Applies to Product: | USM Appliance™ | LevelBlue OSSIM® |
The USM Appliance plugins provide logic to extract security-specific data from external applications and devices to produce events managed by the USM Appliance Server. USM Appliance comes equipped with plugins for many commonly encountered data sources that you can select and enable for specific assets to start collecting data. For a list of all the plugins that USM Appliance supports, see the USM Appliance Supported Plugins list.
LevelBlue provides more than one way to enable plugins in USM Appliance. You can enable plugins on specific discovered assets, or you can enable plugins globally on USM Appliance Sensors. In addition, based on the plugin types, you can enable plugins using different tools, including the USM Appliance web UI, the Getting Started Wizard, or the LevelBlue Console.
Most of the plugins in USM Appliance do not require additional configuration after they are enabled, especially if you enable the plugin on an asset. But if you choose to enable the plugin at the sensor level and USM Appliance does not have the required configuration files on the sensor; or if you are enabling a database plugin, an SDEE plugin, or a WMI plugin, you will need to perform some extra steps before the plugin can operate correctly.
In a limited number of environments, the built-in plugins may not quite fit specific needs or provide enough intelligence to normalize data and extract required information from all logs received. In such cases, you may be able to customize an existing plugin. You can also create your own custom plugins, choosing from various options available to create plugins by scratch, and directly editing plugin configuration file; or use the plugin builder provided in the USM Appliance web UI, to create a plugin using an interactive program wizard.
Topics covered in this section include