Data Center Deployment Configuration

Alert Logic allows you to add deployments to the Alert Logic console. The Deployments page appears under the Configuration tab in the Alert Logic console. To add a deployment, click the icon, and then enter the requested information to provide Alert Logic with third-party access to the specified cloud environment. For more information about adding deployments for other cloud environments, see Azure Deployment Configuration and AWS Deployment Configuration.

Name your deployment

In the Deployment Name field, type a descriptive name for the deployment you want to create, and then click SAVE.

Add assets

Add your assets by network, subnet, domain name, or IP address to be scanned.

To add a network:

  1. In the Network tab, click the icon, and then select Network.
  2. Name the network, add the Private CIDR(s)and the Public CIDR(s),and then click SAVE.

To add a subnet:

  1. In the Network tab, click the icon, and then select Subnet.
  2. Name the subnet, select the network, add the CIDR ,and then click SAVE.

To add a domain name:

  1. In the DNS Names and Public IPs tab, click the icon, and then select DNS Name.
  2. Add the domain name, and then click SAVE.

To add an IP address:

  1. In the DNS Names and Public IPs tab, click the icon, and then select Public IP.
  2. Name the IP address, add the CIDR, and then click SAVE.

When you are finished, click CONTINUE.

Scope of protection

You can define the scope of your protection per network basis. Each network appears within its protected region. Click a region or individual network to set the scan level or leave it unprotected, and then click SAVE.

Exclusions

You also have the option to exclude assets or tags from external scanning, internal scanning, and Network IDS.

External scanning

To exclude assets for external scanning:

  1. Select the External Scanning tab to view assets available to exclude.
  2. Click the icon for the asset you want to exclude.
  3. You can remove an asset from the exclusion list at any time. Click the icon to include the asset in external scanning.

Internal scanning

To exclude assets or tags for internal scanning:

  1. Select the Internal Scanning tab to choose ASSETS or TAGS to search.
  2. Click the icon for the asset or tag you want to exclude.
  3. You can remove an asset from exclusion at any time. Click the icon to include the asset in external scanning.

Network IDS

To exclude assets for Network IDS

  1. Select the Network IDS tab to exclude CIDRs.
  2. Enter the CIDR you want to exclude.
  3. Click the drop-down to select a protocol.
  4. Click the drop-down to select the port.
  5. Click EXCLUDE AND ADD ANOTHER.
  6. You can remove an asset from the exclusion list at any time. Click the icon to include the asset in external scanning.

Scheduling

Alert Logic automatically performs certain scans. You can schedule when you want Alert Logic to scan for new assets and perform vulnerability scans.

Discovery scans

Select the Scan only during these hours box, and then select a 12-hour window or an 8-hour window. Click the Time Zone drop down to select the time zone you want. Click SAVE, and then click CONTINUE.

Vulnerability scans

Opt to scan on certain days or hours. Select from the following options, and then specify the hours, days, or holidays.

  • Scan only during these hours.
  • Scan only on these days.
  • Do not scan on certain public holidays. (Includes the day before and the day after specified holidays)

Click the Time Zone drop down to select the time zone you want. Click SAVE, and then click NEXT.

Configuration Topology

This topology diagram provides an overview of your scope of protection. You can see which assets are unprotected, or being scanned at the Essentials, Professional, or Enterprise levels. Click a network in the diagram to view its subnets, instances, and hosts.

The protection breakdown displays how many assets are unprotected, excluded, and protected, along with the number of protected assets in each level.

You can search for specific assets. The protection breakdown updates as it finds specific assets.

Agent

Alert Logic provides a single agent that collects data used for analysis, such as log messages and network traffic, metadata, and host identification information. Click the links below for more information about installing the Alert Logic agent to Install the Alert Logic agent for Linux or Install the Alert Logic agent for Windows.

Appliances

You must assign appliances to your networks. Use the Unique Registration Key to assign one or more appliances to each network. Click the links for more information see Install the Physical Appliance or a Install the Alert Logic virtual appliance.

Log sources

You can set up log collection. To add log sources for data you want to collect, see Configure Log Sources.