AT&T Cybersecurity builds or updates plugins at the request of customers for products and devices available to the general public. To take advantage of this, customers must have an active AT&T Cybersecurity Support and Maintenance contract.
Important: This policy does not apply to plugins for custom software or devices.
See this list of plugins for information on the plugins delivered with USM Anywhere.
Before Submitting Your Request
The more information you can provide, the faster AT&T Cybersecurity can build the plugin and the more accurate it will be.
A complete plugin request must include the following information:
- Product’s vendor, model, and version.
A description of the formatting of the logs. The most commonly used format is syslog. For more universal plugin application, choosing a standard event format such as the Common Event Format (CEF) is preferable, if it is available and suitable to your needs.
Important: All syslog messages must conform with the RFC 3164 standard, which recommends the message to have three parts: PRI, HEADER, and MSG.
A description of how you use the product, including which messages and which fields inside those messages provide the most relevance to your business.
You may also want to consider using the product's default log settings when defining which fields to log. However, if a product has a particular logging configuration that you want the plugin to support, you should include that in your request.
Specific log samples or database dumps from the relevant device. Your sample must contain at least 100 lines or 2 MB of data.
The best way to collect log sample is to download the raw logs generated by the AlienVault Generic Plugin on the asset receiving this log. See how to download raw logs from USM Anywhere.
Important: When submitting log samples, all Personal Identifiable Information (PII) such as Social Security number, credit card numbers, or medical information must be removed or obfuscated from the samples.
For best results, exclude any extraneous noise from the log samples, while still retaining all the data needed to differentiate the various events you want to capture with the plugin.
- If you need information other than the date, source, destination, username, and protocol extracted from the logs, specify this in your request, and provide an example. This helps AT&T Cybersecurity test the plugin to make sure it can successfully extract that data.
- Use case for the new plugin and the business value of the application or device to your organization. This information helps us assign a priority to your request.