AWS Incident Daily Digest Trends

The AWS Incident Daily Digest Trends report provides a histogram chart that allows you to review trends in daily Amazon Web Services (AWS) incidents for a selected date range. Use this report to evaluate trends in AWS incidents by threat level and MITRE classification.

For more information about incidents, see Incidents.

You must configure Amazon GuardDuty for associated incidents to be displayed in Alert Logic console. For more information, see Integrate Amazon GuardDuty Findings into Alert Logic Incidents.

To access the AWS Incident Daily Digest Trends report:

  1. In the Alert Logic console, click the menu icon (), and then click Validate.
  2. Click Reports, and then click Threats.
  3. Under AWS Incident Analysis, click VIEW.
  4. Click AWS Incident Daily Digest Trends.

Filter the report

To refine your findings, filter your report by Date Range, Customer Account, Detection Source, Deployment Name, VPC and Container Image Name.

Filter the report using drop-down menus

By default, Alert Logic includes (All) values for most filters in the report.

To add or remove filter values:

  1. Click the drop-down menu in the filter, and then select or clear values.
  2. Click Apply.

Filter the report using visuals

To refine your findings, click an item within a visual. To filter by multiple items, hold down Ctrl or Command, and then click each item in a visual that you want to use to apply a filter. You can filter using visuals and items selected in different sections. Click on an item again to remove a filter.

Schedule the report

After you finish setting up the report, you can use CREATE REPORT to run it periodically and subscribe users or an integration (such as a webhook) to receive a notification when the report is generated. To learn how to schedule the report and subscribe notification recipients, see Scheduled Reports and Notifications.

Incident Count Trend in Selected Period section

This section provides a histogram chart of total daily incident count for the selected date range.

Threat Level section

This section provides the count and percentages of incidents in each threat level for the selected date range.

MITRE Tactic section

This section provides the count and percentages for each incident by MITRE Tactic in a color-coded bar graph for the selected date range.

MITRE Technique section

This section provides the count and percentages for each incident by MITRE Technique in a color-coded bar graph for the selected date range.

List of Incidents section

This section provides a complete list of incidents for the selected date range with detailed information about Customer Account, Create Time, Detection Source, Incident ID, Summary, Threat Level, and MITRE classification.