AT&T Cybersecurity builds or updates AlienApps at the request of customers for products and devices available to the general public. To take advantage of this, customers must have an active AT&T Cybersecurity Support and Maintenance contract.
Important: This policy does not apply to AlienApps for custom software or devices.
See this list of AlienApps for information on the AlienApps included in USM Anywhere.
Before Submitting Your Request
The more information you can provide, the faster AT&T Cybersecurity can build the AlienApp and the more accurate it will be. A complete request must include the following information:
- Product’s vendor, model, and version.
- A description of the device and how you will connect to it, including the data acquisition method.
This needs to be explained in great detail, these examples are not all inclusive: Syslog, Database, SNMP, Flat File, OSSEC Agent.
Note: AlienApp development does not include DB query development or third party tool implementation that may be needed for log data extraction such as LogBinder.
A description of the formatting of the logs. Select from the list of current AlienApps Supported Log Formats.
Important: All syslog messages must conform with the RFC 3164 standard, which recommends the message to have three parts: PRI, HEADER, and MSG.
A description of how you use the product, including which messages and which fields inside those messages provide the most relevance to your business.
You may also want to consider using the product's default log settings in defining which fields to log. However, if a product has a particular logging configuration that you want the AlienApp to support, you should include that in your request.
Specific log samples or database dumps from the relevant device. Your sample must contain at least 100 lines or 2 MB of data. The best way to collect log sample is to download the raw logs generated by the AlienVault Generic Data Source on the asset receiving this log. See how to download raw logs from USM Anywhere.
Important: When submitting log samples, all Personal Identifiable Information (PII) such as Social Security number, credit card numbers, or medical information must be removed or obfuscated from the samples.
For best results, exclude any extraneous noise from the log samples, while still retaining all the data needed to differentiate the various events you want to capture with the AlienApp.
- If you need information other than the date, source, destination, username, and protocol extracted from the logs, specify this in your request, and provide an example. This helps us test the AlienApp to make sure it can successfully extract that data.
- Use case for the new AlienApp and the business value of the application or device to your organization. This information helps us assign a priority to your request.