AlienVault® USM Anywhere™

Managing AlienVault Agent Profiles

Role Availability Read-Only Analyst Manager

USM Anywhere includes out-of-the-box Agent configuration profiles to manage the queries that it runs for an assetAn IP-addressable host, including but not limited to network devices, virtual servers, and physical servers. associated with a deployed Agent. For each configuration profile, you can view the list of queries, a description of the collected logs, and the query frequency. Depending on your needs, you can change the default configuration profile so that you collect the log data and generate the eventsAny traffic or data exchange detected by AT&T Cybersecurity products through a sensor, or through external devices such as a firewall. for the newly deployed agents.

Agent Configuration Profiles

If you want to specify the profile for some assets, you can set the profile at the asset level. For more information about changing the profile setting at the asset level, see Assigning AlienVault Agent Configuration Profiles.

USM Anywhere provides two configuration profiles for each of the Agent deployment types: optimized and full. There are both preferable and less-than-preferable data security and data consumption reasons for choosing either configuration profile. Use the following information to help you determine which configuration profile works best for your setup.

Once an agent is installed, you can see a list of all the events collected by the agent with the agent script's config command. See The Agent Command Script for more information on the agent command script.

Further Profile Information

To view detailed information about the agent configuration profiles and change the defaults, go to Data Sources > Agents and click the Configuration Profiles tab.

In the Configuration Profiles view , you can click the individual profile name to display detailed information about the queries and the collected log information included for a profile. If you are looking for a specific type of log information, enter text in the search box and click the Search icon () to filter the query list. If you want to see the specific file paths included in the profile's file integrity monitoring (FIM), click the File Integrity tab to display these paths by category.