When you set up Alert Logic® Cloud Insight™ to scan a VPC, an automated process deploys the scan appliance in a /28 subnet created in the VPC to separate the instance. In addition, the network access controls lists are updated in every subnet to ensure we can reach each instance. The security groups on your instances are however not changed by this process to avoid any conflicts with your security group configuration.
In order for our scans to work, you need to adjust your security groups to allow incoming access from our scanning appliance. Alert Logic creates a security group for its scanning appliance that you can use to update your instance security groups. Allow access from the security group “Alert Logic Security Group <DEPLOYMENT ID>, where <DEPLOYMENT ID> is the identifier of the deployment for which you are scanning. You can find this identifier in the Alert Logic console by clicking on your name in the top, right corner and clicking Support.
Alternatively, you can click the following link and search for the deployment you are looking to scan: https://console.account.product.dev.alertlogic.com/users/#/support
When a scan is performed, Cloud Insight analyzes your workloads and configuration data against a library of known vulnerabilities and misconfigurations. Cloud Insight checks:
- All major operating systems for known vulnerabilities (Windows, Linux : Debian, Redhat, Ubuntu, Centos; BSD, AIX, MacOS, etc.)
- Major operating systems configuration settings against industry practices (Windows 2008, 2012, Red Hat Enterprise Linux 5/6, CentOS Linux 6, Ubuntu 12, etc.)
- All major internet protocols for vulnerabilities (HTTP, SSH, SSL, IPSEC, POP3, IMAP, SNMP, NTP, FTP, etc.)
- All major router and firewalls for vulnerabilities (Cisco, Linksys, F5, Checkpoint, Watchguard, Juniper, etc.)
- All major server applications (Exchange, IIS, Apache, MS-SQL, PostgreSQL, Mysql, Sendmail, Bind, etc.)
- Major standard web-applications (JIRA, Outlook Web-access, Drupal, Joomla, etc.)
These checks are updated daily to ensure Cloud Insight is using the most up-to-date vulnerability information available, with exceptions during change freeze periods.
Note: Alert Logic observes change freeze periods during the last week of November and the last two weeks of December to minimize service disruptions during those critical times of year for many of our customers. Scanning content to cover critical zero-day exploits in the wild will be released during the change freezes as needed.
Still have questions? Check out other customers’ posts or add your own in the Cloud Insight Essentials community.