Threat Manager Professional Upgrade
Alert Logic Threat Manager Professional combines a cloud-based network intrusion detection system and a vulnerability assessment solution into a service that works in any environment, from on-premises to the cloud. Threat Manager customers who choose to upgrade to Threat Manager Professional receive a number of changes that simplify and improve your experience.
The Alert Logic console shows only the tabs and pages appropriate to your product subscription. This topic describes all possible tabs and pages, but specifies the subscriptions that generate the tabs and pages. For more information about subscriptions Alert Logic offers, see Get Started with Alert Logic Subscriptions and Add-ons.
Requirements
Your existing appliances, agents, and deployments from Threat Manager are migrated to Threat Manager Professional, and your historical data is available. You are not required to perform any updates, although Alert Logic recommends you use the latest deployment and agent updates:
- If you have Amazon Web Services (AWS) deployments, you must ensure your deployments use IAM roles created with the most current policy documents. To update IAM roles, see Update your IAM roles.
- If you have Azure deployments, you must ensure your Microsoft Azure resources are configured to allow Alert Logic to discover and monitor your assets. To ensure your Azure deployments are properly configured, see Configure App Registration and RBAC for Microsoft Azure Resources.
- Upgrade your agents and appliances to the most recent version. Download and install the appropriate agents or appliances. For more information, see the following documents:
How to find features in the new console
Alert Logic has improved, replaced, and moved several features in the Alert Logic console. See the table below for major changes:
| Legacy Functionality Name | Upgraded Functionality |
|---|---|
| Alert Logic console | (Optional) Navigation menu |
| Summary and Dashboards | Available as Threat Risk Index Summary, TM Professional Entitlement Summary, and the new Dashboards. |
| Scans | Manage Scans and Scan Results |
| Hosts, Networks, Protected Hosts, and Network IDS | Topology, Get Started with Alert Logic Deployments, Health |
| Alert Rules | Notifications |
| Remediations | Exposures |
Automated functionality
The new Alert Logic console offers automation of traditional features that you previously had to manually configure when your deployments are upgraded to the Threat Manager Professional. Automation of features also applies if you need to create a new deployment. Alert Logic has automated the following functionality:
- Browse Devices
- Legacy Threat Manager appliances
- Assignment policies
- Monitoring policies
- Blocking configuration
Upgraded scanning features
The upgrade provides feature parity for scan frequency and simple scan scheduling. Upgrades affect:
- Collection capability
- Scanning capability
- Scan scheduling
- PCI scanning
To learn more about upgrade details of scanning capabilities and scheduling, see Scan Functionality Upgrade.
About Threat Manager Professional capabilities
In the Alert Logic console, your subscription provides visibility to assets and vulnerabilities across your environments through the following capabilities:
- Threat Risk Index Summary: This dashboard provides insights into the recent TRI scores of your environment, including the average TRI score and trends, vulnerabilities changes, last scanned asset changes, and TRI scores by assets.
- (Optional) Dashboards: This is a new feature that presents interactive visuals that present data regarding the state of your environment and track existing issues if you chose to use the new Dashboards.
- Deployments: A defined set of assets that you want to monitor and protect in your cloud-based or physical data centers.
- Scan frequency and scheduling: A schedule for how often and when you want Alert Logic to perform scans for each deployment.
- Topology: An interactive diagram that displays your deployments and the distribution of exposures and threats across your assets.
- Health: A summary of the state of your deployments, including detailed information on your configuration assets.
- Exposures: Security and configuration exposures found in your environment, and remediation support for those exposures.
- Reports: Data related to exposures, risks, and compliance status, which you can share and download.
- PCI Scanning: Payment Card Industry (PCI) scanning, and Approved Scanning Vendor (ASV) support and disputing.
- Vulnerability Library: List of scan content that Alert Logic checks, where you can search and view information for specific vulnerabilities.
- Management settings: Your user account, notifications, and integrations settings.
- Service Status: Page for monitoring the status of your subscribed region and product capabilities.
Dashboards
Dashboards presents pertinent information that feeds from live data in your environment. You can click most items in visuals to view the source of the data, which redirects to the corresponding page in the Alert Logic console. This allows you to drill down further into issues and streamline your response actions. For more details about Dashboards, see Dashboards.
Alert Logic console navigation menu
You can easily navigate through the Alert Logic console. For more detailed information, see Navigation menu.
To start navigating to pages in the Alert Logic console:
- Click the menu icon (
) to see the navigation menu. - Click a navigation group (for example, Respond) to expand the options under that group.
- Click a navigation item (for example, Incidents) that you want to explore further.
Deployments
Deployments allows you to monitor and protect a defined set of assets, including your appliances, agents, hosts, and collectors in your environments. You can create deployments for assets found in your Amazon Web Services (AWS), Microsoft Azure, and other cloud-based or physical data centers. You can also configure Alert Logic product use. For more information about deployments, see Get Started with Alert Logic Deployments.
Scan frequency and scheduling
From your deployments, and depending on your deployment type, you can configure your scan scheduling and frequency for discovery scans and vulnerability scans, and you can exclude assets from for scanning. For more information about scans, see Manage Scans and Scan Results.
Topology
You can view your deployment networks, and all its assets, in an interactive diagram from the Topology page. You can customize and filter the what assets you want to see, and you can view asset details, take action on remediations, manage your credentials, and expedite scans for specific assets. For more information, see Topology.
Health
The Health page provides a summary of you deployments to ensure that your deployments are correctly configured by providing the following:
- Summary of your environment
- Detailed health information regarding your networks, appliances, and agents
- Suggested configuration remediations
- Option to subscribe to health summary alerts
For more information about the Health page, see Health.
Exposures
The Exposures page displays the number and types of security and configuration exposures in your protected deployment, and it provides you with information about the exposure, including color-coded threat level, evidence, and recommendations to address the exposure. For more details about the Exposures page, see Exposures.
Reports
The Reports page provides access to data related to exposures, risks, and compliance status that Alert Logic assessed within your environment. Each report provides interactive filtering options, visual representations of the data, and informative tooltips. As a result, reports can take up to 30 minutes to reflect the latest data seen in the console.
The Threat Manager Professional subscription include the following report types:
- Risk— Includes Reports Guide reports which provides valuable insights and analysis of your incidents, events, and vulnerabilities. You can evaluate threats and incidents and your response efforts, validate events and focus your efforts, and gain insights into the effectiveness of your vulnerability management.
- Threats— Includes Reports Guide and Reports Guide reports which provide convenient access to analysis, statistics, assessments, and trending data related to threats and incidents detected from your subscribed products and services.
- Vulnerabilities—Includes Reports Guide, Reports Guide, and Reports Guide reports which provide convenient access to analysis, statistics, assessments, and trending data related to vulnerabilities discovered in your environment based on scanning outcomes.
- Remediations— Includes Reports Guide and Reports Guide reports which provide convenient access to analysis, statistics, assessments, and trending data related to configuration issues and security exposures from your subscribed products and services.
- Compliance—Includes Reports Guide and Reports Guide reports which provide convenient access to analysis, statistics, and trending data related to compliance assessment status and audit preparedness from your subscribed products and services.
- Service— Includes TM Professional Entitlement Summary, Reports Guide, Health, and Reports Guide reports which provide convenient access to data related to entitlements, capability usage, users and security content for your subscribed products and services.
PCI Scanning
You can schedule external scans that are required for PCI compliance. You can quickly and easily view the results of those scans. If you need to dispute scan results, and resolve vulnerabilities to prove compliance to auditor, you can use the PCI Scans Disputes page. To learn how to schedule and manage PCI scans, see Manage PCI Scans. To learn how to dispute PCI scan report findings, see PCI Scan Disputes.
Vulnerability Library
Alert Logic lists all of the scan content that Alert Logic scanners can check in the Vulnerability Library. You can easily search for and view information on a specified vulnerability Alert Logic scanned for and see whether it impacts assets in your environment. To learn more about the Alert Logic Vulnerability Library, see Vulnerability Library.
Management settings
You can manage user account settings, such as your name, contact information, and password. To learn more about how to manage user settings, see User settings.
You can also configure and manage notifications to keep you informed about the health of your account and the accounts you manage. If your user account has the Administrator role, you can manage the notifications for users in your customer account and accounts you manage. To learn more about notifications, see Notifications.
Alert Logic integrations allow you to extend Alert Logic into AWS Inspector and AWS Config Rules, configure Custom Checks as inputs to Alert Logic, and even integrate with the Atlassian JIRA ticketing system.
Service Status
The Service Status page provides updates for incidents in progress, including the overall status of Alert Logic regions and products, statuses for individual product capabilities, and details about past incidents. You can also subscribe to notifications when Alert Logic creates, updates, or resolves a service incident. To learn more about the Service Status page, see Service Status.