Asset Details

The Asset Details page shows detailed information about a single asset, such as a host, and allows you to configure the protection of that asset. You can navigate to this page from a list of assets on the Assets page, by clicking on an asset name.

The data displayed on this page vary based on the type of the asset being viewed. When viewing a single host or appliance, the information includes statistics and a summary of the security findings for related directly to that asset. When viewing details for a higher-level asset such as a subnet or network, aggregated findings are shown. For example, the asset details for an Amazon Web Services VPC summarize findings for all AWS instances in that VPC. Also summarized are any findings for the subnets, security groups, and other cloud assets inside the VPC, and findings for the VPC itself.

The structure of the Asset Details page is similar for every asset type. An informational header is shown above several tabs which provide additional detail and actions:

• Summary tab—shows security findings and statistics as a dashboard
• Details tab—shows asset metadata, such as IP addresses and when an asset was discovered
• Topology tab—shows asset details the contents of the current asset, for asset types such as subnets and networks
• Configuration tab—provides direct access to configuration actions, such as setting the protection level of the current asset

Asset detail header

In addition to the name of the currently viewed asset, the top section of the asset details page lists related assets, such as the subnet that contains a host. Click on the name of a related asset to open the related asset details page.

To the right of the asset name, one or more badges may be displayed, depending on the type and status of the asset:

• Protection level—shows the protection level, such as MDR Professional, assigned to this asset
• Agent installation status—shows whether a host asset has an Alert Logic agent installed

Summary tab

The Summary tab is the default tab shown when viewing the Asset Details page. The summary page gives a visual overview of an asset, in the form of a dashboard. The visual elements on the summary tab vary based on the type and status of the asset being viewed. Charts and tables summarize security findings, such as incidents, exposures, and health issues. Additional statistics about data collection and status are available for some assets. Hover over elements of charts and table to view more precise counts or the full text of longer descriptions.

Clicking on most visual elements will bring you to an area of the Alert Logic console with more information on that element. For example, click on the summary of an incident to view it in the full incidents console. Some charts and tables also include a general action in the lower right-hand side:

• Investigate—navigate to a page displaying information about all data in this dashboard visual, such as all exposures for the current asset
• Scan now—prioritize a vulnerability scan for the current asset

Details tab

The Details tab shows a list of additional information about the current asset. The data displayed vary based on the type and status of the asset being viewed. Every asset includes common information:

• Name—the asset name, as discovered by Alert Logic using an agent, scanner, or cloud API
• Key—the unique asset key assigned to this asset by Alert Logic
• Type—the asset type, for example host or network

Additional metadata associated with the asset is displayed below the common information. Some examples of asset metadata include:

• Private and public IP addresses
• Operating system type
• The IP address of the IDS appliance protecting a host
• The date and time an asset was initially discovered

Topology tab

The Topology tab is visible when viewing details for assets, such as subnets and networks, which contain other assets. This tab contains a table the shows the types, names, relationships, and counts of the assets contained within the current asset. Each row in this table represents a single asset. An icon to the left of the asset name indicates the type of this asset. Hover over the icon to display the full asset type.

The numbers and types of assets contained within a given asset is shown in columns to the right the asset name. Asset type is indicated with an icon. Hover over the icon to show the full asset type.

Click on the (right caret) next to each asset name to expand or collapse it. Click the icon to the left of the Asset Name header to quickly expand or collapse all assets in the table.

To filter the assets on the Topology tab by name, click to the right of the (magnifying glass) icon, and type a partial or complete asset name. The asset list will be automatically filtered. Select and delete the text to remove filtering.

To preview metadata for an asset, click on the asset name. Click on Open Summary from the preview to open the Asset Details page for that asset.

Configuration tab

The Configuration tab provides options to make changes to assets directly from the Assets console. This tab contains three configuration sections: Protection Scope, Vulnerability Scanning, and Notifications.

Protection scope

In the Protection Scope section, the current protection level assigned to the asset, such as Essentials or Professional is displayed. To change the protection level for the asset or to remove the asset from the protection scope, click Edit. A window displays, where you can change the protection level of the asset. You can edit protection scope for hosts, subnets, networks, and regions.

Protection levels

The level of protection configured for an asset determines the security controls Alert Logic provides for that asset. The protection levels available depend on the MDR service levels you subscribe to. Setting the protection level of an asset to Not Protected will disable protection for that asset, for example by stopping agent-based log collection and network traffic forwarding. Data protection is automatically started after protection is re-enabled.

Inherited protection

A protection level can be assigned directly to an asset. If you assign protection to a subnet, network, or region, that protection is inherited any assets inside that subnet, network, or region. If no protection level is assigned to an asset or to any enclosing asset, the asset is unprotected.

To ensure that newly discovered hosts and newly installed agents are protected by default, be sure to assign protection to network assets.

Vulnerability scanning

The Vulnerability Scanning section shows existing scan schedules and information about whether the asset is included in each scan. You can add new scan schedules to scan the current asset by clicking Add and then selecting Internal or Agent-based. A window displays, where you can create a new scan schedule to scan the asset. To add the asset to an existing scan schedule for which the asset is out of scope, click and select Include in Schedule. If the asset is already included on a listed scan schedule you can configure the scan schedule by clicking and selecting Edit Configuration. To remove the asset from a scan schedule, click and select Remove from Schedule.

For more information about setting up scan schedules, refer to Manage Vulnerability Scan Schedules.

Notifications

Currently configured health notifications which affect the current asset are listed in the Notifications section. You can create a new notification for the current asset by clicking the Add button. To update an existing notification, click . Select Exclude from Notification to quickly remove this asset from the selected notification. To configure the health notification, select Edit health notification.

When adding or editing a notification, a window is shown allowing you to specify notification details. For more information about setting up scan schedules, refer to Configure Health Notifications.