Templates for Custom Advanced AlienApp Configuration

In addition to the many AlienApps offered by USM Anywhere, AT&T Cybersecurity offers you the option of configuring an advanced AlienApp custom to your resources and the way you use them. With custom advanced AlienApps, you can better monitor activity in your environment according to your needs.

The custom advanced AlienApp feature is quite powerful, unlocking the ability to import events from almost any product or service that uses a REST API. To make this configuration process easy and approachable, AT&T Cybersecurity offers configuration guides for the most oft-requested custom advanced AlienApps, providing clear guidance on the exact configurations needed to set up authentication of your custom advanced AlienApp.

Before getting started, you will need to ensure that you are able to generate the required authentication information from the application or service for which you are trying to create an application. The configuration guides AT&T Cybersecurity provides endeavor to document the highest level of security available when connecting to your third party resource. For that reason, AT&T Cybersecurity recommends that you follow the documented authentication configuration when setting up your custom advanced AlienApp.

Note: If you don't find a template for the application you need there, you can request one by following the instructions here.

To use a template to create your custom advanced AlienApp

  1. Go to Data Sources > AlienApps > Custom Templates.

  2. Select the template you want to use from the list of available templates.
    Select a template to begin creating a custom advanced AlienApp for use with your third-party application.
  3. On the first page, give your AlienApp a name and some identifying information.
    Use this page to enter information for your app, such as name, description, icon, and category.

    • App Name: Provide a unique name for your AlienApp.

    • (Optional.) App Description: Describe the new AlienApp's intent or functionality.

    • Category: Tag your app with a category, which will help you organize your AlienApps.
      You can filter AlienApps by category in the Custom App main page.

    • (Optional.) Logo: You may import a logo for this AlienApp.
      The template may include a logo already. If so, you can keep the preconfigured logo or change it per your custom app requirements.

    Click Next to continue.

  4. The template you chose comes preconfigured to use the correct type of authentication your third-party application requires.
    You must provide the credentials your AlienApp will use to connect to the third-party application. When you have finished entering your credentials, confirm them by clicking Test Connection.

    Click Next to continue.

  5. The custom template already contains most of the API configuration your custom AlienApp will need to communicate with your third party.
    Check the template specifications to see whether there is any additional configuration information you must to enter manually to prepare your advanced AlienApp to sync with your third-party application.

    Important: While the template comes prepopulated with as much configuration as possible, if there are any fields you want to be able to filter against you must manually ensure that they are configured here under Params.

    Click Next to continue.

  6. USM Anywhere uses the configuration details from the previous two steps to connect with your third party and extract data fields found in the logs they send. In addition, the custom template is configured with many of the mappings you will need between the third-party application's data fields and fields in USM Anywhere.
    Review the mappings populated by the template. If necessary, you can adjust or further configure the mapping details by dragging and dropping from the detected fields to their matching fields in USM Anywhere.
    Configure which USM Anywhere data fields map to which fields discovered in your source API.

    • Found Parameters: Fields on the left are extracted from logs fetched from your third-party application.

    • USM Anywhere App Fields: Fields on the right are the standard USM Anywhere data labels.

    Note: You can map multiple found parameters to the same USM Anywhere app field.

    See Event Keys for detailed definitions of the standard USM Anywhere data fields to help you match the extracted fields with those from USM Anywhere.

    Click Next to continue.

    Important: In order for USM Anywhere to complete the field mapping configuration there must be sufficient events present for the product to map with. If you receive an "Events not found" error at this stage, you may have to stop configuration at this step and generate some events before resuming the configuration.

  7. Select which log fields to include in the Event Details for events your new advanced AlienApp will generate.
    Choose which of the data fields you previously mapped will appear in the Event Details for events your new app will generate.

    Click Save & Next to continue.

  8. Use the Preview screen to review your custom advanced AlienApp's configuration.
    Use this preview screen to check the details of your new custom AlienApp, including expanding the data source details.

    You can use the Back button to navigate to any previous page and make changes.

  9. Once you have finished all of the configuration steps for your custom advanced AlienApp, click Save & Close to create it.
    It will now be available to you under the My Apps tab of USM Anywhere.