Featured: AlienApp for Dark Web Monitoring

Secure User Credentials with the AlienApp for Dark Web Monitoring

Learn More ›

Browse AlienApps:

AlienApps extend and automate the threat detection and response capabilities among the built-in security controls in USM Anywhere as well as other third-party security and productivity tools. AlienApps are developed and delivered to USM Anywhere continually, so you gain new security capabilities as the IT security and threat landscapes evolve.

No Results Found

Collect events from Microsoft Defender Advanced Threat Protection endpoints and automatically block dangerous hosts or files. Collect events from Microsoft Defender Advanced Threat Protection endpoints and automatically block dangerous hosts or files.

Advanced endpoint detection and response agents can help play a critical role in an organization’s threat detection and response strategy.  The AlienApp for Microsoft Defender ATP helps to enhance the threat detection and response capabilities of USM Anywhere by collecting and analyzing log data from Defender's API and also provides orchestration actions to streamline incident response activities.

The app includes the following capabilities:

Log collection

  • Customize log collection via the Microsoft API
  • Correlation rules from AT&T Alien Labs automatically detect security incidents

Dashboard

A special MS Defender dashboard is automatically available within USM Anywhere when data is being collected from MS Defender ATP and includes the following data elements:

  • Events trend
  • Action type
  • Security Score
  • Top 10 machine at risks
  • Top 10 Users at risks
  • Top quarantined Files
  • Top quarantined machines
  • Top Suspicious URLs
  • Top suspicious IPs

Orchestration Actions

The AlienApp for MS Defender ATP provides a set of orchestration actions that help enable customers to quickly take various actions on the endpoint.  These actions can be taken manually by the SOC operator in response to a USM Anywhere alarm or event or can be configured to run automatically with no user involvement.  Actions include:

  • Isolate a machine from the network with the self-quarantine feature
  • Quarantine/block a file - stop the endpoint from being able to access or execute a local file
  • Collect investigation package for an in-depth evaluation of an endpoint
  • Set IOCs - files, hosts, domains that should be blocked
  • Get File statistics
  • Get Domain statistics
AlienApp for Microsoft Defender Advanced Threat Protection 1594607880 1
Automatically collect Cisco AMP logs, detect threats, and respond to them directly from the USM Console. Automatically collect Cisco AMP logs, detect threats, and respond to them directly from the USM Console.

The AlienApp for Cisco AMP helps enhance the threat detection capabilities of USM Anywhere by collecting and analyzing log data from Cisco AMP and also provides orchestration actions to streamline incident response activities.  It helps to enhance the threat detection capabilities of USM Anywhere by enabling you to monitor and respond to Cisco AMP events within the same pane of glass as the rest of your critical IT assets

Key features

  • Advanced security orchestration allows you to view Cisco AMP events and alarms, through a consolidated dashboard
  • Perform security orchestration and automated response (SOAR) actions
  • Data enrichment and analytics help you capture, analyze, visualize, and respond to threats on your Cisco AMP endpoint

Key benefits

  • Easily view threats impacting your organization, with insights into patterns and anomalies
  • Ability to respond to threats rapidly and automatically, utilizing USM Anywhere

The app includes the following capabilities:

  • Data Collection via API
  • Dashboard
  • Orchestration Actions

Dashboard

The Cisco AMP dashboard is automatically available from the Dashboards menu of USM Anywhere when data is being collected from Cisco AMP, and will include the following data elements (targets):

  • Threat Detected - a threat was found on this system.
  • Threat Quarantined - a threat was successfully quarantined
  • Multiple Infected Files - multiple infected files indicate multiple files on a computer are attempting to download malware
  • Executed malware - the computer-executed known malware
  • Cloud IOC - suspicious behavior that indicates possible compromise of the computer
  • Suspicious Download - a suspicious file was downloaded

Cisco AMP Screenshot

AlienApp for Cisco AMP 1594212480 2
Automatically collect Cisco ASA logs, detect threats, and respond to them directly from the USM Console. Automatically collect Cisco ASA logs, detect threats, and respond to them directly from the USM Console.

The AlienApp for Cisco ASA (Adaptive Security Appliance) helps enhance the threat detection capabilities of USM Anywhere by collecting and analyzing log data from Cisco ASA and also provides orchestration actions to streamline incident response activities. It enhances the threat detection capabilities of USM Anywhere by enabling you to monitor and respond to Cisco ASA events within the same pane of glass as the rest of your critical IT assets

Key features

  • Advanced security orchestration allows you to view Cisco AMP events and alarms through a consolidated dashboard
  • Perform security orchestration and automated response (SOAR) actions to easily contain threats
  • Data enrichment and analytics help you capture, analyze, visualize, and respond to threats on your Cisco ASA Appliance

Key benefits

  • Easily view threats impacting your organization, with insights into patterns and anomalies
  • Ability to respond to threats rapidly and automatically, leveraging USM Anywhere

The app includes the following capabilities:

  • Data Collection via API
  • Orchestration Actions
AlienApp for Cisco ASA 1594206900 3
Speed response to network threats by manually or automatically taking action to block threats using your Check Point cloud firewall. Speed response to network threats by manually or automatically taking action to block threats using your Check Point cloud firewall.

The AlienApp for Check Point Security Management provides deep security monitoring and response capabilities for the Check Point cloud security platform, helping safeguard critical infrastructures through early threat detection and rapid response. It enhances the threat detection capabilities of USM Anywhere by collecting and analyzing data from Check Point Security Management.

Check Point Screenshot

Dashboard

The Check Point AlienApp dashboard includes a consolidated view of important security events and trends, enabling the SOC operator to quickly spot unusual activities. This makes it easier to identify security trends and concerns without leaving the USM Anywhere console. Graphs and tables highlight important security data, including:

  • Top failed logins by user
  • Top Check Point Advisory Alerts
  • Top Malware Families detected
  • Top Attacks detected by Check Point

Response actions

Response actions allow the SOC to manually or automatically take an action in response to a threat. Operators can click “Action” from an alarm or event, select the action to take, and immediately block the threat. Alternatively, for well-understood alarms, operators can write orchestration rules in the USM rule engine to automatically take the same actions. Actions available include:

  • Update the Check Point Firewall using URL info in an Event, or an Alarm
  • Update the Check Point firewall using domain info in an Event, or an Alarm
  • Update the Check Point Firewall using file hash when a response action matches an Event/Alarm
  • Update the Check Point Firewall using IP when a response action rule matches an Event/Alarm
  • Update the Check Point Firewall using URL when a response action rule matches an Event/Alarm
  • Update the Check Point Firewall using domain info when a response action rule matches an Event/Alarm

Why you’ll love the AlienApp for Check Point

Help reduce time to detection & remediation

  • Advanced security orchestration allows you to view Check Point events and alarms, through a consolidated dashboard
  • Easily perform security orchestration and automated response (SOAR) actions
  • Data enrichment and analytics help you capture, analyze, visualize, and respond to threats on your Check Point platform
AlienApp for Check Point 1591301280 4
Quickly create Salesforce cases for investigations directly from USM Anywhere, including automatically creating cases when specific events occur. Quickly create Salesforce cases for investigations directly from USM Anywhere, including automatically creating cases when specific events occur.

The AlienApp for Salesforce provides visibility into important Salesforce security-related events with a dashboard, and streamlines incident response activities by automatically opening Salesforce cases in response to threats detected by USM Anywhere.

Salesforce Screenshot

Dashboard

The dashboard includes a consolidated view of important security events and trends, enabling the SOC operator to quickly spot unusual activities.

  • Login Attempts, failed logins by user, and Failed login reasons visualize potential access violations
  • Top Reports by Size quickly reveals unusual data downloads of Salesforce data
  • Login Activity reveals login trends over time, revealing spikes and other problems

Response actions

Cases can be opened automatically based on a correlation rule, or manually by the SOC analyst working a case. USM Anywhere generates the Salesforce case and populates the Salesforce case fields with details from USM Anywhere. For example:

  • Create a Salesforce automatic Response rule using a source or destination address seen in an event, alarm, or vulnerability from the user interface
  • Create a Salesforce case with the short description and description fields pre-populated
  • Trigger an action to create a new case and specify the incident information from the following fields: Type of Request, Case Reason, subject, priority, status

Why you’ll love the AlienApp for Salesforce

Reduce time to detection and remediation

  • Automate remediation and policy enforcement between USM Anywhere and Salesforce for rapid response
  • Virtually eliminate friction in the incident response process, accelerating the time to respond to threats
  • Enhance threat visibility and help reduce mean time to detection and response

Save time and money

  • Enable focus on threat response and not writing complex security analytics rules

Simple, form-based integration helps accelerate time to productivity, rather than spending time on complicated cross-product integration

AlienApp for Salesforce 1587406140 5
Quickly take action in Zscaler to respond to events, without disrupting investigation flows or logging into another security tool. Quickly take action in Zscaler to respond to events, without disrupting investigation flows or logging into another security tool.

The AlienApp for Zscaler integrates visibility and control over your Zscaler Internet Access cloud security directly into USM Anywhere™. The AlienApp collects event data, automates detection and response actions, and provides a summary dashboard showing relevant security events in your Zscaler cloud - without leaving the USM Anywhere Console.

  • Collect security events and trigger alarms when threats are detected
  • Quickly respond to alarms by changing Zscaler policy - directly from the USMA console
  • Automatically respond to Zscaler events with orchestration rules
  • See Zscaler cloud security summary at a glance with the Zscaler Dashboard

Why you’ll love the AlienApp for Zscaler

Accelerate time to detection and response

In the course of an investigation, the AlienApp for Zscaler is available directly from the Alarm and Event views and can be used to quickly take an action to respond to the event, without disrupting the investigation flow or logging into another security tool. For recurring security issues, actions can be automated by writing response rules. Whenever the rule is triggered, the preconfigured response action will be taken

Apply AT&T Alien Labs threat intelligence to your log data

USM Anywhere™ uses its integrated threat intelligence to analyze log data from Zscaler, along with data from other assets and security products, to detect threats and intrusions. AT&T Alien Labs security research team researches and delivers continuous threat intelligence updates directly to USM Anywhere™, so you don’t have to. You can focus on what matters most — stopping threats in their tracks.  

Monitor your security posture from a single console  

With rich, interactive dashboards in USM Anywhere, you can monitor your Zscaler Internet Access cloud security activity and see the top threats, top threat signatures, malware, and more. USM Anywhere™ enriches your log data and makes it simple to search and filter events, as well as export views for reporting purposes.

AlienApp for Zscaler 1585786500 6
Automatically detect and respond to Box security threats such as credential abuse, data exfiltration, and anomalous user behavior. Automatically detect and respond to Box security threats such as credential abuse, data exfiltration, and anomalous user behavior.

The AlienApp for Box enables you to automate threat detection and incident response between USM Anywhere and Box environments, helping you investigate and contain Box security threats quickly. When USM Anywhere alerts you to potential threats such as credential abuse, data exfiltration, or malware infection within your Box deployments, you can launch a response action within Box directly from the alarm in USM Anywhere.

The AlienApp for Box enables Box security monitoring within the same console as the rest of your critical IT environments across the cloud and on premises.

With the AlienApp for Box, you can detect and respond to Box security threats such as:

  • Password spraying against Box Enterprise
  • Successful brute force authentication attacks
  • Ransomware and other malware infections
  • Data exfiltration or sharing with a known malicious host
  • Anomalous user activities that could indicate an attack
AlienApp for Box 1556595540 7
Automatically block malicious domains in Cisco Umbrella whenever they are detected in USM Anywhere. Reduce the time between detection and incident response. Automatically block malicious domains in Cisco Umbrella whenever they are detected in USM Anywhere. Reduce the time between detection and incident response.

The AlienApp™ for Cisco Umbrella delivers advanced security orchestration capabilities between AlienVault® USM Anywhere™ and Cisco Umbrella (formerly OpenDNS), shortening the time from threat detection to response through security automation.

With the pre-built orchestration between these two products, you can close the loop between threat detection and response, without any of the heavy lifting typically required to integrate multiple security IT tools.

  • Shorten the time from threat detection to threat response with automation
  • Save time, money, and headaches in integrating multiple IT security tools 
  • Gain more visibility of your internet traffic by monitoring Cisco Umbrella logs directly within USM Anywhere
  • Automate or trigger response actions within USM Anywhere to block malicious domains in Cisco Umbrella
AlienApp for Cisco Umbrella 1553267400 8
Detect and block malicious IP addresses in Palo Alto Networks next-generation firewalls automatically as threats are detected in USM Anywhere. Get security orchestration out of the box. Detect and block malicious IP addresses in Palo Alto Networks next-generation firewalls automatically as threats are detected in USM Anywhere. Get security orchestration out of the box.

The AlienApp™ for Palo Alto Networks allows you to automate intrusion detection and response activities between AlienVault® USM Anywhere™ and Palo Alto Networks Next-Generation Firewall (NGFW) products, so that you can instantly block malicious IPs as soon as they are detected.

The pre-built integration between USM Anywhere and Palo Alto Networks gives you closed-loop threat detection and response out of the box, without requiring any complex set up or extra installations.

  • Close the loop between threat detection and response 
  • Simplify the integration of multiple IT and security products with AlienApps out of the box 
  • Gain deeper visibility into your firewall traffic and the top threats against your environment
  • Automatically block malicious IPs with Palo Alto Networks Next-Generation Firewalls as threats are detected in USM Anywhere
AlienApp for Palo Alto Networks 1553266740 9
AlienApp for Cloudflare 1519174500 10
Centralize your security monitoring with the AlienApp for Sophos Central. Collect and analyze Sophos Central alerts and events directly within USM Anywhere for simple, streamlined security management. Centralize your security monitoring with the AlienApp for Sophos Central. Collect and analyze Sophos Central alerts and events directly within USM Anywhere for simple, streamlined security management.

With the AlienApp™ for Sophos Central, you can centralize your security monitoring program in a single pane of glass, making it easier and faster to detect threats across multiple security platforms. The app enables you to collect and monitor Sophos Central alerts and events directly within AlienVault® USM Anywhere™.

The AlienApp for Sophos Central collects and parses data through the Sophos API, making it available for threat analysis and incident response within USM Anywhere. Sophos Central unifies security data from across the Sophos suite of products for server security, endpoint protection, email security, and more. 

Discover all the advantages of the AlienApp for Sophos Central:

  • Aggregate security alarms for malware activity detected in Sophos Central.
  • Create custom alarms and notifications for any Sophos Central security alert.
  • Define automated incident response actions for any Sophos Central security alert.
AlienApp for Sophos Central 1516056240 11
Resolve security issues faster with the ability to open and track Jira issues directly from AlienVault USM for any vulnerability, event, or alarm. Resolve security issues faster with the ability to open and track Jira issues directly from AlienVault USM for any vulnerability, event, or alarm.

With the AlienApp™ for Jira, you can open and track Jira issues directly from AlienVault® USM Anywhere™, making it easy, fast, and efficient to monitor the lifecycle of your incident response activities, even across multiple security and IT teams.

From any alarm, event, or vulnerability detected in USM Anywhere, you can create a new Jira issue that captures the relevant threat data needed for effective response, saving you time and effort. You can also automate the creation of new Jira issues in response to threats detected in USM Anywhere to further reduce the time between detection and resolution.

  • Accelerate time to resolution (TTR) with a simple, fast, and automated way to capture and trigger incident response activities in Jira.
  • Align security and IT teams around your incident response plan using your existing Jira IT deployment.
  • Monitor the full threat lifecycle—from threat detection to resolution—in a single pane of glass.
AlienApp for Jira 1508206680 12
Add a layer of security and compliance monitoring to your Fortinet firewalls. Collect and analyze Fortigate log data to identify threats and suspicious activities in your environment. Add a layer of security and compliance monitoring to your Fortinet firewalls. Collect and analyze Fortigate log data to identify threats and suspicious activities in your environment. AlienApp for Fortinet 1504669620 13
Get deeper security visibility of your environment with the AlienApp for SonicWall. Collect and analyze log data from the SonicWall Unified Threat Management (UTM) and be alerted to intrusions. Get deeper security visibility of your environment with the AlienApp for SonicWall. Collect and analyze log data from the SonicWall Unified Threat Management (UTM) and be alerted to intrusions. AlienApp for SonicWall 1504669560 14
Security and compliance for your Microsoft Azure subscription. Collect and analyze log data from Azure Monitor and be alerted to Azure security and configuration issues. Security and compliance for your Microsoft Azure subscription. Collect and analyze log data from Azure Monitor and be alerted to Azure security and configuration issues. AlienApp for Azure 1504669320 15
Detect threats against G Suite (formerly Google Apps), including Drive, Docs, Gmail, and more. Monitor user and admin activities, and know who is logging in, accessing your data, and more. Detect threats against G Suite (formerly Google Apps), including Drive, Docs, Gmail, and more. Monitor user and admin activities, and know who is logging in, accessing your data, and more. AlienApp for G Suite 1504668720 16
Security and compliance for your AWS cloud environment. Analyze CloudTrail, CloudWatch, ELB, and S3 access logs, and be alerted to intrusions, suspicious account activities, and more. Security and compliance for your AWS cloud environment. Analyze CloudTrail, CloudWatch, ELB, and S3 access logs, and be alerted to intrusions, suspicious account activities, and more. AlienApp for Amazon Web Services 1504663980 17
Monitor your Office 365 user and administrator activities in Azure AD, SharePoint Online, OneDrive, and Exchange Online. Detect ransomware, privilege escalation, file sharing, and more. Monitor your Office 365 user and administrator activities in Azure AD, SharePoint Online, OneDrive, and Exchange Online. Detect ransomware, privilege escalation, file sharing, and more. AlienApp for Office365 1504662960 18
Monitor your endpoint security with the AlienApp for Cylance. Collect and analyze CylancePROTECT log data to detect and be alerted to threats in your environment. Monitor your endpoint security with the AlienApp for Cylance. Collect and analyze CylancePROTECT log data to detect and be alerted to threats in your environment. AlienApp for Cylance 1504662360 19
Be alerted when your users' corporate credentials or the personal user credentials of your executives and privileged users a Be alerted when your users' corporate credentials or the personal user credentials of your executives and privileged users a

The AlienApp™ for Dark Web Monitoring allows you to detect if your users’ credentials have been compromised in a third-party breach and trafficked on the dark web, so that you can take immediate action to prevent a breach.

The AlienApp for Dark Web Monitoring leverages SpyCloud technology to monitor the dark web to discover if your users’ credentials, such as email addresses, usernames, and passwords, have been stolen. If detected, USM Anywhere alerts you so that you can respond swiftly to the compromise, ahead of a breach.

With this AlienApp, you can:

  • Protect against a breach with early detection of compromised user credentials
  • Monitor the dark web for stolen corporate credentials of your users
  • Safeguard the personal credentials of highly-targeted executives and privileged users
  • Be alerted as soon as compromised user credentials are discovered on the dark web
AlienApp for Dark Web Monitoring 1501947540 20
Detect compromised user credentials, policy violations, abuse, and other threats to your Okta account, directly from USM Anywhere. Detect compromised user credentials, policy violations, abuse, and other threats to your Okta account, directly from USM Anywhere.

The AlienApp™ for Okta enables you to monitor user activities and detect threats against your Okta account directly from USM Anywhere. It provides deep security monitoring for your users’ single sign-on (SSO) and multi-factor authentication (MFA) Okta activities, helping you to safeguard user credentials through early threat detection and rapid response.

Delivered out of the box in USM Anywhere, the AlienApp for Okta extends your security capabilities without the usual complexities of integrating multiple IT and security tools. Starting on Day One, USM Anywhere can help you to detect user credential theft, abuse, policy violations, and other threats to your Okta account, by alerting you to—

  • Suspicious or anomalous changes to Okta user accounts, profiles, and permissions
  • Authentication activities from a known malicious host
  • Attempts to bypass multi-factor authentication policies
  • Repeated login failures and possible brute force attacks
  • Escalations in administrative privileges and other admin-level changes
AlienApp for Okta 1499569860 21
Easily open incident tickets in ServiceNow in response to threats and vulnerabilities detected in USM Anywhere. Get all relevant threat data. Remediate incidents faster. Easily open incident tickets in ServiceNow in response to threats and vulnerabilities detected in USM Anywhere. Get all relevant threat data. Remediate incidents faster.

The AlienApp™ for ServiceNow allows you to streamline your incident response workflow between AlienVault® USM Anywhere™ and ServiceNow. When threats and vulnerabilities are detected in USM Anywhere, you can open an incident ticket in ServiceNow, automatically or manually.

Built for ServiceNow IT Service Management and Security Operations, the AlienApp for ServiceNow helps security teams respond efficiently to threats and vulnerabilities detected by USM Anywhere, without requiring any additional integration or installation.

  • Enable teams to work more efficiently to remediate vulnerabilities and security threats 
  • Automatically generate ServiceNow tickets directly within USM Anywhere, so you never miss a security incident that needs attention
  • Avoid the complexity of managing multiple ticketing systems and workflows across different products
  • Immediately available out of the box with USM Anywhere (no installation required)
AlienApp for ServiceNow 1496438580 22
Monitor your endpoints with Carbon Black, incl. Cb Protection and Cb Response, and automatically isolate your infected endpoints with Cb Response whenever USM Anywhere detects threats. Monitor your endpoints with Carbon Black, incl. Cb Protection and Cb Response, and automatically isolate your infected endpoints with Cb Response whenever USM Anywhere detects threats.

The AlienApp™ for Carbon Black delivers advanced security orchestration capabilities between AlienVault® USM Anywhere™ and Carbon Black’s Cb Protection and Cb Response, so you can automatically isolate your infected endpoints whenever threats are detected in USM Anywhere. 

With pre-built security orchestration and automated response capabilities, you can shorten the time from threat detection to response, without any of the heavy lifting typically required to integrate multiple security IT tools.

  • Shorten the time from threat detection to threat response with automation
  • Save time, money, and headaches in integrating multiple IT security tools
  • Gain more visibility into activities and changes detected in endpoints by Cb Protection
  • Automate or trigger response actions within USM Anywhere to isolate infected systems through Cb Response
AlienApp for Carbon Black 1496331360 23

We’ve Got a Plugin for That

In addition to the AlienApps ecosystem, USM Anywhere includes hundreds of plugins, so you can readily ingest security data from the existing data sources in your environment.

The USM Anywhere plugin library provides source-optimized data collection for a complete range of technologies, making it easy for you to get complete visibility into your entire environment.

View the current list of plugins in USM Anywhere >

Don’t see the plugin you’re looking for? AlienVault will build a plugin for most commercially available products at no additional charge. Just submit a request and we will build it for you.

Request a USM Anywhere plugin here ›

Watch a demo ›
Get price Free trial