Hosts and Protected Hosts

A host is a computer or appliance within a selected deployment where you provisioned an agent to collect data. To create a protected host, assign an assignment policy and a protected host policy to a specified host, which then communicates Network IDS information to Alert Logic. Policies applied to a protected host dictate how the agent running on the host interacts with its network environment. If you select a host and do not see an option to create a protected host, the host is offline.

To view hosts and protected hosts for a deployment:

  1. Click CONFIGURATION, and then click Deployments.
  2. Click a deployment tile to see hosts and protected hosts for one deployment, or click ALL DEPLOYMENTS to see all the hosts and protected hosts for your account.
  3. Click either Hosts or Networks and Protected Hosts.

The Hosts page

The Hosts page lists the hosts and appliances in the selected deployment where you provisioned agents to collect data. The Hosts page allows you to ensure your provisioned hosts and appliances always have the latest agent installed, and create both protected hosts and log sources.

Hosts appear on the page, sorted by host name. To narrow the list of hosts, you can use the search field to search for a specific host name or user-created tag, or you can use the filters to list hosts with the following characteristics:

  • OS Type
    • Windows
    • UNIX
  • Host Status
    • Online
    • Offline
  • Host Type
    • Host
    • Host (Auto Scaling)
    • Appliance
  • Tags

The host status indicates if a host is online or offline. If a host is offline, you cannot add it as a log source or a protected host.

Edit an updates policy for a host

An updates policy schedules hosts to update to the latest version of the agent software. By default, Alert Logic assigns the Default Update Policy, which sends software updates to your hosts as they become available. If the maintenance strategy for your organization requires a scheduled maintenance window, you can specify the time frame.

Updating detection or policy configurations affects all interconnected configurations.

To edit an updates policy for a host:

  1. In the Actions column, click the pencil icon ().
  2. In the Host Name field, enter a descriptive name.
  3. Select or create an updates policy as follows:
    1. Keep the default selection: Use existing Updates.
    2. Under Choose an Updates Policy, select an existing updates policy.
    1. Select Create new Updates.
    2. In the Name field, type a descriptive name.
    3. Under Updates Frequency, select one of the following:
      • Automatic
      • Scheduled
      • Never
    1. If prompted, specify your scan options.

    Use 24-hour format to schedule updates.

  4. In the Tags field, type a tag to use in filters. Press the Enter key to save each tag.
  5. Click Save.

Create protected hosts

From the Hosts page, you can add any online host as a protected host. To create a protected host, assign an assignment policy and a protected host policy to the selected host. These policies dictate how Network IDS interacts with its environment.

An assignment policy is a set of rules that defines which traffic appliances should accept or ignore. An assignment policy directs protected hosts to encrypt traffic and send traffic to specific appliances. In a dynamic environment where IP addresses often change, an assignment policy ensures that hosts always correspond to their appliances.

To create a protected host:

  1. On the left navigation menu of the selected deployment, click Hosts.
  2. Click the Add () icon for the host you want to add as a protected host.
  3. In the New Protected Host slideout panel, provide the appropriate values. Use the table below for guidance.
    4. Field/Option Description Sample Value

    Visible
    Source Name Name of this source. It will show on the display list and other areas of this product. Server-tmdocs Always
    Use an existing Assignment Policy Select this option to choose a policy from the existing Assignment Policy list. Not applicable Always
    Create a new Assignment Policy Select this option to open the Create a new Assignment Policy section. Not applicable Always
    Existing Assignment Policy list Select a policy from this list to assign it to the protected host. cali-ngtm-01 Assignment Visible when Use an existing Assignment Policy is selected.

    Create new Assignment Policy mini-form

    Visible when you select Create new Assignment Policy
    Field/Option Description Sample Value

    Visible
    Appliance Assignment Policy Name Policy name. This name will be added to the Existing Assignment Policy list. cali-ngtm-01 Assignment Visible when Create a new Assignment Policy is selected.
    Appliances/
    Secondary Appliances    		 An appliance on your network. i-27273bcb Visible when Create a new Assignment Policy is selected.
    Restrict Network Select this option if you want to include a netmask. Not applicable Visible when Create a new Assignment Policy is selected.
    Netmask One CIDR address. 10.0.0.0/16; partial address specifications are not acceptable. Visible when Create a new Assignment Policy is selected.
    Use existing Whitelist Policies Select this option to choose a policy from the Existing Whitelist Policy list. Not applicable Visible when Create a new Assignment Policy is selected.
    Create a new Whitelist Policy Select this option to open the Create a new Whitelist Policy section. Not applicable Visible when Create a new Assignment Policy is selected.
    Existing Whitelist Policy list Select a policy from this list to assign it to the protected host. SF01183529 Pentest Visible when Create a new Assignment Policy and Use existing Whitelist Policies is selected.

    Create new Whitelist Policy mini-form

    Visible when you select Create new Assignment Policy and Create a new Whitelist Policy
    Field/Option Description Sample Value

    Visible
    Name Policy name. This name will be added to the Existing Whitelist Policy list. SF01183529 Pentest Visible when you select Create new Assignment Policy and Create a new Whitelist Policy.
    Enabled Select this option to activate the policy. Not applicable Visible when you select Create new Assignment Policy and Create a new Whitelist Policy.
    Rules Click to add rules to the Whitelist Policy. This includes Protocol, CIDR, and Port. Not applicable Visible when you select Create new Assignment Policy and Create a new Whitelist Policy.
    Protocol Select the internet protocol for the current rule. tcp Visible when you select Create new Assignment Policy and Create a new Whitelist Policy.
    CIDR Type the Classless Inter-Domain Routing address for the current rule. 10.0.0.0/16 Visible when you select Create new Assignment Policy and Create a new Whitelist Policy.
    Port Type the port for the current rule. 22 Visible when you select Create new Assignment Policy and Create a new Whitelist Policy.
    Field/Option Description Sample Value

    Visible
    Use existing Host Policies Select this option to choose a policy from the Existing Host Policy list. Not applicable Always
    Create new Host Policy Select this option to open the Create a new Host Policy section. Not applicable Always
    Existing Host Policy list Select a policy from this list to assign it to the protected host. Default-test Visible when Use existing Host Policies is selected.

    Create new Host Policy mini-form

    Visible when you select Create new Host Policy
    Field/Option Description Sample Value

    Visible
    Name Policy name. This name will be added to the Existing Host Policy list. Default-test Visible when you select Create new Host Policy.
    Encrypt Select this option to encrypt traffic from the agent to the appliance. Not applicable Visible when you select Create new Host Policy.
    Tags A tag is a customer defined identifier that can be assigned to one or more sources. A customer can use tags to organize or search for specific types of sources. High usage Always
  4. Click SAVE.

Additional options

You can also mass edit hosts, archive hosts, or export a list of hosts. To access these options, click the gear icon ().

Mass edit hosts

Mass edit provides the option to edit updates policies, edit tags, and archive multiple hosts at once.

To mass edit hosts:

  1. Click the gear icon () in the top right corner of the page.
  2. Select Mass Edit.
  3. Under Apply changes to, select from:
    • All Hosts
    • Only Filtered Hosts
  4. Under Tags, select a tag option, and then in the Tags field, enter the applicable tag(s).
  5. Under Archive Hosts, select an option.
  6. Click Apply.

Archive or unarchive a host

Archive a host to visibly remove the entry from the Alert Logic console. After you archive it, you can bring it back with the unarchive feature.

To archive a host:

  1. Find the desired host in the Hosts list.
  2. Click the archive icon ().
  3. Click ARCHIVE.

To restore an archived host:

  1. Above the Hosts list, click the Show Archive slider.
  2. In the Hosts list, find host you want to restore, and then click the archive icon ().
  3. Click UNARCHIVE.

Export hosts

You can export your hosts to a file you can save locally.

To export hosts:

  1. Click the gear icon () in the top right corner of the page.
  2. Select Export.
  3. Under Export, select to export one of the following:
    • All Hosts
    • Only Filtered Hosts
  4. Select a file format from the following list of formats:
    • CSV
    • TXT
    • XLS
    • XLSX
  5. Click EXPORT.

Add a host as a log source

If you want to collect log messages from a host, you must add it as a log source and configure a log collection policy. When you configure a log source, you instruct the agent to collect logs based on the definitions within the policy. For more information about log sources, see Deployment Assets: Log Sources.