During incident analysis, Alert Logic collects data and our Analytics Engine applies thousands of analytics to detect suspicious and malicious behavior. Many of these analytics correlate multiple pieces of evidence into a single incident. For example:
- Scans, repeatedly applying different techniques to detect potential vulnerabilities
- Brute force and credential stuffing attacks, testing multiple well-known or weak credentials on monitored services
- Spreading malware, where multiple suspicious events are observed by endpoint protection software in a short period of time
Fortra’s Alert Logic has made updates to improve how evidence is presented in the Alert Logic console for long running incidents. Additional evidence collected after the creation of an incident is now available in the Evidence Timeline and the Evidence section of the Incident Details page.
Display of Additional Evidence
If available, new evidence is retrieved when viewing the Evidence tab of Incident Details page for a selected incident. A note at the bottom of the screen indicates this process is complete. Click Refresh to load the new evidence.
New evidence is visible in two locations in the Incident Details page for a selected incident:
- In the Evidence Timeline on the Investigation and Recommendation tab with a note indicating new evidence is available
- In the Evidence tab—with a "New" badge next to each additional piece of evidence that was gathered after incident creation
Additional Resources
Learn more about incident evidence and analytics with the following Alert Logic documentation:
Comments
0 comments
Please sign in to leave a comment.