Some data sources, such as those that support the syslogAn industry standard message logging system that is used on many devices and platforms. protocol, can send their logs directly to the USM Anywhere Sensor. For other data sources, USM Anywhere retrieves the logs through scheduled log collection jobs, queries through registered AlienVault Agents, and queries through configured AlienApp integrations. In each of these cases, USM Anywhere uses an AlienApp for normalizingNormalization describes the translation of log file entries received from disparate types of monitored assets into the standardized framework of Event types and sub-types. the collected data to extract and store information in common data fields that define an event.

USM Anywhere Sensors securely transfer the event data from your network environment to your single-tenant USM Anywhere instance for centralized collection, security analysis, threat detection, and compliance-ready log management. Installed AlienVault Agents communicate over an encryptedCryptographic transformation of data into a form that conceals the data's original meaning to prevent it from being known or used. channel to send data directly to USM Anywhere.

This section provides detailed information about collecting data from your devices, systems, and applications.