Manage PCI scans
Your Alert Logic account has been migrated to use the self-service PCI Approved Scanning Vendor (ASV) capabilities available in Fortra Vulnerability Management (Fortra VM), including external network scanning (VM), web application scanning (WAS), PCI disputes, and PCI Compliance reports. Historical data from previous PCI scans, disputes, and reports are still accessible in the same location in the Alert Logic console.
To use Fortra VM for PCI scanning:
- Your users must authenticate to Fortra VM using Fortra identity provider (FIDP) credentials and configure their browsers to allow exceptions for third-party cookies.
- Your active "External - PCI" scan policies in the Alert Logic console were transferred over to Fortra VM with their status and most settings retained.
This document describes how to access Fortra VM for PCI ASV scanning and how to access historical data in the Alert Logic console.
Access Fortra VM for PCI ASV Scanning
Once you have set up your FIDP credentials, you can access Fortra VM from the Alert Logic console by selecting > Fortra VM PCI Scanning. This option will open Fortra VM, where you can manage your PCI scans.
If you have not yet set up your FIDP credentials, follow the steps in Migrate to Fortra VM for PCI ASV Scanning.
For more information about using Fortra VM for PCI ASV scanning, refer to the Fortra VM PCI ASV Guide for Alert Logic Customers.
Access Fortra VM for PCI scan disputes
You can also access the scan disputes pages in Fortra VM directly from the Alert Logic console by selecting > Fortra VM PCI Scan Disputes. This option will open Fortra VM directly to the PCI Disputes page.
For more information about disputing PCI scan results with Fortra VM, refer to the Dispute Vulnerabilities section in the Fortra VM PCI ASV Guide for Alert Logic Customers.
View historical data from Alert Logic PCI scans
After the migration to Fortra VM for PCI scanning, historical data from previous PCI scans, disputes, and reports is still accessible in the same location in the Alert Logic console.
To view your PCI compliance status and history:
- On the Scans page, click the PCI Compliance tab.
A list of the latest PCI scan results are displayed. - To view your most recent PCI compliance scan results, under Latest 25 Reports, click the name of the report to view.
- (Optional) To view a complete archive of your PCI compliance scan results:
- At the top of the Alert Logic console, in the drop-down menu, click Reports.
- In the left navigation pane, expand Archived Reports.
All options for scheduling new PCI scans, saving edits to existing PCI scans, running PCI scans, and disputing PCI scans are disabled. Only historical PCI scan reports can be viewed.
To view past PCI scan disputes in the Alert Logic console:
- On the Scans page, click the PCI Compliance tab.
- Click Dispute System.
- Click the name of the disputed scan results you want to view.
Once reviewing a scan result, you can sort the list of vulnerabilities by various parameters, by ascending or descending order, and search content. You can perform searches to find a specific vulnerability. In the search bar on the top right of the page, search for all or part of the name of the vulnerability, a specific port or protocol, host information, or any partial string of text that is part of the vulnerability text.