14 DAY TRIAL // Mozilla released a new version of its Defense Platform, a SIEM (security information and event management) overlay solution for ElasticSearch servers, expanding its functionality and improving response to security incidents.
The project benefits from a rapid development cycle, with fresh revisions being rolled out on a monthly basis. The current release is 1.9 and includes support for new services, as well as fixes for some performance issues.
MozDef keeps on growing
The internal name for the project is MozDef (The Mozilla Defense Platform) and its goal is to offer the possibility to include real-time incident response and investigation in the defensive tool kits used by security professionals.
Version 1.9 of the tool adds support for Google API logs, which allows triggering the alarm on suspicious login or logout activity for Google’s cloud storage and Docs services.
Another notable modification refers to integration of the Cyber Monitor (CyMon) API, a service provided by eSentire that aggregates open-source security reports about phishing, botnets and various other malicious activities.
It also allows users to search for information based on IP addresses, domains or the URL included in the reputation database.
Touch-free UI handling
In a blog post published on Wednesday, Jeff Bryner says that MozDef 1.9 features improvements as far as the web interface is concerned, by integrating support for the Myo armband, a wearable that offers touch-free control of the on-screen data, based on the arm’s muscle activity, with pointing and zooming gestures.
The developer warns that configuration adjustments may be required when using the Myo armband in a TLS environment, as the browser may encounter problems connecting to the local Myo agent.
Mozilla has been relying on the capabilities offered by MozDef for about two years, using it for capturing and assessing security events, looking into suspicious actions, as well as handling incidents and creating visuals based on the threat actor’s behavior.
According to the description of the tool, it goes through more than 300 million events on a daily basis.