Releases: airbnb/streamalert
v3.5.0
v3.4.1
stable
This is to be used as a rolling 'stable' tag. It allows the following command to clone the latest stable release without need to update documentation:
git clone --branch stable https://github.com/airbnb/streamalert.git
Updating the tag in the future requires the following:
- If you have the commit checked out that you want to tag:
git tag stable --force
- Alternatively, you can specify the commit you want to tag:
git tag --force stable <commit_sha>
- Update the remote with the new tag reference:
git push origin stable --force
v3.4.0
v3.3.0
v3.2.1
v3.2.0
StreamAlert Release v3.2.0
Highlights
Cross-Account Lambda Output
The previously implemented AWS Lambda output was unable to perform cross-account execution of Lambda functions. The V2 version of the Lambda output now supports performing an AssumeRole
call prior to invoking the Lambda output, enabling this sort of functionality.
A complete list of changes in v3.2.0 can be found here
v3.1.2
v3.1.1
v3.1.0
StreamAlert Release v3.1.0
New Features
Scheduled Queries
The concept of "stateful" alerting has always been a gap that StreamAlert has failed to bridge. We've introduced a feature we've dubbed Scheduled Queries as a way to help bridge that gap. Users can now write and deploy Athena queries that will run on a user-defined schedule. The results of these queries are then fed data back into StreamAlert's Rules Engine for further processing and alerting. See the documentation for more information on getting up and running with Scheduled Queries.
See also: #1209
Dynamic Outputs in Rules
It is now possible for rules to dynamically configure outputs based on information in a record. A new keyword argument of dynamic_outputs
has been added to the @rule
decorator to support this. For more information on how to leverage this for yourself, see the documentation. This is great addition that we've also wanted for a long time, so a huge thank you to @jack1902 for adding this!
AWS Simple Email Service Output
Support has been added for sending alerts to AWS Simple Email Service (SES). This enables sending richly formatted emails to recipients, as opposed to the previous method of using AWS SNS for sending only very simple emails. A huge thanks to @jack1902 for contributing this!
Microsoft Teams Output
Support has also been added for sending alerts to Microsoft Teams. A huge thanks (again!) to @jack1902 for contributing this!
Publisher Integration Tests
The Publishers testing implementation has been updated to support configuring tests for publishers directly within a test event file. For more information on how to add tests for Publishers, see the documentation.
See also: #1185
Improvements
Parquet for Data Retention
One of our biggest pain points in the StreamAlert ecosystem has been the speed of searches. This release adds support for Parquet as the storage format of data sent to S3 for historical data retention, and we're already seeing vast improvements in comparison to JSON. In addition to this, Athena tables are also now created and managed via Terraform, removing the need for users to reason about them during deployment time.
See also: #1202
Rule Integration Tests
In addition to the updates to integration tests made as part of #1181, a larger update to the framework has migrated tests out of the tests/integration
directory. Integration test files for rules should now live beside the rule being tested. The documentation for tests includes more details.
New Rules
AWS Config Compliance and Remediation Rules
Thanks to @jack1902 for adding two new rules related to AWS Config!
SSH Activity via osquery
Thanks to @chunyong-lin for open-sourcing a rule to alert on SSH login activity captured by osquery.
Bug Fixes
To view the complete list of all of the bugs fixed in v3.1.0, including many not mentioned above, see here.
All Changes
To view the complete list of all changes included in v3.1.0, see here.