USM Anywhere™

USM Anywhere AlienApps Guide

AlienApps extend the threat detection and security orchestration capabilities of the USM Anywhere platform to other security tools that your IT team uses, providing a consolidated approach to threat detection and response. With AlienApps, you can monitor more of your security posture directly within USM Anywhere, including your cloud services like Microsoft Office 365 and Google G Suite. AlienApps also enable you to automate and orchestrate response actions in security tools from vendors such as Cisco and Palo Alto Networks, greatly simplifying and accelerating the threat detection and incident response processes.

USM Anywhere provides hundreds of AlienApps for different data sources. In addition to translating raw log data into normalized events for analysis by USM Anywhere, some AlienApps also collect and enrich log data, perform threat analysis, and provide workflow that coordinates response actions with the infrastructure and third-party applications to provide security orchestration.

AlienApps extend the capabilities of USM Anywhere through integrations with leading security tools, most specifically in the following areas:

  • Data extraction.
  • Correlation of data to produce events and alarms.
  • Dashboards that display data collected from your network, which help you visualize your environment and alert you to issues originating from a particular data source. These dashboards are visible if you have data for them. Sometimes it takes a few minutes for the dashboards to display. See USM Anywhere Dashboards for more information.

    Important: If there are events from the last seven days, then you can see the related dashboard. When there are no events from the previous seven days, that dashboard doesn't display.

  • Orchestration ability that enables you to automate your security operations in a variety of ways. For example, if USM Anywhere finds data associated with a malicious website, orchestration rules might stipulate for this information be sent to a third-party vendor for immediate action. AlienApps with orchestration features are called Advanced AlienApps.

    Edition: Some of the Advanced AlienApps are only available in the Standard and Premium editions of USM Anywhere. The following AlienApps are not available in the USM Anywhere Essentials edition:

    • AlienApp for AT&T Cybersecurity Forensics and Response
    • AlienApp for Carbon Black EDR
    • AlienApp for Check Point
    • AlienApp for Cisco AMP
    • AlienApp for Cisco ASA
    • AlienApp for Cisco Umbrella
    • AlienApp for ConnectWise
    • AlienApp for Fortinet FortiGate
    • AlienApp for Fortinet FortiManager
    • AlienApp for GSG Select
    • AlienApp for Jira
    • AlienApp for Microsoft Defender ATP
    • AlienApp for Palo Alto Networks PAN-OS
    • AlienApp for ServiceNow
    • AlienApp for SpyCloud Dark Web Monitoring
    • AlienApp for Zscaler

    See https://cybersecurity.att.com/pricing for more information about the features and support provided by each of the USM Anywhere editions.

Related Video Content

To view other related training videos, click here.