In addition to the many BlueApps offered by USM Anywhere, LevelBlue offers you the option of configuring an advanced BlueApp custom to your resources and the way you use them. With custom BlueApps, you can better monitor activity in your environment according to your needs. Custom BlueApps enable you to collect and analyze log data from any third-party applications your environment relies upon and gives you ultimate granularity to configure precisely how USM Anywhere should view and process your data.

You can also create a custom log parser. Custom log parsers are designed to parse logs from any application that uses Amazon Simple Storage Service (S3) or syslog authentication and for which USM Anywhere does not already provide a BlueApp.

Like regular advanced BlueApps, your custom BlueApp or log collector enables you to do the following:

• Log collection
• Network inventory
• Orchestration In USM Anywhere, you can create orchestration rules to filter events, suppress events, create alarms, send notifications, or execute response actions.
• Notification Communication of an important event, typically through an email message or other desktop display. In USM Appliance, notifications are typically triggered by events, policies, and correlation directives, and in USM Anywhere, they are typically triggered by notification rules or directly from alarms.
• Vulnerability assessment
• Response A mechanism provided through BlueApps to execute actions in third-party applications based on risks identified in USM Anywhere.