Documentation Center
AlienVault® USM Anywhere™

Configuring the AlienApp for Carbon Black

  Role Availability   Read-Only   Analyst   Manager

When the AlienApp for Carbon Black is enabled and connected to your Cb Response deployment, you can launch app actionsIn USM Anywhere you can execute an action from alarms, events, and vulnerabilities to run a scan, get forensic information, or execute a response for a configured AlienApp. and create orchestration rules to send data from USM Anywhere to Cb Response. For more information about the orchestration actions supported by the AlienApp for Carbon Black, see AlienApp for Carbon Black Orchestration.

Important: You do not need to complete this configuration if you are using the Cb Protection and/or Cb Defense products, but not the Cb Response product.

Note: To fully integrate USM Anywhere with your Carbon Black implementation, you should also have the Carbon Black log collection enabled so that USM Anywhere can retrieve and normalizeNormalization describes the translation of log file entries received from disparate types of monitored assets into the standardized framework of Event types and sub-types. raw log data from the Carbon Black applications. For information about enabling these plugins and raw log data retrieval, see Collecting Logs from Carbon Black.