04/07/2022: Legacy Migration from IDS Event Search to Universal Search

A new IDS (intrusion detection system) event search experience is available for Alert Logic customers with access to the IDS Event Search page in the Alert Logic console. The updated event search experience can be found at the following destinations:

• For Threat Manager and Threat Manager Professional customers, at Search > Search > Simple Mode in far right-hand drop-down > FROM IDS Events in FROM drop-down.
  
  
• For Managed Detection and Response customers, at (navigation menu) > Investigate > Search > Search > Simple Mode in far right-hand drop-down > FROM IDS Events in FROM drop-down.

Note: Both the original IDS event search experience, found at Search > Events, and the new search experience will be available for your use in the Alert Logic console through the end of April. At the end of this time, the original experience will be deprecated, and only the new experience will be available going forward.

Updated IDS Event Search

Alert Logic continues to improve on the Search experience. Over the next few months, Alert Logic will migrate IDS event data from the Search > Events tab to the simplified Universal Search experience, which supports streamlined results and allows for quicker investigation efforts. You will notice some differences between this new experience and the original, the most important of these improvements include:

• Removal of a Threat distinction from events - Threat levels are now evaluated if an event turns into an incident. You will no longer see the Threat column in IDS event search results.
  
  
• Search filters as search result columns - Search filters in the original IDS event search experience are now individual columns within the search results. Include any additional data you want to be surfaced in the results via Simple Mode search, and these will generate as columns in the results.
  
  
• Managed account search - You can search for IDS events on any accounts you manage by toggling the Search Managed Accounts toggle.
  
  
• Bulk event selector for incident creation - Select several events at once via the checkboxes in the far-left column of the search results to create an incident.
  
  
• Clearer and more informative Event Details - Find event details by selecting any event generated from an IDS event search.
  
  
• Improved saved and scheduled search functionality - Access this functionality by selecting the down arrow to the right of the Search button and selecting Save and Schedule Search.

Note: Legacy event block configurations will continue to be honored after the deprecation of the legacy Event Search page.

When this change is imminent, the notice at the top of the original event search page, as well as the information in this article, will be updated with exact dates and additional information. To be notified of the exact dates for the deprecation of the original experience, click the FOLLOW button at the top of this article. You must be signed into the Support Center using your Alert Logic product credentials to follow this article.