Runbook/AlertTally
18
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
Repository for Runbook AlertTally
1 commit 1 branch 0 tags 515 KiB
  • Python 70.2%
  • Perl 26.8%
  • Dockerfile 3%
Find a file
Exact
Bradley Monajjemi (AMS DATASERFS INC) 72d1a54726 Initial commit for splitting Kubernetes repo.
2025-12-09 11:14:20 -08:00
containers Initial commit for splitting Kubernetes repo. 2025-12-09 11:14:20 -08:00
k8config Initial commit for splitting Kubernetes repo. 2025-12-09 11:14:20 -08:00
threatmodel Initial commit for splitting Kubernetes repo. 2025-12-09 11:14:20 -08:00
README.md Initial commit for splitting Kubernetes repo. 2025-12-09 11:14:20 -08:00

README.md

AlertTally service

AlertTally is responsible for receiving messages from Skynet, counting them based on user set rules, and once the count specified by rules are reached, sending an alert to the appropriate recipients.

Important Information

  1. Tallyapi is what manages rules and topics that Alerttally uses to run. Tallyapi documentation has all information needed to manage rules and topics.
  2. Alerttally primary flow has tallyzmq subscribe to events coming from Achim's code on Skynet. Tallyzmq then sends events to tallycount to be stored.
  3. Tallycount will store incoming events with stored data specifying what rules apply to each stored event.
  4. Tallytimer will send a request to tallycount every 60 seconds, tallycount will process events and generate alerts on receipt of this message.
  5. Tallycount will send generated alerts out to tallysend.
  6. Tallysend will on receipt of a generated alert send out an alert to all recipients(emails and teams channels) to the attached topics to the rule.
  7. Tallygetrules will get the latest rules and topics from mysql and write them to a local file. Tallycount and tallysend both refer to these local files instead of mysql to reduce load.