How to Track Agent-Based User Activity

More often than not we’ll need to go beyond a Severity 1 alert to figure out what a user (including a potentially malicious attacker) was doing on a system. Host events in particular only show a small part of the picture, and a single alert can’t always give you the context necessary to make an escalation decision. This blog post explains how to pivot from a Host event to a user’s session and how to move from a single user-related alert to the user’s session using the data provided by your intrusion detection system. Read more “How to Track Agent-Based User Activity”

Enhancing the Power of Your SIEM With Threat Stack’s Intrusion Detection Platform

Trying to manage security with only one security tool (or, for example, having to use log files alone) can be a major headache. The right combination, however — like a SIEM coupled with an intrusion detection platform — can produce great results, including better data, smaller amounts of data, shorter processing times, and lower operating costs. Read more “Enhancing the Power of Your SIEM With Threat Stack’s Intrusion Detection Platform”

OneLogin Gains Granular Security Control With Threat Stack on AWS

OneLogin’s Journey on AWS

OneLogin, an identity and access management (IAM) company, is dedicated to superior security for their users, which starts with their own stringent security posture. Since OneLogin’s customers typically come from regulated industries such as healthcare and online retail, OneLogin needed the ability to definitively show that their security, and that of their customers, was as secure as possible at any given moment. Read more “OneLogin Gains Granular Security Control With Threat Stack on AWS”