MozDef: The Mozilla Defense Platform

March 10, 2015

7.2k

MozDef: The Mozilla Defense Platform

This talk was presented at the inaugural Elastic{ON} conference, http://elasticon.com

Session Abstract:

From the brains behind MozDef: The Mozilla Defense Platform, this talk will focus on their SIEM overlay on top of Elasticsearch. Highlight will include security incident response, alerting, and operations integrations.

Presented by Jeff Bryner, Mozilla

Elastic Co

March 10, 2015

More Decks by Elastic Co

See All by Elastic Co

Les Vendredis noirs : même pas peur ! - Breizhcamp

elastic

780

Confoo Montreal: Ingest node: enriching documents within Elasticsearch

elastic

810

Elastic{ON} 2018 - Sipping from the Firehose: Scalable Endpoint Data for Incident Response

elastic

4.2k

Elastic{ON} 2018 - A Security Analytics Platform for Today

elastic

11k

Elastic{ON} 2018 - The State of Geo in Elasticsearch

elastic

12k

Elastic{ON} 2018 - Reliable by design - Applying formal methods to distributed systems

elastic

4.7k

Elastic{ON} 2018 - Bigger, Faster, Stronger - Leveling Up Enterprise Logging

elastic

4.9k

Elastic{ON} 2018: Latest in Logstash

elastic

4.5k

Elastic{ON} 2018 - Lessons Learned from Workday's Search Application Journey from POC to Production

elastic

2.4k

Other Decks in Technology

See All in Technology

Azureの基本的な権限管理の勉強会

yhana

240

Cloud Native Java with Spring Boot (CNCF Aarhus, April 2024)

thomasvitale

170

よく聞くけど使ったことないソフトウェアNo.1 KafkaとSnowflake

foursue

350

KubeCon EU 2024 Recap “Kubernetes Policy Time Machine: Where to Next?”

ryysud

210

エンジニア候補者向け資料2024.04.24.pdf

macloud

3.3k

長期間TiDBを使ってきた話 @ 私たちはなぜNewSQLを使うのかTiDB選定5社が語る選定理由と活用LT / Experiences with TiDB Over Time

chibiegg

890

TechFeed Experts Night#27 〜フロントエンドフレームワーク最前線 (Svelte)

baseballyama

430

ワールドカフェI ／チューターを改良する / World Café I and Improving the Tutors

ks91

PRO

120

FrontDoorとWebAppsを組み合わせた際のリダイレクト処理の注意点

kenichirokimura

510

自己改善からチームを動かす！「セルフエンジニアリングマネージャー」のすゝめ

shoota

420

サーバー間 GraphQL と webmock-graphql の話 / server-to-server graphql and webmock-graphql

qsona

180

ユーザーストーリーのレビューを自動化したみたの

bun913

420

Featured

See All Featured

How to train your dragon (web standard)

notwaldorf

5.2k

Cheating the UX When There Is Nothing More to Optimize - PixelPioneers

stephaniewalter

274

13k

XXLCSS - How to scale CSS and keep your sanity

sugarenia

241

1.2M

Build The Right Thing And Hit Your Dates

maggiecrowley

Designing with Data

zakiwarfel

4.8k

Principles of Awesome APIs and How to Build Them.

keavy

121

16k

Happy Clients

brianwarren

6.4k

Teambox: Starting and Learning

jrom

128

8.4k

Optimising Largest Contentful Paint

csswizardry

2.4k

How GitHub (no longer) Works

holman

304

140k

Designing on Purpose - Digital PM Summit 2013

jponch

110

6.5k

The World Runs on Bad Software

bkeepers

PRO

6.7k

Transcript

Jeff Bryner MozDef: The Mozilla Defense Platform
CC-BY-ND 4.0 2 why?
3 What
4 SIEM is like..
5 closed...
6 automate defense
7 Mozilla Defense Platform SIEM overlay for Elasticsearch •  Incident
Response •  Event Management •  Event Correlation/Alerts •  Threat Management •  Real-time interactions between defenders •  Integrations into defensive infrastructure
8
CC-BY-ND 4.0 9 Under the hood: 5 node ES
cluster: All are Vmware VMs 4 cores each node 32GB memory (16 for ES JVM) 5 TB NFS Netapp storage 5 nodes of RabbitMQ Generic VMs 2 in each physical data center 1 as a DMZ proxy for AWS sites 1 of above Rabbit nodes is also Meteor UI/Mongo DB
CC-BY-ND 4.0 10 Performance: 5k EPS idle 7-10k EPS
burst 300+ million events/day 20 days of online storage (backed up to AWS for offline)
11
12 demo
Fledgling features: •  Aggregations to alert on event category stats
out of normal (working, just to email) •  Aggregations of least common terms (awaiting pyes, cluster upgrades) •  Oculus/myo support in the attackers screen (semi-working)
Jeff Bryner MozDef: The Mozilla Defense Platform @0x7eff [email protected] irc.mozilla.org:
[jeff] MozDef: http://mozdef.rocks http://demo.mozdef.com:3000