Threat Stack Monitor Package Howto

What is Threat Stack Monitor Package ?

The following are the features that are available in monitor package

Monitoring and alerting

  1. User activity: Any activity that has interactive user session associated with it.  Examples include
    1. Users logging in and escalating privileges to root
    2. Users copying files from prod to dev
  2. File integrity monitoring
    1. File OPENs
    2. File CREATEs
    3. File MODIFYs
  3. Vulnerability monitoring
  4. Reporting
    1. Daily alert report
    2. Daily vulnerability report
    3. Daily FIM report
    4. Daily compliance rule set



How do you Enable Monitor Package ?

 

Customers would enable monitor mode on the agent using --agent_type option. Additionally Threat Stack offers default monitor base rule set (screenshot below) that customers can get their agents associated to by default.

 

The following is the command that the customers would use in their deploy scripts for enabling the monitor mode and associating the monitor rule set

 

cloudsight   setup --deploy-key=<key> --agent_type=m --ruleset=”Monitor Base Rule Set”



Note:
Monitor mode can be enabled only on agent versions 1.6.0 and above.








Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.