streamalert
streamalert copied to clipboard
airbnb
StreamAlert is a serverless, realtime data analysis framework which empowers you to ingest, analyze, and alert on data from any environment, using datasources and alerting logic you define.
### Description [Opsgenie from Atlassian](https://www.opsgenie.com/product) has APIs for both alert and incident creation. ## Desired Change Add alerting outputs to support Opsgenie's [Incidents API](https://docs.opsgenie.com/docs/incident-api) and [Alert API](https://docs.opsgenie.com/docs/alert-api).
### Description The StreamAlert Classifier only allows for a top level log type (`osquery` vs `osquery:diff` for instance) to be declared in the `sources.json` for a given resource's `logs`. ##...
## Background [AWS announced Kinesis Data Stream autoscaling](https://aws.amazon.com/blogs/big-data/scaling-amazon-kinesis-data-streams-with-aws-application-auto-scaling/) last Nov. We would like to support this feature in StreamAlert so that we won't be worry about re-sharding anymore. ## Desired...
## Background [AWS announced DynamoDB On-Demand feature](https://aws.amazon.com/blogs/aws/amazon-dynamodb-on-demand-no-capacity-planning-and-pay-per-request-pricing/) at Nov 28th, 2018 right after Re:Invent. This feature will really easy out our pain to scale DynamoDB tables even have autoscaling policy...
## Background AWS Lambda supports a [thread limit](http://docs.aws.amazon.com/lambda/latest/dg/limits.html) of 1024 per execution. We currently are not taking advantage of this feature when processing logs with StreamAlert. ## Desired Outcome Usage...
**What** Schema checks are performed in the same order against each log due to it being an OrderedDict. This can be problematic if your highest volume log types (ex: osquery)...
StreamAlert stores and processes potentially sensitive security logs. As such, all data should be encrypted at rest. In particular, Dynamo, S3, and SQS support server-side encryption, and it's relatively easy...
## Background Currently all outputs are configured on a per-rule basis. While this allows for great flexibility it makes things like configuring all rules to output to S3 for audit...
By default, StreamAlert monitors all CloudWatch events, but does not alert on all of them. The AWS Trusted Advisor service supposedly sends events to CloudWatch events by default. The TrustedAdvisor...
StreamAlert will also support receiving data via an HTTP endpoint. This is for service providers or appliances that support HTTP endpoints for logging. Example: Akamai, OneLogin: https://support.onelogin.com/hc/en-us/articles/215214143-Streaming-Real-Time-OneLogin-Event-Data-to-your-SIEM-Solution