Your First Deployment
Deployments are a set of assets from your appliances, agents, hosts, and collectors from your environments. Alert Logic allows you to add deployments to the Alert Logic console. The Deployments page appears under the Configuration tab in the Alert Logic console. You can create deployments for assets found in your from AWS and Azure cloud platforms, and from other cloud-based or physical Data Centers.
Alert Logic discovers and organizes deployment into a visual topology where you can select the desired levels of protection for your assets. You must choose one of the following a levels of coverage for each asset: between no protection, Alert Logic Essentials coverage, or Alert Logic Professional coverage for your networks.
Coverage protection levels
Alert Logic Essentials
Alert Logic Essentials coverage provides deployment automation for assets in your AWS or Azure environments, access to continuous asset discovery, and asset visibility for your deployments. Alert Logic continuously tests your environments with vulnerability scanning and cloud configuration scanning to help you detect and remediate exposures.
Alert Logic Professional
Alert Logic Professional coverage provides the capabilities from Essentials, plus access to network intrusion detection, file integrity monitoring, and log and security analytics.
To protect your AWS deployment, you must set up an AWS cross-account role to allow Alert Logic access to your AWS account. For more information about how to configure AWS cross-account role access, see Configure Alert Logic AWS Cross-account Role Access.
Alert Logic supports integrations with several AWS security services.
For more information on first-time deployment configuration, see AWS Deployment Configuration.
To protect your Azure deployment, you must create an Role-Based Access Control (RBAC) role in Azure to allow Alert Logic to access your account. For more information about how to configure Azure RBAC role access, see Configure RBAC Roles in Microsoft Azure.
For more information on first-time deployment configuration, see Azure Deployment Configuration.
Data Center Deployments
The Data Center environments are deployments you manually configure. The Data Center page displays the list of appliances, agents, hosts, and log collectors if subscribed to the Professional coverage.
For more information on first-time Data Center deployment configuration, see Data Center Deployment Configuration.
The most common deployment workflow includes:
- Selecting the deployment type
- Discovering assets
- Adding assets
- Defining the scope of your protection
- Scheduling scans
- Installing Agents or Appliances
- Setting up log sources
Add a deployment
To add a deployment, click the add icon (), and then select the deployment type you want to configure.
Provide a name for your deployment, and then click save. If configuring an AWS or Azure deployment, enter the requested information to provide Alert Logic third-party access to your specified cloud account or subscription.
After you have granted Alert Logic access to your cloud account or subscription, Alert Logic automatically discovers its assets. Alert Logic displays the assets discovered in your account in a visual topology diagram. To learn more about topology, see Topology.
If Alert Logic did not discover all your assets, you can add external assets by domain name or IP address.
For Data Center deployments, you must manually add assets by network, subnet, domain name, or IP address.
Define your scope of protection
You can define the scope of your protection per network basis. Each network appears within its protected region. Click a region or individual network to set the scan level or leave it unprotected. You also have the option to exclude assets or tags from external scanning, internal scanning, and Network IDS.
Alert Logic automatically performs certain scans. You can schedule when and how often you want Alert Logic to scan for new assets or perform vulnerability scans.
Configuration topology overview
This topology diagram provides an overview of your scope of protection. You can see which assets are unprotected, or are scanned at the Essentials or Professional levels.
Installing Agent or Appliances
Alert Logic provides a single agent that collects data used for analysis, such as log messages and network traffic, metadata, and host identification information. For more information about installing agent installations, see Install the Alert Logic agent for Linux or Install the Alert Logic agent for Windows.
If you are configuring a Data Center deployment, you must assign appliances to your networks. Use the Unique Registration Key to assign one or more appliances to each network. For more information about installing a physical appliance or a virtual appliance, see Install the Alert Logic Virtual Appliance or Install the Physical Appliance.
Set up log sources
If you have a Professional subscription, you can set up log collection. To add log sources for data you want to collect, see Log Sources.