The documentation below describes the new version of the Alert Logic console, which was recently updated. This version will become the default in early 2020. For more information about the new navigation, see Managed Detection and Response Navigation Menu Updates.
The Topology page, under the Investigate menu item, displays an interactive diagram that uses color-coded icons to show the distribution of exposures and threats across your network assets.
Topology allows you to select regions or assets to see details about the item, exposures, and remediations for those exposures.
The Topology page header allows you to specify a deployment and a region, and displays the number of VPCs, VNETs or networks, subnets, and hosts in that selected deployment.
The Topology menu bar allows you to group the assets displayed in the diagram, customize how and what assets are displayed, view details on the status of those assets, and search for specific assets.
Use the Deployment drop-down menu to switch the displayed topology diagram to another deployment.
By default, the displayed topology diagram includes all regions in the selected deployment. If your deployment includes multiple regions, you can click the All Regions drop-down menu to specify a single region for a more focused view of deployment assets.
The Alert Logic console allows you to customize your view of the topology diagram.
Scope — Click Scope icon to only include assets within the deployment scope in the topology diagram.
Remediations — Click Remediations icon to display the topology diagram with asset icons that appear in colors that identify their exposure levels. Color codes for remediation states are as follows:
- Red: Critical
- Orange: High
- Yellow: Medium
- Gray: Low
Scan map — Click Scan map to display the topology diagram with asset icons that appear in colors that identify their scan states. Color codes for scan states are as follows:
- Blue : Scanned
- Dark gray with a blue halo: Currently being scanned
- Dark gray: Not scanned
- Light gray: Not in scope
Credentials map — Click Credentials map to display the topology diagram as a credentials map in which assets with assigned credentials are highlighted in green.
You can add the following assets to the topology diagram:
Click a region, or asset to view its information, manage or add credentials, view incidents and recommended remediations for the asset, or add the asset to the Watch List, or scan now.
Alert Logic uses credentials to gather information about the assets in your environment. Click a region, VPCs, VNETs or networks, subnets, and hosts, and then click credentials to manage the asset credentials.
Click a region or asset, and then click action to see the incidents and recommended remediations for that asset, or to add the selected asset to the Watch List. Use the watch list to monitor selected assets for changes in threat levels.
If you need to run a scan immediately, you can use the Scan Now feature on the Topology page. This scans the selected asset right away or as soon as possible, outside of the normal schedule and ignoring any exclusions.
To see which scans are in progress, click the scan icon () to see the scan statuses of your assets. For more information about scan status, see Customize the diagram display.
To use the Scan Now feature:
- On the Topology page, specify a deployment or region in the respective drop-down menus.
- Click on the asset you want to scan immediately, if a scan is not in progress.
- In the slideout panel. click Actions, and then click SCAN NOW.
- A dialog box appears, showing a list of exclusions that the scanner will ignore to scan the asset. Click OK to run the scan.
Scan Now may delay the scan for 5-25 minutes, depending on technological factors such as the current load on the scanner and the availability of a scan appliance. Alert Logic will always scan the asset as soon as possible.