Upgraded Scan Functionality
Alert Logic upgraded scan functionality to provide continuous and automatic scanning for all your assets. You no longer have to create individual scans for every asset.
When you create a new deployment, Alert Logic performs periodic scheduled external and internal vulnerability scans on all assets unless you apply exclusions. For Data Center deployments, Alert Logic also scans for new assets. To learn more about deployments and deployment types, see About Deployment Types.
Although Alert Logic performs automatic scanning, you can customize how to perform these scans. Several features in the Alert Logic console allow you to control how and when you want to scan, exclude assets, and expedite an asset to be scan ahead of its scheduled time. You can view data results, including vulnerabilities, statistics, reports, and recommended actions against threats discovered during scans.
PCI scans are not affected by this upgrade. For information, see Manage PCI Scans.
Upgraded scans features
Alert Logic offers the following scanning features:
- Scan frequency and scheduling
- Exclude assets from scans
- Scan Now
- Remediations against detected vulnerabilities
- View vulnerability reports
- View legacy scan results
- View a summary of the health of your assets
Exclusions, scan frequency, and scheduling options apply only to scans of host assets by Alert Logic appliances. Cloud configuration checks performed with cloud APIs, such as checks that are part of the CIS Foundations benchmark, are not affected.
Create a new scan
Alert Logic now scans all assets in your deployments automatically, so you no longer have to create individual scans. You do, however, have several ways to manage automatic scans in your deployments.
- Manage scan schedules: Manage your scan schedules and frequency for each deployment. Default scan frequency is once a day.
- Exclude assets from scans: You can exclude certain assets from scans in each deployment.
- Scan Now: Alert Logic allows you to expedite scanning for individual assets when necessary.
If you need to run a scan immediately, you can use the Scan Now feature on the Topology page. This scans the selected asset right away or as soon as possible, outside of the normal schedule. See Scan Now for more information.
The Alert Logic console contains several pages where you can access data pulled from scan results:
You are also notified when assets have not been scanned in the Remediations page. See Configuration Remediations for more information.
You can review scan results and their outcomes in different pages in the Alert Logic console:
You can no longer search for vulnerabilities. However, you have access to view vulnerabilities. The Vulnerability Analysis reports allow you to view and filter vulnerabilities in the your environment. The Monthly Vulnerability Summary in the Monthly Vulnerability Summary displays all vulnerabilities in the filters you choose.
Host groups and zones
You can filter your assets by regions, networks, subnets, hosts, tags and other assets to see what is being scanned from the Topology page. You can also manage your credentials for assets from this page. See Topology for more information.