An Application Registry has been added to the Alert Logic® console for Managed Detection & Response Essentials, Professional, and Enterprise customers. The Application Registry is a centralized repository that shows you third-party platform integrations that assist in log collection and are available to you for easy configuration.
With Alert Logic support of third-party applications comes the ability to ingest new log sources. This new capability improves security and compliance value by giving customers the ability to search logs, run scheduled saved searches, and view incidents for the platform where security content is available.
Note: Not all third-party platforms will have security content available as soon as they begin collection, but content should be available within one quarter from the time collection begins.
Application Registry Console
The Application Registry is found in the Alert Logic console within the navigation menu () at Configure > Application Registry. Within the Applications List tab, you can configure third-party applications or add collection methods and policies to already configured applications.
Note: Some third-party products will not have a configuration experience within the Alert Logic console. These are products whose logs are collected via syslog - like most firewalls, for example. For these products, reference their respective documentation to understand how to forward syslog messages to the Alert Logic Syslog Remote Collector, which should be done on port 1514.
within the Configured Applications tab, you can sort, view, and manage your configured application collections. You can also filter between all applications, SaaS applications, and firewall log-specific applications. Metadata is available for each application collection, including the specified application name, creation and modification timestamps, and collection method and ID.
Log-Based Incident Generation
Over time, each Alert Logic-supported third-party application will provide its own set of log-collected incidents based upon security content that is developed by the Alert Logic Security Content team.
The following table provides details on the incident types that can be generated from each currently developed third-party platform in the Application Registry:
|Third-Party Platform||Product Type||Incident Types|
|Salesforce||Customer Relationship Management (CRM)||
For more information, see the Application Registry documentation.