In recent years, Fortra has acquired three brands (Digital Defense Frontline VM, Alert Logic, and Beyond Security) that are certified as PCI Approved Scanning Vendors (ASV). We have consolidated our scanning into a single Fortra Vulnerability Management (Fortra VM) solution to give customers the best features and capabilities from each of our PCI ASV scanning products.
Alert Logic PCI ASV certification status expires in April 2024. Today, all Alert Logic Managed Detection & Response (MDR) and Cloud Defender customers were migrated to use the self-service PCI ASV capabilities available in Fortra VM, including external network scanning, web application scanning (WAS), PCI disputes, and PCI Compliance reports.
Your “External – PCI” scan policies in the Alert Logic console were transferred over to Fortra VM if the status was set to Enabled or was Disabled but had run during the previous 90 days. Also, the schedule status and most settings (scan targets, frequency, start time, timezone) were retained.
ACTION REQUIRED - Due to this migration, you need to:
- Ensure your firewalls allow traffic from the following originating IP address ranges:
- US = 3.146.42.96/27
- EU/UK = 13.50.164.192/27
- Have your users register credentials with Fortra Identity Provider (FIDP) for secure authentication to the Alert Logic console and Fortra VM.
- Configure browsers to allow exceptions for third-party cookies.
Your FIDP credentials will provide seamless access to the following updates in the Alert Logic console and Fortra VM:
Read on to learn more about each update.
Updated Navigation Menu Options
The main navigation menu in the Alert Logic console has been updated to redirect you to the PCI ASV features in Fortra VM and provide access to archived PCI Scanning and Disputes pages in the Alert Logic console.
The following new menu options are available:
- Navigate to > Configure > Fortra VM PCI Scanning
- You are redirected to the Scan Groups page in Fortra VM.
- Active PCI ASV scan policies that were migrated from Alert Logic can be found on this page.
- For more information about using Fortra VM for PCI ASV scanning, refer to the Fortra VM PCI ASV Guide for Alert Logic Customers.
- Navigate to > Validate > Fortra VM PCI Scan Disputes
- You are redirected to the PCI Scan Disputes page in Fortra VM.
- For more information about disputing PCI scan results in Fortra VM, refer to the Dispute Vulnerabilities section in the Fortra VM PCI ASV Guide for Alert Logic Customers.
- Navigate to > Configure > PCI Scanning (Archive)
- You can access historical data from previous PCI ASV scans and reports.
- Navigate to > Validate > PCI Scan Disputes (Archive)
- You can access historical data from previous PCI scan disputes.
Note: The PCI Scanning (Archive) and PCI Scan Disputes (Archive) menu options are not presented to Alert Logic customers without scans prior to the migration.
Access to Historical Data
As of April 3, 2024, PCI ASV features are disabled in the Alert Logic console. All PCI ASV scan policies in the Alert Logic console are disabled. In addition, all options in the Alert Logic console for scheduling new PCI scans, saving edits to existing PCI scans, running PCI scans, and disputing PCI scans are deprecated and no longer supported.
However, the following historical data is still accessible in the same location in the Alert Logic console:
- Previous PCI scan policies and settings including targets, start dates/times, timezone, etc.
- Previous PCI scan results
- Previous PCI disputes including comments
- PCI reports from previous PCI scans
Additional PCI ASV Features in Fortra VM
The PCI ASV capabilities in Fortra VM are at parity with or offer improvements to the previous Alert Logic PCI ASV features. However, Fortra VM provides additional features, options, and flexibility to:
- Execute VM and WAS scans together or separately
- Select scan speed for external network scans
- Define custom tuning policies for web application scans
- Add 3b special notes for specific vulnerabilities
- Submit and manage disputes at the vulnerability level
- Re-dispute using previous submission
- Use scan dispute digest notification option
- Select specific scans or scan groups when generating PCI Compliance reports
- Search by specific fields in the PCI vulnerability dictionary
For a detailed comparison of PCI ASV features previously available in Alert Logic to features currently available in Fortra VM, refer to this article.
In addition, you can use the following table to determine the new location for PCI ASV actions you commonly perform.
If you are looking to: | New Fortra VM location | Previous Alert Logic location |
View PCI Scan Schedules |
SCANS > Scheduled Scans OR SCANS > Scan Groups |
Configure > PCI Scanning > Scans |
Create PCI Scans | SCANS > Scan Groups > select "+ New scan group" option | Configure > PCI Scanning > Scans > select "Schedule PCI Scan" option |
Disable or Enable PCI Scans | SCANS > Scan Activity > select scan > More drop-down > select "Enable" or "Disable" option | Configure > PCI Scanning > Scans > select "Disable or "Enable"" option |
Pause, Resume or Stop PCI Scans | SCANS > Scan Activity > Click Pause, Resume or Stop icon for specific scan | Configure > PCI Scanning > Scans > select "Stop" option for specific scan |
Dispute Vulnerabilities | SCANS > Scan Groups > select scan group > select scan > PCI > select vulnerabilities > select Dispute vulnerability option | Configure > PCI Scanning > Scans > Results> PCI Scan Results > Dispute Results |
Manage Disputes | SCANS > PCI Disputes | Validate > PCI Scan Disputes |
Create PCI Compliance Reports | REPORTS > History > select "+ New report" option | Configure > PCI Scanning > Scans > Results> PCI Scan Results > select report |
Access PCI Compliance Reports | REPORTS > History | Configure > PCI Scanning > PCI Compliance |
Additional Resources
Learn more about the PCI ASV migration, Fortra Identity Provider, and Fortra VM with the following documentation:
- Fortra VM PCI ASV Guide for Alert Logic Customers
- PCI ASV Scanning Migration Frequently Asked Questions
- Fortra Single Login and Identity Provider Frequently Asked Questions
- Migrate to Fortra VM for PCI ASV Scanning
- Allow Exceptions for Third-Party Cookies
- TLS Email Encryption
- Manage PCI Scans
- Fortra VM PCI ASV Scan Feature Comparison
Comments
0 comments
Please sign in to leave a comment.