be_ixf;ym_202212 d_07; ct_50

AlienApps

Featured: Secure User Credentials with the AlienApp for SpyCloud

Learn more about SpyCloud

Browse AlienApps:

AlienApps extend and automate the threat detection and response capabilities among the built-in security controls in USM Anywhere as well as other third-party security and productivity tools. AlienApps are developed and delivered to USM Anywhere continually, so you gain new security capabilities as the IT security and threat landscapes evolve.

No Results Found

The AlienApp for Lookout enhances the threat detection capabilities of USM Anywhere by collecting and analyzing log data and threat detections from the Lookout cloud without the need to have the Lookout console open.  

The AlienApp includes the following capabilities: 

  • Pull various threat events into the USM platform via the Mobile Risk API so they can be surfaced as alarms: 
  • Threat state change events – For example, when a threat is added or removed on a device 
  • Device state change events – Such as when a device's state changes between Activated, Protected, or Secured 
  • Audit events – For example, when a new policy is added, or a setting is changed 
  • Automatically process logs sent to USM platform 
  • Integrate with mobile device management platforms to contain threats 
  • Comprehensive dashboard for at-a-glance security and configuration information including attack detection trends
AlienApp for Lookout 1657641720 1
Collect and analyze logs from Crowdstrike Falcon to protect endpoints

The AlienApp for Crowdstrike Falcon enhances the threat detection capabilities of USM Anywhere by enabling you to monitor and respond to Crowdstrike Falcon events from the USM dashboard.

The AlienApp for Crowdstrike Falcon collects and analyzes log data from Crowdstrike endpoint protection agents and provides orchestration actions to streamline incident response activities, including as isolating a Crowdstrike endpoint in response to threats identified by USM Anywhere.

The AlienApp includes the following capabilities:

  • Collect log messages from Crowdstrike via API
  • Use Crowdstrike detection rules to trigger alarms
  • Use the Crowdstrike “containment” response action to remove endpoints from the production network while threats are being remediated.
  • Use the “Lift Containment” action to return infected devices to the network after they have been cleaned.
  • Trigger actions manually or using automated rules.

USM Anywhere diagram

AlienApp for Crowdstrike Falcon 1651582440 2
Discover, assess, prioritize, and identify patches for critical vulnerabilities in real time and across your global hybrid-IT landscape.

The AlienApp for Qualys enhances the threat detection capabilities of USM Anywhere by providing greater visibility into all Qualys findings, including devices and vulnerabilities, directly from the USM platform. With the AlienApp for Qualys, you can use orchestration actions to identify threats and manage assets in your USM Anywhere environment.

  • Tag an asset.
  • Scan an asset
  • Scan source or destination IP address from a rule
  • Launch an action directly from a vulnerability

Ready to get started? See detailed instructions 

Why you’ll love the AlienApp for Qualys

Identify all known and unknown assets

Automatically get a complete categorized inventory of all known and unknown IT assets enriched with details such as vendor life cycle information directly from the USM Anywhere platform.

Automatically target the riskiest vulnerabilities on your most critical assets

 Pinpoint your most critical threats and prioritize patching using advanced correlation and machine learning. From your USM Anywhere dashboard, leverage integrated real-time threat intelligence to take control of evolving threats and identify what to remediate first.

Patching at your fingertips

Deploy the newest patches with the push of a button to quickly remediate vulnerabilities and threats across environments of all sizes.

AlienApp for Qualys 1646871960 3
Gain deeper visibility into your network assets and vulnerabilities with the AlienApp for Tenable.io

The AlienApp for Tenable.io enhances the capabilities of USM Anywhere by providing deeper visibility into network assets and their vulnerabilities and providing orchestration actions to streamline incident response activities.

The app includes the following capabilities

  • Tag an asset
  • Trigger scans on multiple assets
  • Add new tags to group assets
  • Match and merge duplicate assets
  • Launch an action directly from a vulnerability

Ready to get started? See detailed instructions

Why you’ll love the AlienApp for Tenable.io

Discover vulnerabilities with ease

Active scanning, agents, passive monitoring, cloud connectors and database integrations provide a continuous, unified view into all assets—both known and previously unknown. From the USM Anywhere dashboard, get information on:

  • Vulnerabilities by severity
  • Most vulnerable assets
  • Duplicate vulnerabilities
  • Latest scan jobs
  • Top configuration issues

Prioritize Threats based on severity

Combine vulnerability data, threat intelligence, and data science for easy-to-understand risk scores to rapidly assess risk and know which vulnerabilities to fix first.

Speed up time to respond

Quickly scan your network and get a clear idea of your vulnerabilities using a rich set of orchestration actions.

AlienApp for Tenable.io 1646857740 4

The AlienApp for Akamai Enterprise Threat Protector (ETP) enhances the threat detection capabilities of USM Anywhere by collecting and analyzing log data from the ETP platform. It also provides orchestration actions to streamline incident response activities.

The app includes the following capabilities:

  • Add or remove items on Block lists
  • Add or remove items on Allowed lists
  • Create custom lists and add or remove IP addresses/URLs to block or allow traffic
  • Automatically respond to Akamai ETP events with orchestration rules

Why you’ll love the AlienApp for Akamai ETP

Accelerate time to detection and response

  • Access and analyze Akamai ETP-generated reports on threat events, network and proxy traffic events, DNS activity, and Acceptable Use Policy events straight from USM Anywhere.

Monitor your security posture from a single console

  • Use the interactive dashboards in USM Anywhere to monitor your Akamai ETP activity.

Apply AT&T Alien Labs threat intelligence to your log data

  • USM Anywhere uses its integrated threat intelligence to analyze log data from Akamai ETP, along with data from other assets and security products, to detect threats and intrusions.

Ready to get started? See detailed instructions

AlienApp for Akamai Enterprise Threat Protector 1637624640 5
Securely manage and control remote access for employees, contractors, and partners.

The AlienApp for Akamai EAA extends the threat detection capabilities of USM Anywhere by providing orchestration actions to implement incident response activities based on risk identified in the USM Anywhere platform.

The app includes the following capabilities:

  • Collect logs from Akamai EAA
  • Scan for Akamai EAA users
  • Block users based on Events and Alarms
  • Block users using Response Action Rules

Why you’ll love the AlienApp for Akamai EAA

Reduce your attack surface

  • Keep users off your corporate network, restrict lateral movement, and lock down firewall or security groups to all inbound traffic with Akamai EAA’s unique cloud proxy architecture.

Centralize your security and access control

  • Limit access rights for users to specific applications and authenticate users using multifactor authentication through the USM Anywhere platform

Audit user activity

  • Collect and analyze log data from Akamai EAA audit events directly from USM Anywhere

Ready to get started? See detailed instructions

AlienApp for Akamai Enterprise Application Access 1637621100 6
Collect and analyze logs from Palo Alto Networks Panorama for broader visibility at the perimeter, in your data center, or in the cloud.

The AlienApp for Palo Alto Networks Panorama enhances the threat detection capabilities of USM Anywhere by collecting and analyzing log data from the Panorama device and by providing orchestration actions to streamline incident response activities. Panorama is a centralized management system that provides global visibility and control over multiple Palo Alto Networks next generation firewalls through a web-based interface.

The app includes the following capabilities:

  • Plugin for Data Collection
  • Dashboard
  • Orchestration Actions
AlienApp for Palo Alto Networks Panorama 1636540260 7
Manage and help protect your endpoints with MobileIron Threat Defense and automatically respond to advanced threats directly from USM Anywhere

The AlienApp for MobileIron Threat Defense enhances the threat detection and response capabilities of USM Anywhere by collecting and analyzing log data from the MobileIron zConsole and providing orchestration actions to streamline incident response activities via the MobileIron Cloud platform. The AlienApp allows the user to automatically ingest threat logs, mobile asset discovery details, and user data from the zConsole into USM Anywhere.

The AlienApp for MobileIron provides a set of orchestration actions that help enable customers to quickly take action on their endpoints in response to threats directly from USM Anywhere, including:

  • Delete a user
  • Change a password
  • Restart a device
  • Wipe a device (Factory reset)
  • Lock and un-lock a device
  • Retire a device (Corporate reset)
AlienApp for MobileIron Threat Defense 1617371880 8
Gain in depth visibility into assets on your network and their associated vulnerabilities

The AlienApp for Digital Defense Frontline delivers the ability to provide improved asset visibility, on-demand risk posture, and prioritized remediation and patching recommendations for systems that are at high-risk or already under attack. Frontline Vulnerability Manager (Frontline VM™) and Frontline Advanced Threat Sweep (Frontline ATS™), both part of the Digital Defense Frontline SaaS vulnerability and threat-scanning platform, provide an agent or agent-less on-demand solution powered by active threat intelligence that is customized for customer environments. These capabilities enhance USM Anywhere’s ability to provide actionable steps to remediating high-risk assets and targeted threats.

The AlienApp for Digital Defense Frontline enhances your security operations by providing greater visibility into your entire set of assets, the ability to manage and execute on-demand vulnerability and threat scanning, and the ability to see detailed results in a unified dashboard within USM Anywhere. The dashboard is automatically available within USM Anywhere when data is being collected from Digital Defense Frontline and can provide the following:

  • Prioritized list of vulnerabilities to be remediated
  • Minimal agent footprint on assets and minimal asset performance impact
  • Tracking of dynamic, virtual, and mobile assets that were previously considered new or unknown as they change attributes
  • Detection of passive or hidden artifacts of malware that often go undetected by “active” endpoint monitoring
  • Detection of missing or disabled endpoint security tools
  • Low false positive rates to decrease the burden on security teams
  • Trend analysis of overall risk posture and security efficacy
  • Easy to understand security rating system, Security GPA
AlienApp for Digital Defense Frontline 1605752040 10
Collect and analyze logs from FortiManager and streamline incident response activities

The AlienApp for FortiManager enhances the threat detection capabilities of USM Anywhere by collecting and analyzing log data from Fortinet FortiManager and providing orchestration actions to streamline incident response activities. When USM Anywhere detects a potential threat, like a malicious IP on your FortiManager device, you can launch a response action directly within USM Anywhere.

With the AlienApp for FortiManager, you can perform the following orchestration actions:

  • Enable teams to work more efficiently to remediate vulnerabilities and security threats
  • Avoid the complexity of managing multiple systems and workflows across different products
  • Immediately available out of the box with USM Anywhere (no installation required)

AlienApp for Fortimanager

AlienApp for FortiManager 1602019260 11
Automatically collect and analyze logs from FortiGate to help protect your organization from external threats

The AlienApp for FortiGate enhances the threat detection capabilities of USM Anywhere by collecting and analyzing log data from the FortiGate firewall and providing orchestration actions to respond to threats quickly.

With the pre-built orchestration between these products, you can help close the loop between threat detection and response, directly from USM Anywhere:

  • Shorten time from threat detection to response
  • Gain more visibility by monitoring FortiGate logs directly within USM Anywhere
  • Automate or trigger response actions directly with USM Anywhere to block malicious IP and URL addresses using FortiGate

AlienApp - fortigate

AlienApp for FortiGate 1602012780 12
Collect events from Microsoft Defender Advanced Threat Protection endpoints and automatically block dangerous hosts or files.

Advanced endpoint detection and response agents can help play a critical role in an organization’s threat detection and response strategy.  The AlienApp for Microsoft Defender ATP helps to enhance the threat detection and response capabilities of USM Anywhere by collecting and analyzing log data from Defender's API and also provides orchestration actions to streamline incident response activities.

The app includes the following capabilities:

Log collection

  • Customize log collection via the Microsoft API
  • Correlation rules from AT&T Alien Labs automatically detect security incidents

Dashboard

A special MS Defender dashboard is automatically available within USM Anywhere when data is being collected from MS Defender ATP and includes the following data elements:

  • Events trend
  • Action type
  • Security Score
  • Top 10 machine at risks
  • Top 10 Users at risks
  • Top quarantined Files
  • Top quarantined machines
  • Top Suspicious URLs
  • Top suspicious IPs

Orchestration Actions

The AlienApp for MS Defender ATP provides a set of orchestration actions that help enable customers to quickly take various actions on the endpoint.  These actions can be taken manually by the SOC operator in response to a USM Anywhere alarm or event or can be configured to run automatically with no user involvement.  Actions include:

  • Isolate a machine from the network with the self-quarantine feature
  • Quarantine/block a file - stop the endpoint from being able to access or execute a local file
  • Collect investigation package for an in-depth evaluation of an endpoint
  • Set IOCs - files, hosts, domains that should be blocked
  • Get File statistics
  • Get Domain statistics
AlienApp for Microsoft Defender Advanced Threat Protection 1594607880 13
Automatically collect Cisco AMP logs, detect threats, and respond to them directly from the USM Console.

The AlienApp for Cisco AMP helps enhance the threat detection capabilities of USM Anywhere by collecting and analyzing log data from Cisco AMP and also provides orchestration actions to streamline incident response activities.  It helps to enhance the threat detection capabilities of USM Anywhere by enabling you to monitor and respond to Cisco AMP events within the same pane of glass as the rest of your critical IT assets

Key features

  • Advanced security orchestration allows you to view Cisco AMP events and alarms, through a consolidated dashboard
  • Perform security orchestration and automated response (SOAR) actions
  • Data enrichment and analytics help you capture, analyze, visualize, and respond to threats on your Cisco AMP endpoint

Key benefits

  • Easily view threats impacting your organization, with insights into patterns and anomalies
  • Ability to respond to threats rapidly and automatically, utilizing USM Anywhere

The app includes the following capabilities:

  • Data Collection via API
  • Dashboard
  • Orchestration Actions

Dashboard

The Cisco AMP dashboard is automatically available from the Dashboards menu of USM Anywhere when data is being collected from Cisco AMP, and will include the following data elements (targets):

  • Threat Detected - a threat was found on this system.
  • Threat Quarantined - a threat was successfully quarantined
  • Multiple Infected Files - multiple infected files indicate multiple files on a computer are attempting to download malware
  • Executed malware - the computer-executed known malware
  • Cloud IOC - suspicious behavior that indicates possible compromise of the computer
  • Suspicious Download - a suspicious file was downloaded

Cisco AMP Screenshot

AlienApp for Cisco AMP 1594212480 14
Automatically collect Cisco ASA logs, detect threats, and respond to them directly from the USM Console.

The AlienApp for Cisco ASA (Adaptive Security Appliance) helps enhance the threat detection capabilities of USM Anywhere by collecting and analyzing log data from Cisco ASA and also provides orchestration actions to streamline incident response activities. It enhances the threat detection capabilities of USM Anywhere by enabling you to monitor and respond to Cisco ASA events within the same pane of glass as the rest of your critical IT assets

Key features

  • Advanced security orchestration allows you to view Cisco AMP events and alarms through a consolidated dashboard
  • Perform security orchestration and automated response (SOAR) actions to easily contain threats
  • Data enrichment and analytics help you capture, analyze, visualize, and respond to threats on your Cisco ASA Appliance

Key benefits

  • Easily view threats impacting your organization, with insights into patterns and anomalies
  • Ability to respond to threats rapidly and automatically, leveraging USM Anywhere

The app includes the following capabilities:

  • Data Collection via API
  • Orchestration Actions
AlienApp for Cisco ASA 1594206900 15
Speed response to network threats by manually or automatically taking action to block threats using your Check Point cloud firewall.

The AlienApp for Check Point Security Management provides deep security monitoring and response capabilities for the Check Point cloud security platform, helping safeguard critical infrastructures through early threat detection and rapid response. It enhances the threat detection capabilities of USM Anywhere by collecting and analyzing data from Check Point Security Management.

Check Point Screenshot

Dashboard

The Check Point AlienApp dashboard includes a consolidated view of important security events and trends, enabling the SOC operator to quickly spot unusual activities. This makes it easier to identify security trends and concerns without leaving the USM Anywhere console. Graphs and tables highlight important security data, including:

  • Top failed logins by user
  • Top Check Point Advisory Alerts
  • Top Malware Families detected
  • Top Attacks detected by Check Point

Response actions

Response actions allow the SOC to manually or automatically take an action in response to a threat. Operators can click “Action” from an alarm or event, select the action to take, and immediately block the threat. Alternatively, for well-understood alarms, operators can write orchestration rules in the USM rule engine to automatically take the same actions. Actions available include:

  • Update the Check Point Firewall using URL info in an Event, or an Alarm
  • Update the Check Point firewall using domain info in an Event, or an Alarm
  • Update the Check Point Firewall using file hash when a response action matches an Event/Alarm
  • Update the Check Point Firewall using IP when a response action rule matches an Event/Alarm
  • Update the Check Point Firewall using URL when a response action rule matches an Event/Alarm
  • Update the Check Point Firewall using domain info when a response action rule matches an Event/Alarm

Why you’ll love the AlienApp for Check Point

Help reduce time to detection & remediation

  • Advanced security orchestration allows you to view Check Point events and alarms, through a consolidated dashboard
  • Easily perform security orchestration and automated response (SOAR) actions
  • Data enrichment and analytics help you capture, analyze, visualize, and respond to threats on your Check Point platform
AlienApp for Check Point 1591301280 16
Quickly create Salesforce cases for investigations directly from USM Anywhere, including automatically creating cases when specific events occur.

The AlienApp for Salesforce provides visibility into important Salesforce security-related events with a dashboard, and streamlines incident response activities by automatically opening Salesforce cases in response to threats detected by USM Anywhere.

Salesforce Screenshot

Dashboard

The dashboard includes a consolidated view of important security events and trends, enabling the SOC operator to quickly spot unusual activities.

  • Login Attempts, failed logins by user, and Failed login reasons visualize potential access violations
  • Top Reports by Size quickly reveals unusual data downloads of Salesforce data
  • Login Activity reveals login trends over time, revealing spikes and other problems

Response actions

Cases can be opened automatically based on a correlation rule, or manually by the SOC analyst working a case. USM Anywhere generates the Salesforce case and populates the Salesforce case fields with details from USM Anywhere. For example:

  • Create a Salesforce automatic Response rule using a source or destination address seen in an event, alarm, or vulnerability from the user interface
  • Create a Salesforce case with the short description and description fields pre-populated
  • Trigger an action to create a new case and specify the incident information from the following fields: Type of Request, Case Reason, subject, priority, status

Why you’ll love the AlienApp for Salesforce

Reduce time to detection and remediation

  • Automate remediation and policy enforcement between USM Anywhere and Salesforce for rapid response
  • Virtually eliminate friction in the incident response process, accelerating the time to respond to threats
  • Enhance threat visibility and help reduce mean time to detection and response

Save time and money

  • Enable focus on threat response and not writing complex security analytics rules

Simple, form-based integration helps accelerate time to productivity, rather than spending time on complicated cross-product integration

AlienApp for Salesforce 1587406140 17
Quickly take action in Zscaler to respond to events, without disrupting investigation flows or logging into another security tool.

The AlienApp for Zscaler integrates visibility and control over your Zscaler Internet Access cloud security directly into USM Anywhere™. The AlienApp collects event data, automates detection and response actions, and provides a summary dashboard showing relevant security events in your Zscaler cloud - without leaving the USM Anywhere Console.

  • Collect security events and trigger alarms when threats are detected
  • Quickly respond to alarms by changing Zscaler policy - directly from the USMA console
  • Automatically respond to Zscaler events with orchestration rules
  • See Zscaler cloud security summary at a glance with the Zscaler Dashboard

Why you’ll love the AlienApp for Zscaler

Accelerate time to detection and response

In the course of an investigation, the AlienApp for Zscaler is available directly from the Alarm and Event views and can be used to quickly take an action to respond to the event, without disrupting the investigation flow or logging into another security tool. For recurring security issues, actions can be automated by writing response rules. Whenever the rule is triggered, the preconfigured response action will be taken

Apply AT&T Alien Labs threat intelligence to your log data

USM Anywhere™ uses its integrated threat intelligence to analyze log data from Zscaler, along with data from other assets and security products, to detect threats and intrusions. AT&T Alien Labs security research team researches and delivers continuous threat intelligence updates directly to USM Anywhere™, so you don’t have to. You can focus on what matters most — stopping threats in their tracks.  

Monitor your security posture from a single console  

With rich, interactive dashboards in USM Anywhere, you can monitor your Zscaler Internet Access cloud security activity and see the top threats, top threat signatures, malware, and more. USM Anywhere™ enriches your log data and makes it simple to search and filter events, as well as export views for reporting purposes.

AlienApp for Zscaler 1585786500 18
Automatically detect and respond to Box security threats such as credential abuse, data exfiltration, and anomalous user behavior.

The AlienApp for Box enables you to automate threat detection and incident response between USM Anywhere and Box environments, helping you investigate and contain Box security threats quickly. When USM Anywhere alerts you to potential threats such as credential abuse, data exfiltration, or malware infection within your Box deployments, you can launch a response action within Box directly from the alarm in USM Anywhere.

The AlienApp for Box enables Box security monitoring within the same console as the rest of your critical IT environments across the cloud and on premises.

With the AlienApp for Box, you can detect and respond to Box security threats such as:

  • Password spraying against Box Enterprise
  • Successful brute force authentication attacks
  • Ransomware and other malware infections
  • Data exfiltration or sharing with a known malicious host
  • Anomalous user activities that could indicate an attack
AlienApp for Box 1556595540 19
Automatically block malicious domains in Cisco Umbrella whenever they are detected in USM Anywhere. Reduce the time between detection and incident response.

The AlienApp™ for Cisco Umbrella delivers advanced security orchestration capabilities between AlienVault® USM Anywhere™ and Cisco Umbrella (formerly OpenDNS), shortening the time from threat detection to response through security automation.

With the pre-built orchestration between these two products, you can close the loop between threat detection and response, without any of the heavy lifting typically required to integrate multiple security IT tools.

  • Shorten the time from threat detection to threat response with automation
  • Save time, money, and headaches in integrating multiple IT security tools 
  • Gain more visibility of your internet traffic by monitoring Cisco Umbrella logs directly within USM Anywhere
  • Automate or trigger response actions within USM Anywhere to block malicious domains in Cisco Umbrella
AlienApp for Cisco Umbrella 1553267400 20
Detect and block malicious IP addresses in Palo Alto Networks next-generation firewalls automatically as threats are detected in USM Anywhere. Get security orchestration out of the box.

The AlienApp™ for Palo Alto Networks allows you to automate intrusion detection and response activities between AlienVault® USM Anywhere™ and Palo Alto Networks Next-Generation Firewall (NGFW) products, so that you can instantly block malicious IPs as soon as they are detected.

The pre-built integration between USM Anywhere and Palo Alto Networks gives you closed-loop threat detection and response out of the box, without requiring any complex set up or extra installations.

  • Close the loop between threat detection and response 
  • Simplify the integration of multiple IT and security products with AlienApps out of the box 
  • Gain deeper visibility into your firewall traffic and the top threats against your environment
  • Automatically block malicious IPs with Palo Alto Networks Next-Generation Firewalls as threats are detected in USM Anywhere
AlienApp for Palo Alto Networks 1553266740 21
AlienApp for Cloudflare 1519174500 22
Centralize your security monitoring with the AlienApp for Sophos Central. Collect and analyze Sophos Central alerts and events directly within USM Anywhere for simple, streamlined security management.

With the AlienApp™ for Sophos Central, you can centralize your security monitoring program in a single pane of glass, making it easier and faster to detect threats across multiple security platforms. The app enables you to collect and monitor Sophos Central alerts and events directly within AlienVault® USM Anywhere™.

The AlienApp for Sophos Central collects and parses data through the Sophos API, making it available for threat analysis and incident response within USM Anywhere. Sophos Central unifies security data from across the Sophos suite of products for server security, endpoint protection, email security, and more. 

Discover all the advantages of the AlienApp for Sophos Central:

  • Aggregate security alarms for malware activity detected in Sophos Central.
  • Create custom alarms and notifications for any Sophos Central security alert.
  • Define automated incident response actions for any Sophos Central security alert.
AlienApp for Sophos Central 1516056240 23
Resolve security issues faster with the ability to open and track Jira issues directly from AlienVault USM for any vulnerability, event, or alarm.

With the AlienApp™ for Jira, you can open and track Jira issues directly from AlienVault® USM Anywhere™, making it easy, fast, and efficient to monitor the lifecycle of your incident response activities, even across multiple security and IT teams.

From any alarm, event, or vulnerability detected in USM Anywhere, you can create a new Jira issue that captures the relevant threat data needed for effective response, saving you time and effort. You can also automate the creation of new Jira issues in response to threats detected in USM Anywhere to further reduce the time between detection and resolution.

  • Accelerate time to resolution (TTR) with a simple, fast, and automated way to capture and trigger incident response activities in Jira.
  • Align security and IT teams around your incident response plan using your existing Jira IT deployment.
  • Monitor the full threat lifecycle—from threat detection to resolution—in a single pane of glass.
AlienApp for Jira 1508206680 24
Security and compliance for your Microsoft Azure subscription. Collect and analyze log data from Azure Monitor and be alerted to Azure security and configuration issues. AlienApp for Azure 1504669320 25
Detect threats against G Suite (formerly Google Apps), including Drive, Docs, Gmail, and more. Monitor user and admin activities, and know who is logging in, accessing your data, and more. AlienApp for G Suite 1504668720 26
Security and compliance for your AWS cloud environment. Analyze CloudTrail, CloudWatch, ELB, and S3 access logs, and be alerted to intrusions, suspicious account activities, and more. AlienApp for Amazon Web Services 1504663980 27
Monitor your Office 365 user and administrator activities in Azure AD, SharePoint Online, OneDrive, and Exchange Online. Detect ransomware, privilege escalation, file sharing, and more. AlienApp for Office365 1504662960 28
Be alerted when your users' corporate credentials or the personal user credentials of your executives and privileged users are discovered on the dark web.

The SpyCloud AlienApp for dark web monitoring allows you to detect if your users’ credentials have been compromised in a third-party breach and trafficked on the dark web, so that you can take immediate action to prevent a breach.

The AlienApp for Dark Web Monitoring leverages SpyCloud technology to monitor the dark web to discover if your users’ credentials, such as email addresses, usernames, and passwords, have been stolen. If detected, USM Anywhere alerts you so that you can respond swiftly to the compromise, ahead of a breach.

With this AlienApp, you can:

  • Protect against a breach with early detection of compromised user credentials
  • Monitor the dark web for stolen corporate credentials of your users
  • Safeguard the personal credentials of highly targeted executives and privileged users
  • Be alerted as soon as compromised user credentials are discovered on the dark web
AlienApp for SpyCloud 1501947540 29
Detect compromised user credentials, policy violations, abuse, and other threats to your Okta account, directly from USM Anywhere.

The AlienApp™ for Okta enables you to monitor user activities and detect threats against your Okta account directly from USM Anywhere. It provides deep security monitoring for your users’ single sign-on (SSO) and multi-factor authentication (MFA) Okta activities, helping you to safeguard user credentials through early threat detection and rapid response.

Delivered out of the box in USM Anywhere, the AlienApp for Okta extends your security capabilities without the usual complexities of integrating multiple IT and security tools. Starting on Day One, USM Anywhere can help you to detect user credential theft, abuse, policy violations, and other threats to your Okta account, by alerting you to—

  • Suspicious or anomalous changes to Okta user accounts, profiles, and permissions
  • Authentication activities from a known malicious host
  • Attempts to bypass multi-factor authentication policies
  • Repeated login failures and possible brute force attacks
  • Escalations in administrative privileges and other admin-level changes
AlienApp for Okta 1499569860 30
Easily open incident tickets in ServiceNow in response to threats and vulnerabilities detected in USM Anywhere. Get all relevant threat data. Remediate incidents faster.

The AlienApp™ for ServiceNow allows you to streamline your incident response workflow between AlienVault® USM Anywhere™ and ServiceNow. When threats and vulnerabilities are detected in USM Anywhere, you can open an incident ticket in ServiceNow, automatically or manually.

Built for ServiceNow IT Service Management and Security Operations, the AlienApp for ServiceNow helps security teams respond efficiently to threats and vulnerabilities detected by USM Anywhere, without requiring any additional integration or installation.

  • Enable teams to work more efficiently to remediate vulnerabilities and security threats 
  • Automatically generate ServiceNow tickets directly within USM Anywhere, so you never miss a security incident that needs attention
  • Avoid the complexity of managing multiple ticketing systems and workflows across different products
  • Immediately available out of the box with USM Anywhere (no installation required)
AlienApp for ServiceNow 1496438580 31
Monitor your endpoints with Carbon Black, incl. Cb Protection and Cb Response, and automatically isolate your infected endpoints with Cb Response whenever USM Anywhere detects threats.

The AlienApp™ for Carbon Black delivers advanced security orchestration capabilities between AlienVault® USM Anywhere™ and Carbon Black’s Cb Protection and Cb Response, so you can automatically isolate your infected endpoints whenever threats are detected in USM Anywhere. 

With pre-built security orchestration and automated response capabilities, you can shorten the time from threat detection to response, without any of the heavy lifting typically required to integrate multiple security IT tools.

  • Shorten the time from threat detection to threat response with automation
  • Save time, money, and headaches in integrating multiple IT security tools
  • Gain more visibility into activities and changes detected in endpoints by Cb Protection
  • Automate or trigger response actions within USM Anywhere to isolate infected systems through Cb Response
AlienApp for Carbon Black 1496331360 32
Defend your endpoints from sophisticated cyber threats with behavioral detections from AT&T USM Anywhere, which automates response actions on your SentinelOne protected endpoints.

The AlienApp for SentinelOne delivers advanced security orchestration between USM Anywhere and SentinelOne, enabling customers to quickly take actions on infected endpoints such as isolating a machine, quarantine a file, starting a remote scan, and more.

With pre-built security orchestration and automated response capabilities, you can shorten the time from threat detection to response, without any of the heavy lifting typically required to integrate multiple security IT tools.

  • Shorten the time from threat detection to threat response with automation
  • Gain more insights into threats that are detected on your endpoints
  • Automate or trigger response actions within USM Anywhere to isolate infected systems
  • Save time, money, and headaches by integrating multiple IT security tools
AlienApp for SentinelOne 1496276340 9

We’ve Got a Plugin for That

In addition to the AlienApps ecosystem, USM Anywhere includes hundreds of plugins, so you can readily ingest security data from the existing data sources in your environment.

The USM Anywhere plugin library provides source-optimized data collection for a complete range of technologies, making it easy for you to get complete visibility into your entire environment.

View the current list of plugins in USM Anywhere

Don’t see the plugin you’re looking for? AlienVault will build a plugin for most commercially available products at no additional charge. Just submit a request and we will build it for you.

Request a USM Anywhere plugin here