Why

The analysis of alert data would require the use of SQL. BigQuery is a user-friendly and effective platform for data analysis.

Expected

Please include a BigQuery action to output the alert data.

For submitting alert data to ticketing system such as Jira and GitHub

Why

AlertChain can output workflow progress and results as structured logs. It can be used for testing and debugging for production environment. However it's suitable for only developer and difficult to understand them for non-developer of AlertChain.

AlertChain's concept is lightweight SOAR and it should not have heavy UI component. So it should have data access API and provide capability to build separated front-end implementation liek
most of other SOAR production.

ToDo

• Add GraphQL schema and interface implementation
• Add authentication mechanism for GraphQL query (and original /alert path also)
• Implement small web UI as example

In use case to create alerts from one input, data field has all alerts data and it's complicated. Then, it need to allow alert rule to overwrite data field.

Why

• Currently, in the play mode, alertchain only reads a single jsonnet file as the test scenario. To avoid having one large scenario file, it requires the use of import statements within the jsonnet file. This can be inconvenient.

Expected

• It is expected that alertchain should have the capability to recursively read all files in the same directory or read all files in the directory by specifying an option.

Why

• Attribute is flexible field, but it's not suitable to present reference link
• Another field is required for link