SnowAlert DeploymentΒΆ
A core part of the SnowWatch platform is the deployment of the SnowAlert security analytics framework.
This framework is provided as a docker image hosted at docker hub here There are 2 docker images:
- The snowsec/snowalert which is responsible for generating the alerts and violations
- The snowsec/snowalert-webui which is the administration interface for SnowAlert. This container hosts a web application that allows a user to input an alert/violation/supression query.
There are several ways to orchestrate the containers.