Name		Name	Last commit message	Last commit date
parent directory ..
rules		rules
tests		tests
wip_rules		wip_rules
README.md		README.md
config.yaml		config.yaml
deploy.sh		deploy.sh
docker-compose.yml		docker-compose.yml

README.md

Elastalert

Prerequisite

The Elastic stack must be installed first, see elk

Elastalert install

Via docker compose, run ./deploy.sh

Elastalert rules

Find current working rule at rules
wip_rules is the folder to store the rules that are not completed

Run rules test

cd tests; ./test_rules.sh