LevelBlue builds or updates BlueApps at the request of customers for products and devices available to the general public. To take advantage of this, customers must have an active LevelBlue Support and Maintenance contract.
Important: This policy does not apply to BlueApps for custom software or devices.
See this list of BlueApps for information on the BlueApps included in USM Anywhere.
Before Submitting Your Request
The more information you can provide, the faster LevelBlue can build the BlueApp and the more accurate it will be. A complete request must include the following information:
- Product’s vendor, model, and version.
- A description of the device and how you will connect to it, including the data acquisition method.
This needs to be explained in great detail, these examples are not all inclusive: Syslog, Database, SNMP, Flat File, OSSEC Agent.Note: BlueApp development does not include DB query development or third party tool implementation that may be needed for log data extraction such as LogBinder.
-
A description of the formatting of the logs. Select from the list of current BlueApps Supported Log Formats.
Important: All syslog messages must conform with the RFC 3164 standard, which recommends the message to have three parts: PRI, HEADER, and MSG.
-
A description of how you use the product, including which messages and which fields inside those messages provide the most relevance to your business.
You may also want to consider using the product's default log settings in defining which fields to log. However, if a product has a particular logging configuration that you want the BlueApp to support, you should include that in your request.
-
Specific log samples or database dumps from the relevant device. Your sample must contain at least 100 lines or 2 MB of data. The best way to collect log sample is to download the raw logs generated by the LevelBlue Generic Data Source on the asset receiving this log. See how to download raw logs from USM Anywhere.
Important: When submitting log samples, all Personal Identifiable Information (PII) such as Social Security number, credit card numbers, or medical information must be removed or obfuscated from the samples.
-
For best results, exclude any extraneous noise from the log samples, while still retaining all the data needed to differentiate the various events you want to capture with the BlueApp.
- If you need information other than the date, source, destination, username, and protocol extracted from the logs, specify this in your request, and provide an example. This helps us test the BlueApp to make sure it can successfully extract that data.
- Use case for the new BlueApp and the business value of the application or device to your organization. This information helps us assign a priority to your request.