What is Cloud Security Platform ?
Operating in a secure cloud environment requires a tighter integration among multiple security functions to include- Workload Security, Infrastructure Security, Vulnerability Management, Threat Intelligence and Incident Response all packaged into a platform with integrated workflows - to meet the goals of security, compliance and operational efficiency.
We are excited to announced Threat Stack Cloud Security Platform that combines users, processes, network, FIM, cloudtrail, vulnerability management and threat intelligence into one platform.
Integrated Vulnerability intelligence feature within Threatstack application provides an at-a-glance and detailed view of the security state of managed workloads by identifying any installed vulnerable packages. The detailed view provides context of the vulnerable package to include CVE, CVSS Score, attack vector and complexity of exploit.
We currently support Ubuntu, Amazon and RedHat distributions of Linux for this feature.
Vulnerability intelligence relies on package information from the host and it's built into our newest agent release, v.1.4.2.Once the customer installs 1.4.2 agent, vulnerability intelligence feature can be enabled.After a few minutes, you should see the vulnerability information on the vulnerability widget on the dashboard with drill downs into server page for further details
This feature is only available in Advanced and Pro Packages. Current customers with Advanced or Pro package subscriptions, please contact email@example.com to enable the functionality.
Integration with Slack for notifications
Slack support is implemented using their web hook API -- simply provide the webhook URL and the severity of alerts you want in the channel. The configuration for Slack is in our Integrations section in the Settings view.
Slack support is implemented using their webhook API simply provide the webhook URL and the severity of alerts you want in the channel.
Threat Intelligence feature correlates the outgoing and incoming IPs with the Threat Stack curated IP list from various sources
The configuration involves three steps
- Enable the threat intelligence rule under rule sets (please contact support if you do not see the rule set)
- Tweak the rule for the right severities
- Associate the rule set with servers you want to see alerts on