Published on: 4 April 2022
F5's Threat Stack (the “Service”) provides intrusion detection and other Event alerting for customers’ cloud infrastructure. It takes in Events from multiple sources, including host-based agents and AWS Fargate. If available, it can ingest events from the customer’s AWS CloudTrail for infrastructure monitoring. The Service can apply both rules-based detection and machine-learning analysis to generate alerts, which the customer can integrate into third-party SecOps tools for ticketing/paging. Customers can also receive a feed of all Events ingested to build their own workflows. A 24/7 Security Operations Center and custom analytics are optional add-ons.
This Privacy Statement applies to the data that the Service collects.
Under the data protection laws of the EU and similar jurisdictions, F5 is a processor of the data, and the customer is (or acts on behalf of) a controller of such data, to the extent it is personal data.
The Service ingests “Events,” which are records of specific types of activity or conditions in the customer’s infrastructure. For example, an Event may indicate that the access permissions to a particular resource within the customer’s infrastructure have been changed, that a file on the host has exceeded a specified size, that an attempt was made to log in to a host via SSH, or that the security policy for the customer’s AWS S3 bucket has changed.
Events conform to a schema defined by Threat Stack, which is designed to avoid inadvertent collection of personal data.
In typical implementations of Threat Stack, the data subjects of Events, to the extent Events are personal data, are external attackers or a small number of customer personnel that have access to the protected infrastructure. For example, an Event may include the IP address of a customer employee that has administrative access to the customer’s infrastructure. The Service is not typically used in a manner that involves data about the customer’s external end users or their devices, such as their IP addresses or hardware identifiers.
The Service applies customer-selected rules to the Event data, and it can also analyze the data to develop new rules or custom analytics. The Service outputs alerts, analytics, and raw Event data for the customer’s use.
To exercise your rights with respect to the customer data that F5 processes when providing the Service to a customer, please contact that customer. For more information about F5’s privacy practices, please see the F5 Privacy Notice.