{"id":1979,"date":"2015-05-20T15:26:22","date_gmt":"2015-05-20T22:26:22","guid":{"rendered":"https:\/\/blog.mozilla.org\/security\/?p=1979"},"modified":"2015-08-10T15:50:54","modified_gmt":"2015-08-10T22:50:54","slug":"mozdef-the-mozilla-defense-platform-v1-9","status":"publish","type":"post","link":"https:\/\/blog.mozilla.org\/security\/2015\/05\/20\/mozdef-the-mozilla-defense-platform-v1-9\/","title":{"rendered":"MozDef: The Mozilla Defense Platform v1.9"},"content":{"rendered":"

At Mozilla we’ve been using The Mozilla Defense Platform (lovingly referred to as MozDef) for almost two years now and we are happy to release v1.9<\/a>. If you are unfamiliar, MozDef is a Security Information and Event Management (SIEM)<\/a> overlay for ElasticSearch<\/a>.<\/p>\n

MozDef aims to bring real-time incident response and investigation to the defensive<\/strong> tool kits of security operations groups in the same way that Metasploit<\/a>, LAIR<\/a> and Armitage<\/a> have revolutionized the capabilities of attackers.<\/p>\n

We use MozDef to ingest security events, alert us to security issues, investigate suspicious activities, handle security incidents and to visualize and categorize threat actors. The real-time capabilities allow our security personnel all over the world to work collaboratively even though we may not sit in the same room together and see changes as they occur. The integration plugins allow us to have the system automatically respond to attacks in a preplanned fashion to mitigate threats as they occur.<\/p>\n

We’ve been on a monthly release cycle since the launch<\/a>, adding features and squashing bugs as we find them. You can find the release notes for this version here<\/a>.<\/p>\n

Notable changes include:<\/p>\n