USM Anywhere enables you to respond to the
- Scan (unauthenticated): You can launch an unauthenticated scan of an assetAn IP-addressable host, including but not limited to network devices, virtual servers, and physical servers.. See Running Asset Scans for more information.
- Get ForensicsProcess and method of investigation, including the collection, recording, and analysis of events to discover the source of network attacks and other potentially malicious or harmful activities. Information: This option enables you to run pre-defined Linux and Windows scripts to get more info from the system. These scripts are already defined in USM Anywhere. The Basic, Moderate, and Full Forensic Info options get elemental, limited, and complete forensic information from assets. Keep in mind that the Full Forensic Info option will take more time for including all options. See Scheduling a Forensics and Response Job for more information.
- Report Domain: See Launching a Cisco Umbrella Action from an Alarm or Event for more information.
- Agent Query: You can run an agent query in response to any
event . See Running Queries from the Details View of an Event for more information.