Skip to content

Releases: airbnb/streamalert

v3.5.0

04 Nov 19:07
Compare
Choose a tag to compare

StreamAlert Release v3.5.0

A complete list of changes in v3.5.0 can be found here

v3.4.1

05 Oct 21:50
27b8669
Compare
Choose a tag to compare

StreamAlert Release v3.4.1

A complete list of changes in v3.4.1 can be found here

stable

15 Mar 20:31
27b8669
Compare
Choose a tag to compare

This is to be used as a rolling 'stable' tag. It allows the following command to clone the latest stable release without need to update documentation:

git clone --branch stable https://github.com/airbnb/streamalert.git


Updating the tag in the future requires the following:

  • If you have the commit checked out that you want to tag:

git tag stable --force

  • Alternatively, you can specify the commit you want to tag:

git tag --force stable <commit_sha>

  • Update the remote with the new tag reference:

git push origin stable --force

v3.4.0

26 Aug 22:24
b7971a0
Compare
Choose a tag to compare

StreamAlert Release v3.4.0

A complete list of changes in v3.4.0 can be found here

v3.3.0

05 Aug 22:08
bfde778
Compare
Choose a tag to compare

StreamAlert Release v3.3.0

A complete list of changes in v3.3.0 can be found here

v3.2.1

10 Apr 23:16
a0a284c
Compare
Choose a tag to compare

StreamAlert Release v3.2.1

A complete list of changes in v3.2.1 can be found here

v3.2.0

09 Apr 23:23
4afadf5
Compare
Choose a tag to compare

StreamAlert Release v3.2.0

Highlights

Cross-Account Lambda Output

The previously implemented AWS Lambda output was unable to perform cross-account execution of Lambda functions. The V2 version of the Lambda output now supports performing an AssumeRole call prior to invoking the Lambda output, enabling this sort of functionality.

A complete list of changes in v3.2.0 can be found here

v3.1.2

02 Apr 00:05
41da6b5
Compare
Choose a tag to compare

StreamAlert Release v3.1.2

A complete list of changes in v3.1.2 can be found here

v3.1.1

31 Mar 20:52
1714b1e
Compare
Choose a tag to compare

StreamAlert Release v3.1.1

A complete list of changes in v3.1.1 can be found here

v3.1.0

28 Mar 00:32
fdb7b95
Compare
Choose a tag to compare

StreamAlert Release v3.1.0

New Features

Scheduled Queries

The concept of "stateful" alerting has always been a gap that StreamAlert has failed to bridge. We've introduced a feature we've dubbed Scheduled Queries as a way to help bridge that gap. Users can now write and deploy Athena queries that will run on a user-defined schedule. The results of these queries are then fed data back into StreamAlert's Rules Engine for further processing and alerting. See the documentation for more information on getting up and running with Scheduled Queries.

See also: #1209

Dynamic Outputs in Rules

It is now possible for rules to dynamically configure outputs based on information in a record. A new keyword argument of dynamic_outputs has been added to the @rule decorator to support this. For more information on how to leverage this for yourself, see the documentation. This is great addition that we've also wanted for a long time, so a huge thank you to @jack1902 for adding this!

AWS Simple Email Service Output

Support has been added for sending alerts to AWS Simple Email Service (SES). This enables sending richly formatted emails to recipients, as opposed to the previous method of using AWS SNS for sending only very simple emails. A huge thanks to @jack1902 for contributing this!

Microsoft Teams Output

Support has also been added for sending alerts to Microsoft Teams. A huge thanks (again!) to @jack1902 for contributing this!

Publisher Integration Tests

The Publishers testing implementation has been updated to support configuring tests for publishers directly within a test event file. For more information on how to add tests for Publishers, see the documentation.

See also: #1185

Improvements

Parquet for Data Retention

One of our biggest pain points in the StreamAlert ecosystem has been the speed of searches. This release adds support for Parquet as the storage format of data sent to S3 for historical data retention, and we're already seeing vast improvements in comparison to JSON. In addition to this, Athena tables are also now created and managed via Terraform, removing the need for users to reason about them during deployment time.

See also: #1202

Rule Integration Tests

In addition to the updates to integration tests made as part of #1181, a larger update to the framework has migrated tests out of the tests/integration directory. Integration test files for rules should now live beside the rule being tested. The documentation for tests includes more details.

New Rules

AWS Config Compliance and Remediation Rules

Thanks to @jack1902 for adding two new rules related to AWS Config!

SSH Activity via osquery

Thanks to @chunyong-lin for open-sourcing a rule to alert on SSH login activity captured by osquery.

Bug Fixes

To view the complete list of all of the bugs fixed in v3.1.0, including many not mentioned above, see here.

All Changes

To view the complete list of all changes included in v3.1.0, see here.