How to enable Cloud Security Platform (CSP) features within Threat Stack application?

Follow

What is Cloud Security Platform ? 

Operating in a secure cloud environment requires a tighter integration among multiple security functions to include- Workload Security, Infrastructure Security, Vulnerability Management, Threat Intelligence and Incident Response all packaged into a platform with integrated workflows - to meet the goals of security, compliance and operational efficiency.

 

We are excited to announced Threat Stack Cloud Security Platform that combines users, processes, network, FIM, cloudtrail, vulnerability management and threat intelligence into one platform.

 

Vulnerability Intelligence 

Integrated Vulnerability intelligence feature within Threatstack application provides an at-a-glance and detailed view of the security state of managed workloads by identifying any installed vulnerable packages. The detailed view provides context of the vulnerable package to include CVE, CVSS Score, attack vector and complexity of exploit.

We currently support Ubuntu, Amazon and RedHat distributions of Linux for this feature.

Vulnerability intelligence relies on package information from the host and it's built into our newest agent release, v.1.4.2.Once the customer installs 1.4.2 agent, vulnerability intelligence feature can be enabled.After a few minutes, you should see the vulnerability information on the vulnerability widget on the dashboard with drill downs into server page for further details

This feature is only available in Advanced and Pro Packages. Current customers with Advanced or Pro package subscriptions, please contact support-team@threatstack.com to enable the functionality.

 

 

Integration with Slack for notifications

Slack support is implemented using their web hook API -- simply provide the webhook URL and the severity of alerts you want in the channel. The configuration for Slack is in our Integrations section in the Settings view.

Slack support is implemented using their webhook API simply provide the webhook URL and the severity of alerts you want in the channel.

cloud_security.png

Threat Intelligence

 

Threat Intelligence feature correlates the outgoing and incoming IPs with the Threat Stack curated IP list from various sources 

The configuration involves three steps

  1. Enable the threat intelligence rule under rule sets (please contact support if you do not see the rule set)
  2. Tweak the rule for the right severities
  3. Associate the rule set with servers you want to see alerts on

 

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

0 comments

Article is closed for comments.