Alert Logic Console Release Notes

Release date: November 16, 2022

Alert Logic released improvements to Amazon GuardDuty incident processing. These updates include:

• Improved rating of GuardDuty incidents to adopt the MITRE ATT&CK framework
• Analytic updates that allow better tuning of GuardDuty incidents

For customers using the incidents API, the format of GuardDuty incidents was also updated to match other Alert Logic incidents more closely.

Release date: November 1, 2022

Alert Logic released updates to this documentation site to improve navigation and readability:

• An expandable navigation area on the left replaces menus that were at the top of the page, making it easier to browse content.

• The layout now features mobile-friendly styling.

Release date: October 6, 2022

Alert Logic released the following enhancements to scanning in the Alert Logic console:

• You can now exclude assets from agent-based scans. To learn more, see Agent-Based Scanning.
• Default internal and external vulnerability scan schedules are now inactive when you create a deployment. You can activate the schedules you want to use when you are ready to initiate scanning. To learn more, see Manage Vulnerability Scan Schedules.
• New exposures and remediations help you verify the health of your scan configuration. To learn more about the Health page, see Health.
• A new warning appears during Data Center deployment configuration if you attempt to add a network that is too large for discovery and vulnerability scanning.

In deployment configuration pages, Alert Logic also released the following changes on the left panel to improved the configuration experience for scanning and exclusions:

Configuration Item	New Access
Discovery scan schedules (Data Center deployments only)	Under Assets, click Discover Assets.
Internal and external vulnerability scan schedules and agent-based scan schedules	Under Vulnerability Scanning, click Scan Schedules.
Scan exclusions	Under Vulnerability Scanning, click Scan Exclusions.
Scan credentials	Under Vulnerability Scanning, click Scan Credentials. You can still configure scan credentials on the Topology page also.
Scan performance	Under Vulnerability Scanning, click Scan Performance. You can still configure scan performance on the Topology page also.
Network IDS exclusions	Under Network IDS, click Network IDS Exclusions.

To learn more, see:

• Get Started with Alert Logic Deployments
• Manage Discovery Scan Schedules
• Manage Vulnerability Scan Schedules

Release date: October 3, 2022

Alert Logic improved the method used to count new, resolved, and unresolved vulnerabilities. The new method fixes previous issues with duplicate vulnerabilities and vulnerabilities disappearing and then reappearing. With the more accurate counts, you can expect the following changes in vulnerability reports and dashboards:

• Overall lower counts for weekly and monthly vulnerabilities
• Lower variance counts for new and resolved vulnerabilities
• No significant change in daily counts
• Vulnerability trends with the same trajectory but flatter

For details about how Alert Logic counts vulnerabilities, see the knowledge base article Improved Vulnerability Counts and Trends.

Release date: September 21, 2022

Alert Logic released a series of enhancements to streamline working with incidents in the Alert Logic console. These updates include improvements to the Incidents page, the decommission of the older Incidents page, and expanded adoption of the MITRE ATT&CK framework.

Improvements to the Incidents page:

• Advanced Search support—You can now create complex queries that can combine with selected filters to further refine your incident search results. For more information, see Perform Advanced Incident Searches.
• Status filters improvement—All incident statuses are now shown by default. Previously, only open incidents filter and counts were shown.

Decommission of old Incidents page:

• Incidents page toggle to switch experiences has been removed.
• URLs pointing to the previous Incidents page now redirect to the upgrade page.
• Dashboard drill-down now directs to the upgraded Incidents page.

Expanded adoption of the MITRE ATT&CK framework:

Alert Logic continues to adopt the MITRE ATT&CK framework over the legacy Alert Logic attack classification system. To support ongoing adoption efforts, Alert Logic will continue removing the legacy attack classification system from the console.

• The Incidents page no longer includes Classification as a filter option. The page now uses MITRE Tactic and Technique to classify threats. For more information, see Incidents.

• Reports with threat data no longer include Classification visualizations. Threat reports now use MITRE Tactic and Technique to classify threats. Reports affected include:

  • AWS Incident Analysis Reports
  • Azure Incident Analysis Reports
  • Incident Analysis Reports
  • Incident Account Summary Reports
  • Enterprise Risk Reports
  • Partner Analysis Reports
  • HIPAA-HITECH Security Audit Reports
  • PCI Audit Reports
  • PCI DSS Audit Reports
• Incident notifications now provide MITRE ATT&CK information instead of the legacy classification that was previously part of the e-mail preview. For more information, see Incident Notifications.
• The Authentication Management Security Dashboard is updated to use MITRE ATT&CK information instead of the legacy Alert Logic incident classification. Additional bug fixes to the geolocation map and count features for the dashboard are also released.

Release date: September 20, 2022

Customers who use the updated Incidents experience can access these new features and enhancements by clicking an incident in the Incident List:

• Baseline Map—Applies to incidents with geographical data only:

  • The map for comparing baseline and outlier activity now appears in the Attack Summary section without having to click a link. You can hide the map by clicking a button.
  • The map no longer expires after two weeks.
  • Visuals and performance are improved.

• Evidence Timeline

  • A new visual representation of the evidence in a timeline simplifies the understanding of the timing of activities culminating in an incident.
  • Tooltips provide details about specific evidence.
  • You can select an area of the timeline to zoom in and display more details. When the timeline is zoomed in, a message indicates the number of evidence activities currently displayed.
  • You can reset the zoom to the original timeline view by clicking a button.

To learn more, see Incidents Details.

Release date: September 12, 2022

The updated version of the Incidents page is now the default experience when you access the Incidents page. Alert Logic also released the following improvements to the updated incidents experience:

• Incident status filters are now always visible.
• Analyst notes now support line break formatting.
• The Incident pages now support using the "back" button in the browser.

For more information about the upgraded Incidents page, see Incidents.

Release date: September 6, 2022

Alert Logic updated the following feature names:

• Connection Targets are now Connections.
• Connectors are now Templated Connections.

For more information, see Connections.

Release date: July 26, 2022

Alert Logic now uses the new Machine Learning Log Review process to generate Log Review incidents in the Incidents page. The Machine Learning Log Review capabilities and coverage ensures you have a higher level of security value by automatically detecting log-based anomaly types based on unique patterns and trends learned from your organization. For more information, see Machine Learning Log Review Upgrade. To access details for Log Review incidents, see the Monthly Log Review Details Report.

Release date: July 6, 2022

Alert Logic added security content support for customers with a configured Mimecast collector in the Alert Logic console. You can view and export data collected from your Mimecast collector from the new Email Security Summary Dashboard. You can also find Mimecast observations in Search and create correlations from these observations. To learn how to create correlations, see Improved Correlations and Search.

Release date: July 1, 2022

Alert Logic released enhancements to Network IDS exclusions. When you add an exclusion, the Alert Logic console now displays:

• Name of the person who excluded the CIDRs from Network IDS
• Date and time of the exclusion
• Justification for the exclusion, which you enter in a new required field

The improved experience is available from your Alert Logic MDR Professional subscription deployments.

Release date: June 30, 2022

New customers must now accept the Alert Logic Terms of Service before initial use of the product.

Release date: June 10, 2022

Alert Logic updated the latest AWS policy for customers with Automatic Mode deployments for any new IDS instances created. The new minimum requirement for IDS is now AWS c5.Xlarge instance type. This update allows for a better protected environment and support for future enhancements. Customers using existing instances will remain on that instance until it is terminated.

Release date: June 3, 2022

Alert Logic deprecated the legacy Events tab under Search in the Alert Logic console. The Events tab is replaced by the IDS Event Get Started with Search where you can search for IDS event data. For more information about the improved IDS Event search feature, see IDS Event Search.

Release date: May 10, 2022

Alert Logic released improvements to the Health notifications experience which allows you to specify the scope at an asset-level. For more information, see Create a Health Notification.

Release date: May 3, 2022

Alert Logic released enhancements to agent-based scanning.

Support for host-only scans

• Internal network scans are no longer required to trigger consolidation of agent-based and internal network scan results. An agent-based scan can run on a host independently of an internal network scan and combines with the latest available internal network scan results to provide a complete vulnerability assessment sooner.
• If an internal network scan is unavailable or the results are older than 100 days, Alert Logic posts the results of just the agent-based scan in the Alert Logic console.
• An Alert Logic appliance is no longer required for vulnerability assessments on hosts with agent-based scanning configured.

To learn more about agent-based scans, see Agent-Based Scanning and About Alert Logic Scans.

Agent-based scan schedules

You can now configure separate schedules for agent-based scans. Alternatively, if you prefer to manage fewer schedules, you can use your internal network scan schedules for agent-based scans by turning on the Use internal network scan schedules(s) option on the new Agent-Based Scans page.

For customers who had enabled agent-based scans previously, the schedules used depend on your internal network scan schedule configuration:

• If you are using the default internal network scan schedule, Alert Logic uses the default agent-based scan schedule for agent-based scans.

  If you want to use internal network scan schedules instead, turn on the Use internal network scan schedules(s) option on the Agent-Based Scans page.

• If you are using custom internal network scan schedules (not the default), Alert Logic uses your internal network scan schedules for your agent-based scans.

  If you want to use an agent-based scan schedule instead, turn off the Use internal network scan schedules(s) option on the Agent-Based Scans page. You can then choose to use the default agent-based scan schedule or configure one or more custom schedules.

To learn more about agent-based scan schedules and how to create them, see Manage Vulnerability Scan Schedules.

Scan report filters

In Scan Schedule Breakdown reports, you can now show assessment results for agent-based scans by choosing the schedule in the Scan Schedule Name filter. A new Category filter is also available that allows you to isolate network or agent vulnerability assessments in consolidated results.

To learn more about Scan Schedule Breakdown reports, see Scan Schedule Breakdown.

Release date: April 12, 2022

Alert Logic released Intelligent Response for Alert Logic MDR Professional or Alert Logic MDR Enterprise customers. In the Automated Response page, available under Respond in the Alert Logic console, you can access features to automate workflows between Alert Logic and your applications:

• Simple Responses—Add a simple response to take actions that Alert Logic recommends, using features in the Alert Logic console and your devices or services. Choose the security outcome you want to achieve, and a guided interface steps you through the process.
• Simple History—See the run history for all your simple responses and take actions such as stopping or reverting a response.
• Exclusions—Define exclusion lists to prevent your simple responses from acting on specific users, IP addresses, or hosts.
• Approvals—View approval requests and respond to requests that are pending. Requesting approval for running a simple response is an optional step in your automation workflow. You can send approval requests to users via email and a push notification to the Alert Logic Mobile App.

Alert Logic also released the Automated Response Summary dashboard. The Automated Response Summary dashboard provides insights into the simple responses in your account.

To learn more, see:

• Get Started with Automated Response
• Get Started with Simple Responses
• Simple Response Configuration Guide
• Automated Response Summary Dashboard

Alert Logic released an enhancement to the Incidents page in the Alert Logic console. Customers who opt in to the updated incidents experience can access a feature to create a simple response from an incident. To learn more, see Incidents.

Alert Logic released enhancements to the Connectors page in the Alert Logic console. You can now configure connection targets, which define common authentication path and credential references for external systems. Alert Logic stores your connection targets securely, and you can reuse them in connectors and simple responses.

Release date: April 11, 2022

Alert Logic added security content support for CrowdStrike in the Alert Logic console. You can view generated endpoint incidents and collected log data. For more information, see CrowdStrike Endpoint incidents.

Release date: February 10, 2022

Alert Logic released the Threat Intelligence Center which provides insight into security content details in an interactive, tabular list. You can use the Threat Intelligence Center to learn technical details about how Alert Logic analyzes data to produce security outcomes, using different types of security content. For more information, see Threat Intelligence Center.

Release date: January 24, 2022

Alert Logic released improvements to the Scan Now feature available from the Topology page. Now you can choose whether to scan a host or ports that are excluded from scanning in the deployment scope of protection. For more information, see Topology.

Release date: December 15, 2021

Alert Logic added support for Cisco Firepower in the Alert Logic console where you can view generated firewall incidents and collected log data. For more information, see Firewall Incidents and Log Configuration.

Release date: November 18, 2021

Alert Logic added support for these Amazon Web Services (AWS) regions:

AWS Region Name	Region
Africa (Cape Town)	af-south-1
Asia Pacific (Hong Kong)	ap-east-1
Asia Pacific (Osaka-Local)	ap-northeast-3
Europe (Stockholm)	eu-north-1
Europe (Milan)	eu-south-1
Middle East (Bahrain)	me-south-1

Release date: November 17, 2021

Features

Alert Logic released agent-based vulnerability scanning. Agent-based scanning enables users to leverage the vulnerability assessment coverage of authenticated network scanning without the need to manage credentials and with a reduction in network traffic and impact. To learn more, including how to enable this feature by deployment, see Agent-Based Scanning.

Release date: November 10, 2021

Features

You can now use AWS Systems Manager Distributor to install the Alert Logic agent on AWS Systems Manager instances. To learn more, see Automate Alert Logic Agent Installation with AWS Systems Manager Distributor.

Release date: October 21, 2021

Features

Alert Logic released Health Notifications to the unified Notifications experience. Health notifications can alert you, subscribed users, or a configured connector when an agent, appliance, or API collector is not collecting data or offline (unhealthy).

Release date: October 6, 2021

Features

Alert Logic improved the Application Registry page to make it easier for you to find and configure your collections. Alert Logic now displays collector integrations in tiles that correspond to its third-party application or product. Alert Logic also added a new collector that allows you to integrate and collect logs from CrowdStrike. For more information, see Configure CrowdStrike Log Collector.

Release date: July 27, 2021

Features

Alert Logic released improvements to the Evidence tab of the Investigation Report in the Incidents page for Log Review incidents associated with anomaly or rule-based findings. You can download a CSV file of the observations findings or facts for an event related to an incident. Alert Logic also added the aggregator summary section to Log Review incidents which allows you to download evidence for specific aggregator types for compliance needs. For more information, see Download evidence and Investigation Report.

Release date: July 1, 2021

Features

Alert Logic can detect and generate Endpoint Security Incidents from log data collected from third-party endpoint application resources. To learn more endpoint security incidents, see Endpoint Security Incidents.

Release date: June 3, 2021

Features

Alert Logic released an improved correlation experience that allows you to create powerful custom rules with similar syntax structure as Search queries in the Search page. You can configure the correlation rule to generate a FIM notification, an observation notification, or an incident notification when the data Alert Logic receives matches the pattern for the data you specified in the correlation. To learn more about the improved correlation feature, see Improved Correlations and Search.

Release date: May 11, 2021

Features

Alert Logic released nine new NIST 800-171 Audit compliance reports in the Compliance tab of the Reports page in the Alert Logic console. The reports provide guidance for demonstrating compliance with the National Institute of Standards and Technology (NIST) Special Publication 800-171. For more information about each report, see:

• NIST 800-171 3.1 - Access Control
• NIST 800-171 3.3 - Audit and Accountability
• NIST 800-171 3.4 - Configuration Management
• NIST 800-171 3.5 - Identification and Authentication
• NIST 800-171 3.6 - Incident Response
• NIST 800-171 3.11 - Risk Assessment
• NIST 800-171 3.12 - Security Assessment
• NIST 800-171 3.13 - System and Communications Protection
• NIST 800-171 3.14 - System and Information Integrity

Release date: April 6, 2021

Features

Alert Logic added an enhancement to your scope of protection capability for Data Center deployments. You can now define your protection at a subnet level. To learn how to change your scope of protection, see Change Protection Level of an Asset.

Release date: March 25, 2021

Features

Alert Logic released three new vulnerability reports in the Vulnerabilities tab of the Reports page in the Alert Logic console. The Scan Summary Breakdown reports provide summary, detailed, and variance vulnerability results for specific scan schedules. These reports can be downloaded as an image, data (CSV), crosstab, PDF, or PowerPoint file. For more information about each report, see:

• Scan Host Summary
• Scan Details List
• Scan Variance

Release date: March 18, 2021

Features

Alert Logic released an upgraded of the Log Review incident process, Machine Learning Log Review. The new machine learning algorithms allows Alert Logic to deliver a higher level of security value by automatically detecting many log-based anomaly types based on unique patterns and trends learned from your organization. For more information, see Machine Learning Log Review Upgrade.

Alert Logic also released an upgraded version of the Incidents page for an enhanced and improved experience to maximize your ability to manage incidents, and also view Log Review incidents. This upgrade includes enhancements to see relevant and important information quickly, page customization, improvements to the investigation report, and more. For more information, see Incidents.

Log Review incidents can also be found in the Monthly Log Review Report report and in the improved version of the Incident Daily Digest report to evaluate daily incidents by threat level, classification, top attackers, and top targets.

Release date: February 4, 2021

Features

You can now deploy the Alert Logic Agent Container in Amazon Elastic Container Service (ECS) environments that run Amazon Web Services (AWS) Fargate. This solution enables the Alert Logic Agent Container to run as a sidecar to any Fargate Task Definition you wish to protect. This does include an update to the IAM Role policy with read-only List and Describe calls. To learn more, see Deploy the Alert Logic Agent Container for AWS Fargate.

You can also now deploy the Alert Logic Protected Host Agent on AWS Workspaces workloads. This does include an update to the IAM Role policy with read-only List and Describe calls.

Release date: February 3, 2021

Features

Alert Logic released a new Search experience for the Managed Detection and Response customers that allows you to perform basic and advanced searches in Expert and Simple modes for different data types. You can start a query in Simple mode, and then switch to Expert mode to add more logic or complex functions. The Search experience now offers the following new features:

• Schedule search notifications
• Saved searches and schedule searches
• Download search results
• Apply settings to your search, such as selecting a timezone
• Use search tabs to execute and switch between multiple searches
• Load saved searches into the query

To learn more, see Get Started with Search.

Release date: January 28, 2021

Features

Alert Logic released the following enhancements to scan schedules for the Managed Detection and Response platform:

• For internal and external vulnerability scans, you can now specify the ports to scan. You can choose ports in predefined groups or define a custom list of ports to scan.
• You can also specify ports to exclude from internal and external vulnerability scans.

To learn more, see Manage Vulnerability Scan Schedules.

Release date: December 17, 2020

Features

Alert Logic released the following enhancements to the Exposures page and the Health page for the Managed Detection and Response platform:

• For remediations, the Threat Risk Index score now appears in the list view.
• When you export a list of disposed remediations or exposures, notes added about the disposal now appear in the CSV file.
• When you restore a disposed or concluded item, you can now select specific assets for which to restore the exposure or remediation.

To learn more, see Exposures and Health.

Alert Logic also released five new GDPR Audit compliance reports in the Compliance tab of the Reports page in the Alert Logic console. The reports provide guidance for demonstrating compliance with the General Data Protection Regulation (GDPR). For more information about each report, see:

• GDPR Article 25: Data Protection by Design and by Default
• GDPR Article 32: Security of Processing
• GDPR Article 33: Notification of Personal Data Breach
• GDPR Article 34: Communication of a Personal Data Breach
• GDPR Article 35: Data Protection Impact Assessment

Release date: December 7, 2020

Features

Alert Logic released a new compliance report in the Compliance tab of the Reports page in the Alert Logic console. The report provides guidance on how to use and access your File Integrity Monitoring (FIM) features to help you demonstrate compliance with HIPAA 164.312(c)(1). For more information, see HIPAA 164.312(c)(1)—Integrity Controls.

Release date: November 18, 2020

Features

Alert Logic added two new log collectors to the Application Registry:

• You can now integrate with the new Amazon Web Services (AWS) Network Firewall to collect alerts generated by events that match Alert Logic firewall rules and that are sent to an Amazon Simple Storage Service (S3) bucket. To learn more, see Configure AWS Network Firewall Log Collector.
• You can now integrate with Amazon S3 to collect the following types of logs from an Amazon S3 bucket:
  • Elastic Load Balancing: Application Load Balancer, Classic Load Balancer, and Network Load Balancer
  • Amazon Redshift: Connection, User, and User Activity
  • Amazon S3 Audit
  • Amazon VPC Flow Logs

  To learn more, see Configure Amazon S3 Log Collector.

Alert Logic released two incident account summary reports in the Threats tab of the Reports page of the Alert Logic console. The incident account summary reports provide the current distribution and trending data for incidents detected across your customer accounts and deployments. To learn more, see Weekly Incident Account Summary and Monthly Incident Account Summary.

Release date: November 9, 2020

Features

Alert Logic is offering an enhanced and improved Reports feature for customers upgrading from Cloud Defender to the Managed Detection and Response platform. The upgrade includes changes to the Cloud Defender Scheduled reports. You can find the same or similar information from Cloud Defender Scheduled reports in the Managed Detection and Response Alert Logic console. For more information, see Managed Detection and Response Reports Upgrade.

Release date: October 7, 2020

Features

Alert Logic released the following enhancements to the Exposures page for Managed Detection and Response customers:

• The Exposures page now only lists security-related exposures detected by internal and external vulnerability scans to help you narrow your focus. Health-related configuration and connection exposures continue to be available on the Health page, but were removed from the Exposures page.
• You can now sort the lists by various criteria and change to ascending or descending order.
• The total number of open exposure instances that match selected filters appears next to each filter.
• Counts of affected assets and exposure instances now appear for each listed item.
• Disposed items now show the disposal expiration date.
• You can export selected items in a list.
• You can open the detail page for a remediation or exposure in a separate browser tab.
• Concluding and disposing exposures or remediations for affected assets is now more flexible. You can dispose or conclude a single, multiple, or all affected assets. For the dispose action, you can also select to dispose all future assets that match selected filters.

To learn more, see Exposures.

The Health page was also enhanced:

• You can now sort the lists by various criteria and change to ascending or descending order.
• The total number of open exposure instances that match selected filters appears next to the Unhealthy filter.
• In the views for Exposures and Remediations, counts of affected assets and exposure instances now appear for each listed item.
• Disposed items now show the disposal expiration date.
• You can open the detail page for a remediation or exposure in a separate browser tab.
• Concluding and disposing exposures or remediations for affected assets is now more flexible. You can dispose or conclude a single, multiple, or all affected assets. For the dispose action, you can also select to dispose all future assets that match selected filters.

To learn more, see Health.

Alert Logic also released the Subscribed Notification Users report in the Service tab in the Reports page for Managed Detection and Response customers. The report is a list of users set up to receive automated email notifications from the Notifications page. To learn more, see Subscribed Notification Users.

Release date: September 15, 2020

Features

Alert Logic released the following enhancements to scan scheduling:

• A quarterly scan option is now available for internal and external vulnerability scans.
• For monthly scans, you can now choose to scan during a certain week on a certain day.

Alert Logic is also releasing the Last Scanned Breakdown report in the Vulnerabilities tab of the Reports page. The report provides visibility into when your assets were last scanned for vulnerabilities. To learn more, see Last Scanned Breakdown.

Release date: September 2, 2020

Features

Alert Logic released the following features to enhance your experience in the Alert Logic console:

• File Integrity Monitoring allows you to monitor changes to files and directories of assets associated with your Alert Logic deployments. You can configure monitoring or exclusions for specific file paths or entire directories in your Windows and Linux systems. To learn more, see File Integrity Monitoring .
• Alert Logic is also releasing two new compliance reports to provide guidance on how to use and access File Integrity Monitoring features to demonstrate compliance with PCI Requirement 11.5 and PCI Requirement 10.5.5 in the Compliance tab of the Reports page. For more information, see PCI Requirement 11.5 and PCI Requirement 10.5.5.
• Web Log Analytics (WLA) is a log-based application attack detection solution that protects your web applications from common application vulnerabilities. WLA is available for Professional or Enterprise Managed Detection and Response customers. To learn more about WLA, see About Alert Logic Web Log Analytics (WLA).
• The Authentication Management Security dashboard is available for Managed Detection and Response customers. The Authentication Management Security dashboard provides a summary of your authentication security activity in your environment. To learn more, see Authentication Management Security.
• Connectors allow you to send security data directly to a third-party application. When you set up a notification and subscribe a connector, the connector can send a message or generate an IT service management (ITSM) ticket automatically.
• The Alert Logic DevNet developer portal enables you to build automation and integrations to extend and embed the Alert Logic platform. This developer portal includes a comprehensive toolkit of command-line tools and programming language integrations, as well as a rich library of use cases so you can get started quickly. The portal is located at developer.alertlogic.com.

Release date: August 19, 2020

Features

Alert Logic is releasing SOC 2 Audit reports in the Compliance tab of the Reports page. The reports help demonstrate compliance with the Trust Services Criteria established by the American Institute of Certified Public Accountants (AICPA) and include the following:

• SOC 2 Common Criteria 6.2 User Registration
• SOC 2 Common Criteria 6.3 Access Modification and Removal
• SOC 2 Common Criteria 6.6 Boundary Protection
• SOC 2 Common Criteria 6.8 Unauthorized and Malicious Code Protection
• SOC 2 Common Criteria 7.1 Configuration and Vulnerability Management
• SOC 2 Common Criteria 7.2 Security Event and Anomaly Detection
• SOC 2 Common Criteria 7.3 Incident Detection and Response
• SOC 2 Common Criteria 7.4 Incident Containment and Remediation

Release date: August 8, 2020

Features

Alert Logic released enhancements to scan scheduling. Default scan schedules are available that you can edit, or you can create additional schedules for all or selected assets in your deployment. The improved Scan Schedules page is available from your deployments. To learn more, see Manage Vulnerability Scan Schedules.

You can now also optimize scan performance from the Topology page in the Alert Logic console. To learn more, see Adjust scan performance.

Release date: August 5, 2020

Features

Alert Logic is releasing the Authentication Management Summary dashboard for Managed Detection and Response customers. The Authentication Management Summary dashboard provides a summary of your authentication management activities observed in your environment. To learn more, see Authentication Management Summary.

Release date: July 7, 2020

Features

Alert Logic can detect and generate Authentication Application Security Incidents from log data collected from third-party authentication application resources. To learn more authentication security incidents, see Authentication Application Security Incidents.

Release date: June 18, 2020

Features

Alert Logic is releasing the Current Vulnerability Breakdown reports to the Vulnerability tab in the Reports page, which provide a breakdown of current vulnerability instances and vulnerable hosts ranked by count and severity with asset-level or vulnerability details. The Current Vulnerability Breakdown reports include the following:

• Current Vulnerable Hosts Breakdown
• Current Vulnerabilities Breakdown

Release date: June 3, 2020

Features

Alert Logic is releasing the Threat Risk Index (TRI) Summary Dashboard for Managed Detection and Response customers. The TRI Summary dashboard provides insights into the recent threat risk index TRI scores of your environment. To learn more about TRI Summary Dashboard, see Threat Risk Index Summary.

Release date: March 31, 2020

Features

Alert Logic now offers Managed Detection and Response partners and customers with managed accounts two additional dashboards. For more information, see the following:

• The Managed Accounts Health Summary dashboard summarizes and provides insights into the health status of the accounts you manage from the previous day. For more information about this dashboard, see Managed Accounts Health Summary Dashboard.
• The Managed Accounts Security Summary dashboard provides insights into the recent security status of the accounts you manage. For more information about this dashboard, see Managed Accounts Security Summary Dashboard.

Release date: February 27, 2020

Features

Alert Logic now offers Managed Detection and Response customers monthly and weekly reports for the following vulnerability reports:

• The Vulnerability Summary reports provide summary headline, distribution, and trending data for vulnerabilities found across your environment:
  • Monthly Vulnerability Summary
  • Weekly Vulnerability Summary
• The Top 10 Vulnerability Lists reports provide top 10 lists for your most vulnerable hosts by total count and by severity, oldest critical vulnerabilities, and frequent vulnerabilities:
  • Monthly Top 10 Vulnerability Lists
  • Weekly Top 10 Vulnerability Lists
• The Vulnerability Distribution Explorer reports provide insights into patterns from the vulnerabilities that include vulnerability distribution and trends categorized by status, exploitability, severity, age, operating system, and asset type:
  • Monthly Vulnerability Distribution Explorer
  • Weekly Vulnerability Distribution Explorer

Release date: February 19, 2020

Features

Alert Logic has taken further security measures and now requires customers with Azure deployments to grant extra permissions. This will allow Alert Logic to perform benchmark checks on your Azure deployments that expose vulnerabilities. See the following documentation for more information:

• For customers who are configuring an Azure deployment for the first time, or customers who have Azure deployments but do not have an Azure app registration set up, see Configure App Registration and RBAC for Microsoft Azure Resources.
• If you have existing Azure deployments, and already have an app registration set up, see Update your Azure Deployment for CIS Foundation Benchmarks .

Release date: February 14, 2020

Features

Alert Logic has released Dashboards, a new home page that centralizes information in interactive visuals and simplifies navigation to other pages in the Alert Logic console. You can now try Dashboards and become familiar with the new and improved experience. For more information about Dashboards and how to try it, see Dashboards. For more information about the new Dashboards navigation, see Managed Detection and Response Navigation Menu Updates.

Release date: December 19, 2019

Features

• Alert Logic has added more compliance reports, located in the Compliance tab of the Reports page, to help you demonstrate compliance with requirements of the Payment Card Industry Data Security Standard (PCI DSS) and the Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health (HITECH) Security Audit.
  • The following are the four recently added PCI DSS Audit reports:
    • PCI Requirement 10.7
    • PCI Requirement 10.8
    • PCI Requirement 11.2.1
    • PCI Requirement 11.2.2
  • The following are the three recently added HIPAA-HITECH Security Audit reports:
    • HIPAA 164.308(a)(1)(ii)(B)—Risk Management
    • HIPAA 164.312(b)—Audit Controls
    • HIPAA 164.308(a)(5)(ii)(B)—Protection from Malicious Software
• Alert Logic now offers Managed Detection and Response customers monthly and weekly reports of their features, capabilities, and state of their environment:
  • The Enterprise Risk reports provide valuable insights and analysis of your incidents, events, and vulnerabilities:
    • Monthly Enterprise Risk
    • Weekly Enterprise Risk
  • The Incident Analysis reports provide visibility into threats and incidents in your environment.
    • Monthly Incident Analysis
    • Weekly Incident Analysis
  • The Event Analysis reports provide visibility into Network IDS events processed in your environment.
    • Monthly Event Analysis
    • Weekly Event Analysis
  • The Vulnerability Analysis reports provide insights into vulnerabilities and vulnerable assets found in your environment.
    • Monthly Vulnerability Analysis
    • Weekly Vulnerability Analysis

Release date: December 11, 2019

Features

Alert Logic has released an improved version of the PCI Scan Disputes page. You can use the PCI Scan Dispute to submit disputes for vulnerabilities in non-compliant scan policies. For more information, see PCI Scan Disputes.

Release date: December 3, 2019

Features

Alert Logic now includes the option to configure webhooks, which allows Alert Logic incident notifications to be sent to any public-facing web server configured to handle HTTP callbacks.

Release date: November 6, 2019

Features

For Azure-based deployments, Alert Logic now supports the ability for customers to use client credentials, defined by role-based access control within the Azure console. Microsoft recommends this method of authentication to reduce service interruptions due to stale username/password combinations. All new users will only be able to use client credentials going forward. Existing customers can continue using their existing username/password combinations until they reset them. For more information on creating the appropriate RBAC roles, see Configure App Registration and RBAC for Microsoft Azure Resources.

Alert Logic has split multi-page reports into single-page reports to allow customers direct access to information. The reports were divided as follows:

Original Report Name	New Report Names
Vulnerable Host Explorer	Vulnerable Hosts Explorer
	Vulnerable Hosts Change Trends
Vulnerability Distribution Explorer	Vulnerability Distribution Explorer
	Vulnerability Change Trends
Network IDS Events Explorer	Network IDS Events Explorer
	Top Events Sources and Destinations
Log Collection	Log Collection
	Top 10 Log Collectors
IDS Traffic	IDS Traffic
	Top 10 IDS Assets
Customer Contacts	Escalation Contacts
	Notification Contacts
	Incident Notification Contacts
Vulnerability Summary	Vulnerability Summary
	Top 10 Vulnerability Lists
	Vulnerabilities List
TRI Summary	TRI Summary
	Top 10 TRI Lists

Release date: October 10, 2019

Feature

Alert Logic updated the Saved Searches functionality to expand the options for setting notifications. Users can add one or more users from the same customer account to the list of notification recipients in the saved search panel.

Release date: September 24, 2019

Feature

Alert Logic released a new feature for customers with Essentials and Professional subscriptions.

The new Extended Endpoint Protection functionality from Alert Logic helps you control threats and manage incidents from employee workstations, points of sale, servers, and more. For more information, see About Alert Logic Extended Endpoint Protection and Get Started with Alert Logic Extended Endpoint Protection.

Release date: September 17, 2019

Feature

Alert Logic added a new feature to the scanning functionality, Scan Now. If you need to run a scan immediately, you can use the Scan Now feature on the Topology page. This scans the selected asset right away or as soon as possible, outside of the normal schedule. See Scan Now for more information.

Release date: September 13, 2019

Feature

• Alert Logic added five new compliance reports, located in the Compliance tab of the Reports page, that provide guidance for performing log searches to help demonstrate compliance with some 10.2 requirements of the Payment Card Industry Data Security Standard (PCI DSS):
  • PCI Requirement 10.2.2
  • PCI Requirement 10.2.4
  • PCI Requirement 10.2.5
  • PCI Requirement 10.2.6
  • PCI Requirement 10.2.7
• Alert Logic added a new report, Missing Agent Digest, to the Health report group in the Service tab of the Reports page. The Missing Agent Digest report provides insight into the daily issues related to hosts that are missing agents, including a comparison of missing agent statuses, top ten lists, and a list of hosts with missing agents. To learn more about this report, see Missing Agent Digest.

Release date: July 10, 2019

Feature

• Alert Logic has revamped the following three compliance reports, located in the Compliance tab of the Reports page, to help you demonstrate compliance with some requirements of the Payment Card Industry Data Security Standard (PCI DSS):
  • The PCI Requirement 6.6 report provides WAF deployments, traffic, incidents, and attacks that help demonstrate compliance with Requirement 6.6. For more information about this report, see PCI Requirement 6.6.
  • The PCI Requirement 10.5.1 report provides a list of the current log management users that help you demonstrate compliance with Requirement 10.5.1. For more information about this report, see PCI Requirement 10.5.1.
  • The PCI Requirement 11.4 report shows Network IDS incidents and customer escalation contacts that help you demonstrate compliance with Requirement 11.4. For more information about this report, see PCI Requirement 11.4.
• Alert Logic added four new compliance reports, located in the Compliance tab of the Reports page, that provide available documentation and compliance artifacts to help demonstrate compliance with some requirements of the PCI DSS and the Health Insurance Portability and Accountability Act (HIPAA) Security Audit, which include the following:
  • The PCI Requirement 10.6.1 report provides log review incidents and log management incidents that help you demonstrate compliance with Requirement 10.6.1. For more information about this report, see PCI Requirement 10.6.1.
  • The HIPAA 164.308(a)(1)(ii)(D)—Information System Activity Review report provides the log review and log management incidents that help demonstrate compliance with HIPAA 164.308(a)(1)(ii)(D). For more information about this report, see HIPAA 164.308(a)(1)(ii)(D)—Information System Activity Review.
  • The HIPAA 164.308(a)(6)(ii)—Response and Reporting report provides available documentation and compliance artifacts that help you demonstrate compliance with requirements of HIPAA 164.308(a)(6)(ii). For more information about this report, see HIPAA 164.308(a)(6)(ii)—Response and Reporting.
  • The HIPAA 164.308(a)(5)(ii)(C)—Login Monitoring report provides available documentation and compliance artifacts that help you demonstrate compliance with requirements of HIPAA 164.308(a)(5)(ii)(C). For more information about this report, see HIPAA 164.308(a)(5)(ii)(C)—Login Monitoring.
• Alert Logic added the Health report group, which includes two new reports, to the Service tab of the Reports page. The Health reports provide valuable summary and trending data on the health status of protected networks and assets collecting log or network data, which include the following:
  • The Network Health Status Digest report provides insight into the daily issues related to protected networks in your environment, including a comparison of health statuses, top ten lists, and total number of open remediations for each network. For more information about this report, see Network Health Status Digest.
  • The Collection Issues Digest report provides insight into the daily issues related to log data collection and Network IDS traffic, including a comparison of health statuses, top five lists, and a list of open remediations to fix configuration issues. For more information about this report, see Collection Issues Digest.

Release date: June 12, 2019

Feature

Alert Logic manual mode deployments now include a Cross-Network Protection option, which allows networks to connect and use resources from a network with an assigned appliance for Network IDS or scanning. This centralizes the appliances that provide protection to your account, which allows your organization to reduce infrastructure costs. For more information, see Cross-Network Protection.

Release date: May 28, 2019

Features

Alert Logic added significant updates to the Log Search functionality, including the following features:

• You can organize saved searches into groups.
• After you move searches to trash, you can restore or permanently delete them.

Release date: April 25, 2019

Feature

• Alert Logic added the Health console, which consist of pages on the summary of your environment, detailed health information of your networks, appliances, and agents with suggested configuration remediations, and the option to subscribe to health summary alerts. For more information, see Health.
• Alert Logic deployments now include a Network IDS Whitelist option that allows you to select networks for whitelisting. For customers who were previously subscribed to Alert Logic legacy products, and have upgraded to Managed Detection and Response, your Network IDS whitelist will be migrated to the new experience.
• Alert Logic added an Expedite Scan Capability in topology which expedites scans on individual assets when your organization requires specific assets to be scanned immediately. Alert Logic moves expedited scans ahead of their schedule to the next available time. For more information about expedite scans, see Topology.
• Alert Logic added a new report, the PCI Requirement 10.6 (Incidents) report, which provides log review and log management incidents to help demonstrate compliance to Requirement 10.6 of PCI DSS. For more information about this report, see PCI Requirement 10.6 (Incidents).
• Alert Logic added a new report, the PCI Requirement 11.4 report, which provides Network IDS incidents and customer escalation contacts to help you demonstrate compliance to Requirement 11.4 of the PCI DSS. For more information about this report, see PCI Requirement 11.4.

Release date: April 9, 2019

Feature

• Alert Logic updated scan frequency and scheduling to allow you to schedule internal vulnerability scans and external vulnerability scans separately. For more information, see Manage Scans and Scan Results.
• When you add assets to a Data Center deployment, you can now inform Alert Logic that your network equipment is configured to SPAN or another port mirroring feature. If you select this option, you avoid duplicating Network IDS traffic reported to Alert Logic while allowing Alert Logic to analyze the traffic passing through the port mirroring feature. For more information about Data Center assets, see Add assets.

Release date: April 5, 2019

Feature

• Alert Logic updated the CIS AWS Foundations Benchmark report in the Alert Logic console to support Level 1 and Level 2 of the latest version (1.2.0) of the CIS AWS Foundations Benchmark. Users can now asses their AWS accounts against the latest CIS AWS Foundations Benchmark guidelines, including multi-factor authentications, AWS Config auditing, review of VPC peering network rules, review of IAM policies, access key rotation, and other improvements. For more information about the CIS AWS Foundations Benchmark report, see Reports Guide.
• Alert Logic updated the incident notes in the Incidents page to include the name of the Alert Logic analyst who provided the notes and the name of the user who has updated the incident. The notes appear in the Audit Log of the Investigation Report and Recommendation pages, and in the Evidence page. For more information about incident notes, see Incidents.
• Alert Logic now includes Alert Logic analyst notes in email notifications for incident escalations. This allows users to see the analyst notes provided in the Incidents page immediately without having to log into the Alert Logic console. For information about incident notifications in the Alert Logic console, see Incidents.

Release date: April 2, 2019

Feature

Alert Logic added notifications for incidents originating from Amazon GuardDuty findings. GuardDuty is a threat detection service that continuously monitors for malicious activity and unauthorized behavior to protect your AWS accounts and workloads. The Alert LogicAmazon GuardDuty integration lets you view GuardDuty findings in the Alert Logic console Incidents page.

The Incidents page allows you to configure notifications for incidents based on their threat levels. With the added notification support, all GuardDuty incidents are available by their threat levels. For guidance and information about GuardDuty findings severity, which corresponds to Alert Logic threat level, see Amazon documentation for GuardDuty findings and severity. For information about incident notifications in the Alert Logic console, see Incidents

Release date: March 12, 2019

Features

• Alert Logic updated scan scheduling to allow more control of your scan schedules. You can schedule how often and when to perform vulnerability scans and discovery scans for each of your deployments. For more information, see Manage Scans and Scan Results.
• For customers who were previously subscribed to Alert Logic legacy products, and have upgraded to Managed Detection and Response, you can access your legacy scan results and archived reports. For more information, see Manage Scans and Scan Results.
• Alert Logic added a new report, Network IDS Traffic, which provides visibility into the Network IDS traffic volume and collections processed in your environment. For more information, see IDS Traffic.
• Alert Logic updated the IAM Role policy documents for Amazon Web Services (AWS) deployments. If your customer account provides the Managed Detection and Response products, Alert Logic recommends you update your existing deployments to use IAM roles created with the most current policy documents. For more information, see Update your IAM roles

Release date: February 26, 2019

Features

• Alert Logic now offers Log Review service with Managed Detection and Response. Log Review creates incidents, which appear on the Incidents page and in notification emails. Some Log Review incidents are escalated by an Alert Logic security analyst, and the rest appear as info level incidents.
• Alert Logic added a new report, Monthly Log Review, which provides a monthly summary analysis of your Log Review incidents. For more information, see Monthly Log Review Report.

Release date: November 28, 2018

Features

Alert Logic has launched an integration with the new Security Hub offering from AWS. See Integration with AWS Security Hub for more information.

Release date: April 25, 2018

Bug fixes

• This release resolves an issue with updating agent policies. The issue is resolved and users can create and update agent policies as normal.
• This release resolves an issue with events, incidents, and blocking alert rules. To access the pages, click CONFIGURATION, then click Notifications, and then select the type of alert rule you want to create.
• This release resolves cosmetic issues with page layout on several configuration screens, and the Zones and Host Groups screens.
• This release resolves an issue that redirected users when they clicked a link to an incident.
• This release resolves an issue with updating block requests in the incidents panel.
• This release updates an error message that appears when a read-only user tries to access unauthorized tools or content.
• This release resolves an issue with list filters on the sources pages. All filters appear as intended now.
• This release resolves an issue with a link in the PCI Dispute system.

Features

• This release adds a time zone selection field to the New Source menu. You must choose a time zone to create a source.

Release date: April 20, 2018

Bug fixes

• This release resolves an issue where Azure deployments did not show protected hosts associated with the deployment.
• This release resolves cosmetic issues with page sizing and scrolling.
• This release resolves an issue in the menu to add a new certificate. For some users, the menu timed out before they were done filling in all the information. This issue has been resolved.
• This release resolves an issue with the Save button on the correlation policy and flat file log sources screens for certain deployments. The Save button now displays and works as expected.

Features

• This release adds a feature that displays the full name of the account you are viewing in the Alert Logic console.

Release date: April 17, 2018

Bug fixes

• This release resolves an issue with user time zone settings.
• This release resolves an issue where the host metadata displayed the private IP as a public IP.
• This release resolves an issue with viewing log messages within cases.
• This release resolves compatibility issues with Internet Explorer version 11.
• This release resolves an issue that caused the Alert Logic console to display an error when users tried to turn a host into a protected host.
• This release resolves an issue with appliances and agents filtering on Azure deployments.
• This release resolves an issue where metadata was missing on some log sources.
• This release resolves an issue with the Save button on the correlation policy editing screen.

Features

• This release adds a feature that allows users to select the customer account they want to use in the Statistics tab of Scans.

Release date: week of April 9-13, 2018

Bug fixes

• This release resolves an issue with retrieving SSL certifications.
• This release resolves an issue with the search function.
• This release resolves a cosmetic issue with the layout of the Scans Dashboard page.
• This release resolves an issue with the reporting system in the Alert Logic console. All users can now access reports normally.
• This release resolves an issue with the forgotten password link on the login page.
• This release resolves an issue with incident and event counts on the dashboard pages. All counts are now accurate.
• This release resolves an issue with cached pages causing certain links to redirect users. The issue is resolved, and all links and navigation tools work as expected.
• This release resolves issues where the Alert Logic console did not work normally for users who accessed it from certain browsers. The issue is resolved, though if you continue to experience issues, use Google Chrome.
• This release resolves an issue where an internal Alert Logic feature appeared to customers as a dead link. The link no longer appears for non-Alert Logic users.
• This release resolves an issue where users could view data on the Scan dashboard for all accounts for which the user had access. The issue is resolved, and customers now only see data for the selected account.

Features

• This release adds multiple ID numbers to identify incidents and events.
• This release adds a feature that allows allowing users to easily share links to events.
  • In the Alert Logic console, click SEARCH, and then click Events. In the list that appears, find the event you want to share, and then click the share icon () in the Share column. A new browser tab opens and shows event details. The URL in the new tab is a direct link to the event details page.
  • You may also click an event to view the event details page. From the event details page, click the share icon () at the top of the page. The A new browser tab opens, and the URL in the new tab is a direct link to the event details page.

Release date: April 7, 2018

Features

Alert Logic updated the Alert Logic console to provide a single login and universal navigation for all products and subscriptions. This update allows you to easily find everything you need in one place across the entire Alert Logic portfolio. The top-level navigation is organized around functional categories (incidents, remediations, search, reports), and is subscription-aware, which means you see only the content relevant to your organization. In addition, you can access all of your Alert Logic products, across all your data-residencies, within one portal. Other features in this release include:

• The upgraded reporting console provides richer, interactive reports. The new reporting console is intuitively organized and easily searchable. Incident Analysis reports provide valuable insights and trending data for incidents created from all subscribed detection sources (Network IDS, Log Management, Web App IDS, and Amazon GuardDuty). Service Summary reports provide summary information and visibility into product configuration, product status, and security outcomes from your subscribed services.
• Enhanced portal navigation improves your ability to find everything you need across the entire Alert Logic portfolio. The top-level navigation is organized around functional categories (incidents, remediations, search, reports), and is subscription-aware, so you see only the content relevant to your organization.
• Streamlined Deployments page the Deployments page provide a single menu to create, view, and edit deployments for all Alert Logic products. In addition, for Cloud Insight Essentials customers:
  • You can use CloudFormation templates to easily create the IAM roles necessary to create Cloud Insight and Cloud Insight Essentials.
  • Deployment tiles clearly display the level of assessment chosen for your deployments.
  • You can use the new Guided Mode to create Cloud Insight deployments for which you determine where to deploy scanning instances in your infrastructure.
• Role-based user permissions allow you to quickly and easily provision new users and modify existing permission levels using an industry standard, role-based model. This enhancement allows you to assign users to one of five of the following roles
  • Administrator
  • Owner
  • Power User
  • Support/Care
  • Read-only
• Multi-factor authentication (MFA) adds a second layer of protection to your login. This opt-in feature enables you to further protect your organization from compromised credentials. MFA gives you the option to decide to enable the feature either at the account level if you wish to make MFA mandatory, or on a per individual user level. Alert Logic leverages Google Authenticator on mobile phones as the technology for the hardware-based authentication.

Release date: May 30, 2017

Bug fixes

None

Features

• Alert Logic updated the Alert Logic console for the Cloud Defender suite of products, specifically for Log Manager and Threat Manager. Access to the Classic UI and the ability to switch between the two is currently available. For more information, click Improved Experience for Cloud Defender Console | Software Updates.

Security

None

Changes

None

Notice

None

Release date

March 16, 2017

Bug fixes

• N/A

Features

The Alert Logic login page now allows you to reset your password. An update to the login page includes color scheme modifications and a highly requested feature – the ability to reset your password.

Note: NOTE: If you lock your user interface account after multiple failed login attempts, you cannot use the password reset function to unlock your account. You must contact your service provider or the Alert Logic help desk to unlock your account.

Security

• N/A

Changes

• N/A

Notice

• N/A

Release date

February 16, 2017

Bug fixes

• N/A

Features

• This release adds a customer selector that allows you to select one customer or a parent customer and all of its child customers.
• This release decouples the page load from query execution.

Security

• N/A

Changes

• N/A

Notice

• N/A

Release date

June 6, 2016

Bug fixes

• N/A

Features

• This release provides a new web technology update and a new web CSS theme that is applied to the current web portal. This does not affect navigation, menu, or workflow, as this is only a web skin update.
• This release provides a new task and notification bar, as well as an AWS account IDs page for Threat Manager customers with agents and appliances installed within an AWS account.

Security

• N/A

Changes

• A new CSS theme applied to the current NGUI
• A new operating system (from Debian Squeeze to CentOS 6.7)
• PHP version upgraded to 5.6.20
• Support to the latest version of TLS (TLS 1.2)

Notice

• N/A