After you have initialized your new USM Anywhere Sensor and you have configured it in the Setup Wizard, you can start using it. See these links for more information: Once you click the Start Using USM Anywhere button, the page for entering your username and password displays:

Entering your login and password

LevelBlue employs a single user account and single set of credentials to access all of your USM Anywhere and USM Central instances. Your role, and the actions available to you, will change from instance to instance depending on your user account’s settings in that instance. Keep in mind these points when you are logging in:
  • The login credentials that you set will apply to any USM Anywhere™ and USM Central™ you have access to.
  • USM Anywhere requires all passwords to have a minimum length of 8 characters and a maximum length of 128 characters.
  • The password must contain numerical digits (0-9).
  • The password must contain uppercase letters (A-Z).
  • The password must contain lowercase letters (a-z).
  • The password must contain special characters, such as hyphen (-) and underscore ( _ ).
Note: USM Anywhere passwords expire after 90 days. When your password expires, USM Anywhere enforces a password change when you next log in. A new password must be different from the previous four passwords.
After 45 days of inactivity, your user account will be locked. Manager users can unlock inactive accounts. The messages you can have are these:
  • Password successfully updated. Please log in with your new password.
  • Your session has expired.
  • The username or password you entered is incorrect.
  • The server responded incorrectly.
  • There was an error with your security token. Try refreshing your page or contact support.
Important: Five failed sign-in attempts are allowed for USM Anywhere before the user account is locked. For Threat Detection and Response for Government, three failed sign-in attempts are allowed before the user account is locked. The lockout time for both USM Anywhere and LevelBlue TDR for Gov is 30 minutes.
There are four roles in USM Anywhere:
  • Read-Only: You can access views and search the system, but you cannot make system changes that impact other users.
  • Investigator: You can access views, search the system, and generate reports, but you cannot make system changes that impact other users.
  • Analyst: You can view and search the system, schedule jobs, launch actions, configure rules, and configure asset credentials. But you cannot add or modify sensor configurations; configure credentials for AlienApp, notification apps, and threat intelligence integrations; or add users.
  • Manager: This role enables analyst permissions and enables you to add or modify sensor configurations; configure credentials for BlueApps, notification apps, and threat intelligence integrations; and add users.
See USM Anywhere User Management for all the information related to users.