Configuring the AlienApp for Lookout

Role Availability Read-Only Investigator Analyst Manager

To configure the AlienApp for Lookout in USM Anywhere, you need to have an API key to authenticate communication with Lookout.

Set up the Lookout API

Before you can use the AlienApp for Lookout with USM Anywhere, you must have an API token that USM Anywhere can use to connect to your Lookout server. Lookout generates this token for use by your user account.

To acquire the API token for Lookout

  1. Log in to the Lookout console as an administrator.

  2. In the left navigation menu, go to System > Application Keys.

Note: If you do not see the Application Keys tab, contact Lookout Enterprise Support to enable this feature on your application.

  1. Click Generate Key.

  2. Enter a label name, and then click Next.

  3. Copy the generated key by clicking Click to Copy Application Key to Clipboard.

Warning: Copy the generated key to your application immediately or save it locally as you cannot access the key again after this procedure.

Important: If you generate a new API key at some point in the future, it will revoke the existing token making the connection unauthorized. Therefore, you must update the token in the AlienApp for Lookout accordingly.

Configure the AlienApp for Lookout in USM Anywhere

After you generate a Lookout API token and copy the value, you're ready to enable the AlienApp for Lookout in USM Anywhere.

To enable the AlienApp for Lookout

  1. In USM Anywhere, go to Data Sources > AlienApps.
  2. Click the Available Apps tab.
  3. Search for the AlienApp, and then click the tile.
  4. Click Configure API.
  5. If you have more than one deployed USM Anywhere Sensor, select the sensor that you want to use for the enabled AlienApp.

    AlienApps operate through a deployed sensor and use APIs to integrate with the connected third-party technology. Select the sensor that can access the integration endpoint. The HTTPS connections to the API will originate from this sensor, so it is important to make sure the sensor has network access to the AlienApp API endpoints.

  6. Enter the API token you acquired from Lookout.
  7. Click Save.

AlienApp Log Collection

Once the AlienApp has been configured, you can choose to have USM Anywhere collect logs from the app on a regular basis.

To configure log collection for the AlienApp

  1. Go to Settings > Scheduler.
  2. In the Job Scheduler, search for the AlienApp on the sensor to which it was deployed.
  3. In the enabled column, click the icon for the inactive collection job.

    The icon turns green, and collection is enabled.

  4. (Optional.) Click the icon to customize the frequency of the event collection.