USM Anywhere™

Advanced AlienApps

Advanced AlienApps can do one or more of the following:

While regular AlienApps parse syslog forwarded from third-party devices, advanced AlienApps collect logs through the third-party Representational State Transfer (REST) API. In addition, through sensors deployed in various cloud environments, advanced AlienApps can collect logs from Amazon Web Services (AWS), Microsoft Azure, or Google Cloud Platform (GCP) using their native tools. See the following documentation for more information:

Some advanced AlienApps provide orchestration to automate your security operations. For example, if USM Anywhere finds data associated with a malicious website, orchestration rules might stipulate that such information be sent to a third-party application for immediate action. Both the AlienApp for Carbon Black EDR and the AlienApp for Cisco Umbrella provide this functionality.

Edition: Advanced AlienApps are available in the Standard and Premium editions of USM Anywhere. See https://cybersecurity.att.com/pricing for more information about the features and support provided by each of the USM Anywhere editions.

For orchestration to work, you need to configure each AlienApp to connect with the third-party application. Find configuration instructions for the different AlienApps in these links: