Threat StackⓇ AWS Fargate Commands

Threat Stack Container Security Monitoring for AWS Fargate includes a number of command line options. All Threat Stack Container Security Monitoring for AWS Fargate command line options are lowercase and underscore-separated.

Command line options can be set by prefixing the name of the option with two hyphens, and following it with an equal sign and the value to which to set it.

Example: To set hostname to CustomHostName, use:

--hostname=CustomHostName
Command Type Default Value Description
backend_url string https://app.threatstack.com The URL to use for the Threat Stack Cloud Security PlatformⓇ (CSP).
hostname string N/A Set the name of the host / server that the Agent will report.
listener boolean true Enable / disable the listener service.


To enable, value is true.

To disable, value is false.

NOTE: Disabling the listener service does not disable the mountedSensor. To disable the mountedSensor, remove it from the container task definition(s) with which it is associated.

log_events boolean true Enable or disable raw event logging to CloudWatch.


To enable, value is true.

To disable, value is false.

log_level string info The level of logging the Agent uses. By default, logs use the info level, which records messages about the state of the Agent and its primary components, as well as warning and error messages. All logs are sent to CloudWatch through the stdout command.
max_inactivity string 60s The maximum length of time a netflow may be inactive before it is considered done. By default, the value is 60 seconds.


NOTE: If a netflow is considered done as a result of inactivity, then the netflow event’s completionStatus field reads “expired.”

ruleset_ids string N/A The Threat StackⓇ-provided unique identifier (IDs) of rulesets to which the Agent subscribes. Separate each ruleset ID with the plus sign (+) delimiter.


Example:

--ruleset_names=\”rnID1+rnID2+rnID3\”
ruleset_names string N/A The names of rulesets to which the agent subscribes. Separate each ruleset name with the plus sign (+) delimiter.


Example:

--ruleset_names=\”rn1+rn2+rn3\”
ts_enable_stats_logging string N/A View logs for the following actions in the container in which the mounted Sensor is mounted:
  • attempts by the mounted Sensor to reconnect to the Agent
  • socket connections that stop working and start working
ts_stats_logging_interval string N/A Set the interval at which the Agent polls for dropped events, such as "30s". By default, the value is "5m".
Was this article helpful?
0 out of 0 found this helpful