Does anyone use Threatstack? They claim alot of Aptible users are on their platform. Do you recommend it?
We use ThreatStack. The motivator for deploying it was very much to check a box in a security questionnaire.
Shortly after initial deployment, we ran into a pretty gnarly issue with their Docker monitoring agent (hogged CPU on our hosts). So we don’t currently have visibility to activity within a container (I.e activity generated during an aptible ssh session), only Aptible admin host-level activity (which is interesting to inspect!).
I haven’t really incorporated using the tool into a reoccurring workflow. Their support has been good.
I would give the product a solid meh.
Thanks for the feedback, helps alot!