AlienVault® USM Anywhere™

Defining a Launch Query Action

Role Availability Read-Only Analyst   Manager

The AlienApp for AT&T Cybersecurity Forensics and Response supports an extensive list of system-level functions that you can execute on a host system. Many of the most common data collection functions are included in the forensic profile actions or as stand-alone actions. You can also use the Launch Query action to specify any of the supported functions and any needed parameters for the function.

You can use the Launch Query action when you need to perform one of the following tasks:

Review the information in Data Collection Functions and Enforcement System Functions to determine the query syntax and parameters for the function you want to run using the Launch Query action.

To define a Launch Query

  1. Set the App Action to Launch Query.
  2. Specify the asset that you want to use as a target for the action.

    You can enter the name or IP address of the asset in the field to display matching items that you can select. Or you can click Browse Assets to open the Select Asset dialog box and browse the asset list to make your selection.

  3. Enter the function Query parameter.

    Specify function and parameters to run the Launch Query action

  4. (Optional.) If the function requires additional parameters, use the Parameter fields to enter the values in order.