Fortra's Alert Logic has introduced improvements to the Alert Logic console for Managed Detection & Response (MDR) customers, providing additional context for Remote Sources.
Among these improvements is a new tabular view of Remote Sources being ingested, allowing you to easily obtain additional metadata and perform actions.
You can access these improvements within the Assets Console by selecting Investigate > Assets > Remote Source.
Background
A Remote Source consists of logs that have been pushed to one of our syslog collectors, a Remote Collector, or Log Manager. These are sources where the standard agent cannot be installed, but the logs have high security value. Most commonly, this is a firewall, such as Palo Alto or Cisco.
Previously, these sources appeared in the Configure Log Sources section within a Datacenter Deployment tile.
Asset Console Improvements
The list of improvements include:
- Remote Source now has its own tab within the Assets UI
- New tabular view of Remote Sources with columns containing metadata
- Dynamic list of ingested Remote Sources - any new syslog sources appear automatically, and any sources that have not seen logs within 10 days get removed
- The ability to quickly search and view source logs
- The Remote Source Asset table is exportable to a CSV file
- Each Remote Source has a summary and details page with additional information on the source
- New Log Sources tab on the Remote Collectors and Log Managers Asset Detail pages shows ingested sources
These improvements aim to provide a more intuitive, user-friendly interface, and improve the overall experience of managing and monitoring logs received from your infrastructure.
Additional Resources
See the following documentation to learn more about Log Managers and Remote Collectors:
Firewalls Collection
See the following documentation for each of the firewall products we can ingest:
- Configure Checkpoint Firewall Collection
- Configure Cisco ASA Collection
- Configure Cisco Meraki Collection
- Configure Cisco Secure Firewall Threat Defense Collection
- Configure Fortinet Log Collection
- Configure Juniper Firewall Collection
- Configure Juniper NetScreen Firewall Collection
- Configure Palo Alto Collection
- Configure SonicWall Collection
- Configure WatchGuard Firewall Collection
Comments
0 comments
Please sign in to leave a comment.