Scan Functionality Upgrade
Alert Logic upgraded scan functionality to provide fully automated scanning for all your assets. You no longer have to create individual scans for every asset.
When you create a new deployment, Alert Logic automatically creates default scan schedules, which vary according to deployment type, to perform agent-based, internal network, and external network vulnerability scans on all non-excluded assets and ports. Alert Logic also creates a default discovery scan schedule to find new assets in Data Center deployments. You can schedule when to perform specific scans for all or selected assets and ports. To learn more about deployments and deployment types, see About Deployment Types.
Several features in the Alert Logic console allow you to control how and when to scan, exclude assets and ports, and expedite an asset to be scanned ahead of its scheduled time. You can view data results, including vulnerabilities, statistics, reports, and recommended actions against threats discovered during scans.
PCI scans are not affected by this upgrade. For information, see Manage PCI Scans.
Upgraded scans features
Alert Logic offers enhanced features for creating and managing scans, adjusting scan performance, expediting scans, and analyzing results.
Create and manage scans
Alert Logic scans all assets in your deployments automatically according to default scan schedules. You no longer have to create individual scans. Alert Logic offers several ways for you to manage scan schedules in your deployments.
The following features are available for managing your scans from the Scan Schedules page for each deployment:
- Default scan schedules with preselected frequencies, scan windows, assets, and ports
- Create additional schedules for all or selected assets and ports
- Edit default and custom schedules
- Stop a scan in progress
- Activate or deactivate a scan schedule
- Exclude assets and ports from scans
Exclusions, scan frequency, and scheduling options apply only to assets that are scanned using Alert Logic appliances. Cloud configuration checks performed using cloud APIs, such as checks that are part of the CIS Foundations benchmark, are not affected.
If you need to run a scan on a host immediately, you can use the Scan Now feature on the Topology page. This feature scans the selected host right away or as soon as possible, outside the normal schedule. For more information, see Scan Now.
You can also create a scan schedule and choose the Scan once option to scan selected assets once, starting at a specific time. For example, to verify a patch or remediation action, you can use this option to schedule a scan of several assets to start within the next five minutes instead of waiting for the next regularly scheduled scan. For more information, see Create a scan schedule.
Adjust scan settings
Features for adjusting scan settings are available from the Topology page:
- Manage credentials for internal vulnerability scans
- Adjust scan performance by choosing more or fewer concurrent scans
For more information, see Adjust Scan Settings.
Scan results and statistics
The Alert Logic console contains several pages where you can access data pulled from scan results:
- Vulnerabilities Reports—For full reports of all scan results. Provide valuable summary, breakdown, variance, distribution, and trending data for vulnerabilities discovered across your environments by all scans.
- Scan Schedule Breakdown—For full reports of specific scan schedule results. Provide summary, detailed, and variance vulnerability results for specific scan schedules.
- Exposures—For viewing current vulnerabilities and addressing individual issues. Lists current exposures found in your deployments resulting from vulnerability scans and remediations to resolve an exposure or a group of exposures.
You can find specific vulnerabilities in your environment from the list of open exposures on the Exposures page. You can switch to the Exposures view, optionally select filters on the left to narrow results, and use the search feature at the top of the list to find specific vulnerabilities. For more information about the Exposures page, see Exposures.
You can also use the Vulnerability Library to research vulnerabilities that Alert Logic scans for and see whether a specific vulnerability impacts your environment. For more information, see Vulnerability Library.
Host groups and zones
Deployments in Managed Detection and Response replace host groups and zones. On the Topology page, you can filter by deployment, regions, networks, subnets, hosts, tags, and other assets to see which assets are being scanned. You can also manage scan settings such as your credentials to set up credentialed scanning for assets and adjust scan performance settings. For more information, see Topology and Adjust Scan Settings.
The Last Scanned Breakdown report, available from the Vulnerabilities Reports page, lists when assets in your deployments were last scanned for vulnerabilities. For more information, see Last Scanned Breakdown.