airbnb
Feature: Default Outputs
Background
Currently all outputs are configured on a per-rule basis. While this allows for great flexibility it makes things like configuring all rules to output to S3 for audit trail purposes cumbersome and repetitive.
Desired Change
Ideally a user would be able to specify default outputs on a per-cluster basis. These outputs would be appended to whatever outputs are configured for a given rule. This would make the S3 audit trail use case described above both incredibly simple and also remove the possibility that someone might accidentally omit the output on any given rule.
Updated status: this functionality exists in a semi-ready state insofar as currently all alerts are sent by default to the Firehose output used for S3 storage / historical event searching.
The next step here is to expose this functionality as configurable, keeping the underlying firehose default in place regardless of what the user specifies.