AlienVault® USM Anywhere™

Configuring the AlienApp for Carbon Black

Role Availability Read-Only Analyst Manager

When the AlienApp for Carbon Black is enabled and connected to your CB Response deployment, you can launch app actionsIn USM Anywhere you can execute an action from alarms, events, and vulnerabilities to run a scan, get forensic information, or execute a response for a configured AlienApp. and create orchestration rules to send data from USM Anywhere to CB Response. See AlienApp for Carbon Black Orchestration for more information about the orchestration actions supported by the AlienApp for Carbon Black.

Important: You do not need to complete this configuration if you are using the CB Protection and/or CB Defense products, but not the CB Response product.

Note: To fully integrate USM Anywhere with your Carbon Black implementation, you should also have the Carbon Black log collection enabled so that USM Anywhere can retrieve and normalizeNormalization describes the translation of log file entries received from disparate types of monitored assets into the standardized framework of Event types and sub-types. raw log data from the Carbon Black applications. See Collecting Logs from Carbon Black for information about enabling these plugins and raw log data retrieval.