Onboarding Overview
Stairwell onboarding follows four phases: Access, Prepare, Deploy, and Explore. Each phase builds on the previous one. Work through them in order to reach an operational state.
Phase 1 -- Access
Set up authentication so your team can log into the Stairwell platform.
- Choose an identity provider: bring your own IdP (recommended) or use Stairwell's built-in IdP
- Configure SSO federation with your IdP using the self-service setup or with your Customer Success team
- Verify that team members can log in at app.stairwell.com
- Create authentication tokens for API access and forwarder deployment (Settings > Organization > Auth Tokens)
Phase 2 -- Prepare
Review requirements and plan your deployment before installing forwarders.
- Inventory target assets by OS type and version (Windows, macOS, Linux)
- Review connectivity requirements -- ensure forwarder traffic is allowed through firewalls and excluded from SSL inspection
- Review asset policy to confirm desired file types are included and any exclusion paths (source code directories, deployment folders) are configured
- Identify any proxy configurations, deep packet inspection, or resource constraints that may affect forwarder operation
Phase 3 -- Deploy
Install forwarders on your assets in a phased rollout.
- Download the appropriate forwarder package for each OS (Windows, macOS, Linux)
- Start with one machine per OS type to baseline common files across your environment
- Expand in tranches -- labs and security team first, then broader rollout
- Monitor deployment progress in the Stairwell UI under Assets (check registration time, backscan status, and last seen)
Phase 4 -- Explore
Begin using the platform for threat hunting and investigation.
- Run your first search -- use hash lookups, natural language queries, or the query builder
- Review the Dashboard for an overview of asset health, object counts, and rule matches
- Check Threat Reports to see if any published IOCs match files in your environment
- Set up YARA rules and configure alert integrations to connect Stairwell with your SIEM or SOAR
Updated 5 days ago
