The AlienApp for ConnectWise provides a set of orchestration actions In USM Anywhere you can execute an action from alarms, events, and vulnerabilities to run a scan, get forensic information, or execute a response for a configured AlienApp. that automate the creation of service tickets in ConnectWise Manage as a response to threats detected by USM Anywhere, and the management of the Configurations catalog in ConnectWise Manage as a response to asset scans performed by USM Anywhere. The following table lists the available actions from the AlienApp.
Add tickets to the Manage database
This action creates and updates the tickets from USM Anywhere alarms and vulnerabilities.
USM Anywhere includes the Update the Ticket database job in the Scheduler, which executes this action every five minutes. When you configure the AlienApp for ConnectWise, this job is enabled by default.
Note: Currently, configuration issues identified by USM Anywhere are not included in the job to create and update Manage service tickets.
Add configurations to the Manage database
This action updates the Configurations catalog in ConnectWise Manage to reflect the most recent asset scan by USM Anywhere.
USM Anywhere includes the Update Configurations catalog job in the Scheduler, which executes this action every 60 minutes. When you configure the AlienApp for ConnectWise and select Automatically sync assets with Manage, this job is enabled by default.
Note: If an asset that USM Anywhere previously discovered is no longer present in the most recent asset scan, the status changes to inactive. If it discovers the asset in another future scan, the status changes to active.
If you choose to disable one of these jobs for the USM Anywhere instance, you can go to Settings > Scheduler. When you select a ConnectWise job in the page, you can also access history information that is specific to that job. See USM Anywhere Scheduler for more information.
Important: The AlienApp for ConnectWise must be enabled and connected to your Manage environment for successful execution of these jobs. See Configuring the AlienApp for ConnectWise for more information.
To view information about these actions in USM Anywhere
- In USM Anywhere, go to Data Sources > AlienApps.
- Click the Available Apps tab.
- Search for the AlienApp, and then click the tile.
- Click the Actions tab to display information for the supported actions.
- Click the History tab to display information about the executed orchestration actions.
Launch Actions from USM Anywhere
If you want to apply an action to similar events that occur in the future, you can also create orchestration rules directly from an action applied to an alarm, event, or vulnerability.
To launch an AT&T Secure Web Gateway orchestration action for an alarm
- Go to Activity > Alarms or Acitvity > Events.
- Click the alarm or event to open the details.
Click Select Action.
In the Select Action dialog box, select the ConnectWise tile.
For the App Action, select the action you want to launch.
Additional fields will be populated based on the action you've selected. Fill out the necessary fields for the app action.
Enter the name of the category you want the IP added to, if applicable.
After USM Anywhere initiates the action for an alarm or event, it displays a confirmation dialog box.
If you want to create a rule to apply the action to similar items that occur in the future, click Create rule for similar alarms or Create rule for similar events and define the new rule. If not, click OK.