Managed Detection and Response Reports Upgrade

The Alert Logic Managed Detection and Response platform offers an enhanced and improved experience for customers upgrading from Cloud Defender, which includes upgrades to the Reports feature. This document is intended to help you find similar information from Cloud Defender Scheduled reports in the Managed Detection and Response Alert Logic console.

The Reports feature is available to all Managed Detection and Response product subscriptions. The Alert Logic console shows only the tabs and pages associated with your product subscription. This document describes all possible tabs and pages, but specifies the subscriptions that generate the tabs and pages. For more information about Alert Logic subscriptions and other features included with each subscription, see Get Started with Alert Logic Subscriptions and Add-ons.

Changes to your Reports experience

Your Report experience includes most of the information that was available to you in the Cloud Defender reports. Some reports have been moved to other report groups or are under other report categories in the same report group. Other Cloud Defender reports have been deprecated from the Managed Detection and Response. You can find similar information that was contained in Cloud Defender reports in other parts of the Alert Logic console.

Alert Logic will also release new reports to the Reports feature in the future, as indicated in the reports mapping sections.

This document includes the following sections:

About the Reports page in the Alert Logic console

To access the Reports page in the Alert Logic console, click the menu icon (), and then click Validate. Click Reports. On the Reports page, the following report categories are available, which have reports associated with that report category:

  • Risk Reports—Provide convenient access to analysis, statistics, assessments, and trending data related to your security and health posture, threat risk index, and enterprise risks. All subscriptions see this content.
  • Threats Reports—Provide convenient access to analysis, statistics, assessments, and trending data related to threats and incidents detected from your subscribed products and services. This content requires a Professional or Enterprise subscription.
  • Vulnerabilities Reports—Provide convenient access to analysis, statistics, assessments, and trending data related to vulnerabilities discovered in your environment based on scanning outcomes. All subscriptions see this content.
  • Remediations Reports—Provide convenient access to analysis, statistics, assessments, and trending data related to configuration issues and security exposures from your subscribed products and services. All subscriptions see this content.
  • Compliance Reports—Provide convenient access to analysis, statistics, and trending data related to compliance assessment status and audit preparedness from your subscribed products and services. All subscriptions see this content.
  • Service Reports—Provide convenient access to data related to entitlements, capability usage, users and security content for your subscribed products and services. This content requires a Professional or Enterprise subscription.

Each report allows you to download the report as an image, data, crosstab, PDF, or PowerPoint file. To learn how to download reports, see Report Download Option.

You can also schedule a report to run periodically and subscribe users to receive a notification when the report is generated. For more information, see Scheduled Reports and Notifications.

For a complete guide to reports types, categories, descriptions, and features offered in the Reports page, see Reports Guide.

Report mapping from Cloud Defender to Managed Detection and Response

Cloud Defender reports are separated into the following categories:

Case reports are not applicable in the Managed Detection and Response platform.

Universal reports mapping

Use the following table to find the information from the Universal reports.

Universal Report Managed Detection and Response Report Replacement Location in the Reports page
Enterprise Report

Monthly Enterprise Risk and Weekly Enterprise Risk

Click the Risk tab, and then click Enterprise Risk. Click VIEW.

CIO Threat Report
CIO Threat Trend Report Incident Daily Digest Trends Click Threats tab, and then click Incident Analysis. Click VIEW, and then click Incident Daily Digest Trends.
Threat Security Report Monthly Security Posture Report

Click the Risk tab, and then click Security Posture. Click VIEW, and then click Monthly Security Posture.

Active Users Report Current Users Click the Service tab, and then click Users. Click VIEW, and then click Current Users.

Deprecated reports

You can find similar information from the deprecated Universal reports in other parts of the Alert Logic console. The following Universal reports have been deprecated.

Deprecated Report Alert Logic console location Location in the Alert Logic console page
Blocked Hosts Report Blocking hosts is not supported in Managed Detection and Response. You can find other information for log sources, appliances, and hosts in the Health page. Click the menu icon (), and then click Respond. Click Health.
Active Sources Report You can find information for log sources, appliances, and hosts in the Health page. Click the menu icon (), and then click Respond. Click Health.

Future reports

For reports that will be available in the future, you can still find related information in the Alert Logic console.

For the User's Actions Log report, you can find the information related to a user's activity in the User Login Trends report in the Reports page. To learn more about this report, see User Login Trends.

To access the User Logins Trends report, click the Service tab, and then click Users. Click VIEW, and then click User Login Trends.

Incident reports mapping

Use the following table to find the information from the Incident reports.

Incident Report Managed Detection and Response Report Replacement Location in the Reports page
Executive Summary Monthly Incident Account Summary and Weekly Incident Account Summary Click the Threats tab, and then click Incident Account Summary. Click VIEW.
Full Report Monthly Incident Analysis and Weekly Incident Analysis Click the Threats tab, and then click Incident Analysis. Click VIEW.
Incidents By Status Incident Daily Digest and Incident Distribution Explorer Click the Threats tab, and then click Incident Analysis. Click VIEW.
Incidents by Classification
Incidents by Threat Level
Incidents By Time
Incidents by Summary Monthly Incident Analysis and Weekly Incident Analysis Click the Threats tab, and then click Incident Analysis. Click VIEW.
Top Hosts Triggering Incidents Incident Target Explorer Report Click the Threats tab, and then click Incident Analysis. Click VIEW, and then click Incident Target Explorer.

Deprecated reports

The information that was found in the deprecated Incident reports are no longer applicable to the Managed Detection and Response platform. The following Incidents reports have been deprecated with no plan for replacement:

  • Internal vs External
  • Incident/Block/Rollback Trends

For incident information and other data, you can refer to the Incidents page, and also Incident Analysis reports.

Future reports

For reports that will be available in the future, you can still find related information in the Alert Logic console. For the Incident Details report, you can also find information for incidents in the Incidents page. To access the Incidents page, click the menu icon (), and then Respond. Click Incidents.

Event reports mapping

Use the following table to find the information from the Event reports.

Event Report Managed Detection and Response Report Replacement Location in the Reports page

Executive Summary

Network IDS Events Explorer

Click the Threats tab, and then click Event Analysis. Click VIEW, and then click Network IDS Events Explorer.

Full Report

Monthly Event Analysis and Weekly Event Analysis Click the Threats tab, and then click Event Analysis. Click VIEW, and then click Monthly Event Analysis or Weekly Event Analysis.

Event By Time

Events by Classification

Network IDS Events Explorer Click the Threats tab, and then click Event Analysis. Click VIEW, and then click Network IDS Events Explorer.

Top Signatures

Top Event Sources and Destinations Click the Threats tab, and then click Event Analysis. Click VIEW, and then click Top Event Sources and Destinations.

Top Source Addresses

Top Source Ports

Top Destination Addresses

Top Destination Ports

Top Source/Destination Combinations
Events Per Second By Customer IDS Traffic Click the Service tab, and then click Capability Usage. Click VIEW, and then click IDS Traffic.

Deprecated reports

The information that was found in the deprecated Incident reports are no longer applicable to the Managed Detection and Response platform. The following Event reports have been deprecated with no plan for replacement:

  • Events by Threat Level
  • Internal vs. External Events

The following Events reports have been deprecated and the information that was found in these reports exists in other part of the Alert Logic console.

Event Report Alert Logic console location Location in the Alert Logic console page
Events - Detail You can find information for events in the Events page. Click the menu icon (), and then click Investigate. Click Search, and then click Events.
Event Export By Malware and SQL Injection You can find information for events in the Events page. Click the menu icon (), and then click Investigate. Click Search, and then click Events.

Vulnerability reports mapping

Use the following table to find the information from the Vulnerability reports.

Vulnerability Report Managed Detection and Response Report Replacement Location in the Reports page

Executive Summary

Monthly Vulnerability Summary and Weekly Vulnerability Summary

Click the Vulnerabilities tab, and then click Vulnerability Analysis. Click VIEW, and then click Monthly Vulnerability Summary or Weekly Vulnerability Summary.

Full Report

Monthly Vulnerability Analysis and Weekly Vulnerability Analysis

Click the Vulnerabilities tab, and then click Vulnerability Analysis. Click VIEW, and then click Monthly Vulnerability Analysis or Weekly Vulnerability Analysis.

Historical View of Vulnerabilities

Monthly Vulnerability Summary and Weekly Vulnerability Summary Click the Vulnerabilities tab, and then click Vulnerability Analysis. Click VIEW, and then click Monthly Vulnerability Summary or Weekly Vulnerability Summary.

Top 10 Vulnerabilities

Monthly Top 10 Vulnerability Lists and Weekly Top 10 Vulnerability Lists

Click the Vulnerabilities tab, and then click Vulnerability Analysis. Click VIEW, and then click Monthly Top 10 Vulnerability Lists or Weekly Top 10 Vulnerability Lists.

Vulnerabilities by Age

Monthly Vulnerability Summary and Weekly Vulnerability Summary Click the Vulnerabilities tab, and then click Vulnerability Analysis. Click VIEW, and then click Monthly Vulnerability Summary or Weekly Vulnerability Summary.

Vulnerabilities by Risk Level

Most Vulnerable Zones

Monthly Vulnerability Analysis and Weekly Vulnerability Analysis Click the Vulnerabilities tab, and then click Vulnerability Analysis. Click VIEW, and then click Monthly Vulnerability Analysis or Weekly Vulnerability Analysis.

Most Vulnerable Host Groups

Most Vulnerable Service Types

Hosts By Vulnerabilities

Current Vulnerabilities Breakdown

Click Vulnerabilities tab, and then click Current Vulnerability Breakdown. Click VIEW, and then click Current Vulnerabilities Breakdown.

Detailed Hosts By Vulnerabilities

Vulnerabilities by Hosts Current Vulnerable Hosts Breakdown Click Vulnerabilities tab, and then click Current Vulnerable Hosts Breakdown. Click VIEW, and then click Current Vulnerable Hosts Breakdown.
Detailed Vulnerabilities by Host

Log reports mapping

Use the following table to find the information from the Log reports.

Log Report Managed Detection and Response Report Replacement Location in the Reports page

Executive Summary

Top 10 Log Collectors

Click the Service tab, and then click Capability Usage. Click VIEW, and then click Top 10 Log Collectors.

Full Report

Log Collection Click the Service tab, and then click Capability Usage. Click VIEW, and then click Log Collection.

Deprecated Log reports

The Log reports have been deprecated and the information that was found in these reports exist in the Get Started with Search page in the Alert Logic console. You can use the Search Expert Mode and Search Simple Mode to generate search results that were found in the following reports:

  • Invalid Credential Report
  • No Hosts on Appliance
  • No Windows Logs
  • No Logs
  • Log Source Last Collected
  • Error Sources Status History
  • Log Collection Health

To access the Log Search page, click the menu icon (), and then click Investigate. Click Search.

Future Log reports

For the Log Source Activity report, you can use the Log message example to generate search results from the Get Started with Search page. To access the Log Search page, click the menu icon (), and then click Investigate. Click Search.

You can also find information for log collection statuses in the Health page. To access the Health page, click the menu icon (), and then click Respond. Click Health.

Compliance reports mapping

Use the following table to find the information from the Compliance reports.

Compliance Report Managed Detection and Response Report Replacement Location in the Reports page
PCI Reports - Executive Summary

PCI DSS Audit

Click the Compliance tab, and then click PCI DSS Audit. Click VIEW.

PCI Reports - Full Report
HIPAA Reports - Executive Summary HIPAA-HITECH Security Audit Click the Compliance tab, and then click HIPAA-HITECH Security Audit. Click VIEW.
HIPAA Compliance - Full Report