- Windows 2012 R2
- Minimum of 2 vCPUs / 4 GB RAM
See the Supported Operating Systems and Kernels article for more information.
Threat Stack provides the ability to monitor Windows instances, hosted in the cloud or on-premise.
Monitoring Windows instances with Threat Stack achieves similar levels of visibility to Linux host monitoring. And can help you achieve:
- Compliance for Windows environments
- The ability to cover a hybrid OS environment, Linux and Windows servers, or an all Windows environment
Windows Monitoring supports the following features:
- Host Intrusion Detection
- Includes user activity, process, and network activity. You can use this information to create alerts on abnormal user, process, and network behavior.
- File Integrity Monitoring
- Critical file activities that can trigger alerts, such as open, delete, create, and modify.
- Threat Intelligence Activity
- Connections to and from the monitored host that detect and alert on connections to and from malicious hosts
- Event Log Monitoring
- Also called "Windows Security Event Log Monitoring" refers to the security events that Threat Stack will alert on. Example of alerts:
- Windows policy changes (event id 4732)
- Windows system time changes (event id 4616)
- Windows security group changes