Data collected from your environment by Alert Logic can be analyzed, saved, and shared within the Alert Logic console. Most collected data, such as log messages and network IDS data, can be viewed using the search functionality within the Alert Logic console at > Investigate > Search. The following details describe different ways to save or share your data analytics in the Alert Logic console.
Share and Save Search Analytics
The following techniques can be used for collaboration with teammates with access to the Alert Logic console and to export data or search queries that can be shared with stakeholders external to the Alert Logic console.
Share a Query or Search Results Using the Search Console
Quickly copy a link directly to a search query and search results, which can be sent to fellow console users for direct access to the search details. You can also use this functionality to quickly bookmark a specific search for yourself.
At > Investigate > Search > Search, build and complete a search. Once the search is complete, a bar will appear at the top left of the screen confirming the number of results found. Within this bar, select the Share icon (), which instantly copies a direct link to the search query and corresponding search results. You can then paste this link into communications, bookmarks, reports, and more.
Note: Shared search results are only valid for 30 days and only accessible to other users of the Alert Logic console on your account.
Save a Query in the Search Console
Save a search query for yourself or another user to easily access later by building and/or performing your search query at > Investigate > Search > Search, then saving it by opening the menu connected to the Search button () and selecting Save and Schedule Search.
Access saved searches at > Investigate > Search > Saved Searches or at Investigate > Search > Search > Saved Searches.
Download and Share Search Results
Export search results and share the downloaded file with stakeholders outside of the Alert Logic console. Navigate to > Investigate > Search > Search and perform a search. Three exporting options are available to you here:
- To bulk export all search results, check the box at the top left of the results table, and then select Export in the blue bar that appears at the bottom of the screen.
- To bulk export more than one result (not all), check the boxes to the left of two or more results and select Export in the blue bar that appears at the bottom of the screen.
- To export only one result, click on the result's row in the table and select Export.
Schedule a One-Time Search
Schedule a one-time search, which can be shared with fellow console users via email or exported for external stakeholders.
Navigate to > Investigate > Search > Search > build and/or perform a search query > select Save and Schedule Search from the menu attached to the Search button () > complete required information in the Create Saved Search Schedule and toggle Create Scheduled Search (in next step) on and to the right > select Save and Continue > complete required information and under Conduct a search, select As soon as possible > subscribe any relevant stakeholders to the search > select Save.
Note: Results are saved for the duration of your data retention period, and the default data retention period is 13 months.
Schedule a Periodic Search or Create a Correlation
Schedule a periodic search or create a correlation to share collected data with fellow console users. Complete both of these actions by navigating to > Investigate > Search > Search > open the menu connected to the Search button () > select either Save and Schedule Search or Create Correlation.
Review the When should I use a scheduled search or create a correlation alert? knowledge base article for additional guidance.
Comments
0 comments
Please sign in to leave a comment.