Follow

Service Review Report | Feature Education

In This Article

Overview

The Service Review report, sent to customers by Alert Logic®, provides an analysis of the health and value of the customer’s Alert Logic services. This report provides you with insight into areas that are working well and areas that may need improvement and can be used to determine the value that Alert Logic is providing.

This report is broken down into numerous sections to create an easy-to-read report that highlights various details about your Alert Logic service. This article can be used as a guide to reading the report, including potential action items for each section and related Knowledge Base articles that may be helpful.

You can find the timeframe for the report in the top right corner and Alert Logic contact information at the bottom of each page of the report.

Back to top

Customer Information Section

The Customer Information section of the report provides you with basic information about your account, such as how long you have been using Alert Logic products and services, what products and services you are currently subscribed to, and who your escalation contacts are.

Action Items

Review the escalation contacts (name, phone number, email) and notify Alert Logic via support@alertlogic.com if there are any changes needed. 

Related Knowledge Base articles:

Back to top

Visibility Section

The Visibility section provides insight into what Alert Logic can monitor within your environment. This section is divided into two subsections:

Collection Status Subsection

The Collection Status subsection shows the status of collection for Alert Logic agents for Alert Logic Log Manager™ and Alert Logic Threat Manager™. Details for Log Manager and Threat Manager are displayed separately for four areas:

  • Log Collection Agents: Refers to Log Manager and the collection of log data using the Alert Logic Agent.
  • Remote Log Collectors: Refers to the collection of log data without the presence of a local Log Manager appliance. This means that Log Manager agents are sending log data to an Alert Logic cloud-based collector.
  • Monitored Networks: Refers to Threat Manager and the process of receiving a copy of the target network traffic from a span port (mirror port) or from a network tap.
  • Protected Hosts: Refers to Threat Manager and the process of collecting network traffic from individual hosts using the Alert Logic agent.

For each collection type, data is shown in a pie chart, where the size and color for each section of the pie represent counts for the OK, Warning, New, Error, and Offline states.

Action Items

Review your network and agent configuration within the Alert Logic console and remediate any issues, such as agents in an Error state or unexpected Offline state. If you need additional assistance, contact the Support team using the Alert Logic Support Contact Information.

Related Knowledge Base articles: 

Back to top

LM and TM Traffic Trending Subsection

Alert Logic provides host agents for Log Manager and Threat Manager products that enable log collection on hosts where agent installation is desired for Log Manager and collection of network traffic for Threat Manager. Traffic trending provides insight into usage changes in volume over time, allowing you to identify unexpected peaks and valleys in traffic.

Action Items

If you notice anomalous trends in your traffic, review your network and agent configuration within the Alert Logic console and remediate any issues. If you need additional assistance, contact the Support team using the Alert Logic Support Contact Information.

Related Knowledge Base articles:

Back to top

Monitoring Section

An incident is a correlation of events that imply harm to an information system, violate acceptable use policies, or circumvent standard security practices. Alert Logic classifies these incidents into four risk levels: Low, Medium, High, and Critical, as determined by the Alert Logic ActiveAnalytics™ platform and/or a Security Operations Center (SOC) analyst.

The generation and escalation of incidents and cases are the key deliverables of Alert Logic services. This section displays what Alert Logic found for you while monitoring your critical infrastructure. The reports in this section reflect the value of our products (Threat Manager, Web Security Manager, ActiveWatch for Log Manager, ActiveWatch for Threat Manager) and highlight the value of the security analysts in our SOC who provide detection, analysis, and escalation of security incidents.

The Monitoring section is divided into the following subsections:

Incident Counts by Day Subsection

The Incident Counts by Day subsection displays the daily counts of incidents for a given month. The volume of incidents shown side by side is a key indicator of the value that Alert Logic provides. This report can also be used to identify monthly trends for threats and how Alert Logic dealt with the threats.

Action Items

If you notice unexpectedly high or low incident counts, review your incidents within the Alert Logic console. To discuss your incidents further, contact the Support team using the Alert Logic Support Contact Information.

Related Knowledge Base articles:

Back to top

Incident Classification Distribution Subsection

The Incident Classification Distribution subsection displays data about the types of attacks creating incidents and the associated incident counts for a given month. In addition, you can compare the types of threats that you are receiving to the averages for all Alert Logic customers.

Incident classification is a major factor in determining an incident’s threat level, which in turn determines how and when an incident is escalated, as well as what kind of remediation recommendations are provided by Alert Logic security analysts.

Action Items

If you notice an unexpectedly high count for a certain attack classification, review incidents within the Alert Logic UI. To discuss your incidents and tuning possibilities, contact the Support team using the Alert Logic Support Contact Information.

Related Knowledge Base articles:

Back to top

Incident Threat Severity Level Distribution Subsection

The Incident Threat Severity Level Distribution subsection displays a breakdown of monthly incidents by severity and compares your data with the averages for all Alert Logic customers to provide insight into incident trends.  Alert Logic classifies incidents into four threat severity ratings: Critical, High, Medium, and Low.

Action Items

If necessary, review your incidents within the Alert Logic console. To discuss your incidents further, contact the Support team using the Alert Logic Support Contact Information.

Related Knowledge Base articles:

Back to top

Incidents by Classification and Threat Severity Level Subsection

The Incidents by Classification and Threat Severity subsection displays a tabular summary of the classification types and threat levels for your incidents. With this view, you can get a quick overview of all your incidents.

Action Items

Review incidents within the Alert Logic console. To discuss your incidents further, contact the Support team using the Alert Logic Support Contact Information.

Related Knowledge Base articles:

Back to top

Incident Distribution by Source Subsection

The Incidents Distribution by Source subsection displays charts identifying the originating sources of your incidents. Incidents created by Alert Logic can originate from three possible sources:

  1. Network (Intrusion Detection System – Threat Manager)
  2. Web Security (Out-of-band web application firewall - Web Security Manager)
  3. Systems (Logs – Log Manager)

Note: If an incident did not originate from any of these sources, then it is a manually generated incident. Manually generated incidents are not included in these charts.

Action Items

Review incidents within the Alert Logic console. To discuss your incidents further, contact the Support team using the Alert Logic Support Contact Information.

Related Knowledge Base articles:

Back to top

Support Section

The Support section summarizes support cases you have opened with Alert Logic. At the top of the report, the total number of pending cases displays. The “Pending” status means that the ticket is not yet solved and Alert Logic is waiting on information from the customer before further action can be taken.  

In addition, this report displays how many cases have been closed in the last six months and the median time in days to close these cases, which indicates Alert Logic’s efficiency in handling customer cases.

Action Items

Review your pending cases and take any necessary actions. For information about viewing and adding support tickets, refer to our Getting the Most Out of the Alert Logic Help Center | Best Practices article. If you need further assistance, call the Support team using the Alert Logic Support Contact Information.

Back to top

Appendix

The Service Review report also includes an appendix to provide you with definitions of terms used throughout the report. This section includes descriptions of collection statuses, incident threat severity levels, and incident classifications.

Back to top

Alert Logic Support Contact Information

US: 877.484.8383 (Option 2)

UK: +44 (0) 203 011 5533 (Option 1)

support@alertlogic.com

Back to top

 

Was this article helpful?
1 out of 1 found this helpful
Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.