Alert Logic Console Release Notes

Alert Logic console release notes

Release date: June 18, 2020

Features

Alert Logic is releasing the Current Vulnerability Breakdown reports to the Vulnerability tab in the Reports page, which provide a breakdown of current vulnerability instances and vulnerable hosts ranked by count and severity with asset-level or vulnerability details. The Current Vulnerability Breakdown reports include the following:

Release date: June 3, 2020

Features

Alert Logic is releasing the Threat Risk Index (TRI) Summary Dashboard for Managed Detection and Response customers. The TRI Summary dashboard provides insights into the recent threat risk index TRI scores of your environment. To learn more about TRI Summary Dashboard, see Threat Risk Index Summary.

Release date: May 5, 2020

Features

Alert Logic is releasing a new unified notifications experience in a phased rollout starting May 5, 2020 and ending May 11, 2020. The upgraded Notifications feature updates incident notifications and adds two new notification types:

  • Log correlationsYou can now set up and save a log correlation rule and configure it to create an observation or an incident and send a notification when a match occurs.
  • Scheduled reportsYou can set up and save a report schedule to generate a report periodically and send a notification when the report is generated. If you are a Managed Detection and Responsecustomer and previously set up a Health Status notification, Alert Logic upgraded it as a scheduled report. After a scheduled report is generated, Alert Logic saves it for viewing and download.

You can subscribe both email recipients and configured integrations such as a webhook to receive notifications.

For more information about the Notifications feature, how to create and manage notifications, and to learn how Alert Logic upgraded your existing notifications, see:

Release date: April 2, 2020

Features

Alert Logic is releasing the following features to enhance your experience in the Alert Logic console, and add administrative and security value to your organization:

  • Application Registry is a repository of multiple third-party application integrations that can generate log data which Alert Logic can collect. Application Registry is only available for Managed Detection and Response Professional and Enterprise customers. To learn more about Application Registry, see Application Registry.

  • Application Log is a new configuration experience with functional APIs specific to the applications you want to configure. The Application Log feature streamline workflow with specific templates applications that currently supports flat file logs. For more information, see Application Logs for Flat File Configuration.

  • Alert Logic can detect and generate Firewall Security Incidents and observations from log data collected from third-party firewall application resources. To learn more firewall security incidents, see Firewall Incidents.

  • Alert Logic is also releasing the following dashboards in combination with firewall incidents for customers with configured firewall application resources and log collection instances:

    • The Firewall Log Volume Analysis dashboard provides insights into the volume of firewall log messages, firewall security incidents and observations in your environment. To learn more about this dashboard, see Firewall Log Volume Analysis Dashboard.
    • The Firewall Log Security Analysis dashboard provides insights into the firewall security incidents generated from analyzing firewall logs in your environment. To learn more about this dashboard, see Firewall Log Security Analysis Dashboard.

  • Alert Logic now expanded the health information int the Reports page for Managed Detection and Response customers. The Daily Health Summary and Weekly Health Summary reports provides insights into issues in your environment related to your protected networks, data collection, and agents. To learn more about the Daily Health Summary report, see Daily Health Summary. To learn more about the Weekly Health Summary report, see Weekly Health Summary.

Release date: March 31, 2020

Features

Alert Logic now offers Managed Detection and Response partners and customers with managed accounts two additional dashboards. For more information, see the following:

  • The Managed Accounts Health Summary dashboard summarizes and provides insights into the health status of the accounts you manage from the previous day. For more information about this dashboard, see Managed Accounts Health Summary Dashboard.
  • The Managed Accounts Security Summary dashboard provides insights into the recent security status of the accounts you manage. For more information about this dashboard, see Managed Accounts Security Summary Dashboard.

Release date: February 27, 2020

Features

Alert Logic now offers Managed Detection and Response customers monthly and weekly reports for the following vulnerability reports:

Release date: February 19, 2020

Features

Alert Logic has taken further security measures and now requires customers with Azure deployments to grant extra permissions. This will allow Alert Logic to perform benchmark checks on your Azure deployments that expose vulnerabilities. See the following documentation for more information:

Release date: February 14, 2020

Features

Alert Logic has released Dashboards, a new home page that centralizes information in interactive visuals and simplifies navigation to other pages in the Alert Logic console. You can now try Dashboards and become familiar with the new and improved experience. For more information about Dashboards and how to try it, see Dashboards. For more information about the new Dashboards navigation, see Managed Detection and Response Navigation Menu Updates.

Release date: December 19, 2019

Features

Release date: December 11, 2019

Features

Alert Logic has released an improved version of the PCI Scan Disputes page. You can use the PCI Scan Dispute to submit disputes for vulnerabilities in non-compliant scan policies. For more information, see PCI Scan Disputes.

Release date: December 3, 2019

Features

Alert Logic now includes the option to configure webhooks, which allows Alert Logic incident notifications to be sent to any public-facing web server configured to handle HTTP callbacks. For more information, see Webhooks.

Release date: November 6, 2019

Features

For Azure-based deployments, Alert Logic now supports the ability for customers to use client credentials, defined by role-based access control within the Azure console. Microsoft recommends this method of authentication to reduce service interruptions due to stale username/password combinations. All new users will only be able to use client credentials going forward. Existing customers can continue using their existing username/password combinations until they reset them. For more information on creating the appropriate RBAC roles, see Configure App Registration and RBAC for Microsoft Azure Resources.

Alert Logic has split multi-page reports into single-page reports to allow customers direct access to information. The reports were divided as follows:

Original Report Name New Report Names
Vulnerable Host Explorer Vulnerable Hosts Explorer
Vulnerable Hosts Change Trends
Vulnerability Distribution Explorer Vulnerability Distribution Explorer
Vulnerability Change Trends
Network IDS Events Explorer Network IDS Events Explorer
Top Events Sources and Destinations
Log Collection Log Collection
Top 10 Log Collectors
IDS Traffic IDS Traffic
Top 10 IDS Assets
Customer Contacts Escalation Contacts
Notification Contacts
Incident Notification Contacts
Vulnerability Summary Vulnerability Summary
Top 10 Vulnerability Lists
Vulnerabilities List
TRI Summary TRI Summary
Top 10 TRI Lists

Release date: October 10, 2019

Feature

Alert Logic updated the Saved Searches functionality to expand the options for setting notifications. Users can add one or more users from the same customer account to the list of notification recipients in the saved search panel. For more information, see Create Saved and Scheduled Log Searches.

Release date: September 24, 2019

Feature

Alert Logic released a new feature for customers with Essentials and Professional subscriptions.

The new Extended Endpoint Protection functionality from Alert Logic helps you control threats and manage incidents from employee workstations, points of sale, servers, and more. For more information, see About Alert Logic Extended Endpoint Protection and Get Started with Alert Logic Extended Endpoint Protection.

Release date: September 17, 2019

Feature

Alert Logic added a new feature to the scanning functionality, Scan Now. If you need to run a scan immediately, you can use the Scan Now feature on the Topology page. This scans the selected asset right away or as soon as possible, outside of the normal schedule. See Scan Now for more information.

Release date: September 13, 2019

Feature

  • Alert Logic added five new compliance reports, located in the Compliance tab of the Reports page, that provide guidance for performing log searches to help demonstrate compliance with some 10.2 requirements of the Payment Card Industry Data Security Standard (PCI DSS):
  • Alert Logic added a new report, Missing Agent Digest, to the Health report group in the Service tab of the Reports page. The Missing Agent Digest report provides insight into the daily issues related to hosts that are missing agents, including a comparison of missing agent statuses, top ten lists, and a list of hosts with missing agents. To learn more about this report, see Missing Agent Digest.

Release date: July 10, 2019

Feature

  • Alert Logic has revamped the following three compliance reports, located in the Compliance tab of the Reports page, to help you demonstrate compliance with some requirements of the Payment Card Industry Data Security Standard (PCI DSS):
    • The PCI Requirement 6.6 report provides Web Application Firewall (WAF) deployments, traffic, incidents, and attacks that help demonstrate compliance with Requirement 6.6. For more information about this report, see PCI Requirement 6.6.
    • The PCI Requirement 10.5.1 report provides a list of the current log management users that help you demonstrate compliance with Requirement 10.5.1. For more information about this report, see PCI Requirement 10.5.1.
    • The PCI Requirement 11.4 report shows Network IDS incidents and customer escalation contacts that help you demonstrate compliance with Requirement 11.4. For more information about this report, see PCI Requirement 11.4.
  • Alert Logic added four new compliance reports, located in the Compliance tab of the Reports page, that provide available documentation and compliance artifacts to help demonstrate compliance with some requirements of the PCI DSS and the Health Insurance Portability and Accountability Act (HIPAA) Security Audit, which include the following:
    • The PCI Requirement 10.6.1 report provides log review incidents and log management incidents that help you demonstrate compliance with Requirement 10.6.1. For more information about this report, see PCI Requirement 10.6.1.
    • The HIPAA 164.308(a)(1)(ii)(D)—Information System Activity Review report provides the log review and log management incidents that help demonstrate compliance with HIPAA 164.308(a)(1)(ii)(D). For more information about this report, see HIPAA 164.308(a)(1)(ii)(D)—Information System Activity Review.
    • The HIPAA 164.308(a)(6)(ii)—Response and Reporting report provides available documentation and compliance artifacts that help you demonstrate compliance with requirements of HIPAA 164.308(a)(6)(ii). For more information about this report, see HIPAA 164.308(a)(6)(ii)—Response and Reporting.
    • The HIPAA 164.308(a)(5)(ii)(C)—Login Monitoring report provides available documentation and compliance artifacts that help you demonstrate compliance with requirements of HIPAA 164.308(a)(5)(ii)(C). For more information about this report, see HIPAA 164.308(a)(5)(ii)(C)—Login Monitoring.
  • Alert Logic added the Health report group, which includes two new reports, to the Service tab of the Reports page. The Health reports provide valuable summary and trending data on the health status of protected networks and assets collecting log or network data, which include the following:
    • The Network Health Status Digest report provides insight into the daily issues related to protected networks in your environment, including a comparison of health statuses, top ten lists, and total number of open remediations for each network. For more information about this report, see Network Health Status Digest.
    • The Collection Issues Digest report provides insight into the daily issues related to log data collection and Network IDS traffic, including a comparison of health statuses, top five lists, and a list of open remediations to fix configuration issues. For more information about this report, see Collection Issues Digest.

Release date: June 12, 2019

Feature

Alert Logic manual mode deployments now include a Cross-Network Protection option, which allows networks to connect and use resources from a network with an assigned appliance for Network IDS or scanning. This centralizes the appliances that provide protection to your account, which allows your organization to reduce infrastructure costs. For more information, see Cross-Network Protection.

Release date: May 28, 2019

Features

Alert Logic added significant updates to the Log Search functionality, including the following features:

Release date: April 25, 2019

Feature

  • Alert Logic added the Health console, which consist of pages on the summary of your environment, detailed health information of your networks, appliances, and agents with suggested configuration remediations, and the option to subscribe to health summary alerts. For more information, see Health.
  • Alert Logic deployments now include a Network IDS Whitelist option that allows you to select networks for whitelisting. For customers who were previously subscribed to Alert Logic legacy products, and have upgraded to Managed Detection and Response, your Network IDS whitelist will be migrated to the new experience.
  • Alert Logic added an Expedite Scan Capability in topology which expedites scans on individual assets when your organization requires specific assets to be scanned immediately. Alert Logic moves expedited scans ahead of their schedule to the next available time. For more information about expedite scans, see Topology.
  • Alert Logic added a new report, the PCI Requirement 10.6 (Incidents) report, which provides log review and log management incidents to help demonstrate compliance to Requirement 10.6 of PCI DSS. For more information about this report, see PCI Requirement 10.6 (Incidents).
  • Alert Logic added a new report, the PCI Requirement 11.4 report, which provides Network IDS incidents and customer escalation contacts to help you demonstrate compliance to Requirement 11.4 of the PCI DSS. For more information about this report, see PCI Requirement 11.4.

Release date: April 9, 2019

Feature

  • Alert Logic updated scan frequency and scheduling to allow you to schedule internal vulnerability scans and external vulnerability scans separately. For more information, see Manage Scans and Scan Results.
  • When you add assets to a Data Center deployment, you can now inform Alert Logic that your network equipment is configured to SPAN or another port mirroring feature. If you select this option, you avoid duplicating Network IDS traffic reported to Alert Logic while allowing Alert Logic to analyze the traffic passing through the port mirroring feature. For more information about Data Center assets, see Add assets.

Release date: April 5, 2019

Feature

  • Alert Logic updated the CIS AWS Foundations Benchmark report in the Alert Logic console to support Level 1 and Level 2 of the latest version (1.2.0) of the CIS AWS Foundations Benchmark. Users can now asses their AWS accounts against the latest CIS AWS Foundations Benchmark guidelines, including multi-factor authentications, AWS Config auditing, review of VPC peering network rules, review of IAM policies, access key rotation, and other improvements. For more information about the CIS AWS Foundations Benchmark report, see Reports Guide.
  • Alert Logic updated the incident notes in the Incidents page to include the name of the Alert Logic analyst who provided the notes and the name of the user who has updated the incident. The notes appear in the Audit Log of the Investigation Report and Recommendation pages, and in the Evidence page. For more information about incident notes, see Investigation Report.
  • Alert Logic now includes Alert Logic analyst notes in email notifications for incident escalations. This allows users to see the analyst notes provided in the Incidents page immediately without having to log into the Alert Logic console. For information about incident notifications in the Alert Logic console, see Incident notifications.

Release date: April 2, 2019

Feature

Alert Logic added notifications for incidents originating from Amazon GuardDuty findings. GuardDuty is a threat detection service that continuously monitors for malicious activity and unauthorized behavior to protect your AWS accounts and workloads. The Alert LogicAmazon GuardDuty integration lets you view GuardDuty findings in the Alert Logic console Incidents page.

The Incidents page allows you to configure notifications for incidents based on their threat levels. With the added notification support, all GuardDuty incidents are available by their threat levels. For guidance and information about GuardDuty findings severity, which corresponds to Alert Logic threat level, see Amazon documentation for GuardDuty findings and severity. For information about incident notifications in the Alert Logic console, see Incident notifications

Release date: March 12, 2019

Features

  • Alert Logic updated scan scheduling to allow more control of your scan schedules. You can schedule how often and when to perform vulnerability scans and discovery scans for each of your deployments. For more information, see Manage Scans and Scan Results.
  • For customers who were previously subscribed to Alert Logic legacy products, and have upgraded to Managed Detection and Response, you can access your legacy scan results and archived reports. For more information, see Manage Scans and Scan Results.
  • Alert Logic added a new report, Network IDS Traffic, which provides visibility into the Network IDS traffic volume and collections processed in your environment. For more information, see IDS Traffic.
  • Alert Logic updated the IAM Role policy documents for Amazon Web Services (AWS) deployments. If your customer account provides the Managed Detection and Response products, Alert Logic recommends you update your existing deployments to use IAM roles created with the most current policy documents. For more information, see Update your IAM roles

Release date: February 26, 2019

Features

  • Alert Logic now offers Log Review service with Managed Detection and Response. Log Review creates incidents, which appear on the Incidents page and in notification emails. Some Log Review incidents are escalated by an Alert Logic security analyst, and the rest appear as info level incidents.
  • Alert Logic added a new report, Monthly Log Review, which provides a monthly summary analysis of your Log Review incidents. For more information, see Monthly Log Review Report.

Release date: November 28, 2018

Features

Alert Logic has launched an integration with the new Security Hub offering from AWS. See Integration with AWS Security Hub for more information.

Release date: April 25, 2018

Bug fixes

  • This release resolves an issue with updating agent policies. The issue is resolved and users can create and update agent policies as normal.
  • This release resolves an issue with events, incidents, and blocking alert rules. To access the pages, click CONFIGURATION, then click Notifications, and then select the type of alert rule you want to create.
  • This release resolves cosmetic issues with page layout on several configuration screens, and the Zones and Host Groups screens.
  • This release resolves an issue that redirected users when they clicked a link to an incident.
  • This release resolves an issue with updating block requests in the incidents panel.
  • This release updates an error message that appears when a read-only user tries to access unauthorized tools or content.
  • This release resolves an issue with list filters on the sources pages. All filters appear as intended now.
  • This release resolves an issue with a link in the PCI Dispute system.

Features

  • This release adds a time zone selection field to the New Source menu. You must choose a time zone to create a source.

Release date: April 20, 2018

Bug fixes

  • This release resolves an issue where Azure deployments did not show protected hosts associated with the deployment.
  • This release resolves cosmetic issues with page sizing and scrolling.
  • This release resolves an issue in the menu to add a new certificate. For some users, the menu timed out before they were done filling in all the information. This issue has been resolved.
  • This release resolves an issue with the Save button on the correlation policy and flat file log sources screens for certain deployments. The Save button now displays and works as expected.

Features

  • This release adds a feature that displays the full name of the account you are viewing in the Alert Logic console.

Release date: April 17, 2018

Bug fixes

  • This release resolves an issue with user time zone settings.
  • This release resolves an issue where the host metadata displayed the private IP as a public IP.
  • This release resolves an issue with viewing log messages within cases.
  • This release resolves compatibility issues with Internet Explorer version 11.
  • This release resolves an issue that caused the Alert Logic console to display an error when users tried to turn a host into a protected host.
  • This release resolves an issue with appliances and agents filtering on Azure deployments.
  • This release resolves an issue where metadata was missing on some log sources.
  • This release resolves an issue with the Save button on the correlation policy editing screen.

Features

  • This release adds a feature that allows users to select the customer account they want to use in the Statistics tab of Scans.

Release date: week of April 9-13, 2018

Bug fixes

  • This release resolves an issue with retrieving SSL certifications.
  • This release resolves an issue with the search function.
  • This release resolves a cosmetic issue with the layout of the Scans Dashboard page.
  • This release resolves an issue with the reporting system in the Alert Logic console. All users can now access reports normally.
  • This release resolves an issue with the forgotten password link on the login page.
  • This release resolves an issue with incident and event counts on the dashboard pages. All counts are now accurate.
  • This release resolves an issue with cached pages causing certain links to redirect users. The issue is resolved, and all links and navigation tools work as expected.
  • This release resolves issues where the Alert Logic console did not work normally for users who accessed it from certain browsers. The issue is resolved, though if you continue to experience issues, use Google Chrome.
  • This release resolves an issue where an internal Alert Logic feature appeared to customers as a dead link. The link no longer appears for non-Alert Logic users.
  • This release resolves an issue where users could view data on the Scan dashboard for all accounts for which the user had access. The issue is resolved, and customers now only see data for the selected account.

Features

  • This release adds multiple ID numbers to identify incidents and events.
  • This release adds a feature that allows allowing users to easily share links to events.
    • In the Alert Logic console, click SEARCH, and then click Events. In the list that appears, find the event you want to share, and then click the share icon () in the Share column. A new browser tab opens and shows event details. The URL in the new tab is a direct link to the event details page.
    • You may also click an event to view the event details page. From the event details page, click the share icon () at the top of the page. The A new browser tab opens, and the URL in the new tab is a direct link to the event details page.

Release date: April 7, 2018

Features

Alert Logic updated the Alert Logic console to provide a single login and universal navigation for all products and subscriptions. This update allows you to easily find everything you need in one place across the entire Alert Logic portfolio. The top-level navigation is organized around functional categories (incidents, remediations, search, reports), and is subscription-aware, which means you see only the content relevant to your organization. In addition, you can access all of your Alert Logic products, across all your data-residencies, within one portal. Other features in this release include:

  • The upgraded reporting console provides richer, interactive reports. The new reporting console is intuitively organized and easily searchable. Incident Analysis reports provide valuable insights and trending data for incidents created from all subscribed detection sources (Network IDS, Log Management, Web App IDS, and Amazon GuardDuty). Service Summary reports provide summary information and visibility into product configuration, product status, and security outcomes from your subscribed services.
  • Enhanced portal navigation improves your ability to find everything you need across the entire Alert Logic portfolio. The top-level navigation is organized around functional categories (incidents, remediations, search, reports), and is subscription-aware, so you see only the content relevant to your organization.
  • Streamlined Deployments page the Deployments page provide a single menu to create, view, and edit deployments for all Alert Logic products. In addition, for Cloud Insight Essentials customers:
    • You can use CloudFormation templates to easily create the IAM roles necessary to create Cloud Insight and Cloud Insight Essentials.
    • Deployment tiles clearly display the level of assessment chosen for your deployments.
    • You can use the new Guided Mode to create Cloud Insight deployments for which you determine where to deploy scanning instances in your infrastructure.
  • Role-based user permissions allow you to quickly and easily provision new users and modify existing permission levels using an industry standard, role-based model. This enhancement allows you to assign users to one of five of the following roles
    • Administrator
    • Owner
    • Power User
    • Support/Care
    • Read-only
  • Multi-factor authentication (MFA) adds a second layer of protection to your login. This opt-in feature enables you to further protect your organization from compromised credentials. MFA gives you the option to decide to enable the feature either at the account level if you wish to make MFA mandatory, or on a per individual user level. Alert Logic leverages Google Authenticator on mobile phones as the technology for the hardware-based authentication.

Release date: May 30, 2017

Bug fixes

None

Features

Security

None

Changes

None

Notice

None

Release date

March 16, 2017

Bug fixes

  • N/A

Features

The Alert Logic login page now allows you to reset your password. An update to the login page includes color scheme modifications and a highly requested feature – the ability to reset your password.

NOTE: If you lock your user interface account after multiple failed login attempts, you cannot use the password reset function to unlock your account. You must contact your service provider or the Alert Logic help desk to unlock your account.

Security

  • N/A

Changes

  • N/A

Notice

  • N/A

Release date

February 16, 2017

Bug fixes

  • N/A

Features

  • This release adds a customer selector that allows you to select one customer or a parent customer and all of its child customers.
  • This release decouples the page load from query execution.

Security

  • N/A

Changes

  • N/A

Notice

  • N/A

Release date

June 6, 2016

Bug fixes

  • N/A

Features

  • This release provides a new web technology update and a new web CSS theme that is applied to the current web portal. This does not affect navigation, menu, or workflow, as this is only a web skin update.
  • This release provides a new task and notification bar, as well as an AWS account IDs page for Threat Manager customers with agents and appliances installed within an AWS account.

Security

  • N/A

Changes

  • A new CSS theme applied to the current NGUI
  • A new operating system (from Debian Squeeze to CentOS 6.7)
  • PHP version upgraded to 5.6.20
  • Support to the latest version of TLS (TLS 1.2)

Notice

  • N/A