USM Anywhere includes a set of predefined templates based on the classification of eventAny traffic or data exchange detected by AT&T Cybersecurity products through a sensor, or through external devices such as a firewall. data source types and based on data sources.
You can find these templates on Reports > Event Type Templates.
Note: For more information about pluginsPlugins specify how to collect and normalize raw information from devices to create events that can then be analyzed to determine threats and vulnerabilities., see the Plugin Management page.
There are these types of templates:
- Type of Data Source. Event Type Templates allow you to easily run a general firewallVirtual or physical device designed to defend against unauthorized access to data, resources, or a private network. A firewall’s primary purpose is to create segregation between two or more network resources, blocking undesirable traffic between them., authentication, and other types of normalized queries that do not require you to build complex filters based on specific plugin or event types. USM Anywhere supports these reports: Anomaly Detection, Antivirus, ApplicationA software program that performs some collection of tasks on a computer or some other programmable device., Application Firewall, AuthenticationProcess used to verify the identity of a user, user device, or other entity, usually through a username and password., Authentication and DHCPNetwork protocol used to dynamically distribute network configuration parameters, such as IP addresses, for interfaces and services., CloudThe use of many computers connected over a network to run multiple programs or applications at the same time, instead of running them on a local device or network. Application, Cloud Infrastructure, DNS Server, Data Protection, Database, Endpoint Protection, Endpoint Security, Firewall, IDSNetwork device or program that monitors network traffic and logs and reports suspicious network activity indicative of an intrusion., Infrastructure MonitoringProcess of collecting all device status and event information and processing normalized events for evidence of vulnerabilities, possible attacks, and other malicious activity., Intrusion DetectionSecurity system capability that attempts to detect actions that may compromise the confidentiality, integrity, or availability of a resource., Intrusion Prevention, Load Balancer, Mail Security, Mail Server, Management Platform, Network Access Control, Operating SystemSoftware that manages computer hardware resources and provides common services for computer programs. Examples include Microsoft Windows, Macintosh OS X, UNIX, and Linux., Other Devices, Proxy, Router, Router/Switch, Server, Switch, Unified Threat Management, VPN, Web Server, Wireless Security/Management.
- Data Sources. You can find templates based on the most commonly used data sources including NIDSNetwork Intrusion Dectection System (NIDS) monitors network traffic and events for suspicious or malicious activity using the sensors that provide management and network monitoring interfaces to networks and network devices., AWSSuite of cloud computing services from Amazon that make up an on-demand computing platform., Amazon DynamoDB, Amazon S3, AWS VPC Flow Logs, AWS Load Balancers, AzureMicrosoft Azure is a cloud computing platform and infrastructure created by Microsoft for building, deploying, and managing applications and services through a global network of Microsoft-managed data centers., Cisco Umbrella, Cylance, FireEye, Fortigate, G Suite, McAfee ePO, Office 365, Okta, Palo Alto, SonicWall, Sophos UTM, Watchguard, VMware, Windows, AlienVault Agent. There is also a template for the AlienVault Generic Plugin.