Several legacy Alert Logic console pages are being deprecated and will no longer be in use for Cloud Defender customers. This change is part of an initiative to migrate legacy services to the Alert Logic Managed Detection and Response (MDR) platform for better architecture scaling and ongoing feature enhancements. The decommissioned legacy pages have been replaced by new features. Learn more about the pages being decommissioned and where to find corresponding pages and information below.
In This Article
- Event Search and Blocking Policies Decommission
- Correlations Decommission
- Report Deprecation and Replacement
- Defense Alerts Decommission
- Incident Alerts Decommission
- Cases Decommission
Event Search and Blocking Policies Decommission
An improved Event Search experience was introduced to all customers on April 7, 2022, to simplify the search experience and support the generation of streamlined results for investigation efforts. Alongside the decommission of the old event search page on June 3, several blocking functions have been updated or decommissioned.
Event Search Decommission
A new IDS (intrusion detection system) event search experience has replaced legacy event search for Cloud Defender customers. The updated event search experience can be found at Search > Search > Simple Mode in the far right-hand drop-down > FROM IDS Events in the FROM drop-down.
Additionally, host blocking now occurs within an Event Details page by selecting an event from the search results > Open > Block Host in the top right corner.
Learn more about these changes and the new IDS event search in our Legacy Migration from IDS Event Search to Universal Search knowledge base article.
Policy-Based Event Signature Blocking Decommissions
Policy-based event signature blocking configurations will continue to be available after the deprecation of the legacy Event Search page, but some configuration pages are now read-only and policy editing and creation are now limited.
Network blocking policies and whitelist configuration pages - in the Alert Logic console at Configuration > Network IDS > Blocking Configuration > Policies and Whitelist - are read-only as of June 3, 2022. Additionally, when searching for blocks at Search > Blocks > click on an ID, event telemetry-based blocks no longer have hyperlinks to additional details for the Created by Policy and From Event sections.
The Blocks page at Search > Blocks continues to be available, and current blocking policies and whitelisted IP configurations continue to function as previously configured. Creating new and updating existing firewall configurations continues to be available at Configurations > Network IDS > Blocking Configuration > Configuration.
Legacy correlation functions in the Alert Logic console - previously at Configuration > Log Management > Policies > Correlation and Configuration > Log Management > Alert Rules > Correlation - have been deprecated. Improved correlation functionality is available within the Alert Logic Search interface at Search > Search > create a valid search query > Search drop-down arrow > Create Correlation.
For more details on using the improved correlation alert and scheduled search functions, see our Improved Correlations and Search documentation and our When should I use a scheduled search or create a correlation alert? knowledge base article.
Report Deprecation and Replacement
As part of planned improvements to streamline security content and extend emerging threat detection capabilities, Cloud Defender-specific incident and event reports are no longer available to customers with Cloud Defender subscriptions as of June 10, 2022.
To ensure all customers have access to the improved detection capabilities, the deprecated reports have been replaced with several MDR reports. Cloud Defender customers can access and download these reports as data, crosstab, or PDF files, as well as schedule them to run periodically and enable report generation notifications.
Detailed mappings from deprecated Cloud Defender reports to replacement MDR reports are available in our Decommissioned Cloud Defender Report Mappings knowledge base article.
Event Alerts Decommission
Legacy Event Alerts - previously at Configuration > Notification > Events - are no longer available to customers with Cloud Defender subscriptions as of June 10, 2022. To receive alert notifications on threats, configure an incident notification at Incidents > List > + Add Notification button. For more information on using incident notifications, see Incident Notifications.
Defense Alerts Decommission
Legacy Defense Alerts - previously at Configuration > Notification > Defense - are no longer available to customers with Cloud Defender subscriptions as of June 10, 2022. Issued blocks can be viewed at Search > Blocks.
Incident Alerts Decommission
Legacy Incident Alerts - previously at Configuration > Notification > Incidents - are no longer available to customers with Cloud Defender subscriptions as of June 10, 2022. To receive alert notifications on threats, configure an incident notification at Incidents > List > Add Notification button. For more information on using incident notifications, see Incident Notifications.
As a concept, cases have been replaced by incidents, scans, and reports. Cloud Defender case functions in the Alert Logic console - previously at Search > Cases - and case reports - previously at Reports > Scheduled > Case Reports - have been decommissioned as of June 3, 2022.
- For incident-related information, see Incidents at Incidents > List.
- For Scan Results, see the Scan menu at Overview > Dashboard > Scans > Scans Tab > Results.
- For threat reports, see the reports available at Reports > Threats.
Please sign in to leave a comment.