Alert Logic MDR and Fortra XDR

April 2024

April 30, 2024

Alert Logic has made enhancements to vulnerability snapshot reporting in the Alert Logic console to use the vulnerability instance key identifier for more consistent counts in vulnerability dashboards and breakdown reports. For more information, refer to our software update.

April 2, 2024

Alert Logic PCI ASV certification status expires in April 2024. Today, all Alert Logic Managed Detection and Response (MDR) customers were migrated to use the self-service PCI ASV capabilities available in Fortra VM, including external network scanning, web application scanning, PCI disputes, and PCI compliance reports. For more information, refer to our software update.

March 2024

March 27, 2024

Alert Logic Managed Detection and Response customers now have access to 19 reports in the Alert Logic console for helping demonstrate compliance with specific requirements of PCI DSS 4.0. For more information, refer to our software update.

March 20, 2024

Alert Logic has made improvements in the Alert Logic console to provide more accurate log volume counts and updated collection methods in the Log Collection and Top 10 Log Collector reports. For more information, refer to our software update.

March 19, 2024

Alert Logic has introduced a new banner and wizard in the Alert Logic console to make the PCI ASV scanning migration process straightforward and effortless for customers. For more information, refer to our software update.

March 4, 2024

Alert Logic has updated the role for Microsoft Azure deployments to discover new asset types and/or properties. To take full advantage of the functionality for supporting version 2.0.0 of the CIS Microsoft Azure Foundations Benchmark, you must use the updated RBAC role document. For more information on replacing the previous JSON file, updating the RBAC role document, and granting specific permissions in the Azure portal, refer to our software update and Update Your Azure Deployment for CIS Foundation Benchmarks.

February 2024

February 27, 2024

Alert Logic has updated the Assets view in the Alert Logic console to support running expedited internal vulnerability scans on multiple hosts using the Scan now action. For more information, refer to our software update.

January 2024

January 9, 2024

Fortra's Alert Logic has released reporting enhancements in the Alert Logic console for disposed vulnerabilities. A new List of Disposed Vulnerabilities report provides a list of all current disposed vulnerabilities and assessment details for each vulnerability instance. Additionally, new columns have been added to the List of Vulnerabilities report with information about disposed vulnerabilities. For more information, refer to our software update, as well as the List of Vulnerabilities and List of Disposed Vulnerabilities documentation.

December 2023

December 11, 2023

Fortra's Alert Logic has improved the experience for downloading and processing CSV files for Vulnerability Analysis reports in Alert Logic console. You can now create downloads using the CREATE REPORT feature and generate streamlined Full Data CSV files. For more information on these improvements, refer to our software update, as well as the Report Download Option and Scheduled Reports and Notifications documentation.

December 7, 2023

To support a change made by Amazon Web Services (AWS), Fortra's Alert Logic is transitioning to Launch Templates for Automatic mode deployments. This change requires customers to update the IAM role used by Alert Logic to include new permissions related to Launch Templates.

In preparation for this change, an updated policy document will be released on December 7, 2023, which can be used to update the IAM role in AWS. This updated policy must be in place for any new deployments to be successful. For more information about this change and how to change your IAM role, refer to our software update.

November 2023

November 9, 2023

Fortra's Alert Logic has improved health notifications by allowing notifications to be created in the Alert Logic console for remote log collectors. With this improvement, you can now create a health notification to alert you when logs have not been collected for at least 24 hours. For more information about configuring health notifications, refer to Health Notifications.

September 2023

September 19, 2023

Alert Logic has improved the experience for downloading reports and processing CSV files in Alert Logic console. You can now create downloads and schedules in a single location, generate streamlined Full and Summary Data CSV files, and gain more visibility into Download status. For more information on these improvements, refer to our software update, and the updated Report Download Option and Scheduled Reports and Notifications documentation.

In addition, several updates have been made to the List of Vulnerabilities report. These updates include an improved layout, faster page load speed, and streamlined CSV files. For more information, refer to our software update.

Finally, Alert Logic has improved filter options and page load speed for the scan reports in Alert Logic console. The Scan Date Option filter has been added so you can now quickly retrieve the latest available scan for a specific scan schedule or select from all available scans in the Scan Start Date filter. For more information, refer to our software update.

August 2023

August 8, 2023

Alert Logic has updated the role for Microsoft Azure deployments to discover new asset types and/or properties. To take advantage of the new functionality for supporting version 2.0.0 of the CIS Microsoft Azure Foundations Benchmark, you must use the updated RBAC role document. For more information on replacing the previous JSON file, updating the RBAC role document, and granting specific permissions in the Azure portal, see 08/08/2023: Alert Logic Support for CIS Azure Foundations Benchmark v2.0.0 and Update Your Azure Deployment for CIS Foundation Benchmarks.

In addition, Alert Logic has updated the CIS Microsoft Azure Foundations Benchmark report in the Alert Logic console to support Level 1 and Level 2 of the latest version (2.0.0) of the CIS Microsoft Azure Foundations Benchmark. For more information about this report, see CIS Microsoft Azure Foundation Benchmark report.

July 2023

July 11, 2023

Alert Logic has updated how weak and insecure SSL cipher exposures are categorized and grouped in the Alert Logic console. For more information, refer to 07/11/2023: Improved SSL Cipher Exposures and Groupings.

Alert Logic has implemented a new parser called AWS Generic. This parser takes advantage of newer capabilities designed specifically for JSON-formatted logs and will allow Alert Logic to reduce the number of log parsers for Amazon Web Services (AWS) JSON logs from over 370 to 1.

To prepare for these new features, all user-created saved searches and log correlations referencing AWS data are being updated to be compatible with the new content. This work does not require any action on your part and will happen automatically by July 13 with zero disruption to service.

June 2023

June 22, 2023

Alert Logic has updated the Incidents Console with several improvements, including:

• A new table that allows you to more easily view incidents

• Improved UI performance providing faster page load speed

• Bulk actions that are more intuitive

• Enhanced incident preview for quickly reviewing incident details

For more information on these updates, refer to 06/22/2023: Incident Console Improvements.

May 2023

May 10, 2023

Alert Logic has updated the IAM Role policy for Amazon Web Services (AWS) deployments to discover new asset types and/or properties. To take advantage of the new functionality for supporting version 1.5.0 of the CIS AWS Foundations Benchmark, you must use the updated IAM Role policy. For more information on how to copy the current policy document in the Alert Logic console and update the IAM in the AWS console, see our software update and the Update AWS IAM Role documentation.

In addition, Alert Logichas updated the CIS AWS Foundations Benchmark report in the Alert Logic console to support Level 1 and Level 2 of the latest version (1.5.0) of the CIS AWS Foundations Benchmark. For more information, see CIS AWS Foundation Benchmark report.

May 8, 2023

Alert Logic updated its AWS manual deployment CloudFormation templates. The templates have moved from JSON to YAML, and provide improvements to the appliance deployment and update processes, including:

• Easier image updates means you no longer have to redeploy the templates when manually updating the stack

• Improved autoclaim and autoscaling resulting in fewer fields to complete

• Only one template is needed per account, even for multiple appliances

For instructions on how to deploy appliances using the new templates, and to learn more, see:

• Amazon Web Services (AWS) Deployment Configuration—Manual Mode (Essentials Subscription)

• Amazon Web Services (AWS) Deployment Configuration—Manual Mode (Professional Subscription)

April 2023

April 25, 2023

Alert Logic has released several enhancements for Managed Detection and Response (MDR) customers with Managed WAF, and options for new customers. Enhancements include:

• New dashboard navigation

• Pre-populated deny log search template

• WAF-specific reports

• Additional visuals in dynamic configuration tables

There is also a new option for purchasing Managed WAF, as follows.

• New customers will be able to purchase Managed WAF as a standalone product

• Managed WAF as a standalone product has a simplified pricing structure

For additional information regarding these enhancements, refer to our software update. For more information on Managed WAF as a standalone product, please contact your sales representative or email info@alertlogic.com.

April 19, 2023

Alert Logic added support for these Amazon Web Services (AWS) regions:

AWS Region Name	Region
Asia Pacific (Melbourne)	ap-southeast-4
Europe (Spain)	eu-south-2
Europe (Zurich)	eu-central-2

January 2023

January 31, 2023

Alert Logic released updates to multiple Compliance audit reports to better satisfy compliance requirements and to use the latest Search experience. To learn more, see Compliance Reports and Get Started with Search.

January 31, 2023

Alert Logic released the following enhancements to the Intelligent Response feature:

• Three new simple responses are available:

  • Microsoft Active Directory: Disable User (see Configure Simple Response for Microsoft Active Directory: Disable User)

  • Fortinet FortiGate: Block External IP Address (see Configure Simple Response for Fortinet FortiGate: Block External IP Address)

  • Palo Alto NGFW: Block External IP Address (see Configure Simple Response for Palo Alto NGFW: Block External IP Address)

• You can now add a simple response to an incident analytic from the Incidents page (see Add a simple response).

• The Automated Response Summary dashboard has a new visual that shows the top simple response execution trends (see Automated Response Summary Dashboard).

• Alert Logic added new high-severity alerts to the recommended analytics to use as triggers for the SentinelOne: Isolate Host simple response.

January 26, 2023

Alert Logic released a solution to allow you to collect application logs from AWS Fargate tasks. The Alert Logic Agent container can now collect any logs generated by custom or third-party applications running in AWS Fargate tasks. This feature enables you to detect security threats targeting applications running in AWS Fargate tasks, troubleshoot application issues, and monitor other important activity. To learn more, see Deploy the Alert Logic Agent Container for AWS Fargate.

January 24, 2023

Alert Logic released updates to this documentation site to add a new On this page navigation menu on the right of each page. This menu gives you an overview of all the sections on that page and allows you to easily navigate to them.

January 20, 2023

Alert Logic released an enhancement to the Exposures page in the Alert Logic console. In the Exposures view, you can now sort the list by Common Vulnerability Scoring System (CVSS) score. CVSS is also the default sort option now instead of Severity. To learn more about the Exposures page, see Exposures.

January 17, 2023

Alert Logic released vulnerability scan enhancements to support CVSS v3 scores and severity ratings. Some vulnerabilities in the National Vulnerability Database have both CVSS v2 and CVSS v3 scores. Alert Logic displays the newer CVSS v3 score and severity rating in prominent locations and both scores in detail views. If only one CVSS score exists, Alert Logic uses that score and severity rating.

CVSS v3 scores take effect after your next vulnerability scan. They impact results going forward in several areas of the Alert Logic console. To learn more, see:

• Exposures

• Health

• Vulnerability Summary Dashboard

• Managed Accounts Security Summary Dashboard

• Vulnerabilities Reports

Alert Logic also enhanced the Vulnerability Library content to support CVSS v3. To learn more, see Vulnerability Library.

January 10, 2023

Alert Logic released updates to templated connections. To account for new features such as adoption of the MITRE ATT&CK framework, the following were updated:

• Payload schemas that you can use to configure your templated connections

• Sample JSON objects used for templated connection tests

• Payload templates affected by schema changes

To learn more about templated connections, see Connections. For the latest documentation on payload schemas and the sample JSON objects, see:

• Correlation Rule Observation Schema

• Health Schema

• Incident Schema

• Scheduled Report Notification Schema

December 2022

December 8, 2022

Alert Logic released a new VMware virtual image for Log Manager virtual appliances that uses the Alma Linux operating system. For instructions on how to install an appliance, see Install an Alert Logic Log Manager virtual appliance.

For more information, see Alma Linux Update.

November 2022

November 16, 2022

Alert Logic released improvements to Amazon GuardDuty incident processing. These updates include:

• Improved rating of GuardDuty incidents to adopt the MITRE ATT&CK framework

• Analytic updates that allow better tuning of GuardDuty incidents

For customers using the incidents API, the format of GuardDuty incidents was also updated to match other Alert Logic incidents more closely.

November 1, 2022

Alert Logic released updates to this documentation site to improve navigation and readability:

• An expandable navigation area on the left replaces menus that were at the top of the page, making it easier to browse content.

• The layout now features mobile-friendly styling.

October 2022

October 6, 2022

Alert Logic released the following enhancements to scanning in the Alert Logic console:

• You can now exclude assets from agent-based scans. To learn more, see Agent-Based Scanning.

• Default internal and external vulnerability scan schedules are now inactive when you create a deployment. You can activate the schedules you want to use when you are ready to initiate scanning. To learn more, see Manage Vulnerability Scan Schedules.

• New exposures and remediations help you verify the health of your scan configuration. To learn more about the Health page, see Health.

• A new warning appears during Data Center deployment configuration if you attempt to add a network that is too large for discovery and vulnerability scanning.

In deployment configuration pages, Alert Logic also released the following changes on the left panel to improved the configuration experience for scanning and exclusions:

Configuration Item	New Access
Discovery scan schedules (Data Center deployments only)	Under Assets, select Discover Assets.
Internal and external vulnerability scan schedules and agent-based scan schedules	Under Vulnerability Scanning, select Scan Schedules.
Scan exclusions	Under Vulnerability Scanning, select Scan Exclusions.
Scan credentials	Under Vulnerability Scanning, select Scan Credentials. You can still configure scan credentials on the Topology page also.
Scan performance	Under Vulnerability Scanning, select Scan Performance. You can still configure scan performance on the Topology page also.
Network IDS exclusions	Under Network IDS, select Network IDS Exclusions.

To learn more, see:

• Get Started with Alert Logic Deployments

• Manage Discovery Scan Schedules

• Manage Vulnerability Scan Schedules

October 3, 2022

Alert Logic improved the method used to count new, resolved, and unresolved vulnerabilities. The new method fixes previous issues with duplicate vulnerabilities and vulnerabilities disappearing and then reappearing. With the more accurate counts, you can expect the following changes in vulnerability reports and dashboards:

• Overall lower counts for weekly and monthly vulnerabilities

• Lower variance counts for new and resolved vulnerabilities

• No significant change in daily counts

• Vulnerability trends with the same trajectory but flatter

For details about how Alert Logic counts vulnerabilities, see the knowledge base article Improved Vulnerability Counts and Trends.

September 2022

September 21, 2022

Alert Logic released a series of enhancements to streamline working with incidents in the Alert Logic console. These updates include improvements to the Incidents page, the decommission of the older Incidents page, and expanded adoption of the MITRE ATT&CK framework.

Improvements to the Incidents page:

• Advanced Search support—You can now create complex queries that can combine with selected filters to further refine your incident search results. For more information, see Perform Advanced Incident Searches.

• Status filters improvement—All incident statuses are now shown by default. Previously, only open incidents filter and counts were shown.

Decommission of old Incidents page:

• Incidents page toggle to switch experiences has been removed.

• URLs pointing to the previous Incidents page now redirect to the upgrade page.

• Dashboard drill-down now directs to the upgraded Incidents page.

Expanded adoption of the MITRE ATT&CK framework:

Alert Logic continues to adopt the MITRE ATT&CK framework over the legacy Alert Logic attack classification system. To support ongoing adoption efforts, Alert Logic will continue removing the legacy attack classification system from the console.

• The Incidents page no longer includes Classification as a filter option. The page now uses MITRE Tactic and Technique to classify threats. For more information, see Incidents.

• Reports with threat data no longer include Classification visualizations. Threat reports now use MITRE Tactic and Technique to classify threats. Reports affected include:

  • AWS Incident Analysis Reports

  • Azure Incident Analysis Reports

  • Incident Analysis Reports

  • Incident Account Summary Reports

  • Enterprise Risk Reports

  • Partner Analysis Reports

  • HIPAA-HITECH Security Audit Reports

  • PCI Audit Reports

  • PCI DSS Audit Reports

• Incident notifications now provide MITRE ATT&CK information instead of the legacy classification that was previously part of the e-mail preview. For more information, see Incident Notifications.

• The Authentication Management Security Dashboard is updated to use MITRE ATT&CK information instead of the legacy Alert Logic incident classification. Additional bug fixes to the geolocation map and count features for the dashboard are also released.

September 20, 2022

Customers who use the updated Incidents experience can access these new features and enhancements by clicking an incident in the Incident List:

• Baseline Map—Applies to incidents with geographical data only:

  • The map for comparing baseline and outlier activity now appears in the Attack Summary section without having to click a link. You can hide the map by clicking a button.

  • The map no longer expires after two weeks.

  • Visuals and performance are improved.

• Evidence Timeline

  • A new visual representation of the evidence in a timeline simplifies the understanding of the timing of activities culminating in an incident.

  • Tooltips provide details about specific evidence.

  • You can select an area of the timeline to zoom in and display more details. When the timeline is zoomed in, a message indicates the number of evidence activities currently displayed.

  • You can reset the zoom to the original timeline view by clicking a button.

To learn more, see Incidents Details.

September 12, 2022

The updated version of the Incidents page is now the default experience when you access the Incidents page. Alert Logic also released the following improvements to the updated incidents experience:

• Incident status filters are now always visible.

• Analyst notes now support line break formatting.

• The Incident pages now support using the "back" button in the browser.

For more information about the upgraded Incidents page, see Incidents.

September 6, 2022

Alert Logic updated the following feature names:

• Connection Targets are now Connections.

• Connectors are now Templated Connections.

For more information, see Connections.

July 2022

July 26, 2022

Alert Logic now uses the new Machine Learning Log Review process to generate Log Review incidents in the Incidents page. The Machine Learning Log Review capabilities and coverage ensures you have a higher level of security value by automatically detecting log-based anomaly types based on unique patterns and trends learned from your organization. For more information, see Machine Learning Log Review Upgrade. To access details for Log Review incidents, see the Monthly Log Review Details Report.

July 6, 2022

Alert Logic added security content support for customers with a configured Mimecast collector in the Alert Logic console. You can view and export data collected from your Mimecast collector from the new Email Security Summary Dashboard. You can also find Mimecast observations in Search and create correlations from these observations. To learn how to create correlations, see Improved Correlations and Search.

July 1, 2022

Alert Logic released enhancements to Network IDS exclusions. When you add an exclusion, the Alert Logic console now displays:

• Name of the person who excluded the CIDRs from Network IDS

• Date and time of the exclusion

• Justification for the exclusion, which you enter in a new required field

The improved experience is available from your Alert Logic MDR Professional subscription deployments.

June 2022

June 30, 2022

New customers must now accept the Alert Logic Terms of Service before initial use of the product.

June 11, 2022

Alert Logic released enhancements to the Alert Logic console which includes the consolidation of the different domains into one (console.alertlogic.com), updated icons, and improved text legibility. All existing links and bookmarks are redirected automatically to the new URLs. These changes provide several improvements to your experience:

• Visual consistency

• Faster load times

• Better navigation speed

• Reduce third-party cookie issues

• Eliminate redirecting between pages

June 10, 2022

Alert Logic updated the latest AWS policy for customers with Automatic Mode deployments for any new IDS instances created. The new minimum requirement for IDS is now AWS c5.Xlarge instance type. This update allows for a better protected environment and support for future enhancements. Customers using existing instances will remain on that instance until it is terminated.

June 3, 2022

Alert Logic deprecated the legacy Events tab under Search in the Alert Logic console. The Events tab is replaced by the IDS Event Get Started with Search where you can search for IDS event data. For more information about the improved IDS Event search feature, see IDS Event Search.

May 2022

May 10, 2022

Alert Logic released improvements to the Health notifications experience which allows you to specify the scope at an asset-level. For more information, see Create a Health Notification.

May 3, 2022

Alert Logic released enhancements to agent-based scanning.

Support for host-only scans

• Internal network scans are no longer required to trigger consolidation of agent-based and internal network scan results. An agent-based scan can run on a host independently of an internal network scan and combines with the latest available internal network scan results to provide a complete vulnerability assessment sooner.

• If an internal network scan is unavailable or the results are older than 100 days, Alert Logic posts the results of just the agent-based scan in the Alert Logic console.

• An Alert Logic appliance is no longer required for vulnerability assessments on hosts with agent-based scanning configured.

To learn more about agent-based scans, see Agent-Based Scanning and About Alert Logic Scans.

Agent-based scan schedules

You can now configure separate schedules for agent-based scans. Alternatively, if you prefer to manage fewer schedules, you can use your internal network scan schedules for agent-based scans by turning on the Use internal network scan schedules(s) option on the new Agent-Based Scans page.

For customers who had enabled agent-based scans previously, the schedules used depend on your internal network scan schedule configuration:

• If you are using the default internal network scan schedule, Alert Logic uses the default agent-based scan schedule for agent-based scans.
  If you want to use internal network scan schedules instead, turn on the Use internal network scan schedules(s) option on the Agent-Based Scans page.

• If you are using custom internal network scan schedules (not the default), Alert Logic uses your internal network scan schedules for your agent-based scans.
  If you want to use an agent-based scan schedule instead, turn off the Use internal network scan schedules(s) option on the Agent-Based Scans page. You can then choose to use the default agent-based scan schedule or configure one or more custom schedules.

To learn more about agent-based scan schedules and how to create them, see Manage Vulnerability Scan Schedules.

Scan report filters

In Scan Schedule Breakdown reports, you can now show assessment results for agent-based scans by choosing the schedule in the Scan Schedule Name filter. A new Category filter is also available that allows you to isolate network or agent vulnerability assessments in consolidated results.

To learn more about Scan Schedule Breakdown reports, see Scan Schedule Breakdown.

April 2022

April 12, 2022

Alert Logic released Intelligent Response for Alert Logic MDR Professional or Alert Logic MDR Enterprise customers. In the Automated Response page, available under Respond in the Alert Logic console, you can access features to automate workflows between Alert Logic and your applications:

• Simple Responses—Add a simple response to take actions that Alert Logic recommends, using features in the Alert Logic console and your devices or services. Choose the security outcome you want to achieve, and a guided interface steps you through the process.

• Simple History—See the run history for all your simple responses and take actions such as stopping or reverting a response.

• Exclusions—Define exclusion lists to prevent your simple responses from acting on specific users, IP addresses, or hosts.

• Approvals—View approval requests and respond to requests that are pending. Requesting approval for running a simple response is an optional step in your automation workflow. You can send approval requests to users via email and a push notification to the Alert Logic Mobile App.

Alert Logic also released the Automated Response Summary dashboard. The Automated Response Summary dashboard provides insights into the simple responses in your account.

To learn more, see:

• Get Started with Automated Response

• Get Started with Simple Responses

• Simple Response Configuration Guide

• Automated Response Summary Dashboard

Alert Logic released an enhancement to the Incidents page in the Alert Logic console. Customers who opt in to the updated incidents experience can access a feature to create a simple response from an incident. To learn more, see Incidents.

Alert Logic released enhancements to the Connectors page in the Alert Logic console. You can now configure connection targets, which define common authentication path and credential references for external systems. Alert Logic stores your connection targets securely, and you can reuse them in connectors and simple responses.

April 11, 2022

Alert Logic added security content support for CrowdStrike in the Alert Logic console. You can view generated endpoint incidents and collected log data. For more information, see CrowdStrike Endpoint incidents.

April 7, 2022

Alert Logic released the IDS event data type in the Search page. This release includes the ability to search for IDS event data across managed accounts, view IDS event details, create incidents from IDS events, and other Search capabilities extended to the IDS event data type. For more information, see IDS Event Search.

March 2022

March 1, 2022

Alert Logic released an enhancement to schedules for internal and external vulnerability scans. A new option is available to scan for vulnerabilities once every two weeks. For more information, see Manage Vulnerability Scan Schedules.

February 2022

February 24, 2022

Alert Logic released the Monthly Log Review Details report which provides details on anomalies and alerts detected in all daily Log Review Summary incidents for the month you select. For more information, see Monthly Log Review Details Report.

Alert Logic also released enhancements to scheduled reports:

• For weekly and monthly report schedules, you can now schedule a report on a specific day of the week or month.

• Some reports now have schedule windows. Limiting available schedule times avoids generating empty or incomplete reports, which occurred previously if affected reports were scheduled before the data refresh completed.

• New report options allow you to choose the report format of the generated report:

  • Summary (PDF File)

  • Full (PDF File)

  • Data Only (CSV File)

  • Summary and Data (Compressed File)

• A new Run Once option, available for non-interactive reports like the Monthly Log Review Details report, allows you to generate the report immediately instead of at a scheduled time.

You may notice that Alert Logic adjusted some existing report schedules for you, either to comply with valid schedule windows or to use a report format option that makes a report easier to consume. If you prefer a different time or report format option, you can edit the report schedule.

For more information, see Scheduled Reports and Notifications.

February 10, 2022

Alert Logic released the Threat Intelligence Center which provides insight into security content details in an interactive, tabular list. You can use the Threat Intelligence Center to learn technical details about how Alert Logic analyzes data to produce security outcomes, using different types of security content. For more information, see Threat Intelligence Center.

January 2022

January 24, 2022

Alert Logic released improvements to the Scan Now feature available from the Topology page. Now you can choose whether to scan a host or ports that are excluded from scanning in the deployment scope of protection. For more information, see Topology.

December 2021

December 15, 2021

Alert Logic added support for Cisco Firepower in the Alert Logic console where you can view generated firewall incidents and collected log data. For more information, see Firewall Incidents and Log Configuration.

November 2021

November 18, 2021

Alert Logic added support for these Amazon Web Services (AWS) regions:

AWS Region Name	Region
Africa (Cape Town)	af-south-1
Asia Pacific (Hong Kong)	ap-east-1
Asia Pacific (Osaka-Local)	ap-northeast-3
Europe (Stockholm)	eu-north-1
Europe (Milan)	eu-south-1
Middle East (Bahrain)	me-south-1

November 17, 2021

Alert Logic released agent-based vulnerability scanning. Agent-based scanning enables users to leverage the vulnerability assessment coverage of authenticated network scanning without the need to manage credentials and with a reduction in network traffic and impact. To learn more, including how to enable this feature by deployment, see Agent-Based Scanning.

November 10, 2021

You can now use AWS Systems Manager Distributor to install the Alert Logic agent on AWS Systems Manager instances. To learn more, see Automate Alert Logic Agent Installation with AWS Systems Manager Distributor.

October 2021

October 21, 2021

Alert Logic released Health Notifications to the unified Notifications experience. Health notifications can alert you, subscribed users, or a configured connector when an agent, appliance, or API collector is not collecting data or offline (unhealthy).

October 6, 2021

Alert Logic improved the Application Registry page to make it easier for you to find and configure your collections. Alert Logic now displays collector integrations in tiles that correspond to its third-party application or product. Alert Logic also added a new collector that allows you to integrate and collect logs from CrowdStrike. For more information, see Configure CrowdStrike Log Collector.

July 2021

July 27, 2021

Alert Logic released improvements to the Evidence tab of the Investigation Report in the Incidents page for Log Review incidents associated with anomaly or rule-based findings. You can download a CSV file of the observations findings or facts for an event related to an incident. Alert Logic also added the aggregator summary section to Log Review incidents which allows you to download evidence for specific aggregator types for compliance needs. For more information, see Download evidence and Investigation Report.

July 1, 2021

Alert Logic can detect and generate Endpoint Security Incidents from log data collected from third-party endpoint application resources. To learn more endpoint security incidents, see Endpoint Security Incidents.

June 2021

June 3, 2021

Alert Logic released an improved correlation experience that allows you to create powerful custom rules with similar syntax structure as Search queries in the Search page. You can configure the correlation rule to generate a FIM notification, an observation notification, or an incident notification when the data Alert Logic receives matches the pattern for the data you specified in the correlation. To learn more about the improved correlation feature, see Improved Correlations and Search.

May 2021

May 11, 2021

Alert Logic released nine new NIST 800-171 Audit compliance reports in the Compliance tab of the Reports page in the Alert Logic console. The reports provide guidance for demonstrating compliance with the National Institute of Standards and Technology (NIST) Special Publication 800-171. For more information about each report, see:

• NIST 800-171 3.1 - Access Control

• NIST 800-171 3.3 - Audit and Accountability

• NIST 800-171 3.4 - Configuration Management

• NIST 800-171 3.5 - Identification and Authentication

• NIST 800-171 3.6 - Incident Response

• NIST 800-171 3.11 - Risk Assessment

• NIST 800-171 3.12 - Security Assessment

• NIST 800-171 3.13 - System and Communications Protection

• NIST 800-171 3.14 - System and Information Integrity

April 2021

April 6, 2021

Alert Logic added an enhancement to your scope of protection capability for Data Center deployments. You can now define your protection at a subnet level. To learn how to change your scope of protection, see Change Protection Level of an Asset.

March 2021

March 25, 2021

Alert Logic released three new vulnerability reports in the Vulnerabilities tab of the Reports page in the Alert Logic console. The Scan Summary Breakdown reports provide summary, detailed, and variance vulnerability results for specific scan schedules. These reports can be downloaded as an image, data (CSV), crosstab, PDF, or PowerPoint file. For more information about each report, see:

• Scan Host Summary

• Scan Details List

• Scan Variance

March 18, 2021

Alert Logic released an upgraded of the Log Review incident process, Machine Learning Log Review. The new machine learning algorithms allows Alert Logic to deliver a higher level of security value by automatically detecting many log-based anomaly types based on unique patterns and trends learned from your organization. For more information, see Machine Learning Log Review Upgrade.

Alert Logic also released an upgraded version of the Incidents page for an enhanced and improved experience to maximize your ability to manage incidents, and also view Log Review incidents. This upgrade includes enhancements to see relevant and important information quickly, page customization, improvements to the investigation report, and more. For more information, see Incidents.

Log Review incidents can also be found in the Monthly Log Review Report report and in the improved version of the Incident Daily Digest report to evaluate daily incidents by threat level, classification, top attackers, and top targets.

February 2021

February 4, 2021

You can now deploy the Alert Logic Agent Container in Amazon Elastic Container Service (ECS) environments that run Amazon Web Services (AWS) Fargate. This solution enables the Alert Logic Agent Container to run as a sidecar to any Fargate Task Definition you wish to protect. This does include an update to the IAM Role policy with read-only List and Describe calls. To learn more, see Deploy the Alert Logic Agent Container for AWS Fargate.

You can also now deploy the Alert Logic Protected Host Agent on AWS Workspaces workloads. This does include an update to the IAM Role policy with read-only List and Describe calls.

February 3, 2021

Alert Logic released a new Search experience for the Managed Detection and Response customers that allows you to perform basic and advanced searches in Expert and Simple modes for different data types. You can start a query in Simple mode, and then switch to Expert mode to add more logic or complex functions. The Search experience now offers the following new features:

• Schedule search notifications

• Saved searches and schedule searches

• Download search results

• Apply settings to your search, such as selecting a timezone

• Use search tabs to execute and switch between multiple searches

• Load saved searches into the query

To learn more, see Get Started with Search.

January 2021

January 28, 2021

Alert Logic released the following enhancements to scan schedules for the Managed Detection and Response platform:

• For internal and external vulnerability scans, you can now specify the ports to scan. You can choose ports in predefined groups or define a custom list of ports to scan.

• You can also specify ports to exclude from internal and external vulnerability scans.

To learn more, see Manage Vulnerability Scan Schedules.

December 2020

December 17, 2020

Alert Logic released the following enhancements to the Exposures page and the Health page for the Managed Detection and Response platform:

• For remediations, the Threat Risk Index score now appears in the list view.

• When you export a list of disposed remediations or exposures, notes added about the disposal now appear in the CSV file.

• When you restore a disposed or concluded item, you can now select specific assets for which to restore the exposure or remediation.

To learn more, see Exposures and Health.

Alert Logic also released five new GDPR Audit compliance reports in the Compliance tab of the Reports page in the Alert Logic console. The reports provide guidance for demonstrating compliance with the General Data Protection Regulation (GDPR). For more information about each report, see:

• GDPR Article 25: Data Protection by Design and by Default

• GDPR Article 32: Security of Processing

• GDPR Article 33: Notification of Personal Data Breach

• GDPR Article 34: Communication of a Personal Data Breach

• GDPR Article 35: Data Protection Impact Assessment

December 7, 2020

Alert Logic released a new compliance report in the Compliance tab of the Reports page in the Alert Logic console. The report provides guidance on how to use and access your File Integrity Monitoring (FIM) features to help you demonstrate compliance with HIPAA 164.312(c)(1). For more information, see HIPAA 164.312(c)(1)—Integrity Controls.

November 2020

November 18, 2020

Alert Logic added two new log collectors to the Application Registry:

• You can now integrate with the new Amazon Web Services (AWS) Network Firewall to collect alerts generated by events that match Alert Logic firewall rules and that are sent to an Amazon Simple Storage Service (S3) bucket. To learn more, see Configure AWS Network Firewall Log Collector.

• You can now integrate with Amazon S3 to collect the following types of logs from an Amazon S3 bucket:

  • Elastic Load Balancing: Application Load Balancer, Classic Load Balancer, and Network Load Balancer

  • Amazon Redshift: Connection, User, and User Activity

  • Amazon S3 Audit

  • Amazon VPC Flow Logs

  To learn more, see Configure Amazon S3 Log Collector.

Alert Logic released two incident account summary reports in the Threats tab of the Reports page of the Alert Logic console. The incident account summary reports provide the current distribution and trending data for incidents detected across your customer accounts and deployments. To learn more, see Weekly Incident Account Summary and Monthly Incident Account Summary.

November 9, 2020

Alert Logic is offering an enhanced and improved Reports feature for customers upgrading from Cloud Defender to the Managed Detection and Response platform. The upgrade includes changes to the Cloud Defender Scheduled reports. You can find the same or similar information from Cloud Defender Scheduled reports in the Managed Detection and Response Alert Logic console. For more information, see Managed Detection and Response Reports Upgrade.

October 2020

October 7, 2020

Alert Logic released the following enhancements to the Exposures page for Managed Detection and Response customers:

• The Exposures page now only lists security-related exposures detected by internal and external vulnerability scans to help you narrow your focus. Health-related configuration and connection exposures continue to be available on the Health page, but were removed from the Exposures page.

• You can now sort the lists by various criteria and change to ascending or descending order.

• The total number of open exposure instances that match selected filters appears next to each filter.

• Counts of affected assets and exposure instances now appear for each listed item.

• Disposed items now show the disposal expiration date.

• You can export selected items in a list.

• You can open the detail page for a remediation or exposure in a separate browser tab.

• Concluding and disposing exposures or remediations for affected assets is now more flexible. You can dispose or conclude a single, multiple, or all affected assets. For the dispose action, you can also select to dispose all future assets that match selected filters.

To learn more, see Exposures.

The Health page was also enhanced:

• You can now sort the lists by various criteria and change to ascending or descending order.

• The total number of open exposure instances that match selected filters appears next to the Unhealthy filter.

• In the views for Exposures and Remediations, counts of affected assets and exposure instances now appear for each listed item.

• Disposed items now show the disposal expiration date.

• You can open the detail page for a remediation or exposure in a separate browser tab.

• Concluding and disposing exposures or remediations for affected assets is now more flexible. You can dispose or conclude a single, multiple, or all affected assets. For the dispose action, you can also select to dispose all future assets that match selected filters.

To learn more, see Health.

Alert Logic also released the Subscribed Notification Users report in the Service tab in the Reports page for Managed Detection and Response customers. The report is a list of users set up to receive automated email notifications from the Notifications page. To learn more, see Subscribed Notification Users.

September 2020

September 15, 2020

Alert Logic released the following enhancements to scan scheduling:

• A quarterly scan option is now available for internal and external vulnerability scans.

• For monthly scans, you can now choose to scan during a certain week on a certain day.

Alert Logic is also releasing the Last Scanned Breakdown report in the Vulnerabilities tab of the Reports page. The report provides visibility into when your assets were last scanned for vulnerabilities. To learn more, see Last Scanned Breakdown.

September 2, 2020

Alert Logic released the following features to enhance your experience in the Alert Logic console:

• File Integrity Monitoring allows you to monitor changes to files and directories of assets associated with your Alert Logic deployments. You can configure monitoring or exclusions for specific file paths or entire directories in your Windows and Linux systems. To learn more, see File Integrity Monitoring.

• Alert Logic is also releasing two new compliance reports to provide guidance on how to use and access File Integrity Monitoring features to demonstrate compliance with PCI Requirement 11.5 and PCI Requirement 10.5.5 in the Compliance tab of the Reports page. For more information, see PCI Requirement 11.5 and PCI Requirement 10.5.5.

• Web Log Analytics (WLA) is a log-based application attack detection solution that protects your web applications from common application vulnerabilities. WLA is available for Professional or Enterprise Managed Detection and Response customers. To learn more about WLA, see About Alert Logic Web Log Analytics (WLA).

• The Authentication Management Security dashboard is available for Managed Detection and Response customers. The Authentication Management Security dashboard provides a summary of your authentication security activity in your environment. To learn more, see Authentication Management Security.

• Connectors allow you to send security data directly to a third-party application. When you set up a notification and subscribe a connector, the connector can send a message or generate an IT service management (ITSM) ticket automatically.

• The Alert Logic DevNet developer portal enables you to build automation and integrations to extend and embed the Alert Logic platform. This developer portal includes a comprehensive toolkit of command-line tools and programming language integrations, as well as a rich library of use cases so you can get started quickly. The portal is located at developer.alertlogic.com.

August 2020

August 19, 2020

Alert Logic is releasing SOC 2 Audit reports in the Compliance tab of the Reports page. The reports help demonstrate compliance with the Trust Services Criteria established by the American Institute of Certified Public Accountants (AICPA) and include the following:

• SOC 2 Common Criteria 6.2 User Registration

• SOC 2 Common Criteria 6.3 Access Modification and Removal

• SOC 2 Common Criteria 6.6 Boundary Protection

• SOC 2 Common Criteria 6.8 Unauthorized and Malicious Code Protection

• SOC 2 Common Criteria 7.1 Configuration and Vulnerability Management

• SOC 2 Common Criteria 7.2 Security Event and Anomaly Detection

• SOC 2 Common Criteria 7.3 Incident Detection and Response

• SOC 2 Common Criteria 7.4 Incident Containment and Remediation

August 8, 2020

Alert Logic released enhancements to scan scheduling. Default scan schedules are available that you can edit, or you can create additional schedules for all or selected assets in your deployment. The improved Scan Schedules page is available from your deployments. To learn more, see Manage Vulnerability Scan Schedules.

You can now also optimize scan performance from the Topology page in the Alert Logic console. To learn more, see Adjust scan performance.

August 5, 2020

Alert Logic is releasing the Authentication Management Summary dashboard for Managed Detection and Response customers. The Authentication Management Summary dashboard provides a summary of your authentication management activities observed in your environment. To learn more, see Authentication Management Summary.

July 2020

July 14, 2020

Alert Logic is releasing the SSL Certification Expiration Status report to the Service tab of the Reports page. The report provides insights into the statuses of SSL keys and certificates that are used on Alert Logic appliances to decrypt network traffic. For more information, see SSL Certification Expiration Status.

July 8, 2020

Alert Logic is releasing enhancements to the Health page:

• You can now view healthy and unhealthy SaaS application collectors integrated through the Application Registry.

• New Healthy views allow you to see your assets that are connected and configured correctly.

• You can now see the exposure and remediation for an unhealthy asset without leaving the Health page.

• Detail pages for healthy and unhealthy assets now include extensive information about the asset.

• An exposure and remediation is now generated for any SSL key and certificate that is within 30 days or less of expiration.

For more information about the updated Health page, see Health.

Alert Logic is releasing HITRUST CSF reports in the Compliance tab of the Reports page. The reports demonstrate compliance with specific control categories of HITRUST CSF and include the following:

• HITRUST CSF 01.0 Access Control

• HITRUST CSF 03.0 Risk Management

• HITRUST CSF 06.0 Compliance

• HITRUST CSF 09.0 Communications and Operations Management

• HITRUST CSF 10.0 Information Systems Acquisition, Development, and Maintenance

• HITRUST CSF 11.0 Information Security Incident Management

Alert Logic is also enhancing your vulnerability management capabilities by releasing the Vulnerability Variance reports to the Vulnerability tab in the Reports page. The Vulnerability Variance reports provide a valuable summary, trending and detailed lists for new, resolved, and unresolved vulnerabilities in your environment. The Vulnerability Variance reports include the following:

• Daily Vulnerability Variance

• Weekly Vulnerability Variance

• Monthly Vulnerability Variance

Alert Logic now supports automatic deployment through AWS Control Tower. For more information, see Deployment with AWS Control Tower.

July 7, 2020

Alert Logic can detect and generate Authentication Application Security Incidents from log data collected from third-party authentication application resources. To learn more authentication security incidents, see Authentication Application Security Incidents.

June 2020

June 3, 2020

Alert Logic is releasing the Threat Risk Index (TRI) Summary Dashboard for Managed Detection and Response customers. The TRI Summary dashboard provides insights into the recent threat risk index TRI scores of your environment. To learn more about TRI Summary Dashboard, see Threat Risk Index Summary.

May 2020

May 5, 2020

Alert Logic is releasing a new unified notifications experience in a phased rollout starting May 5, 2020 and ending May 11, 2020. The upgraded Notifications feature updates incident notifications and adds two new notification types:

• Log correlations—You can now set up and save a log correlation rule and configure it to create an observation or an incident and send a notification when a match occurs.

• Scheduled reports—You can set up and save a report schedule to generate a report periodically and send a notification when the report is generated. If you are a Managed Detection and Responsecustomer and previously set up a Health Status notification, Alert Logic upgraded it as a scheduled report. After a scheduled report is generated, Alert Logic saves it for viewing and download.

You can subscribe both email recipients and configured integrations such as a webhook to receive notifications.

For more information about the Notifications feature, how to create and manage notifications, and to learn how Alert Logic upgraded your existing notifications, see:

• Notifications

• Manage Notifications

• Notifications Upgrade

April 2020

April 2, 2020

Alert Logic is releasing the following features to enhance your experience in the Alert Logic console, and add administrative and security value to your organization:

• Application Registry is a repository of multiple third-party application integrations that can generate log data which Alert Logic can collect. Application Registry is only available for Managed Detection and Response Professional and Enterprise customers. To learn more about Application Registry, see Application Registry.

• Application Log is a new configuration experience with functional APIs specific to the applications you want to configure. The Application Log feature streamline workflow with specific templates applications that currently supports flat file logs. For more information, see Application Logs for Flat File Configuration.

• Alert Logic can detect and generate Firewall Security Incidents and observations from log data collected from third-party firewall application resources. To learn more firewall security incidents, see Firewall Incidents and Log Configuration.

• Alert Logic is also releasing the following dashboards in combination with firewall incidents for customers with configured firewall application resources and log collection instances:

  • The Firewall Log Volume Analysis dashboard provides insights into the volume of firewall log messages, firewall security incidents and observations in your environment. To learn more about this dashboard, see Firewall Log Volume Analysis Dashboard.

  • The Firewall Log Security Analysis dashboard provides insights into the firewall security incidents generated from analyzing firewall logs in your environment. To learn more about this dashboard, see Firewall Log Security Analysis Dashboard.

• Alert Logic now expanded the health information in the Reports page for Managed Detection and Response customers. The Daily Health Summary and Weekly Health Summary reports provides insights into issues in your environment related to your protected networks, data collection, and agents. To learn more about the Daily Health Summary report, see Daily Health Summary.

March 2020

March 31, 2020

Alert Logic now offers Managed Detection and Response partners and customers with managed accounts two additional dashboards. For more information, see the following:

• The Managed Accounts Health Summary dashboard summarizes and provides insights into the health status of the accounts you manage from the previous day. For more information about this dashboard, see Managed Accounts Health Summary Dashboard.

• The Managed Accounts Security Summary dashboard provides insights into the recent security status of the accounts you manage. For more information about this dashboard, see Managed Accounts Security Summary Dashboard.

February 2020

February 27, 2020

Alert Logic now offers Managed Detection and Response customers monthly and weekly reports for the following vulnerability reports:

• The Vulnerability Summary reports provide summary headline, distribution, and trending data for vulnerabilities found across your environment:

  • Monthly Vulnerability Summary

  • Weekly Vulnerability Summary

• The Top 10 Vulnerability Lists reports provide top 10 lists for your most vulnerable hosts by total count and by severity, oldest critical vulnerabilities, and frequent vulnerabilities:

  • Monthly Top 10 Vulnerability Lists

  • Weekly Top 10 Vulnerability Lists

• The Vulnerability Distribution Explorer reports provide insights into patterns from the vulnerabilities that include vulnerability distribution and trends categorized by status, exploitability, severity, age, operating system, and asset type:

  • Monthly Vulnerability Distribution Explorer

  • Weekly Vulnerability Distribution Explorer

February 19, 2020

Alert Logic has taken further security measures and now requires customers with Azure deployments to grant extra permissions. This will allow Alert Logic to perform benchmark checks on your Azure deployments that expose vulnerabilities. See the following documentation for more information:

• For customers who are configuring an Azure deployment for the first time, or customers who have Azure deployments but do not have an Azure app registration set up, see Configure App Registration and RBAC for Microsoft Azure Resources.

• If you have existing Azure deployments, and already have an app registration set up, see Update your Azure Deployment for CIS Foundation Benchmarks.

February 14, 2020

Alert Logic has released Dashboards, a new home page that centralizes information in interactive visuals and simplifies navigation to other pages in the Alert Logic console. You can now try Dashboards and become familiar with the new and improved experience. For more information about Dashboards and how to try it, see Dashboards.

Dashboards replaced the existing Security Posture and Remediations pages with new and improved functionality. To learn more about the dashboard features replacing the Security Posture page, see About the dashboards.

The Remediations page was replaced by a view in Exposures. The Exposures page allows you to filter, view, and take action on individual or groups of exposures, as well as remediations. To learn more, see Exposures.

December 2019

December 19, 2019

Alert Logic has added more compliance reports, located in the Compliance tab of the Reports page, to help you demonstrate compliance with requirements of the Payment Card Industry Data Security Standard (PCI DSS) and the Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health (HITECH) Security Audit.

• The following are the four recently added PCI DSS Audit reports:

  • PCI Requirement 10.7

  • PCI Requirement 10.8

  • PCI Requirement 11.2.1

  • PCI Requirement 11.2.2

• The following are the three recently added HIPAA-HITECH Security Audit reports:

  • HIPAA 164.308(a)(1)(ii)(B)—Risk Management

  • HIPAA 164.312(b)—Audit Controls

  • HIPAA 164.308(a)(5)(ii)(B)—Protection from Malicious Software

Alert Logic now offers Managed Detection and Response customers monthly and weekly reports of their features, capabilities, and state of their environment:

• The Enterprise Risk reports provide valuable insights and analysis of your incidents, events, and vulnerabilities:

  • Monthly Enterprise Risk

  • Weekly Enterprise Risk

• The Incident Analysis reports provide visibility into threats and incidents in your environment.

  • Monthly Incident Analysis

  • Weekly Incident Analysis

• The Event Analysis reports provide visibility into Network IDS events processed in your environment.

  • Monthly Event Analysis

  • Weekly Event Analysis

• The Vulnerability Analysis reports provide insights into vulnerabilities and vulnerable assets found in your environment.

  • Monthly Vulnerability Analysis

  • Weekly Vulnerability Analysis

December 11, 2019

Alert Logic has released an improved version of the PCI Scan Disputes page. You can use the PCI Scan Dispute to submit disputes for vulnerabilities in non-compliant scan policies. For more information, see PCI Scan Disputes.

December 3, 2019

Alert Logic now includes the option to configure webhooks, which allows Alert Logic incident notifications to be sent to any public-facing web server configured to handle HTTP callbacks.

November 2019

November 6, 2019

For Azure-based deployments, Alert Logic now supports the ability for customers to use client credentials, defined by role-based access control within the Azure console. Microsoft recommends this method of authentication to reduce service interruptions due to stale username/password combinations. All new users will only be able to use client credentials going forward. Existing customers can continue using their existing username/password combinations until they reset them. For more information on creating the appropriate RBAC roles, see Configure App Registration and RBAC for Microsoft Azure Resources.

Alert Logic has split multi-page reports into single-page reports to allow customers direct access to information. The reports were divided as follows:

Original Report Name	New Report Names
Vulnerable Host Explorer	Vulnerable Hosts Explorer Vulnerable Hosts Change Trends
Vulnerability Distribution Explorer	Vulnerability Distribution Explorer Vulnerability Change Trends
Network IDS Events Explorer	Network IDS Events Explorer Top Events Sources and Destinations
Log Collection	Log Collection Top 10 Log Collectors
IDS Traffic	IDS Traffic Top 10 IDS Assets
Customer Contacts	Escalation Contacts Notification Contacts Incident Notification Contacts
Vulnerability Summary	Vulnerability Summary Top 10 Vulnerability Lists Vulnerabilities List
TRI Summary	TRI Summary Top 10 TRI Lists

October 2019

October 10, 2019

Alert Logic updated the Saved Searches functionality to expand the options for setting notifications. Users can add one or more users from the same customer account to the list of notification recipients in the saved search panel.

September 2019

September 24, 2019

Alert Logic released a new feature for customers with Essentials and Professional subscriptions.

The new Extended Endpoint Protection functionality from Alert Logic helps you control threats and manage incidents from employee workstations, points of sale, servers, and more. For more information, see About Alert Logic Extended Endpoint Protection and Get Started with Alert Logic Extended Endpoint Protection.

September 17, 2019

Alert Logic added a new feature to the scanning functionality, Scan Now. If you need to run a scan immediately, you can use the Scan Now feature on the Topology page. This scans the selected asset right away or as soon as possible, outside of the normal schedule. See Scan Now for more information.

September 13, 2019

Alert Logic added five new compliance reports, located in the Compliance tab of the Reports page, that provide guidance for performing log searches to help demonstrate compliance with some 10.2 requirements of the Payment Card Industry Data Security Standard (PCI DSS):

• PCI Requirement 10.2.2

• PCI Requirement 10.2.4

• PCI Requirement 10.2.5

• PCI Requirement 10.2.6

• PCI Requirement 10.2.7

Alert Logic added a new report, Missing Agent Digest, to the Health report group in the Service tab of the Reports page. The Missing Agent Digest report provides insight into the daily issues related to hosts that are missing agents, including a comparison of missing agent statuses, top ten lists, and a list of hosts with missing agents. To learn more about this report, see Missing Agent Digest.

July 2019

July 10, 2019

Alert Logic has revamped the following three compliance reports, located in the Compliance tab of the Reports page, to help you demonstrate compliance with some requirements of the Payment Card Industry Data Security Standard (PCI DSS):

• The PCI Requirement 6.6 report provides WAF deployments, traffic, incidents, and attacks that help demonstrate compliance with Requirement 6.6. For more information about this report, see PCI Requirement 6.6.

• The PCI Requirement 10.5.1 report provides a list of the current log management users that help you demonstrate compliance with Requirement 10.5.1. For more information about this report, see PCI Requirement 10.5.1.

• The PCI Requirement 11.4 report shows Network IDS incidents and customer escalation contacts that help you demonstrate compliance with Requirement 11.4. For more information about this report, see PCI Requirement 11.4.

Alert Logic added four new compliance reports, located in the Compliance tab of the Reports page, that provide available documentation and compliance artifacts to help demonstrate compliance with some requirements of the PCI DSS and the Health Insurance Portability and Accountability Act (HIPAA) Security Audit, which include the following:

• The PCI Requirement 10.6.1 report provides log review incidents and log management incidents that help you demonstrate compliance with Requirement 10.6.1. For more information about this report, see PCI Requirement 10.6.1.

• The HIPAA 164.308(a)(1)(ii)(D)—Information System Activity Review report provides the log review and log management incidents that help demonstrate compliance with HIPAA 164.308(a)(1)(ii)(D). For more information about this report, see HIPAA 164.308(a)(1)(ii)(D)—Information System Activity Review.

• The HIPAA 164.308(a)(6)(ii)—Response and Reporting report provides available documentation and compliance artifacts that help you demonstrate compliance with requirements of HIPAA 164.308(a)(6)(ii). For more information about this report, see HIPAA 164.308(a)(6)(ii)—Response and Reporting.

• The HIPAA 164.308(a)(5)(ii)(C)—Login Monitoring report provides available documentation and compliance artifacts that help you demonstrate compliance with requirements of HIPAA 164.308(a)(5)(ii)(C). For more information about this report, see HIPAA 164.308(a)(5)(ii)(C)—Login Monitoring.

Alert Logic added the Health report group, which includes two new reports, to the Service tab of the Reports page. The Health reports provide valuable summary and trending data on the health status of protected networks and assets collecting log or network data, which include the following:

• The Network Health Status Digest report provides insight into the daily issues related to protected networks in your environment, including a comparison of health statuses, top ten lists, and total number of open remediations for each network. For more information about this report, see Network Health Status Digest.

• The Collection Issues Digest report provides insight into the daily issues related to log data collection and Network IDS traffic, including a comparison of health statuses, top five lists, and a list of open remediations to fix configuration issues. For more information about this report, see Collection Issues Digest.

June 2019

June 12, 2019

Alert Logic manual mode deployments now include a Cross-Network Protection option, which allows networks to connect and use resources from a network with an assigned appliance for Network IDS or scanning. This centralizes the appliances that provide protection to your account, which allows your organization to reduce infrastructure costs. For more information, see Cross-Network Protection.

May 2019

May 28, 2019

Alert Logic added significant updates to the Log Search functionality, including the following features:

• You can organize saved searches into groups.

• After you move searches to trash, you can restore or permanently delete them.

April 2019

April 25, 2019

Alert Logic added the Health console, which consist of pages on the summary of your environment, detailed health information of your networks, appliances, and agents with suggested configuration remediations, and the option to subscribe to health summary alerts. For more information, see Health.

Alert Logic deployments now include a Network IDS Whitelist option that allows you to select networks for whitelisting. For customers who were previously subscribed to Alert Logic legacy products, and have upgraded to Managed Detection and Response, your Network IDS whitelist will be migrated to the new experience.

Alert Logic added an Expedite Scan Capability in topology which expedites scans on individual assets when your organization requires specific assets to be scanned immediately. Alert Logic moves expedited scans ahead of their schedule to the next available time. For more information about expedite scans, see Topology.

Alert Logic added a new report, the PCI Requirement 10.6 (Incidents) report, which provides log review and log management incidents to help demonstrate compliance to Requirement 10.6 of PCI DSS. For more information about this report, see PCI Requirement 10.6 (Incidents).

Alert Logic added a new report, the PCI Requirement 11.4 report, which provides Network IDS incidents and customer escalation contacts to help you demonstrate compliance to Requirement 11.4 of the PCI DSS. For more information about this report, see PCI Requirement 11.4.

April 9, 2019

Alert Logic updated scan frequency and scheduling to allow you to schedule internal vulnerability scans and external vulnerability scans separately. For more information, see Manage Scans and Scan Results.

When you add assets to a Data Center deployment, you can now inform Alert Logic that your network equipment is configured to SPAN or another port mirroring feature. If you select this option, you avoid duplicating Network IDS traffic reported to Alert Logic while allowing Alert Logic to analyze the traffic passing through the port mirroring feature. For more information about Data Center assets, see Add assets.

April 5, 2019

Alert Logic updated the CIS AWS Foundations Benchmark report in the Alert Logic console to support Level 1 and Level 2 of the latest version (1.2.0) of the CIS AWS Foundations Benchmark. Users can now asses their AWS accounts against the latest CIS AWS Foundations Benchmark guidelines, including multi-factor authentications, AWS Config auditing, review of VPC peering network rules, review of IAM policies, access key rotation, and other improvements. For more information about the CIS AWS Foundations Benchmark report, see Reports Guide.

Alert Logic updated the incident notes in the Incidents page to include the name of the Alert Logic analyst who provided the notes and the name of the user who has updated the incident. The notes appear in the Audit Log of the Investigation Report and Recommendation pages, and in the Evidence page. For more information about incident notes, see Incidents.

Alert Logic now includes Alert Logic analyst notes in email notifications for incident escalations. This allows users to see the analyst notes provided in the Incidents page immediately without having to log into the Alert Logic console. For information about incident notifications in the Alert Logic console, see Incidents.

April 2, 2019

Alert Logic added notifications for incidents originating from Amazon GuardDuty findings. GuardDuty is a threat detection service that continuously monitors for malicious activity and unauthorized behavior to protect your AWS accounts and workloads. The Alert LogicAmazon GuardDuty integration lets you view GuardDuty findings in the Alert Logic console Incidents page.

The Incidents page allows you to configure notifications for incidents based on their threat levels. With the added notification support, all GuardDuty incidents are available by their threat levels. For guidance and information about GuardDuty findings severity, which corresponds to Alert Logic threat level, see Amazon documentation for GuardDuty findings and severity. For information about incident notifications in the Alert Logic console, see Incidents.

March 2019

March 12, 2019

Alert Logic updated scan scheduling to allow more control of your scan schedules. You can schedule how often and when to perform vulnerability scans and discovery scans for each of your deployments. For more information, see Manage Scans and Scan Results.

For customers who were previously subscribed to Alert Logic legacy products, and have upgraded to Managed Detection and Response, you can access your legacy scan results and archived reports. For more information, see Manage Scans and Scan Results.

Alert Logic added a new report, Network IDS Traffic, which provides visibility into the Network IDS traffic volume and collections processed in your environment. For more information, see IDS Traffic.

Alert Logic updated the IAM Role policy documents for Amazon Web Services (AWS) deployments. If your customer account provides the Managed Detection and Response products, Alert Logic recommends you update your existing deployments to use IAM roles created with the most current policy documents. For more information, see Update your IAM roles.

February 2019

February 26, 2019

Alert Logic now offers Log Review service with Managed Detection and Response. Log Review creates incidents, which appear on the Incidents page and in notification emails. Some Log Review incidents are escalated by an Alert Logic security analyst, and the rest appear as info level incidents.

Alert Logic added a new report, Monthly Log Review, which provides a monthly summary analysis of your Log Review incidents. For more information, see Monthly Log Review Report.

November 2018

November 28, 2018

Alert Logic has launched an integration with the new Security Hub offering from AWS. See Integration with AWS Security Hub for more information.

April 2018

April 25, 2018

New Features

• This release adds a time zone selection field to the New Source menu. You must choose a time zone to create a source.

Fixes

• This release resolves an issue with updating agent policies. The issue is resolved and users can create and update agent policies as normal.

• This release resolves an issue with events, incidents, and blocking alert rules. To access the pages, click CONFIGURATION, then click Notifications, and then select the type of alert rule you want to create.

• This release resolves cosmetic issues with page layout on several configuration screens, and the Zones and Host Groups screens.

• This release resolves an issue that redirected users when they clicked a link to an incident.

• This release resolves an issue with updating block requests in the incidents panel.

• This release updates an error message that appears when a read-only user tries to access unauthorized tools or content.

• This release resolves an issue with list filters on the sources pages. All filters appear as intended now.

• This release resolves an issue with a link in the PCI Dispute system.

April 20, 2018

New Features

• This release adds a feature that displays the full name of the account you are viewing in the Alert Logic console.

Fixes

• This release resolves an issue where Azure deployments did not show protected hosts associated with the deployment.

• This release resolves cosmetic issues with page sizing and scrolling.

• This release resolves an issue in the menu to add a new certificate. For some users, the menu timed out before they were done filling in all the information. This issue has been resolved.

• This release resolves an issue with the Save button on the correlation policy and flat file log sources screens for certain deployments. The Save button now displays and works as expected.

April 17, 2018

New Features

• This release adds a feature that allows users to select the customer account they want to use in the Statistics tab of Scans.

Fixes

• This release resolves an issue with user time zone settings.

• This release resolves an issue where the host metadata displayed the private IP as a public IP.

• This release resolves an issue with viewing log messages within cases.

• This release resolves compatibility issues with Internet Explorer version 11.

• This release resolves an issue that caused the Alert Logic console to display an error when users tried to turn a host into a protected host.

• This release resolves an issue with appliances and agents filtering on Azure deployments.

• This release resolves an issue where metadata was missing on some log sources.

• This release resolves an issue with the Save button on the correlation policy editing screen.

April 9-13, 2018

New Features

• This release adds multiple ID numbers to identify incidents and events.

• This release adds a feature that allows allowing users to easily share links to events.

  • In the Alert Logic console, click SEARCH, and then click Events. In the list that appears, find the event you want to share, and then click the share icon () in the Share column. A new browser tab opens and shows event details. The URL in the new tab is a direct link to the event details page.

  • You may also click an event to view the event details page. From the event details page, click the share icon () at the top of the page. The A new browser tab opens, and the URL in the new tab is a direct link to the event details page.

Fixes

• This release resolves an issue with retrieving SSL certifications.

• This release resolves an issue with the search function.

• This release resolves a cosmetic issue with the layout of the Scans Dashboard page.

• This release resolves an issue with the reporting system in the Alert Logic console. All users can now access reports normally.

• This release resolves an issue with the forgotten password link on the login page.

• This release resolves an issue with incident and event counts on the dashboard pages. All counts are now accurate.

• This release resolves an issue with cached pages causing certain links to redirect users. The issue is resolved, and all links and navigation tools work as expected.

• This release resolves issues where the Alert Logic console did not work normally for users who accessed it from certain browsers. The issue is resolved, though if you continue to experience issues, use Google Chrome.

• This release resolves an issue where an internal Alert Logic feature appeared to customers as a dead link. The link no longer appears for non-Alert Logic users.

• This release resolves an issue where users could view data on the Scan dashboard for all accounts for which the user had access. The issue is resolved, and customers now only see data for the selected account.

April 7, 2018

Alert Logic updated the Alert Logic console to provide a single login and universal navigation for all products and subscriptions. This update allows you to easily find everything you need in one place across the entire Alert Logic portfolio. The top-level navigation is organized around functional categories (incidents, remediations, search, reports), and is subscription-aware, which means you see only the content relevant to your organization. In addition, you can access all of your Alert Logic products, across all your data-residencies, within one portal. Other features in this release include:

• The upgraded reporting console provides richer, interactive reports. The new reporting console is intuitively organized and easily searchable. Incident Analysis reports provide valuable insights and trending data for incidents created from all subscribed detection sources (Network IDS, Log Management, Web App IDS, and Amazon GuardDuty). Service Summary reports provide summary information and visibility into product configuration, product status, and security outcomes from your subscribed services.

• Enhanced portal navigation improves your ability to find everything you need across the entire Alert Logic portfolio. The top-level navigation is organized around functional categories (incidents, remediations, search, reports), and is subscription-aware, so you see only the content relevant to your organization.

• Streamlined Deployments page the Deployments page provide a single menu to create, view, and edit deployments for all Alert Logic products. In addition, for Cloud Insight Essentials customers:

  • You can use CloudFormation templates to easily create the IAM roles necessary to create Cloud Insight and Cloud Insight Essentials.

  • Deployment tiles clearly display the level of assessment chosen for your deployments.

  • You can use the new Guided Mode to create Cloud Insight deployments for which you determine where to deploy scanning instances in your infrastructure.

• Role-based user permissions allow you to quickly and easily provision new users and modify existing permission levels using an industry standard, role-based model. This enhancement allows you to assign users to one of five of the following roles

  • Administrator

  • Owner

  • Power User

  • Support/Care

  • Read-only

• Multi-factor authentication (MFA) adds a second layer of protection to your login. This opt-in feature enables you to further protect your organization from compromised credentials. MFA gives you the option to decide to enable the feature either at the account level if you wish to make MFA mandatory, or on a per individual user level. Alert Logic leverages Google Authenticator on mobile phones as the technology for the hardware-based authentication.

May 2017

May 30, 2017

Alert Logic updated the Alert Logic console for the Cloud Defender suite of products, specifically for Log Manager and Threat Manager. Access to the Classic UI and the ability to switch between the two is currently available. For more information, see Improved Experience for Cloud Defender Console | Software Updates.

March 2017

March 16, 2017

The Alert Logic login page now allows you to reset your password. An update to the login page includes color scheme modifications and a highly requested feature – the ability to reset your password.

February 2017

February 16, 2017

• This release adds a customer selector that allows you to select one customer or a parent customer and all of its child customers.

• This release decouples the page load from query execution.

June 2016

June 6, 2016

New Features

• This release provides a new web technology update and a new web CSS theme that is applied to the current web portal. This does not affect navigation, menu, or workflow, as this is only a web skin update.

• This release provides a new task and notification bar, as well as an AWS account IDs page for Threat Manager customers with agents and appliances installed within an AWS account.

Changes

• A new CSS theme applied to the current NGUI

• A new operating system (from Debian Squeeze to CentOS 6.7)

• PHP version upgraded to 5.6.20

• Support to the latest version of TLS (TLS 1.2)