streamalert icon indicating copy to clipboard operation
streamalert copied to clipboard

Published 20 hours ago verified publisher icon airbnb

Improvement: Parse Rules with RST

Open jacknagz opened this issue 7 years ago • 0 comments

Background

There is no current standard for gathering rule metadata context into alerts. An ideal improvement would be parsing StreamAlert rule docstrings as RST and adding this metadata to the alert structure.

Desired Outcome

A structured RST rule docstring with labeled fields:

Example:

:Description: My new rule
:Version: 1
:Authors:
    - Me
    - Myself
    - I

And in the alert:

{
  'rule': {
    'description': 'My new rule',
    'version': 1,
    'authors': 'Me, myself, and I'
  }
}

jacknagz avatar Apr 12 '17 22:04 jacknagz