Protected Hosts

A host maps directly to an agent installed in your environment. When you create a protected host, you assign an assignment policy and a protected host policy to the host, which communicates Network IDS instructions to the agent. Policies applied to a protected host dictate how the agent running on the host interacts with its network environment. If you do not see an option to create a protected host, the host is offline. For more information about hosts, see Hosts.

Protected hosts appear on the table, sorted by host name. To narrow the list of protected hosts, you can use the search field to search for a specific protected host name or tag, or you can use the filters to list protected hosts with the following characteristics:

  • Source Status
    • Hosts in Offline state
    • Hosts in Warning state
    • Hosts in Error state
    • Hosts in New state
    • Hosts in OK state
  • Source Collection Method
    • Agent
    • Discovered
  • Tags

Create and modify protected hosts

Under most circumstances, Alert Logic automatically creates protected hosts when you install an agent, and those hosts automatically receive the default protected host policy. Some protected hosts also automatically receive an assignment policy as well. If a protected host is not automatically created after agent installation, or if a protected host was deleted but needs to be added again, you can manually add a host as a protected host.

You can create a protected host only from the Hosts page. You can edit a protected host only from the Protected Hosts page.

When you create a protected host, you assign an assignment policy and a protected host policy to the host, which communicates Network IDS instructions to the agent.

An assignment policy is a set of rules that indicates the traffic that appliances should either accept or ignore. An assignment policy directs protected hosts to encrypt traffic and send traffic to specific appliances. In a dynamic environment where IP addresses often change, an assignment policy ensures that hosts always correspond to their appliances.

To create a protected host:

  1. On the Hosts page, find a host you want to add as a protected host.
  2. Under the Actions column, click the plus icon (), and then click Add as Protected Host.
  3. In the New Protected Host slideout panel, provide the appropriate values.
  4. Click SAVE.

To modify a protected host:

  1. On the left navigation menu of the selected deployment, click Networks and Protected Hosts.
  2. Click Protected Hosts.
  3. In the list of protected hosts, select the protected host you want to update, and then click the pencil icon ( ).
  4. In the slideout panel, make the appropriate changes.
  5. Click SAVE.

Mass edit protected hosts

The mass edit feature allows you to perform the same edits on one or more protected hosts.

The mass edit and mass archive/delete features have a maximum number of entries that they can handle. If you have an issue using the feature on a large number of entries, use the Alert Logic API instead.

To mass edit protected hosts:

  1. On the Protected Hosts page, click the gear icon ( ).
  2. Select Mass Edit.
  3. Make the following changes if applicable:
    1. Specify the hosts to which you want to apply changes:
      • All hosts
      • Only filtered hosts
    1. Specify an appliance assignment policy.
    1. Select which, if any, host policy setting to change.
    2. Determine whether you want to replace collection alerts.
    1. Specify one of the following tag settings:
      • Do not change tag settings
      • Append additional Tags—Type tags you want added to the networks.
      • Replace existing Tags—Type tags you want to replace those associated with the networks.
      • Remove specific Tags—Type the tags you no longer want associated with the networks.
      • Remove all Tags
  4. Select whether to delete the selected hosts.

You cannot undo this action.

  1. Click Apply.

Export protected hosts

Alert Logic allows you to export a list of your protected hosts to a file. You can choose one of the following formats for the exported file:

  • Comma separated values (.csv)
  • Tab delimited values (.txt)
  • Microsoft Excel 1997–2003 (.xls)
  • Microsoft Excel 2007 (.xlsx)

To export protected hosts:

  1. On the Protected Hosts page, click the gear icon ( ).
  2. Select Export.
  3. Specify whether your exported list contains:
    • All Hosts
    • Only Filtered Hosts
  4. Select a file format for the exported file.
    • Comma separated values (.csv)
    • Tab delimited values (.txt)
    • Microsoft Excel 1997–2003 (.xls)
    • Microsoft Excel 2007 (.xlsx)
  5. Click EXPORT.

Archive and restore protected hosts

To safeguard against permanent loss of data, Alert Logic provides the archive and unarchive features. To archive a threat host, you must delete all protected hosts data streams associated with the threat host.

To archive a host:

  1. Find the desired host in the Protected Hosts list.
  2. Click the archive icon ().
  3. Click ARCHIVE.

To restore an archived host:

  1. Above the Protected Hosts list, click the Show Archive slider.
  2. In the Protected Host list, find host you want to restore, and then click the archive icon ().
  3. Click UNARCHIVE.

Delete a protected host

Threat Manager allows you to remove existing protected hosts.

To delete a protected host:

  1. At the top of the Alert Logic console, from the drop-down menu, click Threat Manager.
  2. In the left navigation area, under Detection, click Protected Hosts.
  3. In the table of protected hosts, select the protected host you want to delete, and then click the trash icon ( ).
  4. Click Delete.