Documentation Center
AlienVault® USM Anywhere™

Collecting Your Historical Breach Events

  Role Availability   Read-Only   Analyst   Manager

Upon configuration of the AlienApp for Dark Web Monitoring, the AlienApp for Dark Web Monitoring scheduled job collects new records every 24 hours for all validated watchlist items. The AlienApp for Dark Web Monitoring also supports a manual action that you can use to collect all historical records for your watchlist items.

Important: If you run this action after the automated collection job has already collected SpyCloud database records or if you have run this action before, it will result in duplicate events and alarms within USM Anywhere.

To collect the historical breach records

  1. In USM Anywhere, go to DATA SOURCES > INTEGRATIONS.
  2. Click the AlienApps tab.

    Access the AlienApps page

  3. On the AlienApps page, click the Dark Web Monitoring tile.

    Click the Dark Web Monitoring tile

  4. If needed, select the sensor where the AlienApp is enabled and configured.
  5. Select the Actions tab.
  6. Click Run to execute the action.

    Run the action to collect historical breach records

  7. In the Select Action dialog, click Run.

    Click Run to execute the AlienApp for Dark Web Monitoring app action