Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Realtime Alerts #25

Open
Prinstan opened this issue Mar 21, 2020 · 9 comments
Open

Realtime Alerts #25

Prinstan opened this issue Mar 21, 2020 · 9 comments
Labels
Roadmap Item - TODO This issue is already on our roadmap

Comments

@Prinstan
Copy link

Can we have a realtime alert mechanism via. email.
@Jovonni
Copy link
Collaborator

Jovonni commented Mar 21, 2020

this is a great idea.

In your mind, how would that work?

The way it works typically with UBA products is you can set an email string for an alert type, or model, which may consist of multiple email addresses..

We can add a section to the settings page, where you can enter email groups,

That way we can have several email groups you can set for each model job. Thoughts welcomed on this!

tagging @kaiiyer . Also @Prinstan, feel free to make a pull request, and put your thoughts down in psuedo code if you want. We will collab on it.

@Jovonni Jovonni added the enhancement New feature or request label Mar 21, 2020
@kaiiyer
Copy link
Contributor

kaiiyer commented Mar 21, 2020

Yeah I think it's cool to have an alert system. Like UBA gives score to an account out of 100(suppose). If score is below 30 well and good so a low alert or no alert. Up to 70 will be high alert and if score exceeds 70 a critical alert.
Depending on the alert and acc to security policies the user should take actions within a given deadline !!
@Prinstan @Jovonni what're your thoughts ?

@Jovonni
Copy link
Collaborator

Jovonni commented Mar 21, 2020
edited

good point @kaiiyer . This relates to the risk.py file, we can make another alert.py file that Risk imports.

Lets think about how that fits into the workflow. Probably have an alert job itself that runs after a model jobs. The alert job will analyze all model results, and check for alert criteria to be satisfied... high level thoughts....

@Pristin you wanna help, or would just like us to keep you updated? What made you think of this feature? just curious.

@Prinstan
Copy link
Author

Prinstan commented Mar 21, 2020 via email

@Prinstan
Copy link
Author

Prinstan commented Mar 21, 2020 via email

@kaiiyer
Copy link
Contributor

kaiiyer commented Mar 21, 2020

Hello Team, I would like to help you, But I have very little experience in python but I belong to security domain and hence I suggested this feature. Can any one help me setup the environment, if need be I will learn python Because this project has intrested me a lot

On Sat, 21 Mar, 2020, 10:00 pm Jovonni L. Pharr, @.***> wrote: good point @kaiiyer https://github.com/kaiiyer . This relates to the risk.py file, we can make another alert.py file that Risk imports. Lets think about how that fits into the workflow. Probably have an alert job itself that runs after a model jobs. The alert job will analyze all model results, and check for alert criteria to be satisfied... high level thoughts.... @Pristin https://github.com/Pristin you wanna help, or would just like us to keep you updated. What made you think of this feature? just curious. — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#25 (comment)>, or unsubscribe https://github.com/notifications/unsubscribe-auth/AATFROP6KZ56LE4Y7NGV4M3RITTTVANCNFSM4LQ5XONA .

@Prinstan By setting up environment you mean to start working on this project right. Just fork the repo and run it locally by following instructions here. No additional setup is required if you have python and node already.

@Jovonni
Copy link
Collaborator

Jovonni commented Mar 23, 2020
edited

Hello Team, I would like to help you, But I have very little experience in python but I belong to security domain and hence I suggested this feature. Can any one help me setup the environment, if need be I will learn python Because this project has intrested me a lot

On Sat, 21 Mar, 2020, 10:00 pm Jovonni L. Pharr, @.***> wrote: good point @kaiiyer https://github.com/kaiiyer . This relates to the risk.py file, we can make another alert.py file that Risk imports. Lets think about how that fits into the workflow. Probably have an alert job itself that runs after a model jobs. The alert job will analyze all model results, and check for alert criteria to be satisfied... high level thoughts.... @Pristin https://github.com/Pristin you wanna help, or would just like us to keep you updated. What made you think of this feature? just curious. — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#25 (comment)>, or unsubscribe https://github.com/notifications/unsubscribe-auth/AATFROP6KZ56LE4Y7NGV4M3RITTTVANCNFSM4LQ5XONA .

No worries, working on it. Will keep this issue updated.

@Prinstan
Copy link
Author

ElastAlert is a simple framework for alerting on anomalies, spikes, or other patterns of interest from data in Elasticsearch.
https://github.com/Yelp/elastalert.git

let me know if this helps you @Jovonni

@Jovonni
Copy link
Collaborator

Jovonni commented Apr 22, 2020

ElastAlert is a simple framework for alerting on anomalies, spikes, or other patterns of interest from data in Elasticsearch.

https://github.com/Yelp/elastalert.git

let me know if this helps you @Jovonni

Will be looking deeper into elastalert.

I like how they have integrations for several platforms, like slack for example. Might be a bit redundant since it focuses on elastic, and elastic has their own alerting mechanism now with the 7.x versions, and we can invoke that functionality via REST. Elastalert May have been ahead of its time! Great project to use for inspiration! Thank you @Prinstan 👏🏾

@Jovonni Jovonni added Roadmap Item - TODO This issue is already on our roadmap and removed enhancement New feature or request labels Apr 23, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Roadmap Item - TODO This issue is already on our roadmap
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Prinstan @Jovonni @kaiiyer