On April 02, 2024, all Alert Logic Managed Detection & Response (MDR) and Cloud Defender customers were migrated to use the self-service PCI ASV capabilities available in Fortra VM, including external network scanning, web application scanning (WAS), PCI disputes, and PCI Compliance reports. You will find that the PCI ASV capabilities in Fortra VM are at parity with or offer improvements to the previous Alert Logic PCI ASV features.
This document provides a detailed comparison of PCI ASV features previously available in Alert Logic to features currently available in Fortra VM for the following feature categories:
PCI Scan Management Features
Refer to this table for a side-by-side comparison of features for managing PCI scan schedules and scan execution.
PCI Scan Management Features | Fortra VM | Alert Logic |
---|---|---|
Include Targets: IPs, IP ranges, CIDR, Domain Names |
Y |
Y |
Include Targets: Asset Groups, Ports | Y | |
Exclude Targets | Y | Y |
Intervals (Daily, Weekly, Monthly, Quarterly) |
Y | Y |
Intervals (Yearly) | Y | |
Schedule Start and Time Zones |
Y | Y |
Schedule End (Never, Occurrences, By Date) | Y | |
Scan Notifications |
Y | Y |
Execute External & Web App scan together | Y | Y |
Execute External & Web App scan separately |
Y | |
View scan status | Y | Y |
Pause, resume or stop scan | Y | Y |
PCI Disputes Features
Refer to this table for a side-by-side comparison of features for submitting and managing PCI disputes.
PCI Disputes Features | Fortra VM | Alert Logic |
---|---|---|
View PCI vulnerabilities from scan in a single view |
|
Y |
View VM and WAS scan vulnerabilities separately | Y | |
Dispute failed vulnerabilities (policy-based) | Y | |
Dispute failed vulnerabilities (vuln-based) |
Y | |
Re-dispute using previous submission | Y | Y |
Add comments and file attachments |
Y | Y |
3b Special Notes (auto-generated by system) | Y | |
3b Special Notes (provided by customer) |
Y | |
Review disputed items in a single view | Y | Y |
Dispute requests accepted or rejected by PCI Analyst |
Y | Y |
Dispute workflow notifications | Y | Y |
PCI Reports Features
Refer to this table for a side-by-side comparison of features for creating and accessing official PCI reports.
PCI Report Features | Fortra VM | Alert Logic |
---|---|---|
Reports for Attestation of Scan Compliance, Summary, Vulnerability Details, Detailed CSV |
Y |
Y |
Reports for PCI Documentation Requirements, PCI Required Remediation | Y | |
Create reports from scan policy or group | Y | Y |
Create reports from multiple scans |
Y | |
Password-protected report files | Y | |
Contact info |
Y | Y |
Attest to scan scope | Y | Y |
Attest to load balancer use and synchronization |
Y | Y |
Out-of-scope exclusions (provided by customer) | Y | |
Add 3b Special Notes |
Y | Y |
Warning messages about passing report | Y | |
Certification workflow for official reports | Y |
Additional Features
Refer to this table for a side-by-side comparison of additional features for supporting the PCI ASV process.
PCI Report Features | Fortra VM | Alert Logic |
---|---|---|
Adjust scan speed in the console |
Y |
|
Define custom WAS tuning policy in the console | Y | |
Filter vulnerability library for PCI vulnerabilities | Y | |
Search vulnerability dictionary by CVE_ID |
Y | Y |
Search vulnerability dictionary by specific fields | Y |
For more information about using the self-service PCI ASV capabilities available in Fortra VM, refer to the Fortra VM PCI ASV Guide for Alert Logic Customers.
Comments
0 comments
Please sign in to leave a comment.