The Job Scheduler page provides a list of all jobs that are defined in your USM Anywhere environment. Many jobs are predefined (out-of-the-box) items for log collectionOperation in which sensors receive log files from remote hosts and then, using AlienApps, parse and normalize the raw data contained in the logs., user, and assetAn IP-addressable host, including but not limited to network devices, virtual servers, and physical servers. scans, and some of these require enablement to run according to the defined schedule. You can also define your own custom jobs to schedule automatic log collection, user scans, asset scans, and asset groupAsset groups are administratively created objects that group similar assets for specific purposes. scans, as well as jobs to perform AlienAppAlienApps extend the threat detection and security orchestration capabilities of the USM Anywhere platform to other security tools that your IT team uses, providing a consolidated approach to threat detection and response. functionality.
User Behavior Analysis Standard Jobs
There are a number of apps in USM Anywhere that support the creation of scheduled jobs for user behavior monitoring.
If you have a deployed Amazon Web Services (AWS) Sensor, the AWS Sensor app provides support for the predefined user discovery jobs that USM Anywhere uses to monitor AWS Identity and Access Management (IAM) activity. You can also use the app to define custom jobs.
The AWS user discovery job is enabled by default and runs every 20 minutes to collect AWS users.
If you have a deployed Microsoft Azure Sensor, the Azure Sensor app provides support for the predefined Azure Active Directory (AD) user discovery jobs that USM Anywhere uses to monitor your Azure AD users, either as an actor in the Azure cloud or as an identity provider. You can also use the app to define custom jobs.
The Azure user discovery job is enabled by default and runs every 20 minutes to collect Azure AD users. See Azure Log Discovery and Collection in USM Anywhere for more information about jobs for the Azure Sensor app.
You can verify that your app is properly configured to collect user data by viewing the app status.
If you are using Microsoft Active DirectoryActive Directory (AD) is a directory service that Microsoft developed for Windows domain networks. to authenticate users in your environment, the Microsoft Azure Active Directory Sensor app provides support for the predefined user discovery job that scans for both assets and users authenticated via Microsoft Active Directory
You can execute a new Microsoft Active Directory scan either from the Getting Started Wizard during your sensor's deployment, or at any time from the sensor details page. In addition, you can schedule a custom job to collect users regularly.
See Running Active Directory Scans for more information about jobs for this app.
If you are using Okta in your environment to authenticate users, the Okta Sensor app provides support for the predefined user discovery job that scans for users authenticated via Okta.
You can confirm your Okta app is configured to collect user data by checking the app status.
If you are using Microsoft Office 365 in your environment to authenticate users, the Office 365 Sensor app provides support for the predefined user discovery job that scans for users authenticated via Office 365.
You can confirm your Office 365 app is configured to collect user data by checking the app status.
If you are using G Suite in your environment to authenticate users and would like to set up a scheduled job to discover them, you must create a new job for that purpose.
To configure a scheduled job to discover G Suite users, use the following values:
- Name: An identifying name for the new job
- Description: A description of the new job
- Action Type: G Suite
- App Action: Find G Suite Users
- Domain: The domain this job will scan
- Schedule: The frequency with which this scan job will run (most scan jobs run every 20 minutes)
See Managing Jobs in the Scheduler for detailed instructions on how to create new scheduled jobs.