Cloud Defender Release Notes

Alert Logic Cloud Defender release notes

Release date: October 31, 2018

Change

This release introduces the improved Alert Logic Incident console, which allows you to quickly access relevant open incident data, grouped by severity and type of attack, so that you can address incidents quickly and more effectively. The new Incident console will roll out to customers in stages during the coming months.

Bug fixes

None

Features

  • The Incidents Summary page displays an at-a-glance view of the incidents in your environment, grouped by severity and type of attack, and allows you to refine that view by time period and classification or deployment. In addition, you can drill into a cluster of incidents you need to explore.
  • The Incident List page lists your incidents, and allows you to apply filters to view incidents by severity, detection source, and deployment.
  • The advanced search feature allows you to create complex queries you combine with selected filters to further refine your incident search results.
  • Select any incident in the list to view an incident report, recommendations for addressing the incident, and incident evidence.
  • You can export all incident data to a PCAP file and use your preferred traffic analysis tool.
  • Redesigned and simplified email notifications allow you to easily subscribe to different notification types for your account and those you manage.

Release date: October 3, 2018

Alert Logic Agent Container

Change

This release of the Alert Logic Agent Container introduces support for log collection. Support for Alert Logic Agent Container log management requires that you enable the default Docker logging driver (json-file).

This release also provides support for additional platforms. The full list of supported platforms and deployment types is:

Amazon Web Services

  • Amazon Elastic Container Service for Kubernetes (Amazon EKS)
  • Amazon Elastic Container Service (Amazon ECS)
  • AWS Elastic Beanstalk for Multicontainer Docker Environments
  • CoreOS deployed on AWS EC2 instances
  • Docker
  • Kubernetes deployed on AWS EC2 instances

Microsoft Azure

  • Azure Kubernetes Service (AKS)
  • CoreOS on Azure
  • Docker
  • Kubernetes ACS-Engine

Google Cloud Platform

  • Google Kubernetes Engine (GKE)

Data Center

  • CoreOS
  • Docker
  • Kubernetes

For more information about the Alert Logic Agent Container, see the Alert Logic public GitHub repository.

Bug fixes

None

Features

None

Release date: August 1, 2018

Change

This release includes a new report for your AWS assets. AWS Incident Analysis reports provide valuable insights and trending data for incidents discovered in your AWS environments by Network IDS. The reports include:

  • AWS Incident Daily Digest: Displays the incidents received the previous day for the selected deployments. You can view the List of Incidents by threat level, classification type, or by GuardDuty findings.
  • AWS Incident Daily Digest Trends: Allows you to view a histogram chart that displays the incident daily digests for specified date range.
  • AWS Risk Summary: Displays the risk level for a selected group of assets,by incident count and average exposure score. The quadrant in which the selected asset group appears, and its color, indicates the risk level for the assets. You can filter the report by asset type, date range, deployment, threat level, and CVSS Score.
  • AWS Incident Distribution Explorer: Displays incidents by threat level and classification type for a specified time period. You can filter the report by date range, deployment, account ID and AWS asset.
  • AWS Targeted Deployment Explorer: Displays an incident distribution, by AWS asset or account ID, within your deployments. You can further filter the results by one or more asset types, and one or more categories.
  • AWS Targeted Deployment Trends: Displays an interactive graph depicting incident distribution, for a specified time period, by AWS account, region, and/or AWS asset.
  • AWS Incident Attacker Explorer: Displays the top 10 attackers, and their descriptions and distributions by type. You can customize the report to display incidents within a date range, deployment, AWS account ID, AWS region, VPC, subnet, security group, and tags.

Release date: July 11, 2018

Change

Alert Logic updated the IAM policy documents for the following Cloud Defender AWS deployment scenarios:

  • IAM Policy document for full permission deployment
    defender-single_account-full.txt
  • IAM policy document for minimal permission deployment
    defender-single_account-min.txt
  • IAM policy document for full permission deployment with centralized log collection (receiving account)
    defender-collection_account-full.txt
  • IAM policy document for full permission deployment with centralized log collection (protected account)
    defender-protected_account-full.txt
  • IAM policy document for minimal permission deployment with centralized log collection (receiving account)
    defender-collection_account-min.txt
  • IAM policy document for minimal permission deployment with centralized log collection (protected account)
    defender-protected_account-min.txt

These updates do not affect your existing deployments. However, you must use these policy documents for new deployments. All AWS policy documents for Cloud Defender deployments are available in Configure Alert Logic Cloud Defender AWS cross-account role access.

Release date: October 31, 2017

Features

  • Cloud Defender is now listed on Google Launcher in the Standalone SaaS category.
  • All deployments on the Google Cloud Platform are managed by the Alert Logic Deployment Services team for Cloud Defender appliances and agent deployments.

Notice

  • Automation features in Cloud Defender that are available in other cloud platforms, such as auto-assignment or auto-claiming, are not yet supported in Google Cloud Platform.
  • Cloud Defender deployments on Google Cloud Platform are managed deployments, performed byAlert Logic Provisioning teams, and are not self-service.