Alert Logic

MDR ยท XDR

Alert Logic is now part of LevelBlue. The service combines MDR subscriptions, Alert Logic console telemetry, vulnerability and exposure management, 24/7 analyst triage, Intelligent Response automation and Managed WAF add-ons for cloud, hybrid and on-prem environments.

Service
MDR
Handles
Investigate and advise
Price
Quote-based; AWS Marketplace private offer available
  • Investigate and advise
  • Founded 2002
Visit website

Shortlist fit

Cloud and hybrid teams that want managed detection plus exposure visibility in one platform

Provider handles

Service investigates and gives response guidance. Your team owns the action.

Check before buying

Remediation and incident-response work unless an automated response workflow or partner service is explicitly configured

Also fits

  • Buyers with public-facing web applications that may benefit from a managed WAF add-on
  • Mid-market organizations that want analyst triage without building a full internal SOC
  • MSP or partner-led buyers that need a packaged MDR service with cloud and compliance reporting

Can replace

  • Manual review of high and critical Alert Logic incidents
  • Separate entry-level vulnerability scanning and log review for covered assets
  • Some WAF operations for configured public-facing web applications

Coverage

Provider covers

  • Essentials, Professional and Enterprise MDR subscriptions with asset-level coverage assignment
  • 24/7 SOC analysis, triage and escalation for verified high and critical incidents in Professional
  • Log collection, storage and search from Windows Event Log, syslog, cloud API, flat-file and application sources

Your team still owns

  • Selecting the right MDR tier, protected assets, log sources and Managed WAF scope
  • Maintaining the cloud, endpoint, identity, network and application systems that feed Alert Logic
  • Approving response playbooks, WAF modes, exclusions and change windows

Tradeoffs

Works well

  • Clear tiering lets buyers separate exposure management from full threat-management coverage
  • Strong fit for AWS, Azure, GCP, hybrid data center and web-application use cases
  • Managed WAF is a useful adjacent capability for buyers with internet-facing applications

Watch out for

  • Buyers must verify support and roadmap ownership after the LevelBlue and Fortra transition
  • Response is not universally hands-on; many actions remain customer-configured, approval-based or buyer-owned
  • Public pricing is quote-based, and log volume, WAF, retention and appliance requirements can change scope

Reviews

Review synthesis

Reviews generally credit Alert Logic for 24/7 monitoring, cloud and network visibility, detailed alerts and responsive support. The cautions are recurring: pricing is not transparent, the interface and reports can feel dated, support quality has varied over time and some buyers want stronger endpoint response.

Customers like

  • Buyers value not having to write and monitor every detection query themselves
  • Reviewers mention useful cloud, IDS, log and WAF visibility for lean teams
  • Positive reviews often point to responsive support during setup and operations

Watch out for

  • Some reviews cite support turnover or reduced account-team quality
  • Buyers ask for better UI, reporting, alert payload detail and endpoint protection
  • Community threads warn that MDR scope should be checked closely before assuming full SOC ownership

Pricing

Price
Quote-based; AWS Marketplace private offer available
Billing
Per-asset, Tiered, Custom

Questions to ask

  1. Which assets are covered by Essentials, Professional or Enterprise, and which are unprotected or add-on only?
  2. Which response actions can run automatically, which require approval and which remain fully owned by our team or MSP?
  3. After the LevelBlue acquisition, who owns support, renewal terms, SOC escalation and the roadmap for our account?

Integrations

SIEM
  • Alert Logic MDR platform
  • Alert Logic console
Cloud
  • AWS
  • Azure
  • GCP
Other
  • Alert Logic Managed WAF
  • Intelligent Response
  • Amazon GuardDuty
  • Microsoft Office 365 logs
  • Azure Event Hubs
  • Windows Event Log
  • Syslog

Editorial notes

Ownership change

LevelBlue announced in January 2026 that it would acquire Fortra's Alert Logic managed MDR, XDR and Managed WAF services. The current Alert Logic site redirects to LevelBlue and says customers keep access to Alert Logic portals, support and documentation.

Response boundary

Professional MDR includes SOC triage, escalation and recommendations, while Intelligent Response automates actions through connected customer tools. Public docs support guided or customer-approved response, not blanket hands-on remediation by Alert Logic for every incident.

Tier boundary

Essentials focuses on asset visibility, vulnerability scanning, cloud configuration checks and support. Professional adds threat management, log collection, 24/7 threat management support and Intelligent Response. Enterprise adds a designated Enterprise Security Squad and active threat hunting.

WAF boundary

Managed WAF is an add-on that protects configured websites and can run in detect or protect mode. Buyers should verify whether WAF deployment, certificate handling, tuning, production cutover and false-positive handling are included in the quoted scope.

Pricing boundary

Public list pricing is not available from Alert Logic or LevelBlue. AWS Marketplace exposes private offers, and Gartner describes tiered pricing tied to assets, data ingestion and service level, so buyers need a scoped quote.

Questions

Is Alert Logic still part of Fortra?
Alert Logic managed MDR, XDR and Managed WAF services are now part of LevelBlue under a January 2026 strategic partnership with Fortra. Fortra remains a technology partner, so buyers should confirm seller of record, support path and renewal terms for the exact quote.
Does Alert Logic contain threats for the customer?
Not by default in the way a fully hands-on MDR provider does. Alert Logic analysts triage, escalate and recommend actions, while Intelligent Response can automate actions such as host isolation, user disablement or IP blocking through connected tools after the customer configures the workflow and approval model.
What is the difference between Alert Logic Essentials, Professional and Enterprise?
Essentials focuses on asset visibility, vulnerability scanning and cloud configuration checks. Professional adds threat visibility, log management, 24/7 threat management support and Intelligent Response. Enterprise adds a designated Enterprise Security Squad, bi-weekly reviews and active threat hunting.