The Search tab allows you to search for the following:
- Log Messages
- Deny Logs
You can use any combination of the available search features—the event number search, search filters, and right-click options—on the events page to either search for a specific event or narrow a long list of events.
For more information, refer to our Events help documentation.
The Blocks page, accessible under the Search tab, allows you to access, view details of, and search blocking actions instituted on your network. You can also roll back or reissue blocks. The Blocks page is available only if you have a physical appliance.
For more information, refer to our Blocks help documentation.
Log messages are the primary tool that you can use to access the log messages collected across all Alert Logic® log management sources.
The Omnibox on this page is where you can start building your query. This will provide you with various suggestions as you type. You can build queries based on message, context, message type, log source, and so on.
Note: All queries built on this page can also be saved and scheduled for use again.
For more information, refer to our Omnibox knowledge base article.
Saved Views and Scheduling
When searching log messages, you also have the functionality to build many advanced searches and queries. You can save these for later use. These saved views can then be shared between colleagues and child customers.
Alert Logic has also built many predefined saved views which are available to all customers. These saved views can also be configured to run on a schedule and will email you the results in either .csv or .pdf format.
For more information, refer to our Log Manager messages help documentation.
An Alert Logic® case groups together identified security issues, or case items, that require investigation, action, or follow-up. By using cases, you can organize and prioritize your security-related tasks. For example, you can group certain incidents and vulnerabilities into a case and then track that case through to resolution.
You can create cases manually as needed, and you can also set up your system to create a case automatically when an incident is escalated. After a case has been created, you can modify its contents. For example, you can add or remove case items, define to-do items, assign owners, change the priority, and so on.
For more information, refer to our Cases help documentation.
You can use two major features to help you search and sort through deny logs. You can use these features alone or in combination to suit your workflow.
Note: This is only for WAF (Web Security Manager Premier) customers
For more information, refer to our Web Security Manager Premier help documentation.