If you use a single assetAn IP-addressable host, including but not limited to network devices, virtual servers, and physical servers. installation script, the USM Anywhere asset universally unique identifier (UUID) for the selected asset is incorporated into that script. During the installation process, the deployed AlienVault Agent registers with your USM Anywhere instance, makes the asset association, and updates the operating system (OS) name and network interface information on the asset.

If you use a multiple asset installation script to execute bulk deployment across multiple host systems, the resulting installation will create a random UUID for the agent installation (see AlienVault Agent IDs for more information on UUIDs). For Linux hosts, USM Anywhere attempts to associate the agent with an existing asset based on Amazon Elastic Compute Cloud (EC2) instance metadata gathered from the endpoint. Before installing the agent on a Linux host, AT&T Cybersecurity recommends that you perform an asset scan. This way, USM Anywhere will have identified the asset and, therefore, can automatically associate the asset with the agent. For Linux agents not running on EC2 instances, or any Microsoft Windows or Apple macOS agents, the agent must be associated to an existing or new asset through the Associate Agents With Assets page before you use the multiple asset installation script.

After successfully deploying the agent on a host, it sends heartbeat events every 10 minutes until it has an asset association. These heartbeat events include basic information about the host system, including network interfaces and IP address, as well as the asset ID if available.

When a deployed agent does not have an associated asset, you must make this association in USM Anywhere to enable queries and log collection for the host system. The Agents page (Data Sources > Agents) displays an alert when there are one or more unassociated assets, and provides tools designed to help you associate these agents with assets. It provides a list of suggested assets for selection and an easy way to create a new asset using the information provided by the agent.

When you see this alert, click Associate agents with assets to open the Associate Agents With Assets page and complete the association.

Associate or Unassociate the AlienVault Agent with an Existing Asset

If you believe that the asset for the host system exists in the USM Anywhere asset inventory or you are unsure, you can allow USM Anywhere to suggest one or more matching assets. If the suggested asset does not display a correct item, you can find the asset yourself and select it for the association.

To make an association to an existing asset

1. In the row for the unassociated agent, click Associate Agent with Asset.

   The dialog box displays a list of one or more suggested asset matches if USM Anywhere is able to locate potential matches in the asset library.

2. Select an asset for the agent:

   • If one of the suggested assets is correct, select the asset.

   • If the correct asset is not displayed or there are no suggested assets, enter part of the name or IP address of the asset in the Search field to display matching items and select the asset you want.

     

     Or you can click the Browse Assets link to open the Select Asset dialog box and browse the asset list to make your selection.

     If you are unable to locate the correct asset and determine that is does not currently exist in the asset inventory, you can click the create a new asset link to generate a new asset for the agent.

3. Click Save.

   A confirmation dialog box opens.

4. If you want to display the Asset Details page for the associated asset, click View Asset.

   Otherwise, click Cancel to close the dialog box and return to the Associate Agents with Assets page.

To remove the link between an asset and an agent

1. Go to Data Sources > Agents.

   

2. Click Unassociate assets.

The link between the asset and the agent is removed.

When an asset is deleted, all of its associated AlienVault Agents automatically become unassociated.

Create New Assets for the Association

If the asset does not yet exist in the USM Anywhere asset inventory, you can automatically create an asset for one or more selected AlienVault Agents. When USM Anywhere creates a new asset for the agent, it uses the hostname value for the asset name. After creation, you can modify various asset details as needed. See Editing Assets for more information.

To create new assets for unassigned agents

1. For each of the listed agents where an asset does not already exist in the asset inventory, select the checkbox for that row.

   If you want to create new assets for all of the listed agents, you can select the checkbox at the top.

2. At the top-right of the page, click the Create New Assets button.

   

   A confirmation dialog box opens.

3. Close the dialog box to return to the Associate Agents with Assets page.