Manage PCI Scans

Your Alert Logic account has been migrated to use the self-service PCI Approved Scanning Vendor (ASV) capabilities available in Fortra Vulnerability Management (Fortra VM), including external network scanning (VM), web application scanning (WAS), PCI disputes, and PCI Compliance reports. Historical data from previous PCI scans, disputes, and reports are still accessible in the same location in the Alert Logic console.

To use Fortra VM for PCI scanning:

  • Your users must authenticate to Fortra VM using Fortra identity provider (FIDP) credentials and configure their browsers to allow exceptions for third-party cookies.
  • Your active "External - PCI" scan policies in the Alert Logic console were transferred over to Fortra VM with their status and most settings retained.

This document describes how to access Fortra VM for PCI ASV scanning and how to access historical data in the Alert Logic console.

Access Fortra VM for PCI ASV scanning

Once you have set up your FIDP credentials, you can access Fortra VM from the Alert Logic console by selecting > Configure > Fortra VM PCI Scanning. This option will open Fortra VM, where you can manage your PCI scans.

If you have not yet set up your FIDP credentials, follow the steps in Migrate to Fortra VM for PCI ASV Scanning.

For more information about using Fortra VM for PCI ASV scanning, refer to the Fortra VM PCI ASV Guide for Alert Logic Customers.

Access Fortra VM for PCI scan disputes

You can also access the scan disputes pages in Fortra VM directly from the Alert Logic console by selecting > Validate > Fortra VM PCI Scan Disputes. This option will open Fortra VM directly to the PCI Disputes page.

For more information about disputing PCI scan results with Fortra VM, refer to the Dispute Vulnerabilities section in the Fortra VM PCI ASV Guide for Alert Logic Customers.

View historical data from Alert Logic PCI scans

After the migration to Fortra VM for PCI scanning, historical data from previous PCI scans, disputes, and reports is still accessible in the same location in the Alert Logic console.

To view your PCI compliance status and history:

  1. Access the PCI Scanning page in the Alert Logic console by navigating to > Configure > PCI Scanning (Archive).
  2. Under Latest 25 Reports, click the name of the report you want to view.

All options for scheduling new PCI scans, saving edits to existing PCI scans, running PCI scans, and disputing PCI scans are disabled. Only historical PCI scan reports can be viewed.

To view past PCI scan disputes in the Alert Logic console:

  1. Access the PCI Scan Disputes page in the Alert Logic console by navigating to > Validate > PCI Scan Disputes (Archive).
  2. Click the name of the disputed scan results you want to view.

Once reviewing a scan result, you can sort the list of vulnerabilities by various parameters, by ascending or descending order, and search content. You can perform searches to find a specific vulnerability. In the search bar on the top right of the page, search for all or part of the name of the vulnerability, a specific port or protocol, host information, or any partial string of text that is part of the vulnerability text.

To sort the list of vulnerabilities, use the Sort fields or click a column name. You can sort by the following values:

  • Status
  • Host Name
  • Host IP Address
  • FQDN
  • Vulnerability (ID)
  • Service Protocol
  • Service Port
  • Selection Status
  • Last Modified
  • Dispute Type