Jun 29

MIG: Mozilla InvestiGator by mozilla

Mozilla’s platform for real-time digital forensics and incident response of modern infrastructures

MIG is a platform to perform investigative surgery on remote endpoints. It enables investigators to obtain information from large numbers of systems in parallel, thus accelerating investigation of incidents and day-to-day operations security. Watch on YouTube

MIG is composed of agents installed on all systems of an infrastructure that are be queried in real-time to investigate the file-systems, network state, memory or configuration of endpoints.

It’s an army of Sherlock Holmes, ready to interrogate your infrastructure within seconds.

Capability Linux MacOS Windows
file inspection check check check
network inspection check check (partial)
memory inspection check check check
vuln management check (planned) (planned)
system auditing (planned) (planned) (planned)

Imagine that it’s 7am on a saturday morning, and someone just released a critical vulnerability for your favorite PHP application. The vuln is already exploited and security groups are releasing indicators of compromise. Your weekend isn’t starting great, and the thought of manually inspecting thousands of systems isn’t making it any better.

MIG can help. The signature of the vulnerable PHP app (an md5 of a file, a regex on file, or just a filename) can be searches for across all your systems using the file module. Similarly, indicators of compromise such as specific log entries, backdoor files with {md5,sha{1,256,512,3-{256,512}}} hashes, IP addresses from botnets or signature in processes memories can be investigated using MIG. Suddenly, your weekend is looking a lot better. And with just a few command lines, thousands of systems will be remotely investigated to verify that you’re not at risk.

Source: MIG: Mozilla InvestiGator by mozilla