Step 4: Explore
Once deployment has begun, it's important to begin to explore the Stairwell platform. Stairwell can enable and empower teams discovery vulnerable files, uncovered unapproved software, analyze malware, scope investigations and impact, and so much more. It's important to log into Stairwell early and often so that you can get familiar with all the uses that span across security operations, threat hunting, and incident response.
- Search
This default home screen allows you to conduct various searches. Beginners can take advantage of our natural language search feature, which turns everyday language into effective, focused searches. We also have a query builder designed to help users get acquainted with the data model and the platform's search capabilities. Moreover, we provide pre-configured searches that quickly pinpoint intriguing objects. For advanced users, we offer the sophisticated CEL search option.
- Dashboard
The dashboard is a quick stop to review health and state of assets, objects, rules, reports, and more.
- YARA Rules
The YARA rules section is a powerful section that allows users to review, create, modify, and delete rules. From here users can also click into rules and results to pivot into interesting matches.
- Assets
The assets screen is designed to display the status and condition of assets. It not only provides details about the assets, including names, identifiers, operating systems, and more, but also offers insights into the scanning and uploading status of the forwarder. From this screen, users can upgrade forwarder versions, organize assets into groups, implement and tailor forwarder policies, establish exclusions and filters, and ultimately, delve into notable objects observed on the assets.
- Threat Reports
In the threat reports section of the Stairwell UI, you'll see all the threat reports that Stairwell or your team has identified, uploaded, parsed, and ran against your data. This is a quick and easy way to see if any published indicators of compromise are seen in your environment(s), and if so, where and when.
- Alerts
In the alerts section of the Stairwell UI, you'll be able to see the items configured as conditions in event notifications as well as some of the items Stairwell marks for escalation through MalEval.
- Investigations
In the investigations section of the Stairwell UI,
- Settings
In the setting section of the Stairwell UI, you'll be able to view and modify several preferences and configurations.
Profile Tab: this tab will allow you to see your details along with modifying several aspects like timezone preference, default environment, and more. These settings are specific to your account and do not transfer to other users in your organization.
Environment Tab: this tab will allow you to see environments your organization has access too. From here you can also setup integrations with specific environments by selecting the "cog" next to the environment listed.
User Tab: this tab will show all users who have access the Stairwell environment along with tokens you've created.
SSO Tab: this tab will allow you to navigate into WorkOS and setup, review, or remove the SSO configuration.
Event Notifications Tab: this tab will allow you to setup your own alerting conditions and destinations to operationalize the data from Stairwell with the rest of your security technology.
Updated 17 days ago