streamalert issues

[Bug] TypeError: unhashable type: 'dict' on AWS Config Messages

2

Hi all I seen a previous fixed bug of Classifier throwing a "TypeError: unhashable type: 'dict'" for AWS Security Hub events. However this fix does not seem to have fixed...

rsavjani

config

data normalization

RFC: consider moving to the SAM model (+ cloudformation)

1

## Background We have invested a lot of time in our current terraform implementation, but I'd like to open up the discussion of potentially moving to AWS SAM for stack...

ryandeivert

RFC

[Tech Debt] Add configuration validation for "file_format"

### Description See the discussion in [this comment thread](https://github.com/airbnb/streamalert/pull/1295#discussion_r499799015).

chunyong-lin

config

tech debt

[RFC] update test framework for 1:1 testing of rules to events

## Background Having integration tests that designate more than one `trigger_rules` can make adding new integration tests annoyingly complicated. For instance, if a new test file is added that inadvertently...

ryandeivert

improvement

tests

[Improvement] Add a new configuration for each normalizer that allows you to opt-out of sending a normalized field to the Artifacts Firehose

## Background One issue we've encountered by using Normalization v2 internally is that we have rules that listen on normalized fields that are not interesting to extract into Artifacts, so...

chunyong-lin

data normalization

[Improvement] Add streamalert_normalization as a top optional key automatically

## Background Based on the #1250, in order to cross join search original record between `artifacts` and original tables by `record_id`, it requires the original record to have `streamalert_normalization` field...

chunyong-lin

data normalization

[Tech Debt] Delete normalized_types.json file

## Background PR #1250 refactored normalization feature and it moves the normalization configuration along with log schemas. That being said, `normalized_types.json` file is no long relevant. We will delete this...

chunyong-lin

data normalization

tech debt

kill the cloudwatch_monitoring module

## Background The `cloudwatch_monitoring` module is absolute 🗑️. Right now there is a janky dependency between the `kinesis` module and this one and it's easy to mess up. Also, the...

ryandeivert

terraform

improvement

support 'classify_only' without having to set service + source in test events

## Background Test events currently support `classify_only` type tests, but these still require having a `source` and `service` also set in the test event. ## Desired Change Make it possible...

ryandeivert

improvement

tests

[bug] Changing type(s) in a log schema will break historical search against data using old schema

## Background If you have historical search enabled and the `file_format` is set to `parquet`, bad news, we will be screwed if we change the type(s) in a log schema...

chunyong-lin

bug

historical search

streamalert
streamalert copied to clipboard

Metadata

[Bug] TypeError: unhashable type: 'dict' on AWS Config Messages

RFC: consider moving to the SAM model (+ cloudformation)

[Tech Debt] Add configuration validation for "file_format"

[RFC] update test framework for 1:1 testing of rules to events

[Improvement] Add a new configuration for each normalizer that allows you to opt-out of sending a normalized field to the Artifacts Firehose

[Improvement] Add streamalert_normalization as a top optional key automatically

[Tech Debt] Delete normalized_types.json file

kill the cloudwatch_monitoring module

support 'classify_only' without having to set service + source in test events

[bug] Changing type(s) in a log schema will break historical search against data using old schema

← Metadata

Owner

Metadata

streamalert streamalert copied to clipboard

Metadata

← Metadata

Owner

Metadata

streamalert
streamalert copied to clipboard