Threat Stack Cloud Security Platform Tuning
How would you describe the tuning process?
It is fairly easy to tune. The ability to fine-tune rules and write new rules is very straightforward. It doesn't take much learning at all.View full review »
The tuning process is pretty straightforward. Their rule sets are easy to understand. The UI is set up in a way where it's really easy to modify false-positive alerting. It's one of the more low-stress tuning operations I've ever done, compared to other endpoint security products, or ITS-type engines.View full review »
The tuning process is easy to use given the preconfigured rule sets which are offered and the flexibility of the API to create more rule sets. It is very easy to silence alerts that you may deem unnecessary in your environment.View full review »
Tuning is really simple. It's a matter of monitoring the alerts that come in, whether they're Sev 1 through Sev 3, and determining whether they are normal, expected, and part of the baseline, and then filtering them out. Or, if they're something that is not expected, or something we want to know about, we increase the severity to a higher level so that they're treated differently. We have different actions for each of Severity 3, 2, or 1: page the engineer, email an on-call engineer immediately, or just send a daily wrap-up email. We're constantly looking at that to see if we want to change the actions.View full review »
The tuning process was great. We actually had a talk over specifics. They would say, "This is the behavior that we see that is weird or not normal." That allowed us to go back and say, "Oh yeah, we do tweak this file every so often, so we need to ignore that file because we are going to be changing it." It was great. There was a really good dialogue, really good back and forth. They gave us some homework items that we could go look into and figure out why things were happening, and then we could get back with them and tweak those alerts. That was very helpful.View full review »