In This Article
- Incident Console Feature Additions
- Incident Notification Management
- Additional Incident Reports
Note: If your account subscriptions provide you with the new Alert Logic® Incident Console and its features, as seen in the below image, the information within this article applies to you. All other customers will receive the updated Incident Console in the coming months. Contact Alert Logic Support with questions about the availability of these features.
The Alert Logic Incident Console was released to a subset of customers in August 2018 and has now been released for general availability. All customers and partners will be migrated to the Incident Console experience over the coming months. This release provides some updated features that the August 2018 release did not contain, including improvements to sorting and bulk actions, improvements to incident notification management, and new reports.
For detailed information on the Incident Console and all of its features, see the Incident Console Features knowledge base article.
Several improvements have been released with the general availability of the Incident Console. These will allow you to find, view, export, and understand incidents more efficiently, as well as better manage notifications for incidents.
Incidents Summary Page Customization
On the Incidents Summary page, found at Incidents > Summary, you can now choose whether you want the summary bubble chart to show incidents based on classification or deployment. Depending on which option you choose, the x axis variables will change.
Incident Search Capabilities
Within the Incident List page, found at Incidents > List, you can now search through your list of incidents using either the simple search bar or the advanced search feature. Both are located at the top right of the incident list.
To use the simple search, type your search parameters into the text field to the left of the magnifying glass and click Enter. Your incident list will filter based on your chosen text string.
To use the advanced search feature, click on the search bar and then click advanced search that appears under the search bar. Type a query statement using the available fields and operators and, if necessary, use subsequent search fields to add OR statements and create a search that tests for multiple conditions.
Note: You cannot submit a search with invalid syntax. If invalid syntax is present, a warning icon () will appear to the left of the search field. Mouse over the warning icon for details on where the invalid syntax is located.
For detailed information on performing advanced searches, see the Perform Advanced Search documentation.
Bulk Actions Improvement
Bulk actions have been available to manage incidents in the Incident List since August 2018, and improvements have been made so that bulk checking more than 10 incidents at a time is more intuitive.
When you select all incidents in your list by checking the Bulk Actions check box to the left of the Organize By... drop down, your currently visible incidents will be bulk checked. In order to add more incidents to your bulk group, scroll down to the bottom of the page, at which point more incidents will load and automatically be added to the bulk group. Learn more about bulk action functions in the Bulk Actions section of the Incident Console Features knowledge base article.
Note: There is a limit of 100 incidents per bulk action.
A vulnerability library has been added to the Alert Logic console so that you can confirm whether we provide coverage for a specific CVE quickly and easily. The vulnerability library shows the most recent vulnerabilities first, so you can browse recent content or search for specific content. At a glance, you'll see the CVE's severity, Alert Logic products and services that cover the vulnerability, and more. You can find the vulnerability library in the Settings menu () > Vulnerability Library.
Incident notification management was updated with the release of the Incident Console in August 2018, and it has been further improved to include the ability for Alert Logic console Administrator role users to manage other users' subscriptions and create notification-only users, and for subscribed users to view incident notification history.
Note: For detailed information on the types of incidents you can receive notifications for - low, medium, high, critical, and escalated - see the Definitions and Incident Classifications & Escalation Handling sections of the Incident Handling Policy knowledge base article.
Incident notification subscription management has been moved from within the Incident Console to the Settings menu () > Notifications > Incidents. You can manage your own subscriptions under My Subscriptions by clicking on the category you want notifications for. A side panel will appear where you can choose which accounts you manage should receive notifications for the category.
Administrator-level users can manage other users' subscriptions under Manage Subscriptions of Others. Click on the user whose notification subscriptions you'd like to change. A side panel will appear, within which you can choose which categories and accounts the user should be notified of.
Notification-Only User Creation
You can now create a user in the Alert Logic console that will exclusively receive notifications. This user does not need a device set up or log-in credentials to receive notifications. Click the Settings icon () > Users > yellow + icon and input the desired notification-only user's details. Check the Notification Target Only box and click Create. This user will now be available for you to choose as a subscriber of notifications.
Within an individual Incident page, you can now see the incident's notification history. Notification history provides you with details on the time, method, subject, and recipients of an incident's notifications. Find the notification history at Incidents > List > Open an individual incident > Notification History tab next to Audit Log on the right side of the incident page.
Note: In order to see the notification history of an incident, a user must be subscribed to receive those notifications.
Two new reports have been added to the Alert Logic console that provide you with more details on your incidents and incident notification subscriptions.
Incidents Daily Digest Trends
The Incidents Daily Digest Trends report provides you with details on incident count trends for a period of time that you select. It breaks the incidents down by threat level, classification, and incident type. At the bottom of the report is a list of incidents that were created during that time period. You can find the Incidents Daily Digest Trends report at Reports > Interactive > Incident Analysis > Incident Daily Digest Trends.
You can customize the report by date range, customer account, detection source, and status. This allows you to view trends for only those incidents that fit into the parameters you set, including any or all managed accounts that you select.
Note: This is the first of many reports that will now allow you to run a report on your account and any/all managed accounts. Previously, a user would have had to run several reports and manually combine them.
The Customer Contacts report provides you with a succinct list of contacts that notifications are being sent to. Currently, the report allows you to view the subscribers of escalation notifications, general notifications, and incident notifications. This allows you to understand the contacts that notifications are being sent to, as well as see the various notification configurations for an audit of your entire environment.