USM Anywhere™

Connect the Azure Sensor to USM Anywhere

After deploying the sensor, you must connect it to USM Anywhere through registration.

USM Anywhere Customers

  • If this is your first sensor, you must register the sensor using the initial authentication code (starts with a "C") received from AT&T Cybersecurity. With this code, the registration process provisions a new USM Anywhere instance and defines its attributes, such as how many sensors to allow, how much storage to provide, and what email address to use for the initial user account. After registration, you will gain access to the sensor through the USM Anywhere web user interface (UI), where you can complete the sensor setup.
  • If you are deploying additional sensors, you must generate the authentication code (starts with an "S") for the registration. See Add a New Sensor for details.

You perform this procedure after deploying the USM Anywhere Sensor within your Azure subscription. The IP address link is displayed after you create the VM and the instance is running in your Azure environment.

To register your sensor

  1. Click the Public IP address displayed for the running sensor VM in the Azure console.

    Important: This link requires that inbound port 80 is open for the sensor VM, which is not a default network setting on Azure. See Sensor Ports and Connectivity for more information.

    This opens the Welcome to USM Anywhere Sensor Setup page, which prompts you to provide the information for registering the sensor with your new USM Anywhere instance.

    Enter the name, description, and authenitication code for the initial sensor

  2. Enter a Sensor Name and Sensor Description.

  3. Paste the authentication code into the field with the Key ( ).

    USM Anywhere Customers:

    • If this is your first sensor, use the authentication code (starts with a "C") received from AT&T Cybersecurity.
    • If this isn't your first sensor, you must generate the authentication code (starts with an "S") yourself. Follow instructions in Add a New Sensor instead.

  4. Click Start Setup to start the process of connecting the USM Anywhere Sensor.

    The provisioning of your USM Anywhere instance upon registration of your initial sensor takes about 20 minutes. When this instance is provisioned and running, you’ll see a welcome message that provides an access link.

    Click the link to access your USM Anywhere instance

    Use this link to open the secured web console for your USM Anywhere instance. You and the other USM Anywhere users in your organization can access this console from a web browser on any system with internet connectivity.

    Note: If this is your first deployment, you'll also receive an email from AT&T Cybersecurity that provides the access link to USM Anywhere.

When you link to a newly-provisioned USM Anywhere instance, you must configure the password for the initial user account. This is the default administrator as defined in your subscription.

To configure login credentials

  1. In the welcome message, click the link.

    This displays a prompt to set the password to use for the default administrator of USM Anywhere.

  2. Enter the password, then enter it again to confirm.

    Keep in mind these points when you are logging in:

    • USM Anywhere requires all passwords to have a minimum length of 8 characters and a maximum length of 128 characters.
    • The password must contain numerical digits (0–9).
    • The password must contain uppercase letters (A–Z).
    • The password must contain lowercase letters (a–z).
    • Special characters, such as hyphen (-) and underscore ( _ ) are supported but optional.

    Note: USM Anywhere passwords expire after 90 days. When your password expires, USM Anywhere enforces a password change when you next log in to the system using the current (now expired) password. A new password must be different from the previous four passwords.

  3. Click Save & Continue.

  4. When the login page appears, enter the password you just set, and click Login.

    Enter the username and password for the initial USM Anywhere user account

It's a good idea to verify that the USM Anywhere Sensor is running. It also gives you the chance to watch the sensor actively working to find all of your assetsAn IP-addressable host, including but not limited to network devices, virtual servers, and physical servers. and to record events from the start.

Note: Make sure to verify that the sensor is running before performing configuration. You can keep one web browser tab with the Welcome to USM Anywhere page in the background while you perform the verification on a different tab.

To verify the new USM Anywhere Sensor

  1. In USM Anywhere, go to Data Sources > Sensors.

    You should now see your sensor in the page.

    After a few minutes, USM Anywhere locates your assets and starts registering events.

  2. You can review the activity in two locations:

    • From the primary task bar, select Environment > Assets.
    • From the primary task bar, select Activity > Events.

    Note: It could take up to six minutes before events appear. Make sure to refresh your browser from time to time to display the current data.

    Review the scanned assets list to verify the new USM Anywhere sensor

    For more information about the Assets pages, see Asset List View. For more information about the Events pages, see Events List View.

Next...

You can now complete the USM Anywhere Sensor setup. See Complete the Azure Sensor Setup.