Feature Walkthrough Videos

Threat Stack empowers users to monitor their hosts for anomalous, risky activity. These three minute feature walkthrough videos teach users how to harness the full power of the Threat Stack Cloud Security Platform® to meet their needs.

Vulnerabilities Overview

Threat Stack scans all installed packages once per day for any infrastructure risks exposed by the National Vulnerabilities Database (NVD) Common Vulnerabilities and Exposures (CVEs). Threat Stack users view vulnerabilities on the Vulnerabilities page.

Video: https://resources.threatstack.com/customer-onboarding/vulnerabilities

PDF: https://resources.threatstack.com/customer-onboarding/how-to-vulnerabilities

Rule Customization Overview

Rules identify high-risk behavior in a customer's infrastructure. Threat Stack users can create customized rules from a specific alert or event, or from the Rules page.

Video: https://resources.threatstack.com/customer-onboarding/rule-customization

PDF: https://resources.threatstack.com/customer-onboarding/how-to-rule-customization

Alert Page Overview

Threat stack users receive alerts about unknown, anomalous behavior that display on the Alerts page. Here, users investigate the sources of the alerts and can suppress specific alerts.

Video: https://resources.threatstack.com/customer-onboarding/alert-page-overview

PDF: https://resources.threatstack.com/customer-onboarding/how-to-alert-page-overview

Configuration Audit Overview

The Config Audit page displays potential risk to the customer's infrastructure by displaying gaps between their infrastructure and Amazon Web Services (AWS)'s API best practices and customer policies.

Video: https://resources.threatstack.com/customer-onboarding/config-audit

PDF: https://resources.threatstack.com/customer-onboarding/how-to-config-audit

Suppressions Overview

Threat Stack users prevent known, accepted behavior from triggering alerts by implementing suppressions.

Video: https://resources.threatstack.com/customer-onboarding/suppressions

PDF: https://resources.threatstack.com/customer-onboarding/how-to-suppressions

Event Types Overview

Threat Stack contains three types of Host Events and one type of Cloudtrail Event to help users monitor for anomalous activity.

Video: https://resources.threatstack.com/customer-onboarding/event-types

PDF: https://resources.threatstack.com/customer-onboarding/how-to-event-types

Baseline and Tune Alerts Overview

Threat Stack users can establish normal alert behavior in their system (baseline) and then tweak rules and alerts (tune) to ensure they are only alerted to anomalous activities.

Video: https://resources.threatstack.com/customer-onboarding/baseline-video

PDF: https://resources.threatstack.com/customer-onboarding/how-to-baseline-tune

Alert Workflows Overview

Threat Stack users investigate alerts by drilling down into the event(s) that triggered the alert, contextualizing the surrounding the event, and searching for events with similar process details to find anomalous activity.

Video: https://resources.threatstack.com/customer-onboarding/alert-workflows

PDF: https://resources.threatstack.com/customer-onboarding/how-to-alert-workflows

Servers Page Overview

The Threat Stack Servers page lists all active hosts with an Agent installed. Threat Stack users view online, offline, and integrated AWS account servers, filter servers by specific criteria, and revoke servers through this page.

Video: https://resources.threatstack.com/customer-onboarding/servers-page

PDF: https://resources.threatstack.com/customer-onboarding/how-to-servers-page-overview

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request