Documentation Center
AlienVault® USM Anywhere™

Requesting a New Plugin or an Update to an Existing Plugin

AlienVault builds or updates plugins at the request of customers for products and devices available to the general public. To take advantage of this, customers must have an active AlienVault Support and Maintenance contract.

This policy does not apply to plugins for custom software or devices.

For information on the plugins we deliver out of the box with USM Anywhere, see this list of plugins.

Before Submitting Your Request

The more information we receive from you, the faster we can build the plugin and the more accurate it will be.

A complete plugin request includes:

  • Product’s vendor, model, and version.
  • A description of the formatting of the product's logs. For more universal plugin application, choosing a standard event format such as the Common Event Format (CEF) is preferable, if it is available and suitable to your needs.

    You may also want to consider using the product's default log settings in defining which fields to log. However, if a product has a particular logging configuration that you want the plugin to support, you should include that in your request.

  • A description of how you use the product, including which events and which data inside those events provide the most relevance to your business.
  • Specific log samples or database dumps of relevant device events. For best results, exclude any extraneous noise from the log samples, while still retaining all the data needed to differentiate the various events you want to capture with a plugin.

    Important: When submitting log samples all Personal Identifiable Information (PII) such as Social Security number, credit card numbers, or medical information must be removed or obfuscated from the samples.

  • If you need information other than the date, source, destination, username, and protocol extracted from the logs, specify this in your request, and provide an example. This helps us test the plugin to make sure it can successfully extract that data.
  • Use case for the new plugin and the business value of the application or device to your organization. This information helps us assign a priority to your request.

Submit your request!




Name of the vendor that produces the data source for the plugin


Specify the name of the product that produces the data needed for the plugin


Specify the version of the product that produces the data for the plugin



e.g. IDS/IPS, Firewall, Operating System, AntiVirus, Proxy, IDM etc.


This needs to be explained in great detail, these examples are not all inclusive: Syslog, Database, SNMP, Flat File, OSSEC Agent. Note: Plugin development does not include DB query development or third party tool implementation that may be needed for log data extraction such as LogBinder.



Please make available sample logfile data for download. Note: 2MB of logs with the events you want processed can give more relevant information than 2GB of “noise” logs.