USM Anywhere enables you to respond to the . Use this button to associate the item with an action. Depending on the USM Anywhere you have installed, you will see different actions:
  • Get Forensics Information: This option enables you to run pre-defined Linux and Windows scripts to get more info from the system. These scripts are already defined in USM Anywhere. The Basic, Moderate, and Full Forensic Info options get elemental, limited, and complete forensic information from assets. Keep in mind that the Full Forensic Info option will take more time for including all options. See Scheduling a Forensics and Response Job for more information.
  • **Scan (unauthenticated): **You can launch an unauthenticated scan of an . See Running Asset Scans for more information.
  • Report Domain: See BlueApp for Cisco Umbrella Actions for more information.
  • Agent Query: You can run an agent query in response to any event. See for more information.