Skip to content
Ansible for installing Threatstack Agent
Branch: master
Clone or download
benpatterson Merge pull request #54 from moogar0880/posix-compliant-flags
prefer -- over the deprecated - for tsagent options
Latest commit 5309685 Jun 13, 2019
Type Name Latest commit message Commit time
Failed to load latest commit information.
defaults use more variables, more consistant task naming, use updated ansible … Jun 7, 2019
.gitignore ignore .kitchen/ Apr 15, 2016
.kitchen.yml Update distros to more-closely represent what's supported. Jun 7, 2019
.travis.yml Use newer ansible-playbook syntax for priv escalation. Jun 8, 2019
Gemfile Add missing gem Nov 18, 2016
LICENSE pass ruleset as list Jun 7, 2019

Threat Stack Ansible Role

Build Status

Ansible Role to deploy the Threat Stack server agent.

Threatstack @ Ansible Galaxy


  • Amazon Linux
  • CentOS
  • RedHat
  • Ubuntu
  • Debian

Role Variables

The following variables are available for override.

threatstack_deploy_key:         # Required. Your Cloud Sight API Key
threatstack_feature_plan:       # AGENT 1.x ONLY!
                                #   Required. Set value to reflect your feature plan.
                                #   * 'agent_type="i"' - Investigate or Legacy (Basic, Advanced, Pro)
                                #   * 'agent_type="m"' - Monitor
threatstack_ruleset:            # Array of agent rule sets, will default to ["Base Rule Set"].
                                # Define multiple rule sets using a comma seperated list.
threatstack_pkg_url:            # Location of package repo. Only change if you mirror your own.
threatstack_pkg:                # Name of package. Specify package version using
                                #  "threatstack-agent=X.Y.Z" (Debian/Ubuntu)
                                #  "threatstack-agent-X.Y.Z" (RedHat/CentOS/Amazon)
                                # Defaults to latest available version.
threatstack_url:                # The URL of the Threat Stack webapp. Defaults to
threatstack_hostname:           # The display hostname in the Threat Stack UI. Defaults to hostname.
threatstack_configure_agent:    # Optionally do not configure the host, just install package
threatstack_agent_extra_args:   # Pass optional arguments during agent registration.
threatstack_agent_config_args:  # Pass optional configuration arguments after agent registration.


Using ansible galaxy, best for ad-hoc command situations:

$ ansible-galaxy install threatstack.threatstack-ansible

To install into your playbook roles, use -p ROLES_PATH or --path=ROLES_PATH

$ ansible-galaxy install threatstack.threatstack-ansible -p /your/project/root/roles

Check out: Advanced Control over Role Requirements Files


  1. Install Threat Stack agent with the default rule set and reports system hostname to threatstack. This is the most basic configuration
- hosts: all
    - { role: threatstack.threatstack-ansible, threatstack_deploy_key: XXXXXXXXXXXXX}
  1. Install Threat Stack agent with custom security rules set and custom hostname:
- hosts: web-servers
    - role: threatstack.threatstack-ansible
      threatstack_deploy_key: XXXXXXXXXXXXX
        - 'Base Rule Set'
        - 'Custom Rule Set'
      threatstack_hostname: dev_web01_us-east-1c
  1. Install the Threat Stack agent but do not configure it. NOTE: Useful for configuring a base image to be repeatedly deployed with the agent pre-installed.
- hosts: aws-image
    - role: threatstack.threatstack-ansible
      threatstack_configure_agent: false
  1. Install a particular version of the Threat Stack agent. Use in situations where you perform controlled rollouts of all new package versions.
- hosts: hosts
    - role: threatstack.threatstack-ansible
      threatstack_deploy_key: XXXXXXXXXXXXX
      threatstack_pkg: threatstack-agent=




Apache 2.0

Author Information

Apollo Catlin Use github issues for bugs in this repo.

You can’t perform that action at this time.