Skip to Content
Core ConceptsData Ingestion

Data Ingestion

AlertD ingests your AWS environment — resources, metrics, and their relationships — into a local data store so you can work with your cloud data instantly, without waiting on live API calls.

Why Ingest?

Querying AWS directly is slow. Every API call adds latency, pagination, rate limits, and region-by-region overhead. A simple question like “which EC2 instances have elevated CPU usage and are attached to unencrypted EBS volumes?” would require dozens of separate API calls, manual cross-referencing, and careful throttle management — all before you can even begin your analysis.

Ingestion eliminates that friction. AlertD pulls your environment data once, stores it locally, and makes it available for fast, flexible querying from that point forward.

What Gets Ingested

Resources

AlertD collects configuration data for over 100 AWS resource types across all your enabled regions, including:

  • EC2 Instances, Security Groups, AMIs, and ENIs
  • EBS Volumes and Snapshots
  • Load Balancers (ALB, NLB, Classic)
  • IAM Roles, Policies, and their attachments
  • CloudFormation Stacks
  • CloudWatch Alarms and Log Groups
  • VPCs, Subnets, Route Tables, and VPN Endpoints
  • Autoscaling Groups

Each resource is stored with its full set of properties and indexed by ARN, so any resource can be looked up or joined to related resources instantly.

Metrics

AlertD collects baseline metric values from CloudWatch for each of your resources. These baselines give AlertD a picture of normal operating behavior — CPU utilization, network traffic, disk I/O, request counts, error rates — so that security assessments and compliance checks can reference actual runtime data, not just static configuration.

What This Gives You

Fast Filtering

Once ingested, your entire environment is queryable in seconds. You can filter resources by type, region, tag, or any property without waiting for API responses. Need all S3 buckets without encryption? All security groups with open SSH access? The answer comes back immediately.

Resource Correlation

Because all resource types are stored together with their full properties, AlertD can correlate resources through their relationships. An EC2 instance connects to its security groups, its attached EBS volumes, its subnet, its IAM role — and each of those connects further. This lets AlertD trace paths across your environment that would be extremely tedious to assemble from individual API calls.

Metric-Aware Assessments

With baseline metrics alongside resource configuration, AlertD’s security assessments go beyond static checks. Instead of just flagging that a resource exists, AlertD can factor in whether it’s actively in use, how much traffic it handles, or whether its behavior has changed — adding meaningful context to compliance findings.

Ingestion runs automatically on a recurring schedule, so your data stays current without any manual intervention. AlertD processes all configured regions concurrently, keeping your resource configurations and metric baselines up to date in the background.

Last updated on
How AlertD WorksExecution Plans