USM Anywhere enables you to create and manage your own orchestration rules. Keep in mind that these rules verify whether they match with every new event Any traffic or data exchange detected by AT&T Cybersecurity products through a sensor or external devices such as a firewall. coming into the system.

USM Anywhere includes these orchestration rules:

• Suppression rules: See Suppression Rules from the Orchestration Rules Page
• Filtering rules: See Filtering Rules from the Orchestration Rules Page
• Alarm Alarms provide notification of an event or sequence of events that require attention or investigation. rules: See Alarm Rules from the Orchestration Rules Page
• Notification rules: See Notification Rules from the Orchestration Rules Page
• Response action rules: See Response Action Rules from the Orchestration Rules Page

You can also create orchestration rules from the details of an event or alarm. The functionality works the same way and the dialog box is similar when you are creating a rule either from a detail page of an event or alarm or from the settings page.

AlienApp™ Orchestration Rules

Some of the AlienApps AlienApps extend the threat detection and security orchestration capabilities of the USM Anywhere platform to other security tools that your IT team uses, providing a consolidated approach to threat detection and response. available in USM Anywhere enable you to automate and orchestrate response actions in third-party security tools, which simplifies and accelerates your threat detection and incident response Incident response is a business process or plan dictating how an organization handles security incidents such as a security breach or attack. processes. With a configured integration, these AlienApps include support for app actions in orchestration rules:

• The AlienApp for Carbon Black Endpoint Detection and Response (EDR)
• AlienApp for Cisco Umbrella
• AlienApp for Palo Alto Networks PAN-OS
• AlienApp for Jira
• AlienApp for ServiceNow