AT&T Cybersecurity builds or updates AlienApps at the request of customers for products and devices available to the general public. To take advantage of this, customers must have an active AT&T Cybersecurity Support and Maintenance contract.

See this list of AlienApps for information on the AlienApps included in USM Anywhere.

Before Submitting Your Request

The more information you can provide, the faster AT&T Cybersecurity can build the AlienApp and the more accurate it will be. A complete request must include the following information:

• Product’s vendor, model, and version.
• A description of the device and how you will connect to it, including the data acquisition method.
  This needs to be explained in great detail, these examples are not all inclusive: Syslog, Database, SNMP, Flat File, OSSEC Agent.

  Note: AlienApp development does not include DB query development or third party tool implementation that may be needed for log data extraction such as LogBinder.

• A description of the formatting of the logs. Select from the list of current AlienApps Supported Log Formats.

  Important: All syslog messages must conform with the RFC 3164 standard, which recommends the message to have three parts: PRI, HEADER, and MSG.

• A description of how you use the product, including which messages and which fields inside those messages provide the most relevance to your business.

  You may also want to consider using the product's default log settings in defining which fields to log. However, if a product has a particular logging configuration that you want the AlienApp to support, you should include that in your request.

• Specific log samples or database dumps from the relevant device. Your sample must contain at least 100 lines or 2 MB of data. The best way to collect log sample is to download the raw logs generated by the AlienVault Generic Data Source on the asset receiving this log. See how to download raw logs from USM Anywhere.

  Important: When submitting log samples, all Personal Identifiable Information (PII) such as Social Security number, credit card numbers, or medical information must be removed or obfuscated from the samples.

• For best results, exclude any extraneous noise from the log samples, while still retaining all the data needed to differentiate the various events you want to capture with the AlienApp.

• If you need information other than the date, source, destination, username, and protocol extracted from the logs, specify this in your request, and provide an example. This helps us test the AlienApp to make sure it can successfully extract that data.
• Use case for the new AlienApp and the business value of the application or device to your organization. This information helps us assign a priority to your request.

Submit your request!

Important: All fields in this form are mandatory.

Contact Name
Email
Subject
Vendor Name

Name of the vendor that produces the data source for the AlienApp

Product Name

Specify the name of the product that produces the data needed for the AlienApp

Product Version

Specify the version of the product that produces the data for the AlienApp
If the application is a cloud service, please specify the full management URL.

Operating System of the Device, Application, and Data Source

If this is a cloud service, specify "cloud".

Device or Data Source Type

e.g. IDS/IPS, Firewall, Operating System, AntiVirus, Proxy, IDM etc.

Data Acquisition Method

Please indicate if you need help with a full API integration or are looking for a parser for syslog/S3 events.

Collection Details / Relevant Notes

Please provide any information you think might help us understand your requirements, particularly any issues you are worried about regarding a new AlienApp.

Log File Sample - Download URL

Note: This information is only required if you are requesting a basic AlienApp or log parser.

Please send at least 100 lines or 2 MB of sample data to AT&T Cybersecurity Technical Support. The best way to collect log sample is to download the raw logs generated by the AlienVault Generic Data Source on the asset receiving this log. See how to download raw logs from USM Anywhere.