- None
- TBD - #000 - @some_elastic_contributor_tbd
- None
- None
- [Rocket.Chat] Add support for generating Kibana Discover URLs to Rocket.Chat alerter - #260 - @nsano-rururu
- [Jinja] Provide rule key/values as possible Jinja data inputs - #281 - @mrfroggg
- [Kubernetes] Add securityContext and podSecurityContext to Helm chart - #289 - @lepouletsuisse
- [Rocket.Chat] Add options: rocket_chat_ca_certs, rocket_chat_ignore_ssl_errors, rocket_chat_timeout - #302 - @nsano-rururu
- [Jinja] Favor match keys over colliding rule keys when resolving Jinja vars; also add alert_text_jinja unit test - #311 - @mrfroggg
- [Opsgenie] Added possibility to specify source and entity attrs - #315 - @konstantin-kornienko
- [ServiceNow] Add support for
servicenow_impactandservicenow_urgencyparameters for ServiceNow alerter - #316 - @randolph-esnet - [Jinja] Add Jinja support to alert_subject - #318 - @mrfroggg @lepouletsuisse
- Metrics will now include time_taken, representing the execution duration of the rule - #324 - @JeffAshton
- [Prometheus] Continue fix for prometheus wrapper writeback function signature - #256 - @greut
- [Stomp] Improve exception handling in alerter - #261 - @nsano-rururu
- [AWS] Improve exception handling in Amazon SES and SNS alerters - #264 - @nsano-rururu
- [Docs] Clarify documentation for starting ElastAlert 2 - #265 - @ferozsalam
- Add exception handling for unsupported operand type - #266 - @nsano-rururu
- [Docs] Improve documentation for Python build requirements - #267 - @nsano-rururu
- [DataDog] Correct alerter logging - #268 - @nsano-rururu
- [Docs] Correct parameter code documentation for main ElastAlert runner - #269 - @ferozsalam
- [Command] alerter will now fail during init instead of during alert if given invalid command setting - #270 - @nsano-rururu
- [Docs] Consolidate all examples into a new examples/ sub folder - #271 - @ferozsalam
- [TheHive] Add example rule with Kibana Discover URL and query values in alert text - #276 - @markus-nclose
- Upgrade pytest-xdist from 2.2.1 to 2.3.0; clarify HTTPS support in docs; Add additional logging - #283 - @nsano-rururu
- [Tests] Add more alerter test coverage - #284 - @nsano-rururu
- [Tests] Improve structure and placement of test-related files in project tree - #287 - @ferozsalam
- Only attempt to adjust timezone if timezone is set to a non-empty string - #288 - @ferozsalam
- [Kubernetes] Deprecated
podSecurityPolicyfeature in Helm Chart as it's deprecated in Kubernetes 1.21 - #289 - @lepouletsuisse - [Slack] Fix slack_channel_override schema - #291 - @JeffAshton
- [Rocket.Chat] Fix rocket_chat_channel_override schema - #293 - @nsano-rururu
- [Tests] Increase code coverage - #294 - @nsano-rururu
- [Docs] Added Kibana Discover sample - #295 - @nsano-rururu
- [AWS] Remove deprecated boto_profile setting - #299 - @nsano-rururu
- [Slack] Correct slack_alert_fields schema definition - #300 - @nsano-rururu
- [Tests] Correct code coverage to eliminate warnings - #301 - @nsano-rururu
- Eliminate unnecessary calls to Elasticsearch - #303 - @JeffAshton
- [Zabbix] Fix timezone parsing - #304 - @JeffAshton
- Improve logging of scheduler - #305 - @JeffAshton
- [Jinja] Update Jinja from 2.11.3 to 3.0.1; Improve handling of colliding variables - #311 - @mrfroggg
- [TheHive] Force observable artifacts to be strings - #313 - @pandvan
- Upgrade pylint from <2.9 to <2.10 - #314 - @nsano-rururu
- [ChatWork] Enforce character limit - #319 - @nsano-rururu
- [LineNotify] Enforce character limit - #320 - @nsano-rururu
- [Discord] Remove trailing backticks from alert body - #321 - @nsano-rururu
- Redirecting warnings to logging module - #325 - @JeffAshton
- None
- Add support for RocketChat - #182 - @nsano-rururu
- Expose rule scheduler properties as configurable settings - #192 - @jertel
- Exclude empty observables from TheHive requests - #193 - @LaZyDK
- Ensure TheHive tags are converted to strings before submitting TheHive request - #206 - @LaZyDK
- Add support for Elasticsearch API key authentication - #208 - @vbisserie
- Add support for Elasticsearch 7.13 for building Kibana Discover URLs - #212 - @nsano-rururu
- Follow symbolic links when traversing rules folder for rule files - #214 - @vbisserie
- Support optional suppression of SSL log warnings when http-posting alerts - #222 - @nsano-rururu
- Add support for inclusion of Kibana Discover URLs in MatterMost messages - #239 - @nsano-rururu
- Add support for inclusion of alert Title in MatterMost messages - #246 - @nsano-rururu
- Speed up unit tests by adding default parallelism - #164 - @ferozsalam
- Remove unused writeback_alias and fix --patience argument - #167 - @mrfroggg
- Fix Bearer token auth in initialisation script - #169 - @ferozsalam
- Finish refactoring alerters and tests into individual files - #175, et al - @ferozsalam
- Improve HTTP POST alert documentation - #178 - @nsano-rururu
- Upgrade Sphinx from 3.5.4 to 4.0.2 - #179 - @nsano-rururu
- Fix Sphinx dependency version - #181 - @ferozsalam
- Switch to absolute imports - #198 - @ferozsalam
- Encode JSON output before writing test data - #215 - @vbisserie
- Update pytest from 6.0.0 to 6.2.4 - #223 - @nsano-rururu
- Ensure ChatWork alerter fails to initialize if missing required args - #224 - @nsano-rururu
- Ensure DataDog alerter fails to initialize if missing required args - #225 - @nsano-rururu
- Ensure DingTalk alerter fails to initialize if missing required args - #226 - @nsano-rururu
- Ensure Zabbix alerter fails to initialize if missing required args - #227 - @nsano-rururu
- MS Teams alerter no longer requires ms_teams_alert_summary arg - #228 - @nsano-rururu
- Improve Gitter alerter by explicitly specifying arg names - #230 - @nsano-rururu
- Add more alerter test code coverage - #231 - @nsano-rururu
- Upgrade pytest-cov from 2.12.0 to 2.12.1 - #232 - @nsano-rururu
- Migrate away from external test mock dependency - #233 - @nsano-rururu
- Improve ElastAlert 2 documentation relating to running scenarios - #234 - @ferozsalam
- Improve test coverage and correct dict lookup syntax for alerter init functions - #235 - @nsano-rururu
- Fix schema bug with MatterMost alerts - #239 - @nsano-rururu
- Fix prometheus wrapper writeback function signature - #253 - @greut
- TheHive alerter refactoring - #142 - @ferozsalam
- See the updated documentation for changes required to alert formatting
- Dockerfile refactor for performance and size improvements - #102 - @jgregmac
- Dockerfile base image changed from
python/alpinetopython/slim-busterto take advantage of pre-build python wheels, accelerate build times, and reduce image size. If you have customized an image, based on jertel/elastalert2, you may need to make adjustments. - Default base path changed to
/opt/elastalertin the Dockerfile and in Helm charts. Update your volume binds accordingly. - Dockerfile now runs as a non-root user "elastalert". Ensure your volumes are accessible by this non-root user.
- System packages removed from the Dockerfile: All dev packages, cargo, libmagic. Image size reduced to 250Mb.
tmpfiles and dev packages removed from the final container image.
- Dockerfile base image changed from
- Support for multiple rules directories and fix
..dataKubernetes/Openshift recursive directories in FileRulesLoader #157 - @mrfroggg - Support environment variable substition in yaml files - #149 - @archfz
- Update schema.yaml and enhance documentation for Email alerter - #144 - @nsano-rururu
- Default Email alerter to use port 25, and require http_post_url for HTTP Post alerter - #143 - @nsano-rururu
- Support extra message features for Slack and Mattermost - #140 - @nsano-rururu
- Support a footer in alert text - #133 - @nsano-rururu
- Added support for alerting via Amazon Simple Email System (SES) - #105 - @nsano-rururu
- Begin alerter refactoring to split large source code files into smaller files - #161 - @ferozsalam
- Update contribution guidelines with additional instructions for local testing - #147, #148 - @ferozsalam
- Add more unit test coverage - #108 - @nsano-rururu
- Update documentation: describe limit_execution, correct alerters list - #107 - @fberrez
- Fix issue with testing alerts that contain Jinja templates - #101 - @jertel
- Updated all references of Elastalert to use the mixed case ElastAlert, as that is the most prevalent formatting found in the documentation.
- None
- Update python-dateutil requirement from <2.7.0,>=2.6.0 to >=2.6.0,<2.9.0 - #96 - @nsano-rururu
- Update pylint requirement from <2.8 to <2.9 - #95 - @nsano-rururu
- Pin ES library to 7.0.0 due to upcoming newer library conflicts - #90 - @robrankin
- Re-introduce CHANGELOG.md to project - #88 - @ferozsalam
- Add option for suppressing TLS warnings - #87 - @alvarolmedo
- Add support for Twilio Copilot - #86 - @cdmastercom
- Support bearer token authentication with ES - #85 - @StribPav
- Add support for statsd metrics - #83 - @eladamitpxi
- Add support for multiple imports of rules via recursive import - #83 - @eladamitpxi
- Specify search size of 0 to improve efficiency of searches - #82 - @clyfish
- Add alert handler to create Datadog events - #81 - @3vanlock
- Added missing Helm chart config.yaml template file.
- Update .gitignore with more precise rule for /config.yaml file.
- Now publishing container images to both DockerHub and to GitHub Packages for redundancy.
- Container images are now built and published via GitHub actions instead of relying on DockerHub's automated builds.
- Update PIP library description and Helm chart description to be consistent.
- Continue updates to change references from ElastAlert to ElastAlert 2