The Remediations page in the Alert Logic® console houses all the suggested remediations found within your environment. They are sorted by rank to show which remediation will have the most positive impact on your environment's security posture if completed. The Plan page under the Remediations main menu tab allows you to take responsibility for remediations by assigning them to your plan.
The following article describes an Alert Logic best practice process for completing the suggested remediation actions for your environments that utilize Cloud Insight. You will learn how to view your remediation details, assign a remediation to your remediation plan, and move the remediation out of your plan and into its final state.
Remediations are found under the Remediations main menu tab of the Alert Logic console. Each remediation can be viewed in more detail by clicking the Details button to the right of the remediation.
Once you open a remediation, you can click on the individual exposures or CVEs shown in the left column titled Exposures. This gives you a brief description of the issue or exposure, environmental impact, and Alert Logic's recommended resolution steps.
The middle column, titled Affected Assets, shows all the assets affected by the exposure. You can click on any asset to show the relevant metadata.
The right column, titled Evidence, shows the evidence from your Amazon Web Services environment for each remediation and relevant asset.
You can add a remediation directly from the List page of the Remediations main menu tab by clicking the check box to the left of one or more remediations, as shown in the following image. Once you have chosen the desired remediation(s), click Add to My Plan and your selections will be added to your personalized plan. You can also add a remediation to your remediation plan while in the detailed remediation view by utilizing the same Add to My Plan button.
Move a Remediation Out of My Plan
Once a remediation is in your plan, you will be able to execute the steps to correct the issue within your environment. When you finish your remediation efforts, you can either:
- Allow Cloud Insight to auto close the issue during the next scan.
- Mark the issue as Complete for validation by Cloud Insight. Issues marked complete that require further action will be re-opened.
The Dispose button allows you to remove the remediation as an acceptable risk, false positive, or compensating control. You are also able to specify how long you want the remediation removed from the Remediations page. Select the appropriate option from the as and until drop-down lists, include any necessary notes, and then click Dispose.
The Remove From My Plan button removes the remediation from your personalized plan and places it back into the Remediations page for another user to take ownership of.
NOTE: Remediation disposals only apply to the affected assets. Any new assets that are affected by that same issue will automatically be presented to you for individual evaluation.