streamalert

streamalert copied to clipboard

## Background ## StreamAlert supports a handful of output services (Slack, AWS S3, AWS Lambda, PagerDuty, Phantom...), each which may require different properties for their configuration. For instance, Phantom requires...

ryandeivert

### Background Currently, the CLI command `terraform status` simply prints output based on the config (`variables.json`), and concatenates that with the defined Terraform outputs in the code (mainly user access...

jacknagz

Improvement: Support JSON key wildcarding

3

**Problem** Some JSON logs have keys that are dynamic Example: CarbonBlack's `feed.storage.hit.process` - Example key: alliance_data_ Where is `bit9endpointvisibility`, `bit9earlyaccess`, or one of a dozen other feeds. These feed names...

ghost

The current CSVParser class is not designed to properly handle input if it contains a header row. We should either subclass this parser or create a new one that can...

ryandeivert

Make it easy to define what clusters a rule should run in Desired properties (very rough draft, open for comment): 1. "Write once, run anywhere" - meaning, write the rule...

ghost

What: - https://www.bro.org/ - Add log schemas to `conf/logs.json` - https://www.bro.org/sphinx/script-reference/log-files.html

ghost

What: - https://suricata-ids.org/ - Add log schemas to conf/logs.json - http://suricata.readthedocs.io/en/latest/output/index.html

ghost

https://aws.amazon.com/step-functions/ Have the ability for alerts to go into step functions for decoration, context fetching or to make desired state change

ghost

**Background** AWS Data Pipelines can log errors to an S3 bucket: http://docs.aws.amazon.com/datapipeline/latest/DeveloperGuide/dp-error-logs.html **Goal** - Identify the log format - Verify if StreamAlert's existing S3 support does support this use-case -...

ghost

AWS deprecation timeline for python3.7 lambda run time is Nov'23. Could you confirm when the lambdas will be updated to run on the latest version of python.

gkumarkk