In order to gather data about activity in the wild or to gather information about traffic in customer environments, Alert Logic ® may release "Telemetry" signatures. Telemetry signatures are used solely to gather data. Alert Logic takes the data in, analyzes it, and then works out how to better improve our coverage. The signatures are short lived, typically lasting one week to two weeks. This is merely Alert Logic gathering data, and this in no way affects your account.
How to Identify Telemetry Signatures
Telemetry signatures may appear in event streams for customers and are identified by having “AL TELEM” in the message name in the Alert Logic console.
High Profile Threats
In the case of a high profile threat, such as exploit reports on Apache Struts from 2017, we will analyze any exploit and may release a telemetry signature to gather data. While analyzing this data, the Alert Logic Security Operations Center (SOC) may determine that there is enough information to warrant raising an incident for you to investigate. In these cases, you do not need to perform any action if you see telemetry signatures in your event stream. If any information is discovered which is of security relevance to you as a customer, the SOC will contact you.