Documentation Center
AlienVault® USM Anywhere™

Managing AlienVault Agent Profiles

  Role Availability   Read-Only   Analyst   Manager

USM Anywhere includes out-of-the-box agent configuration profiles to manage the queries that it runs for an assetAn IP-addressable host, including but not limited to network devices, virtual servers, and physical servers. associated with a deployed AlienVault Agent. For each profile, you can view the list of queries, along with a description of the collected logs and the query frequency. Depending on your needs, you can change the default profile so that you will be collecting the log data and generating the eventsAny traffic or data exchange detected by AlienVault products through a Sensor, or through external devices such as a firewall. that you need for newly deployed agents.

If you want to specify the profile for some assets, you can set the profile at the asset level. For more information about changing the profile setting at the asset level, see Assigning AlienVault Agent Configuration Profiles.

USM Anywhere provides two configuration profiles for each of the AlienVault Agent deployment types.

To view detailed information about the agent configuration profiles and change the defaults, navigate to DATA SOURCES > AGENTS and click the Configuration Profiles tab.

Select the Configuration Profiles tab to manage the agent profiles

To display detailed information about the queries and the collected log information included for a profile, click the profile name. If you are looking for a specific type of log information, enter text in the search box and click the Search icon () to filter the query list.

Use the Search box to filter the queries list

If you want to see the specific file paths included in the profile's file integrity monitoring (FIM), click the File Integrity tab to display these paths by category.

Review the list of file paths included in the profile FIM