streamalert
streamalert copied to clipboard
airbnb
StreamAlert is a serverless, realtime data analysis framework which empowers you to ingest, analyze, and alert on data from any environment, using datasources and alerting logic you define.
## Background Determine whether it would be beneficial to build reference documentation with sphinx that could get published on RTD. ### Description Other projects publish reference guides (see: [here](https://margaritashotgun.readthedocs.io/en/latest/reference_guide.html)) that...
## Background The `logs.json` holds all of our defined logs schemas, like so: ``` { "osquery:status": { "schema": { "hostIdentifier": "string", "calendarTime": "string", "unixTime": "string", "severity": "integer", "filename": "string", "line":...
## Background When StreamAlert processes files from S3, there's a chance that the amount of parsed records could be very high (over 10k). In this case, the rule processor has...
Generic tracker for on boarding any log type - [x] Github Audit - [ ] Auditd - [ ] GoAudit - [x] G Suite Audit - [ ] Bro IDS...
## Background StreamAlert currently uses the local dev system for installing all dependencies before packaging (read: zipping) and sending to S3 for use in Lambda. This can result in non-natively...
## Background When deploying multiple StreamAlert clusters configured for different AWS regions, all the clusters are created in the default aws region. This is because the terraform modules do not...
## Background During infrastructure creation, if the length of the prefix + the length of the cluster + "streamalert_rule_processor_role" is > 64 chars, the terraform build will fail due to...
## Background The `live-test` CLI command supports sending to defined outputs for a rule being tested. By default, this command will *not* mock out any of the outputs and will...
**Background** From: https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon _"System Monitor (Sysmon) is a Windows system service and device driver that, once installed on a system, remains resident across system reboots to monitor and log system...
## Background There is no current standard for gathering rule metadata context into alerts. An ideal improvement would be parsing StreamAlert rule docstrings as RST and adding this metadata to...