BlueApps extend the threat detection and security orchestration capabilities of the USM Anywhere platform to other security tools that your IT team uses, providing a consolidated approach to threat detection and response. With BlueApps, you can monitor more of your security posture directly within USM Anywhere, including your cloud services like Microsoft Office 365 and Google G Suite. BlueApps also enable you to automate and orchestrate response actions in security tools from vendors such as Cisco and Palo Alto Networks, greatly simplifying and accelerating the threat detection and incident response processes. USM Anywhere provides hundreds of BlueApps for different data sources. In addition to translating raw log data into normalized events for analysis by USM Anywhere, some BlueApps also collect and enrich log data, perform threat analysis, and provide workflow that coordinates response actions with the infrastructure and third-party applications to provide security orchestration. BlueApps extend the capabilities of USM Anywhere through integrations with leading security tools, most specifically in the following areas:
  • Data extraction.
  • Correlation of data to produce events and alarms.
  • Dashboards that display data collected from your network, which help you visualize your environment and alert you to issues originating from a particular data source. These dashboards are visible if you have data for them. Sometimes it takes a few minutes for the dashboards to display. See USM Anywhere Dashboards for more information.
    Important: If there are events from the last seven days, then you can see the related dashboard. When there are no events from the previous seven days, that dashboard doesn’t display.
  • Orchestration ability that enables you to automate your security operations in a variety of ways. For example, if USM Anywhere finds data associated with a malicious website, orchestration rules might stipulate for this information be sent to the third-party vendor for immediate action. BlueApps with orchestration features are called Advanced BlueApps.
    Edition: All Advanced BlueApps are available in the Standard and Premium editions of USM Anywhere.The USM Anywhere Essentials edition only has the following Advanced BlueApps:
    • BlueApp for G Suite
    • BlueApp for McAfee ePO
    • BlueApp for Office 365
    • BlueApp for Okta
    • BlueApp for Sophos Central
    • Amazon Web Services (AWS) Log Collection (with an AWS Sensor deployed)
    • Google Cloud Platform (GCP) Log Collection (with a GCP Sensor deployed)
    • Microsoft Azure Log Collection (with an Azure Sensor deployed)
    See the Affordable pricing to fit every budget page for more information about the features and support provided by each of the USM Anywhere editions.

Related Video Content

To view other related training videos, click here.