Fortra

Alert Logic Products & Services Glossary

The following list of terms are those that we at Alert Logic® believe are important for you to understand, both within the Alert Logic console and our Knowledge Base.

Glossary

  • ActiveAnalytics: An Alert Logic system that employs our security rule library and threat intelligence information to identify potential threats

  • ActiveWatch: A service provided by Alert Logic that can be added to Network IDS or Log Management solutions and that consists of a team of analysts that identify and verify security risks that could threaten your infrastructure; Note: This term applies only to Alert Logic Cloud Defender, Threat Manager, or Log Manager customers who are not utilizing the new product and pricing structure

  • Administrator user: One of five roles available within the Alert Logic console that allows for full management and read access on assigned and managed accounts, as well as the ability to create or delete users for both assigned and managed accounts; a full description can be found in the Role-Based Access Controls in Alert Logic Console knowledge base article

  • Agent: Alert Logic software that can be installed on a host utilizing our Network Intrusion Detection System (IDS) and/or Log Management services to collect information from your protected environments

  • Agent Container: A self-contained container image that is deployed into containerized workloads to provide network intrusion detection and container application log collection services

  • Alert Logic Decryptor: A component within the Alert Logic appliance that decrypts network traffic

  • Analytic: An incident's type or category, which corresponds to a specific detection capability, such as the detection of a brute force attack; Alert Logic continues to add analytics as new attacks are detected

  • Approval: Request for a human to allow an automated response to proceed for a particular response target

  • Assignment policy: A set of rules that indicate to appliances how to handle incoming traffic from agents; can be created within the Alert Logic console - only for Cloud Defender or Threat Manager customers - at Configuration > Network IDS > Policies > Assignment

  • Blocking: A feature used within Alert Logic Network IDS to prevent an attacker from accessing a host via a specific port, signature type, or host on a firewall; blocking actions can be found within the Alert Logic console at Configuration > Network IDS > Blocking ConfigurationNote: This navigation path applies only to Cloud Defender or Threat Manager customers

  • Cloud Insight Essentials: An AWS-native security service that shows you why, where, and how to respond to Amazon GuardDuty findings while continuously assessing your AWS configurations to find exposures and recommend actions that prevent future compromise

  • Credentials: Your authentication information, which may allow for more in-depth scanning of your environments

  • Collection alert: A set of rules that reports unassigned agents or agents that have errored out to notify when the collection of traffic has stopped; can be found in the Alert Logic console - only for Cloud Defender, Threat Manager, or log Manager customers - at Configuration > Network IDS or Log Management > Alert Rules > Collection

  • Correlation alert: A set of rules that can send an email alert when Alert Logic receives a configured amount of a specific log message type during a configured time frame; can be found in the Alert Logic console - only for Cloud Defender, Threat Manager, or Log Manager customers - at Configuration > Log Management > Alert Rules > Correlation

  • Correlation policy: A set of rules for collection based on the type of log messages you want to collect; can be found in the Alert Logic console - only for Cloud Defender, Threat Manager, or Log Manager customers - at Configuration > Log Management > Policies > Correlation

  • Credentialed scan: Most comprehensive type of scan possible with Alert Logic that generates the most accurate assessment of real vulnerabilities that may exist on a device by encrypting customer credentials

  • Deployment: A top-level organizational object that groups like assets based on environments they are housed in; generally based on a single AWS, Azure, or data-center environment

  • Alert Logic Enterprise: An offering that includes all Essentials and Professional capabilities plus 24x7 managed WAF defense, an assigned SOC analyst, and controlled threat hunting

  • Escalation: An incident that has been analyzed by an Alert Logic analyst and has been deemed a potential attack; can be found in the Alert Logic console - only for Cloud Defender, Threat Manager or Log Manager customers - at Configuration > Notification > Policies > Incident Notifications

  • Alert Logic Essentials: An offering that includes asset discovery and visibility, vulnerability scanning, Threat Risk Index, compliance scanning and reporting, cloud configuration management, and support for multiple environments

  • Event: An observable occurrence that may imply harm or a potential compliance violation as detected by our threat sensors or log collection appliances deployed within your network environment

  • Exclusion: User-defined exceptions to an automated process, such as in Intelligent Response or scanning

  • Health state: One of five statuses that agents may be in based on their condition within your environment - New, OK, Warning, Error, or Offline

  • Incident: A correlation of events that imply harm to an information system, violate acceptable use policies, or circumvent standard security practices, and that may be classified into one of four risk levels - low, medium, high, and critical - as defined by the Alert Logic ActiveAnalytics platform or a Security Operations analyst

  • Incident response: The process Alert Logic follows when addressing a detected cybersecurity attack in a customer's environment

  • Interactive reports: Alert Logic reports that provide convenient access to analysis, statistics, and trending data related to the configuration, status, and outcomes from your subscribed products and services and that utilize interactive filtering options, visual representations of data, informative tooltips, and download and export options; can be found in the Alert Logic console - for Cloud Defender, Threat Manager, or Log Manager customers at Reports, and for Alert Logic Essentials, Professional, or Enterprise customers at main menu (dashboards_menu_icon.jpg) > Validate > Reports

  • Logs: Application information, system preferences, or user activities generated from your environment by the Log Management service

  • Log Management: Alert Logic software that collects and can aggregate log data from cloud, server, application, security, container, and network assets in your environments

  • Log Review: An Alert Logic service that is used to satisfy the log review and analysis components of security best practices and designed to meet several compliance mandates

  • Log tuning: A scheduled activity where an Alert Logic security analyst will work with a customer to find which log sources and messages are contributing most to your log volume and possible opportunities to remove non-security-essential logs

  • Managed Web Application Firewall: Alert Logic web application firewall and managed service that include a dedicated security expert

  • Manual vs. automatic appliance claim: Two processes of claiming an appliance from which a customer can choose

    • Manual: Claiming an appliance within a browser window through either an interactive or programmatic process

    • Automatic: The appliance is automatically claimed for you if your appliance is within Amazon Web Services or Microsoft Azure cloud environments and the Alert Logic Cross Account Role is set up

  • Multi-factor authentication: A login step that provides additional account security through a required authentication code that, if enabled, you must enter in order to log in to your Alert Logic account

  • Monitoring policy: A set of rules that allow you to define the networks you want an appliance to monitor; can be found in the Alert Logic console - only for Cloud Defender, Threat Manager, or Log Manager customers - at Configuration > Network IDS > Policies > Monitoring

  • Network Intrusion Detection System: Alert Logic software that monitors and detects threats in hybrid, cloud, and on-premises environments

  • Owner user: One of five roles available within the Alert Logic console that allows for full management and read access to assigned and managed accounts, but that does not have the ability to create or delete users ; a full description can be found in the Role-Based Access Controls in Alert Logic Console knowledge base article

  • Physical appliance: A physical device that is leased to a customer and installed with the assistance of Alert Logic Onboarding Engineers; most commonly used for non-agent-based deployments

  • Power user: One of five roles available within the Alert Logic console that allows for full management and read access to assigned accounts and read-only access to managed accounts; a full description can be found in the Role-Based Access Controls in Alert Logic Console knowledge base article

  • Alert Logic Professional: An offering that includes all Essentials capabilities plus 24x7 incident monitoring and management, security analytics, threat intelligence, log collection and monitoring, intrusion detection, and event insights and analysis

  • Protected host: A host in a customer's environment that has the Alert Logic agent installed on it for IDS monitoring. Note: While a protected host can show as in "Error" within the Alert Logic console, it is still a protected host - albeit one that may not be functioning properly.

  • Protected network: A network within a manual environment with an agent(s) enabled that is being protected by another network in the environment enabled with an appliance; a full description of this concept and functionality can be found in the Configure Cross-Network Protection knowledge base article. Note: This term applies only to Essentials, Professional, or Enterprise customers

  • Protecting network: A network within a manual environment with an appliance enabled that is protecting another network in the environment enabled by an agent(s); a full description of this concept and functionality can be found in the Configure Cross-Network Protection knowledge base article. Note: This term applies only to customers subscribed to SIEMless Threat Management

  • Quick block: An ability offered by Alert Logic that allows an IDS appliance to log into a customer firewall with provided credentials and issue a SHUN command on a provided IP address

  • Read Only user: One of five roles within the Alert Logic console that allows for read-only access to your assigned account; a full description can be found in the Role-Based Access Controls in Alert Logic Console knowledge base article

  • Remediation: An action you can take to resolve one or more security or configuration problems in your environment; can be found in the Alert Logic console - for Cloud Defender, Threat Manager, or Log Manager customers at Remediations > List, and for Essentials, Professional, or Enterprise customers at main menu (dashboards_menu_icon.jpg) > Respond > Exposures

  • Response target: The user, host, IP address, etc. on which a response will be taken

  • Restrict network: Specification of a subnet that allows traffic captured by the Alert Logic agent to be sent back to the appliance on a specific interface

  • Security Content Center: A section in the Alert Logic console that shows all recent security content updates and advisories; accessible only to Cloud Defender, Threat Manager, or Log Manager customers at Settings (settings_menu.png) > Security Content Center

  • Security group: A set of rules that act as a firewall that controls the traffic allowed to reach your instances

  • Security Operations Center: A 24x7 Alert Logic team that monitors, triages, and escalates threats

  • Service Review Report: A report sent to customers by Alert Logic that provides an analysis of the health and value of your Alert Logic services, as well as insight into areas that are working well and areas that may need improvement

  • Shun: A blocking action on a firewall or web application firewall

  • Status Page: A web page that allows customers to monitor the status of their products and view information about overall system health and product outages; can be found at https://status.alertlogic.com/ - or, for Essentials, Professional, or Enterprise customers, at main menu (dashboards_menu_icon.jpg) > Manage > Service Status

  • Support/Care user: One of five roles available within the Alert Logic console that allows for read-only access to assigned and managed accounts; a full description can be found in the Role-Based Access Controls in Alert Logic Console knowledge base article

  • Threat Risk Index: An Alert Logic-generated score that represents the amount of threat risk found within your environment and is comprised of several factors; Note: This term applies only to Essentials, Professional, or Enterprise customers

  • Virtual appliance: A software image downloaded from the Alert Logic console that can be installed on customer-owned servers; only supported on VMWare

  • Whitelist policy: A set of rules that allow you to define a list of approved IP addresses allowed to communicate with hosts in the Alert Logic-protected network; can be created within the Alert Logic console - only for Cloud Defender, Threat Manager, or Log Manager customers - at Configuration > Network IDS > Policies > Whitelist

Related articles

Comments

0 comments

Please sign in to leave a comment.

Copyright ©2023 Alert Logic, Inc.
All rights reserved. | Legal