AlienVault® USM Anywhere™

Launching a Check Point Response Action

Role Availability Read-Only Analyst   Manager

When you review the information in the Alarm Details, Event Details, or Vulnerability Details, you can easily launch an actionIn USM Anywhere you can execute an action from alarms, events, and vulnerabilities to run a scan, get forensic information, or execute a response for a configured AlienApp. to set an indicator or tag the event in Check Point. If you want to apply an actionIn USM Anywhere you can execute an action from alarms, events, and vulnerabilities to run a scan, get forensic information, or execute a response for a configured AlienApp. to similar events that occur in the future, you can also Creating Check Point Response Action Rules directly from an action applied to an alarmAlarms provide notification of an event or sequence of events that require attention or investigation., eventAny traffic or data exchange detected by AT&T Cybersecurity products through a sensor, or through external devices such as a firewall., or vulnerabilityA known issue or weakness in a system, procedure, internal control, software package, or hardware that could be used to compromise security..

To launch a Check Point orchestration action for an alarm

  1. Go to Activity > Alarms or Acitvity > Events.
  2. Click the alarm or event to open the details.
  3. Click Select Action.

  4. In the Select Action dialog box, select the Check Point tile.

  5. For the App Action, select the action you want to launch.

    You can launch an action to tag the alarm destination host or source host.

  6. Enter the Check Point Name that you want applied..

  7. Click Run.

    After USM Anywhere initiates the action for an alarm or event, it displays a confirmation dialog box.

    If you want to create a rule to apply the action to similar items that occur in the future, click Create rule for similar alarms or Create rule for similar events and define the new rule. If not, click OK.