BlueApp for Salesforce Actions


As USM Anywhere surfaces events, alarms, and vulnerabilities, your team determines which items require the opening of a new Salesforce case. Rather than manually opening each case in the Salesforce user interface (UI) and entering the relevant alarm, event, or vulnerability information, you can use the BlueApp for Salesforce response actions to automatically create a Salesforce case with the short description and description fields pre-populated with content from your USM Anywhere environment. The following table lists the available actions from the BlueApp.

Actions for the BlueApp for Salesforce
Action Description

Create a Salesforce Case

Run this action to generate a new Salesforce case from an alarm, event, response action, or vulnerability.

Pull Login History Events Run this action to pull login history events from SalesForce
Pull Events Run this action to pull events from SalesForce

Upon execution of a response action, USM Anywhere generates the Salesforce case and passes the associated information to that new incident case.

Note: Before launching a Salesforce response action or creating a Salesforce response action rule, the BlueApp for Salesforce must be enabled and connected to your Salesforce instance. See Configuring the BlueApp for Salesforce for more information.

To view information about these actions in USM Anywhere

  1. In USM Anywhere, go to Data Sources > BlueApps.
  2. Click the Available Apps tab.
  3. Search for the BlueApp, and then click the tile.
  4. Click the Actions tab to display information for the supported actions.
  5. Click the History tab to display information about the executed orchestration actions.

Launch Actions from Alarms

You can launch an action directly from alarms, events, or vulnerabilities. If you want to apply an action to similar events that occur in the future, you can also create orchestration rules directly from the action applied to an alarm, event, or vulnerability.

To launch a Salesforce response action for an alarm, event, or vulnerability

  1. Go to Activity > Alarms, Activity > Events, or Environment > Vulnerabilities.
  2. Click the alarm, event, or vulnerability to open the details.
  3. Click Select Action.
  4. In the Select Action dialog box, select Run Salesforce Action.

  5. Modify the information for the new incident for the following fields:

    • Type of Request
    • Case Reason
    • Case Subject
    • Case Priority
    • Case Status

  6. Click Run.

    After USM Anywhere initiates the action for an alarm or event, it displays a confirmation dialog box.

    If you want to create a rule to apply the action to similar items that occur in the future, click Create rule for similar alarms or Create rule for similar events and define the new rule. If not, click OK.