Jump to Content
Home
Getting Started
API Reference
Trust Center
Tour
StatusPage
Support
Getting Started
Trust Center
Tour
StatusPage
Support
Moon (Dark Mode)
Sun (Light Mode)
Home
Getting Started
API Reference
Search
BEFORE YOU START
Navigating Stairwell Docs
Introduction to Stairwell
What is an Organization?
What is an Environment?
What is an Authentication Token?
What types of user roles are there?
What is an Asset?
What is a Forwarder Maintenance Token?
What is an Object?
What is Mal-Eval?
What is Variant Discovery?
What is a Sighting?
What is an Opinion?
What is a YARA Rule?
What is a Threat Report?
What is a Forwarder?
What is an Extension?
What is an Exclusion?
What is an Intake Filter?
What is Swell?
What are Magic bytes?
GETTING STARTED
Getting Started in 4 Simple Steps
Step 1: Access
Step 2: Prepare
Step 3: Deploy
Step 4: Explore
Download Center
Stairwell Connectivity Requirements
Stairwell File Forwarder
Windows
Windows Forwarder v1.6.9
Windows Forwarder v1.6.4
Windows Forwarder v1.6.2
Windows Forwarder v1.5.1
Windows Forwarder v1.3.6
Mac
Mac Forwarder v1.6.8
Mac Forwarder v1.6.6
Mac Forwarder v1.6.2
Mac Forwarder v1.4.0.881
Mac Forwarder v1.3.2
Linux
Linux Forwarder v2.4.3
Linux Forwarder v2.4.2
Linux Forwarder v2.4.0
Linux Forwarder v2.2.5
Stairwell Swell CLI Utility
Citrix CLI Utility
Linux CLI Utility
Mac CLI Utility
Windows CLI Utility
Browser Extension
Guides
Single Sign-On
Configuring SSO in the UI
Resetting SSO in the UI
Supported Identity Providers
AzureAD SAML
Auth0 SAML
CyberArk SAML
Duo SAML
Generic SAML
Google SAML
JumpCloud SAML
Microsoft ADFS SAML
Okta SAML
OneLogin SAML
PingFederate SAML
Ripple SAML
Salesforce SAML
File Forwarder
Windows
Install Windows forwarder manually
Install Windows forwarder with SentinelOne Remote Script Orchestrator
Install Windows forwarder with Tanium
Install Windows forwarder with Microsoft Endpoint Configuration Manager
Update Windows forwarder
Uninstalling the Windows forwarder
Mac
Install Mac forwarder manually
Install Mac forwarder with non-specific MDM
Install Mac forwarder with Jamf Pro
Install Mac forwarder with Kandji
Update Mac forwarder
Linux
Install Linux forwarder manually
Command Line Utility
Install Swell on a Linux Appliance
An introduction to Swell, Stairwell's CLI
Browser Extension
Install the browser extension
Using the browser extension
Partner Integrations
Create SentinelOne integration
Create Crowdstrike integration
Create TheHive integration
Queries
Common Expression Language (CEL)
Indicators of Compromise - Simple Search
Example Queries
Assets
Find your "__DefaultAsset__" asset identifier
Find asset identifiers
Find maintenance tokens
Sleeping and Waking Forwarders
Policy
Create a policy
Edit a policy
Refine Forwarder Request Rates
Group
Create a group
Update forwarders in a group
YARA Rules
Search for a YARA Rule
Create a YARA rule
Edit a YARA rule
Delete a YARA rule
Enable/Disable a YARA rule
Threat Reports
View Threat Reports
Filter Threat Reports
Create Threat Reports
Share Threat Reports
Notepads & Investigations
Run to Ground (RTG)
How to access Run to Ground
Understanding the Run to Ground Page
Getting the Most out of RTG
Settings
Create an environment
Find an environment identifier
Delete an environment
Create an authentication token
Find an authentication token
Revoke an authentication token
Managing user roles
Create an event notification
FAQs
Support FAQs
Who do I contact to report platform issues?
Who at Stairwell can access the platform?
General Platform FAQs
Does Stairwell support multi-tenancy?
Can anti-tampering be turned off?
What are YARA rule best practices?
What does the API token get access to?
What time zone is used by Stairwell?
How to manually upload objects in the UI?
Are there exclusions that we should consider?
What is a Well Known File?
Forwarder FAQs
What is needed to deploy a forwarder?
What assets should I deploy to first?
What context does the Stairwell forwarder run as?
Does the forwarder support a proxy?
Can the initial backscan be skipped?
Can a backscan be forced?
Can the logging level be changed?
What to check first when troubleshooting a forwarder?
What is Windows Kerneless Mode?
How can I maintain asset history across multiple installs?
Tips and Tricks
How to add multiple assets to a group?
Send to CyberChef
Bulk searching
Powered by
Suggest
