Monthly Log Review Details Report

The Monthly Log Review Details report provides details on anomalies and alerts detected in all daily Log Review Summary incidents for the selected month, including detected observations, a list of log alerts counts and details, and a list of log anomaly counts and details.

You must create a one-time or recurring schedule to access the report as it is delivered in a PDF file. After you have scheduled it, the selected users will receive confirmation through your email with a PDF file attachment that the report generated successfully. You can also access the report through the Alert Logic console Downloads tab in the Reports page. For more information on scheduled reports, see Scheduled Reports and Notifications.

You will not be able to view the contents of the Monthly Log Review Details report in the Alert Logic console. The report is delivered as a PDF file.

To create a schedule for the Monthly Log Review Details report:

  1. In the Alert Logic console, click the menu icon (), and then click Validate.
  2. Click Reports, and then click Threats.
  3. Under Log Review Analysis, click VIEW.
  4. Click Monthly Log Review Details.
  5. Click SCHEDULE THIS REPORT. For instructions on how to fill this form, see Create a report schedule and notification.

    Under Generate report, you can only select Monthly or Run Once.

  6. After you receive an email that your report has been successfully scheduled, click Downloads to access it. For instructions on how to access the report, see Download a report generated by a schedule.

Log Review Analysis Summary section

This section is repeated daily and provides details on when the anomalies occurred and when Alert Logic detected them, detected observations, log alerts counts and summaries, and log anomaly counts and summaries. To learn more about how anomalies and observations are detected and Log Review incidents are generated, see Machine Learning Log Review Upgrade.

Overview of Log Alerts and Anomalies section

This section informs you of the information in the following report sections, and refers to the Evidence section of the Incident for specific details. For more information on the Evidence section for an Incident, see Evidence.

Detected observations section

This section lists daily observations that were generated by distinct users, and observations that were generated by distinct hosts.

Log Alert Counts and Summary section

This section provides a table of the daily log and alert types, alert count, total associated logs count, and list of the first 10 users affected.

Log Anomaly Counts and Summary section

This section provides a table of the daily anomaly and log types, anomaly count, total expected anomaly count, total actual anomaly count, and a list of the first 10 users or hosts affected.