Skip to main content

Threat Stack

Visualize Threat Stack agents, map agents to AWS instances, servers, and CVEs, and monitor changes through queries and alerts.


To configure this integration, you will need to access your Threat Stack account and retrieve the values provided below for use within JupiterOne.

In Threat Stack, go to Settings > Application Keys from the web console of your account, find the following values under REST API Key, and copy/paste each of them into your integration configuration screen in JupiterOne:

  • Organization Name (orgName)
  • Organization ID (orgId)
  • User ID (userId)
  • API Key (apiKey)

For additional information on creating API Keys, see Threat Stack's documentation.

To install the Threat Stack integration in JupiterOne, navigate to the Integrations tab in JupiterOne and select Threat Stack. Click New Instance to begin configuring your integration.

Creating a configuration requires the following:

  • The Account Name used to identify the Threat Stack account in JupiterOne. Ingested entities will have this value stored in tag.AccountName when the AccountName toggle is enabled.

  • Description to assist in identifying the integration instance, if desired.

  • Polling Interval that you feel is sufficient for your monitoring needs. You may leave this as DISABLED and manually execute the integration.

  • Your Threat Stack Organization Name and Organization ID.

  • The User ID and API Key created for use with JupiterOne.

Click Create once all values are provided to finalize the integration.

Next steps

Now that your integration instance has been configured, it will begin running on the polling interval you provided, populating data within JupiterOne. Continue on to our Instance management guide to learn more about working with and editing integration instances.