USM Anywhere enables you to use the AlienVault pluginsPlugins specify how to collect and normalize raw information from devices to create events that can then be analyzed to determine threats and vulnerabilities. to filter the agent-related eventsAny traffic or data exchange detected by AT&T Cybersecurity products through a sensor, or through external devices such as a firewall..
These Data Source Plugins are related to the AlienVault Agent:
- AlienVault Agent. This plugin parses the events from the agent, with the exception of Windows events.
- AlienVault Agent - Windows EventLog. This plugin parses Windows events re-sent through the Agent.
To search events using the filter related to the Agent
- Go to Activity > Events.
- Locate the Data Source Plugin section.
- Click one of them and the result of your search displays.