Recommended Training for New and Upgrading Customers

Whether you are a new Alert Logic customer or you are upgrading from a legacy platform, Alert Logic recommends the following resources to learn about key features in Managed Detection and Response (MDR).

To access training videos, sign in to the Alert Logic console, select Support from the navigation menu, and then click Training to open Alert Logic University. You can then click links to the videos below to open them.

Documentation and knowledge base articles are available to the public.

Alert Logic console

The following materials cover basics to help you get started with the Alert Logic console.

Training videos

Knowledge base articles

Deployments

An Alert Logic deployment allows you to specify the assets—such as appliances, agents, hosts, and collectors—in your environments to monitor and protect.

To access the Deployments page, click the menu icon (), click Configure, and then click Deployments.

Documentation

Dashboards

The Dashboards page allows you to easily view pertinent information in visuals that feed from live data in your environment. Most visuals allow you to click items to drill down further into issues on the corresponding page in the Alert Logic console.

The Dashboards page is open when you sign in to the Alert Logic console. To go back to this page from other pages, click the menu icon (), and then click Dashboards.

Training videos

Get started with these:

Browse the full list of available Dashboards videos and watch topics of interest:

Documentation

Incidents

The Incidents page provides you with the information you need to analyze and respond to incidents in your environment.

To access the Incidents page, click the menu icon (), click Respond, and then click Incidents.

Training video

Knowledge base articles

Documentation

Exposures and remediations

The Exposures page displays the number and types of exposures in the protected deployment. It provides you with information about the exposure, including color-coded threat level, evidence, and affected assets. The page also lists recommended remediations to resolve an exposure or a group of exposures.

To access the Exposures page, click the menu icon (), click Respond, and then click Exposures.

Training video

Knowledge base articles

Documentation

Health

The Health page provides detailed information about your environment to ensure that your deployments are configured correctly. The Health page provides the information you need to analyze and respond to health exposures in your environment. Health exposures result from configuration or connection problems that disrupt access to Alert Logic product capabilities.

To access the Health page, click the menu icon (), click Respond, and then click Health.

Knowledge base articles

Documentation

Notifications

Alert Logic notifications alert you to threats, changes, and scheduled events in your environment. You can configure notifications and subscribe to them so you can respond quickly.

To access the Notifications page, click the menu icon (), click Manage, and then click Notifications.

Training video

Documentation

Reports

The Reports page in the Alert Logic console provides access to data related to exposures and incidents Alert Logic found within your deployments. You can also view data related to your product usage within your accounts.

To access the Reports page, click the menu icon (), click Validate, and then click Reports.

Training video

Knowledge base article

Documentation

Scanning

A scan detects and identifies network and host vulnerabilities in your environment. Scans can perform external attack simulations as well as comprehensive vulnerability checks including registry evaluation. In Data Center deployments, discovery scans detect new assets or asset changes. You can manage scan schedules on the Scan Schedules page.

To access the Scan Schedules page, click the menu icon (), click Configure, click Deployments, and then click a deployment. On the left navigation panel, click Scan Schedules.

Training video

Knowledge base article

Documentation

Topology

The Topology page displays an interactive diagram that uses color-coded icons to show the distribution of exposures and threats across your network assets. Topology allows you to select regions or assets to see details about the item, exposures, and remediations for those exposures.

To access the Topology page, click the menu icon (), click Investigate, and then click Topology.

Documentation

Log management

Machine Learning Log Review

Machine Learning Log Review is an upgrade to the Log Review process and allows Alert Logic to deliver a higher level of security value. The Machine Learning Log Review algorithms can automatically detect many log-based anomaly types based on unique patterns and trends learned from your organization.

For information about how to see the output of Machine Learning Log Review, see the linked documentation.

Training video

Documentation

Application Logs for flat-file configuration

The Application Logs page allows you to configure applications with functional APIs to automatically collect flat-file logs from multiple sources. Flat files are a common log message format for web servers and other server software.

To access the Application Logs page, click the menu icon (), click Configure, and then click a deployment. On the left navigation panel, click Logs, and then click Application Logs.

Documentation

Application Registry for third-party logs

Application Registry provides an intuitive and efficient way to integrate multiple third-party applications that can generate logs. Application Registry is a repository of platform integrations in your Configuration group in the Alert Logic console. Integration with third-party applications adds administrative and security value to your organization. Application Registry is only available for Professional and EnterpriseManaged Detection and Response customers.

To access the Application Registry page, click the menu icon (), click Configure, and then click Application Registry.

Documentation

The Search experience in the Alert Logic console allows you to perform basic and advanced searches for different data types. The Search feature is flexible for structuring advanced search queries, and using fields and predefined expressions to help you find and organize messages most relevant to your investigation. Search now supports a variety of data sources that help you uncover potential threats and discover what data sources are present in an environment, and it provides tools for further investigation.

To access the Search page, click the menu icon (), and then click Investigate. Click Search, and then click the Search tab.

Training video

Documentation

File Integrity Monitoring (FIM)

Alert Logic MDR Professional and Alert Logic MDR Enterprise customers can access a File Integrity Monitoring (FIM) dashboard and capabilities as well as two PCI DSS compliance reports. FIM is a security control that detects potentially unauthorized change events to your operating system and application files.

Alert Logic FIM capabilities support PCI DSS requirements 10.5.5 and 11.5 and provide additional context as you investigate potential attacks or compromised assets.

To access the File Integrity Monitoring page, click the menu icon () , click Configure, and then click a deployment. On the left navigation panel, click File Integrity Monitoring, and then click Monitoring.

Training videos

Documentation

Web Log Analytics (WLA)

Alert Logic Web Log Analytics (WLA) is a log-based application attack detection solution that protects your web applications from common application vulnerabilities. WLA analyzes web server access logs for threats and attacks with a combination of pattern-matching signatures, and anomaly detection and machine-learning engine. WLA also reduces the need for tuning, minimizes false-positives, and provides visibility by inspecting HTTPS requests for threats post-decryption. You can gain security visibility across all web applications in your organization.

WLA currently supports log formats from IIS, Apache2, and Nginx web servers.

Training video

Documentation

Extended Endpoint Protection

The Extended Endpoint Protection functionality from Alert Logic helps you control threats and manage incidents from employee workstations, points of sale, servers, and more.

Extended Endpoint Protection is built to provide value and scale immediately. You can silently install the agent on many endpoints in minutes using any tool that supports deploying EXE or MSI files, including system management tools. Once you deploy Extended Endpoint Protection, the endpoints automatically register, and you can manage them in the Alert Logic console.

To access the Endpoints page, click the menu icon (), click Configure, and then click Endpoints.

Training video

Documentation

Connectors

Connectors allow you to send security data directly to a third-party application in near real time. When you set up a notification and subscribe a webhook or email connector, the connector sends the event to the target URL or email address you configured and can generate a message or IT service management (ITSM) ticket automatically.

To access the Connectors page, click the menu icon (), click Configure, and then click Connectors.

Documentation