Data Sources and Log Processing

Some data sources, such as those that support the syslog An industry standard message logging system that is used on many devices and platforms. protocol, can send their logs directly to the USM Anywhere Sensor. For other data sources, USM Anywhere retrieves the logs through scheduled log collection jobs, queries through registered LevelBlue Agents, and queries through configured BlueApp integrations. In each of these cases, USM Anywhere uses an BlueApp for normalizing Normalization describes the translation of log file entries received from disparate types of monitored assets into the standardized framework of Event types and sub-types. the collected data to extract and store information in common data fields that define an event.

USM Anywhere Sensors securely transfer the event data from your network environment to your single-tenant USM Anywhere instance for centralized collection, security analysis, threat detection, and compliance-ready log management. Installed LevelBlue Agents communicate over an encrypted Cryptographic transformation of data into a form that conceals the data's original meaning to prevent it from being known or used. channel to send data directly to USM Anywhere.

This section provides detailed information about collecting data from your devices, systems, and applications.