Documentation Center
AlienVault® USM Anywhere™

Launching a Palo Alto Networks Action from an Alarm or Event

  Role Availability   Read-Only   Analyst   Manager

When you review the information in the Alarm Details or Event Details, you can easily launch an action to send a tag request to the Palo Alto Networks PAN-OS API. If you want to apply an actionIn USM Anywhere you can execute an action from alarms, events, and vulnerabilities to run a scan, get forensic information, or execute a response for a configured AlienApp. to similar events that occur in the future, you can also create an orchestration rule directly from an action applied to an alarmAlarms provide notification of an event or sequence of events that require attention or investigation. or eventAny traffic or data exchange detected by AlienVault products through a Sensor, or through external devices such as a firewall..

To launch a Palo Alto Networks orchestration action for an alarm

  1. Navigate to ACTIVITY > ALARMS or ACTIVITY > EVENTS.
  2. Click the alarm or event to open the details.
  3. Click Select Action.

    Click Select Action in the alarm details

  4. In the Select Action dialog, select the Palo Alto tile.

    Select the Palo Alto Networks response action

  5. For the App Action, select the action you want to launch.

    You can launch an action to tag the alarm destination host or source host.

  6. Enter the Palo Alto Networks Tag Name that you want to apply to the host.

    Set options to launch the Palo Alto Networks response action

  7. Click Run.

    After USM Anywhere initiates the action, it displays a confirmation dialog.

    You can create a rule to launch a Palo Alto response action for similar alarms

    If you want to create a rule to apply the action to similar items that occur in the future, click Create rule for similar alarms or Create rule for similar eventsand define the new rule. If not, click OK.