Follow

How is data collection accomplished for Threat Manager? | Threat Manager FAQ

Threat Manager™ requires the Alert Logic® appliance (physical or virtual) in every deployment in which we engage. The Alert Logic agent is required in public and private cloud environments on any host that should be protected. The agent may be used optionally in traditional environments if desired.

Agent-based deployments

Appliances will receive traffic from the Alert Logic agent, which when installed on a protected host will capture the traffic that hits the host's network interface and forwards that traffic to the appliance.

Appliance-only deployments

When not using the agent, appliances may receive traffic from network SPANs (port mirroring) or network taps. With network SPAN, customers will need to configure their network switches to forward a copy of the traffic they wish to monitor to a monitoring port on the Alert Logic appliance.

Network taps are less common but are used in some deployments. Taps are reliable tools to get data off of the network to a monitoring appliance and would be used if a customer is resistant to tasking their switch fabric with mirroring traffic. Alert Logic will recommend a network tap vendor for customers to contact when they wish to use this option.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.