Featured: AlienApp for Dark Web Monitoring

Secure User Credentials with the AlienApp for Dark Web Monitoring

Learn More ›

Browse AlienApps:

AlienApps extend and automate the threat detection and response capabilities among the built-in security controls in USM Anywhere as well as other third-party security and productivity tools. AlienApps are developed and delivered to USM Anywhere continually, so you gain new security capabilities as the IT security and threat landscapes evolve.

No Results Found

Manage and help protect your endpoints with MobileIron Threat Defense and automatically respond to advanced threats directly from USM Anywhere

The AlienApp for MobileIron Threat Defense enhances the threat detection and response capabilities of USM Anywhere by collecting and analyzing log data from the MobileIron zConsole and providing orchestration actions to streamline incident response activities via the MobileIron Cloud platform. The AlienApp allows the user to automatically ingest threat logs, mobile asset discovery details, and user data from the zConsole into USM Anywhere.

The AlienApp for MobileIron provides a set of orchestration actions that help enable customers to quickly take action on their endpoints in response to threats directly from USM Anywhere, including:

  • Delete a user
  • Change a password
  • Restart a device
  • Wipe a device (Factory reset)
  • Lock and un-lock a device
  • Retire a device (Corporate reset)
AlienApp for MobileIron Threat Defense 1617371880 1
Gain in depth visibility into assets on your network and their associated vulnerabilities

The AlienApp for Digital Defense Frontline delivers the ability to provide improved asset visibility, on-demand risk posture, and prioritized remediation and patching recommendations for systems that are at high-risk or already under attack. Frontline Vulnerability Manager (Frontline VM™) and Frontline Advanced Threat Sweep (Frontline ATS™), both part of the Digital Defense Frontline SaaS vulnerability and threat-scanning platform, provide an agent or agent-less on-demand solution powered by active threat intelligence that is customized for customer environments. These capabilities enhance USM Anywhere’s ability to provide actionable steps to remediating high-risk assets and targeted threats.

The AlienApp for Digital Defense Frontline enhances your security operations by providing greater visibility into your entire set of assets, the ability to manage and execute on-demand vulnerability and threat scanning, and the ability to see detailed results in a unified dashboard within USM Anywhere. The dashboard is automatically available within USM Anywhere when data is being collected from Digital Defense Frontline and can provide the following:

  • Prioritized list of vulnerabilities to be remediated
  • Minimal agent footprint on assets and minimal asset performance impact
  • Tracking of dynamic, virtual, and mobile assets that were previously considered new or unknown as they change attributes
  • Detection of passive or hidden artifacts of malware that often go undetected by “active” endpoint monitoring
  • Detection of missing or disabled endpoint security tools
  • Low false positive rates to decrease the burden on security teams
  • Trend analysis of overall risk posture and security efficacy
  • Easy to understand security rating system, Security GPA
AlienApp for Digital Defense Frontline 1605752040 3
Collect and analyze logs from FortiManager and streamline incident response activities

The AlienApp for FortiManager enhances the threat detection capabilities of USM Anywhere by collecting and analyzing log data from Fortinet FortiManager and providing orchestration actions to streamline incident response activities. When USM Anywhere detects a potential threat, like a malicious IP on your FortiManager device, you can launch a response action directly within USM Anywhere.

With the AlienApp for FortiManager, you can perform the following orchestration actions:

  • Enable teams to work more efficiently to remediate vulnerabilities and security threats
  • Avoid the complexity of managing multiple systems and workflows across different products
  • Immediately available out of the box with USM Anywhere (no installation required)

AlienApp for Fortimanager

AlienApp for FortiManager 1602019260 4
Automatically collect and analyze logs from FortiGate to help protect your organization from external threats

The AlienApp for FortiGate enhances the threat detection capabilities of USM Anywhere by collecting and analyzing log data from the FortiGate firewall and providing orchestration actions to respond to threats quickly.

With the pre-built orchestration between these products, you can help close the loop between threat detection and response, directly from USM Anywhere:

  • Shorten time from threat detection to response
  • Gain more visibility by monitoring FortiGate logs directly within USM Anywhere
  • Automate or trigger response actions directly with USM Anywhere to block malicious IP and URL addresses using FortiGate

AlienApp - fortigate

AlienApp for FortiGate 1602012780 5
Collect events from Microsoft Defender Advanced Threat Protection endpoints and automatically block dangerous hosts or files.

Advanced endpoint detection and response agents can help play a critical role in an organization’s threat detection and response strategy.  The AlienApp for Microsoft Defender ATP helps to enhance the threat detection and response capabilities of USM Anywhere by collecting and analyzing log data from Defender's API and also provides orchestration actions to streamline incident response activities.

The app includes the following capabilities:

Log collection

  • Customize log collection via the Microsoft API
  • Correlation rules from AT&T Alien Labs automatically detect security incidents

Dashboard

A special MS Defender dashboard is automatically available within USM Anywhere when data is being collected from MS Defender ATP and includes the following data elements:

  • Events trend
  • Action type
  • Security Score
  • Top 10 machine at risks
  • Top 10 Users at risks
  • Top quarantined Files
  • Top quarantined machines
  • Top Suspicious URLs
  • Top suspicious IPs

Orchestration Actions

The AlienApp for MS Defender ATP provides a set of orchestration actions that help enable customers to quickly take various actions on the endpoint.  These actions can be taken manually by the SOC operator in response to a USM Anywhere alarm or event or can be configured to run automatically with no user involvement.  Actions include:

  • Isolate a machine from the network with the self-quarantine feature
  • Quarantine/block a file - stop the endpoint from being able to access or execute a local file
  • Collect investigation package for an in-depth evaluation of an endpoint
  • Set IOCs - files, hosts, domains that should be blocked
  • Get File statistics
  • Get Domain statistics
AlienApp for Microsoft Defender Advanced Threat Protection 1594607880 6
Automatically collect Cisco AMP logs, detect threats, and respond to them directly from the USM Console.

The AlienApp for Cisco AMP helps enhance the threat detection capabilities of USM Anywhere by collecting and analyzing log data from Cisco AMP and also provides orchestration actions to streamline incident response activities.  It helps to enhance the threat detection capabilities of USM Anywhere by enabling you to monitor and respond to Cisco AMP events within the same pane of glass as the rest of your critical IT assets

Key features

  • Advanced security orchestration allows you to view Cisco AMP events and alarms, through a consolidated dashboard
  • Perform security orchestration and automated response (SOAR) actions
  • Data enrichment and analytics help you capture, analyze, visualize, and respond to threats on your Cisco AMP endpoint

Key benefits

  • Easily view threats impacting your organization, with insights into patterns and anomalies
  • Ability to respond to threats rapidly and automatically, utilizing USM Anywhere

The app includes the following capabilities:

  • Data Collection via API
  • Dashboard
  • Orchestration Actions

Dashboard

The Cisco AMP dashboard is automatically available from the Dashboards menu of USM Anywhere when data is being collected from Cisco AMP, and will include the following data elements (targets):

  • Threat Detected - a threat was found on this system.
  • Threat Quarantined - a threat was successfully quarantined
  • Multiple Infected Files - multiple infected files indicate multiple files on a computer are attempting to download malware
  • Executed malware - the computer-executed known malware
  • Cloud IOC - suspicious behavior that indicates possible compromise of the computer
  • Suspicious Download - a suspicious file was downloaded

Cisco AMP Screenshot

AlienApp for Cisco AMP 1594212480 7
Automatically collect Cisco ASA logs, detect threats, and respond to them directly from the USM Console.

The AlienApp for Cisco ASA (Adaptive Security Appliance) helps enhance the threat detection capabilities of USM Anywhere by collecting and analyzing log data from Cisco ASA and also provides orchestration actions to streamline incident response activities. It enhances the threat detection capabilities of USM Anywhere by enabling you to monitor and respond to Cisco ASA events within the same pane of glass as the rest of your critical IT assets

Key features

  • Advanced security orchestration allows you to view Cisco AMP events and alarms through a consolidated dashboard
  • Perform security orchestration and automated response (SOAR) actions to easily contain threats
  • Data enrichment and analytics help you capture, analyze, visualize, and respond to threats on your Cisco ASA Appliance

Key benefits

  • Easily view threats impacting your organization, with insights into patterns and anomalies
  • Ability to respond to threats rapidly and automatically, leveraging USM Anywhere

The app includes the following capabilities:

  • Data Collection via API
  • Orchestration Actions
AlienApp for Cisco ASA 1594206900 8
Speed response to network threats by manually or automatically taking action to block threats using your Check Point cloud firewall.

The AlienApp for Check Point Security Management provides deep security monitoring and response capabilities for the Check Point cloud security platform, helping safeguard critical infrastructures through early threat detection and rapid response. It enhances the threat detection capabilities of USM Anywhere by collecting and analyzing data from Check Point Security Management.

Check Point Screenshot

Dashboard

The Check Point AlienApp dashboard includes a consolidated view of important security events and trends, enabling the SOC operator to quickly spot unusual activities. This makes it easier to identify security trends and concerns without leaving the USM Anywhere console. Graphs and tables highlight important security data, including:

  • Top failed logins by user
  • Top Check Point Advisory Alerts
  • Top Malware Families detected
  • Top Attacks detected by Check Point

Response actions

Response actions allow the SOC to manually or automatically take an action in response to a threat. Operators can click “Action” from an alarm or event, select the action to take, and immediately block the threat. Alternatively, for well-understood alarms, operators can write orchestration rules in the USM rule engine to automatically take the same actions. Actions available include:

  • Update the Check Point Firewall using URL info in an Event, or an Alarm
  • Update the Check Point firewall using domain info in an Event, or an Alarm
  • Update the Check Point Firewall using file hash when a response action matches an Event/Alarm
  • Update the Check Point Firewall using IP when a response action rule matches an Event/Alarm
  • Update the Check Point Firewall using URL when a response action rule matches an Event/Alarm
  • Update the Check Point Firewall using domain info when a response action rule matches an Event/Alarm

Why you’ll love the AlienApp for Check Point

Help reduce time to detection & remediation

  • Advanced security orchestration allows you to view Check Point events and alarms, through a consolidated dashboard
  • Easily perform security orchestration and automated response (SOAR) actions
  • Data enrichment and analytics help you capture, analyze, visualize, and respond to threats on your Check Point platform
AlienApp for Check Point 1591301280 9
Quickly create Salesforce cases for investigations directly from USM Anywhere, including automatically creating cases when specific events occur.

The AlienApp for Salesforce provides visibility into important Salesforce security-related events with a dashboard, and streamlines incident response activities by automatically opening Salesforce cases in response to threats detected by USM Anywhere.

Salesforce Screenshot

Dashboard

The dashboard includes a consolidated view of important security events and trends, enabling the SOC operator to quickly spot unusual activities.

  • Login Attempts, failed logins by user, and Failed login reasons visualize potential access violations
  • Top Reports by Size quickly reveals unusual data downloads of Salesforce data
  • Login Activity reveals login trends over time, revealing spikes and other problems

Response actions

Cases can be opened automatically based on a correlation rule, or manually by the SOC analyst working a case. USM Anywhere generates the Salesforce case and populates the Salesforce case fields with details from USM Anywhere. For example:

  • Create a Salesforce automatic Response rule using a source or destination address seen in an event, alarm, or vulnerability from the user interface
  • Create a Salesforce case with the short description and description fields pre-populated
  • Trigger an action to create a new case and specify the incident information from the following fields: Type of Request, Case Reason, subject, priority, status

Why you’ll love the AlienApp for Salesforce

Reduce time to detection and remediation

  • Automate remediation and policy enforcement between USM Anywhere and Salesforce for rapid response
  • Virtually eliminate friction in the incident response process, accelerating the time to respond to threats
  • Enhance threat visibility and help reduce mean time to detection and response

Save time and money

  • Enable focus on threat response and not writing complex security analytics rules

Simple, form-based integration helps accelerate time to productivity, rather than spending time on complicated cross-product integration

AlienApp for Salesforce 1587406140 10
Quickly take action in Zscaler to respond to events, without disrupting investigation flows or logging into another security tool.

The AlienApp for Zscaler integrates visibility and control over your Zscaler Internet Access cloud security directly into USM Anywhere™. The AlienApp collects event data, automates detection and response actions, and provides a summary dashboard showing relevant security events in your Zscaler cloud - without leaving the USM Anywhere Console.

  • Collect security events and trigger alarms when threats are detected
  • Quickly respond to alarms by changing Zscaler policy - directly from the USMA console
  • Automatically respond to Zscaler events with orchestration rules
  • See Zscaler cloud security summary at a glance with the Zscaler Dashboard

Why you’ll love the AlienApp for Zscaler

Accelerate time to detection and response

In the course of an investigation, the AlienApp for Zscaler is available directly from the Alarm and Event views and can be used to quickly take an action to respond to the event, without disrupting the investigation flow or logging into another security tool. For recurring security issues, actions can be automated by writing response rules. Whenever the rule is triggered, the preconfigured response action will be taken

Apply AT&T Alien Labs threat intelligence to your log data

USM Anywhere™ uses its integrated threat intelligence to analyze log data from Zscaler, along with data from other assets and security products, to detect threats and intrusions. AT&T Alien Labs security research team researches and delivers continuous threat intelligence updates directly to USM Anywhere™, so you don’t have to. You can focus on what matters most — stopping threats in their tracks.  

Monitor your security posture from a single console  

With rich, interactive dashboards in USM Anywhere, you can monitor your Zscaler Internet Access cloud security activity and see the top threats, top threat signatures, malware, and more. USM Anywhere™ enriches your log data and makes it simple to search and filter events, as well as export views for reporting purposes.

AlienApp for Zscaler 1585786500 11
Automatically detect and respond to Box security threats such as credential abuse, data exfiltration, and anomalous user behavior.

The AlienApp for Box enables you to automate threat detection and incident response between USM Anywhere and Box environments, helping you investigate and contain Box security threats quickly. When USM Anywhere alerts you to potential threats such as credential abuse, data exfiltration, or malware infection within your Box deployments, you can launch a response action within Box directly from the alarm in USM Anywhere.

The AlienApp for Box enables Box security monitoring within the same console as the rest of your critical IT environments across the cloud and on premises.

With the AlienApp for Box, you can detect and respond to Box security threats such as:

  • Password spraying against Box Enterprise
  • Successful brute force authentication attacks
  • Ransomware and other malware infections
  • Data exfiltration or sharing with a known malicious host
  • Anomalous user activities that could indicate an attack
AlienApp for Box 1556595540 12
Automatically block malicious domains in Cisco Umbrella whenever they are detected in USM Anywhere. Reduce the time between detection and incident response.

The AlienApp™ for Cisco Umbrella delivers advanced security orchestration capabilities between AlienVault® USM Anywhere™ and Cisco Umbrella (formerly OpenDNS), shortening the time from threat detection to response through security automation.

With the pre-built orchestration between these two products, you can close the loop between threat detection and response, without any of the heavy lifting typically required to integrate multiple security IT tools.

  • Shorten the time from threat detection to threat response with automation
  • Save time, money, and headaches in integrating multiple IT security tools 
  • Gain more visibility of your internet traffic by monitoring Cisco Umbrella logs directly within USM Anywhere
  • Automate or trigger response actions within USM Anywhere to block malicious domains in Cisco Umbrella
AlienApp for Cisco Umbrella 1553267400 13
Detect and block malicious IP addresses in Palo Alto Networks next-generation firewalls automatically as threats are detected in USM Anywhere. Get security orchestration out of the box.

The AlienApp™ for Palo Alto Networks allows you to automate intrusion detection and response activities between AlienVault® USM Anywhere™ and Palo Alto Networks Next-Generation Firewall (NGFW) products, so that you can instantly block malicious IPs as soon as they are detected.

The pre-built integration between USM Anywhere and Palo Alto Networks gives you closed-loop threat detection and response out of the box, without requiring any complex set up or extra installations.

  • Close the loop between threat detection and response 
  • Simplify the integration of multiple IT and security products with AlienApps out of the box 
  • Gain deeper visibility into your firewall traffic and the top threats against your environment
  • Automatically block malicious IPs with Palo Alto Networks Next-Generation Firewalls as threats are detected in USM Anywhere
AlienApp for Palo Alto Networks 1553266740 14
AlienApp for Cloudflare 1519174500 15
Centralize your security monitoring with the AlienApp for Sophos Central. Collect and analyze Sophos Central alerts and events directly within USM Anywhere for simple, streamlined security management.

With the AlienApp™ for Sophos Central, you can centralize your security monitoring program in a single pane of glass, making it easier and faster to detect threats across multiple security platforms. The app enables you to collect and monitor Sophos Central alerts and events directly within AlienVault® USM Anywhere™.

The AlienApp for Sophos Central collects and parses data through the Sophos API, making it available for threat analysis and incident response within USM Anywhere. Sophos Central unifies security data from across the Sophos suite of products for server security, endpoint protection, email security, and more. 

Discover all the advantages of the AlienApp for Sophos Central:

  • Aggregate security alarms for malware activity detected in Sophos Central.
  • Create custom alarms and notifications for any Sophos Central security alert.
  • Define automated incident response actions for any Sophos Central security alert.
AlienApp for Sophos Central 1516056240 16
Resolve security issues faster with the ability to open and track Jira issues directly from AlienVault USM for any vulnerability, event, or alarm.

With the AlienApp™ for Jira, you can open and track Jira issues directly from AlienVault® USM Anywhere™, making it easy, fast, and efficient to monitor the lifecycle of your incident response activities, even across multiple security and IT teams.

From any alarm, event, or vulnerability detected in USM Anywhere, you can create a new Jira issue that captures the relevant threat data needed for effective response, saving you time and effort. You can also automate the creation of new Jira issues in response to threats detected in USM Anywhere to further reduce the time between detection and resolution.

  • Accelerate time to resolution (TTR) with a simple, fast, and automated way to capture and trigger incident response activities in Jira.
  • Align security and IT teams around your incident response plan using your existing Jira IT deployment.
  • Monitor the full threat lifecycle—from threat detection to resolution—in a single pane of glass.
AlienApp for Jira 1508206680 17
Security and compliance for your Microsoft Azure subscription. Collect and analyze log data from Azure Monitor and be alerted to Azure security and configuration issues. AlienApp for Azure 1504669320 18
Detect threats against G Suite (formerly Google Apps), including Drive, Docs, Gmail, and more. Monitor user and admin activities, and know who is logging in, accessing your data, and more. AlienApp for G Suite 1504668720 19
Security and compliance for your AWS cloud environment. Analyze CloudTrail, CloudWatch, ELB, and S3 access logs, and be alerted to intrusions, suspicious account activities, and more. AlienApp for Amazon Web Services 1504663980 20
Monitor your Office 365 user and administrator activities in Azure AD, SharePoint Online, OneDrive, and Exchange Online. Detect ransomware, privilege escalation, file sharing, and more. AlienApp for Office365 1504662960 21
Be alerted when your users' corporate credentials or the personal user credentials of your executives and privileged users are discovered on the dark web.

The AlienApp™ for Dark Web Monitoring allows you to detect if your users’ credentials have been compromised in a third-party breach and trafficked on the dark web, so that you can take immediate action to prevent a breach.

The AlienApp for Dark Web Monitoring leverages SpyCloud technology to monitor the dark web to discover if your users’ credentials, such as email addresses, usernames, and passwords, have been stolen. If detected, USM Anywhere alerts you so that you can respond swiftly to the compromise, ahead of a breach.

With this AlienApp, you can:

  • Protect against a breach with early detection of compromised user credentials
  • Monitor the dark web for stolen corporate credentials of your users
  • Safeguard the personal credentials of highly-targeted executives and privileged users
  • Be alerted as soon as compromised user credentials are discovered on the dark web
AlienApp for Dark Web Monitoring 1501947540 22
Detect compromised user credentials, policy violations, abuse, and other threats to your Okta account, directly from USM Anywhere.

The AlienApp™ for Okta enables you to monitor user activities and detect threats against your Okta account directly from USM Anywhere. It provides deep security monitoring for your users’ single sign-on (SSO) and multi-factor authentication (MFA) Okta activities, helping you to safeguard user credentials through early threat detection and rapid response.

Delivered out of the box in USM Anywhere, the AlienApp for Okta extends your security capabilities without the usual complexities of integrating multiple IT and security tools. Starting on Day One, USM Anywhere can help you to detect user credential theft, abuse, policy violations, and other threats to your Okta account, by alerting you to—

  • Suspicious or anomalous changes to Okta user accounts, profiles, and permissions
  • Authentication activities from a known malicious host
  • Attempts to bypass multi-factor authentication policies
  • Repeated login failures and possible brute force attacks
  • Escalations in administrative privileges and other admin-level changes
AlienApp for Okta 1499569860 23
Easily open incident tickets in ServiceNow in response to threats and vulnerabilities detected in USM Anywhere. Get all relevant threat data. Remediate incidents faster.

The AlienApp™ for ServiceNow allows you to streamline your incident response workflow between AlienVault® USM Anywhere™ and ServiceNow. When threats and vulnerabilities are detected in USM Anywhere, you can open an incident ticket in ServiceNow, automatically or manually.

Built for ServiceNow IT Service Management and Security Operations, the AlienApp for ServiceNow helps security teams respond efficiently to threats and vulnerabilities detected by USM Anywhere, without requiring any additional integration or installation.

  • Enable teams to work more efficiently to remediate vulnerabilities and security threats 
  • Automatically generate ServiceNow tickets directly within USM Anywhere, so you never miss a security incident that needs attention
  • Avoid the complexity of managing multiple ticketing systems and workflows across different products
  • Immediately available out of the box with USM Anywhere (no installation required)
AlienApp for ServiceNow 1496438580 24
Monitor your endpoints with Carbon Black, incl. Cb Protection and Cb Response, and automatically isolate your infected endpoints with Cb Response whenever USM Anywhere detects threats.

The AlienApp™ for Carbon Black delivers advanced security orchestration capabilities between AlienVault® USM Anywhere™ and Carbon Black’s Cb Protection and Cb Response, so you can automatically isolate your infected endpoints whenever threats are detected in USM Anywhere. 

With pre-built security orchestration and automated response capabilities, you can shorten the time from threat detection to response, without any of the heavy lifting typically required to integrate multiple security IT tools.

  • Shorten the time from threat detection to threat response with automation
  • Save time, money, and headaches in integrating multiple IT security tools
  • Gain more visibility into activities and changes detected in endpoints by Cb Protection
  • Automate or trigger response actions within USM Anywhere to isolate infected systems through Cb Response
AlienApp for Carbon Black 1496331360 25
Defend your endpoints from sophisticated cyber threats with behavioral detections from AT&T USM Anywhere, which automates response actions on your SentinelOne protected endpoints.

The AlienApp for SentinelOne delivers advanced security orchestration between USM Anywhere and SentinelOne, enabling customers to quickly take actions on infected endpoints such as isolating a machine, quarantine a file, starting a remote scan, and more.

With pre-built security orchestration and automated response capabilities, you can shorten the time from threat detection to response, without any of the heavy lifting typically required to integrate multiple security IT tools.

  • Shorten the time from threat detection to threat response with automation
  • Gain more insights into threats that are detected on your endpoints
  • Automate or trigger response actions within USM Anywhere to isolate infected systems
  • Save time, money, and headaches by integrating multiple IT security tools
AlienApp for SentinelOne 1496276340 2

We’ve Got a Plugin for That

In addition to the AlienApps ecosystem, USM Anywhere includes hundreds of plugins, so you can readily ingest security data from the existing data sources in your environment.

The USM Anywhere plugin library provides source-optimized data collection for a complete range of technologies, making it easy for you to get complete visibility into your entire environment.

View the current list of plugins in USM Anywhere

Don’t see the plugin you’re looking for? AlienVault will build a plugin for most commercially available products at no additional charge. Just submit a request and we will build it for you.

Request a USM Anywhere plugin here

Get price Free trial