Advanced BlueApps can do one or more of the following:
- Log collection
- Network inventory
- Orchestration In USM Anywhere, you can create orchestration rules to filter events, suppress events, create alarms, send notifications, or execute response actions.
- Notification Communication of an important event, typically through an email message or other desktop display. In USM Appliance, notifications are typically triggered by events, policies, and correlation directives, and in USM Anywhere, they are typically triggered by notification rules or directly from alarms.
- Vulnerability assessment
- Response A mechanism provided through BlueApps to execute actions in third-party applications based on risks identified in USM Anywhere.
While regular BlueApps parse syslog forwarded from third-party devices, advanced BlueApps collect logs through the third-party Representational State Transfer (REST) API. In addition, through sensors deployed in various cloud environments, advanced BlueApps can collect logs from Amazon Web Services (AWS), Microsoft Azure, or Google Cloud Platform (GCP) using their native tools. See the following documentation for more information:
Some advanced BlueApps provide orchestration to automate your security operations. For example, if USM Anywhere finds data associated with a malicious website, orchestration rules might stipulate that such information be sent to a third-party application for immediate action. Both the BlueApp for Carbon Black EDR and the BlueApp for Cisco Umbrella provide this functionality.
For orchestration to work, you need to configure each BlueApp to connect with the third-party application. You will find configuration instructions for the different BlueApps in the left navigation menu.
Actions from some advanced BlueApps can be included as part of a playbook. Playbooks are a set of predefined actions that should always be taken in response to one or more types of alarms. You can choose app-specific actions for your playbooks that will execute through or on behalf of a specific BlueApp. Some of these app-specific actions can be automated and will execute on their own. Some are manual only and require users to run the actions. See Playbooks for more information.
Note: If there are any specific apps, app actions, or automated actions you would like to have added to playbooks that are not currently available, you can submit a request to have them considered for playbooks.
Edition: Advanced BlueApps are available in the Standard and Premium editions of USM Anywhere. See the Affordable pricing to fit every budget page for more information about the features and support provided by each of the USM Anywhere editions.