MIG: Mozilla InvestiGator

MIG is a platform to perform investigative surgery on remote endpoints. It enables investigators to obtain information from large numbers of systems in parallel, thus accelerating investigation of incidents and day-to-day operations security. MIG is composed of agents installed on all systems of an infrastructure that are be queried in real-time to investigate the file-systems, network state, memory or configuration of endpoints. MIG is built in Go and uses a REST API that receives signed JSON messages distributed to agents via RabbitMQ and stored in a Postgres database. It is: - Massively Distributed means Fast. - Simple to deploy and Cross-Platform. - Secured using OpenPGP. - Respectful of privacy by never retrieving raw data from endpoints.