Note: The following information relates only to those customers that subscribe to the Alert Logic® SIEMless Threat Management™ Professional and Enterprise product offerings.
New Log Review functionality is available for existing SIEMless Threat Management Professional and Enterprise customers. These customers can now analyze Log Review incidents within the Alert Logic console's Incident Console, subscribe to Log Review alerts via the Incident console, and utilize new Log Review Analysis reports. Customers upgrading to Professional or Enterprise in the future will receive this feature to replace their existing Log Review cases experience.
Log Review in the Incident Console
Log Review incidents are now available within the Incident console, which can be found at Incidents in the Alert Logic console. Log Review incidents are classified under the Info threat level, log-review classification, and Log Review detection source.
Log Review Incident Escalation Notification
If you are subscribed to Escalations within the Incident Console, you will receive email notifications when Alert Logic analysts escalate Log Review cases. Learn how to subscribe to Escalations in the Incident Notification Management knowledge base article. Alert Logic does not recommend you subscribe to the Info threat level unless you are interested in seeing both escalated Log Review incidents and security operations-closed Log Review details.
Log Review Analysis Reports
Professional and Enterprise customers will be able to utilize a new Log Review report group on March 1, 2019. Log Review Analysis, which can be found within the Alert Logic console at Reports > Threats > Log Review Analysis, provides valuable insight and trending data for incidents reviewed daily by the Log Review team.
Within the Log Review Analysis report group, you will find the Monthly Log Review report, which provides a summary analysis and various visuals of your Log Review incidents for the selected month. On the first day of each month, the Log Review incident data from the previous month will populate data within this report.