Hugging Face's logo

ineso22
/
Mozdef

Model card Files
xet
 Community
Mozdef
File size: 2,256 Bytes
7c89ed7
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
# MozDef Quick Start Guide

## What is MozDef?
**MozDef is a SIEM (Security Information and Event Management) platform** - an open-source microservices-based security event management system built on Elasticsearch.

## Quick Installation (Docker)

```bash
# 1. Navigate to MozDef directory
cd /root/MozDef

# 2. Build Docker images
make build

# 3. Start all services
make run

# 4. Access services
# - Web Interface: http://localhost
# - Kibana: http://localhost:9090/app/kibana
# - Loginput: http://localhost:8080
```

## Quick Commands

```bash
# Start MozDef
make run

# Stop MozDef
make stop

# Rebuild everything
make rebuild

# Clean up (remove containers and volumes)
make clean

# Run tests
make tests

# View logs
docker-compose -f docker/compose/docker-compose.yml -p mozdef logs [service-name]
```

## Send a Test Event

```bash
curl -X POST http://localhost:8080/events \
  -H "Content-Type: application/json" \
  -d '{
    "timestamp": "2024-01-15T10:00:00+00:00",
    "utctimestamp": "2024-01-15T10:00:00+00:00",
    "hostname": "test.example.com",
    "processname": "test.py",
    "processid": 1234,
    "severity": "INFO",
    "summary": "Test event",
    "category": "test",
    "source": "test",
    "tags": ["test"],
    "details": {}
  }'
```

## Service Ports

| Service | Port | URL |
|---------|------|-----|
| Meteor (Web UI) | 80 | http://localhost |
| Kibana | 9090 | http://localhost:9090/app/kibana |
| Loginput | 8080 | http://localhost:8080 |
| Syslog | 514 | UDP/TCP |

## Key Directories

- `/alerts` - Alert definitions and engine
- `/loginput` - HTTP event ingestion endpoint
- `/mq` - Message queue workers
- `/meteor` - Web interface
- `/rest` - REST API
- `/config` - Configuration files
- `/docs` - Documentation

## Create a New Alert

```bash
make new-alert
# Follow prompts to create alert and test files
```

## View Service Status

```bash
docker-compose -f docker/compose/docker-compose.yml -p mozdef ps
```

## Troubleshooting

1. **Services won't start**: Check Docker has 4GB+ RAM
2. **Events not appearing**: Check loginput status: `curl http://localhost:8080/status`
3. **View logs**: `docker-compose logs [service-name]`

## Full Documentation

See `MOZDEF_COMPREHENSIVE_REPORT.md` for complete details.