This guide provides information for users of USM Anywhere who are responsible for monitoring Process of collecting all device status and event information and processing normalized events for evidence of vulnerabilities, possible attacks, and other malicious activity. network security, and identifying and addressing security threats in their environment. The guide also describes operations provided by the USM Anywhere web user interface (web UI), which is used to perform most USM Anywhere network security tasks after initial USM Anywhere deployment Entire process involved in installation, configuration, startup, and testing of hardware and software in a specific environment..

This guide includes these topics:

• Getting Started with USM Anywhere: Describes typical security operations performed after initial USM Anywhere installation and configuration, including security operation best practices and workflow, verifying USM Anywhere operations, and establishing baseline network behavior.
• USM Anywhere Dashboards: Provides an overview of USM Anywhere dashboards.
• Asset Management: Describes operations to manage assets and asset groups Asset groups are administratively created objects that group similar assets for specific purposes.. Includes topics such as asset creation and discovery, vulnerability A known issue or weakness in a system, procedure, internal control, software package, or hardware that could be used to compromise security. scans, and asset monitoring and analysis.
• User Behavior Analytics: Provides information about how to identify malicious or compromised users, and enable you to better prioritize alarms with the addition of user data.
• Alarms Management: Provides information about alarms Alarms provide notification of an event or sequence of events that require attention or investigation. generated from events and OTX The world’s first truly open threat intelligence community. Enables collaborative defense with open access, collaborative research, and seamless integration with USM Anywhere and USM Appliance, and AlienApps for other security products. pulses, viewing and reviewing alarm information and field details, and suppressing alarms to remove noise in the system.
• Events Management: Provides information on viewing, filtering, and sorting events, event and OTX field details, and analyzing events that generate alarms.
• System Events Management: Provides information on viewing, filtering, and sorting system events, which are the events generated within your environment.
• Console User Events on USM Anywhere. Provides information about the events that USM Anywhere generates when a user does a specific action in the user interface (UI).
• Configuration Issues Management: Provides information on viewing, filtering, and sorting configuration issues An identified configuration of deployed software or features of software that is in use, which is known to be insecure., and how to suppress them from the main view.
• USM Anywhere Scheduler: Describes the Job Scheduler page. This page provides a list of all jobs that are defined in your USM Anywhere environment.
• Rules Management: Describes how to create suppression and orchestration rules, and how USM Anywhere correlation rules work. This chapter also describes how Amazon Simple Notification Service (SNS) is integrated into USM Anywhere and how to manage AlienApps™ AlienApps extend the threat detection and security orchestration capabilities of the USM Anywhere platform to other security tools that your IT team uses, providing a consolidated approach to threat detection and response..
• Vulnerability Assessment Describes how to perform vulnerability scans, view and understand scan results, and generate reports based on vulnerability scans.
• Open Threat Exchange® and USM Anywhere: Describes the open information-sharing and analysis network. OTX provides access to real-time information about issues and threats that may impact your organization, enabling you to learn from and work with others who have already experienced such attacks.
• USM Anywhere Sensor Management: Describes how to manage sensors Sensors are deployed into an on-premises, cloud, or multi-cloud environment to collect logs and other security-related data. This data is normalized and then securely forwarded to USM Anywhere for analysis and correlation. within USM Anywhere.
• The AWS Cloud Connector in USM Anywhere: Describes how to manage Amazon Web Services (AWS) Amazon Web Services (AWS) is a suite of cloud computing services from Amazon that make up an on-demand platform giving users access to their computing resources. Cloud Connectors within USM Anywhere.
• Subscription Management: Describes license information, event data, and raw log data.
• USM Anywhere Reports: Describes reports displayed in USM Anywhere. You can find reports generated from your report creation feature; compliance templates based on alarms, vulnerabilities, and events collected in the system; and Event Type Templates based on event categorization by type of data source and by the most used data sources.
• USM Anywhere User Management: Describes USM Anywhere user authentication Process used to verify the identity of a user, user device, or other entity, usually through a username and password. and role Tasks and responsibilities based on job description and position within an organization. A user's role is often used to define access to functionality and privileges to perform specific tasks and operations.-based authorization, configuration of authorization for specific assets, and monitoring user activity.
• Using USM Anywhere for PCI Compliance: Describes USM Anywhere capabilities to manage PCI DSS Payment Card Industry Data Security Standard. Set of security standards intended to reduce credit card fraud by protecting cardholder information in organizations that handle credit, debit, and other types of payment cards. requirements through assets, asset groups, and reports.
• USM Anywhere Investigations: Describes how to organize the information from your environment. You can link alarms, events, notes, and other files to their responses to have a complete view set of actions you have taken to address a particular threat.
• System Status within USM Anywhere: Describes the status of your environment. You have a system monitor page, if your role is Manager, a network settings page, and the log collection page.