Alert Logic Intelligent Response™ has been updated with new technology and analytics, providing customers with additional options for automated protection. This update adds response capabilities to devices inside customer networks, like firewalls and directory servers.
Intelligent Response was announced in April 2022 and allows customers to confidently enable automation of incident response at their own pace and comfort level. In the Alert Logic console at (navigation menu) > Respond > Automated Response, you will find the following pages and capabilities:
- Simple Responses
- Simple History
- Exclusions
- Approvals
For more information regarding Alert Logic Intelligent Response, refer to the announcement of Intelligent Response from April 2022.
New Simple Response Technology
With this update, new technology for Simple Responses - Microsoft Active Directory, Palo Alto NGFW, and Fortinet Fortigate. The three core simple response use cases for Intelligent Response currently include the following table, with the new technology in bold.
Use case | For what outcome? | Example incident | Simple Response technology |
Disable user | • Stop leaked credential use • Minimize danger from compromised user |
• Malware detected for user • Successful brute force |
• Amazon Web Services (AWS) Identity and Access Management |
Shun attacker | • Disrupt reconnaissance • Leverage detection in one technology to many devices |
• External brute force attack • MITRE ATT&CK reconnaissance incidents |
• AWS web application firewall (WAF) • Alert Logic WAF • Palo Alto NGFW (new) • Fortinet FortiGate (new) |
Isolate host | • Contain compromised host • Stop lateral movement of ongoing attack |
• Endpoint detection and response / antivirus failures • Host detected as internal attacker |
• SentinelOne • Microsoft Defender for Endpoint |
The new actions extend the capabilities of the Alert Logic appliances to perform actions inside customer networks, while maintaining full control of response actions through the Alert Logic MDR platform.
New Analytics
Alert Logic added both new recommended blocks for SentinelOne analytics, for High Severity alerts and outbreaks, and added new simple blocks, which can be selected individually by users for a wide variety of analytics covering:
- Activity SentinelOne considers suspicious
- Suspicious behavior related to possible web attacks
- Vulnerability scanning activity
- Reconnaissance tools
Additional Resources
For additional information on Intelligent Response, see these Alert Logic support resources:
- Alert Logic Mobile Application
- Intelligent Response Simple Responses Automation Types
- Intelligent Response Simple Responses Workflow
- Intelligent Response Simple Responses Customer Approval Workflow
- How do I log in to the Alert Logic mobile app?
- Intelligent Response Keyword Glossary
- Intelligent Response Frequently Asked Questions
- Get Started with Automated Response
- Get Started with Simple Responses
- Simple Response Configuration Guide
- Exclusions
Comments
0 comments
Please sign in to leave a comment.