Confirmed users
4,971
edits
ReleaseEngineering/How To/Process release email: Difference between revisions
Jump to navigation
Jump to search
ReleaseEngineering/How To/Process release email (view source)
Revision as of 16:37, 13 September 2016
, 13 September 2016longer release+mozdef explanation
(release+mozdef@m.c) |
(longer release+mozdef explanation) |
||
| Line 208: | Line 208: | ||
<hr /> | <hr /> | ||
<small> | <small> | ||
=Security Alerts from Mozdef= | |||
== Why we get them == | |||
Mozdef is an ELK stack (logging aggregator + parser) run by the infosec team. They're consuming our Papertrail logs, at our request. | |||
2016.09.13: We have asked them to create some preliminary alerts on ssh access to our signing infrastructure. See https://bugzilla.mozilla.org/show_bug.cgi?id=1290261 | |||
== What is sending them == | |||
2016.09.13: the infosec team has a cron job finding ssh activity on the signing infrastructure, and that emails us. | |||
== What to do when one is received == | |||
2016.09.13: The emails are very new. For now, we most likely want to take a look and see what the 'normal' looks like, so we know when something out of the ordinary happens. | |||
On suspicious email, notify the team and infosec. | |||
== How to silence or acknowledge this alert == | |||
2016.09.13: These will send once a day if there is ssh access. | |||
== Future plans == | |||
2016.09.13: We may change the frequency of the emails to be more immediate, once we know the noise level. | |||
== How to best filter these emails == | |||
As noted in the table above, these are sent to release+mozdef@mozilla.com | |||
=Sample= | =Sample= | ||