Threat Stack empowers users to monitor their hosts for anomalous, risky activity. These three minute feature walkthrough videos teach users how to harness the full power of the Threat Stack Cloud Security Platform® to meet their needs.
Threat Stack scans all installed packages once per day for any infrastructure risks exposed by the National Vulnerabilities Database (NVD) Common Vulnerabilities and Exposures (CVEs). Threat Stack users view vulnerabilities on the Vulnerabilities page.
Rule Customization Overview
Rules identify high-risk behavior in a customer's infrastructure. Threat Stack users can create customized rules from a specific alert or event, or from the Rules page.
Alert Page Overview
Threat stack users receive alerts about unknown, anomalous behavior that display on the Alerts page. Here, users investigate the sources of the alerts and can suppress specific alerts.
Configuration Audit Overview
The Config Audit page displays potential risk to the customer's infrastructure by displaying gaps between their infrastructure and Amazon Web Services (AWS)'s API best practices and customer policies.
Threat Stack users prevent known, accepted behavior from triggering alerts by implementing suppressions.
Event Types Overview
Threat Stack contains three types of Host Events and one type of Cloudtrail Event to help users monitor for anomalous activity.
Baseline and Tune Alerts Overview
Threat Stack users can establish normal alert behavior in their system (baseline) and then tweak rules and alerts (tune) to ensure they are only alerted to anomalous activities.
Alert Workflows Overview
Threat Stack users investigate alerts by drilling down into the event(s) that triggered the alert, contextualizing the surrounding the event, and searching for events with similar process details to find anomalous activity.
Servers Page Overview
The Threat Stack Servers page lists all active hosts with an Agent installed. Threat Stack users view online, offline, and integrated AWS account servers, filter servers by specific criteria, and revoke servers through this page.