Threat Stack Cloud Security Platform Rules
Have you found that rules give you more visibility and control over what's being triggered? If yes, please explain.
As far as alerts go, we can write our own rules. I continue to tweak rules, modify rules, etc. That's a big deal for us, so that we're getting relevant information, but not missing other information.View full review »
The rules definitely give us more visibility and control over what's being triggered. We demo a lot of different security tools, especially cloud-specific security tools. So far, Threat Stack is the only one that we have found that ties all the relevant pieces together so that we can take action in a meaningful way. Every other security tool we've looked is good at containers, or at Kubernetes, is good at AWS, ort at instance monitoring. But nobody is good at tying all of those things together, and that's really where Threat Stack shines.View full review »
The rules are really great. They give us more visibility and control over what's being triggered. There's a large set of rules that come out-of-the-box. We can customize them and we can create our own rules based on the traffic patterns that we see.View full review »
The ability to reconfigure alert rules allows us to ensure that what we are alerted on is a priority for us.View full review »
The rules definitely give us more visibility and control over what's being triggered. We are able to monitor our environment and see what is normal. When we first installed Threat Stack, we obviously had a lot of alerts. Over time we have been able to monitor and see which of those things is normal. For example, which alerts happen because of automation, automated things that are happening in the environment and that trigger expected alerts? We don't need to see these as alerts. These are expected actions, they're authorized and not caused by users. They wouldn't be caused by a bad actor. They're just simply automation. We are able to write very granular alerts that look for that automation and no longer alert us on it, so we're able to cut down the alerts to a manageable level.View full review »
Rules give us more visibility and control over what's being triggered and that's been super helpful. I don't have the time to go in there and create those rules. So instead, if we do something that's out of the norm - something we're allowing security-wise that we probably shouldn't, but we're going to address that in the future - they'll contact us, they'll reach out to us as soon as they see something as an anomaly and say, "Hey, did you mean to do this?" We can then say, "Yeah, we did," and then they'll help us configure those rules to suppress them for a limited amount of time until we can resolve the issue, so we're not inundated by non-useful alerts.View full review »