Documentation Center
AlienVault® USM Anywhere™

Enforcement System Functions

Use the enforcement functions to mitigate an incident or contain a threat, such as malware, on a remote Windows system. You can trigger actions that execute these functions directly from an eventAny traffic or data exchange detected by AlienVault products through a Sensor, or through external devices such as a firewall. or alarmAlarms provide notification of an event or sequence of events that require attention or investigation., and easily create a rule to execute the function for similar events or alarms that occur in the future. You can also create a scheduled job to execute one or more functions for a specific asset, such as performing a system restart at the same time each day.

Important: These functions are supported only for Windows hosts in your USM Anywhere asset inventory.

Target assets must have assigned credentials that are suitable for system-level access to the host. For more information, see AlienApp for Forensics and Response Requirements.