Threat Stack Trial Guide



Welcome to Threat Stack!

Thank you for choosing to evaluate the Threat Stack Cloud Security Platform.

By this time, you should have received access to Threat Stack application. If not contact the Sales Team.


Threat Stack gives in depth visibility into user, process, network, and file activities on the host, so we recommend installing the agent on a high-traffic host such as a jump host. Alternately, you can install the agent on a test host that you can throw away.

Install & Configure

We have many methods to help you get started using the Threat Stack Agent including:

Evaluate the Product

We recognize that selecting a cloud security vender is difficult, to ease this we created an Evaluation Document. This is a google document that you can copy, fill out, to help you summarize findings for your team.

Step 1 Step 2 Step 3 Step 4

Host Testing

Log into the host as a regular user and execute a few commands, including a few which require privileged access. Try triggering an alert by:

  • scp a file back and forth from the host
  • Change permissions of a file on the host
  • Perform some login failures for SSH or sudo
  • Commands which require privilege escalations:
    1. sudo tcpdump
    2. sudo chown ubuntu /home
    3. sudo apt-get install htop (or package of your choice)
  • Imitate the behavior of malware:
    1. Install a kernel module to imitate the exploit/rootkit phase
    2. Ping or wget to a known malicious host (e.g. - ping or to imitate command and control
    3. Download and execute some shell scrips out of /tmp directory


Click on Alerts on the left menu. You will see alerts for each of the actions above, organized into 3 severities:

  • Severity 1: Critical alert (inform me immediately)
  • Severity 2: Warn alert (review every other day or weekly)
  • Severity 3: Log (review every month)
Was this article helpful?
1 out of 1 found this helpful
Have more questions? Submit a request



Article is closed for comments.