Get started with the Alert Logic console

The Alert Logic console provides a universal navigation experience for all Alert Logic customers, regardless of the products to which they subscribe. This topic describes at a high level the organization of the console and provides links to more detailed information on each topic.

The Alert Logic console is sensitive to your product subscriptions and shows only those tabs and pages appropriate. This topic describes all possible tabs and pages, but specifies the subscriptions that generate the tabs and pages.

Overview

The Overview tab in the Alert Logic console provides access to the product Dashboards and to the Topology pages.

Dashboards

The Dashboards page provides access to the following dashboards:

  • Incidents—The Incidents dashboard page provides a high-level, interactive view of all open incidents, arranged by classification type and threat level. See Incidents for more information. This content requires a Cloud Insight Essentials or a Cloud Insight subscription to see.
  • Remediations & Continuous Scan—The Remediations & Continuous Scan dashboard page displays the current threat status of a selected protected deployment and allows you to start remediating threats in that deployment. For more information, see the Alert Logic Cloud Insight Essentials Summary. This content requires a Cloud Insight Essentials or Cloud Insight subscription to see.
  • Network IDSAlert Logic Network IDS combines a cloud-based network intrusion detection system and a vulnerability assessment solution into a service that works in any data center environment, from on-premises to the cloud. The Network IDS dashboard page provides a high-level, customizable overview of noteworthy behavior reported by Alert Logic, presented in customizable modules. For more information, see Threat Manager summary. This content requires a Cloud Defender or Threat Manager subscription to see.
  • Log ManagementAlert Logic log management collects, aggregates, and normalizes log data whether it originates in your own data center, a hosted environment, or the cloud. The Log Management dashboard page provides a high-level, customizable overview of any noteworthy behavior reported by Alert Logic, presented in customizable modules. See Log Manager dashboard for details. This content requires a Cloud Defender or Log Manager subscription to see.
  • WAF—The Web App IDS dashboard page contains summary data from all inline web application firewall (WAF) appliances. For more information, see Managed WAF. This content requires a Managed WAF subscription to see.
  • Web App IDS—The Alert Logic web application firewall (WAF) monitors your web traffic and logs web violations, but does not block any requests. The WAF dashboard page provides a high-level, customizable overview of any noteworthy behavior reported by Alert Logic, presented in customizable modules. For more information, see Web Security Manager. This content requires a Web Security Manager subscription to see.
  • Scans—A scan detects and identifies network and host vulnerabilities in your environment. The Scans dashboard page provides access to summarized vulnerability information for your environment from overall scan results, lets you create and update scan definitions and access scan results, create PCI scans and access PCI scan results, and search scan results for criteria such as vulnerability name and risk levels. For more information, see Access Alert Logic scans. This content requires a Cloud Defender or Threat Manager subscription to see.

Topology

The Cloud Insight Essentials Topology page displays an interactive diagram that uses color-coded icons to display the distribution of exposures and threats across your network assets. For more information, see Topology.

This content requires a Cloud Insight Essentials or Cloud Insight subscription to see.

Incidents

The Incidents page displays information about incidents generated from multiple sources, like Network IDS, Log Management, Web Application IDS, and Amazon GuardDuty, how to use that information to manage and close incidents, and how to secure your environments.

All subscriptions see the incident tab. Cloud Insight Essentials and Cloud Insight subscriptions see the Summary and GuardDuty subheadings. Cloud Defender, Threat Manager, and Log Manager subscriptions see the List and GuardDuty subheadings.

Remediations

The Remediations tab displays the number and types of exposures in the protected environment on the header. Exposures are color coded as red (High), orange (Medium), and yellow (Low). Scroll through the recommended remediations to find and flag the remediation actions to add to your remediation plan, execute the recommended steps, and increase the security of your environment.

This content requires a Cloud Insight Essentials, Cloud Insight, or Cloud Defender subscription to see.

The Search tab allows you to search for:

  • Events—requires a Cloud Defender, Threat Manager, or a Threat Manager and Log Manager bundle subscription to see
  • Blocks—requires a Cloud Defender, Threat Manager, or a Threat Manager and Log Manager bundle subscription to see
  • Log Messages—requires a Cloud Defender, Log Manager, or a Threat Manager and Log Manager bundle subscription to see
  • Cases—requires a Cloud Defender, Threat Manager, or Log Manager subscription to see
  • Deny Logs—requires a Cloud Defender, Threat Manager and Log Manager bundle, or Managed WAF subscription to see

Reports

The Reports tab provides access to data related to exposures and incidents Alert Logic found within your deployments. You can also view data related to your product usage within your AWS account. Report data is cached and refreshed every 30 minutes. As a result, reports can take up to 30 minutes to reflect the latest data seen in the console.

Depending on your Alert Logic subscriptions, you will see some or all of the following report types:

  • Threat reports—Provide interactive filtering options, visual representations of the data, and informative tooltips. All subscriptions see this content.
  • Scheduled reports—Allow you to schedule reports on a regular basis. To see this content, you must have a Cloud Defender, Threat Manager, Log Manager, Managed WAF, or Web Security Manager subscription.
  • WAF reports—Provide policy configuration settings and WAF activity statistics. To see this content, you must have a Managed WAF subscription.
  • Usage reports—Provide data related to log collegtion and network IDS traffic volumes. To see this content, you must have a Cloud Defender, Threat Manager, or Log Manager subscription.

Configuration

The Configuration tab provides access to pages where you configure Alert Logic products use. The Configuration tab provides access to:

Settings

Click the Settings icon () to get to the Settings menu. The menu includes support information, user settings, integrations configuration, security content updates, scan disputes, and the link to sign out of the Alert Logic console.