https://mozdef.readthedocs.org/en/latest/
The following button will launch the Mozilla Enterprise Defense Platform in your AWS account.
Warning: Pressing the "Launch Stack" button and following through with the deployment will incur charges to your AWS account.
The inspiration for MozDef comes from the large arsenal of tools available to attackers. Suites like metasploit, armitage, lair, dradis and others are readily available to help attackers coordinate, share intelligence and finely tune their attacks in real time. Defenders are usually limited to wikis, ticketing systems and manual tracking databases attached to the end of a Security Information Event Management (SIEM) system.
The Mozilla Enterprise Defense Platform (MozDef) seeks to automate the security incident handling process and facilitate the real-time activities of incident handlers.
- Provide a platform for use by defenders to rapidly discover and respond to security incidents
- Automate interfaces to other systems like bunker, cymon, mig
- Provide metrics for security events and incidents
- Facilitate real-time collaboration amongst incident handlers
- Facilitate repeatable, predictable processes for incident handling
- Go beyond traditional SIEM systems in automating incident handling, information sharing, workflow, metrics and response automation
MozDef is in production at Mozilla where we are using it to process over 300 million events per day.
If you're interested in running MozDef and would like to give us feedback, please take the following surveys:
- I have not used MozDef yet but I'm interested
- I have used MozDef and I have feeback!
- Neither of these is me but I want to give general SIEM thoughts.
These survey also include a contact form where you can reach us if you would like to (it's optional)
Note: These surveys will be open for a limited amount of time, in order to ensure that we look at your feedback in a timely fashion. Thanks for your understanding!