Managed Detection and Response Reports Upgrade
The Alert Logic Managed Detection and Response platform offers an enhanced and improved experience for customers upgrading from Cloud Defender, which includes upgrades to the Reports feature. This document is intended to help you find similar information from Cloud Defender Scheduled reports in the Managed Detection and Response Alert Logic console.
The Reports feature is available to all Managed Detection and Response product subscriptions. The Alert Logic console shows only the tabs and pages associated with your product subscription. This document describes all possible tabs and pages, but specifies the subscriptions that generate the tabs and pages. For more information about Alert Logic subscriptions and other features included with each subscription, see Get Started with Alert Logic Subscriptions and Add-ons.
Changes to your Reports experience
Your Report experience includes most of the information that was available to you in the Cloud Defender reports. Some reports have been moved to other report groups or are under other report categories in the same report group. Other Cloud Defender reports have been deprecated from the Managed Detection and Response. You can find similar information that was contained in Cloud Defender reports in other parts of the Alert Logic console.
Alert Logic will also release new reports to the Reports feature in the future, as indicated in the reports mapping sections.
This document includes the following sections:
- About the Reports page in the Alert Logic console—Find the Reports page and learn about its content
- Report mapping from Cloud Defender to Managed Detection and Response—Find the new location of your reports
About the Reports page in the Alert Logic console
To access the Reports page in the Alert Logic console, click the menu icon (), and then click Validate. Click Reports. On the Reports page, the following report categories are available, which have reports associated with that report category:
- Risk Reports—Provide convenient access to analysis, statistics, assessments, and trending data related to your security and health posture, threat risk index, and enterprise risks. All subscriptions see this content.
- Threats Reports—Provide convenient access to analysis, statistics, assessments, and trending data related to threats and incidents detected from your subscribed products and services. This content requires a Professional or Enterprise subscription.
- Vulnerabilities Reports—Provide convenient access to analysis, statistics, assessments, and trending data related to vulnerabilities discovered in your environment based on scanning outcomes. All subscriptions see this content.
- Remediations Reports—Provide convenient access to analysis, statistics, assessments, and trending data related to configuration issues and security exposures from your subscribed products and services. All subscriptions see this content.
- Compliance Reports—Provide convenient access to analysis, statistics, and trending data related to compliance assessment status and audit preparedness from your subscribed products and services. All subscriptions see this content.
- Service Reports—Provide convenient access to data related to entitlements, capability usage, users and security content for your subscribed products and services. This content requires a Professional or Enterprise subscription.
Each report allows you to download the report as an image, data, crosstab, PDF, or PowerPoint file. To learn how to download reports, see Report Download Option.
You can also schedule a report to run periodically and subscribe users to receive a notification when the report is generated. For more information, see Scheduled Reports and Notifications.
For a complete guide to reports types, categories, descriptions, and features offered in the Reports page, see Reports Guide.
Report mapping from Cloud Defender to Managed Detection and Response
Cloud Defender reports are separated into the following categories:
- Universal reports mapping
- Incident reports mapping
- Event reports mapping
- Vulnerability reports mapping
- Log reports mapping
- Compliance reports mapping
Case reports are not applicable in the Managed Detection and Response platform.
Universal reports mapping
Use the following table to find the information from the Universal reports.
Universal Report | Managed Detection and Response Report Replacement | Location in the Reports page |
---|---|---|
Enterprise Report |
Click the Risk tab, and then click Enterprise Risk. Click VIEW. |
|
CIO Threat Report | ||
CIO Threat Trend Report | Incident Daily Digest Trends | Click Threats tab, and then click Incident Analysis. Click VIEW, and then click Incident Daily Digest Trends. |
Threat Security Report | Monthly Security Posture Report |
Click the Risk tab, and then click Security Posture. Click VIEW, and then click Monthly Security Posture. |
Active Users Report | Current Users | Click the Service tab, and then click Users. Click VIEW, and then click Current Users. |
Deprecated reports
You can find similar information from the deprecated Universal reports in other parts of the Alert Logic console. The following Universal reports have been deprecated.
Deprecated Report | Alert Logic console location | Location in the Alert Logic console page |
---|---|---|
Blocked Hosts Report | Blocking hosts is not supported in Managed Detection and Response. You can find other information for log sources, appliances, and hosts in the Health page. | Click the menu icon (), and then click Respond. Click Health. |
Active Sources Report | You can find information for log sources, appliances, and hosts in the Health page. | Click the menu icon (), and then click Respond. Click Health. |
Future reports
For reports that will be available in the future, you can still find related information in the Alert Logic console.
For the User's Actions Log report, you can find the information related to a user's activity in the User Login Trends report in the Reports page. To learn more about this report, see User Login Trends.
To access the User Logins Trends report, click the Service tab, and then click Users. Click VIEW, and then click User Login Trends.
Incident reports mapping
Use the following table to find the information from the Incident reports.
Incident Report | Managed Detection and Response Report Replacement | Location in the Reports page |
---|---|---|
Executive Summary | Monthly Incident Account Summary and Weekly Incident Account Summary | Click the Threats tab, and then click Incident Account Summary. Click VIEW. |
Full Report | Monthly Incident Analysis and Weekly Incident Analysis | Click the Threats tab, and then click Incident Analysis. Click VIEW. |
Incidents By Status | Incident Daily Digest and Incident Distribution Explorer | Click the Threats tab, and then click Incident Analysis. Click VIEW. |
Incidents by Classification | ||
Incidents by Threat Level | ||
Incidents By Time | ||
Incidents by Summary | Monthly Incident Analysis and Weekly Incident Analysis | Click the Threats tab, and then click Incident Analysis. Click VIEW. |
Top Hosts Triggering Incidents | Incident Target Explorer Report | Click the Threats tab, and then click Incident Analysis. Click VIEW, and then click Incident Target Explorer. |
Deprecated reports
The information that was found in the deprecated Incident reports are no longer applicable to the Managed Detection and Response platform. The following Incidents reports have been deprecated with no plan for replacement:
- Internal vs External
- Incident/Block/Rollback Trends
For incident information and other data, you can refer to the Incidents page, and also Incident Analysis reports.
Future reports
For reports that will be available in the future, you can still find related information in the Alert Logic console. For the Incident Details report, you can also find information for incidents in the Incidents page. To access the Incidents page, click the menu icon (), and then Respond. Click Incidents.
Event reports mapping
Use the following table to find the information from the Event reports.
Event Report | Managed Detection and Response Report Replacement | Location in the Reports page |
---|---|---|
Executive Summary |
Click the Threats tab, and then click Event Analysis. Click VIEW, and then click Network IDS Events Explorer. |
|
Full Report |
Monthly Event Analysis and Weekly Event Analysis | Click the Threats tab, and then click Event Analysis. Click VIEW, and then click Monthly Event Analysis or Weekly Event Analysis. |
Event By Time |
||
Events by Classification |
Network IDS Events Explorer | Click the Threats tab, and then click Event Analysis. Click VIEW, and then click Network IDS Events Explorer. |
Top Signatures |
Top Event Sources and Destinations | Click the Threats tab, and then click Event Analysis. Click VIEW, and then click Top Event Sources and Destinations. |
Top Source Addresses |
||
Top Source Ports |
||
Top Destination Addresses |
||
Top Destination Ports |
||
Top Source/Destination Combinations | ||
Events Per Second By Customer | IDS Traffic | Click the Service tab, and then click Capability Usage. Click VIEW, and then click IDS Traffic. |
Deprecated reports
The information that was found in the deprecated Incident reports are no longer applicable to the Managed Detection and Response platform. The following Event reports have been deprecated with no plan for replacement:
- Events by Threat Level
- Internal vs. External Events
The following Events reports have been deprecated and the information that was found in these reports exists in other part of the Alert Logic console.
Event Report | Alert Logic console location | Location in the Alert Logic console page |
---|---|---|
Events - Detail | You can find information for events in the Events page. | Click the menu icon (), and then click Investigate. Click Search, and then click Events. |
Event Export By Malware and SQL Injection | You can find information for events in the Events page. | Click the menu icon (), and then click Investigate. Click Search, and then click Events. |
Vulnerability reports mapping
Use the following table to find the information from the Vulnerability reports.
Vulnerability Report | Managed Detection and Response Report Replacement | Location in the Reports page |
---|---|---|
Executive Summary |
Monthly Vulnerability Summary and Weekly Vulnerability Summary |
Click the Vulnerabilities tab, and then click Vulnerability Analysis. Click VIEW, and then click Monthly Vulnerability Summary or Weekly Vulnerability Summary. |
Full Report |
Monthly Vulnerability Analysis and Weekly Vulnerability Analysis |
Click the Vulnerabilities tab, and then click Vulnerability Analysis. Click VIEW, and then click Monthly Vulnerability Analysis or Weekly Vulnerability Analysis. |
Historical View of Vulnerabilities |
Monthly Vulnerability Summary and Weekly Vulnerability Summary | Click the Vulnerabilities tab, and then click Vulnerability Analysis. Click VIEW, and then click Monthly Vulnerability Summary or Weekly Vulnerability Summary. |
Top 10 Vulnerabilities |
Monthly Top 10 Vulnerability Lists and Weekly Top 10 Vulnerability Lists |
Click the Vulnerabilities tab, and then click Vulnerability Analysis. Click VIEW, and then click Monthly Top 10 Vulnerability Lists or Weekly Top 10 Vulnerability Lists. |
Vulnerabilities by Age |
Monthly Vulnerability Summary and Weekly Vulnerability Summary | Click the Vulnerabilities tab, and then click Vulnerability Analysis. Click VIEW, and then click Monthly Vulnerability Summary or Weekly Vulnerability Summary. |
Vulnerabilities by Risk Level |
||
Most Vulnerable Zones |
Monthly Vulnerability Analysis and Weekly Vulnerability Analysis | Click the Vulnerabilities tab, and then click Vulnerability Analysis. Click VIEW, and then click Monthly Vulnerability Analysis or Weekly Vulnerability Analysis. |
Most Vulnerable Host Groups |
||
Most Vulnerable Service Types |
||
Hosts By Vulnerabilities |
Current Vulnerabilities Breakdown |
Click Vulnerabilities tab, and then click Current Vulnerability Breakdown. Click VIEW, and then click Current Vulnerabilities Breakdown. |
Detailed Hosts By Vulnerabilities |
||
Vulnerabilities by Hosts | Current Vulnerable Hosts Breakdown | Click Vulnerabilities tab, and then click Current Vulnerable Hosts Breakdown. Click VIEW, and then click Current Vulnerable Hosts Breakdown. |
Detailed Vulnerabilities by Host |
Log reports mapping
Use the following table to find the information from the Log reports.
Log Report | Managed Detection and Response Report Replacement | Location in the Reports page |
---|---|---|
Executive Summary |
Click the Service tab, and then click Capability Usage. Click VIEW, and then click Top 10 Log Collectors. |
|
Full Report |
Log Collection | Click the Service tab, and then click Capability Usage. Click VIEW, and then click Log Collection. |
Deprecated Log reports
The Log reports have been deprecated and the information that was found in these reports exist in the Get Started with Search page in the Alert Logic console. You can use the Search Expert Mode and Search Simple Mode to generate search results that were found in the following reports:
- Invalid Credential Report
- No Hosts on Appliance
- No Windows Logs
- No Logs
- Log Source Last Collected
- Error Sources Status History
- Log Collection Health
To access the Log Search page, click the menu icon (), and then click Investigate. Click Search.
Future Log reports
For the Log Source Activity report, you can use the Log message example to generate search results from the Get Started with Search page. To access the Log Search page, click the menu icon (), and then click Investigate. Click Search.
You can also find information for log collection statuses in the Health page. To access the Health page, click the menu icon (), and then click Respond. Click Health.
Compliance reports mapping
Use the following table to find the information from the Compliance reports.
Compliance Report | Managed Detection and Response Report Replacement | Location in the Reports page |
---|---|---|
PCI Reports - Executive Summary |
Click the Compliance tab, and then click PCI DSS Audit. Click VIEW. |
|
PCI Reports - Full Report | ||
HIPAA Reports - Executive Summary | HIPAA-HITECH Security Audit | Click the Compliance tab, and then click HIPAA-HITECH Security Audit. Click VIEW. |
HIPAA Compliance - Full Report |