MozDef Description
MozDef is a real-time incident response system that investigates and responds to security operations groups' defensive toolkits. It is similar to how Metasploit and LAIR revolutionized the capabilities for attackers. MozDef is used to ingest security events and alert us to suspicious activities. We also use it to investigate security incidents and to categorize threat actors. Our security personnel around the world can collaborate with each other even though they may not be in the same room. We can see any changes happening as they happen. Integration plugins allow us the ability to set up the system to respond to attacks in a preplanned manner to minimize threats as they arise. Since the launch, we have been on a monthly release schedule, adding features and fixing bugs as they arise. The release notes for this version can be found here.