Applies to Product: | USM Appliance™ | LevelBlue OSSIM® |
One of the key capabilities provided by USM Appliance is the ability to collect external data from network devices, security devices, and your servers. The data collected allows USM Appliance to correlate events to see patterns of activity and issue alarms.
The Getting Started Wizard makes it painless and fast to configure each of the assets you discovered or added as part of the Asset Discovery task with the appropriate data collection plugin.
Note: You cannot collect data from those assets that do not have a plugin enabled. See Enable Plugins for more information.
On the Log Management page in the Getting Started Wizard, you will see a list of the network devices discovered as part of the Configuring Network Interfaces task. You should enable one or more plugins for each of these assets.
To enable plugins for each asset
-
Select the correct Vendor, Model, and Version number corresponding to the data that you want to collect from that asset.
All three fields are required. The Version field defaults to ‘-‘ if no other selection is available. The Add Plugin button is enabled.
-
If you want to enable another plugin for the same asset, click Add Plugin.
Another row is added for you to select the Vendor, Model, and Version number for a different plugin.
-
Repeat step 1 and 2 for each plugin you want to enable. You can enable up to 10 plugins per asset.
- Repeat step 1-3 for each asset.
-
To enable the selected plugins, click Enable.
The Log Management Confirmation page, shown in the following illustration, displays the plugins that you enabled. The Receiving Data value turns green when the Source, Destination, or Device IP field of an event matches the IP address of the asset. Gray means that no data is being received.
-
To learn how to configure your assets to send data to USM Appliance, click Instructions to forward logs.
After you have enabled plugins for your assets, click Next at the bottom-right corner to proceed.