Skip to content

Releases: stacknil/telemetry-lab

v0.3.0 — Precise Cooldown Scoping, Richer Scenario Pack, and Run Summaries

25 Mar 05:20
@stacknil stacknil
v0.3.0
c244023
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v0.3.0 — Precise Cooldown Scoping, Richer Scenario Pack, and Run Summaries Latest
Latest

Highlights

This release focuses on making the telemetry demo easier to explain, more realistic to inspect, and more reusable after each run.

Added

  • a richer sample scenario pack with a compact but more expressive event story
  • machine-readable summary.json outputs for both the default sample path and the richer sample path
  • additional end-to-end coverage to keep the richer sample and summary outputs reproducible

Changed

  • cooldown keying is now more precise: repeated alerts are scoped by (rule_name, scope) instead of only global rule_name
  • cooldown scope now prefers the first available entity-like field in this order:
    • entity
    • source
    • target
    • host
  • when no entity-like fields are present, cooldown behavior falls back to the original global per-rule behavior
  • README examples now document the richer sample path and the run-summary artifact

Richer sample scenario pack

The bundled richer scenario path now demonstrates a more explainable detection story with four compact phases:

  • normal background activity
  • a login-failure burst
  • a high-risk configuration change followed by policy_denied
  • a repeated rare malware_alert sequence

This richer sample uses its own config entrypoint:

python -m telemetry_window_demo.cli run --config configs/richer_sample.yaml

Run summaries

Each run now writes a compact summary.json artifact alongside the existing CSV and PNG outputs.

Current summary fields:

  • input_path
  • output_dir
  • normalized_event_count
  • window_count
  • feature_row_count
  • alert_count
  • triggered_rule_names
  • triggered_rule_counts
  • cooldown_seconds
  • generated_artifacts

Both sample paths produce this artifact:

  • configs/default.yaml -> data/processed/summary.json
  • configs/richer_sample.yaml -> data/processed/richer_sample/summary.json

Scope

This is still a local, file-based telemetry analytics prototype.

It is not a production monitoring system and does not include:

  • real-time ingestion
  • streaming state management
  • alert routing / on-call integration
  • SIEM / SOC platform integration
  • deployment, storage, or multi-tenant infrastructure

Included work

  • #13: refine alert cooldown scope
  • #14: add richer sample scenario pack
  • #15: add machine-readable run summaries

Notes

Compared with v0.2.0, this release is less about repository governance and more about demo quality and output usability.

The repository now provides:

  • more precise cooldown semantics
  • a better bundled scenario narrative
  • compact machine-readable run summaries for downstream inspection

This release is a usability and expressiveness milestone for the demo, while keeping the project intentionally small and local-first.

Assets 2
Loading

v0.2.0 — Validation, Edge Cases, Cooldown, and Minimal CI

24 Mar 04:08
@stacknil stacknil
v0.2.0
7fa2b9a
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v0.2.0 — Validation, Edge Cases, Cooldown, and Minimal CI

Highlights

This release turns the initial telemetry MVP into a more stable and reviewable repository iteration.

Added

  • edge-case test coverage for timestamp parsing, window boundaries, empty input, duplicate timestamps, threshold equality, and related normalization behavior
  • stronger ingestion validation for both JSONL and CSV inputs
  • a simple per-rule alert cooldown mechanism to reduce noisy repeated alerts
  • minimal GitHub Actions CI for pytest on push and pull_request

Changed

  • required-field validation now rejects both missing required columns and missing/blank required values
  • malformed JSONL and malformed CSV inputs now raise clearer ValueError messages
  • default alert behavior now suppresses repeated alerts from the same rule_name within a configurable cooldown window
  • sample alert output was reduced substantially under the default configuration, making the demo output easier to inspect and explain

Repository hardening

  • expanded test coverage around the most failure-prone parts of the prototype
  • aligned README behavior notes with actual loader/runtime behavior
  • added a small CI workflow so regressions are caught in pull requests instead of only in local runs

Scope

This is still a local, file-based prototype for telemetry analytics and rule-based alerting.

It is not a production monitoring system and does not include:

  • real-time ingestion
  • streaming state management
  • alert routing / on-call integration
  • SIEM / SOC platform integration
  • deployment or storage infrastructure

Included work

  • #5: edge-case coverage for windowing and rules
  • #7: minimal GitHub Actions CI
  • #8: stronger event ingestion validation
  • #9: cooldown-based alert deduplication

Notes

The project now has:

  • clearer ingestion contracts
  • stronger regression protection
  • lower default alert noise
  • basic repository-level CI

This release is a stability and governance milestone rather than a major feature expansion.

Loading