Shortlist fit
Cloud and hybrid teams that want managed detection plus exposure visibility in one platform
Provider handles
Service investigates and gives response guidance. Your team owns the action.Check before buying
Remediation and incident-response work unless an automated response workflow or partner service is explicitly configuredAlso fits
- Buyers with public-facing web applications that may benefit from a managed WAF add-on
- Mid-market organizations that want analyst triage without building a full internal SOC
- MSP or partner-led buyers that need a packaged MDR service with cloud and compliance reporting
Can replace
- Manual review of high and critical Alert Logic incidents
- Separate entry-level vulnerability scanning and log review for covered assets
- Some WAF operations for configured public-facing web applications
Coverage
Provider covers
- Essentials, Professional and Enterprise MDR subscriptions with asset-level coverage assignment
- 24/7 SOC analysis, triage and escalation for verified high and critical incidents in Professional
- Log collection, storage and search from Windows Event Log, syslog, cloud API, flat-file and application sources
Your team still owns
- Selecting the right MDR tier, protected assets, log sources and Managed WAF scope
- Maintaining the cloud, endpoint, identity, network and application systems that feed Alert Logic
- Approving response playbooks, WAF modes, exclusions and change windows
Tradeoffs
Works well
- Clear tiering lets buyers separate exposure management from full threat-management coverage
- Strong fit for AWS, Azure, GCP, hybrid data center and web-application use cases
- Managed WAF is a useful adjacent capability for buyers with internet-facing applications
Watch out for
- Buyers must verify support and roadmap ownership after the LevelBlue and Fortra transition
- Response is not universally hands-on; many actions remain customer-configured, approval-based or buyer-owned
- Public pricing is quote-based, and log volume, WAF, retention and appliance requirements can change scope
Reviews
Review synthesis
Reviews generally credit Alert Logic for 24/7 monitoring, cloud and network visibility, detailed alerts and responsive support. The cautions are recurring: pricing is not transparent, the interface and reports can feel dated, support quality has varied over time and some buyers want stronger endpoint response.Customers like
- Buyers value not having to write and monitor every detection query themselves
- Reviewers mention useful cloud, IDS, log and WAF visibility for lean teams
- Positive reviews often point to responsive support during setup and operations
Watch out for
- Some reviews cite support turnover or reduced account-team quality
- Buyers ask for better UI, reporting, alert payload detail and endpoint protection
- Community threads warn that MDR scope should be checked closely before assuming full SOC ownership
Pricing
- Price
- Quote-based; AWS Marketplace private offer available
- Billing
- Per-asset, Tiered, Custom
Questions to ask
- Which assets are covered by Essentials, Professional or Enterprise, and which are unprotected or add-on only?
- Which response actions can run automatically, which require approval and which remain fully owned by our team or MSP?
- After the LevelBlue acquisition, who owns support, renewal terms, SOC escalation and the roadmap for our account?
Integrations
- SIEM
- Alert Logic MDR platform
- Alert Logic console
- Cloud
- Other
- Alert Logic Managed WAF
- Intelligent Response
- Amazon GuardDuty
- Microsoft Office 365 logs
- Azure Event Hubs
- Windows Event Log
- Syslog
Editorial notes
Ownership change
LevelBlue announced in January 2026 that it would acquire Fortra's Alert Logic managed MDR, XDR and Managed WAF services. The current Alert Logic site redirects to LevelBlue and says customers keep access to Alert Logic portals, support and documentation.
Response boundary
Professional MDR includes SOC triage, escalation and recommendations, while Intelligent Response automates actions through connected customer tools. Public docs support guided or customer-approved response, not blanket hands-on remediation by Alert Logic for every incident.
Tier boundary
Essentials focuses on asset visibility, vulnerability scanning, cloud configuration checks and support. Professional adds threat management, log collection, 24/7 threat management support and Intelligent Response. Enterprise adds a designated Enterprise Security Squad and active threat hunting.
WAF boundary
Managed WAF is an add-on that protects configured websites and can run in detect or protect mode. Buyers should verify whether WAF deployment, certificate handling, tuning, production cutover and false-positive handling are included in the quoted scope.
Pricing boundary
Public list pricing is not available from Alert Logic or LevelBlue. AWS Marketplace exposes private offers, and Gartner describes tiered pricing tied to assets, data ingestion and service level, so buyers need a scoped quote.