# Threat Center {% hint style="warning" %} Available for **Enterprise** Tier only {% endhint %} The Threat Center in StepSecurity is your central view into all supply chain compromises detected by StepSecurity. It provides a real-time feed of active incidents alongside historical records, making it easier to track, investigate, and respond. For background on the intelligence powering the Threat Center, [see our blog post](https://www.stepsecurity.io/blog/introducing-stepsecurity-threat-intelligence-real-time-supply-chain-attack-alerts-for-your-siem). ### Accessing the Threat Center #### Step 1: Open the StepSecurity Dashboard * From the left-hand menu, click Threat Center under Artifact Security. ![](https://ajeuwbhvhr.cloudimg.io/https://colony-recorder.s3.amazonaws.com/files/2025-09-18/8065b5cf-6ff1-4e1a-8b3d-cc304d937543/ascreenshot.jpeg?tl_px=0,0\&br_px=2752,1538\&force_format=jpeg\&q=100\&width=1120.0\&wat=1\&wat_opacity=1\&wat_gravity=northwest\&wat_url=https://colony-recorder.s3.amazonaws.com/images/watermarks/8B5CF6_standard.png\&wat_pad=95,228) {% hint style="info" %} You can also open the Threat Center directly by clicking the 🔔 New Threat notification in the dashboard header {% endhint %} #### Step 2: View Threats * The page displays a list of both active threats (marked with a red *Active* badge) and historical incidents with start and close times. ![](https://ajeuwbhvhr.cloudimg.io/https://colony-recorder.s3.amazonaws.com/files/2025-09-18/17b89f9b-c029-4f02-bfed-7a81617ca57c/ascreenshot.jpeg?tl_px=0,0\&br_px=2752,1538\&force_format=jpeg\&q=100\&width=1120.0\&wat=1\&wat_opacity=1\&wat_gravity=northwest\&wat_url=https://colony-recorder.s3.amazonaws.com/images/watermarks/8B5CF6_standard.png\&wat_pad=299,207) #### Step 3: Expand Threat Details * Click Show Details on any incident to see: * A description of the compromise * Affected packages or Actions * Recommended remediation steps you can take directly within StepSecurity ![](https://ajeuwbhvhr.cloudimg.io/https://colony-recorder.s3.amazonaws.com/files/2025-09-18/4428accf-6ace-4167-8a28-90224dc66fe3/ascreenshot.jpeg?tl_px=0,0\&br_px=2752,1538\&force_format=jpeg\&q=100\&width=1120.0\&wat=1\&wat_opacity=1\&wat_gravity=northwest\&wat_url=https://colony-recorder.s3.amazonaws.com/images/watermarks/8B5CF6_standard.png\&wat_pad=205,234) ### Notifications and Integrations Every new entry in the Threat Center automatically triggers notifications through your existing StepSecurity channels: * Slack * Email * AWS S3 * Webhook This ensures your team is informed immediately. Because alerts are integrated with your existing systems, you can automate the response process. For example, you can configure your SIEM so that when a new Threat Center event is raised, an on-call engineer is automatically paged. See an example detection event [here](https://docs.stepsecurity.io/admin-console/integrations/sample-detection-events#threat-intelligence) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.stepsecurity.io/oss-package-security/threat-center.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.