Using AWS Tags With Threat Stack Security Alerts

Since first releasing Threat Stack Cloud Security Platform®, we continue to make enhancements that provide better data, increase automation, streamline workflows, and decrease response times.

And that’s exactly what we had in mind when we pulled tag information into Threat Stack alerts. With tag information embedded in each alert, you have yet another layer of context to use when responding to threats in your environment.

Why Tags?

Most of our customers use tags because they’re a valuable way of organizing and managing assets for role assignments, cost estimates, etc. With this in mind, we introduced them a year ago as a means of categorizing alerts, servers, etc.

After we introduced the tabbed view of alerts, a lot of our customers talked about the value that would come from adding tag information to each alert:

I’d like an easy way of seeing all EC2 tags associated with the host. At present, when I mouse over the host, I can see to add to the search and copy to the clipboard, but it would be great if I got more context just by mousing over. For example, I’d like to see number of events, number of users, EC2 tags, availability zone, instance type, security groups, etc.”

So now we’ve taken full advantage of tag metadata by bringing tags directly into each alert. Users can go to a host alert, for example, and see the EC2 tags that the corresponding server is associated with.

EC2_Tags.png

Tagged_Alerts_2016-06-03.jpg

What’s Next? 

As we continue to evolve the Threat Stack platform, we’ll be introducing numerous tag-related updates, including the ability to assign rules and suppressions to tags. Stay tuned!