Investigate

The Investigate group, found within the navigation menu (), houses the following pages:

• Search
• Topology
• Vulnerability Library
• Threat Intel Center

Search

The Search page allows you to search on log messages, IDS (intrusion detection system) events, and FIM (file integrity monitoring) data and allows you to view and managed saved searches, correlations, and downloads.

Search

Alert Logic uses SQL-like text strings to create logical operator statements to search through your log messages via the Search tab. On this tab, you can toggle between Simple and Expert Mode search options. Simple Mode search is optimized for the most common types of searches, and results are returned to match all the search terms you apply. Expert Mode search utilizes SQL keywords and functions, message fields, strings, and aliases to construct a more complex, but more specific search query.

Saved Searches

View and manage all saved searches within the Saved Searches tab. Filter by whether a search is scheduled or not, associated tags, and data types.

Correlations

View and manage all correlations with the Correlations tab. Filter by status and type and sort by Last Triggered, Alphabetical, Creation Date, and Last Modified Date.

Downloads

View and download scheduled searches generated by a schedule you have set in the Downloads tab.

Topology

The Topology page allows you to see and manipulate a visualization of your environment's VPCs, VNETs, subnets, and hosts.

You can choose from any of your deployments via the Deployment drop-down menu and applicable regions via the Regions drop-down menu.

The blue and gray icons in the top left corner allow you to highlight the various options within the visualization. These icons are, from left to right, Scope, Remediations, Scan map, Credentials map, Agent map, Load balancer, Security groups, AMI, Container, and Stopped instance. Click on the desired icon and the topology map will change to reflect those applicable VPCs, subnets, and hosts.

Click on any node in the topology to access more information, stats, credentials, and actions.

Vulnerability Library

A vulnerability is an important weakness to identify within your environment, as it can allow an attacker to reduce the information security of a system. Vulnerabilities are used to determine the security of your system.

Alert Logic lists all the scan content that Alert Logic scanners can check for at the Vulnerability Library tab. Search for and view information on a specified vulnerability Alert Logic scans for and see whether it impacts assets in your environment.

Threat Intel Center

The Threat Intelligence Center provides insight into Alert Logic threat coverage by displaying security content details in an interactive, tabular list.

The Threat Intelligence Center provides three types of content that Alert Logic provides visibility into – Analytics, Log Parsers, and IDS Signatures. The content types are accessible via tabs at the top of the Threat Intelligence Center webpage.