Advanced AlienApps can do one or more of the following:
- Log collection
- OrchestrationIn USM Anywhere, you can create orchestration rules to filter events, suppress events, create alarms, send notifications, or execute response actions.
- NotificationCommunication of an important event, typically through an email message or other desktop display. In USM Appliance, notifications are typically triggered by events, policies, and correlation directives, and in USM Anywhere, they are typically triggered by notification rules or directly from alarms.
- ResponseA mechanism provided through AlienApps to execute actions in third-party applications based on risks identified in USM Anywhere.
While regular AlienApps parse syslog forwarded from third-party devices, advanced AlienApps collect logs through the third-party Representational State Transfer (REST) API. In addition, through sensors deployed in various cloud environments, advanced AlienApps can collect logs from Amazon Web Services (AWS), Microsoft Azure, or Google Cloud Platform (GCP) using their native tools. See the following documentation for more information:
Some advanced AlienApps provide orchestration to automate your security operations. For example, if USM Anywhere finds data associated with a malicious website, orchestration rules might stipulate that such information be sent to a third-party application for immediate action. Both the AlienApp for Carbon Black EDR and the AlienApp for Cisco Umbrella provide this functionality.
Edition: Advanced AlienApps are available in the Standard and Premium editions of USM Anywhere. See https://cybersecurity.att.com/pricing for more information about the features and support provided by each of the USM Anywhere editions.
For orchestration to work, you need to configure each AlienApp to connect with the third-party application. Find configuration instructions for the different AlienApps in these links:
- Configuring the AlienApp for AT&T Cybersecurity Forensics and Response
- Configuring the AlienApp for Box
- Configuring the AlienApp for Carbon Black EDR
- Configuring the AlienApp for Check Point
- Configuring the AlienApp for Cisco AMP
- Configuring the AlienApp for Cisco ASA
- Configuring the AlienApp for Cisco Umbrella
- Configuring the AlienApp for Cloudflare
- Configuring the AlienApp for ConnectWise
- Configuring the AlienApp for DDI Frontline VM
- Configuring the AlienApp for Fortinet FortiGate
- Configuring the AlienApp for Fortinet FortiManager
- Configuring the AlienApp for G Suite
- Configuring the AlienApp for GSG Select
- Configuring the AlienApp for Jira
- Configuring the AlienApp for McAfee ePO
- Configuring the AlienApp for Microsoft Defender ATP
- Configuring the AlienApp for MobileIron Threat Defense
- Configuring the AlienApp for Office 365
- Configuring the AlienApp for Okta
- Configuring the AlienApp for Palo Alto Networks PAN-OS
- Configuring the AlienApp for Salesforce
- Configuring the AlienApp for SentinelOne
- Configuring the AlienApp for ServiceNow
- Configuring the AlienApp for Sophos Central
- Configuring the AlienApp for SpyCloud Dark Web Monitoring
- Configuring the AlienApp for Zscaler