Frequently Asked Questions

What is StreamAlert?

What language is StreamAlert written in?

What license is StreamAlert released under?

How much does StreamAlert cost

  • StreamAlert is open source (free)

What environments does StreamAlert support?

How can I send data to StreamAlert?

What can I send to StreamAlert?

Why support Kinesis Streams & S3?

  • Some logs go directly to S3 (CloudTrail, S3 Server access logs, AWS Config, …)
  • Some SaaS products provide you access/audit logs in an S3 bucket
  • Many companies send logs to S3 or Glacier for long-term retention

What scale does StreamAlert operate at?

  • StreamAlert utilizes Kinesis Streams, which can “continuously capture and store terabytes of data per hour from hundreds of thousands of sources” [1]

What’s the maintenance/operational overhead?

  • Limited; StreamAlert utilizes Terraform, Kinesis Streams and AWS Lambda, which means you don’t have to manually provision, manage, patch or harden any servers

Does StreamAlert support analytics, metrics or time series use-cases?

  • StreamAlert itself does not support analytics, metrics or time series use-cases. StreamAlert can send data to such tools or you can use one of many great open source and commercial offerings in this space, including but not limited to Prometheus, DataDog and NewRelic.

Is StreamAlert intended for synchronous (blocking) or asynchronous decision making?

  • StreamAlert is intended for asynchronous decision making.

What about historical searching and alerting?

  • This is on our Roadmap . StreamAlert will utilize AWS Athena, a serverless, interactive query service that uses Presto. This will allow you to analyze your data using SQL for both ad-hoc and scheduled queries.