As part of planned improvements to the Alert Logic Managed Detection and Response (MDR) platform to streamline security content and extend emerging threat detection capabilities, Cloud Defender platform reports will no longer be available to customers with Cloud Defender subscriptions on June 10, 2022.
To ensure all customers have access to the improved detection capabilities, the deprecated reports have been replaced with several MDR reports. Cloud Defender customers can access and download these reports as data, crosstab, or PDF files, as well as schedule them to run periodically and enable report generation notifications.
Note: Any replaced reports will not carry over previous schedules. To schedule the replacement reports, you must create a schedule for them at Reports > the report that has been replaced > Schedule This Report.
Report Experience Changes for Cloud Defender Customers
Cloud Defender customers can find reports in the Alert Logic console under the Reports menu. Use the following mappings to identify replacement MDR reports for those deprecated Cloud Defender-specific reports.
- Incident Report Mapping
- Event Report Mapping
- WAF Report Mapping
- Universal Report Mapping
- Log Report Mapping
- Compliance Report Mapping
- Deprecated Reports
Incident Report Mapping to MDR Reports
The following information describes within which MDR reports you can find data previously found in Cloud Defender incident reports.
Cloud Defender Incident Report | Report Replacement | Location in Console Reports Page |
Executive Summary | Monthly Incident Account Summary Weekly Incident Account Summary |
Threats > Incident Account Summary > View |
Full Report | Monthly Incident Analysis Weekly Incident Analysis |
Threats > Incident Analysis > View |
Incidents by Status Incidents by Classification Incidents by Threat Level Incidents by Time |
Incident Daily Digest Incident Distribution Explorer |
Threats > Incident Analysis > View |
Incidents by Summary | Monthly Incident Analysis Weekly Incident Analysis |
Threats > Incident Analysis > View |
Top Hosts Triggering Incidents | Incident Target Explorer Report | Threats > Incident Analysis > View > Incident Target Explorer Report |
Incident Report Mapping to Alert Logic Console Location
The following information describes where in the Alert Logic console (not within an MDR report) you can access data previously found in Cloud Defender incident reports.
Incident Report | Location in Alert Logic Console |
Incidents by Time of Day |
Search > Search > Expert Mode |
Event Report Mapping to MDR Reports
The following information describes within which MDR reports you can find data previously found in Cloud Defender event reports.
Cloud Defender Event Report | Report Replacement | Location in Console Reports Page |
Executive Summary | Network IDS Events Explorer | Threats > Event Analysis > View > Network IDS Events Explorer |
Full Report Event by Time |
Monthly Event Analysis Weekly Event Analysis |
Threats > Event Analysis > View |
Events by Classification | Network IDS Events Explorer | Threats > Event Analysis > View > Network IDS Events Explorer |
Top Signatures Top Source Addresses Top Source Ports Top Destination Addresses Top Destination Ports Top Source / Destination Combinations |
Top Event Sources and Destinations | Threats > Event Analysis > View > Top Event Sources and Destinations |
Events Per Second by Customer | Network IDS Traffic | Service > Capability Usage > View > Network IDS Traffic |
Event Report Mapping to Alert Logic Console Location
The following information describes where in the Alert Logic console (not within a MDR report) you can access data previously found in Cloud Defender event reports.
Cloud Defender Event Report | Location in Alert Logic Console |
Events - Detail |
Search > Search > FROM IDS Events in FROM drop-down |
Event Export by Malware and SQL Injection |
Search > Search > FROM IDS Events in FROM drop-down |
WAF Mapping to Alert Logic Console Location
The following information describes where in the Alert Logic console (not within an MDR report) you can access data previously found in Cloud Defender WAF reports.
Cloud Defender WAF Report | Location in Alert Logic Console |
Reports > WAF> Activity |
Reports > WAF > Other Reports > Activity |
Reports > WAF> Policy |
Reports > WAF > Other Reports > Policy |
Reports > Threats > Capability Usage > WAF Traffic > WAF Traffic |
Reports > WAF > WAF Usage > WAF Traffic |
Reports > Threats > Web Application Analysis > WAF Violation Explorer |
Reports > WAF > Web Application Analysis > WAF Violation Explorer |
Reports > Threats > Web Application Analysis > WAF Violation Trends |
Reports > WAF > Web Application Analysis > WAF Violation Trends |
Universal Report Mapping to MDR Reports
The following information describes within which MDR reports you can find incident or user data previously found in Cloud Defender universal reports.
Cloud Defender Universal Report | Report Replacement | Location in Console Reports Page |
Enterprise - Incident sections only* | Monthly Enterprise Risk Weekly Enterprise Risk |
Risk > Enterprise Risk > View |
CIO Threat - Incident sections only* | Monthly Incident Account Summary Weekly Incident Account Summary |
Threats > Incident Account Summary > View (Select Count by Deployment option) |
CIO Threat Trends - Incident sections only* | Incident Distribution Explorer |
Threats > Incident Analysis > View > Incident Distribution Explorer |
Active Users | Current Users | Service > Users > Current Users |
* Vulnerability results are not included in the MDR replacement reports but still can be found in the Cloud Defender Universal reports.
Log Report Mapping to Alert Logic Console Location
The following information describes where in the Alert Logic console (not within an MDR report) you can access data previously found in Cloud Defender log reports.
Cloud Defender Log Report | Location in Alert Logic Console |
No Hosts on Appliance | Configuration > All Deployments > Hosts |
Log Collection Health | Configuration > All Deployments > Log Sources |
Customized Log Reports |
Search > Search > FROM Log Messages in FROM drop-down |
Compliance Report Mapping to MDR Reports
The following information describes within which MDR reports you can find compliance status data previously found in Cloud Defender compliance reports.
Cloud Defender Compliance Report | Report Replacement | Location in Console Reports Page |
PCI Compliance > Executive Summary PCI Compliance > Full Report |
PCI Compliance Full | Compliance > Compliance - Full Report > View > PCI Compliance Full |
GLBA Compliance > Executive Summary GLBA Compliance > Full Report |
GLBA Compliance Full | Compliance > Compliance - Full Report > View > GLBA Compliance Full |
HIPAA Compliance > Executive Summary HIPAA Compliance > Full Report |
HIPAA Compliance Full | Compliance > Compliance - Full Report > View > HIPAA Compliance Full |
SOX Compliance > Executive Summary SOX Compliance > Full Report |
SOX Compliance Full | Compliance > Compliance - Full Report > View > SOX Compliance Full |
Deprecated Reports
The following Cloud Defender-specific reports have been deprecated and do not have replacement MDR reports:
- Incident reports:
- Internal vs External Incidents
- Incident / Block / Rollback Trends
- Event reports:
- Events by Threat Level
- Internal vs External Events
- Cases reports*:
- Cases by Owner
- Cases by Status
- Cases by Age
* Log Review analysis results can be viewed in the Alert Logic console at Incidents > List > Open status > Detection Source filter: Log Review. Scan results are available at Overview > Dashboard > Scans.
Additional Resources
For a complete guide of report types, categories, descriptions, and features offered, see our Report Guides:
Comments
0 comments
Please sign in to leave a comment.