This guide provides information for users of USM Anywhere who are responsible for network security, and identifying and addressing security threats in their environment. The guide also describes operations provided by the USM Anywhere web user interface (web UI), which is used to perform most USM Anywhere network security tasks after initial USM Anywhere . This guide includes these topics:
  • Getting Started with USM Anywhere: Describes typical security operations performed after initial USM Anywhere installation and configuration, including security operation best practices and workflow, verifying USM Anywhere operations, and establishing baseline network behavior.
  • USM Anywhere Dashboards: Provides an overview of USM Anywhere dashboards.
  • Asset Management: Describes operations to manage assets and . Includes topics such as asset creation and discovery, scans, and asset monitoring and analysis.
  • User Behavior Analytics: Provides information about how to identify malicious or compromised users, and enable you to better prioritize alarms with the addition of user data.
  • Alarms Management: Provides information about alarms generated from events and OTX pulses, viewing and reviewing alarm information and field details, and suppressing alarms to remove noise in the system.
  • Events Management: Provides information on viewing, filtering, and sorting events, event and OTX field details, and analyzing events that generate alarms.
  • System Events Management: Provides information on viewing, filtering, and sorting system events, which are the events generated within your environment.
  • Console User Events on USM Anywhere. Provides information about the events that USM Anywhere generates when a user does a specific action in the user interface (UI).
  • Configuration Issues Management: Provides information on viewing, filtering, and sorting configuration issues, and how to suppress them from the main view.
  • USM Anywhere Scheduler: Describes the Job Scheduler page. This page provides a list of all jobs that are defined in your USM Anywhere environment.
  • Rules Management: Describes how to create suppression and orchestration rules, and how USM Anywhere correlation rules work. This chapter also describes how Amazon Simple Notification Service (SNS) is integrated into USM Anywhere and how to manage AlienApps™.
  • Vulnerability Assessment Describes how to perform vulnerability scans, view and understand scan results, and generate reports based on vulnerability scans.
  • Open Threat Exchange® and USM Anywhere: Describes the open information-sharing and analysis network. OTX provides access to real-time information about issues and threats that may impact your organization, enabling you to learn from and work with others who have already experienced such attacks.
  • USM Anywhere Sensor Management: Describes how to manage sensors within USM Anywhere.
  • The AWS Cloud Connector in USM Anywhere: Describes how to manage Amazon Web Services (AWS) Cloud Connectors within USM Anywhere.
  • Subscription Management: Describes license information, event data, and raw log data.
  • USM Anywhere Reports: Describes reports displayed in USM Anywhere. You can find reports generated from your report creation feature; compliance templates based on alarms, vulnerabilities, and events collected in the system; and Event Type Templates based on event categorization by type of data source and by the most used data sources.
  • USM Anywhere User Management: Describes USM Anywhere user authentication and role-based authorization, configuration of authorization for specific assets, and monitoring user activity.
  • Using USM Anywhere for PCI Compliance: Describes USM Anywhere capabilities to manage PCI DSS requirements through assets, asset groups, and reports.
  • USM Anywhere Investigations: Describes how to organize the information from your environment. You can link alarms, events, notes, and other files to their responses to have a complete view set of actions you have taken to address a particular threat.
  • System Status within USM Anywhere: Describes the status of your environment. You have a system monitor page, if your role is Manager, a network settings page, and the log collection page.