Beginning on May 5, Alert Logic® Cloud Defender™ and Managed Detection & Response™ (MDR) customers will have a unified, streamlined, and simple experience when creating and managing notifications for incidents, correlation rules, and scheduled reports. The unification of notification management in the Alert Logic console provides customers greater granularity and control of their email notifications from Alert Logic.
The location of creation and management for incident notifications, correlation rules, and associated notifications with the Alert Logic console has changed slightly - as discussed below. Existing notifications have rolled over with these changes; however, existing incident notification preferences will be mapped to individual escalation and threat level notifications, which can now be independently managed.
Incident Notifications
Create new incident notifications to stay alerted to any threat or log incident that Alert Logic creates, or to escalations as soon as a threat exposure occurs. Alert Logic recommends that all customers have at least incident notifications configured to confirm that a member of your staff will be notified of incoming incidents.
Create incident notifications within the Alert Logic console - for Cloud Defender customers, at Incidents > List; for MDR customers, at navigation menu (
) > Respond > Incidents - by clicking Add Notification above the list of incidents.
Note: Clicking the down arrow to the right of Add Notification allows you to choose View Notifications, which will take you to the greater Notification Management page.
When creating an incident notification, you can provide a name for the notification, choose the escalated notification or threat level incident notification you want to be notified on, subscribe yourself and other users to the notification, and manage notification delivery - whether you would like the notification delivered to an email or via an integration.
After saving the new incident notification, you and any other chosen recipients will begin receiving email notifications from Alert Logic, alerting you to new incidents based on your defined threat level parameters.
Correlation Rules and Notifications
Create a correlation rule and its associated notifications within the Alert Logic console at Search > craft and run a search query > open Search drop-down > Create Correlation.
When creating a correlation rule, name the correlation rule, set it to active or inactive, define the search query, and configure observation notification or incident generation options. Click Save and Continue to add an associated notification.
View, edit, and delete all existing correlation rules - for Cloud Defender customers, at Search > Correlations; for MDR customers, at navigation menu > Investigate > Search > Correlations.
New Report Scheduling
Schedule reports and create associated notifications within the Alert Logic console - for Cloud Defender customers, at Reports > any report category > any report group > a specific report; for MDR customers, at navigation menu > Validate > Reports > any report category > any report group > a specific report - and choose Schedule this Report.
While scheduling a report, you can also define notification delivery to communicate when the report is ready and include a PDF of the results in the notifications, if you choose. Provide requested details, choose a frequency for which you would like the report to run, identify desired recipients of the scheduled report, and manage notification delivery.
Access and download all reports generated from the schedules you've created - for Cloud Defender customers, at Reports > Downloads; for MDR customers, at navigation menu > Validate > Reports > Downloads.
New Health Summary Reports
New daily, weekly, and monthly health summary reports are now available for MDR customers only. These reports provide valuable insight into the daily, weekly, and monthly issues related to protected networks, log data collection, network IDS traffic, and hosts that are missing agents in your environment. Access and schedule these reports within the Alert Logic console at navigation menu > Validate > Reports > Service > Health. MDR customers' existing health notifications will be mapped to the new health summary reports.
Note: The Daily Health Summary report can be configured to generate at a daily, weekly, or monthly cadence.
Viewing and Managing All Notifications
View and manage the above described notifications in one location within the Alert Logic console - for Cloud Defender customers, within the support menu (
) > Notifications; for MDR customers, at navigation menu > Manage > Notifications.
The Notification Management page houses all notifications associated with incidents, correlation rules, and scheduled reports. Here, you can view and filter to find all notifications based on active or inactive status, type, user, integration, and threat level.
The Alert Notifications tab houses those notifications associated with incidents and correlation observations that alert you to potential threats in near-real time. View a notification to edit or delete it. The Scheduled tab houses scheduled reports and their associated notifications. View a report schedule to edit or delete the notification and to quickly view current and past reports.
Comments
0 comments
Please sign in to leave a comment.