Roadmap

Large deliverables are outlined below. Progress, and smaller features, can be tracked on Github

Threat Intelligence

Target: Q3 2017

In the near future, StreamAlert will support comparing logs against traditional indicators of compromise (IOCs), which can range from thousands to millions in volume. This will be built in a way that’s provider agnostic, allowing you to use ThreatStream, ThreatExchange, or whatever your heart desires.

HTTP Endpoint Support

Target: Q4 2017

StreamAlert will also support receiving data via an HTTP endpoint. This is for service providers or appliances that only support HTTP endpoints for logging. Example: Akamai