The BlueApp for Akamai Enterprise Threat Protector (ETP) provides a set of orchestration actions that you can use to identify vulnerabilities and manage assets in your USM Anywhere environment. The following table lists the available actions from the BlueApp.

Actions for the BlueApp for Akamai Enterprise Threat Protector

Action	Description
Add Items to Block List	Run this action to add items to a block list from an event or alarm to restrict their access
Add Items to Allowlist	Run this action to add items to an allowlist to grant authorized access
Remove Items from Block List	Run this action to remove items from the Akamai ETP block list
Remove Items from Allowlist	Run this action to remove items from an allowlist via an event or alarm
Add Items to Block List from Rule	Run this action to add items to a block list from a rule to restrict their access
Add Items to Allowlist from Rule	Run this action to add items to an allowlist from a rule to grant authorized access
Remove Items in Block List from Rule	Run this action to remove items from a block list based on a predefined rule to restrict their access
Remove Items in Allowlist from Rule	Run this action to remove items from an allowlist based on a predefined rule to restrict or revoke access
Create Custom List	Run this action to create a custom Akamai ETP flist

To view information about these actions in USM Anywhere

1. In USM Anywhere, go to Data Sources > BlueApps.
2. Click the Available Apps tab.
3. Search for the BlueApp, and then click the tile.
4. Click the Actions tab to display information for the supported actions.
5. Click the History tab to display information about the executed orchestration actions.

Launch Action from Alarms or Events

When you review the information in the Alarm Details or Event Details page, you can easily launch an action to have USM Anywhere respond to threats or suspicious activity generated from Akamai ETP.

To launch an Akamai ETP response action for an alarm or event

1. Go to Activity > Alarms or Activity > Events.
2. Click the alarm or event to open the details.
3. Click Select Action.

4. In the Select Action dialog box, select Run Akamai ETP Action.

5. Select the app action.

   Additional fields will be populated based on the action you've selected. Fill out the necessary fields for the app action.

6. Click Run.

   After USM Anywhere initiates the action for an alarm or event, it displays a confirmation dialog box.

   If you want to create a rule to apply the action to similar items that occur in the future, click Create rule for similar alarms or Create rule for similar events and define the new rule. If not, click OK.