Threat Stack Agent CoreOS Installation Overview


As of June 2017, Threat Stack supports CoreOS Stable channel v1353.8.0 and later.

Installation Methods for Agent 1.8.0C and Newer

Threat Stack recommends installing CoreOS as a container-based Agent, rather than as a host-based Agent. For instructions, see Threat Stack Containerized Agent.

Previous Installation Method

Latest CoreOS Installer

To install the agent software, run CoreOS installer from the untarred package directory:  

tar -xvzf threatstack-agent_latest.coreos1353.8.0_amd64.tar.gz
cd threatstack-agent_1.6.6-7.coreos1353.8.0_amd64

After you have run the agent installer, you have two methods that you can use to complete the installation process. You can execute the cloudsight setup arguments doing a single command or you can install the agent manually.


The version number varies slightly based on the latest agent release version. This means that the version number you see may differ from the one in this article.

Single Command Manual Alternative

CoreOS installs the agent software and dependencies under /opt/threatstack and lists the Threat Stack agent as a standard systemd service.

You can install the Threat Stack Agent using the cloudsight setup arguements by running this single command:

sudo ./ --deploy-key=KEY


The KEY is your deploy key. Threat Stack requires that you provide the deploy key to authenticate.

Additional installer and agent registration options include:

Installer options:
 -s, --silent                  Skip installation prompts.
 -h, --help                    Print this message.

Automatic agent registration options:
 -a, --agent_type              Agent type ([i]nvestigate or [m]onitor).
                                Default: (i)nvestigate
 -k KEY, --deploy-key=KEY      Automatically register this agent using the
                                specified deployment key.
 -r, --ruleset                 Ruleset(s) to initially use.
 -u, --url                     URL to use to communicate with ThreatStack.

Check Service Connection

To verify that your agent is connected inside the Threat Stack application, navigate to the Servers page.

To check the status of the service connection and various services maintained by the agent, run: 

/opt/threatstack/bin/cloudsight status

For more options, run:

/opt/threatstack/bin/cloudsight --help

Uninstall Agent

To uninstall CoreOS run:

sudo cloudsight stop
sudo rm -rf /opt/threatstack /etc/init.d/cloudsight /opt/bin/cloudsight
Was this article helpful?
0 out of 0 found this helpful