The Investigate group, found within the navigation menu (), houses the following pages:
The Search page allows you to search for both logs and events.
Alert Logic® utilizes SQL-like text strings to create logical operator statements to search through your log messages via the Log Search tab.
If you are familiar with SQL, type your operators, AND statements, and OR statements into the WHERE field. To quickly clear your search, click CLEAR in the top left corner of the search bar. if you are not familiar with SQL, the Search Assistant is available to assist you.
If your search contains invalid syntax, a warning icon will appear to the left of the search field. Mouse over the warning icon for details on where the invalid syntax is located. Additionally, if your search query contains invalid syntax, you will not be able to perform the search.
Here, you can also create and utilize saved searches.
For more information on log search and syntax guidelines, see the following documentation and knowledge base articles:
The Events tab allows you to search for and view a list of events and event details.
You can use any combination of the available search features - event number, search filters, and right-click options - on this page to either search for a specific event or narrow a long list of events down.
For more information, see our Events documentation.
The Topology page allows you to see and manipulate a visualization of your environment's VPCs, VNETs, subnets, and hosts.
You can choose from any of your deployments via the Deployment drop-down menu and applicable regions via the Regions drop-down menu.
The blue and gray icons in the top left corner allow you to highlight the various options within the visualization. These icons are, from left to right, Scope, Remediations, Scan map, Credentials map, Agent map, Load balancer, Security groups, AMI, Container, and Stopped instance. Click on the desired icon and the topology map will change to reflect those applicable VPCs, subnets, and hosts.
Click on any node in the topology to access more information, stats, credentials, and actions.
A vulnerability is an important weakness to identify within your environment, as it can allow an attacker to reduce the information security of a system. Vulnerabilities are used to determine the security of your system.
Alert Logic lists all the scan content that Alert Logic scanners can check for at the Vulnerability Library tab. Search for and view information on a specified vulnerability Alert Logic scans for and see whether it impacts assets in your environment.
Threat Intel Center
The Threat Intelligence Center provides insight into Alert Logic threat coverage by displaying security content details in an interactive, tabular list.
The Threat Intelligence Center provides three types of content that Alert Logic provides visibility into – Analytics, Log Parsers, and IDS (Intrusion Detection System) Signatures. The content types are accessible via tabs at the top of the Threat Intelligence Center webpage.