AlienVault® USM Anywhere™

Collecting Your Historical Breach Events

Role Availability Read-Only Analyst   Manager

Upon configuration of the AlienApp for SpyCloud Dark Web Monitoring, the AlienApp for SpyCloud Dark Web Monitoring scheduled job collects new records every 24 hours for all validated watchlist items. The AlienApp for SpyCloud Dark Web Monitoring also supports a manual action that you can use to collect all historical records for your watchlist items.

Important: If you run this action after the automated collection job has already collected SpyCloud database records or if you have run this action before, it will result in duplicate events and alarms within USM Anywhere.

To collect the historical breach records

  1. In USM Anywhere, go to Data Sources > Integrations.
  2. Click the AlienApps tab.

    Access the AlienApps page

  3. On the AlienApps page, click the Dark Web Monitoring tile.

    Click the Dark Web Monitoring tile

  4. If needed, select the sensor where the AlienApp is enabled and configured.
  5. Click the Actions tab.
  6. Click Run to execute the action.

    Run the action to collect historical breach records

  7. In the Select Action dialog box, click Run.

    Click Run to execute the AlienApp for SpyCloud Dark Web Monitoring app action