SnowAlert Deployment

A core part of the SnowWatch platform is the deployment of the SnowAlert security analytics framework.

This framework is provided as a docker image hosted at docker hub here There are 2 docker images:

1. The snowsec/snowalert which is responsible for generating the alerts and violations
2. The snowsec/snowalert-webui which is the administration interface for SnowAlert. This container hosts a web application that allows a user to input an alert/violation/supression query.

There are several ways to orchestrate the containers.

Contents:

• Kubernetes SnowAlert Deployment
  • Overview
  • Note
  • Quickstart
  • To Deploy
• Fargate SnowAlert Deployment
• Linux SnowAlert Deployment