Skip to main content

First Steps

Once you have logged in and enrolled at least one agent, this guide walks you through the TridentStack Control interface and the recommended steps to get your environment configured.

What you see after login

After logging in, you land on the Dashboard. The default system dashboard provides a high-level view of your fleet: agent status, patch compliance, vulnerability counts, and recent activity. The system dashboard is read-only, but you can clone it or create your own custom dashboards where widgets can be freely added, removed, and rearranged. The dashboard system is highly modular, allowing you to build visualizations for essentially any data within the platform.

The left sidebar is your primary way to move between sections. It is organized into these areas:

SectionPagesPurpose
DashboardDashboardFleet overview with customizable widgets
AgentsEndpoints, Tags, AutomationManage enrolled devices, organize them with tags, create automation rules
Update ManagementSystem Updates, Application Updates, Deployment RingsCreate patch policies, manage third-party app updates, configure phased rollouts
Configuration PoliciesConfiguration PoliciesApply and enforce device configuration settings
VulnerabilitiesVulnerabilitiesView detected CVEs across your fleet, manage exceptions
ComplianceComplianceMeasure endpoints against CIS, DISA STIG, Microsoft, and NIST baselines
ReportingReportingBuild custom reports with the visual query builder or SQL editor

At the bottom of the sidebar:

SectionPurpose
System AuditActivity logs and change tracking
SettingsPlatform configuration, user management, API keys, agent installers
tip

The sidebar can be collapsed to icon-only mode by clicking the collapse button at the bottom. This gives you more screen space when working in detail views.

Follow these steps in order to go from a fresh enrollment to a fully managed environment:

Each step builds on the previous one. Tags are the foundation that everything else connects to.

How targeting works

Understanding the relationship between agents, tags, and policies is key to managing your fleet effectively.

The hierarchy works like this:

  • Tags are the only thing directly associated with an agent. You do not assign policies to individual endpoints. Instead, you assign tags to agents and then target policies at those tags.
  • All policies target tags. System update policies, application update policies, configuration policies, and compliance baselines are all associated with tags, not individual agents. When you add or remove an agent from a tag, it automatically gains or loses every policy targeting that tag.
  • Deployment rings are associated with update policies, not tags or agents. Both system update policies and application update policies can use deployment rings. Rings control the rollout pace of a specific policy and determine what percentage of the targeted agents receive updates at each stage.
note

Linux updates are managed exclusively through system update policies. Application update policies apply to Windows endpoints only.

info

This design means you manage your fleet by organizing agents into the right tags. Once your tags are set up, adding a new endpoint is as simple as assigning its tags - all relevant policies apply automatically.

Step 1: Verify your agents

Before configuring anything, confirm your agents are communicating properly.

  1. Navigate to Agents > Endpoints in the left sidebar.
  2. Check that each enrolled endpoint shows a Status of Online.
  3. Review the Last Seen column to confirm agents are actively reporting.

If any agents show as Offline, refer to the Agent Enrollment troubleshooting section before proceeding.

Step 2: Organize with tags

Tags let you group endpoints by function, environment, location, or any other criteria your team uses. Policies and automation rules target tags, so setting them up early saves time later.

  1. Navigate to Agents > Tags.
  2. Create tags that reflect your environment. Common examples:
    • Production and Development (by environment)
    • Windows Servers and Linux Servers (by platform)
    • Finance, Engineering, HR (by department)
    • US-East, EU-West (by location)
  3. Assign tags to endpoints from the Agents > Endpoints page by selecting one or more agents and using the tag assignment action.
note

A single endpoint can have multiple tags. For example, a server might be tagged as both "Production" and "Windows Servers". When a policy targets either tag, that server receives the policy.

Step 3: Create your first update policy

System update policies control which patches are approved, when they install, and which endpoints receive them.

  1. Navigate to Update Management > System Updates.
  2. Click Create Policy.
  3. Give the policy a descriptive name (for example, "Development Servers - Weekly Patches").
  4. Choose which update classifications to include (security updates, critical updates, feature updates, and so on).
  5. Set an approval mode: automatic approval or manual review. When automatic approval is enabled, updates matching your criteria are approved automatically whenever new updates are synced into the catalog or when the policy is modified.
  6. Under Targets, select the tag or tags this policy applies to.
  7. Optionally, assign the policy to a Deployment Ring if you want to control rollout timing and pace. Deployment rings let you stagger installations across groups of endpoints in phases.
  8. Save the policy.

The policy begins evaluating immediately. Targeted endpoints will receive approved updates according to their deployment ring schedule, or on the next check-in if no ring is configured.

warning

Start with a non-production group when testing a new policy. Apply the policy to your "Development" tag first, verify results, then expand to "Production" endpoints.

Step 4: Review vulnerabilities

TridentStack Control automatically scans your fleet for known vulnerabilities based on installed software and missing patches.

  1. Navigate to Vulnerabilities in the left sidebar.
  2. Review the list of detected CVEs, sorted by severity (Critical, High, Medium, Low).
  3. Click any CVE to see which endpoints are affected and whether a patch is available.
  4. For vulnerabilities that cannot be patched immediately (due to compatibility requirements or other constraints), create an exception with a justification and expiration date.

Vulnerability data updates automatically as agents report new software inventory and as new CVE information becomes available. No manual scans are required.

You can also view vulnerabilities for a specific endpoint by navigating to its details page in Agents > Endpoints and selecting the Vulnerabilities tab. This gives you a per-agent view of all detected CVEs affecting that individual endpoint.

Step 5: Check compliance

Compliance baselines measure your endpoints against industry-standard security frameworks. Unlike vulnerabilities (which are detected automatically), compliance evaluation requires you to assign a baseline to your endpoints first.

  1. Navigate to Compliance in the left sidebar.
  2. Review the available frameworks: CIS Benchmarks, DISA STIGs, Microsoft Security Baselines, and NIST controls.
  3. Assign a baseline to one or more tags. Endpoints with those tags will begin compliance evaluation on their next check-in.
  4. Once evaluation completes, select a baseline to see your fleet's compliance score and which specific controls are passing or failing.
  5. Drill into individual controls to see affected endpoints and remediation guidance.
info

Compliance evaluation only runs on endpoints that have a baseline assigned through their tags. If you do not see compliance data for an endpoint, verify that its tags are associated with at least one compliance baseline.

Next steps

With agents enrolled, tags organized, a patch policy active, and visibility into vulnerabilities and compliance, you have a solid foundation. From here, explore these areas:

  • Application Updates - Manage third-party application patches alongside system updates.
  • Deployment Rings - Set up phased rollouts so patches reach test groups before production.
  • Configuration Policies - Enforce device settings (security configurations, feature toggles) across your fleet.
  • Automation - Create rules that automatically tag, patch, or notify based on endpoint conditions.
  • Reporting - Build custom reports to share patch compliance and vulnerability status with stakeholders.