AlienVault® USM Anywhere™

Deployment Requirements

USM Anywhere has the following general deployment requirements.

Sensor Ports and Connectivity

Before you deploy a USM Anywhere Sensor, you must configure your firewallVirtual or physical device designed to defend against unauthorized access to data, resources, or a private network. A firewall’s primary purpose is to create segregation between two or more network resources, blocking undesirable traffic between them. permissions to enable the required connectivity for the new Sensor. Initial deployment of a Sensor requires that you open egress and outbound ports and protocols in the firewall for communication with USM Anywhere and AT&T Cybersecurity Secure Cloud resources. The Sensor receives no inbound connections from outside the firewall.

For USM Anywhere Sensor deployment in the Google Cloud Platform (GCP), the Cloud Deployment Manager template automatically creates the firewall rules needed for network connectivity between the instances within the virtual private Cloud (VPC).

Note: The required firewall rules are outlined below.

Note: To launch the USM Anywhere Sensor web user interface (UI) during the initial setup, you need to allow inbound traffic to the Sensor IP address through TCP port 80. You can remove access to this port after the Sensor successfully connects to USM Anywhere. You do not need to allow inbound traffic to this port from the Internet.

Type Ports Inbound/Outbound Endpoints Purpose
TCP 443 Outbound Communication with AT&T Cybersecurity for initial setup and future updates of the Sensor
TCP 443 Outbound Ongoing communication with Open Threat Exchange® (OTX)
TCP 443 Outbound your USM Anywhere subdomain
Ongoing communication with USM Anywhere
TCP 9443 Outbound vCenter Server Authenticate Sensor to VMware ESXi
SSL / TCP 7100 Outbound/Inbound your USM Anywhere subdomain
Ongoingand Incoming communication with USM Anywhere
UDP 53 Outbound DNS Servers (Google Default) Ongoing communication with USM Anywhere
UDP 123 Outbound

Synch with network time protocol (NTP) services in the AT&T Cybersecurity Secure Cloud
UDP 123 Outbound

Synch with network time protocol (NTP) services in the AT&T Cybersecurity Secure Cloud
TCP 22 and 443 Outbound

SSHProgram to securely log into another computer over a network, to execute commands in a remote machine, and to move files from one machine to another through Secure Copy (SCP). communications with the USM Anywhere Remote Support server.

See Troubleshooting and Remote Sensor Support for more information about remote technical support through the USM Anywhere Sensor console.

Important: A USM Anywhere Sensor deployed in Amazon Web Services (AWS) might require outbound access to specific AWS resources, based on the sensor app in use. For example, the AWS sensor app must have the ability to connect to the AWS API (port 443). However, the actual API endpoint might be different depending on the service (such as Amazon S3 or CloudWatch).

USM Anywhere normally gives systems explicit access to the AWS API.

USM Anywhere cannot deploy the AWS sensor in an AWS GovCloud region.

Supported Web Browsers

USM Anywhere works best in the latest version back of the following web browsers:

  • Mozilla Firefox
  • Google Chrome

Sensor-Specific Requirements

Each USM Anywhere Sensor has unique requirements. See the following topics for detailed information about these sensor-specific requirements:

Related Video Content

To view other related training videos, click here.