Getting Started
Trust CenterTourStatusPageSupport
Start typing to search…

Onboarding Overview

Stairwell onboarding follows four phases: Access, Prepare, Deploy, and Explore. Each phase builds on the previous one. Work through them in order to reach an operational state.

Phase 1 -- Access

Set up authentication so your team can log into the Stairwell platform.

  • Choose an identity provider: bring your own IdP (recommended) or use Stairwell's built-in IdP
  • Configure SSO federation with your IdP using the self-service setup or with your Customer Success team
  • Verify that team members can log in at app.stairwell.com
  • Create authentication tokens for API access and forwarder deployment (Settings > Organization > Auth Tokens)

Phase 2 -- Prepare

Review requirements and plan your deployment before installing forwarders.

  • Inventory target assets by OS type and version (Windows, macOS, Linux)
  • Review connectivity requirements -- ensure forwarder traffic is allowed through firewalls and excluded from SSL inspection
  • Review asset policy to confirm desired file types are included and any exclusion paths (source code directories, deployment folders) are configured
  • Identify any proxy configurations, deep packet inspection, or resource constraints that may affect forwarder operation

Phase 3 -- Deploy

Install forwarders on your assets in a phased rollout.

  • Download the appropriate forwarder package for each OS (Windows, macOS, Linux)
  • Start with one machine per OS type to baseline common files across your environment
  • Expand in tranches -- labs and security team first, then broader rollout
  • Monitor deployment progress in the Stairwell UI under Assets (check registration time, backscan status, and last seen)

Phase 4 -- Explore

Begin using the platform for threat hunting and investigation.

  • Run your first search -- use hash lookups, natural language queries, or the query builder
  • Review the Dashboard for an overview of asset health, object counts, and rule matches
  • Check Threat Reports to see if any published IOCs match files in your environment
  • Set up YARA rules and configure alert integrations to connect Stairwell with your SIEM or SOAR

Updated 5 days ago