Events are the backbone of your cybersecurity operation. Events record everything taking place in your infrastructure. The Threat Stack Cloud Security PlatformⓇ (CSP) ingests events and assists you in creating a baseline normal, everyday activity. If an event deviates from the baseline, then a Rule triggers an Alert to tell you about potentially malicious activity. Events, therefore, are critical to protecting your infrastructure.
What Is an Event?
Events are individual actions that take place within your infrastructure. Events contain metadata related to the action, such as an event identification (ID), the date and time the event took place, and the action taken – for example, command or exe. See Overview: Events Feature for a specific list of the types of events the Threat Stack CSP ingests.
You apply rules to events as they enter your Threat Stack CSP. If the metadata in the event matches an applied rule, then an Alert triggers. Threat Stack ties the event to the alert, which makes it easier to identify the source of potentially anomalous behavior in your infrastructure.
Where Do I Find Events in the Threat Stack Application?
Events display on the Events tab in the Threat Stack CSP.
Why Do I See Events in My Threat Stack CSP?
The events you see in your Threat Stack CSP record actions taking place in your infrastructure. Events are stored for three calendar days. Events tied to alerts are stored for one calendar year.