress

Remote address

count

Integer count

Request count

timestamp

org.joda.time.Instant timestamp

Timestamp

Class com.mozilla.secops.httprequest.heuristics.EndpointSequenceAbuse extends org.apache.beam.sdk.transforms.PTransform<org.apache.beam.sdk.values.PCollection<Event>,org.apache.beam.sdk.values.PCollection<Alert>> implements Serializable

serialVersionUID:

1L

Serialized Fields

log

org.slf4j.Logger log

endpointPatterns

EndpointSequenceAbuse.EndpointSequenceAbuseTimingInfo[] endpointPatterns

monitoredResource

String monitoredResource

enableIprepdDatastoreExemptions

Boolean enableIprepdDatastoreExemptions

iprepdDatastoreExemptionsProject

String iprepdDatastoreExemptionsProject

suppressRecovery

Integer suppressRecovery

natView

org.apache.beam.sdk.values.PCollectionView<T> natView

metrics

HTTPRequestMetrics.HeuristicMetrics metrics

Class com.mozilla.secops.httprequest.heuristics.EndpointSequenceAbuse.EndpointSequenceAbuseTimingInfo extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

threshold

Integer threshold

firstMethod

String firstMethod

firstPath

String firstPath

deltaMs

Integer deltaMs

secondMethod

String secondMethod

secondPath

String secondPath

Class com.mozilla.secops.httprequest.heuristics.ErrorRateAnalysis extends org.apache.beam.sdk.transforms.PTransform<org.apache.beam.sdk.values.PCollection<Event>,org.apache.beam.sdk.values.PCollection<Alert>> implements Serializable

serialVersionUID:

1L

Serialized Fields

maxErrorRate

Long maxErrorRate

monitoredResource

String monitoredResource

enableIprepdDatastoreExemptions

Boolean enableIprepdDatastoreExemptions

iprepdDatastoreExemptionsProject

String iprepdDatastoreExemptionsProject

log

org.slf4j.Logger log

Class com.mozilla.secops.httprequest.heuristics.HardLimitAnalysis extends org.apache.beam.sdk.transforms.PTransform<org.apache.beam.sdk.values.PCollection<Event>,org.apache.beam.sdk.values.PCollection<Alert>> implements Serializable

serialVersionUID:

1L

Serialized Fields

maxCount

Long maxCount

monitoredResource

String monitoredResource

enableIprepdDatastoreExemptions

Boolean enableIprepdDatastoreExemptions

iprepdDatastoreExemptionsProject

String iprepdDatastoreExemptionsProject

natView

org.apache.beam.sdk.values.PCollectionView<T> natView

metrics

HTTPRequestMetrics.HeuristicMetrics metrics

log

org.slf4j.Logger log

Class com.mozilla.secops.httprequest.heuristics.PerEndpointErrorRateAnalysis extends org.apache.beam.sdk.transforms.PTransform<org.apache.beam.sdk.values.PCollection<org.apache.beam.sdk.values.KV<String,ArrayList<String>>>,org.apache.beam.sdk.values.PCollection<Alert>> implements Serializable

serialVersionUID:

1L

Serialized Fields

log

org.slf4j.Logger log

monitoredResource

String monitoredResource

enableIprepdDatastoreExemptions

Boolean enableIprepdDatastoreExemptions

iprepdDatastoreExemptionsProject

String iprepdDatastoreExemptionsProject

endpointInfo

PerEndpointErrorRateAnalysis.EndpointErrorInfo[] endpointInfo

suppressRecovery

Integer suppressRecovery

sessionGapDurationMinutes

Long sessionGapDurationMinutes

alertSuppressionDurationSeconds

Long alertSuppressionDurationSeconds

Class com.mozilla.secops.httprequest.heuristics.PerEndpointErrorRateAnalysis.EndpointErrorInfo extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

method

String method

Request method

path

Pattern path

Path (pattern)

threshold

Integer threshold

Threshold

interval

Long interval

Interval

Class com.mozilla.secops.httprequest.heuristics.PerEndpointErrorRateAnalysis.EndpointErrorState extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

errorCounter

int errorCounter

mostRecentError

org.joda.time.Instant mostRecentError

userAgent

String userAgent

Class com.mozilla.secops.httprequest.heuristics.SessionLimitAnalysis extends org.apache.beam.sdk.transforms.PTransform<org.apache.beam.sdk.values.PCollection<org.apache.beam.sdk.values.KV<String,ArrayList<String>>>,org.apache.beam.sdk.values.PCollection<Alert>> implements Serializable

serialVersionUID:

1L

Serialized Fields

log

org.slf4j.Logger log

limits

SessionLimitAnalysis.LimitInfo[] limits

monitoredResource

String monitoredResource

enableIprepdDatastoreExemptions

Boolean enableIprepdDatastoreExemptions

iprepdDatastoreExemptionsProject

String iprepdDatastoreExemptionsProject

suppressRecovery

Integer suppressRecovery

sessionGapDurationMinutes

Long sessionGapDurationMinutes

alertSuppressionDurationSeconds

Long alertSuppressionDurationSeconds

enableNatDetection

Boolean enableNatDetection

Class com.mozilla.secops.httprequest.heuristics.SessionLimitAnalysis.LimitInfo extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

method

String method

Request method

path

Pattern path

Request path pattern

threshold

Integer threshold

Threshold

monitor

Integer monitor

Monitor

Class com.mozilla.secops.httprequest.heuristics.StatusCodeRateAnalysis extends org.apache.beam.sdk.transforms.PTransform<org.apache.beam.sdk.values.PCollection<Event>,org.apache.beam.sdk.values.PCollection<Alert>> implements Serializable

serialVersionUID:

1L

Serialized Fields

maxStatusCodeRate

Long maxStatusCodeRate

statusCode

Integer statusCode

monitoredResource

String monitoredResource

enableIprepdDatastoreExemptions

Boolean enableIprepdDatastoreExemptions

iprepdDatastoreExemptionsProject

String iprepdDatastoreExemptionsProject

log

org.slf4j.Logger log

Class com.mozilla.secops.httprequest.heuristics.ThresholdAnalysis extends org.apache.beam.sdk.transforms.PTransform<org.apache.beam.sdk.values.PCollection<Event>,org.apache.beam.sdk.values.PCollection<Alert>> implements Serializable

serialVersionUID:

1L

Serialized Fields

thresholdModifier

Double thresholdModifier

requiredMinimumAverage

Double requiredMinimumAverage

requiredMinimumClients

Long requiredMinimumClients

clampThresholdMaximum

Double clampThresholdMaximum

requiredMinimumRequestsPerClient

Long requiredMinimumRequestsPerClient

monitoredResource

String monitoredResource

enableIprepdDatastoreExemptions

Boolean enableIprepdDatastoreExemptions

iprepdDatastoreExemptionsProject

String iprepdDatastoreExemptionsProject

natView

org.apache.beam.sdk.values.PCollectionView<T> natView

metrics

HTTPRequestMetrics.HeuristicMetrics metrics

log

org.slf4j.Logger log

Class com.mozilla.secops.httprequest.heuristics.UserAgentBlocklistAnalysis extends org.apache.beam.sdk.transforms.PTransform<org.apache.beam.sdk.values.PCollection<Event>,org.apache.beam.sdk.values.PCollection<Alert>> implements Serializable

serialVersionUID:

1L

Serialized Fields

monitoredResource

String monitoredResource

enableIprepdDatastoreExemptions

Boolean enableIprepdDatastoreExemptions

iprepdDatastoreExemptionsProject

String iprepdDatastoreExemptionsProject

uaBlocklistPath

String uaBlocklistPath

natView

org.apache.beam.sdk.values.PCollectionView<T> natView

metrics

HTTPRequestMetrics.HeuristicMetrics metrics

log

org.slf4j.Logger log

Package com.mozilla.secops.input

Class com.mozilla.secops.input.Input extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

mode

com.mozilla.secops.input.Input.OperatingMode mode

project

String project

Class com.mozilla.secops.input.Input.MultiplexReader extends org.apache.beam.sdk.transforms.PTransform<org.apache.beam.sdk.values.PBegin,org.apache.beam.sdk.values.PCollection<org.apache.beam.sdk.values.KV<String,Event>>> implements Serializable

serialVersionUID:

1L

Serialized Fields

input

Input input

Class com.mozilla.secops.input.Input.MultiplexReaderRaw extends org.apache.beam.sdk.transforms.PTransform<org.apache.beam.sdk.values.PBegin,org.apache.beam.sdk.values.PCollection<org.apache.beam.sdk.values.KV<String,String>>> implements Serializable

serialVersionUID:

1L

Serialized Fields

input

Input input

Class com.mozilla.secops.input.Input.SimplexReader extends org.apache.beam.sdk.transforms.PTransform<org.apache.beam.sdk.values.PBegin,org.apache.beam.sdk.values.PCollection<Event>> implements Serializable

serialVersionUID:

1L

Serialized Fields

input

Input input

Class com.mozilla.secops.input.Input.SimplexReaderRaw extends org.apache.beam.sdk.transforms.PTransform<org.apache.beam.sdk.values.PBegin,org.apache.beam.sdk.values.PCollection<String>> implements Serializable

serialVersionUID:

1L

Serialized Fields

input

Input input

Class com.mozilla.secops.input.InputElement extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

name

String name

parent

Input parent

parserCfg

ParserCfg parserCfg

filter

EventFilter filter

cfgTickMessage

String cfgTickMessage

cfgTickInterval

Integer cfgTickInterval

cfgTickMax

long cfgTickMax

Class com.mozilla.secops.input.KinesisInput extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

streamName

String streamName

region

String region

id

String id

secret

String secret

Package com.mozilla.secops.metrics

Class com.mozilla.secops.metrics.CfgTickGenerator extends org.apache.beam.sdk.transforms.PTransform<org.apache.beam.sdk.values.PBegin,org.apache.beam.sdk.values.PCollection<String>> implements Serializable

serialVersionUID:

1L

Serialized Fields

message

String message

interval

Integer interval

maxNumRecords

long maxNumRecords

Class com.mozilla.secops.metrics.CfgTickProcessor extends org.apache.beam.sdk.transforms.DoFn<Event,Alert> implements Serializable

serialVersionUID:

1L

Serialized Fields

category

String category

Package com.mozilla.secops.parser

Class com.mozilla.secops.parser.Alert extends PayloadBase implements Serializable

serialVersionUID:

1L

Serialized Fields

alert

Alert alert

Class com.mozilla.secops.parser.AmoDocker extends SourcePayloadBase implements Serializable

serialVersionUID:

1L

Serialized Fields

reLogin

String reLogin

reNewVersion

String reNewVersion

reFxaLogin

String reFxaLogin

reFileUpload

String reFileUpload

reRestricted

String reRestricted

reFileUploadMnt

String reFileUploadMnt

amoData

Amo amoData

restrictedValue

String restrictedValue

addonVersion

String addonVersion

addonId

String addonId

fileName

String fileName

bytes

Integer bytes

type

AmoDocker.EventType type

Class com.mozilla.secops.parser.ApacheCombined extends SourcePayloadBase implements Serializable

serialVersionUID:

1L

Serialized Fields

matchRe

String matchRe

pattRe

Pattern pattRe

userAgent

String userAgent

referrer

String referrer

request

String request

remoteUser

String remoteUser

bytesSent

Integer bytesSent

status

Integer status

requestMethod

String requestMethod

requestUrl

String requestUrl

requestPath

String requestPath

Class com.mozilla.secops.parser.Auth0 extends SourcePayloadBase implements Serializable

serialVersionUID:

1L

Serialized Fields

mapper

com.fasterxml.jackson.databind.ObjectMapper mapper

event

LogEvent event

Class com.mozilla.secops.parser.BmoAudit extends SourcePayloadBase implements Serializable

serialVersionUID:

1L

Serialized Fields

reLogin

String reLogin

reCreate

String reCreate

msg

String msg

requestId

String requestId

user

String user

userAgent

String userAgent

type

BmoAudit.AuditType type

Class com.mozilla.secops.parser.CfgTick extends PayloadBase implements Serializable

serialVersionUID:

1L

Serialized Fields

configMap

Map<K,V> configMap

Class com.mozilla.secops.parser.Cloudtrail extends SourcePayloadBase implements Serializable

serialVersionUID:

1L

Serialized Fields

event

CloudtrailEvent event

Class com.mozilla.secops.parser.Duopull extends SourcePayloadBase implements Serializable

serialVersionUID:

1L

Serialized Fields

duoPullData

Duopull duoPullData

Class com.mozilla.secops.parser.ETDBeta extends PayloadBase implements Serializable

serialVersionUID:

1L

Serialized Fields

etdf

EventThreatDetectionFinding etdf

Class com.mozilla.secops.parser.Event extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

payload

Payload<T extends PayloadBase> payload

eventId

UUID eventId

timestamp

org.joda.time.DateTime timestamp

normalized

Normalized normalized

mozlog

Mozlog mozlog

stackdriverProject

String stackdriverProject

stackdriverLabels

Map<K,V> stackdriverLabels

Class com.mozilla.secops.parser.EventFilter extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

rules

ArrayList<E> rules

wantUTC

Boolean wantUTC

matchAny

Boolean matchAny

Class com.mozilla.secops.parser.EventFilterPayload extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

ptype

Class<T> ptype

stringMatchers

Map<K,V> stringMatchers

stringRegexMatchers

Map<K,V> stringRegexMatchers

integerMatchers

Map<K,V> integerMatchers

integerRangeMatchers

Map<K,V> integerRangeMatchers

Class com.mozilla.secops.parser.EventFilterPayloadOr extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

payloadFilters

ArrayList<E> payloadFilters

Class com.mozilla.secops.parser.EventFilterPayloadRange extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

low

Comparable<T> low

high

Comparable<T> high

Class com.mozilla.secops.parser.EventFilterRule extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

wantSubtype

Payload.PayloadType wantSubtype

wantNormalizedType

Normalized.Type wantNormalizedType

wantStackdriverProject

String wantStackdriverProject

wantStackdriverLabel

Map<K,V> wantStackdriverLabel

payloadFilters

ArrayList<E> payloadFilters

exceptRules

ArrayList<E> exceptRules

Class com.mozilla.secops.parser.FxaAuth extends SourcePayloadBase implements Serializable

serialVersionUID:

1L

Serialized Fields

fxaAuthData

FxaAuth fxaAuthData

eventSummary

FxaAuth.EventSummary eventSummary

Class com.mozilla.secops.parser.FxaContent extends SourcePayloadBase implements Serializable

serialVersionUID:

1L

Serialized Fields

fxaContentData

FxaContent fxaContentData

requestType

FxaContent.RequestType requestType

Class com.mozilla.secops.parser.GcpAudit extends SourcePayloadBase implements Serializable

serialVersionUID:

1L

Serialized Fields

jfmatcher

com.google.api.client.json.gson.GsonFactory jfmatcher

principalEmail

String principalEmail

resource

String resource

Class com.mozilla.secops.parser.GcpVpcFlow extends SourcePayloadBase implements Serializable

serialVersionUID:

1L

Serialized Fields

data

GcpVpcFlow data

Class com.mozilla.secops.parser.GeoIP.GeoIPData extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

resolutionMode

GeoIP.GeoIPData.GeoResolutionMode resolutionMode

resolutionGeoSet

boolean resolutionGeoSet

sourceAddress

String sourceAddress

sourceAddressCity

String sourceAddressCity

sourceAddressCountry

String sourceAddressCountry

sourceAddressLatitude

Double sourceAddressLatitude

sourceAddressLongitude

Double sourceAddressLongitude

sourceTimeZone

String sourceTimeZone

sourceAddressIsp

String sourceAddressIsp

sourceAddressAsn

Integer sourceAddressAsn

sourceAddressAsOrg

String sourceAddressAsOrg

maxmindCityDbPath

String maxmindCityDbPath

maxmindIspDbPath

String maxmindIspDbPath

Class com.mozilla.secops.parser.GLB extends SourcePayloadBase implements Serializable

serialVersionUID:

1L

Serialized Fields

requestMethod

String requestMethod

userAgent

String userAgent

requestUrl

String requestUrl

status

Integer status

parsedUrl

URL parsedUrl

Class com.mozilla.secops.parser.GuardDuty extends PayloadBase implements Serializable

serialVersionUID:

1L

Serialized Fields

gdf

com.amazonaws.services.guardduty.model.Finding gdf

Class com.mozilla.secops.parser.IPrepdLog extends SourcePayloadBase implements Serializable

serialVersionUID:

1L

Serialized Fields

msg

String msg

violation

String violation

decayAfter

String decayAfter

originalReputation

Integer originalReputation

reputation

Integer reputation

objectType

String objectType

object

String object

exception

Boolean exception

Class com.mozilla.secops.parser.KeyedEvent extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

key

String key

event

Event event

Class com.mozilla.secops.parser.Mozlog extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

severity

Integer severity

pid

Integer pid

logger

String logger

type

String type

timestamp

Long timestamp

hostname

String hostname

time

org.joda.time.DateTime time

fields

Map<K,V> fields

Class com.mozilla.secops.parser.Nginx extends SourcePayloadBase implements Serializable

serialVersionUID:

1L

Serialized Fields

xForwardedProto

String xForwardedProto

userAgent

String userAgent

referrer

String referrer

request

String request

remoteUser

String remoteUser

requestTime

Double requestTime

bytesSent

Integer bytesSent

trace

String trace

status

Integer status

xForwardedFor

String xForwardedFor

xPipelineProxy

String xPipelineProxy

requestMethod

String requestMethod

requestUrl

String requestUrl

requestPath

String requestPath

Class com.mozilla.secops.parser.Normalized extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

types

EnumSet<E extends Enum<E>> types

statusTags

EnumSet<E extends Enum<E>> statusTags

subjectUser

String subjectUser

sourceAddress

String sourceAddress

geoIpData

GeoIP.GeoIPData geoIpData

sourceAddressRiskScore

Double sourceAddressRiskScore

sourceAddressIsAnonymous

Boolean sourceAddressIsAnonymous

sourceAddressIsAnonymousVpn

Boolean sourceAddressIsAnonymousVpn

sourceAddressIsHostingProvider

Boolean sourceAddressIsHostingProvider

sourceAddressIsLegitimateProxy

Boolean sourceAddressIsLegitimateProxy

sourceAddressIsPublicProxy

Boolean sourceAddressIsPublicProxy

sourceAddressIsTorExitNode

Boolean sourceAddressIsTorExitNode

object

String object

requestMethod

String requestMethod

requestUrl

String requestUrl

urlRequestPath

String urlRequestPath

urlRequestHost

String urlRequestHost

requestStatus

Integer requestStatus

userAgent

String userAgent

referenceID

String referenceID

subjectUserIdentity

String subjectUserIdentity

Class com.mozilla.secops.parser.OpenSSH extends SourcePayloadBase implements Serializable

serialVersionUID:

1L

Serialized Fields

matchRe

String matchRe

pattRe

Pattern pattRe

authAcceptedRe

String authAcceptedRe

pattAuthAcceptedRe

Pattern pattAuthAcceptedRe

user

String user

authMethod

String authMethod

hostname

String hostname

Class com.mozilla.secops.parser.Parser.EventTooOldException extends Exception implements Serializable

serialVersionUID:

1L

Class com.mozilla.secops.parser.ParserCfg extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

maxmindCityDbPath

String maxmindCityDbPath

maxmindIspDbPath

String maxmindIspDbPath

fastMatcher

String fastMatcher

xffAddressSelectorSubnets

ArrayList<E> xffAddressSelectorSubnets

idmanagerPath

String idmanagerPath

useEventTimestamp

Boolean useEventTimestamp

maxTimestampDifference

Integer maxTimestampDifference

disableCloudwatchStrip

Boolean disableCloudwatchStrip

disableMozlogStrip

Boolean disableMozlogStrip

stackdriverProjectFilter

String stackdriverProjectFilter

stackdriverLabelFilters

String[] stackdriverLabelFilters

deferGeoIpResolution

Boolean deferGeoIpResolution

useProxyXff

Boolean useProxyXff

xffAsRemote

Boolean xffAsRemote

Class com.mozilla.secops.parser.ParserDoFn extends org.apache.beam.sdk.transforms.DoFn<String,Event> implements Serializable

serialVersionUID:

1L

Serialized Fields

ep

Parser ep

inlineFilter

EventFilter inlineFilter

commonInputFilter

EventFilter commonInputFilter

cfg

ParserCfg cfg

log

org.slf4j.Logger log

metrics

ParserMetrics metrics

Class com.mozilla.secops.parser.ParserMetrics extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

metricEventTooOld

org.apache.beam.sdk.metrics.Counter metricEventTooOld

metricEventUnhandledException

org.apache.beam.sdk.metrics.Counter metricEventUnhandledException

namespace

String namespace

metricMapPayloadType

EnumMap<K extends Enum<K>,V> metricMapPayloadType

metricUnknownPayloadType

org.apache.beam.sdk.metrics.Counter metricUnknownPayloadType

Class com.mozilla.secops.parser.ParserMultiDoFn extends org.apache.beam.sdk.transforms.DoFn<org.apache.beam.sdk.values.KV<String,String>,org.apache.beam.sdk.values.KV<String,Event>> implements Serializable

serialVersionUID:

1L

Serialized Fields

configurations

HashMap<K,V> configurations

inlineFilters

HashMap<K,V> inlineFilters

commonInputFilters

HashMap<K,V> commonInputFilters

metrics

HashMap<K,V> metrics

Class com.mozilla.secops.parser.Payload extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

data

PayloadBase data

Class com.mozilla.secops.parser.PayloadBase extends Object implements Serializable

serialVersionUID:

1L

Class com.mozilla.secops.parser.Phabricator extends SourcePayloadBase implements Serializable

serialVersionUID:

1L

Serialized Fields

PHABRICATOR_OBJECT_VALUE

String PHABRICATOR_OBJECT_VALUE

Normalized object fields will always be set to this value for events parsed using this payload parser

matchRe

String matchRe

pattRe

Pattern pattRe

pid

Integer pid

hostname

String hostname

user

String user

controller

String controller

function

String function

path

String path

referer

String referer

status

Integer status

rtime

Integer rtime

Class com.mozilla.secops.parser.PrivateRelay extends PayloadBase implements Serializable

serialVersionUID:

1L

Serialized Fields

msg

String msg

uid

String uid

relayAddress

String relayAddress

realAddress

String realAddress

relayAddressId

Integer relayAddressId

eventType

PrivateRelay.EventType eventType

Class com.mozilla.secops.parser.Raw extends PayloadBase implements Serializable

serialVersionUID:

1L

Serialized Fields

raw

String raw

Class com.mozilla.secops.parser.SourcePayloadBase extends PayloadBase implements Serializable

serialVersionUID:

1L

Serialized Fields

sourceAddress

String sourceAddress

geoIpData

GeoIP.GeoIPData geoIpData

Class com.mozilla.secops.parser.Taskcluster extends SourcePayloadBase implements Serializable

serialVersionUID:

1L

Serialized Fields

data

Taskcluster data

subject

String subject

emailPattern

Pattern emailPattern

Package com.mozilla.secops.parser.models.amo

Class com.mozilla.secops.parser.models.amo.Amo extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

msg

String msg

uid

String uid

remoteAddressChain

String remoteAddressChain

email

String email

guid

String guid

fromApi

Boolean fromApi

numericUserId

Integer numericUserId

upload

String upload

uploadHash

String uploadHash

Package com.mozilla.secops.parser.models.auth0

Class com.mozilla.secops.parser.models.auth0.LogEvent extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

id

String id

date

Date date

type

String type

clientId

String clientId

clientName

String clientName

ip

String ip

userId

String userId

locationInfo

Map<K,V> locationInfo

details

Map<K,V> details

Package com.mozilla.secops.parser.models.cloudtrail

Class com.mozilla.secops.parser.models.cloudtrail.CloudtrailEvent extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

accessKeyID

String accessKeyID

awsRegion

String awsRegion

errorCode

String errorCode

errorMessage

String errorMessage

eventID

String eventID

eventName

String eventName

eventSource

String eventSource

eventTime

String eventTime

eventType

String eventType

eventVersion

String eventVersion

readOnly

Boolean readOnly

recipientAccountId

String recipientAccountId

requestID

String requestID

sharedEventID

String sharedEventID

sourceIPAddress

String sourceIPAddress

userAgent

String userAgent

userIdentity

UserIdentity userIdentity

additionalEventData

HashMap<K,V> additionalEventData

responseElements

HashMap<K,V> responseElements

requestParameters

HashMap<K,V> requestParameters

Class com.mozilla.secops.parser.models.cloudtrail.SessionContext extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

attributes

HashMap<K,V> attributes

sessionIssuer

HashMap<K,V> sessionIssuer

Class com.mozilla.secops.parser.models.cloudtrail.UserIdentity extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

accessKeyId

String accessKeyId

accountId

String accountId

arn

String arn

invokedBy

String invokedBy

principalId

String principalId

type

String type

userName

String userName

sessionContext

SessionContext sessionContext

Package com.mozilla.secops.parser.models.cloudwatch

Class com.mozilla.secops.parser.models.cloudwatch.CloudWatchEvent extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

version

String version

id

String id

detailType

String detailType

source

String source

account

String account

time

String time

region

String region

resources

ArrayList<E> resources

detail

Object detail

Package com.mozilla.secops.parser.models.duopull

Class com.mozilla.secops.parser.models.duopull.Duopull extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

eventDescriptionUserId

String eventDescriptionUserId

eventDescriptionIpAddress

String eventDescriptionIpAddress

eventObject

String eventObject

eventTimestamp

Long eventTimestamp

eventUsername

String eventUsername

eventFactor

String eventFactor

eventResult

String eventResult

eventReason

String eventReason

path

String path

msg

String msg

eventAction

String eventAction

Package com.mozilla.secops.parser.models.etd

Class com.mozilla.secops.parser.models.etd.DetectionCategory extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

indicator

String indicator

ruleName

String ruleName

technique

String technique

Class com.mozilla.secops.parser.models.etd.EventThreatDetectionFinding extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

detectionPriority

String detectionPriority

eventTime

String eventTime

detectionCategory

DetectionCategory detectionCategory

evidence

ArrayList<E> evidence

properties

Properties properties

sourceId

SourceId sourceId

Class com.mozilla.secops.parser.models.etd.Evidence extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

sourceLogId

SourceLogId sourceLogId

Class com.mozilla.secops.parser.models.etd.Properties extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

ip

String ip

location

String location

project_id

String project_id

subnetwork_id

String subnetwork_id

subnetwork_name

String subnetwork_name

domain

ArrayList<E> domain

Class com.mozilla.secops.parser.models.etd.SourceId extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

customerOrganizationNumber

String customerOrganizationNumber

projectNumber

String projectNumber

Class com.mozilla.secops.parser.models.etd.SourceLogId extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

insertId

String insertId

timestamp

String timestamp

Package com.mozilla.secops.parser.models.fxaauth

Class com.mozilla.secops.parser.models.fxaauth.FxaAuth extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

agent

String agent

email

String email

errno

FxaAuth.Errno errno

keys

Boolean keys

lang

String lang

method

String method

op

String op

path

String path

remoteAddressChain

String remoteAddressChain

service

String service

status

Integer status

t

Integer t

uid

String uid

Package com.mozilla.secops.parser.models.fxacontent

Class com.mozilla.secops.parser.models.fxacontent.FxaContent extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

contentLength

Integer contentLength

path

String path

method

String method

remoteAddressChain

String remoteAddressChain

t

String t

userAgent

String userAgent

clientAddress

String clientAddress

status

Integer status

referer

String referer

Package com.mozilla.secops.parser.models.gcpvpcflow

Class com.mozilla.secops.parser.models.gcpvpcflow.GcpVpcFlow extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

bytesSent

Integer bytesSent

connection

GcpVpcFlow.Connection connection

srcInstance

GcpVpcFlow.Instance srcInstance

Class com.mozilla.secops.parser.models.gcpvpcflow.GcpVpcFlow.Connection extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

srcIp

String srcIp

destIp

String destIp

srcPort

Integer srcPort

destPort

Integer destPort

Class com.mozilla.secops.parser.models.gcpvpcflow.GcpVpcFlow.Instance extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

vmName

String vmName

Package com.mozilla.secops.parser.models.nginxstackdriver

Class com.mozilla.secops.parser.models.nginxstackdriver.NginxStackdriverVariant1 extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

xforwardedProto

String xforwardedProto

remoteAddr

String remoteAddr

userAgent

String userAgent

referrer

String referrer

request

String request

remoteUser

String remoteUser

requestTime

Double requestTime

bytesSent

Double bytesSent

trace

String trace

status

String status

xforwardedFor

String xforwardedFor

xpipelineProxy

String xpipelineProxy

Class com.mozilla.secops.parser.models.nginxstackdriver.NginxStackdriverVariant2 extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

remoteIp

String remoteIp

userAgent

String userAgent

referrer

String referrer

request

String request

requestTime

String requestTime

bytesSent

String bytesSent

code

String code

Package com.mozilla.secops.parser.models.taskcluster

Class com.mozilla.secops.parser.models.taskcluster.Taskcluster extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

apiVersion

String apiVersion

clientId

String clientId

duration

Double duration

expires

String expires

authenticated

Boolean authenticated

method

String method

name

String name

isPublic

Boolean isPublic

resource

String resource

satisfyingScopes

String[] satisfyingScopes

sourceIp

String sourceIp

statusCode

Integer statusCode

Package com.mozilla.secops.pioneer

Class com.mozilla.secops.pioneer.Pioneer extends Object implements Serializable

serialVersionUID:

1L

Class com.mozilla.secops.pioneer.Pioneer.PioneerExfiltration extends org.apache.beam.sdk.transforms.PTransform<org.apache.beam.sdk.values.PCollection<Event>,org.apache.beam.sdk.values.PCollection<Alert>> implements Serializable

serialVersionUID:

1L

Serialized Fields

thresholdBytes

int thresholdBytes

thresholdMillis

int thresholdMillis

monitoredResource

String monitoredResource

slackChannelNotification

Boolean slackChannelNotification

Package com.mozilla.secops.postprocessing

Class com.mozilla.secops.postprocessing.AlertSummary extends org.apache.beam.sdk.transforms.PTransform<org.apache.beam.sdk.values.PCollection<Alert>,org.apache.beam.sdk.values.PCollection<Alert>> implements Serializable

serialVersionUID:

1L

Serialized Fields

thresholds

String[] thresholds

warningEmail

String warningEmail

log

org.slf4j.Logger log

Class com.mozilla.secops.postprocessing.PostProcessing extends Object implements Serializable

serialVersionUID:

1L

Class com.mozilla.secops.postprocessing.PostProcessing.Parse extends org.apache.beam.sdk.transforms.PTransform<org.apache.beam.sdk.values.PCollection<String>,org.apache.beam.sdk.values.PCollection<Event>> implements Serializable

serialVersionUID:

1L

Serialized Fields

log

org.slf4j.Logger log

cfg

ParserCfg cfg

Class com.mozilla.secops.postprocessing.PostProcessing.WatchlistAnalyze extends org.apache.beam.sdk.transforms.DoFn<org.apache.beam.sdk.values.KV<Boolean,Alert>,Alert> implements Serializable

serialVersionUID:

1L

Serialized Fields

log

org.slf4j.Logger log

wl

Watchlist wl

warningEmail

String warningEmail

criticalEmail

String criticalEmail

alertExpiry

org.apache.beam.sdk.state.TimerSpec alertExpiry

alertStale

org.apache.beam.sdk.state.TimerSpec alertStale

alertBuffer

org.apache.beam.sdk.state.StateSpec<StateT extends org.apache.beam.sdk.state.State> alertBuffer

alertBufferCount

org.apache.beam.sdk.state.StateSpec<StateT extends org.apache.beam.sdk.state.State> alertBufferCount

alertProcessingTime

org.apache.beam.sdk.metrics.Distribution alertProcessingTime

Package com.mozilla.secops.state

Class com.mozilla.secops.state.StateException extends Exception implements Serializable

serialVersionUID:

1L

Package com.mozilla.secops.streamwriter

Class com.mozilla.secops.streamwriter.StreamWriter extends Object implements Serializable

serialVersionUID:

1L

Package com.mozilla.secops.window

Class com.mozilla.secops.window.GlobalTriggers extends org.apache.beam.sdk.transforms.PTransform<org.apache.beam.sdk.values.PCollection<T>,org.apache.beam.sdk.values.PCollection<T>> implements Serializable

serialVersionUID:

1L

Serialized Fields

tseconds

int tseconds

Package com.mozilla.secops.workshop

Class com.mozilla.secops.workshop.Workshop extends Object implements Serializable

serialVersionUID:

1L

Class com.mozilla.secops.workshop.Workshop.ExtractWords extends org.apache.beam.sdk.transforms.DoFn<String,String> implements Serializable

serialVersionUID:

1L

Class com.mozilla.secops.workshop.Workshop.PrintOutput extends org.apache.beam.sdk.transforms.PTransform<org.apache.beam.sdk.values.PCollection<String>,org.apache.beam.sdk.values.PDone> implements Serializable

serialVersionUID:

1L