In USM Anywhere, you can centralize the collection and analysis of Linux event logs from your servers, making it easier to track the health and security of these systems.
Using the AlienVault Agent
The AlienVault Agent provides simple installation, configuration, and management for host monitoring in USM Anywhere. When you install the AlienVault Agent on a Linux host, it communicates over an encryptedCryptographic transformation of data into a form that conceals the data's original meaning to prevent it from being known or used. channel to send data directly to USM Anywhere. The agent installation script configures a default set of folders and files to automatically support file integrity monitoring (FIM). You can set the configuration profile to manage the queries that USM Anywhere runs for an asset associated with a deployed agent.
Using AlienVault Agents is the best choice for monitoring endpoints outside of the network or in remote locations or where deploying a sensor is impractical. Additionally, it provides the ability to query the assetAn IP-addressable host, including but not limited to network devices, virtual servers, and physical servers. for additional forensic data as part of your investigation activities. See The AlienVault Agent for more information about the AlienVault Agent and how you can use it to simplify your endpoint detection and response (EDR), FIM, and rich endpoint telemetry capabilities.
Collecting Logs from Cloud Environments
USM Anywhere provides USM Anywhere Sensors for different cloud environments and collect logs using their native tools:
- AWS Log Discovery and Collection in USM Anywhere
- Azure Log Discovery and Collection in USM Anywhere
- GCP Log Discovery and Collection in USM Anywhere
Sending Logs Directly to a USM Anywhere Sensor
Supplementary to using the AlienVault Agents, you can configure syslog or manually install osquery on your hosts to forward logs to a USM Anywhere Sensor: