Threat Stack Cloud Security Platform® Support for Windows & Hybrid Environments

As part of its ongoing mission to bring customers the most comprehensive and powerful cloud security solutions, Threat Stack has extended the capabilities of its Threat Stack Cloud Security Platform® to enable continuous security monitoring of Microsoft Windows and hybrid environments.

The new Windows agent adds to Threat Stack’s existing support for Linux environments, and enables companies to collect important information about users, processes, network connections, and files, as well as security events from Windows environments. The range and depth of detail provides a deep level of visibility and information that growing companies need in order to remain secure and compliant as they grow.

The Threat Stack Windows agent:

  1. Has been specifically designed from the ground up for cloud environments
  2. Is a comprehensive Host IDS solution that includes process executions, user activity, and windows security events
  3. Supports compliance needs across Windows environments

The following screen displays Windows activity monitoring and threat intel. 


Specifically Designed for Cloud Environments

Threat Stack built its Linux agent from the ground up for cloud environments and followed the same design principles when building its Windows agent. As such, its operations are optimized for the cloud, providing comprehensive and detailed insights across cloud environments and using fewer resources upstream to ensure rapid processing without negative impact on operations. As with our Linux agent, the Windows agent:

  • Is designed to collect every user process and network connection as well as audit security events on the Windows host
  • Uses fewer resources for both CPU and memory on instances
  • Passes data/events through to the back end where all processing occurs. This means there is a reduced processing burden on the client’s servers

Host IDS and Windows Security Event Logging

The following features are supported out-of-the-box:

  • Behavior-based host IDS capabilities such as alerting on abnormal user, process, and network connections.
  • Windows security monitoring: Collection and alerting on Windows security log events.
  • File integrity monitoring: A FIM module built into the agent not only alerts on file changes but also on file views and opens.
  • Threat intelligence: Every inbound and outbound network connection is correlated with known bad IPs and is alerted on.




The Windows agent comes with out-of-the-box base rule sets that capture most alerts that are suitable for supporting compliance requirements such as PCI and HIPAA. Captured events include:

  • Administrator logins
  • Login failures
  • User and system policy changes

Final Words . . .

Today’s companies work across a wide range of integrated environments, and the Threat Stack Windows agent allows customers to have continuous security monitoring and intrusion detection in whatever environment best supports their needs. The addition of Windows support to Threat Stack’s Cloud Security Platform® enables them to use one powerful platform for continuous monitoring in Linux, Windows, and hybrid environments.

These new capabilities are immediately available to all Threat Stack users. For more information about the Windows agent, please visit Threat Stack Unveils Cloud Security Platform® Support for Windows and Hybrid Environmentsand for more about Threat Stack, visit