AlienVault® USM Anywhere™

Manual Integration Management

Role Availability Read-Only Analyst   Manager

If USM Anywhere receives syslogAn industry standard message logging system that is used on many devices and platforms. log data from an external data source (device, application, or operation system) and that data is not automatically matched with an integration through hints (see Auto-discovered Integrations), you must manually associate the required integration with the assetAn IP-addressable host, including but not limited to network devices, virtual servers, and physical servers. in USM Anywhere. There are two methods for creating these associations:

  • Manage the integration by adding one or more assets that require that integration for parsing and normalizing log data.
  • Manage an asset by adding one or more integrations that are needed for parsing and normalizing log data.

You can use a combination of these methods to ensure that USM Anywhere can identify the correct integration(s) for the log data it receives from an asset.

Important: Assigning a data source to an asset disables the usage of hints and only the assigned data sources are used to parse and normalize a log message. Therefore, if you assign a data source to an asset and that asset produces log messages to be processed by more than one data source, you must manually assign each data source, including the auto-discovered data sources, to the asset.