AT&T Cybersecurity gives you the option of configuring your own custom AlienApp to better monitor activity in your environment according to your needs.
To configure a custom AlienApp
- Go to Data Sources > AlienApps > Custom Apps.
- Click Custom App to begin creating your new AlienApp.
- On the first page, give your AlienApp a name and some identifying information.
App Name: Provide a unique name for your AlienApp.
(Optional.) App Description: Describe the new AlienApp's intent or functionality.
Category: Tag your app with a category, which will help you organize your AlienApps. You can search for AlienApps by category in the Custom App main page.
(Optional.) Logo: You may import a logo for this AlienApp.
-
Configure the authentication credentials your AlienApp will use to connect to the third-party application. When you have finished entering your credentials, confirm them by clicking Test Connection.
Important: This is entirely dependent upon your third-party application. Be sure to make selections in line with the authentication method required by your third-party application.
If configuring a custom AlienApp via API key
-
Select API Key from the drop-down list.
-
Enter the necessary connection information for your AlienApp to connect to the API:
-
Event URL: The destination address for the API connection.
-
Header Name and Header Value: The API authentication key-value pair for your AlienApp to use when connecting to the third-party API.
-
Request Method: Select GET, POST, or PUT.
-
-
Click Test Connection to verify the connection information you have just entered.
If configuring a custom AlienApp via Basic Authentication
-
Select Basic Auth from the drop-down list.
-
Enter the necessary connection information for your AlienApp to connect to the API:
-
Event URL: The destination address for the authenticated connection.
-
Username and Password: The authentication credentials for your AlienApp to use when connecting to the third-party API.
-
Request Method: Select GET, POST, or PUT.
-
-
Click Test Connection to verify the connection information you have just entered.
If configuring a custom AlienApp via OAuth2
- Select OAuth2 from the drop-down list.
- Enter your Event URL.
- Use the OAuth2 Auth Type drop-down to select your authentication type, and then enter the information required by that authentication type:
- Basic: Configure the app to authenticate with a username and password.
- Client ID & Client Secret: Configure the app to authenticate with a client ID and secret.
-
Enter the necessary connection information for your AlienApp to connect to the API:
- Client ID and Client Secret: The authentication credentials for your AlienApp to use when connecting to the third-party API if using client ID and client secret authentication.
- Username and Password: The authentication credentials for your AlienApp to use when connecting to the third-party API if using basic authentication.
- Access Token Endpoint: The access token endpoint for your OAuth2 connection.
- Refresh Token Endpoint: The refresh token endpoint for your OAuth2 connection.
- Content Type: The appropriate content type for your connection.
- Request Method: Select GET, POST, or PUT.
-
Click Test Connection to verify the connection information you have just entered.
-
-
Once your credentials have been verified, click Save & Next.
-
Represent the API configuration your custom AlienApp should expect from your third-party resource.
Warning: This is entirely dependent upon your third-party application. Be sure to make selections in line with the authentication method required by your third-party application.
-
Specify the return format, pagination methods, date format, and output format (JSON, XML, or CEF).
-
Configure the required values your API call may require. When the field is nested in the return under parent fields, use a period to separate parent and child fields.
-
Configure Headers, Params, and Body as required by the third-party application's API.
Note: If there are any fields you want to be able to filter against, you must configure them here under Params.
Click Save & Next to continue.
-
-
USM Anywhere uses the configuration details from the previous two steps to connect with your third party and extract data fields found in the logs they send. Use this page to configure the mapping details between the third-party application's data fields and fields in USM Anywhere by dragging and dropping from the detected fields to their matching fields in USM Anywhere.
-
Found Parameters: Fields on the left are extracted from logs fetched from your third-party application.
-
USM Anywhere App Fields: Fields on the right are the standard USM Anywhere data labels.
Note: Users can map multiple found parameters to the same USM Anywhere app field.
Note: See Event Keys for detailed definitions of the standard USM Anywhere data fields to help you match the extracted fields with those from USM Anywhere.
Click Next to continue.
-
-
Select which log fields to include in the Event Details for events your new AlienApp will generate.
Click Save & Next to continue.
-
Use the Preview screen to review your custom AlienApp's configuration.
You can use the Back button to navigate to any previous page and make changes.
-
Once you have finalized your AlienApp details and configuration, click Save & Close to finish creating your new AlienApp.
Click Save & Next to save your new AlienApp and begin configuring it.
Important: The credentials you have entered will be validated when you click Test Connection. If they cannot be verified at this step, you must correct them and ensure they are validated before moving on to the next step.
After you have finalized and created your custom AlienApp, you can continue to make changes or refine its configuration by returning to the Custom Apps page and opening your AlienApp for editing.