Recommended Training for New and Upgrading Customers
Whether you are a new Alert Logic customer or you are upgrading from a legacy platform, Alert Logic recommends the following resources to learn about key features in Managed Detection and Response (MDR).
To access training videos, sign in to the Alert Logic console, select Support from the navigation menu, and then click Training to open Alert Logic University. You can then click links to the videos below to open them.
Documentation and knowledge base articles are available to the public.
Alert Logic console
The following materials cover basics to help you get started with the Alert Logic console.
Knowledge base articles
An Alert Logic deployment allows you to specify the assets—such as appliances, agents, hosts, and collectors—in your environments to monitor and protect.
To access the Deployments page, click the menu icon (), click Configure, and then click Deployments.
The Dashboards page allows you to easily view pertinent information in visuals that feed from live data in your environment. Most visuals allow you to click items to drill down further into issues on the corresponding page in the Alert Logic console.
The Dashboards page is open when you sign in to the Alert Logic console. To go back to this page from other pages, click the menu icon (), and then click Dashboards.
Get started with these:
- Dashboard Navigation Overview
- Coverage and Health Dashboard Visuals
- Vulnerability Summary Dashboard Visuals
- Threat Risk Index (TRI) Summary Dashboard Visuals
- Managed Accounts - Healthy Summary Dashboard
- Managed Accounts - Security Summary Dashboard
- Managed Accounts Dashboard - Remediations
Browse the full list of available Dashboards videos and watch topics of interest:
- Coverage and Health Dashboard
- Managed Accounts Health Summary Dashboard
- Managed Accounts Security Summary Dashboard
The Incidents page provides you with the information you need to analyze and respond to incidents in your environment.
To access the Incidents page, click the menu icon (), click Respond, and then click Incidents.
Knowledge base articles
- Incident Console Features
- Managing Incidents in the Incident Console
- Responding to Most Common Incident Types
Exposures and remediations
The Exposures page displays the number and types of exposures in the protected deployment. It provides you with information about the exposure, including color-coded threat level, evidence, and affected assets. The page also lists recommended remediations to resolve an exposure or a group of exposures.
To access the Exposures page, click the menu icon (), click Respond, and then click Exposures.
Knowledge base articles
The Health page provides detailed information about your environment to ensure that your deployments are configured correctly. The Health page provides the information you need to analyze and respond to health exposures in your environment. Health exposures result from configuration or connection problems that disrupt access to Alert Logic product capabilities.
To access the Health page, click the menu icon (), click Respond, and then click Health.
Knowledge base articles
Alert Logic notifications alert you to threats, changes, and scheduled events in your environment. You can configure notifications and subscribe to them so you can respond quickly.
To access the Notifications page, click the menu icon (), click Manage, and then click Notifications.
The Reports page in the Alert Logic console provides access to data related to exposures and incidents Alert Logic found within your deployments. You can also view data related to your product usage within your accounts.
To access the Reports page, click the menu icon (), click Validate, and then click Reports.
Knowledge base article
A scan detects and identifies network and host vulnerabilities in your environment. Scans can perform external attack simulations as well as comprehensive vulnerability checks including registry evaluation. In Data Center deployments, discovery scans detect new assets or asset changes. You can manage scan schedules on the Scan Schedules page.
To access the Scan Schedules page, click the menu icon (), click Configure, click Deployments, and then click a deployment. On the left navigation panel, click Scan Schedules.
Knowledge base article
- Get Started with Alert Logic Scans
- About Alert Logic Scans
- Scan Functionality Upgrade
- Manage Scans and Scan Results
- Adjust Scan Settings
The Topology page displays an interactive diagram that uses color-coded icons to show the distribution of exposures and threats across your network assets. Topology allows you to select regions or assets to see details about the item, exposures, and remediations for those exposures.
To access the Topology page, click the menu icon (), click Investigate, and then click Topology.
Machine Learning Log Review
Machine Learning Log Review is an upgrade to the Log Review process and allows Alert Logic to deliver a higher level of security value. The Machine Learning Log Review algorithms can automatically detect many log-based anomaly types based on unique patterns and trends learned from your organization.
For information about how to see the output of Machine Learning Log Review, see the linked documentation.
Application Logs for flat-file configuration
The Application Logs page allows you to configure applications with functional APIs to automatically collect flat-file logs from multiple sources. Flat files are a common log message format for web servers and other server software.
To access the Application Logs page, click the menu icon (), click Configure, and then click a deployment. On the left navigation panel, click Logs, and then click Application Logs.
Application Registry for third-party logs
Application Registry provides an intuitive and efficient way to integrate multiple third-party applications that can generate logs. Application Registry is a repository of platform integrations in your Configuration group in the Alert Logic console. Integration with third-party applications adds administrative and security value to your organization. Application Registry is only available for Professional and EnterpriseManaged Detection and Response customers.
To access the Application Registry page, click the menu icon (), click Configure, and then click Application Registry.
The Search experience in the Alert Logic console allows you to perform basic and advanced searches for different data types. The Search feature is flexible for structuring advanced search queries, and using fields and predefined expressions to help you find and organize messages most relevant to your investigation. Search now supports a variety of data sources that help you uncover potential threats and discover what data sources are present in an environment, and it provides tools for further investigation.
To access the Search page, click the menu icon (), and then click Investigate. Click Search, and then click the Search tab.
- Log Search Upgrade
- Get Started with Search
- Search Simple Mode
- Search Expert Mode
- Saved and Scheduled Searches
- Manage Search Results Messages
File Integrity Monitoring (FIM)
Alert Logic MDR Professional and Alert Logic MDR Enterprise customers can access a File Integrity Monitoring (FIM) dashboard and capabilities as well as two PCI DSS compliance reports. FIM is a security control that detects potentially unauthorized change events to your operating system and application files.
Alert Logic FIM capabilities support PCI DSS requirements 10.5.5 and 11.5 and provide additional context as you investigate potential attacks or compromised assets.
To access the File Integrity Monitoring page, click the menu icon () , click Configure, and then click a deployment. On the left navigation panel, click File Integrity Monitoring, and then click Monitoring.
Web Log Analytics (WLA)
Alert Logic Web Log Analytics (WLA) is a log-based application attack detection solution that protects your web applications from common application vulnerabilities. WLA analyzes web server access logs for threats and attacks with a combination of pattern-matching signatures, and anomaly detection and machine-learning engine. WLA also reduces the need for tuning, minimizes false-positives, and provides visibility by inspecting HTTPS requests for threats post-decryption. You can gain security visibility across all web applications in your organization.
WLA currently supports log formats from IIS, Apache2, and Nginx web servers.
Extended Endpoint Protection
The Extended Endpoint Protection functionality from Alert Logic helps you control threats and manage incidents from employee workstations, points of sale, servers, and more.
Extended Endpoint Protection is built to provide value and scale immediately. You can silently install the agent on many endpoints in minutes using any tool that supports deploying EXE or MSI files, including system management tools. Once you deploy Extended Endpoint Protection, the endpoints automatically register, and you can manage them in the Alert Logic console.
To access the Endpoints page, click the menu icon (), click Configure, and then click Endpoints.
- About Alert Logic Extended Endpoint Protection
- Get Started with Alert Logic Extended Endpoint Protection
- Alert Logic Extended Endpoint Protection Upgrade
- Deploy Alert Logic Extended Endpoint Protection
- Test Alert Logic Extended Endpoint Protection
- Investigate an Extended Endpoint Protection Event
Connectors allow you to send security data directly to a third-party application in near real time. When you set up a notification and subscribe a webhook or email connector, the connector sends the event to the target URL or email address you configured and can generate a message or IT service management (ITSM) ticket automatically.
To access the Connectors page, click the menu icon (), click Configure, and then click Connectors.