02/10/2022: Alert Logic Console Threat Intelligence Center

The Threat Intelligence Center is the newest addition to the Alert Logic console for Managed Detection and Response Professional and Enterprise subscribers. It provides insight into Alert Logic threat coverage by displaying security content details in an interactive, tabular list. In the Threat Intelligence Center, you can: 

• Learn technical details about how Alert Logic analyzes data to produce security outcomes with security content
  
• Gain visibility to all customer-agnostic security content and coverage details provided by Alert Logic 

• Determine if your environment is configured to maximize security value

The Threat Intelligence Center can be found in the Alert Logic console at > Investigate > Threat Intel Center.

Threat Intelligence Center Features

The Threat Intelligence Center provides three types of content that Alert Logic provides visibility into – Analytics, Log Parsers, and Intrusion Detection System (IDS) Signatures. The content types are accessible via tabs at the top of the Threat Intelligence Center webpage.

Analytics Content

Analytics content within the Threat Intelligence Center includes information on what source or telemetry is required to generate an incident in the Alert Logic system. Here, you can filter through several filter selections – Visibility, Threat Level, Telemetry, MITRE Tactic, and MITRE Technique – to view details on incidents and observations Alert Logic has identified as potentially threatening.

Log Parser Content

Log parser content within the Threat Intelligence Center includes information on log sources that are collected and also parsed by Alert Logic and in a position to detect events that could be correlated to incidents. Here, you can filter through several filter selections – Log Source, Vendor, and Log Source Classification – to view details on log messages and log sources Alert Logic has identified as potentially threatening.

IDS Signature Content

IDS signature content within the Threat Intelligence Center includes information on the event signatures on the Alert Logic appliance and in a position to detect events that could be correlated into incidents. Here, you can filter through one filter selection – Signature Source – to view details on signatures and signature sources Alert Logic has identified as potentially threatening.

User Preference and Data Customization

For all the above-described types of content, you can customize your data visualization through the following features: 

• Date selection – By selecting the calendar icon (), you can choose a custom date range that will show you only the data associated with those dates, per the timestamp in the Last Updated column in the data table. There are four pre-set date ranges to choose from, as well – 24 hours, 7 days, 30 days, and all time.
  
  
  
  
• Search – You can search through each set of data using the exact string Search bar. This will search through all fields, including columns that are not currently selected.
  
  
• Column preferences – You can select which columns appear on-screen through the Choose Columns drop-down menu, as well as adjust their order and width by dragging and dropping a column. These set preferences will be preserved during your session. You can navigate away from the page and come back, and your column changes will stay the same; however, if you open the page in a new browser or new session, they will not be preserved.
  
  
  
  
• Export data – You can only export data from the Log Parsers and IDS Signatures content types into CSV file by checking boxes at the far left of each row. You can bulk export all data by checking the box in the top row. When you have selected the data to be exported, click Export at the bottom of the webpage.
  
  
  
  
• Preview and summary details – You can view at-a-glance preview data by hovering over any row. Select the item to see more detailed summary information on the data.