Get Started with Alert Logic Threat Manager

Alert Logic Threat Manager combines a cloud-based network intrusion detection system and a vulnerability assessment solution into a service that works in any data center environment, from on-premises to the cloud.

Set up firewall rules

Threat Manager requires that you update your firewall rules to allow Alert Logic access to your system. For more information, see the Firewall rules guide.

Integrate Threat Manager with cloud deployments

Before Alert Logic can manage the protection of your AWS and Azure accounts, you must provide Alert Logic with access to your account.

Configure cross-account roles in AWS

Configure RBAC roles in Azure

Manual deployments, which utilize a physical appliance, have no extra steps for Threat Manager integration.

Create a deployment

The Deployments page in the Alert Logic console shows all the implementations of Threat Manager, and it allows you to add, edit, and delete deployments.

To create a deployment:

  1. In the Alert Logic console, click CONFIGURATION, and then click Deployments.
  2. Click the add icon ().
  3. Select the appropriate cloud service.
  4. Enter the requested information.
  • For an AWS deployment:
    • Enter the Role ARN.
    • Check the box at the bottom if you want to use cross-account CloudTrail to centralize CloudTrail log collection, and then enter the Role ARN for the receiving account.
  • For a Microsoft Azure deployment:

    • Enter the Environment Name
    • Enter the Subscription ID
    • Enter the Active Directory ID
    • Enter the User Name
    • Enter the Password

  1. Click SAVE.

For more detailed information about Deployments, see Deployments.

Install appliance

Deployments on cloud services use the roles created above to automatically install appliances. Manual deployments must follow this set of instructions.

When an appliance is automatically provisioned, the system creates one or two assignment policies, using the following guidelines:

  • Alert Logic creates an assignment policy for each appliance during the provisioning process.
  • If no VPC or VNet assignment policy exists, Alert Logic creates one and assigns the appliance to it.
  • If a VPC or VNet assignment policy exists, Alert Logic assigns the appliance to it.

Determine how you will deploy Threat Manager, and then install the appropriate physical or virtual appliance.

You will need your unique registration key for the appliance installation. To locate your unique registration key, navigate to the Support page in the Alert Logic console. Click Downloads, and your unique registration key appears on the tab.

Configure agents

To use Threat Manager functions, you must install the Alert Logic agent and then configure the collection sources to send data to the appliance for your systems to be monitored.

If you have an active IAM or RBAC role (for AWS or Azure, respectively), and have configured agents to automatically update, the agent you install automatically assigns itself to the local appliance and you need not enter the Unique Registration Key.

Configure Threat Manager policies

After deployment is complete, you must configure Threat Manager for use. The Threat Manager appliance deploys with default policies. AWS deployments automatically configure these policies for you for their environment. To create and edit Threat Manager policies, see Network IDS policies.