Fortra's Alert Logic has released a significant update to the Alert Logic console, offering customers a unified view of security findings across all their protected assets. Alert Logic Managed Detection & Response (MDR) maintains a comprehensive database of your assets by combining telemetry from agents, network analysis, scanning, and public cloud instrumentation.
The new Assets view gives customers a single pane of glass combining asset information with risk, visibility, and attack data. Using this interface you can sort and filter assets, and create groups of assets. Drilling down into the details for a single asset, you can also perform common configuration tasks like adjusting protection, configuring vulnerability scans, and setting up health notifications.
We have also introduced asset groups to the Alert Logic console. With asset groups, you can create consolidated views of critical hosts or other security assets that have special significance in your environment. These groups can be used in the Assets, Exposures, and Health pages to quickly refine your investigations.
By combining asset and security data, we have created a powerful tool to help you:
- Summarize incidents, exposures, health findings, and data collection volume for any protected asset
- Access up-to-date information about any asset, located in any monitored data center or public cloud account
- Quickly locate assets matching a name, IP address, or cloud ID
- Build custom asset groups or use the existing topology of your environment to focus on key areas
News Assets Interface
Get started in the Alert Logic console at (navigation menu) > Investigate > Assets.
Several tools are available to help you search and customize this view. Search for assets by name or IP address using the quick filter text area next to the magnifying glass () icon. Click Filters to refine the list by protection level, health, or other common attributes.
Click the column selection button ( ) to customize column order and select from more than 30 data points, including:
- Visibility: MDR protection level, agent installation status, analyzed data volume, and health status
- Risk: Counts of exposures by severity, from scanning and cloud configuration analysis, and the time of the last scan
- Threats: Counts of open incidents, from MDR or third-party security findings
- Asset data: IP addresses, host name, operating system type, and discovery time
From an asset in the list, you can take quick actions or directly view detailed security data with a single click.
You can also select multiple assets to perform bulk actions, such as scheduling an expedited scan.
Drill Down to Asset Details and Configuration
To get more details on an asset, click on the asset name. Asset information is shown as a dashboard with metadata and security details. When viewing a single host or appliance, the dashboard includes statistics and a summary of the security findings for that asset. Aggregated findings are shown for higher-level assets, such as subnets or networks.
The data in the tables and charts provide links to continue your investigation. For example, click on the summary of an incident to view it in the full incidents console.
Asset Groups
The easiest way to get started with asset groups is by selecting one or more hosts in the Assets page, and selecting Add to asset group. You can also use this action to add assets to an existing asset group.
Once you have created an asset group, it will be available as an asset filter. Click on Filters, select one or more items from the Asset Group menu, and click Apply.
You can also manage asset groups by opening (navigation menu) > Configure > Asset Groups.
Using the Asset Groups configuration page, you have access to additional features:
- Creating a larger linked asset group combining one or more existing asset groups
- Using asset group expressions to incorporate dynamic data like AWS tags into asset group definitions.
Asset groups are a powerful compliment to the Assets page. We have also extended support to the Exposures and Health pages, using the Asset Group filters.
Asset group filters are planned for more of the Alert Logic console, including the Incidents page, reports and dashboards.
Additional Resources
For more details on Assets and Asset Groups see these Alert Logic support resources:
Comments
0 comments
Please sign in to leave a comment.