Note: The following information applies only to those customers who subscribe to the Alert Logic® SIEMless Threat Management™ product.
In This Article
Several features have been added to the Alert Logic console that allow you to customize your environments, networks, and agents.
You can now request that any non-appliance host asset be scanned as soon as possible. With expedited scanning, the chosen asset will be moved to the top of the scanning queue and will be scanned as soon as the current scan has completed.
Within the Alert Logic console, navigate to Overview > Topology > the desired asset () > right arrow at the top of the asset sidebar > Actions > Expedite Scan. This asset will now be scanned at the next available time.
Support for SPAN Ports
Note: The following information only applies to data center environments.
Network data can be analyzed in two ways with the Alert Logic intrusion detection system: the first being the forwarding of network data from the agent to the appliance. Another, potentially more efficient, option for data center environments is the use of SPAN ports, TAPs, etc.
You can now opt out of agent traffic forwarding to your appliance if you would prefer to utilize a SPAN port or TAP for data analysis. While you will have to set up any SPAN port or TAP that you require, this method of data analysis may be less burdensome on your resource constraints.
Within the Alert Logic console, navigate to Configuration > Deployments > any data center deployment > the desired network (). Within the Edit Network sidebar that appears, check the Network traffic is automatically forwarded to Alert Logic appliances box. All of the agents will now stop forwarding traffic to the appliance. Further, when you check this box it becomes your responsibility to configure the SPAN port and to confirm that traffic is going through it.
You are still required to install agents and confirm that they are collecting, but Alert Logic will cease forwarding of network traffic to the appliance.
Network Intrusion Detection Whitelisting
Alert Logic has added network selection to your network intrusion detection whitelisting capabilities that allows you to select what network you want to whitelist from network IDS protection.
Within the Alert Logic console, navigate to Configuration > Deployments > any deployment > Protection > Scope of Protection > Exclusions > Network IDS Whitelist. Here, you can choose which network(s) to whitelist and add any applicable protocols, CIDRs, and ports. You can also see all whitelisted networks here, under Excluded from Network IDS.
Log and intrusion detection statistics from the past hour and the past day are now available to for viewing in the Alert Logic console.
Within the Alert Logic console, navigate to Overview > Topology > the desired agent () > Stats. Here, you can view log messages, network IDS packets, and bytes received within the past hour and day.