USM Anywhere enables you to respond to the alarm Alarms provide notification of an event or sequence of events that require attention or investigation.. Use this button to associate the item with an action In USM Anywhere you can execute an action from alarms, events, and vulnerabilities to run a scan, get forensic information, or execute a response for a configured BlueApp.. Depending on the USM Anywhere Sensor Sensors are deployed into an on-premises, cloud, or multi-cloud environment to collect logs and other security-related data. This data is normalized and then securely forwarded to USM Anywhere for analysis and correlation. you have installed, you will see different actions:

• Get Forensics Process and method of investigation, including the collection, recording, and analysis of events to discover the source of network attacks and other potentially malicious or harmful activities. Information: This option enables you to run pre-defined Linux and Windows scripts to get more info from the system. These scripts are already defined in USM Anywhere. The Basic, Moderate, and Full Forensic Info options get elemental, limited, and complete forensic information from assets. Keep in mind that the Full Forensic Info option will take more time for including all options. See Scheduling a Forensics and Response Job for more information.
• Scan (unauthenticated): You can launch an unauthenticated scan of an asset An IP-addressable host, including but not limited to network devices, virtual servers, and physical servers.. See Running Asset Scans for more information.
• Scan (authenticated): You can launch an authenticated scan Authenticated scans are performed from inside the machine using a user account with appropriate privileges. of an asset. See Performing Vulnerability Scans for more information.
• Report Domain: See BlueApp for Cisco Umbrella Actions for more information.
• Agent Query: You can run an agent query in response to any alarm. See for more information.