Threat Stack Monitor Package Howto


What is the Threat Stack Monitor Plan ?

The following are the features that are available in monitor package

Monitoring and alerting

  1. User activity: Any activity that has interactive user session associated with it.  Examples include
    1. Users logging in and escalating privileges to root
    2. Users copying files from prod to dev
  2. File integrity monitoring
    1. File OPENs
    2. File CREATEs
    3. File MODIFYs
  3. Vulnerability monitoring
  4. Reporting
    1. Daily alert report
    2. Daily vulnerability report
    3. Daily FIM report
    4. Daily compliance rule set

Note - Threat Stack will store all alerts and contributing events for one year from the time of generation of the alert.  

How do you Enable Monitor Plan ?

Customers would enable monitor mode on the agent using --agent_type option. Additionally Threat Stack offers default monitor base rule set (screenshot below) that customers can get their agents associated to by default. 

The following is the command that the customers would use in their deploy scripts for enabling the monitor mode and associating the monitor rule set

cloudsight   setup --deploy-key=<key> --agent_type=m --ruleset=”Monitor Base Rule Set”

Monitor mode can be enabled only on agent versions 1.6.0 and above.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request



Article is closed for comments.