The USM Anywhere registration kicks off the deployment process. There are four basic tasks to complete your initial USM Anywhere deployment.
After registering for USM Anywhere online, the system displays a page with the following information you will use to deploy your initial USM Anywhere Sensor:
- A link used to access the sensor template
- An authentication code
You also receive an email with the same information in case you want to do the deployment another time.
Use the provided link to access the USM Anywhere Sensor template for your chosen deployment type, create the new sensor virtual machine (VM) within your cloud account or network, connect to the sensor URL, and then provide your authentication code to provision your USM Anywhere instance within the AlienVault Secure Cloud.
After several minutes, the USM Anywhere provisioning process is complete and you will receive a system message with a URL and password. Access this URL from your browser window and enter your login credentials, including the password you received in the message box.
USM Anywhere prompts you to create a new password for this initial user account. After password verification, the Setup Wizard prompts you to complete the next task.
A Setup Wizard that is specific to your sensor deployment type guides you through the initial configuration of your sensor to initiate the following:
- Initial log collection
- Log management
- Authenticated scansAuthenticated scans are performed from inside the machine using a user account with appropriate privileges. of single assets, an asset group, or a network range
After you create and set up the sensor, it communicates with USM Anywhere in the cloud about the assets in your network. The sensor then transfers any available raw data to USM Anywhere in the cloud for normalizationNormalization describes the translation of log file entries received from disparate types of monitored assets into the standardized framework of Event types and sub-types., correlation, and event generation.
You should configure your network to ensure that the sensor performs optimally and collects the data that you want.
Use the following links to learn about the individual network configuration tasks that may apply to your deployment:
- Collecting Linux System Logs
- Collecting Windows System Logs
- File Integrity Monitoring
- Configure Network Interfaces for On-Premises Sensors
- Host System Configuration for Scans and Functions
- Granting Access to Active Directory for USM Anywhere
- Direct Traffic from Your Physical Network to the VMware Sensor
Note: Some tasks are specific to the sensor deployment type or the data sources that you have.
Change the Domain Name
If you want to change the domain name of your environment, you need to contact the AT&T Cybersecurity Technical Support department to open a ticket and indicate the current name and the new one.
Warning: Keep in mind that after this change, all logs and configurations of your environment will be lost.
Related Video Content
To view other related training videos, click here.