When you review the information in the Alarm Details, Event Details, or Vulnerability Details, you can easily launch an actionIn USM Anywhere you can execute an action from alarms, events, and vulnerabilities to run a scan, get forensic information, or execute a response for a configured AlienApp. to have your Cisco Advanced Malware Protection (AMP) instance to isolate or unisolate a host. If you want to apply an action to similar events that occur in the future, you can also create an orchestration rule after you apply the action.
To launch a Cisco AMP response action for an alarm, event, or vulnerability
- Go to Activity > Alarms, Activity > Events, or Environment > Vulnerabilities.
- Click the alarm, event, or vulnerability to open the details.
- Click Select Action.
In the Select Action dialog box, select Run Cisco AMP Action.
Modify the information for the action for the following fields:
- App Action
After USM Anywhere initiates the action for an alarm or event, it displays a confirmation dialog box.
If you want to create a rule to apply the action to similar items that occur in the future, click Create rule for similar alarms or Create rule for similar events and define the new rule. If not, click OK.