StreamAlert is a serverless, realtime data analysis framework which empowers you to ingest, analyze, and alert on data from any environment, using datasources and alerting logic you define.
to: @airbnb/streamalert-maintainers
related to: #1230, #1237, #1238, #1242, #1245 and #1246
resolves:
Background
This is the PR for Normalization v2 feature that I have been working on during past couple month. Most of the code has been reviewed in the feature branch.
Changes
Merge PR #1230, #1237, #1238, #1242, #1245 and #1246 features for Artifact Extractor feature (Normalization v2)
Deploy release-3-3-0 branch to staging and enable historical search on cloudwatch and osquery events, which have normalization configured.
Apply current branch to staging and enable artifact_extractor lambda function following by the documentation.
Default normalized account, ip_address, user_agent, user_identity, command and file_path types are writing to S3 and searchable in artifacts table correctly.
to: @airbnb/streamalert-maintainers related to: #1230, #1237, #1238, #1242, #1245 and #1246 resolves:
Background
This is the PR for Normalization v2 feature that I have been working on during past couple month. Most of the code has been reviewed in the feature branch.
Changes
Testing
release-3-3-0branch to staging and enable historical search oncloudwatchandosqueryevents, which have normalization configured.artifact_extractorlambda function following by the documentation.account,ip_address,user_agent,user_identity,commandandfile_pathtypes are writing to S3 and searchable inartifactstable correctly.