USM Anywhere™

Launching a Salesforce Response Action

Role Availability Read-Only Analyst   Manager

When you review the information in the Alarm Details, Event Details, or Vulnerability Details, you can easily launch an actionIn USM Anywhere you can execute an action from alarms, events, and vulnerabilities to run a scan, get forensic information, or execute a response for a configured AlienApp. to send a request to your connected Salesforce instance to create a new incident case based on that item. If you want to apply an action to similar events that occur in the future, you can also create an orchestration rule after you apply the action. Salesforce events are updated on an hourly basis.

To launch a Salesforce response action for an alarm, event, or vulnerability

  1. Go to Activity > Alarms, Activity > Events, or Environment > Vulnerabilities.
  2. Click the alarm, event, or vulnerability to open the details.
  3. Click Select Action.
  4. In the Select Action dialog box, select Run Salesforce Action.

  5. Modify the information for the new incident for the following fields:

    • Type of Request
    • Case Reason
    • Case Subject
    • Case Priority
    • Case Status

  6. Click Run.

    After USM Anywhere initiates the action for an alarm or event, it displays a confirmation dialog box.

    If you want to create a rule to apply the action to similar items that occur in the future, click Create rule for similar alarms or Create rule for similar events and define the new rule. If not, click OK.