AlienVault® Training

Get expert instruction & hands-on practice with AlienVault Unified Security Management™

Launchpad for USM Anywhere™

GETTING STARTED: COURSE OVERVIEW

This self-paced course gives security engineers, analysts, and project team members an introduction to AlienVault® USM Anywhere™. Get an overview of product setup, configuration and functionality so that you can start using USM Anywhere immediately!

MODULE 1: INTRODUCTION TO USM ANYWHERE

Introduction & Objectives  2 MINUTES

This video introduces Module 1 and defines the learning objectives.

Threat Detection & Security Management  11 MINUTES

This video examines the threats that exist today, the challenges you face keeping your environment secure and how USM Anywhere can assist you through its 5 essential tools (Asset Discovery, Vulnerability Assessment, Intrusion Detection, Behavioral Monitoring, SIEM: Security Information and Event Management).

AlienVault Labs, OTX, & Threat Intelligence  7 MINUTES

This video introduces AlienVault Labs, our team of security researchers who work to keep up to date on the latest malware and attacker tools on the security landscape and provide AlienVault Threat Intelligence updates to USM Anywhere for targeted detection of the latest threats. We will also discuss the Open Threat Exchange® (OTX™), the world’s first open threat intelligence community, that enables collaborative defense with open access and collaborative research.

Monitoring All Your Environments  2 MINUTES

This video briefly introduces the USM Anywhere architecture and shows how your cloud based and on-site environments can be monitored from one central location, giving you a single pane of glass from which to view all your Assets.

Summary & Closing  1 MINUTE

This video provides links to resources that may be useful if you are new to security operations. We also review what we have learned in Module 1.

MODULE 2: SETTING UP USM ANYWHERE

Introduction & Objectives  2 MINUTES

This video introduces Module 2 and defines the learning objectives.

Sensor Overview  2 MINUTES

This video introduces the USM Anywhere Sensor. It describes the sensor's purpose and shows you the different sensor types available.

Preinstall Checklist  6 MINUTES

This video provides details to consider before starting the deployment of your first sensor to help everything run smoothly. We review a checklist that looks at networking, account, and system requirements.

Common Sensor Functionality  2 MINUTES

This video identifies the functionality that applies to all sensor types with one exception that we will highlight.

VMware Sensor  2 MINUTES

This video identifies the specifications and functionality that apply to the VMware ESXi sensor.

Microsoft Hyper-V Sensor  2 MINUTES

This video identifies the specifications and functionality that apply to the Microsoft HyperV sensor.

Amazon Web Services Sensor  3 MINUTES

This video identifies the specifications and functionality that apply to the Amazon Web Services sensor.

Microsoft Azure Sensor  2 MINUTES

This video identifies the specifications and functionality that apply to the Microsoft Azure sensor.

Initial Deployment Workflow  2 MINUTES

This video walks through overall workflow from a high level as it relates to setting up USM Anywhere for the first time.

AWS Sensor Deployment Demo  14 MINUTES

This video demonstrates the initial deployment and configuration of an AWS sensor. It also demonstrates the sensor activation through the web UI. If you want to learn more about AWS sensor deployment, comprehensive documentation can be found on the AWS Sensor Deployment page.

Azure Sensor Deployment Demo  9 MINUTES

This video demonstrates the initial deployment and configuration of an Azure sensor. It also demonstrates the sensor activation through the web UI. If you want to learn more about Azure sensor deployment, comprehensive documentation can be found on the Azure Sensor Deployment page

VMware Sensor Deployment Demo  5 MINUTES

This video demonstrates the initial deployment and configuration of a VMware sensor. It also demonstrates the sensor activation through the web UI. If you want to learn more about VMware sensor, comprehensive documentation can be found on the VMware Sensor Deployment page

Hyper-V Sensor Deployment Demo  6 MINUTES

This video demonstrates the initial deployment and configuration of a Hyper-V sensor. It also demonstrates the sensor activation through the web UI. If you want to learn more about Hyper-V sensor deployment, comprehensive documentation can be found on the Hyper-V Sensor Deployment page

Sensor Setup Wizard  4 MINUTES

This video demonstration walks through the VMware Sensor setup wizard, highlighting the purpose of each screen.

Connecting Additional Sensors  4 MINUTES

This video demonstrates the connection of an additional sensor to USM Anywhere. We will see how additional authentication codes are generated on the USM Anywhere web UI.

Summary & Next Steps  1 MINUTES

This video reviews what we have learned in Module 2.

MODULE 3: A TOUR OF USM ANYWHERE

A Tour of USM Anywhere - Demo  10 MINUTES

In this video we hear from Garrett Gross, our Director of Field Enablement at AlienVault. He will take you through some of the benefits and additional value USM Anywhere has to offer, focused on how you or your team might leverage USM Anywhere on a day-to-day basis.

Module 4: AN INTRODUCTION TO SENSOR APPS AND ALIENAPPS™

Sensor Apps and AlienApps  27 MINUTES

This video introduces you to Sensor Apps and AlienApps™ in USM Anywhere. We define the differences between the two app types, showing the actions that can be leveraged and how these actions can be invoked through use cases for each type. Finally, we provide a demonstration of the Sensor Apps and AlienApps™ UI.

Appendix: AlienApp™ Video Series

Introduction and Overview   2 MINUTES

This video introduces you to the series on USM Anywhere’s AlienApps. AlienApps provide integrations with third-party security and productivity tools to extend your security orchestration capabilities. If you want to learn more, comprehensive AlienApp documentation can be found on the   AlienApps™ Guide page.

Cisco Umbrella AlienApp   10 MINUTES

This video introduces you to the Cisco Umbrella AlienApp and details how it integrates with Cisco Umbrella to provide both detection and response capabilities. If you want to learn more, comprehensive Cisco Umbrella AlienApp documentation can be found on the AlienApp for Cisco Umbrella page.

Jira AlienApp   6 MINUTES

This video introduces you to the Jira AlienApp and details how it integrates with Jira Service Desk and Jira Software to allow you to create and track tickets direcly from USM Anywhere. If you want to learn more, comprehensive Jira AlienApp documentation can be found on the AlienApp for Jira page

G Suite AlienApp   5 MINUTES

This video introduces you to the G Suite AlienApp and details how it integrates with G Suite to allow you to monitor user access, privilage escalation, file access and actions from USM Anywhere. If you want to learn more, comprehensive G Suite AlienApp documentation can be found on the AlienApp for G Suite page.

Office 365 AlienApp   8 MINUTES

This video introduces you to the Office 365 AlienApp and details how it integrates with Office 365 to allow you to monitor user access, privilege escalation, Exchange mailbox activity and the presence of potential ransomware on OneDrive and SharePoint. If you want to learn more, comprehensive Office 365 AlienApp documentation can be found on the AlienApp for Office 365 page.

Appendix: Endpoint Detection & Response (EDR)

Endpoint Detection & Response (EDR)  14 MINUTES 54 SECONDS

This video introduces you to the AlienVault Agent. The AlienVault Agent extends the Endpoint Threat Detection and Response (EDR) capabilities of AlienVault® USM Anywhere™. It includes host-based threat detection, file integrity monitoring, Windows log collection and response actions, all without a sensor. Each agent will talk directly to AlienVault® USM Anywhere™. This makes the agent particularly useful for monitoring remote assets.

Appendix: CONNECTWISE MANAGE INTEGRATION

NOTE: This module only applies to customers who have purchased USM Anywhere ConnectWise Edition directly from ConnectWise.

Overview of ConnectWise Manage Integration  5 MINUTES

This video introduces the ConnectWise AlienApp™ providing details on the functionality it offers when integrated with ConnectWise Manage. It also provides a summary of the configuration requirements to be aware of for a smooth integration.

Preparing ConnectWise Manage for Integration  4 MINUTES

This video demonstration identifies the required information you will need to gather from ConnectWise Manage to configure the ConnectWise AlienApp™. This will include the creation of the Public / Private API Key pair.

Configuring the ConnectWise AlienApp™  7 MINUTES

This video demonstration walks through the configuration of the ConnectWise AlienApp™. It will examine the ConnectWise AlienApp structure and the scheduled jobs created to synchronize Assets, Alarms, and Vulnerabilities with ConnectWise Manage. Finally, it identifies how to confirm that information is flowing to ConnectWise Manage.

Reviewing the Integration Functionality  4 MINUTES

This video demonstrates how to access the USM Anywhere Web UI directly from ConnectWise Manage. It will also identify Alarms and Vulnerabilities in USM Anywhere and correlate them to the Service Tickets created in ConnectWise Manage.

Launchpad for USM Appliance

GETTING STARTED: COURSE OVERVIEW

This self-paced course gives security engineers, analysts, and project team members an orientation to AlienVault® USM Appliance™. It is designed to accelerate your awareness of the full range of features in the USM platform, making you more effective on day one.

Course Overview  4 MINUTES

This video provides and overview of the AlienVault USM Appliance Launchpad course including learning objectives, target audience, and requirements.

MODULE 1: USM APPLIANCE OVERVIEW

USM Appliance Overview  13 MINUTES

This video introduces AlienVault Unified Security Management® (USM) and describes in detail the five essential tools: Asset Discovery, Vulnerability Assessment, Intrusion Detection, Behavioral Monitoring, SIEM: Security Information and Event Management.

USM Appliance Architecture  9 MINUTES

This video describes USM Appliance architecture, emphasizing the function of the Sensor, Server, and Logger, and details how information flows between these components.

Open Threat Exchange® (OTX™) & AlienVault Labs  6 MINUTES

This video introduces AlienVault Labs, our team of security researchers who work to keep up to date on the latest malware and attacker tools on the security landscape and provide AlienVault Threat Intelligence updates to USM Appliance for targeted detection of the latest threats. We will also discuss the Open Threat Exchange® (OTX™), the world’s first open threat intelligence community, which enables collaborative defense with open access and collaborative research.

MODULE 2: VERIFYING OPERATIONS

User Interface  13 MINUTES

This video describes the USM Appliance UI in detail, going through the primary, secondary, and utility menus.

User Interface Demo  7 MINUTES

This video demonstrates the USM Appliance UI, going through a variety of the primary, secondary, and utility menus.

Verifying Operations  6 MINUTES

This video shows how to verify that USM Appliance is configured correctly to receive and process data so you are alerted to threats in your environment.

Verifying Operations Demo  14 MINUTES

This video demonstration will show how to validate that events, alarms, and raw logs are flowing and being displayed correctly.

MODULE 3: ASSET MANAGEMENT

Asset Overview  11 MINUTES

This video introduces Assets as they apply to USM Appliance. We go into detail on how Assets are presented in the web UI, including all associated functionality.

Asset Management  20 MINUTES

This video reviews how to manage Assets and their details in USM Appliance. We also introduce the concept of Asset Values and explain their importance.

Adding Assets  13 MINUTES

This video explains all the methods for adding Assets into USM Appliance. We will review adding Assets manually, importing from a CSV file, importing from SIEM Events, and importing through Asset Discovery Scans.

Adding and Managing Assets Demo  20 MINUTES

This video demonstrates how Assets can be added into USM Appliance. We will then see how the newly added Asset can be managed.

Asset Organization Demo  18 MINUTES

This video demonstrates how Assets can be organized in USM Appliance. This is achieved through the use of Asset Groups, Networks, Network Groups, and Asset Labels.

MODULE 4: POLICIES

Introduction to Policies  17 MINUTES

This video explains the flow of Events in the USM Appliance Server as it applies to Policies and Correlation Directives. We will look at the components that make up a Policy Rule and the considerations around creating Policies.

Policy Demo - Primary Events  28 MINUTES

This video demonstrates how Policies can be created for Events that are received by USM Appliance as HIDS or NIDS information. It will show all the criteria involved as well as the actions that can be triggered by the Policy.

Policy Demo - Directive Events  12 MINUTES

This video demonstrates how Directive Events can be created under Policies, and outlines the differences from Primary Events.

MODULE 5: SECURITY ANALYSIS

Introduction to Security Analysis  14 MINUTES

This video introduces the USM Appliance security analysis process. It also reviews the Alarm remediation process to help you validate an Alarm, put measures in place to address the issue, and plan to implement solutions so security incidents can be avoided in the future.

Security Analysis - Dashboards and Ticketing Demo  24 MINUTES

This video demonstrates how you can begin with security analysis in USM Appliance, highlighting how to leverage the dashboards and the ticketing system to aid you in the process of accessing the health of your environment.

Security Analysis - Investigating Alarms Demo  36 MINUTES

This video demonstrates how to investigate Alarms in USM Appliance. It looks at Alarm priority, the Events that triggered the Alarm, and their underlying logs.

Vulnerabilities, Reporting and Raw Logs Demo  22 MINUTES

This video examines the Asset Vulnerability information that can be discovered in USM Appliance. It also examines the reporting capabilities available, as well as detailing how to query and export raw logs.

Launchpad for AlienVault® USM Central™

Getting Started: Course Overview

This self-paced course gives Managed Security Service Providers (MSSPs), Managed Service Providers (MSPs), and enterprise customers an orientation to AlienVault® USM Central™. It is designed to introduce you to the USM Central platform and show you how you can connect existing AlienVault USM Anywhere™ and AlienVault USM Appliance™ deployments. You will also see how USM Central collects and centralizes alarm details to deliver a consolidated view into threats that have been identified, so you can respond quickly and effectively.

Course Overview and Objectives  2 MINUTES

This video provides an overview of the USM Central Launchpad course including learning objectives, target audience, and requirements.

Module 1: Introduction to USM Central

Introduction to USM Central  6 MINUTES

This video introduces you to USM Central and reviews its capabilities. It includes a recorded demonstration of USM Central and an orientation of the web UI.

MODULE 2: Adding USM Anywhere to USM Central

Adding USM Anywhere to USM Central  7 MINUTES

This video describes how an existing USM Anywhere deployment is connected to USM Central. It includes a recorded demonstration of the steps involved in configuring the connection, and shows how the USM Anywhere information is represented.

MODULE 3: Adding USM Appliance to USM Central

Adding USM Appliance to USM Central  5 MINUTES

This video describes how an existing USM Appliance deployment is connected to USM Central. It includes a recorded demonstration of the steps involved in configuring the connection, and shows how the USM Appliance information is represented.

Module 4: Role-Based Access Controls

Role-Based Access Controls  4 MINUTES

This video describes how USM Central implements role-based access control. This video includes a recorded demonstration of the steps involved in configuring Role-Based Access Control within USM Central.

Module 5: Orchestration Rules Management

Orchestration Rules Management  9 MINUTES

This video describes how USM Central manages and shares orchestration rules between connected USM Anywhere deployments. This video includes a recorded demonstration of the steps involved in configuring, creating, filtering, disabling/enabling, and sharing rules within USM Central.

Module 6: Application Programming Interface (API) Framework

USM Central API Overview  4 MINUTES

This video introduces you to the USM Central API and describes how to authenticate and make requests to obtain information about alarms in USM Central. If you want to learn more, comprehensive documentation can be found on the USM Central API page.

USM Central API Authentication Demo  8 MINUTES

This video demonstrates how to obtain a Client ID and Secret from USM Central. We then show you how these credentials can be used to authenticate against OAuth 2.0 to obtain an access token which enables you to make requests against the USM Central API. If you want to learn more, comprehensive documentation can be found on the USM Central API page.

USM Central API Request Demo  11 MINUTES

This video demonstrates how to use the bearer token obtained in the previous demo to make request for alarm information against the USM Central API. We look at the request structure and identify how it can be modified to obtain specific information. If you want to learn more, comprehensive documentation can be found on the USM Central API page.

Tell Us What You Think!

We value your feedback and would love to know your thoughts on our Launchpad for USM  We would greatly appreciate you taking a few moments to complete our survey!

take the survey now