USM Anywhere™

USM Anywhere AlienApps Guide

AlienApps extend the threat detection and security orchestration capabilities of the USM Anywhere platform to other security tools that your IT team uses, providing a consolidated approach to threat detection and response. With AlienApps, you can monitor more of your security posture directly within USM Anywhere, including your cloud services like Microsoft Office 365 and Google G Suite. AlienApps also enable you to automate and orchestrate response actions in security tools from vendors such as Cisco and Palo Alto Networks, greatly simplifying and accelerating the threat detection and incident response processes.

USM Anywhere provides hundreds of AlienApps for different data sources. In addition to translating raw log data into normalized events for analysis by USM Anywhere, some AlienApps also collect and enrich log data, perform threat analysis, and provide workflow that coordinates response actions with the infrastructure and third-party applications to provide security orchestration.

AlienApps extend the capabilities of USM Anywhere through integrations with leading security tools, most specifically in the following areas:

  • Data extraction.
  • Correlation of data to produce events and alarms.
  • Dashboards that display data collected from your network, which help you visualize your environment and alert you to issues originating from a particular data source. These dashboards are visible if you have data for them. Sometimes it takes a few minutes for the dashboards to display. See USM Anywhere Dashboards for more information.

    Important: If there are events from the last seven days, then you can see the related dashboard. When there are no events from the previous seven days, that dashboard doesn't display.

  • Orchestration ability that enables you to automate your security operations in a variety of ways. For example, if USM Anywhere finds data associated with a malicious website, orchestration rules might stipulate for this information be sent to the third-party vendor for immediate action. AlienApps with orchestration features are called Advanced AlienApps.

    Edition: All Advanced AlienApps are available in the Standard and Premium editions of USM Anywhere.

    The USM Anywhere Essentials edition only has the following Advanced AlienApps:

    • AlienApp for G Suite
    • AlienApp for McAfee ePO
    • AlienApp for Office 365
    • AlienApp for Okta
    • AlienApp for Sophos Central
    • Amazon Web Services (AWS) Log Collection (with an AWS Sensor deployed)
    • Google Cloud Platform (GCP) Log Collection (with a GCP Sensor deployed)
    • Microsoft Azure Log Collection (with an Azure Sensor deployed)

    See https://cybersecurity.att.com/pricing for more information about the features and support provided by each of the USM Anywhere editions.

Related Video Content

To view other related training videos, click here.