Third-party security and monitoring software

In addition to the ThoughtSpot monitoring and security features, some companies require specific additional third-party software to comply with their internal IT policies. This allows them to support all of their systems with a common set of security and management tools.

For example, you may wish to accomplish some security and monitoring tasks with your own third-party software. These tasks include things like pushing alerts, events, forensics, audit trails, insights, and so on. from ThoughtSpot to your own local monitoring systems.

Supported third-party software

ThoughtSpot supports installation of the following third-party software on the ThoughtSpot instance:

Qualys

Qualys is a widely used technical vulnerabilities and security compliance scanning tool. For more information about Qualys, see the Qualys documentation.

SNMP (Simple Network Management Protocol)

SNMP is an industry standard protocol used for monitoring network traffic and alert events.

Splunk

You can install Splunk rsyslog and use it to forward ThoughtSpot logs to Splunk. For more information about Splunk, see the Splunk documentation.

CrowdStrike Falcon Agent

Crowdstrike Falcon Agent is a cloud-delivered endpoint protection service. For more information, refer to the CrowdStrike Falcon Agent website.

ThoughtSpot does not support, certify or maintain any third-party software other than the Qualys agent, the SNMP agent for Linux, the Splunk agent, the CrowdStrike Falcon Agent, or AWS SSM. Use of non-certified software is very likely to result in loss of functionality for your ThoughtSpot cluster, or otherwise impact the ThoughtSpot application. Use of McAfee or any other virus scanner to scan directories, memory (RAM), filesystems or disks will result in severe loss of performance and/or functionality.

Install third-party software

For details on how to install third-party software, see Installing third-party security and monitoring software.

What is not supported

When installing and configuring third-party software on a ThoughtSpot cluster, follow these guidelines to avoid interfering with cluster operations:

  • Avoid making any direct changes to any files outside of the /home directory.

  • Do not remove existing SSH keys or authorized keys from /home/admin/.ssh

  • Excessive resource usage, for CPU, disk, memory, processes, and so on.

  • Killing any system or ThoughtSpot services, or causing node reboots.

Do not change any system-wide configuration which may affect ThoughtSpot, such as:

  • Network, such as IP addresses, DNS resolution

  • Storage, such as removing existing mount points, removing drives

  • Security, such as Selinux

Qualys

Qualys is supported for scanning of ThoughtSpot clusters for security vulnerabilities.

SNMP Traps

ThoughtSpot does not automatically support SNMP traps. However, you can install a third-party tool for SNMP traps and route them as necessary. Before installing a third-party SNMP tool, check that ThoughtSpot supports it with your ThoughtSpot contact.

If you install a third-party tool, ThoughtSpot supports SNMP for read only. So for example, you can read the IP address of the cluster, but you can’t change it using SNMP.

Alternatively, use ThoughtSpot’s built-in monitoring alert system. Specify an email address using the tscli monitoring set-config --email command to route all ThoughtSpot-generated alerts to that email address. See Set up monitoring.

See the Alert code reference for details on the alerts ThoughtSpot may generate.

Splunk rsyslog

ThoughtSpot monitoring and alerting logs are written to standard locations in the file system. This allows you to use rsyslog to collect them and send them to Splunk.

Here are some links to help you learn where various logs are written in ThoughtSpot:

CrowdStrike Falcon Agent

Crowdstrike Falcon Agent is a cloud-delivered endpoint protection service. ThoughtSpot certifies only Crowdstrike Falcon Agent version falcon-sensor-6.16.0-11307.el7.x86_64.rpm. For more information, refer to the CrowdStrike Falcon Agent website.