USM Anywhere plugins are software components that provide logic specific to extracting data from raw logs produced by external devices, operating systems, and applications. A plugin enriches the collected data with security-specific metadata to produce an event managed by USM Anywhere.
Within the USM Anywhere environment, a plugin has a specific scope of functionality:
- Performs a singular function to translate raw log data into normalized eventsNormalization describes the translation of log file entries received from disparate types of monitored assets into the standardized framework of Event types and sub-types. for analysis by USM Anywhere
- Does not collect log data or perform threat analysis
- Serves only as the translation mechanism for the data after collection by the USM Anywhere Sensor or AlienVault Agent
Note: Plugins are different from AlienApps™. Plugins have a singular function to translate raw log data into normalized events for analysis by USM Anywhere, but AlienApps do much more, including collecting and enriching log data, performing threat analysis, and providing workflow that coordinates response actions with the infrastructure and third-party applications to provide security orchestration.