Getting Started
Trust CenterTourStatusPageSupport
Start typing to search…

Forwarder Deployment Checklist

Use this checklist before deploying the Stairwell forwarder to a new host or group of hosts. Completing these steps upfront prevents the most common deployment failures.

Before you deploy

Credentials and environment

  • Obtain your Environment ID from Stairwell under SettingsEnvironment
  • Generate a Forwarder Token (or confirm an existing token is active) under SettingsEnvironmentForwarder Tokens
  • Confirm the token has not expired and has not been revoked

Network connectivity

  • Verify the target hosts can reach the following over port 443 (HTTPS):
    • *.app.stairwell.com
    • *.api.stairwell.com
    • downloads.stairwell.com
    • storage.googleapis.com
  • If SSL inspection is in use, add those domains to your decryption bypass list
  • If hosts route through a proxy, confirm proxy configuration will be included in the installer or deployment script
  • Full connectivity requirements: Connectivity Requirements

Policies (recommended before first deployment)

  • Review or create a Stairwell policy for the target group
  • Configure deny paths to exclude high-volume directories not relevant to security monitoring
  • For developer or build systems, add build output and package cache directories to deny paths before deploying
  • Assign the policy to the target asset group in Stairwell

OS-specific prerequisites

Windows

  • Confirm the installer package matches the target OS architecture
  • Verify that antivirus exclusions are in place for the Stairwell service binary and working directories. See Antivirus Exclusions
  • If deploying via Intune, SCCM, or Tanium, confirm the deployment package includes environment ID and token as install parameters

macOS

  • Deploy the MDM configuration profile (System Extension approval + Full Disk Access) before the forwarder package
  • Confirm the profile is applied and verified on target devices before pushing the forwarder installer
  • Profiles must be in place before install or the forwarder will require manual user approval to load the system extension

Linux

  • Confirm the correct package format (RPM vs. DEB) for the target distribution
  • Verify SELinux or AppArmor will not block the forwarder binary or its file access
  • Confirm systemd is available and the stairwell service unit will be enabled on install

After deployment

  • Confirm the asset appears in Stairwell with a recent check-in timestamp (within ~5 minutes of install)
  • Verify sighting activity is arriving for the asset
  • Check that the correct policy is applied to the asset
  • For a representative sample of hosts, verify the forwarder service is running:
    • Windows: StairwellForwarder service is Running in services.msc
    • macOS: ps aux | grep inception shows the process running
    • Linux: systemctl status stairwell shows active (running)

If something doesn't look right

  • Asset not appearing: Check connectivity and confirm credentials are correct. See Connectivity Requirements.
  • Asset appears but no sightings: Confirm the service is running and backscan is in progress (not failed). See the OS-specific troubleshooting guides.
  • Service starts then immediately stops: Check event logs or system journal for errors. Most often a credentials issue or a conflict with AV/EDR.

Full troubleshooting guides: Windows | macOS | Linux

Updated 4 days ago