After you have initialized your new USM Anywhere Sensor and you have configured it in the Setup Wizard, you can start using it. See these links for more information:

• USM Anywhere Deployment Process
• Complete the AWS Sensor Setup
• Complete the Azure Sensor Setup
• Complete the GCP Sensor Setup
• Complete the Hyper-V Sensor Setup
• Complete the VMware Sensor Setup

Once you click the Start Using USM Anywhere button, the page for entering your username and password displays:

LevelBlue employs a single user account and single set of credentials to access all of your USM Anywhere and USM Central instances. Your role, and the actions available to you, will change from instance to instance depending on your user account's settings in that instance.

Keep in mind these points when you are logging in:

• The login credentials that you set will apply to any USM Anywhere™ and USM Central™ you have access to.
• USM Anywhere requires all passwords to have a minimum length of 8 characters and a maximum length of 128 characters.
• The password must contain numerical digits (0-9).
• The password must contain uppercase letters (A-Z).
• The password must contain lowercase letters (a-z).
• The password must contain special characters, such as hyphen (-) and underscore ( _ ).

Note: USM Anywhere passwords expire after 90 days. When your password expires, USM Anywhere enforces a password change when you next log in. A new password must be different from the previous four passwords.

After 45 days of inactivity, your user account will be locked. Manager users can unlock inactive accounts.

The messages you can have are these:

• Password successfully updated. Please log in with your new password.
• Your session has expired.
• The username or password you entered is incorrect.
• The server responded incorrectly.
• There was an error with your security token. Try refreshing your page or contact support.

There are four roles in USM Anywhere:

• Read-Only: You can access views and search the system, but you cannot make system changes that impact other users.
• Investigator: You can access views, search the system, and generate reports, but you cannot make system changes that impact other users.
• Analyst: You can view and search the system, schedule jobs, launch actions In USM Anywhere you can execute an action from alarms, events, and vulnerabilities to run a scan, get forensic information, or execute a response for a configured BlueApp., configure rules, and configure asset An IP-addressable host, including but not limited to network devices, virtual servers, and physical servers. credentials. But you cannot add or modify sensor configurations; configure credentials for AlienApp [[[Undefined variable Core.ProductBlueApps]]] extend the threat detection and security orchestration capabilities of the USM Anywhere platform to other security tools that your IT team uses, providing a consolidated approach to threat detection and response., notification Communication of an important event, typically through an email message or other desktop display. In USM Appliance, notifications are typically triggered by events, policies, and correlation directives, and in USM Anywhere, they are typically triggered by notification rules or directly from alarms. apps, and threat intelligence Evidence-based knowledge, including context, mechanisms, indicators, implications and actionable advice about an existing or emerging hazard to assets that can be used to inform decisions regarding the subject's response to that hazard. integrations; or add users.
• Manager: This role enables analyst permissions and enables you to add or modify sensor configurations; configure credentials for BlueApps, notification apps, and threat intelligence integrations; and add users.

See USM Anywhere User Management for all the information related to users.