Best way to search for vulnerabilites from previous reports
I'm pretty new to using Alert Logic and was wondering what is the best way to use the search function to search for vulnerabilities that have shown up in previous reports? Also, any tips and tricks on how to use the search function would be greatly appreciated as well.
Nathan - thanks so much for reaching out. I'm not positive whether you're referring to log search or Cloud Insight and/or scan-discovered host vulnerabilities, so here's information for both!
Cloud Insight is configured to run daily host scans to report on discovered vulnerabilities in an AWS environment. The results of these scans can be found under Remediations in the Alert Logic console. Reports can be run against these findings at Reports > Vulnerabilities. Here's some documentation to help you navigate the console:
Cloud Defender also scans, and these can be configured and viewed at Overview > Dashboard > Scans. Reports can also be run against these discovered vulnerabilities at Reports > Scheduled > Vulnerability Reports. Another resource for you:
Under Search, you can perform searches against all system logs sent to us and any events discovered by our threat management service. Search resources:
Tips and tricks on using search:
I also recommend that you review this Knowledge Base section on the Alert Logic Console Overview and that you take advantage of our product training videos!
There's a lot to unpack here, but hopefully it will help you better understand our search capabilities! Please let me know if you have any additional questions.
Please sign in to leave a comment.